System Access Control Based On User Identification By Cryptography Patents (Class 713/182)
-
Patent number: 9098440Abstract: Methods and apparatus are provided, such as a memory card with a processor and nonvolatile memory coupled thereto. The nonvolatile memory has a secure area configured to store a user password and a serial number in encrypted form. The card is configured to grant access to the secure area when the card receives a password that matches the stored user password and the card is coupled to a system having the serial number.Type: GrantFiled: August 27, 2013Date of Patent: August 4, 2015Assignee: Micron Technology, Inc.Inventors: Petro Estakhri, Ngon Le
-
Patent number: 9092016Abstract: A validation module provides for the upgrading of a physical access control system (PACS) to full HSPD-12 compliance without requiring modification or replacement of the existing PACS. The validation module may contain all of the validation functionality required by federal specifications and technical requirements. The validation module may be installed between an existing PACS panel and a supported card/biometric reader. Readers may be selected based on assurance level requirements, e.g., contactless or contact readers for low and medium assurance level areas and full biometric readers for high assurance areas. The validation module may validate a card according to the assurance level setting, extract ID information from data on the card and then pass the ID information to the PACS panel for an access decision. Cardholder data captured by one validation module may be distributed to other validation modules of the PACS using a management station.Type: GrantFiled: November 9, 2012Date of Patent: July 28, 2015Assignee: Assa Abloy ABInventor: John J. McGeachie
-
Patent number: 9092645Abstract: In one embodiment, the present disclosure provides a method that includes segmenting an n-bit exponent e into a first segment et and a number t of k-bit segments ei in response to a request to determine a modular exponentiation result R, wherein R is a modular exponentiation of a generator base g for the exponent e and a q-bit modulus m, wherein the generator base g equals two and k is based at least in part on a processor configured to determine the result R; iteratively determining a respective intermediate modular exponentiation result for each segment ei, wherein the determining comprises multiplication, exponentiation and a modular reduction of at least one of a multiplication result and an exponentiation result; and generating the modular exponentiation result R=ge mod m based on, at least in part, at least one respective intermediate modular exponentiation result.Type: GrantFiled: December 5, 2011Date of Patent: July 28, 2015Assignee: Intel CorporationInventors: Erdinc Ozturk, Vinodh Gopal, Gilbert M. Wolrich, Wajdi K. Feghali, James D. Guilford, Deniz Karakoyunlu, Martin G. Dixon, Kahraman D. Akdemir
-
Patent number: 9083750Abstract: A computer-implemented method for authentication involves defining a level of trust required for access to a resource independently of any particular authentication mechanism or instance, determining levels of trust associated with a plurality of authentication instances, and selecting and combining two or more of the authentication instances to meet or exceed the required level of trust.Type: GrantFiled: July 15, 2013Date of Patent: July 14, 2015Assignee: SAP SEInventors: Laurent Y. Gomez, Ivonne Scherfenberg
-
Patent number: 9083720Abstract: A message that a user is requesting an access to a resource is received. The access is associated with a requested access level and is granted if an access path exists between the user and the resource for the requested access level. In response to the message reception, a first identifier of the user, a second identifier of the resource, the requested access level, and a first value that represents that the access to the resource was requested is stored in a record. All access paths usable to determine whether the user is authorized to access the resource are identified. Another security object including a flag to represent its usage in authorizing access to the resources is received. A decision is made with respect to whether the received other security object was used within one of the identified access paths as a function of its flag value.Type: GrantFiled: August 26, 2010Date of Patent: July 14, 2015Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Augustinus H. J. Bonnes, Hans Schoone
-
Patent number: 9069944Abstract: Disclosed embodiments include a method for receiving, at a configuration information server, an encrypted password associated with a configuration item, where the encrypted password is encrypted using an encryption key. The method further includes encrypting a decrypted password to generate a reencrypted password, where the decrypted password is derived from the encrypted password. The method further includes transmitting the reencrypted password to the configuration item and removing the decrypted password from the configuration information collection server.Type: GrantFiled: February 14, 2012Date of Patent: June 30, 2015Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventor: Akira Ohkado
-
