System Access Control Based On User Identification By Cryptography Patents (Class 713/182)
  • Patent number: 9870464
    Abstract: Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request from a requestor for the potentially compromised authentication information. In an embodiment, the subset of the potentially compromised authentication information may be provided to the requestor.
    Type: Grant
    Filed: November 15, 2016
    Date of Patent: January 16, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: David James Kane-Parry, Darren Ernest Canavor, Jesper Mikael Johansson
  • Patent number: 9866545
    Abstract: Provided is a process including: receiving, with an intermediary server, a request to access web content at a web server; submitting, from the intermediary server a value by which possession of an access credential is demonstrated, wherein the value is withheld from the client web browser; receiving, by the intermediary web browser, instructions to store in web browser memory an access token; and sending, from the intermediary server, to the client web browser executing on the client computing device, instructions to store the access token in browser memory of the client web browser, thereby authenticating the client web browser without the client web browser having access to the value by which possession of the access credential is demonstrated.
    Type: Grant
    Filed: August 11, 2017
    Date of Patent: January 9, 2018
    Assignee: ALTR Solutions, Inc.
    Inventor: James Douglas Beecham
  • Patent number: 9858631
    Abstract: A subscription-based personal medical information storage device comprises a data storage unit comprising a computer readable storage medium configured to store medical and non-medical information of a user, and facilitate the retrieval of medical and non-medical information of the user from a remote medical information storage device. The data storage unit is configured to automatically run an authentication routine upon connection with the general purpose computing device to confirm that the personal medical information storage device is neither lost nor stolen before granting access thereto. A communication module is configured to facilitate a communication connection with the remote medical information storage device, and wherein the remote medical information storage device comprises an advertisement module.
    Type: Grant
    Filed: October 25, 2012
    Date of Patent: January 2, 2018
    Assignee: Intelligent ID Solutions, LLC
    Inventors: Jason E. Farr, John G Coram, Greg T Meyers
  • Patent number: 9860059
    Abstract: A method and system for use in distributing token records is disclosed. At least one token record comprises a unique seed associated with a one-time password (OTP) token. An encryption key and a corresponding decryption key are generated for assisting selective encryption and decryption of a token record associated with a OTP token. The encryption key and the decryption key being unique to an end user of the token record. The token record is encrypted with the assistance of the encryption key. One of the decryption key and the encrypted token record is provided to the end user of the token record. The other of the decryption key and the encrypted token record is provided to the end user in response to secure receipt of the one of the decryption key and the encrypted token record by the end user. The encrypted token record can be decrypted with the assistance of the decryption key.
    Type: Grant
    Filed: December 23, 2011
    Date of Patent: January 2, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Christopher Duane, Robert S. Philpott, William Duane, Gareth Richards
  • Patent number: 9854529
    Abstract: In one example, a wearable device includes one or more processors, a plurality of communication components, one or more motion sensors configured to detect motion of the wearable device and generate, based on the detected motion, motion data, and a storage device configured to store at least one module. The at least one module may be operable by the one or more processors to: responsive to determining that the wearable device is not connected to the computing device using the first communication technology, determine, based on the motion data, whether the wearable device is currently being worn, and responsive to determining that the wearable device is currently being worn, establish the wireless connection to the computing device using the second communication component.
    Type: Grant
    Filed: December 3, 2015
    Date of Patent: December 26, 2017
    Assignee: Google LLC
    Inventors: Peter Wilhelm Ludwig, Jiahu Deng
  • Patent number: 9853979
    Abstract: Policy changes are propagated to access control devices of a distributed system. The policy changes are given immediate effect without having to wait for the changes to propagate through the system. A token encodes the policy change and can be provided in connection with access requests. Before an access control device has received a propagated policy change, the access control device can evaluate a token provided in connection with a request to determine, consistent with the policy change, whether to fulfill the request.
    Type: Grant
    Filed: March 11, 2013
    Date of Patent: December 26, 2017
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Gregory Branchek Roth, Matthew James Wren
  • Patent number: 9853947
    Abstract: Embodiments of the present disclosure help protect network devices from unauthorized access. Among other things, embodiments of the disclosure allow full access to application servers and other network devices that a client is allowed to access, while preventing all access (or even knowledge) of network devices the client is not allowed to access.
    Type: Grant
    Filed: August 17, 2015
    Date of Patent: December 26, 2017
    Assignee: CRYPTZONE NORTH AMERICA, INC.
