Using Record Or Token Patents (Class 713/185)
  • Patent number: 9432404
    Abstract: A rules evaluation engine that controls user's security access to enterprise resources that have policies created for them. This engine allows real time authorization process to be performed with dynamic enrichment of the rules if necessary. Logging, alarm and administrative processes for granting or denying access to the user are also realized. The access encompasses computer and physical access to information and enterprise spaces.
    Type: Grant
    Filed: August 30, 2013
    Date of Patent: August 30, 2016
    Assignee: Jericho Systems Corporation
    Inventor: Michael W. Roegner
  • Patent number: 9426227
    Abstract: Aspects herein describe brokering hosted resources in a virtual desktop infrastructure (VDI) using connection leases to reduce demand on connection brokers and to allow hosted services to be maintained even in the event of a broker outage. When a client device desires to connect to a hosted resource (e.g., a hosted desktop or a hosted application), the client device may present a lease token to the session host. The lease token is a self-sustaining package of data from which a session host can determine whether the requesting client device is authorized to access one or more resources hosted by that session host. The lease token may be cryptographically signed to ensure its contents have not been altered, and further that the lease token originated from a trusted source. Lease tokens may be stored independently from a connection broker, thereby still being usable if the connection broker goes offline.
    Type: Grant
    Filed: October 7, 2014
    Date of Patent: August 23, 2016
    Assignee: Citrix Systems, Inc.
    Inventor: Kenneth Malcolm Bell
  • Patent number: 9419956
    Abstract: Systems, methods, and computer program products are provided for authenticating and efficiently re-authenticating a user with a financial institution in order to gain access to account information using a web-enabled device. The web-enabled device stores user profiles associated with the user including authentication information provided by the user during primary authentication. The device retrieves the authentication information upon secondary authentication, that is, validation of the user's identity, which in some embodiments, includes local validation of a personal identification number (“PIN”) and/or a remote control passcode (“RCP”). As such, the web-enabled device re-authenticates the user without requiring authentication communication with a financial institution server, and thereafter, the user interacts with an application running on the web-enabled device to retrieve desired account information from the financial institution server.
    Type: Grant
    Filed: March 22, 2010
    Date of Patent: August 16, 2016
    Assignee: Bank of America Corporation
    Inventors: Shaun J. Abraham, Douglas Gerard Brown
  • Patent number: 9419968
    Abstract: Mobile push user authentication for native client based logon is described. In one method, an authentication server receives from a user interface at a native client a password for native-client based logon to a remote server. The method determines whether a portion of the password includes a one-time password (OTP). When the password includes an OTP, the method validates the remaining portion of the password as a first authentication factor, and validates the OTP as a second authentication factor. When the password does not include an OTP, the method sends a mobile push notification to a registered device, validates the password as the first authentication factor, receives a response to the mobile push notification, and validates the response to the mobile push notification as the second authentication factor. The native-client based logon is authorized when the first authentication factor and the second authentication factor are validated.
    Type: Grant
    Filed: July 31, 2014
    Date of Patent: August 16, 2016
    Assignee: Symantec Corporation
    Inventors: Mingliang Pei, Prashant Thakre
  • Patent number: 9393559
    Abstract: A method for operating the arrangement for a laboratory room confined by a floor, a ceiling and walls connecting the floor with the ceiling, including inducing an air flow from an air inlet through a platform to an air outlet in a substantially laminar fashion. The arrangement includes a main base suspended on the floor; a tool base arranged on the main base; a platform arranged around the tool base, wherein the platform is permeable for air, and the platform is suspended at the walls; the air inlet arranged below the platform; the air outlet arranged above the tool base; and air guides for directing an air flow upwards.
    Type: Grant
    Filed: June 7, 2012
    Date of Patent: July 19, 2016
    Inventors: Urs T. Duerig, Bernd W. Gotsmann, Emanuel Loertscher, Daniel Widmer
  • Patent number: 9391779
    Abstract: A computer implemented method, apparatus, and computer usable program code for accessing protected resources. Biometric data for a user is received from a biometric input device and an indication of an application requiring a password. Responsive to receiving the biometric data from the user, the user is authenticated using the biometric data and a profile. Responsive to the user being authenticated, the password is established with the application to allow access to the application, wherein the password is established without user input.
