System Access Control Based On User Identification By Cryptography Patents (Class 713/182)
  • Patent number: 10101952
    Abstract: In a driver installation system, a client device includes: a device information display processing section acquiring, from a peripheral device via a server device, an image of a device information screen of the peripheral device targeted for driver installation and causing a display section to display the image; a selection acceptance section accepting selection of the device information screen from an operator; a device information reading section reading a device information from the selected device information screen; and a driver installation processing section receiving, from the server device, a driver installation file of the peripheral device indicated by the device information and install the driver of the peripheral device into the client device.
    Type: Grant
    Filed: August 17, 2016
    Date of Patent: October 16, 2018
    Assignee: KYOCERA Document Solutions Inc.
    Inventor: Suguru Ishikawa
  • Patent number: 10102151
    Abstract: A method includes generating a set of virtual-machine-specific (VMS) encryption keys for a dedicated virtual machine, storing the set of VMS encryption keys in a protected memory, storing a first look-up table in the protected memory, and replacing an encryption key stored in a crypto unit with at least one VMS encryption key of the set of VMS encryption keys in an operation mode where the dedicated virtual machine is executed by a processor. The protected memory is selectively excluded from access by operating systems executable on a computer system. The look-up table being accessible only by firmware of the computer system.
    Type: Grant
    Filed: November 6, 2015
    Date of Patent: October 16, 2018
    Assignee: International Business Machines Corporation
    Inventors: Christine Axnix, Ute Gaertner, Jakob C. Lang, Angel Nunez Mencias
  • Patent number: 10102152
    Abstract: A method includes generating a set of virtual-machine-specific (VMS) encryption keys for a dedicated virtual machine, storing the set of VMS encryption keys in a protected memory, storing a first look-up table in the protected memory, and replacing an encryption key stored in a crypto unit with at least one VMS encryption key of the set of VMS encryption keys in an operation mode where the dedicated virtual machine is executed by a processor. The protected memory is selectively excluded from access by operating systems executable on a computer system. The look-up table being accessible only by firmware of the computer system.
    Type: Grant
    Filed: April 11, 2016
    Date of Patent: October 16, 2018
    Assignee: International Business Machines Corporation
    Inventors: Christine Axnix, Ute Gaertner, Jakob C. Lang, Angel Nunez Mencias
  • Patent number: 10091354
    Abstract: A computer-implemented method to provide transcripts of multimedia messages is disclosed. The method may include receiving, at a server, a message with an attached media file. The message may be directed to a user device. The server may be configured to receive and direct messages to the user device. The method may further include separating the media file from the message before the message is provided to the user device. The method may also include generating, at a transcription system, a transcript of audio data in the media file. The method may also include providing the message to the user device for presentation of the message on the user device. The method may further include providing the transcript and the media file to the user device for presentation of the transcript and the media file on the user device.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: October 2, 2018
    Assignee: Sorenson IP Holdings, LLC
    Inventors: Kenneth Boehme, Shane Roylance
  • Patent number: 10088807
    Abstract: A wearable device includes: a touch screen; an acceleration sensor configured to generate an acceleration signal; an optical sensor using a light source and configured to generate a touch interrupt signal; and a control unit configured to detect a wearing state of the wearable device, the wearing state of the wearable device including a not-wearing state for the wearable device, a wrist wearing state, and a hand gripping state on the basis of the acceleration signal and the touch interrupt signal, and to execute a function corresponding to the wearing state of the wearable device.
    Type: Grant
    Filed: August 7, 2017
    Date of Patent: October 2, 2018
    Assignee: LG ELECTRONICS INC.
    Inventors: Hongjo Shim, Gukchan Lim, Youngho Sohn, Seonghyok Kim, Chohee Kwon, Hyunwoo Kim
  • Patent number: 10083560
    Abstract: An access control device that at least assists in controlling the ingress/egress through an entryway. According to certain embodiments, the access control device is operably coupled to an entryway device so as to at least assist in controlling the ability to displace an entryway device from a closed positon and/or from an open position. The access control device is structured for communication with a plurality of components of a security management system, and thus may be programmed by one or more modes, including, for example a manual program mode, an off-line managed mode, a wireless off-line management mode, a wireless real-time mode, and/or an off-line real-time mode.