    Inventors: Kurt Glazemakers, Malcolm Hamilton, Gokhan Berberoglu
  • Patent number: 9853815
    Abstract: A password verifying method includes the following steps: providing a plurality of interactive regions in which several known password characters are arranged and shown randomly, at least one interactive region containing at least two characters; accepting selection of one of said plurality of interactive regions by a user, and after selection of one of the interactive regions by the user, randomly re-distributing said several known password characters into said interactive regions for subsequent selection by the user; and comparing characters contained in a predefined password sequence with characters contained in the interactive regions selected by the user, and outputting a signal representing a successful password verification when each character contained in the password sequence is identical to corresponding ones of the characters shown in respective ones of the interactive regions selected by the user.
    Type: Grant
    Filed: April 21, 2015
    Date of Patent: December 26, 2017
    Assignees: Smart Electronic Industrial (Dong Guan) Co., Ltd.
    Inventor: Lee Zheng
  • Patent number: 9847881
    Abstract: An audio/video content management apparatus, for use with an external hard drive, includes a control circuit that performs a trust token generation operation. The trust token generation operation includes obtaining first identification information and hard drive identification information, encrypting and combining the first identification information and the hard drive identification information as a trust token, and sending the trust token to the external hard drive. The control circuit also performs a trust token validation operation including obtaining the first identification information, the hard drive identification information, and the trust token from the external hard drive.
    Type: Grant
    Filed: September 16, 2015
    Date of Patent: December 19, 2017
    Assignee: ARRIS Enterprises LLC
    Inventors: Mahadevan Venkatesh Prabu, Belmannu Harekrishna Acharya
  • Patent number: 9848331
    Abstract: An approach for improving mobile device security is provided. The approach configures a passcode for accessing a mobile device, wherein configuring the passcode includes incorporating one or more hardware buttons into the passcode, such that the one or more hardware buttons are relevant when entering the passcode to gain entry to the mobile device. The approach receives a passcode attempt on the mobile device, wherein the passcode attempt includes a combination of one or more touch screen buttons and at least one of the one or more hardware buttons. The approach determines whether the passcode attempt matches the passcode. Responsive to a determination that the passcode attempt does not match the passcode, the approach denies access to the mobile device.
    Type: Grant
    Filed: November 20, 2015
    Date of Patent: December 19, 2017
    Assignee: International Business Machines Corporation
    Inventors: Darryl M. Adderly, Prasad Kashyap, Brian J. Murray, Wenjian Qiao
  • Patent number: 9846786
    Abstract: Methods, systems, and products create anonymous loan documents. Electronic loan documents are prepared for a borrower of a loan. An anonymous shadow copy of the electronic loan documents is generated that removes personally identifying information, such as names, addresses, and social security numbers. The anonymous shadow copy of the electronic loan documents may then be electronically published.
    Type: Grant
    Filed: July 5, 2015
    Date of Patent: December 19, 2017
    Assignee: ReverseVision, Inc.
    Inventor: Thomas M. Martignoni
  • Patent number: 9843588
    Abstract: The present disclosure includes a system, method, and article of manufacture for lossless compression of data and high speed manipulation of the data. The method may comprise associating a customer with a plurality of levels, and counting, in near real time, a number of transactions at each level in the plurality of levels based on a transaction history of the customer at each of a plurality of merchants. The method may further comprise counting the number of transactions during a time period. Similarly, the method may comprise determining an opportunity comprising an offer based upon the counting, determining an opportunity based upon a count indicating a transaction by the customer with a merchant, and/or determining an opportunity with a first merchant based upon a count indicating a transaction by the customer with a second merchant.
    Type: Grant
    Filed: December 12, 2014
    Date of Patent: December 12, 2017
    Assignee: III Holdings 1, LLC
    Inventors: Richard A. Evans, Glen E. Graf, Joseph Lesko, John G. McDonald, Christina L. Richards
  • Patent number: 9836739
    Abstract: Apparatuses and methods for changing a financial account after initiating a payment using a proxy object, such as a proxy card, are disclosed. The proxy card is associated with multiple financial accounts, such as accounts associated with credit cards, debit cards, and pre-paid gift cards. A consumer presents the proxy card to a merchant to make a payment, and the merchant swipes the proxy card and processes the payment by sending transaction information to a financial system. A computer system associated with the financial system selects a payment account associated with the proxy card to use for the payment, and an authorization for the transaction is obtained. Later, the consumer is given a limited time within which he may change the financial account used for the payment, such as by using his mobile device to select a different account associated with the proxy card to use to obtain funds for the payment.
    Type: Grant
    Filed: February 19, 2014
    Date of Patent: December 5, 2017
    Assignee: SQUARE, INC.