    Type: Grant
    Filed: July 28, 2008
    Date of Patent: July 12, 2016
    Assignee: International Business Machines Corporation
    Inventor: Courtney Seth Bair
  • Patent number: 9380014
    Abstract: A server device that includes a receiving unit, a browse page creation unit, a mail creation unit, and a mail transmission unit. The receiving unit receives an image transmitted from an electronic camera via a wireless network. The browse page creation unit creates a browse page for browsing the transmitted image from the electronic camera, the image having been received by the receiving unit. The mail creation unit creates a notification mail for introducing the browse page that has been created by the browse page creation unit to a person other than a user of the electronic camera. Furthermore, the mail transmission unit transmits the notification mail that has been created by the mail creation unit to a specified mail address.
    Type: Grant
    Filed: July 8, 2014
    Date of Patent: June 28, 2016
    Inventors: Hirotaka Maeda, Mio Nagisa, Motoyuki Kuboi, Gaku Ito, Takeshi Shinohara
  • Patent number: 9369440
    Abstract: Technologies are generally disclosed for methods and systems for securing data. An example method may include storing, by a processing device, the data in a memory. The data may be encrypted and accessible only with the use of a decryption key. The method may further include receiving, by the processing device, one or more permission requests to access the data and requesting, by the processing device, the decryption key. In response to receiving the decryption key, the method may include authenticating, by the processing device, the decryption key to verify one or more permissions, and allowing, by the processing device, access to the data in accordance with the one or more permissions.
    Type: Grant
    Filed: July 24, 2012
    Date of Patent: June 14, 2016
    Inventor: Mordehai Margalit
  • Patent number: 9361475
    Abstract: A security level for an attendant at a Self-Service Terminal (SST) is automatically resolved. An operation is automatically processed on behalf of the attendant based on the resolved security level and a condition associated with the SST.
    Type: Grant
    Filed: March 31, 2014
    Date of Patent: June 7, 2016
    Assignee: NCR Corporation
    Inventor: John Lyall
  • Patent number: 9356938
    Abstract: This invention relates to a method (100) for creating, on a device (200), an authorized domain (102) for sharing a (103) of a content item (104) between a first person (105) and a second person (106). The method (100) alleviates the hassle of having end-users managing authorized domains. If the first person is bound (107) to the right (103), and the device is bound (108) to the first person (105), the device (200) grants (110) the second person (106) the right (103) in response to the device (200) associating (109) to the second person (106).
    Type: Grant
    Filed: January 27, 2006
    Date of Patent: May 31, 2016
    Inventors: Johan Gerhard Herman Reuzel, Robert Paul Koster
  • Patent number: 9344423
    Abstract: Systems and methods for user identification and authentication are disclosed. In one embodiment, a method of authenticating a first party to a second party may include the following: (1) receiving, from one of an electronic device of a first party and an electronic device of a second party, a request to generate authenticating indicia; (2) using at least one of a plurality of computer processors, generating the authenticating indicia; (3) transmitting, over a network, the authenticating indicia to the electronic device of a first party and to the electronic device of the second party; (4) receiving, from an electronic device of the second party, an indication that the second party has confirmed that the first party is authentic; and (5) storing an identity of the first party, the second party, and the authenticating indicia in a database.
    Type: Grant
    Filed: January 5, 2015
    Date of Patent: May 17, 2016
    Assignee: JPMorgan Chase Bank, N.A.
    Inventors: Kelly W. Scott, Tina Sanders Pragoff, Ravi Acharya, Michael W. Andrews, Michael L. Traxler
  • Patent number: 9344436
    Abstract: Methods and apparatuses are described for proximity-based and user-based access control using wearable devices. A short-range frequency reader coupled to a target device detects a plurality of wearable devices in proximity to the reader, each wearable device comprising a short-range frequency antenna. The reader identifies, for each wearable device, a user wearing the wearable device. The reader determines, for each wearable device, a distance from the reader and an orientation in relation to the target device. The reader determines a level of access available to the target device based upon the identity of each user, the distance of each wearable device from the reader, the orientation of each wearable device in relation to the target device, and the distance of the wearable devices from each other in a three-dimensional space.