    Type: Grant
    Filed: October 17, 2017
    Date of Patent: September 25, 2018
    Assignee: Schlage Lock Company LLC
    Inventors: Joseph W. Baumgarte, Todd Eberwine, Frank Kasper
  • Patent number: 10084669
    Abstract: Novel tools and techniques are provided for remotely configuring and orchestrating multifunctional cloud devices located on customer premises, in some cases, using a smart cloud adaptive device. In some embodiments, the smart cloud adaptive device, which might have one or more wireless programmable radios configured to communicate with a network termination device, might communicate with a cloud configuration server over a network via the one or more wireless programmable radios (and, in some embodiments, through the network termination device). The smart cloud adaptive device might transmit device identification information associated with a customer and/or service codes indicative of services to be provided to the customer. The smart cloud adaptive device might receive one or more configuration files from the cloud configuration server based on the service codes, and enable functionality among a plurality of functionalities to provision the services, based on the one or more configuration files.
    Type: Grant
    Filed: October 29, 2014
    Date of Patent: September 25, 2018
    Assignee: CenturyLink Intellectual Property LLC
    Inventors: Kevin M. McBride, Felipe Castro, Steven M. Casey, Thomas Schwengler
  • Patent number: 10083044
    Abstract: An electronic apparatus and a booting method thereof are provided. Control a sensing unit to sense a barcode before an operation system is executed by the electronic apparatus. Determine whether the barcode meets a preset barcode. Continue a booting operation of the electronic apparatus if the barcode meets the preset barcode.
    Type: Grant
    Filed: March 4, 2016
    Date of Patent: September 25, 2018
    Assignee: GETAC TECHNOLOGY CORPORATION
    Inventor: Chun-Chi Wang
  • Patent number: 10078479
    Abstract: A printing process system includes processing circuitry configured to render content to generate image data to be used for displaying the content by a web browser; accept a print instruction to print out the content, which is displayed by the web browser by using the generated image data, the print instruction being input by a user via a display device coupled to the printing process system; and convert the image data, which is the same as the image data used for displaying the content by the web browser, into page description language data, and output the page description language data to a printer configured to output printed matter on which an image, which matches an image of the content displayed by the web browser, is printed based on the page description language data.
    Type: Grant
    Filed: May 19, 2017
    Date of Patent: September 18, 2018
    Assignee: Ricoh Company, Ltd.
    Inventor: Yutaka Yagiura
  • Patent number: 10079834
    Abstract: Techniques to provide secure mobile access to a cloud-based service are disclosed. In various embodiments, a request to access the cloud-based service is received from a mobile device. A security certificate associated with the request is used to synthesize a basic authentication header associated with the request. The synthesized basic authentication header is sent to the cloud-based service on behalf of the mobile device.
    Type: Grant
    Filed: January 26, 2016
    Date of Patent: September 18, 2018
    Assignee: MOBILE IRON, INC.
    Inventors: Kumara Das Karunakaran, Vijay Pawar, Ivan Golovenko
  • Patent number: 10078599
    Abstract: A method and apparatus of access control in an electronic apparatus implementing the method are provided. The method of operating an electronic apparatus includes detecting an access request to a resource from an application included in a first area of a memory by a processor of the electronic apparatus, in response to the access request, executing an access control module included in a second area of the memory to calculate a hash value of the application by the processor, determining whether a record exists in the memory, the record corresponding to the hash value and identification information of the application, by executing the access control module by the processor, and allowing access to the resource by the processor when the record exists in the memory.
    Type: Grant
    Filed: July 1, 2016
    Date of Patent: September 18, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Tymur Korkishko, Kyunghee Lee, Sergiy Pometun, Sergey Belousov, Vasyl Shutovskyi, Vitaliy Vasylskyy, Andrey Androsov, Kateryna Dovgan
  • Patent number: 10079864
    Abstract: Communicating media data over a communication system in which a first communication instance for a user of the communication system is implemented at a first user terminal, and a second communication instance for the user of the communication system is implemented at a second user terminal. The user is simultaneously logged into the communication system via: (i) the first communication instance at the first user terminal, and (ii) the second communication instance at the second user terminal. A media communication session is established between the first and second communication instances, wherein the media communication session is authenticated on the basis of the same user being simultaneously logged into the communication system via both the first and second communication instances. Media data is communicated in the media communication session from the first communication instance at the first user terminal to the second communication instance at the second user terminal.
    Type: Grant
    Filed: July 23, 2012
    Date of Patent: September 18, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Matthew Hungerford
  • Patent number: 10079681
    Abstract: Techniques for securely instantiating applications associated with computing resource service provider services on hardware that is controlled by third parties and/or customers of the computing resource service provider are described herein. A request to instantiate an application is received and fulfilled by selecting a computer system from computer systems that are controlled by a third party and/or a customer of the computing resource service provider. The computer system is selected based at least in part on the hardware capabilities of the computer system associated with instantiating a secure execution environment. The application is then instantiated within a secure execution environment operating on the computer system.