    Inventors: Andrew Borovsky, Paul Aaron
  • Patent number: 9838205
    Abstract: In a network authentication method, a client device stores a reference first private key portion obtained by encrypting a first private key portion of a private key. The private key and a public key cooperatively constitute an a symmetric key pair. After receipt of a second private key portion of the private key, the client device generates a digital signature for transaction data using a current key which combines the second private key portion and a current key portion obtained by decrypting the reference first private key portion. A verification server verifies, based on the public key, whether a received digital signature is signed with the private key, and obtains the transaction data when verification result is affirmative.
    Type: Grant
    Filed: November 6, 2015
    Date of Patent: December 5, 2017
    Assignee: KEYPASCO AB
    Inventor: Magnus Lundström
  • Patent number: 9819491
    Abstract: Embodiments of the present disclosure include systems and methods for secure release of secret information over a network. The server can be configured to receive a request from a client to access the deposit of secret information, send an authorization request to at least one designated trustee in the set of designated trustees for the deposit of secret information, receive responses over the network from one or more of the designated trustees in the set of designated trustees and apply a trustee policy to the responses from the one or more designated trustees in the set of trustees to determine if the request is authorized. If the request is authorized, the server can send the secret information to the client. If the request is not authorized, the server denies access by the client to the secret information.
    Type: Grant
    Filed: May 9, 2016
    Date of Patent: November 14, 2017
    Assignee: Cloudera, Inc.
    Inventors: Dustin C. Kirkland, Eduardo Garcia
  • Patent number: 9817641
    Abstract: A method, system, and medium are provided for facilitating development of an application by a user for a mobile communications device. A portion of programmatic code provided by the user is retrieved and a classification corresponding to the code is determined. A set of rules comprising a use restriction associated with a protected application component is referenced to determine whether the code classification corresponds to a use restriction. Incident to identifying an associated use restriction, feedback is presented to the user that indicates that the portion of code corresponds to a use restriction.
    Type: Grant
    Filed: June 8, 2015
    Date of Patent: November 14, 2017
    Assignee: Sprint Communications Company L.P.
    Inventors: Ryan Alan Wick, Raymond Emilio Reeves, John Marvin Jones, III
  • Patent number: 9811381
    Abstract: Resource restrictions are associated with a user identifier. A resource restriction agent receives operating system calls related for resources and provides resource request data to a resource agent. The resource agent determines whether the resource is restricted based on the resource request data and resource restriction data and generates access data based on the determination. The resource restriction agent grants or denies the system call based on the access data.
    Type: Grant
    Filed: July 25, 2016
    Date of Patent: November 7, 2017
    Assignee: APPLE INC.
    Inventors: Jussi-Pekka Mantere, III, Alexander Tony Maluta, John William Scalo, Eugene Ray Tyacke, Bruce Gaya, Michael John Smith, Peter Kiehtreiber, Simon P. Cooper
  • Patent number: 9813441
    Abstract: A security device may receive a request from a client device and intended for a server device. The security device may identify the request as being associated with a malicious activity. The malicious activity may include one or more undesirable tasks directed to the server device. The security device may generate a challenge-response test based on identifying the request as being associated with the malicious activity. The challenge-response test may be generated using one or more construction techniques. The security device may provide the challenge-response test to the client device. The security device may receive, from the client device, a proposed solution to the challenge-response test. The security device may identify the proposed solution as being generated using an optical character recognition (OCR) program. The security device may protect the server device from the client device based on identifying the solution as being generated using an OCR program.
    Type: Grant
    Filed: December 17, 2015
    Date of Patent: November 7, 2017
    Assignee: Juniper Networks, Inc.
    Inventor: Kyle Adams
  • Patent number: 9807611
    Abstract: An electronic device uses a voiceprint for user authentication, and includes a storage unit, a voice input unit, and at least one processor. The storage unit registers a first voiceprint based on first voice corresponding to a first character string and a second voiceprint based on second voice corresponding to a second character string longer than the first character string. The at least one processor generates a third voiceprint from third voice input to the voice input unit after registration of the voiceprint in the storage unit, and makes a first comparison between the first voiceprint and the third voiceprint as first user authentication. The at least one processor generates a fourth voiceprint from fourth voice input to the voice input unit after the third voice, and makes a second comparison between the second voiceprint and the fourth voiceprint, when the first user authentication has failed.