    Type: Grant
    Filed: November 3, 2015
    Date of Patent: May 17, 2016
    Assignee: FMR LLC
    Inventors: Xinxin Sheng, Hong Sun
  • Patent number: 9336256
    Abstract: An apparatus, computer-readable medium, and computer-implemented method for data tokenization are disclosed. The method includes receiving, at a database network router, a database access request directed to a tokenized database, the tokenized database containing one or more tokenized data values, applying one or more rules to the request, rewriting the request based on at least one of the one or more rules, such that data values being added to the database will be tokenized data values, and data values received from the database will be non-tokenized data values, and transmitting the rewritten request to the database.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: May 10, 2016
    Assignee: Informatica LLC
    Inventor: Eric Boukobza
  • Patent number: 9331991
    Abstract: Techniques are provided for improving security in a single-sign-on context by providing, to a user's client system, two linked authentication credentials in separate logical communication sessions and requiring that both credentials be presented to a host system. Only after presentation of both credentials is the user authenticated and permitted to access applications on the host system.
    Type: Grant
    Filed: October 7, 2009
    Date of Patent: May 3, 2016
    Assignee: Citrix Systems, Inc.
    Inventors: Yan Cheng, Zhihong Zhang
  • Patent number: 9323245
    Abstract: An automation control system is provided with an interface device configured to enable a user to monitor, control, or monitor and control processes of the automation control system. Upon power on or initialization of the interface device or when a previously logged in user is logged off, the interface device logs in a guest account associated with a user role having a defined set of access rights and provides access to monitor, control, or monitor and control the processes based upon the set of access rights.
    Type: Grant
    Filed: November 2, 2012
    Date of Patent: April 26, 2016
    Assignee: Rockwell Automation Technologies, Inc.
    Inventors: Michael A. Bush, Robert A. Brandt, Ronald E. Bliss, Michael B. Miller
  • Patent number: 9292987
    Abstract: The presented invention discloses an electronic web-based election system and method for fully encrypted secure remote voting, wherein the voting data is fully encrypted, including within-the-database encryption, until the end of voting time period. Further disclosed a computer encryption system, wherein the voting result encryption application is additionally installed, such a system being configured to obtain encrypted voting results data and send such a data as a ciphertext to the election central server for encrypted ciphertext storage in the database to prevent everybody, including database administrators, from viewing the data. Method for secure data encryption and public keys computation based on voter's secret PIN code is further presented.
    Type: Grant
    Filed: September 22, 2014
    Date of Patent: March 22, 2016
    Assignee: Makor Issues and Rights, Ltd.
    Inventor: David Myr
  • Patent number: 9275427
    Abstract: Implementations are provided herein relating to audiovisual matching. Audio and video channel data is merged to create a single multi-channel fingerprint used to match media content. Audio channel data is used to generate audio fingerprints. Video channel data is used to generate a video fingerprints. Multi-channel fingerprints can then be generated based on the audio channel fingerprints and video channel fingerprints. In this sense, entropy can be increased while the multi-channel fingerprint can be less resistant to noise.
    Type: Grant
    Filed: September 5, 2013
    Date of Patent: March 1, 2016
    Assignee: Google Inc.
    Inventor: Matthew Sharifi
  • Patent number: 9275228
    Abstract: Methods are detailed for online fraud prevention. In one approach state information of a first and a second device is monitored, both of which are associated with one user. During a multi-factor authentication procedure which utilizes at least one of the first and the second devices for authorizing a transaction by an Internet domain, a security server participates in a supplemental security procedure which is conditional on the monitored state information. In another approach the second device receives a message that is ostensibly related to multi-factor authorization by an Internet domain, and in response sends a query about state information of the first device. Based on the response to the query that indicates the state information, the second device performs a supplemental security procedure.
    Type: Grant
    Filed: February 20, 2014
    Date of Patent: March 1, 2016
    Assignee: F-Secure Corporation
    Inventors: Jarno Niemela, Veli-Jussi Kesti
  • Patent number: 9268904
    Abstract: A structured query language (SQL) relational database management system (SQL RDBMS) may integrate a biometric subsystem to process and manage biometric data separately from the demographic data stored in normalized SQL tables of the SQL RDBMS. The SQL RDBMS may be operatively connected to the biometric subsystem by means of SQL extensions. The SQL RDBMS may execute queries with demographic and/or biometric constraints, wherein the demographic data is retrieved directly from normalized SQL tables on the RDBMS, while the biometric data is retrieved in the form of scores or probabilities from the biometric subsystem. The SQL RDBMS may return a query result set containing demographic data associated with corresponding biometric data, allowing the authentication of biometric clients.
    Type: Grant
    Filed: October 2, 2013
    Date of Patent: February 23, 2016
    Assignee: ImageWare Systems, Inc.