Patent number: 9063752Abstract: A security method for verifying a client device comprising: loading and executing a boot loader at the client device which establishes a connection to a boot compliance server; sending a first cryptographic element from the boot compliance server to the client device; generating a first cryptographic response with the first cryptographic element based on at least part of the boot loader and sending the first cryptographic response to the boot compliance server for verification; and continuing the boot process upon successful verification of the first cryptographic response.Type: GrantFiled: December 21, 2012Date of Patent: June 23, 2015Assignee: ARISTOCRAT TECHNOLOGIES AUSTRALIA PTY LIMITEDInventor: Nigel Martin Witty
-
Patent number: 9065807Abstract: A wireless communications system comprising a wireless communications unit. The wireless communications unit comprises a communications device, a back-end router, a cryptographic module connected to the back-end router, and a front-end router connected to the cryptographic module and the communications device. The communications device is configured to exchange information over a single wireless communications channel. The front-end router is configured to perform at least one of sending a first data packet received at the front-end router from the communications device to the back-end router through the cryptographic module and sending a second data packet received at the front-end router from the back-end router through the cryptographic module to the communications device.Type: GrantFiled: May 16, 2012Date of Patent: June 23, 2015Assignee: THE BOEING COMPANYInventors: Ceilidh Hoffmann, Bruce A. Dike
-
Patent number: 9054919Abstract: Device pinning capabilities for cloud-based services and/or storage accounts are disclosed. In one aspect, embodiments of the present disclosure include a method, which may be implemented on a system, for authorizing synchronization of a synchronization client on a device with content associated with an account in the cloud-based service, responsive to determining that the device is on a list of devices that are authorized, and synchronizing the synchronization client on the device with the content associated with the account such that the content is also locally available for access on the device. The list of devices can be specific to and associated with devices for a user in the account and can be limited to an allowable number of devices for the account or a user associated with the account.Type: GrantFiled: June 11, 2012Date of Patent: June 9, 2015Assignee: Box, Inc.Inventors: Andy Kiang, Peter Rexer
-
Patent number: 9054873Abstract: The present invention relates to the field of securing electronic transactions and more specifically to systems to indicate and verify the approval of the risk level of a transaction and to systems for generating transaction risk level approval codes.Type: GrantFiled: February 24, 2014Date of Patent: June 9, 2015Assignee: VASCO DATA SECURITY, INC.Inventors: Frank Hoornaert, Dirk Marien
-
Patent number: 9054963Abstract: A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.Type: GrantFiled: July 7, 2014Date of Patent: June 9, 2015Assignee: Numecent Holdings, Inc.Inventors: Arthur S. Hitomi, Robert Tran, Peter J. Kammer, Doug Pfiffner, Huy Nguyen
-
Patent number: 9055096Abstract: Upon acquiring first data transmitted from an outside of a predetermined range in a network, an apparatus stores, in a memory, first information including transmission source and destination addresses of the first data. Upon acquiring second data addressed to an inside of the predetermined range and indicating predetermined communication data of service initiation, the apparatus extracts the first information including as the transmission source address a source address of the second data, and stores, in the memory, second information indicating a service initiation and including a destination address of the second data, in association with the first information. When the second information including as the transmission destination address a source address of the second data is stored in the memory and a destination address of the second data coincides with the transmission source address in the first information associated with the second information, the apparatus notifies detection of an attack.Type: GrantFiled: May 30, 2014Date of Patent: June 9, 2015Assignee: FUJITSU LIMITEDInventors: Masahiro Yamada, Masanobu Morinaga, Yuki Fujishima
-
Patent number: 9053313Abstract: A system and method for providing continued access to authentication and encryption services that includes a secure key store communicably coupled to a virtual smart card server. A virtual smart card driver is also provided and is communicably coupled to a virtual smart card secure hardware server. The virtual smart card driver communicates with an authentication client to authenticate a user, and access the user's private key stored in the secure key store when the user's physical smart card is unavailable. Continued access is provided when the user has been authenticated.Type: GrantFiled: May 27, 2011Date of Patent: June 9, 2015Assignee: Identive Group, Inc.Inventors: Jason Dean Hart, Matthew Patrick Herscovitch
-