    Type: Grant
    Filed: September 3, 2014
    Date of Patent: September 18, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Aaron Douglas Dokey, Eric Jason Brandwine, Nathan Bartholomew Thomas
  • Patent number: 10075464
    Abstract: A security system detects anomalous activity in a network. The system logs user activity, which can include ports used, compares users to find similar users, sorts similar users into cohorts, and compares new user activity to logged behavior of the cohort. The comparison can include a divergence calculation. Origins of user activity can also be used to determine anomalous network activity. The hostname, username, IP address, and timestamp can be used to calculate aggregate scores and convoluted scores.
    Type: Grant
    Filed: March 17, 2017
    Date of Patent: September 11, 2018
    Assignee: PALANTIR TECHNOLOGIES INC.
    Inventors: Maxim Kesin, Samuel Jones
  • Patent number: 10075301
    Abstract: A method of equality verification using relational encryption including receiving a relational key that includes a first relational key component and a registration ciphertext that includes an encryption of a first plaintext data set. The method includes storing the registration ciphertext without decrypting the registration ciphertext. After the storing of the registration ciphertext, the method includes receiving an authentication request and communicating a safeguard data set that includes a random challenge in response to the authentication request. The method includes receiving an encrypted response that is generated based on the safeguard data set and a second plaintext data set. The method includes verifying a relationship between the encrypted response and the registration ciphertext using the relational key without decrypting the encrypted response and without decrypting the registration ciphertext. The relationship indicates that equality exists between the first and the second plaintext data sets.
    Type: Grant
    Filed: July 13, 2015
    Date of Patent: September 11, 2018
    Assignee: FUJITSU LIMITED
    Inventors: Avradip Mandal, Arnab Roy
  • Patent number: 10075600
    Abstract: A display device (1) includes a display section (20), a detection section (30), a storage (40), and a controller (10). The detection section (30) detects a touch region (210) of the display region in which a user touches. The storage (40) stores therein a pattern (400). The controller (10) includes a determination section (101) and a display controller (103). The determination section (101) determines whether or not the touch region (210) matches the pattern (400). The display controller (103) causes the display section (20) to display a soft key array (220) upon the determination section (101) determining match.
    Type: Grant
    Filed: December 2, 2015
    Date of Patent: September 11, 2018
    Assignee: KYOCERA Document Solutions Inc.
    Inventor: Tomoaki Nakaizawa
  • Patent number: 10075426
    Abstract: Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.
    Type: Grant
    Filed: March 20, 2017
    Date of Patent: September 11, 2018
    Assignee: Oracle International Corporation
    Inventors: Marc B. Manza, Ayman Sorial, Anthony Robert Valenti, Yitzchak Weiser, Andrew Bennett Folkins
  • Patent number: 10075576
    Abstract: A system and method to access a machine through a mobile device includes sending a machine key to a controller on-board the machine, and a mobile device key to the mobile device using a remote server. The mobile device sends a mobile device ID to the controller. The controller determines the mobile device key based on the mobile device ID and the machine key. The controller sends a random number to the mobile device. The mobile device processes the random number to derive a first processed random number, and sends the first processed random number to the controller. The controller processes the random number to derive a second processed random number. The controller enables a start button to send a request to start the machine, when the first processed random number matches the second processed random number. The controller starts the machine upon receiving the request to start the machine.
    Type: Grant
    Filed: July 20, 2017
    Date of Patent: September 11, 2018
    Assignee: Caterpillar Inc.
    Inventors: Jeffrey David Rule, Kirk Shively, Derek J. Light, Joshua Dean Reed, Bradley Bergerhouse, Arjun Veneshetty, Sudhakar Subramaniyan, Rohinikumar Adivi, Harold Duane Dabbs, Paul William Bierdeman
  • Patent number: 10068098
    Abstract: There is disclosed a modular data storage and access platform with jurisdictional control. The platform ensures alignment of jurisdictional compliance between a user, national laws, and associated data through pre-scripted data channeling and handling during execution of application provider business services and/or sharing and synchronizing data between approved parties, encapsulated though user defined encryption technology, while ensuring physical and legal ownership and defined residency of user data with solution enablement free of technical complexity or need of special education/training or need of information technology services. In an embodiment, the platform enables approved third party value added SaaS applications to manipulate data stored on the modular data storage without removing the data from the platform.