    Inventor: David Harding
  • Patent number: 9270675
    Abstract: Access restriction is performed on access to a page on which information is posted from a terminal of a subject. It is determined whether positions of terminals used by the subject and a manager, who is associated with the subject in advance, accord with each other. A relaxation operation is received from the terminal of the manager, when it is determined that the positions accord with each other. The access restriction by a restriction unit is relaxed, when the relaxation operation is received. A characteristic word of the page accessed by the terminal of the subject for which the access restriction is relaxed is acquired. The acquired characteristic word is transmitted to the terminal of the manager to display the characteristic word. A recovery operation is received from the terminal of the manager. The access restriction performed by the restriction unit is recovered, when the recovery operation is received.
    Type: Grant
    Filed: August 9, 2013
    Date of Patent: February 23, 2016
    Inventor: Shinya Aoki
  • Patent number: 9246921
    Abstract: A secure external access method provides an external system with access to a device automation system implementing automatic control of one or more devices in an automation environment. The external access method enables external system access to devices only when the devices have been authorized for external access and the external system has the proper authentication credential. External access endpoints are dynamically defined by the web service automation applications and are unique to each installed instance of the web service automation application.
    Type: Grant
    Filed: January 20, 2014
    Date of Patent: January 26, 2016
    Assignee: SmartThings, Inc.
    Inventors: Scott David Vlaminck, Jesse Curtis O'Neill-Oine, Robert Max Florian, Jr., Jeffrey Hagins
  • Patent number: 9246906
    Abstract: A method, non-transitory computer readable medium, and network traffic management apparatus that receives an authentication request from a user of a client computing device, the request comprising credentials for the user. A connection is established with a selected one of a plurality of active directory servers using a stored Internet Protocol (IP) address for the selected active directory server. At least a portion of a fully qualified domain name of the selected active directory server is received in response to an anonymous lightweight directory access protocol (LDAP) query sent to the selected active directory server using the established connection. The user of the client computing device is authenticated using the at least a portion of the fully qualified domain name and the credentials.
    Type: Grant
    Filed: February 27, 2014
    Date of Patent: January 26, 2016
    Assignee: F5 Networks, Inc.
    Inventors: Dennis Zhou, Satoshi Asami, Roman Semenov
  • Patent number: 9239920
    Abstract: Techniques for improving security of an electronics device are disclosed. In one aspect of the present disclosure, security of a device may be improved by generating a working key based on a hardware secret key and at least one security parameter of the device, e.g., with a key derivation function. The security parameter(s) may be related to software to be authenticated on the device and/or other aspects of security for the wireless device. The security parameter(s) may indicate whether the software is authorized and/or at least one operating function authorized for the software. At least one security function may be performed for the device based on the working key. For example, the working key may be used to encrypt, sign, decrypt, or verify data for the device. The working key may be used directly or indirectly by the software for the at least one security function.
    Type: Grant
    Filed: April 23, 2013
    Date of Patent: January 19, 2016
    Assignee: QUALCOMM Incorporated
    Inventor: Asaf Ashkenazi
  • Patent number: 9235838
    Abstract: A flow control apparatus for controlling fluid flow in a petroleum reservoir. The flow control apparatus has a flow control mechanism, a controller operable to control the flow control mechanism to adjust fluid flow through the flow control mechanism, the controller comprising a processor operable to execute according to a control algorithm, and a non-volatile memory connected to the controller. The non-volatile memory includes instructions to cause the controller to execute an authentication mechanism operable to authenticate a control computer and to prevent operation of the controller until the authentication mechanism authenticates the control computer.
    Type: Grant
    Filed: June 7, 2007
    Date of Patent: January 12, 2016
    Assignee: Schlumberger Technology Corporation
    Inventors: Paul D. Gerardi, Valery Polyakov, Terizhandur S. Ramakrishnan, Bertrand du Castel
  • Patent number: 9237152
    Abstract: A method includes receiving data related to an individual, the data comprising a plurality of elements of personally-identifying information (PII). The method further includes building, via the plurality of elements of the PII, a compositional key for the individual. In addition, the method includes storing the compositional key and a biometric print for the individual as a biometric record in a biometric repository. The method also includes, via the compositional key, providing a plurality of federated entity (FE) computer systems with access to the biometric repository.
    Type: Grant
    Filed: June 14, 2014
    Date of Patent: January 12, 2016
    Inventor: Harold E. Gottschalk Jr.