Patent number: 9047489Abstract: Data may be masked on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage that are processed by an internet browser. The system may intercept data, such as text, images, and video input at the data input fields, prior to the data being posted online. The publishing node may control which users are permitted access to the posted data by defining a policy associated with the data input field. The posted data may be transformed or tokenized to ensure that it is inaccessible to a user (or group of users) unless that user/group has access to the decoding key under the policy. In this way, data security and data control may be provided to a publishing user node. Data that has already been posted may be destroyed, for example, by deleting the decryption key or a token.Type: GrantFiled: November 14, 2011Date of Patent: June 2, 2015Assignee: Wave Systems Corp.Inventors: Steven Sprague, Michael Sprague
-
Patent number: 9042549Abstract: Disclosed is a method for address privacy protection for a first wireless device sharing a privacy key with a second wireless device. In the method, a first resolution tag is generated at the first wireless device using a pseudo-random function with the seed value and the privacy key as input arguments. The privacy key is only known to the first and second wireless devices. A privacy address is generated for the first wireless device based on the seed value and the first resolution tag. A packet is transmitted from the first wireless device to the second wireless device. The packet includes the privacy address and the first resolution tag.Type: GrantFiled: March 30, 2009Date of Patent: May 26, 2015Assignee: Qualcomm IncorporatedInventors: Lu Xiao, Yong Jin Kim, Zhanfeng Jia, David Jonathan Julian
-
Patent number: 9043599Abstract: A method and authentication server provide a mobile key. According to the method, upon receipt of an authentication message (access authentication) that is transmitted when a subscriber logs on to the network, the authentication server extracts a subscriber identification contained in said message and generates a corresponding mobile key, which is stored together with the respective extracted subscriber identification. Upon subsequent receipt of a key request message (key request) that is transmitted when a subscriber registers, the authentication server extracts a mobile identification of the subscriber contained in said message and searches for an identical mobile identification, which can be derived in accordance with a configurable derivation function from a subscriber identification that is stored in the authentication server.Type: GrantFiled: October 31, 2006Date of Patent: May 26, 2015Assignee: SIEMENS AKTIENGESELLSCHAFTInventors: Rainer Falk, Christian Günther, Dirk Kröselberg
-
Patent number: 9043059Abstract: There is provided a battery module including: a power storage unit storing power; a first authentication unit carrying out first authentication via a first authentication route; a second authentication unit carrying out second authentication via a second authentication route; and a discharging control unit controlling discharging from the power storage unit to an external appliance, wherein the first authentication unit is operable, when the first authentication has succeeded, to share key information to be used in the second authentication with an authentication party for the second authentication, the second authentication unit carries out the second authentication using the key information shared with the authentication party, and the discharging control unit is operable, when the second authentication has succeeded, to permit discharging from the power storage unit.Type: GrantFiled: April 22, 2011Date of Patent: May 26, 2015Assignee: SONY CORPORATIONInventors: Yoshihito Ishibashi, Shigeru Tajima, Daisuke Yamazaki, Masahiro Suzuki
-
Patent number: 9043400Abstract: As a user of a social networking system views a page that includes information provided by the system, certain types of social interactions are monitored. If an interaction monitored for is detected, at least one recommendation unit is identified to present to user on the page. The recommendation unit is identified based on a description of the interaction. The recommendation unit suggests that the user perform a social interaction in the social networking system. The recommendation unit is transmitted to a device of the user and is presented to the user on the page without having to reload the entire page.Type: GrantFiled: December 16, 2013Date of Patent: May 26, 2015Assignee: Facebook, Inc.Inventors: Yigal Dan Rubinstein, Srinivas P. Narayanan, Kent Schoen, Yanxin Shi, David Dawei Ye, Andrey Goder, Levy Klots, Robert Jin, Alexey Spiridonov
-
Patent number: 9043603Abstract: Digital rights management (DRM) can be effectively implemented through use of an anchor point and binding records within a user's anchor point domain. Assigning security levels to various components within an anchor point based DRM system and evaluating them against a security criterion provides additional protection against authorized access of the digital content. The content provider may specify the security criterion (e.g., a security level threshold), and the ability to use the digital content is denied or granted based on the ability of components to satisfy this criterion. For example, the ability to use a digital property instance is granted to a content handler that satisfies the security criterion and denied to a content handle that does not satisfy the security criterion.Type: GrantFiled: January 27, 2009Date of Patent: May 26, 2015Assignee: Seagate Technology LLCInventor: Paul Marvin Sweazey