    Type: Grant
    Filed: April 18, 2016
    Date of Patent: September 4, 2018
    Assignee: CICER ONE TECHNOLOGIES INC.
    Inventor: Robert A Embleton
  • Patent number: 10062223
    Abstract: An intermediary access device enables a user electronic device to communicate with a vehicle's onboard computer system. A first wireless transceiver of the intermediary access device is used to establish a secure wireless communication channel between the intermediary access device and a vehicle on-board computer system. A second wireless transceiver of the intermediary access device is used to establish a user-initiated communication channel between the intermediary access device and a user electronic device. User commands and vehicle information can then be transmitted between the vehicle on-board computer system and the user electronic device via the intermediary access device in a safe, secure and efficient manner.
    Type: Grant
    Filed: August 30, 2013
    Date of Patent: August 28, 2018
    Assignee: Bayerische Motoren Werke Akttiengesellschaft
    Inventors: Hans-Peter Fischer, Timothy Barrett, Andreas Kasprzok, Keith Payne, Johannes Michael Zahn
  • Patent number: 10063377
    Abstract: A system may be configured to allow for network-based authentication of a user device, which may reduce or eliminate the need for a user to provide credentials. The authentication may be performed when the user device attempts to access content provided by a third party content provider. The network-based authentication may be performed by, or in conjunction with, a device that (a) is associated with the same telecommunications network as the user device, and (b) can authenticate the identity of the user device.
    Type: Grant
    Filed: February 7, 2017
    Date of Patent: August 28, 2018
    Assignee: Verizon Patent and Licensing Inc.
    Inventor: Raymond C. Counterman
  • Patent number: 10057254
    Abstract: Provided are a mobile terminal for providing a one-time password (OTP) and an operation method thereof. The mobile terminal includes a first one-time password (OTP) generating module configured to provide identification information regarding each of a plurality of pieces of OTP data to a user, and output an OTP provided according to any one identification information selected by the user, and a second OTP generating module based on mobile trusted module (MTM) configured to transfer the identification information regarding each of the plurality of pieces of OTP data to the first OTP generating module according to a corresponding request from the first OTP generating module, generate an OTP by using OTP data corresponding to the selected identification information, and transfer the generated OTP to the first OTP generating module.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: August 21, 2018
    Assignee: Electronics and Telecommunications Research Institute
    Inventor: Young Sae Kim
  • Patent number: 10057244
    Abstract: A method for connecting a mobile device to a vehicle system of a vehicle. The method includes the following: generating a passkey based on at least one of vehicle information and an image accessible to an occupant of the vehicle; transmitting instructions for composing the passkey to the mobile device; and connecting the mobile device to the vehicle system subsequent to entry of the passkey at the mobile device.
    Type: Grant
    Filed: July 9, 2015
    Date of Patent: August 21, 2018
    Assignee: DENSO International America, Inc.
    Inventors: Laith Daman, Kyle Golsch
  • Patent number: 10057251
    Abstract: Disclosed are various embodiments for provisioning account credentials via a trusted channel. An account configuration manager automatically determines a credential reset format that is associated with an account. The account configuration manager then automatically requests a security credential reset for the account using the credential reset format. A security credential communication is received via a trusted channel of communication that is linked to the account for reset purposes. The account configuration manager parses the security credential communication to determine a security credential for the account.
    Type: Grant
    Filed: March 23, 2017
    Date of Patent: August 21, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: William Alexander Strand, Jesper Mikael Johansson, Luan Khai Nguyen
  • Patent number: 10049203
    Abstract: Method and apparatus for authentication of a user to a server that involves the user performing a requested act and that further involves relative movement between the user and a camera wherein fiducial marks are captured.
    Type: Grant
    Filed: August 11, 2017
    Date of Patent: August 14, 2018
    Assignee: VNS Portfolio LLC
    Inventors: Beau Robertson Parry, Yasodekshna Boddeti
  • Patent number: 10044695
    Abstract: A computer-implemented system and method for receiving a request to associate one or more application instance definitions with an application identity of an application configured with a set of permissions to access computer resources in an environment of a computing resource service provider. The system and method cause a computer system to store the one or more application instance definitions in association with the application identity of the application. The system and method also cause the computer system to evaluate a request originating from an application corresponding to the application identity and the application instance definition to determine if fulfillment of the request complies with the permissions.