  • Patent number: 9235697
    Abstract: Protecting the security of an entity by using passcodes is disclosed. A user's passcode device generates a passcode. In an embodiment, the passcode is generated in response to receipt of user information. The passcode is received by another system, which authenticates the passcode by at least generating a passcode from a passcode generator, and comparing the generated passcode with the received passcode. The passcode is temporary. At a later use a different passcode is generated from a different passcode generator. In these embodiments, there are asymmetric secrets stored on the passcode device and by the administrator. This adds more security so that if the backend servers are breached, the adversary cannot generate valid passcodes. In some embodiments, the passcode depends on the rounded time.
    Type: Grant
    Filed: March 5, 2013
    Date of Patent: January 12, 2016
    Assignee: Biogy, Inc.
    Inventor: Michael Stephen Fiske
  • Patent number: 9225527
    Abstract: A secure (e.g., protected) storage drive for use with an associated computer device is disclosed. The secure storage drive allows access only when properly authenticated to the computer device attempting to access the secure storage drive. Additionally, other levels of authentication may be required prior to allowing access. For example, access may only be allowed if both the computer device and a user authenticated to the computer device are recognized by the secure storage drive. If access to the secure storage drive is not permitted, then the secure storage drive may remain hidden and not accessible to the operating system of the computer device. Accordingly, if hidden, no command of the operating system of the computer device can access, alter, or erase data on the secure storage drive.
    Type: Grant
    Filed: December 31, 2014
    Date of Patent: December 29, 2015
    Assignee: Coban Technologies, Inc.
    Inventor: Hung C Chang
  • Patent number: 9213825
    Abstract: A login interface provided by a firmware setup utility is configured to display a two-dimensional barcode, such as a quick response (“QR”) code. The barcode is scanned by a mobile device configured to retrieve a timestamp encrypted within the barcode. The mobile device creates a passcode by re-encrypting the timestamp using a firmware setup password and a master key. The passcode is provided to the firmware setup utility, which retrieves the timestamp and compares it to a stored timestamp. If the timestamp values match, access to the firmware setup utility is permitted.
    Type: Grant
    Filed: February 21, 2014
    Date of Patent: December 15, 2015
    Assignee: American Megatrends, Inc.
    Inventors: William Gysin, Kai Yau
  • Patent number: 9213852
    Abstract: In a method for limiting access to a digital item, a count for the digital item is stored, wherein the count is a number of accesses permitted for the digital item. A password for accessing the digital item is received. A plurality of password hashes is generated by utilizing one-way hash functions based on the number of accesses of the count and the password to generate the plurality of password hashes based on the count. The plurality of password hashes is stored in a password hash file.
    Type: Grant
    Filed: March 7, 2013
    Date of Patent: December 15, 2015
    Assignee: VMware, Inc.
    Inventor: Uday Kurkure
  • Patent number: 9213827
    Abstract: Systems and methods may provide for detecting a browser request for web content. Additionally, interaction information associated with a plurality of sources may be determined in response to the browser request, and a risk profile may be generated based on the interaction. The risk profile may include at least a portion of the interaction information as well as recommended control actions to mitigate the identified risk. In one example, the risk profile is presented to a user associated with the browser request as well as to a security control module associated with the platform.
    Type: Grant
    Filed: September 27, 2012
    Date of Patent: December 15, 2015
    Assignee: Intel Corporation
    Inventors: Hong Li, Alan D. Ross, Rita H. Wouhaybi, Tobias M. Kohlenberg
  • Patent number: 9203820
    Abstract: In a networked environment, a client side application executed on a client device may transmit a request to an authorization service for access to a resource. The authorization service may authenticate the user of client device and/or the client device based on user credentials and/or a device identifier. In response to authenticating the user and/or the client device, the authorization service may send to the client side application a request for confirmation that the client device complies with a distribution rule associated with the resource, where the distribution rule requires a specific application or specific type of application to be installed, enabled and/or executing on the client device as a prerequisite to accessing the resource. If the client device complies with the distribution rule, the client side application accesses the resource. Accessing the resource may include receiving an authorization credential required for access to the resource.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: December 1, 2015
    Assignee: AirWatch LLC
    Inventor: Erich Stuntebeck
  • Patent number: 9189826
    Abstract: Implementations are provided herein relating to audiovisual matching. Audio and video channel data is merged to create a single multi-channel fingerprint used to match media content. Audio channel data is used to generate audio fingerprints. Video channel data is used to generate a video fingerprints. Multi-channel fingerprints can then be generated based on the audio channel fingerprints and video channel fingerprints. In this sense, entropy can be increased while the multi-channel fingerprint can be less resistant to noise.