-
Patent number: 9043900Abstract: A display device is disclosed. The display device comprising: a display unit; a sensor unit; a storage unit; and a processor configured to: provide feedback for indicating a security on state of selected first information when selection input for selecting the first information in the security on state is detected, when a security off input for clearing security is detected in response to the feedback, obtain the fingerprint using the display unit, and convert the first information in the security on state into a security off state when the obtained fingerprint is matched with a pre-stored fingerprint, when a security maintenance input for maintaining security is detected in response to the feedback, maintain the security on state of the first information.Type: GrantFiled: March 24, 2014Date of Patent: May 26, 2015Assignee: LG Electronics Inc.Inventors: Jihwan Kim, Jongho Kim, Doyoung Lee, Yongsin Kim
-
Patent number: 9043610Abstract: A system comprises a basic-input-output-system (“BIOS”), a disk drive, and a security system configured to prevent unauthenticated access to the disk drive. For each of at least two users out of a plurality of users, the BIOS authenticates the user based on the user's token. The BIOS also accesses secured data based on the authentication, and provides the secured data to the security system without input from the user.Type: GrantFiled: July 7, 2008Date of Patent: May 26, 2015Assignee: Hewlett-Packard Development Company, L.P.Inventors: Lan Wang, Valiuddin Y. Ali, Manuel Novoa, Jennifer E. Rios
-
Patent number: 9043604Abstract: Keying materials used for providing security in a platform are securely provisioned both online and offline to devices in a remote platform. The secure provisioning of the keying materials is based on a revision of firmware installed in the platform.Type: GrantFiled: September 5, 2013Date of Patent: May 26, 2015Assignee: Intel CorporationInventors: Ernest F. Brickell, Shay Gueron, Jiangtao Li, Carlos V. Rozas, Daniel Nemiroff, Vincent R. Scarlata, Uday R. Savagaonkar, Simon P. Johnson
-
Patent number: 9043210Abstract: A biometric voice command and control switching device has a microphone assembly for receiving a currently spoken challenge utterance and a reference utterance, and a voice processing circuit for creating electronic signals indicative thereof. The device further includes a memory for storing the electronic signals, and a processor for comparing the electronic signals to determine if there is a match. If there is a match, an interface circuit enables the operable control of the controlled device.Type: GrantFiled: October 2, 2012Date of Patent: May 26, 2015Assignee: Voice Security Systems, Inc.Inventors: Sherrie Adcock, Kent Robinson, Brad Clements, Mark Keith Brockelsby, William Keith Brockelsby
-
Publication number: 20150143129Abstract: A “Secure Mobile Identity System” that enables the creation of secure digital credentials on mobile devices, prevents identity theft, prevents fraudulent financial transactions, protects privacy, enables a simplified federation process and provides a consumer friendly “One Click Sign On”™ process. Also, the user's credentials are secure if his/her mobile device is lost or stolen.Type: ApplicationFiled: November 15, 2013Publication date: May 21, 2015Inventor: Michael Thomas Duffy
-
Patent number: 9038139Abstract: In a Reverse Turing Test an applicant seeking access to a computer process is presented with an image containing human-readable data that is intended to be inaccessible to an automated process or bot. In an improved Reverse Turing Test the applicant is presented with multiple sub-images that have to be rearranged in order to yield the overall image. This does not substantially increase a human applicant's difficulty in dealing with the test, but makes it much more difficult for a bot to interpret the image.Type: GrantFiled: October 5, 2012Date of Patent: May 19, 2015Inventor: Michael J. Vandemar
-
Patent number: 9038167Abstract: This invention is directed to an electronic device with an embedded authentication system for restricting access to device resources. The authentication system may include one or more sensors operative to detect biometric information of a user. The sensors may be positioned in the device such that the sensors may detect appropriate biometric information as the user operates the device, without requiring the user to perform a step for providing the biometric information (e.g., embedding a fingerprint sensor in an input mechanism instead of providing a fingerprint sensor in a separate part of the device housing). In some embodiments, the authentication system may be operative to detect a visual or temporal pattern of inputs to authenticate a user. In response to authenticating, a user may access restricted files, applications (e.g., applications purchased by the user), or settings (e.g., application settings such as contacts or saved game profile).Type: GrantFiled: December 27, 2013Date of Patent: May 19, 2015Assignee: Apple Inc.Inventors: Anthony Fadell, Andrew Hodge, Stephan Schell, Ruben Caballero, Jesse Lee Dorogusker, Stephen Zadesky, Emery Sanford