    Type: Grant
    Filed: April 20, 2016
    Date of Patent: October 31, 2017
    Assignee: KYOCERA CORPORATION
    Inventor: Hayato Takenouchi
  • Patent number: 9798876
    Abstract: A computer-implemented method for creating security profiles may include (1) identifying, within a computing environment, a new actor as a target for creating a new security behavior profile that defines expected behavior for the new actor, (2) identifying a weighted graph that connects the new actor as a node to other actors, (3) creating, by analyzing the weighted graph, the new security behavior profile based on the new actor's specific position within the weighted graph, (4) detecting a security anomaly by comparing actual behavior of the new actor within the computing environment with the new security behavior profile that defines expected behavior for the new actor, and (5) performing, by a computer security system, a remedial action in response to detecting the security anomaly. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: August 19, 2015
    Date of Patent: October 24, 2017
    Assignee: Symantec Corporation
    Inventors: Aleatha Parker-Wood, Anand Kashyap, Christopher Gates, Kevin Roundy, Leylya Yumer, Sandeep Bhatkar, Yin Liu
  • Patent number: 9800660
    Abstract: A communication device according to the present invention aims to restart data transmission/reception between communication devices in a short amount of time, without performing key sharing again, even when a communication device of a transmitting side is rebooted. The communication device includes a volatile memory storing a count value, a generator generating data including a count value, a communicator transmitting data to another communication device, a storage instructor, each time the communicator transmits data, updating the volatile memory with a count value, and a nonvolatile memory. A count value is incremented each time the communicator transmits data, the storage instructor causes the nonvolatile memory to store a count value at certain intervals, and the generator, when the communication device is rebooted, includes in data a sum of a certain value and a count value stored in the nonvolatile memory.
    Type: Grant
    Filed: January 29, 2014
    Date of Patent: October 24, 2017
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventors: Yoichi Masuda, Masaki Ikeda, Tomoya Watanabe, Keiji Sakaguchi, Hirotatsu Shinomiya, Seiji Nimura
  • Patent number: 9800681
    Abstract: A network traffic monitoring system for redirecting network traffic between a client device and a cloud service includes a monitor proxy server configured as a network intermediary between the client device and the cloud service; and a published identity provider. The published identity provider is configured to receive a login request from a client device and to authenticate the client device at a federated identity provider. The published identity provider is configured to receive from the federated identity provider a redirect response including an identity assertion and a redirect web address to the cloud service. The published identity provider is configured to rewrite the redirect web address to the web address of the monitor proxy server. As a result, network traffic between the cloud service and the client device is routed through the monitor proxy server after user authentication using the published identity provider.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: October 24, 2017
    Assignee: Skyhigh Networks, Inc.
    Inventors: Sekhar Sarukkai, Kaushik Narayan, Rajiv Gupta
  • Patent number: 9792606
    Abstract: A method for performing a secure transaction between a secure device (2) and a terminal (4), the method being carried out by the secure device (2) and comprising the steps of: receiving transaction data from the terminal (4), characterized in that it comprises, before the step of receiving transaction data from the terminal (4), the steps of obtaining transaction data entered by a user of the secure device (2), and transmitting the transaction data to the terminal (4).
    Type: Grant
    Filed: August 10, 2012
    Date of Patent: October 17, 2017
    Assignee: Oberthur Technologies
    Inventors: Yann-loic Aubin, Vincent Guerin, Matthieu Boisde
  • Patent number: 9794542
    Abstract: A wearable computer interface comprising a three dimensional (3D) range camera and a picture camera that image the user and a controller that process the images to identify the user and determine if the user is authorized to use the interface to access functionalities provided by a computer interfaced by the interface.
    Type: Grant
    Filed: July 3, 2014
    Date of Patent: October 17, 2017
    Assignee: Microsoft Technology Licensing, LLC.
    Inventors: Amir Nevet, Giora Yahav
  • Patent number: 9785790
    Abstract: Protecting a computer security application by executing the computer security application on a computer in a first namespace associated with an operating system of the computer, and creating a second namespace associated with the operating system of the computer, where the second namespace is accessible to the computer security application, and where the first namespace is inaccessible from the second namespace.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: October 10, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Shmuel Regev, Shahar Kohanim, Shai Barlev
  • Patent number: 9785708
    Abstract: An architecture for a multimedia search system is described. To perform similarity matching of multimedia query frames against reference content, reference database comprising of a cluster index using cluster keys to perform similarity matching and a multimedia index to perform sequence matching is built. Methods to update and maintain the reference database that enables addition and removal of the multimedia contents, including portions of multimedia content, from the reference database in a running system are described. Hierarchical multi-level partitioning methods to organize the reference database are presented. Smart partitioning of the reference multimedia content according to the nature of the multimedia content, and according to the popularity among the social media, that supports scalable fast multimedia identification is also presented.
    Type: Grant
    Filed: May 21, 2015
    Date of Patent: October 10, 2017
    Assignee: GRACENOTE, INC.