    Type: Grant
    Filed: September 5, 2013
    Date of Patent: November 17, 2015
    Assignee: Google Inc.
    Inventor: Matthew Sharifi
  • Patent number: 9189788
    Abstract: A system and method of identity verification at a point-of-identification verification (POV) using biometric-based identity recognition and an identity verifying score based upon a presenter's initial identification presentment and their subsequent action in the system. The system also provides tracking and evaluates verifier activity within the system through biometric-based identity recognition and a performance score based upon their actions and the results of their actions within the system. System users register at least one biometric identifier and personal and/or business identity-verifying data. Users present a biometric sample obtained from their person and their system ID number to conduct identification transactions. This data is used to authenticate the user's identity to a percentage of reliability and allows a user with consistently positive ID verifications to establish a higher ID score, strengthening their credibility within the system.
    Type: Grant
    Filed: December 16, 2005
    Date of Patent: November 17, 2015
    Assignee: Open Invention Network, LLC
    Inventors: Timothy L. Robinson, Bradford R. Schildt, Tennille V. Goff, Daniel J. Corwin, Timothy Neil Watson
  • Patent number: 9189616
    Abstract: An authentication method between a server and a client is provided. The authentication method includes transmitting, to the client, an inquiry message including a first modified secret key generated based on a first secret key and a first blinding value, receiving, from the client, a response message including a response value generated based on the first blinding value, a second secret key, and an error value, calculating the error value from the response value, and determining whether authentication of the client has succeeded based on the error value.
    Type: Grant
    Filed: February 6, 2013
    Date of Patent: November 17, 2015
    Assignees: Samsung Electronics Co., Ltd., Korea University Research and Business Foundation
    Inventors: Bo-Gyeong Kang, Kyu-Young Choi, Hyo-Seung Kim, Ji-Eun Eom, Dong-Hoon Lee, Byeong-Rae Lee
  • Patent number: 9191382
    Abstract: Methods and apparatus for authenticating computing device users are disclosed. An example method includes, providing, on a display device of a computing device, a graphical user interface (GUI) including a user authentication display portion and receiving, from a remote authentication server, visual content and functional content corresponding with the user authentication display portion. The method further includes receiving, via the user authentication display portion, a set of user credentials and communicating the received user credentials to the remote user authentication server. The method still further includes receiving, from the remote user authentication server; an authorization message indicating whether or not authentication of the user credentials was successful. In the event authentication of the set of user credentials was successful, the user is granted access to the computing device.
    Type: Grant
    Filed: January 7, 2013
    Date of Patent: November 17, 2015
    Assignee: Google Inc.
    Inventors: Zelidrag Hornung, William A. Drewry, Sumit Gwalani, Christopher Masone
  • Patent number: 9183377
    Abstract: A possibly pre-infected system is inspected for the existence of tracked application-specific accounts. In a tracked application-specific account is found, the system is further audited to verify that only authorized processes are using the account and that the authorized account creation application is installed on the host computer system.
    Type: Grant
    Filed: June 18, 2008
    Date of Patent: November 10, 2015
    Assignee: Symantec Corporation
    Inventors: William E. Sobel, Brian Hernacki, Mark Kennedy
  • Patent number: 9178861
    Abstract: Systems and methods are described for off-site user access control to communications services via a site-based communications network. Embodiments operate in context of sites, each having one or more site-based networks in communication with external networks via one or more on-site routers. User devices are provided with controlled access to those external networks via wired or wireless connections between those user devices and the site based networks. In some embodiments, on-site routers maintain route maps that indicate which user devices are authorized. Standard routing functions are used so that traffic from authorized devices is routed normally, while traffic from unauthorized devices is automatically forwarded to an off-site (e.g., cloud-based) authentication system. As devices become remotely authenticated, the off-site authentication system can remotely update route maps of the on-site routers to add those devices.
    Type: Grant
    Filed: October 16, 2013
    Date of Patent: November 3, 2015
    Assignee: Guest Tek Interactive Entertainment Ltd.