    Type: Grant
    Filed: September 2, 2014
    Date of Patent: August 7, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Conor Patrick Cahill, Gregory Branchek Roth
  • Patent number: 10045209
    Abstract: A user of a mobile device is authenticated in a manner that enables the user access to a credential that has been issued by a credential-issuing organization. One or more keys are identified that are associated with the credential and that enable access to one or more physical resources associated with the credential-issuing organization. A physical orientation of the user's mobile device is determined. A display arrangement of one or more control icons that enable usage of the one or more keys is determined based on a physical orientation of the one or more physical resources relative to the determined physical orientation of the mobile device. The one or more control icons are displayed in accordance with the determined display arrangement.
    Type: Grant
    Filed: October 23, 2017
    Date of Patent: August 7, 2018
    Assignee: MicroStrategy Incorporated
    Inventor: Siamak Ziraknejad
  • Patent number: 10044674
    Abstract: A system, apparatus, and method are described for a secure IoT wireless network configuration. For example, one embodiment of an Internet of Things (IoT) hub comprises: a local wireless communication interface to establish local wireless connections with one or more IoT devices and/or IoT extender hubs; a network router to establish network connections over the Internet on behalf of the IoT devices and/or IoT extender hubs; an authentication module pre-configured with a passphrase and a hidden service set identifier (SSID), the authentication module to receive a connection requests from the IoT devices and/or an IoT extender hubs and to grant the connection requests when the IoT devices and/or IoT extender hubs use the pre-configured passphrase and hidden SSID; and a firewall of the IoT hub to block all outgoing and incoming connection requests other than those directed to designated servers of an IoT service with known host names.
    Type: Grant
    Filed: January 4, 2016
    Date of Patent: August 7, 2018
    Assignee: AFERO, INC.
    Inventors: Clif Liu, Robey Pointer, Kerry Quinn
  • Patent number: 10042992
    Abstract: Systems and methods of determining image characteristics are provided. More particularly, a first image having an unknown characteristic can be obtained. The first image can be provided to a plurality of user devices in a verification challenge. The verification challenge can include one or more instructions to be presented to a user of each user device. The instructions being determined based at least in part on the first image. User responses can be received, and an unknown characteristic of the first image can be determined based at least in part on the received responses. Subsequent to determining the unknown characteristic of the first image, one or more machine learning models can be trained based at least in part on the determined characteristic.
    Type: Grant
    Filed: September 11, 2017
    Date of Patent: August 7, 2018
    Assignee: Google LLC
    Inventors: Wei Liu, Vinay Damodar Shet, Ying Liu, Aaron Malenfant, Haidong Shao, Hongshu Liao, Jiexing Gu, Edison Tan
  • Patent number: 10038688
    Abstract: Internet user passwords are securely managed. A formation component can enable a user to create a master account on a web server, the master account comprising a master username and password. An access component can enable the user to access a plurality of password protected websites from a web browser or non-browser software application resident on the user's computing device when the user logs into the master account by entering the valid master username and password. A selection component can log the user into a website of the plurality of password protected websites when the user selects a hyperlink associated with the website, selects a linked image associated with the website, or selects the website from a pulldown list contained in a toolbar of a web browser. A display component can open a web browser or tab associated with the website.
    Type: Grant
    Filed: January 18, 2017
    Date of Patent: July 31, 2018
    Assignee: Google LLC
    Inventors: Jonathan Nichols, Krista Donaldson
  • Patent number: 10038726
    Abstract: Systems, devices, apparatuses, and methods of the present invention distribute authentication across multiple users. A data sensitivity model can define the sensitivity of different types of data. When an application requests access to a particular data item, the sensitivity of that data item can be determined. If the data item has a low sensitivity, access to the data item can be granted. If the data item has a high sensitivity, the system can request authentication before granting access to the data item.
    Type: Grant
    Filed: June 12, 2014
    Date of Patent: July 31, 2018
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventors: Ajit Gaddam, Selim Aissi, Taeho Kgil
  • Patent number: 10025691
    Abstract: A technique verifies a compound software code using a modularized architecture. The compound software code may be divided into smaller components or modules that provide various functions (e.g., services) of the code. A set of properties may be defined for the modules, such that the verification technique may be used to verify that the modules manifest those properties, wherein at least one property may be security related and the remaining properties may be related to the services of the modules. The compound software code is divided into smaller modules to facilitate verification of the properties related to the services provided by the modules. Properties of the modules may be verified in accordance with an enhanced verification procedure to demonstrate that the modules manifest those properties and transform those modules into verified code bases (VCBs).
    Type: Grant
    Filed: September 9, 2016
    Date of Patent: July 17, 2018
    Assignee: FireEye, Inc.