    Inventors: Sunil Suresh Kulkarni, Jose Pio Pereira, Pradipkumar Dineshbhai Gajjar, Shashank Merchant, Prashant Ramanathan, Mihailo M. Stojancic
  • Patent number: 9785623
    Abstract: Some described embodiments relate to techniques for editing markup elements of a markup language document to emphasize a portion of the visible content elements of the markup language document. The techniques may be implemented in any suitable manner, including via scripting language code (e.g., JavaScript) that is incorporated into the markup language document but is not preconfigured with information regarding the markup language document or any other markup language document. The scripting language code may perform the editing automatically, and based on an automatic analysis of markup elements of the markup language document. Some embodiments may include determining the portion of the markup language document to be emphasized by identifying content of interest to a user, including by determining a set of related content through analyzing a structure of markup elements of the markup language document and/or layout of visible content elements of the markup language document.
    Type: Grant
    Filed: January 22, 2015
    Date of Patent: October 10, 2017
    Assignee: Freedom Scientific, Inc.
    Inventor: Aaron M. Leventhal
  • Patent number: 9781127
    Abstract: A method and system to regulate a digital security system that controls access to a resource is disclosed. The system controls access to the resource according to a multi-level security protocol including a high-security-level access protocol and a low-security-level access protocol. The regulation method and system are configured to collect data from a set of user-data sources with which the user interacts during his daily life and, based on the collected data, to compute security parameters characterizing user activity. The computed security parameters are compared to a digital profile that models the characteristic behavior of this user. When the comparison indicates that the observed user activity is inconsistent with the digital behavior profile, the digital security system is regulated to set (or maintain) it in an operating state such that, when the user requests access to the resource in the future, the system will automatically implement the high-security-level access protocol.
    Type: Grant
    Filed: June 11, 2015
    Date of Patent: October 3, 2017
    Assignee: ORANGE
    Inventors: Maria Prokopi, Mobeen Qureshi, Zaheer Ahmad
  • Patent number: 9774608
    Abstract: A device control method used in a device control system in which an operation terminal is used to remotely operate a device with a server device mediating between the operation terminal and the device, the device control method including: acquiring, upon reception of an operation instruction for operation of the device from the operation terminal, environment information pertaining to at least one of the device and the operation terminal; performing a determination of whether or not to cause execution of processing corresponding to the operation instruction based on whether or not the environment information satisfies a predetermined condition; and causing the device to execute an execution command for execution of the processing when a result of the determination is affirmative, and not causing the device to execute the execution command when the result of the determination is negative.
    Type: Grant
    Filed: August 1, 2013
    Date of Patent: September 26, 2017
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventors: Toshihisa Nakano, Masayuki Kozuka, Masataka Minami, Motoji Ohmori, Takeshi Matsuo, Tsuyoshi Sakata, Fumiaki Suzuki
  • Patent number: 9772623
    Abstract: Techniques for securing a device for use in or with a process plant include provisioning the device with a key generated at least in part from data indicative of necessary conditions and/or attributes that must be met before the device is allowed access to a network of the process plant. Upon initialization, the device determines, based on the key, whether or not the necessary conditions are met, and the device isolates itself or accesses the process control network accordingly. Keys and the necessary conditions/attributes indicated therein may be based on, for example, location, time, context, customer, supplier, particular plant, manufacturer, user, data type, device type, and/or other criteria. Additionally, sub-keys associated with a key may be generated from another set of necessary conditions/attributes. Sub-keys may be provided by a different entity than the key provider entity.
    Type: Grant
    Filed: July 18, 2016
    Date of Patent: September 26, 2017
    Assignee: FISHER-ROSEMOUNT SYSTEMS, INC.
    Inventors: Mark J. Nixon, Ken J. Beoughter, Daniel D. Christensen, Deji Chen, James H. Moore, Jr.
  • Patent number: 9772605
    Abstract: A wearable device includes: a touch screen; an acceleration sensor configured to generate an acceleration signal; an optical sensor using a light source and configured to generate a touch interrupt signal; and a control unit configured to detect a wearing state of the wearable device, the wearing state of the wearable device including a not-wearing state for the wearable device, a wrist wearing state, and a hand gripping state on the basis of the acceleration signal and the touch interrupt signal, and to execute a function corresponding to the wearing state of the wearable device.
    Type: Grant
    Filed: July 12, 2016
    Date of Patent: September 26, 2017
    Assignee: LG ELECTRONICS INC.