    Inventors: David Andrew Hulse, Mark Howard Bryars
  • Patent number: 9171149
    Abstract: Methods and systems are disclosed for implementing a secure application execution environment using Derived User Accounts (SAE DUA) for Internet content. Content is received and a determination is made if the received content is trusted or untrusted content. The content is accessed in a protected derived user account (DUA) such as a SAE DUA if the content is untrusted otherwise the content is accessed in a regular DUA if the content is trusted.
    Type: Grant
    Filed: October 24, 2014
    Date of Patent: October 27, 2015
    Assignee: Google Inc.
    Inventor: Úlfar Erlingsson
  • Patent number: 9165156
    Abstract: A role-based access control (RBAC) modeling and auditing system is described that enables a user to access and/or create security roles that can be applied to users of a first software application. When a security role having a particular set of permissions has been accessed or created, the system can present a simulated user interface (UI) that indicates information that can be viewed and/or actions that can be performed by a user to whom the security role has been assigned when interacting with the first software application. The system may further provide “run as” functionality that enables a simulated UI to be generated for a particular user and that can display the security role(s) associated with the particular user. The system may be embodied in a second software application, such as a tool that is associated with the first software application.
    Type: Grant
    Filed: December 3, 2012
    Date of Patent: October 20, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jingcun Wang, Lin Tang, Yingchun Xuan
  • Patent number: 9166981
    Abstract: A full spectrum cyber identification determination process for accurately and reliably determining and reporting any identification determination from a full spectrum of possible cyber identification determinations.
    Type: Grant
    Filed: June 26, 2014
    Date of Patent: October 20, 2015
    Inventor: Jeffry David Aronson
  • Patent number: 9154306
    Abstract: Systems and methods are disclosed for privacy-preserving flexible user-selected anonymous and pseudonymous access at a relying party (RP), mediated by an identity provider (IdP). Anonymous access is unlinkable to any previous or future accesses of the user at the RP. Pseudonymous access allows the user to associate the access to a pseudonym previously registered at the RP. A pseudonym system is disclosed. The pseudonym system allows a large number of different and unlinkable pseudonyms to be generated using only a small number of secrets held by the user. The pseudonym system can generate tokens capable of including rich semantics in both a fixed format and a free format. The tokens can be used in obtaining from the IdP, confirmation of access privilege and/or of selective partial disclosure of user characteristics required for access at the RPs. The pseudonym system and associated protocols also support user-enabled linkability between pseudonyms.
    Type: Grant
    Filed: June 22, 2012
    Date of Patent: October 6, 2015
    Assignee: Google Inc.
    Inventors: Bennet Laurie, Marcel M. Moti Yung
  • Patent number: 9154472
    Abstract: One embodiment of the present invention provides a system that improves security during web-browsing. During operation, the system can receive a URL from a user. Next, the system can determine an IP address for the URL by querying a DNS server. The system can then determine a public-key associated with the URL. Next, the system can encrypt a string using the public-key to obtain an encrypted-string. The system can then send the encrypted-string to a remote-system which is associated with the IP address. Next, the system can receive a response from the remote-system. The system can then determine whether the DNS server has been compromised using the string and the response. If the system determines that the DNS server has been compromised, the system can alert the user, and in doing so, improve security during web-browsing.
    Type: Grant
    Filed: July 12, 2006
    Date of Patent: October 6, 2015
    Assignee: INTUIT INC.
    Inventor: Matt E. Hart
  • Patent number: 9154815
    Abstract: There is provided a method of securing multimedia data for streaming over a network comprising receiving the multimedia data from a server, transforming the multimedia data into secure multimedia data using a security key associated with the multimedia data, storing the security key associated with the multimedia data, streaming the secure multimedia data to the destination server. The method further comprises receiving decoding solution requests associated with the multimedia data from one or more multimedia players for playing the multimedia data and transmitting the security key associated with the multimedia data to each of the multimedia players.
    Type: Grant
    Filed: May 6, 2011
    Date of Patent: October 6, 2015
    Assignee: Disney Enterprises, Inc.
    Inventors: Jason E. Lewis, Ryan D. Christianson
  • Patent number: 9147047
    Abstract: A method, a system, and computer readable medium comprising instructions for image capture to enforce remote agent adherence. The method comprises a first computer receiving an authentication request. The method also comprises a client component executing on the first computer detecting the authentication request and the client component, based on detecting the authentication request, causing a digital image to be captured. The method also comprises the first computer transmitting the digital image to a second computer, the second computer analyzing the digital image, and the second computer authenticating the digital image based on the analysis.