-
Patent number: 9038164Abstract: An electronic device includes: display controller; user presence determination module; user authentication module; and controller. The user presence determination module determines presence of a user based on image data received from the camera while dominating access to a camera. The user authentication module dominates access to the camera, if the display is put in a screen lock state and to perform a user authentication based on the image data. The controller turns off the display if the user present determination module determines that the user is absent and while the display has not been put in the screen lock state, and to cause the user presence determination module to release the access to the camera and to put the display in the screen lock state before turning on the display if it is determined after the display is turned off that the user is present.Type: GrantFiled: November 19, 2012Date of Patent: May 19, 2015Assignee: Kabushiki Kaisha ToshibaInventors: Tsukasa Nunami, Hideaki Andou, Yuuji Irimoto, Ryuhei Yokota
-
Patent number: 9038168Abstract: Described is a technology by which access to a resource is determined by evaluating a resource label of the resource against a user claim of an access request, according to policy decoupled from the resource. The resource may be a file, and the resource label may be obtained by classifying the file into classification properties, such that a change to the file may change its resource label, thereby changing which users have access to the file. The resource label-based access evaluation may be logically combined with a conventional ACL-based access evaluation to determine whether to grant or deny access to the resource.Type: GrantFiled: November 20, 2009Date of Patent: May 19, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Nir Ben-Zvi, Raja Pazhanivel Perumal, Anders Samuelsson, Jeffrey B. Hamblin, Ran Kalach, Ziquan Li, Matthias H. Wollnik, Clyde Law, Paul Adrian Oltean
-
Patent number: 9038191Abstract: Methods and apparatus are provided for providing a DRM service by a user terminal apparatus consuming DRM content in a service environment that provides the DRM content using a plurality of incompatible DRM systems. A license corresponding to the DRM content is acquired from a service providing apparatus that provides the DRM content. It is determined whether the license is a common license having a common DRM interface format. The common DRM interface format of the common license is converted to a format of a first DRM system installed in the user terminal apparatus, when the license is the common license. The license having the format of the first DRM system is applied in reproducing the DRM content. The common license is provided from the service providing apparatus to the user terminal apparatus through a common DRM interface when the service providing apparatus does not support the first DRM system.Type: GrantFiled: April 27, 2012Date of Patent: May 19, 2015Assignee: Samsung Electronics Co., LtdInventors: Sergey Nikolayevich Seleznev, Byung-Rae Lee, Bo-Gyeong Kang
-
Patent number: 9038195Abstract: Arrangements described herein relate to accessing a cloud based service. Responsive to a user of a first communication device initiating access to the cloud based service via the first communication device, a prompt for a valid password to be entered to access the cloud based service can be received by the first communication device. Responsive to the valid password required to access the cloud based service not being stored on the first communication device, the first communication device can automatically retrieve the valid password from a second communication device via a peer-to-peer ad hoc communication link between the first communication device and the second communication device. The valid password can be automatically provided, by the first communication device, to a login service for the cloud based service to obtain access by the first communication device to the cloud based service.Type: GrantFiled: March 15, 2013Date of Patent: May 19, 2015Assignee: Google Technology Holdings LLCInventors: Ansuman Satpathy, Haitang Wang
-
Patent number: 9037864Abstract: A system and method for generating user authentication challenges based at least in part on an account owner's social network activity information. A login request including an account owner's correct username and password as well as additional login information is received from a user. The login attempt is detected as a potentially fraudulent based on the additional login information from the user. The account owner's social network activity information is analyzed. An authentication challenge based at least in part on the account owner's social network activity information is generated and sent for display. The login request is allowed or denied based on the completion on the authentication challenge.Type: GrantFiled: September 21, 2011Date of Patent: May 19, 2015Assignee: Google Inc.Inventors: Jessica Staddon, Andrew M. Archer, Madhukar Narayan Thakur, Michael Christopher Hearn