    Inventors: Hongjo Shim, Gukchan Lim, Youngho Sohn, Seonghyok Kim, Chohee Kwon, Hyunwoo Kim
  • Patent number: 9769875
    Abstract: Embodiments disclosed herein provide systems and methods for allowing non-compliant communication devices to receive multimedia messages. In a particular embodiment, a method provides receiving, from a multimedia messaging system, a content identifier that a destination communication device will use to access content of a multimedia message transferred from a first communication device. The method further provides determining a device identifier for the destination communication device and inserting the device identifier into the content identifier. After inserting the device identifier, the method provides transferring the content identifier to the destination communication device.
    Type: Grant
    Filed: March 12, 2014
    Date of Patent: September 19, 2017
    Assignee: Sprint Communications Company L.P.
    Inventors: Sean Patrick Hoelzle, Nandana T. Maddumakumara, Michael A. Carey
  • Patent number: 9760700
    Abstract: Systems and methods of determining image characteristics are provided. More particularly, a first image having an unknown characteristic can be obtained. The first image can be provided to a plurality of user devices in a verification challenge. The verification challenge can include one or more instructions to be presented to a user of each user device. The instructions being determined based at least in part on the first image. User responses can be received, and an unknown characteristic of the first image can be determined based at least in part on the received responses. Subsequent to determining the unknown characteristic of the first image, one or more machine learning models can be trained based at least in part on the determined characteristic.
    Type: Grant
    Filed: December 3, 2015
    Date of Patent: September 12, 2017
    Assignee: Google Inc.
    Inventors: Wei Liu, Vinay Damodar Shet, Ying Liu, Aaron Malenfant, Haidong Shao, Hongshu Liao, Jiexing Gu, Edison Tan
  • Patent number: 9753865
    Abstract: The present disclosure relates systems and methods for executing an encrypted code section in a shieldable CPU memory cache. Functional characteristics of the software product of a vendor, such as gaming or video, may be partially encrypted to allow for protected and functional operability and avoid hacking and malicious usage of non-licensed user. The encrypted instructions may be written to the CPU memory cache and decrypted only once the CPU memory cache is switched into a shielded state. The decrypted code instructions may be executed from a designated cache-line of said CPU memory cache still in the shielded state.
    Type: Grant
    Filed: September 12, 2016
    Date of Patent: September 5, 2017
    Assignee: TRULY PROTECT OY
    Inventors: Michael Kiperberg, Amit Resh, Nezer Zaidenberg
  • Patent number: 9756048
    Abstract: The present disclosure relates to systems and methods for enabling execution of encrypted managed programs in common managed execution environments. In particular the disclosure relates to method of loading and associating an extension module to the managed execution environment configured to receive execution event notifications. The events corresponding to the execution of encrypted methods are intercepted and passed on to a decryption module operable to execute within an hypervisor environment, such that the managed encrypted program is decrypted, executed in a secured location, preventing access of untrusted party. The decryption module is further configured to discard decrypted instruction if cooperation of the extension module is required, or upon program termination.
    Type: Grant
    Filed: November 11, 2015
    Date of Patent: September 5, 2017
    Assignee: TRULY PROTECT OY
    Inventors: Michael Kiperberg, Amit Resh, Nezer Zaidenberg
  • Patent number: 9754209
    Abstract: A method is used in managing knowledge-based authentication systems. Questions are created from organization based information. The questions are evaluated based on a set of parameters. Based on the evaluation, a set of questions is selected from the questions and a set of responses is selected for each question of the set of questions for a scenario. A user is authenticated in the scenario using the set of questions.
    Type: Grant
    Filed: September 27, 2012
    Date of Patent: September 5, 2017
    Assignee: EMC IP Holding Company LLC
    Inventors: Boris Kronrod, Ido Zilberberg
  • Patent number: 9756050
    Abstract: Authorization decisions can be made in a resource environment using authorization functions which can be provided by customers, third parties, or other such entities. The functions can be implemented using virtual machine instances with one or more transient compute containers. This compute capacity can be preconfigured with certain software and provided using existing compute capacity assigned to a customer, or capacity invoked from a warming pool, to execute the appropriate authorization function. The authorization function can be a lambda function that takes in context and generates the appropriate security functionality inline. The utilization of ephemeral compute capacity enables the functionality to be provided on demand, without requiring explicit naming or identification, and can enable cause state information to be maintained for a customer.
    Type: Grant
    Filed: March 26, 2015
    Date of Patent: September 5, 2017
    Assignee: Amazon Technologies, Inc.