    Inventors: Osman Abdoul Ismael, Hendrik Tews, Ashar Aziz
  • Patent number: 10020939
    Abstract: The present disclosure includes: a communication module; a memory that stores a secret key encryption and restoration program; and a processor that executes the program, wherein when a request for restoration of a secret key is received from a user, the processor restores the secret key of which restoration is requested on the basis of restoration information received from each of a key management server and one or more trusted devices according to execution of the program, the secret key of the user is generated and encrypted by the processor in response to the request from the user, and the restoration information is generated corresponding to the secret key and then transmitted to each of the key management server and the one or more trusted devices through the communication module.
    Type: Grant
    Filed: April 28, 2016
    Date of Patent: July 10, 2018
    Assignee: KOREA UNIVERSITY RESEARCH AND BUSINESS FOUNDATION
    Inventors: Heejo Lee, Hyundo Park
  • Patent number: 10021054
    Abstract: A method for implementing secured messages via public e-mail services includes: receiving a content of an original message to be transmitted to a recipient; parsing the content of the original message into a plurality of segments; dividing the plurality of segments into a first group of segments and a second group of segments; generating a first message including the first group of segments and a second message including the second group of segments; and forwarding the first message via a first messaging service and the second message via a second messaging service different from the first messaging service. Further, a method includes receiving the first and the second messages via the first and the second messaging services and merging the first and the second messages to generate the original message.
    Type: Grant
    Filed: September 23, 2013
    Date of Patent: July 10, 2018
    Assignee: CA, Inc.
    Inventors: Rongbiao Zhou, Yang Gao, Xunxiao Wang
  • Patent number: 10021104
    Abstract: A method for operating a security element, preferably in the form of a chip card, having a processor, and a memory. stores an operating system comprising an operating-system kernel and at least one additional operating-system module for supplying optional operating-system functionalities, and at least one access permission associated with the operating-system module and determining whether the operating-system module can be accessed during operation of the security element. The method comprises the step of changing the access permission for the operating-system module for supplying optional operating-system functionalities in reaction to the receiving of a message from a server. The message from the server may be an OTA message sent from the server to the security element via a mobile radio network.
    Type: Grant
    Filed: August 1, 2014
    Date of Patent: July 10, 2018
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Martin Rösner, Carlos Maldonado Miranda
  • Patent number: 10020935
    Abstract: Systems and methods for securing or encrypting data or other information arising from a user's interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or was accessed. The ciphertext can be stored in a user's storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.
    Type: Grant
    Filed: March 27, 2017
    Date of Patent: July 10, 2018
    Assignee: Ionic Security Inc.
    Inventors: Adam Ghetti, Jeffrey Howard, James Jordan, Nicholas Smith, Jeremy Eckman, Ryan Speers, Sohaib Bhatti
  • Patent number: 10015324
    Abstract: A system and a method for performing purchase transactions over a network are provided. The system includes a server controlled by a service provider, including a link to a network; a processor circuit, the processor circuit configured to receive purchase requests from a mobile phone, and to transfer funds from a user account to a vendor account; and a memory circuit storing a plurality of mobile phone numbers and a plurality of personal identification numbers (PINs), wherein each mobile phone number and PIN is associated with a user account. A non-transitory machine-readable medium may include a plurality of machine-readable instructions which when executed by one or more processors of a server controlled by a service provider are adapted to cause the server to perform a method as above.
    Type: Grant
    Filed: March 13, 2014
    Date of Patent: July 3, 2018
    Assignee: PayPal, Inc.
    Inventor: Subha Gopalakrishnan
  • Patent number: 10011156
    Abstract: A method for controlling a vehicle cabin climate is provided. The method includes the steps of receiving and aggregating data relating to one or more inputs, wherein at least some of the data is acquired at the vehicle and some of the data is acquired from sources located remotely from the vehicle. The method further includes using a climate control module to determine an optimal cabin climate based on the aggregated data, and controlling one or more climate features according to the optimal cabin climate.
    Type: Grant
    Filed: August 6, 2015
    Date of Patent: July 3, 2018
    Assignee: General Motors LLC
    Inventors: Seungeun Lee, Michael Kocheisen, Calvin C. Chou, Danny P. Jiang
  • Patent number: 10002240
    Abstract: According to an aspect of the present invention, there is a method, computer program product, and/or system that performs the following steps (not necessarily in the following order): (i) presenting a first challenge-response test to a requestor seeking access to a first application; (ii) receiving a first answer to the first challenge-response test from the requestor; (iii) storing a first test-answer set; and (iv) selecting a subsequent challenge-response test, based at least in part on the first test-answer set. The first test-answer set includes the first answer and a first test indicator. At least the selecting step is performed by computer software running on computer hardware.