-
Patent number: 9032496Abstract: Systems and methods that provide secure single sign-on are described herein. When a user provides credentials to a client device, the credentials may be intercepted and cached at a secure location, such as within a trusted environment. When a client process, such as a remote desktop program running on the client device, requests the credentials for single sign-on to a server providing remote desktop services, the credentials may be secured, such as within an opaque container that may be accessed only components running in trusted environments, and provided to the client process. The client process may be running in an untrusted environment, such as an operating system session. The client device may forward the secured credentials to a trusted environment in the server, effectuating single sign-on.Type: GrantFiled: February 28, 2012Date of Patent: May 12, 2015Assignee: Citrix Systems, Inc.Inventor: Virgiliu Mocanu
-
Patent number: 9032534Abstract: A system administrator of a wireless LAN 100 manipulates a personal computer PC1 to change a WEP key. The personal computer PC1 authenticates a memory card MC as genuine under management of the system administrator. In the case of the authenticated memory card MC, changed setting information, as well as a previous WEP key before the change of the setting information, is written into the memory card MC. The system administrator then inserts this memory card MC into a memory card slot of a printer PRT1. The printer PRT1 authenticates the memory card MC as genuine under management of the system administrator. In the case of the authenticated memory card MC, the setting information is updated. This arrangement effectively relieves the user's workload in setting wireless communication devices, while ensuring the sufficiently high security.Type: GrantFiled: December 21, 2004Date of Patent: May 12, 2015Assignee: Seiko Epson CorporationInventor: Katsuyuki Koga
-
Patent number: 9032493Abstract: A three-way trust relationship is established between a mobile device, Internet-connected vehicle system, and a cloud-based service. Access rights are granted to the mobile device from the vehicle system, such that the mobile device can securely connect to, and obtain status information and/or control the Internet-connected vehicle system, through the cloud-based service.Type: GrantFiled: March 31, 2011Date of Patent: May 12, 2015Assignee: Intel CorporationInventors: Victor B. Lortz, Anand P. Rangarajan, Somya Rathi, Vijay Sarathi Kesavan
-
Patent number: 9031536Abstract: The invention is directed to systems and methods for detecting the loss, theft or unauthorized use of a device and/or altering the functionality of the device in response. In one embodiment, a device monitors its use, its local environment, and/or its operating context to determine that the device is no longer within the control of an authorized user. The device may receive communications or generate an internal signal altering its functionality, such as instructing the device to enter a restricted use mode, a surveillance mode, to provide instructions to return the device and/or to prevent unauthorized use or unauthorized access to data. Additional embodiments also address methods and systems for gathering forensic data regarding an unauthorized user to assist in locating the unauthorized user and/or the device.Type: GrantFiled: April 2, 2008Date of Patent: May 12, 2015Assignee: Yougetitback LimitedInventors: William Fitzgerald, Peter Bermingham, Frank Hannigan, Paul Prendergast
-
Patent number: 9032508Abstract: A pattern password trajectory configuration system used in an electronic device with a graphics input interface and a method using the same are provided. The disclosed pattern password trajectory configuration system includes a central processing module, a pattern defining module electronically connected the central processing module for defining the graphics input interface into a central block and multiple blocks neighboring the central block and assigning different data codes to the different blocks neighboring the central block, a sliding direction defining module electronically connected to the central processing module for assigning different prime numbers to define different sliding directions moving along the blocks neighboring the central block, and a touch sequence defining module electronically connected to the central processing module for counting and recording touch sequences of sliding among the blocks neighboring the central block.Type: GrantFiled: June 12, 2013Date of Patent: May 12, 2015Assignee: Yankey Information Co., Ltd.Inventor: Chun-Yu Chu
-
Patent number: 9032215Abstract: Management of access control in wireless networks known as smart spaces includes a framework that presents non-expert users with a consistent and intuitive interaction mechanism to manage access to devices they own in the smart space without exposing to them the complexity of the underlying security infrastructure. Access control of devices in a network can include providing an interface between a user-level tool on a first device connected to a network and security components associated with the network, communicating a passlet between the user-level tool and the interface, verifying access permission at a second device on the network where access permissions are based on the passlet, and providing a response to the first device based on the verification of the access permission in the passlet. The passlet provides access permissions based on a particular user rather than a particular device.Type: GrantFiled: June 15, 2005Date of Patent: May 12, 2015Assignee: Nokia CorporationInventors: Dimitris Kalofonos, Saad Shakhshir