    Inventor: Eric Jason Brandwine
  • Patent number: 9749359
    Abstract: According to one embodiment, an apparatus includes a memory and a processor. The memory is configured to store a plurality of phishing scores, each phishing score of the plurality of phishing scores indicating a likelihood that a user will delete a phishing email. The processor is configured to determine that a plurality of phishing campaigns are occurring. For each phishing campaign of the plurality of phishing campaigns, the processor is configured to determine that a plurality of users deleted a phishing email of the phishing campaign and to determine a priority score for the phishing campaign based on the phishing score of each user of the plurality of users. The processor is further configured to rank the plurality of phishing campaigns based on the priority score of each phishing campaign, wherein the phishing campaign of the plurality of phishing campaigns with the highest rank is presented first.
    Type: Grant
    Filed: July 22, 2015
    Date of Patent: August 29, 2017
    Assignee: Bank of America Corporation
    Inventor: Benjamin L. Gatti
  • Patent number: 9742641
    Abstract: A monitoring device and method for identifying the identity of users requesting database accesses. The data request from application servers to an application server are monitored and parsed. The SQL statements associated with the data request from the application server are also monitored and parsed, so are the SQL responses from the database server. The SQL responses are sent back to the user as data responses. The data responses are also monitored and parsed. The monitoring device matches the parsed data request with the parsed SQL statements, the parsed SQL responses, and the parsed data responses. By matching the string portion of these parsed data, the monitoring device can then identity the identity of the user making such data base request.
    Type: Grant
    Filed: January 13, 2014
    Date of Patent: August 22, 2017
    Assignee: Datiphy Inc.
    Inventor: Yeejang James Lin
  • Patent number: 9740920
    Abstract: The disclosed computer-implemented method for securely authenticating users via facial recognition may include (1) identifying a request from a user to complete an authentication process on the computing device via a facial-recognition system, (2) sending the user a randomized unique identifier to display to a camera on the computing device, (3) simultaneously observing, via the camera on the computing device, both the user and the randomized unique identifier that was sent to the user, and (4) authenticating the observed user in response to determining both that the observed user's facial characteristics match facial characteristics of the user stored in the facial-recognition system and that the observed randomized unique identifier matches the randomized unique identifier sent to the user. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 10, 2015
    Date of Patent: August 22, 2017
    Assignee: Symantec Corporation
    Inventors: Andrew Chang, Ilya Sokolov
  • Patent number: 9740848
    Abstract: A method for authentication of a user to a device by a remote server comprises a remote server initiates a local procedure on the device that causes the user to perform an act, wherein the act is observed by the device, and further wherein the act involves relative movement between the user and a camera, where fiducial marks are captured, and information transmitted to the server for the server to make a determination of whether to authorize the user to the device.
    Type: Grant
    Filed: March 15, 2017
    Date of Patent: August 22, 2017
    Assignee: BRIVAS LLC
    Inventors: Beau Robertson Parry, Yasodenkshna Boddeti
  • Patent number: 9743333
    Abstract: A server coupled to wireless transceivers wirelessly communicating user data on corresponding ones of a plurality of wireless local area networks (WLAN) is disclosed. The server comprises: a memory, and a processor. The memory to store executable instructions. The processor is coupled with the memory, wherein the processor, responsive to executing the executable instructions, performs operations comprising: identifying wireless transceivers and access privileges requested by each of a plurality of WiFi service vendors; opening a control portal between each WiFi service vendor and the corresponding wireless transceivers identified in the identifying act; and arbitrating access by each WiFi service vendor to the corresponding identified wireless transceivers to avoid interruption of the wireless user data communications on corresponding ones of the WLANs.
    Type: Grant
    Filed: April 1, 2017
    Date of Patent: August 22, 2017
    Assignee: Quantenna Communications, Inc.
    Inventors: Huizhao Wang, Hossein Dehghan
  • Patent number: 9742809
    Abstract: A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.
    Type: Grant
    Filed: August 22, 2016
    Date of Patent: August 22, 2017
    Assignee: ACCEPTTO CORPORATION
    Inventors: Nahal Shahidzadeh, Haitham Akkary
  • Patent number: 9736148
    Abstract: In a method of approving access to a server network from any terminal requesting access, a communication request is sent from the terminal to a server on a first communication path. An image containing a series of symbols is communicated to the user on a communication path different from the first path. From the image the user calculates a response based upon a particular pattern in the image defining certain symbols which are then used in an operation to determine from the symbols a response which is different from the symbols. A comparison is made between the response received and a previously stored response to assess whether access should be allowed.