    Type: Grant
    Filed: May 8, 2015
    Date of Patent: June 19, 2018
    Assignee: International Business Machines Corporation
    Inventors: Yuk L. Chan, Michael D. Essenmacher, James M. Hertzig, David B. Lection, Mark A. Scott
  • Patent number: 10002242
    Abstract: Methods, apparatus, and computer program products for controlling access to an electronic device based on biometric input are described. An example of such a method includes receiving a current biometric input, determining template similarity scores for the current biometric input, if at least one template similarity score satisfies a template similarity score criterion, then updating a false user counter value in a first numerical direction and performing an authentication process on the current biometric input, else, determining stored biometric input similarity scores for the current biometric input, if at least one stored biometric input similarity score satisfies a stored biometric input similarity score criterion, then maintaining the false user counter value, else, replacing a previously stored biometric input with the current biometric input, and updating the false user counter value in a second numerical direction opposite to the first numerical direction.
    Type: Grant
    Filed: November 18, 2015
    Date of Patent: June 19, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Bjorn Markus Jakobsson, Mark Bapst, Laurence Geoffrey Lundblade
  • Patent number: 9996569
    Abstract: In searching an index in an original search structure for a database, portion(s) of the index are determined to be stored in a memory in an alternate search structure. The alternate search structure with the portion(s) is created and stored in the memory. The index is searched by traversing the alternate search structure and possibly the original search structure. The alternate search structure may be traversed more efficiently than the original search structure. The number of portions of the index may be a tunable parameter or selected based on a performance improvement/expense ratio. The search of the index begins at the alternate search structure. During traversal of the one or more portions in the alternate search structure, if traversal is to continue at a portion in the original search structure, the identity of this portion is obtained. The traversal is continued at this identified portion in the original search structure.
    Type: Grant
    Filed: March 18, 2015
    Date of Patent: June 12, 2018
    Assignee: International Business Machines Corporation
    Inventor: Robert W. Lyle
  • Patent number: 9996570
    Abstract: In searching an index in an original search structure for a database, portion(s) of the index are determined to be stored in a memory in an alternate search structure. The alternate search structure with the portion(s) is created and stored in the memory. The index is searched by traversing the alternate search structure and possibly the original search structure. The alternate search structure may be traversed more efficiently than the original search structure. The number of portions of the index may be a tunable parameter or selected based on a performance improvement/expense ratio. The search of the index begins at the alternate search structure. During traversal of the one or more portions in the alternate search structure, if traversal is to continue at a portion in the original search structure, the identity of this portion is obtained. The traversal is continued at this identified portion in the original search structure.
    Type: Grant
    Filed: March 17, 2016
    Date of Patent: June 12, 2018
    Assignee: International Business Machines Corporation
    Inventor: Robert W. Lyle
  • Patent number: 9998441
    Abstract: A method and an apparatus for client authentication. The server receives from a client a request for identity authentication corresponding to a user account. A social relationship similarity is computed as a result of matching social relationship data of the client and the stored social relationship data of the user account. If the similarity meets a preset passing condition, the client is allowed to pass the identity authentication.
    Type: Grant
    Filed: January 27, 2015
    Date of Patent: June 12, 2018
    Assignee: Alibaba Group Holding Limited
    Inventor: Kai Cao
  • Patent number: 9990516
    Abstract: Data may be masked on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage that are processed by an internet browser. The system may intercept data, such as text, images, and video input at the data input fields, prior to the data being posted online. The publishing node may control which users are permitted access to the posted data by defining a policy associated with the data input field. The posted data may be transformed or tokenized to ensure that it is inaccessible to a user (or group of users) unless that user/group has access to the decoding key under the policy. In this way, data security and data control may be provided to a publishing user node. Data that has already been posted may be destroyed, for example, by deleting the decryption key or a token.
    Type: Grant
    Filed: May 12, 2015
    Date of Patent: June 5, 2018
    Assignee: ESW Holdings, Inc.