-
Patent number: 9027126Abstract: A cyber fraud phish baiting system for baiting a phishing website is disclosed. The cyber fraud phish baiting system is configured to store a plurality of URLs in a database and enter each of the URLs into a browser to view internet resources linked to the URLs. It is configured to scan the internet resources for information requests, obtain information responsive to the information requests from a database, enter responsive information into the information requests, and store the information requests and the responsive information entered into the information requests for each of the URLs. The internet resource may be a phishing website, and fake information is entered into the information requests.Type: GrantFiled: September 6, 2012Date of Patent: May 5, 2015Assignee: Bank of America CorporationInventor: Joshua Enoch Larkins
-
Patent number: 9027150Abstract: A system for integrating modules of computer code may include a sandbox validator for receiving a first module and verifying that the first module complies with one or more sandbox constraints. A computing device may execute the first module within a runtime environment. A module integrator may operate within the runtime environment for receiving a request from the first module to access a service provided by a second module and only allowing the first module to access the service when the first module is authorized to access the service according to a service authorization table. The sandbox validator may ensure the first module correctly identifies itself when requesting a service provide by another module and that the first module includes runtime policing functions for non-deterministic operations. A service authorizer may generate an authorization policy for the first module, which is sent to the computing device along with the first module.Type: GrantFiled: October 25, 2013Date of Patent: May 5, 2015Assignee: Guest Tek Interactive Entertainment Ltd.Inventor: Gary R. Court
-
Patent number: 9027119Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on what software applications a user is running on a data-processing system, and how those applications are being used (e.g., what functions are used, what data is input to or output by the application, how often and for how long applications are used, what input devices and output devices are used, etc.) Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity and/or the potential cost of malicious activity, as inferred from current and past application usage. In addition, the illustrative embodiment enables selection of an authentication challenge type that is less intrusive to a user based on current application usage.Type: GrantFiled: September 29, 2008Date of Patent: May 5, 2015Assignee: Avaya Inc.Inventors: Jon Louis Bentley, George William Erhart, Lawrence O'Gorman, Michael J. Sammon, David Joseph Skiba
-
Patent number: 9026805Abstract: Described herein are techniques for distributed key management (DKM) in cooperation with Trusted Platform Modules (TPMs). The use of TPMs strengthens the storage and processing security surrounding management of distributed keys. DKM-managed secret keys are not persistently stored in clear form. In effect, the TPMs of participating DKM nodes provide security for DKM keys, and a DKM key, once decrypted with a TPM, is available to be used from memory for ordinary cryptographic operations to encrypt and decrypt user data. TPM public keys can be used to determine the set of trusted nodes to which TPM-encrypted secret keys can be distributed.Type: GrantFiled: December 30, 2010Date of Patent: May 5, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Tolga Acar, Brian LaMacchia, Henry Jerez Morales, Lan Duy Nguyen, David Robinson, Talha Bin Tariq
-
Patent number: 9026806Abstract: A security device and a method provide a cryptographic key for a field device. The security device is connected to at least one tamper sensor which is associated with the field device and which, when a physical manipulation carried out on the field device is detected, a manipulation message is emitted. The cryptographic key is only provided to the field device by the security device if the security device does not receive a manipulation message from the tamper sensors associated with the field device.Type: GrantFiled: December 15, 2011Date of Patent: May 5, 2015Assignee: Siemens AktiengesellschaftInventors: Rainer Falk, Steffen Fries
-
Patent number: 9026798Abstract: Computer login may comprise any user-determined submission. A user may select among different devices for input, select the signal content, and as well select the types of signals used for a login signature. Account identification may be inferred by signature rather than explicitly stated. A plurality of discontiguous data blocks in a plurality of files may be employed for validation. The paths to data used in validation may be multifarious, regardless of the prospects for successful authorization.Type: GrantFiled: April 22, 2013Date of Patent: May 5, 2015Inventor: Gary Odom