    Type: Grant
    Filed: August 11, 2011
    Date of Patent: September 29, 2015
    Assignee: West Corporation
    Inventors: Eric A. Grun, April Lynn Peek, Chad Lynn Brockman, Trent Larson
  • Patent number: 9143320
    Abstract: An electronic key registration system includes a controller of a communication subject, an initial electronic key that communicates with the communication subject and has an initial encryption key generation code, an additional electronic key that communicates with the communication subject, and an information center including an additional encryption key. The initial electronic key holds an initial encryption key generated from the initial encryption key generation code and a logic. The controller holds the logic and identification information of the communication subject. The controller acquires the initial encryption key generation code from the initial electronic key, generates an initial encryption key from the initial encryption key generation code and the logic held by the controller, and stores the initial encryption key. The information center sends the additional encryption key to the additional electronic key or the controller through a network.
    Type: Grant
    Filed: May 1, 2013
    Date of Patent: September 22, 2015
    Inventors: Daisuke Kawamura, Hiroaki Iwashita, Masaki Hayashi, Toshihiro Nagae, Hisashi Kato, Tetsuya Egawa
  • Patent number: 9137658
    Abstract: An offline immobilizer ECU reads an encryption key generation code from an offline additional electronic key and generates an electronic key encryption key for the offline additional electronic key using the encryption key generation code and a communication subject key encryption key held by the immobilizer ECU. The immobilizer ECU stores, in a memory, the generated electronic key encryption key and a key ID code that is read from the offline additional electronic key.
    Type: Grant
    Filed: May 28, 2013
    Date of Patent: September 15, 2015
    Inventors: Daisuke Kawamura, Hiroaki Iwashita, Masaki Hayashi, Toshihiro Nagae, Hisashi Kato, Tetsuya Egawa
  • Patent number: 9135422
    Abstract: A system is provided and facilitates management of a device by a first entity and management of a third entity by a second entity, wherein by way of the system access rights permitting access otherwise prevented by the device are assignable by the first entity to the second entity, the access rights are able to be administrated by the second entity to the third entity, and the access is obtainable by the third entity using a combination of the access rights and personal identification information to affect the device.
    Type: Grant
    Filed: January 6, 2011
    Date of Patent: September 15, 2015
    Inventors: Adam Kuenzi, Teri Lynne Briskey, James Young, Jonah J. Harkema, David Casey Fale
  • Patent number: 9130915
    Abstract: A privacy preference editor enables a user to institute privacy preferences relative to user identity information on a card-based and category-based basis. An identity selector furnishes information cards representative of user identities. The editor allows the user to set a privacy preference for each information card. Any proposed disclosure of an information card invokes its corresponding privacy preference. In turn, an agent engine evaluates the invoked privacy preference against the privacy policy of a relying party seeking the card information. The editor also permits the user to create information categories, populate the categories with a group of relevant user identity attributes, and set a privacy preference to the category. In this way, a category-specific privacy preference can be invoked by using the attribute required by the security policy as an index to the appropriate categorized group where the required attribute resides.
    Type: Grant
    Filed: May 27, 2009
    Date of Patent: September 8, 2015
    Assignee: Open Invention Network, LLC
    Inventor: Gail-Joon Ahn
  • Patent number: 9124434
    Abstract: Various embodiments are disclosed that relate to security of a computer accessory device. For example, one non-limiting embodiment provides a host computing device configured to conduct an initial portion of a mutual authentication session with an accessory device, and send information regarding the host computing device and the accessory device to a remote pairing service via a computer network. The host computing device is further configured to, in response, receive a pairing certificate from the remote pairing service, the pairing certificate being encrypted via a private key of the remote pairing service, and complete the mutual authentication with the accessory device using the pairing certificate from the remote pairing service.
    Type: Grant
    Filed: February 1, 2013
    Date of Patent: September 1, 2015
    Inventors: Harish Krishnamurthy, Ming Zhu, Kurt Torben Nielsen, Matthew Morris
  • Patent number: 9117096
    Abstract: Security token for the authentication of access to a self-service terminal, comprising an interface for a connection to the self-service terminal, comprising authentication information, characterized by a second interface that allows a connection of a memory stick the contents of which are made available to the self-service terminal, wherein access to the memory stick is dependent on the authentication information.
    Type: Grant
    Filed: December 7, 2012
    Date of Patent: August 25, 2015
    Assignee: Wincor Nixdorf International GmbH
    Inventor: Volker Krummel