    Inventors: Steven Sprague, Michael Sprague
  • Patent number: 9985792
    Abstract: The various technologies presented herein relate to binding data (e.g., software) to hardware, wherein the hardware is to utilize the data. The generated binding can be utilized to detect whether at least one of the hardware or the data has been modified between an initial moment (enrollment) and a later moment (authentication). During enrollment, an enrollment value is generated that includes a signature of the data, a first response from a PUF located on the hardware, and a code word. During authentication, a second response from the PUF is utilized to authenticate any of the content in the enrollment value, and based upon the authentication, a determination can be made regarding whether the hardware and/or the data have been modified. If modification is detected then a mitigating operation can be performed, e.g., the hardware is prevented from utilizing the data. If no modification is detected, the data can be utilized.
    Type: Grant
    Filed: March 22, 2016
    Date of Patent: May 29, 2018
    Assignee: National Technology & Engineering Solutions of Sandia, LLC
    Inventor: Jason Hamlet
  • Patent number: 9977890
    Abstract: The present relates to a method and device for controlling access from the device to a card via a Near Field Communication (NFC) interface of the device. An Access Control List (ACL) is stored at a memory of the device. The ACL comprises application signatures and corresponding card identifiers. A request is received at a processor of the device from a specific application executing on the device. The request is for accessing a particular NFC enabled card via the NFC interface of the device. The request comprises a particular card identifier of the particular card and a specific signature of the specific application. A determination is made by the processor based on the specific signature, the particular card identifier and the ACL. The determination consists in whether the specific application is granted or alternatively denied access to the particular card via the NFC interface.
    Type: Grant
    Filed: August 21, 2015
    Date of Patent: May 22, 2018
    Assignee: MOBEEWAVE, INC.
    Inventors: Xavier Alberti, Vincent Alimi, Maxime De Nanclas, Benjamin Du Hays, Sebastien Fontaine
  • Patent number: 9978106
    Abstract: A social graph may be modeled as a collection of claims. Each claim is associated with an author, an audience, and an assertion about a fact. Probabilistic information may be collected from various sources for a claim, enabling a social networking system to evaluate a truthfulness of the assertion made in the claim. User-declared profile information may be evaluated as claims. A user, entity, or application may make claims about any assertions made in the social networking system. Reputation scores may be determined for users based on evaluations of their historical assertions. Claims may be evaluated for truthfulness using a probabilistic prediction model using heuristics analysis, regression analysis, and machine learning methods. A claims-based profile of users may be provided to viewers based on the contexts in which the claims were made. Viewers may view claims made about users, such as the users' biographical information, contact information, expertise, and interests.
    Type: Grant
    Filed: April 24, 2012
    Date of Patent: May 22, 2018
    Assignee: Facebook, Inc.
    Inventors: Samuel Lessin, Michael Richter, Aaron Sittig
  • Patent number: 9970773
    Abstract: A navigation system stores navigation data in an access-protected manner. The navigation system includes navigation units that utilize the navigation data retained in a memory. The system includes a module for authenticating the access code. The system may include a module for generating an access protection code for storing the navigation data in memory. The access code and the access protection code may be used in a complementary scheme to secure the navigation data set.
    Type: Grant
    Filed: October 27, 2005
    Date of Patent: May 15, 2018
    Assignee: HARMAN BECKER AUTOMTOIVE SYSTEMS GMBH
    Inventor: Lars Ruβlies
  • Patent number: 9965638
    Abstract: Although current conferencing applications provide many abilities, some of these abilities are limited. Various embodiments described herein provide one or more of systems, methods, software, and data structures that allow a document, or other file type, to be used to connect to a network-based conference, such as over the Internet, where a view of a local copy of the document is synchronized between participants. Participation abilities of certain network-based conference participants may be limited in such embodiments. Such limits may be enforced locally for each participant, on a server by preventing data representative of certain actions from being broadcast to other participants, or in other ways as described and would be readily apparent herein.
    Type: Grant
    Filed: January 28, 2008
    Date of Patent: May 8, 2018
    Assignee: Adobe Systems Incorporated
    Inventors: Jason T. Pittenger, Nigel Pegg
  • Patent number: 9965609
    Abstract: Authenticating users comprises a computing device that receives a manual authentication input of a user and initiates a first user session between the user and the user computing device. The device communicates a request for a first user authorization data from an authentication technology associated with the one or more computing devices and receives the first user authentication data. The user or the device terminates the first user session and subsequently receives an input of the user to initiate a second user session. The device communicates a request for second user authentication data from the authentication technology and compares the first user authentication data and the second user authentication data. The device identifies a match of one or more features of the first user authentication data and one or more features of the second user authentication data and authorizes the user to conduct the second user session.
    Type: Grant
    Filed: March 29, 2017
    Date of Patent: May 8, 2018
    Assignee: GOOGLE LLC
    Inventor: Deepak Chandra