-
Patent number: 9027084Abstract: The present invention provides methods and apparatuses that utilize a portable apparatus to securely operate a host electronic device. Typically, each portable apparatus includes a data storage unit which stores an operating system and other software. In one example, a portable apparatus can provide a virtual operating environment on top of a host's operating system for a host device. In another example, a portable apparatus containing its operating system can directly boot a host device with one or more hardware profiles. Furthermore, a device-dependent protection against software piracy, a user-dependent protection against sensitive data leaks, a controllable host operating environment to prevent unwanted information exposure, and a secure restoration procedure to prevent virus infection between the host device users may be incorporated. Moreover, an authorization signature may also be utilized to authorize a connected-state guest operation environment in the host device.Type: GrantFiled: July 10, 2012Date of Patent: May 5, 2015Inventor: Evan S. Huang
-
Patent number: 9027086Abstract: A method for connecting to a trust broker system is disclosed. The electronic device stores encrypted identifying information for a plurality of client systems authorized to interact with the server system, wherein the encrypted identifying information is changed per client system per session. The electronic device creates a plurality of virtual domains; each virtual domain representing a set of services and information distinct from the other virtual domains. The electronic device stores permissions associated with each respective client system in the plurality of client system. The electronic device receives a request from a first client system, including encrypted identifying information associated with the first client system, for information associated with a first virtual domain and then retrieves stored permissions of the first client system based on the encrypted identifying information.Type: GrantFiled: March 11, 2013Date of Patent: May 5, 2015Assignee: Vidder, Inc.Inventors: Junaid Islam, Brent Bilger, Ted Schroeder
-
Patent number: 9025769Abstract: A method for registering a Smartphone when accessing security authentication device and a method for access authentication of a registered Smartphone are provided. When a Smartphone based application searches for a device and attempts an access to the found device, the search and access for the device is limited according to a result of authentication using an activation code.Type: GrantFiled: August 3, 2011Date of Patent: May 5, 2015Assignee: Suprema Inc.Inventors: Yeon Gil Choi, Seong Jik Lee, Jae Won Lee
-
Patent number: 9021602Abstract: An apparatus and method for encoding and decoding additional information into a digital information in an integral manner. More particularly, the invention relates to a method and device for data protection.Type: GrantFiled: March 11, 2013Date of Patent: April 28, 2015Inventor: Scott A. Moskowitz
-
Patent number: 9021600Abstract: Disclosed herein is an improved (digital) supply chain (ISC) product. The disclosure covers a simple explanation of the improved supply chain as a service business model, a review of key digital cinema (D-Cinema) topics, a description of the Digital Cinema supply chain, and finally, a description of the improved supply chain product and process.Type: GrantFiled: January 6, 2014Date of Patent: April 28, 2015Assignee: Flix Innovations Ltd.Inventor: Kenneth Phelan
-
Patent number: 9015478Abstract: Preventing web crawler access includes receiving a request for a webpage that includes web content that is to be protected from a web crawler, encrypting the web content to be protected to generate encrypted content and responding to the request, including sending the encrypted content and a decryption instruction. The decryption instruction is configured to allow a web browser to decrypt the encrypted content.Type: GrantFiled: February 27, 2014Date of Patent: April 21, 2015Assignee: Alibaba Group Holding LimitedInventor: Ling He
-
Patent number: 9015491Abstract: A method and apparatus is provided for managing private data, such as a phone book, in a multifunction peripheral (MFP) used by multiple users. The method involves receiving user information and performing user authentication, and reading data stored in a user area allocated to the authenticated user in a storage unit divided into a number of user areas. Accordingly, when private data is managed in an MFP used by multiple users, by dividing a storage unit in which data is stored into a number of user areas, allocating the divided user areas to users, and allowing a user to access only a user area allocated to the user through an authentication process, the private data can be fully prevented from being accessed by other users, and it will be unlikely for a user to be confused because of other user data.Type: GrantFiled: July 27, 2006Date of Patent: April 21, 2015Assignee: Samsung Electronics Co., Ltd.Inventor: Eun-Young Jung