    Type: Grant
    Filed: August 7, 2015
    Date of Patent: August 15, 2017
    Assignee: Passrules US Security LLP
    Inventor: Ken Kotowich
  • Patent number: 9727771
    Abstract: A touch device with fingerprint identification function includes a glass substrate having a first and a second face, a first electrode layer having multiple first electrodes, an insulation layer, a second electrode layer having multiple second electrodes, a wiring layer, a film layer covering the second electrode layer and the wiring layer, and a fingerprint identification sensation layer having multiple fingerprint identification chips and multiple transmission leads. The first face is defined with a touch section and a non-touch section. The first electrode layer is disposed on the second face. One face of the insulation layer covers the first electrode layer. The second electrode layer is disposed on the other face of the insulation layer. The wiring layer is disposed at the non-touch section and selectively electrically connected to the first and second electrode layers. The touch device is able to lower manufacturing cost and enhance fingerprint identification precision.
    Type: Grant
    Filed: April 14, 2015
    Date of Patent: August 8, 2017
    Inventor: Chih-Chung Lin
  • Patent number: 9729573
    Abstract: According to one embodiment, an apparatus is configured to store a plurality of phishing scores, each phishing score of the plurality of phishing scores indicating a likelihood that a user will respond to a phishing email The apparatus is communicatively coupled to the memory and is configured to determine that a plurality of phishing campaigns are occurring. For each phishing campaign of the plurality of phishing campaigns, the apparatus is configured to determine that a plurality of users responded to the phishing campaign and to determine a priority score for the phishing campaign based on the phishing score of each user of the plurality of users. The apparatus is further configured to rank the plurality of phishing campaigns based on the priority score of each phishing campaign, wherein the phishing campaign of the plurality of phishing campaigns with the highest rank is reviewed first.
    Type: Grant
    Filed: July 22, 2015
    Date of Patent: August 8, 2017
    Assignee: Bank of America Corporation
    Inventor: Benjamin L. Gatti
  • Patent number: 9727517
    Abstract: In a wireless docking system a dockee device (120) communicates with a host device (100) that is coupled to at least one peripheral (110, 111, 112). The host device has a host communication unit (102) and a docking processor (101) arranged for docking at least one dockee device. The dockee device has a dockee communication unit (121), and a dockee processor (122) for docking to the host device. The dockee processor is arranged for providing at least one virtual peripheral device in a virtual docking environment, the virtual peripheral device having a privacy level. When docking, the virtual peripherals are mapped on actual peripherals so as to apply the privacy level to the actual peripheral. When docked, data transfer with the actual peripheral is controlled according to the respective peripheral privacy level.
    Type: Grant
    Filed: April 11, 2014
    Date of Patent: August 8, 2017
    Assignee: KONINKLIJKE PHILIPS N.V.
    Inventors: Dirk Valentinus Rene Engelen, Jente De Pee, Gerardus Henricus Adrianus Johannes Broeksteeg, Annemarie Paulien Buddemeijer-Lock, Tess Speelpenning
  • Patent number: 9729533
    Abstract: There is provided a system and method for human verification by a contextually iconic visual public Turing test. There is provided a method comprising receiving a request to verify whether a client is human controlled, selecting, by contextual criteria, a plurality of images each having one or more associated tags from a database, generating a challenge question and a corresponding answer set based on associated tags of a subset of the plurality of images, presenting the plurality of images and the challenge question to the client, receiving a submission to the challenge question from the client, and responding to the request by verifying whether the submission is contained in the answer set to determine whether the client is human controlled. The contextual criteria may comprise subject matter, branding, or intended audience of a content provider sending the request, thereby facilitating human responses while deterring automated systems.
    Type: Grant
    Filed: December 24, 2014
    Date of Patent: August 8, 2017
    Assignee: Disney Enterprises, Inc.
    Inventors: David Snelling, Brian Grutzius, Scott Thompson, Adam T. Fritz
  • Patent number: 9723039
    Abstract: Access to a user profile of a user device at a location may be provided to a destination device upon detecting that the location is within a proximity of a destination location. An expiring token may be generated, associated with the user profile, and communicated to the second device. Access to the user profile provided to the destination device may be terminated upon an expiration of the expiring token.
    Type: Grant
    Filed: January 9, 2017
    Date of Patent: August 1, 2017
    Assignee: International Business Machines Corporation
    Inventors: Lisa Seacat DeLuca, Lydia M. Do, Geetika T. Lakshmanan
  • Patent number: 9723011
    Abstract: Access to a user profile of a user device at a location may be provided to a destination device upon detecting that the location is within a proximity of a destination location. An expiring token may be generated, associated with the user profile, and communicated to the second device. Access to the user profile provided to the destination device may be terminated upon an expiration of the expiring token.
    Type: Grant
    Filed: January 9, 2017
    Date of Patent: August 1, 2017
    Assignee: International Business Machines Corporation
    Inventors: Lisa Seacat DeLuca, Lydia M. Do, Geetika T. Lakshmanan