Policy Patents (Class 726/1)
  • Patent number: 10332133
    Abstract: Systems, computer-implemented methods, and media for providing a graph of assets by one or more computing devices include building an asset graph from a data set of assets, the asset graph including plural assets, at least one connection connecting each asset to one or more other asset in the graph, and metadata associated with each connection storing details relating to the connection; identifying an asset in the asset graph that corresponds to an asset in a third party social media platform's asset graph; requesting information relating to connections to the identified asset; receiving the requested information relating to connections to the identified asset; and building out the asset graph according to the received information.
    Type: Grant
    Filed: July 5, 2018
    Date of Patent: June 25, 2019
    Assignee: CBS INTERACTIVE INC.
    Inventors: Adam Goldband, Andrew Shirey, Adam Hiatt
  • Patent number: 10333930
    Abstract: A method for creating a secure connection between a remote client computing device and an enterprise asset platform includes a server receiving from a client computing device (CCD) a request being either a registration request or to access the asset platform, including a CCD unique identifier, determining if the CCD is previously blocked from accessing the asset platform, if so then terminating the method. If the request is a registration request, then generating a disambiguation query in accordance with predefined policy, receiving a response to the disambiguation inquiry from the CCD, verifying the contents of the disambiguation query response in relation to a predefined criteria. If the disambiguation query response does meet the predefined policy, associating the CCD to the predefined policy. A system configured to implement the method and a non-transitory computer-readable medium containing instructions for a processor to perform the method are also disclosed.
    Type: Grant
    Filed: November 14, 2016
    Date of Patent: June 25, 2019
    Assignee: GENERAL ELECTRIC COMPANY
    Inventors: Louis Francis Devaney, Stephen Anthony Salerno
  • Patent number: 10326890
    Abstract: A charging server stores records corresponding to each of multiple subscriber identifiers associated with respective mobile devices. At least one record contains a counter value corresponding to one of multiple counter identifiers. The charging server receives a request from a policy server via a network, containing one of the subscriber identifirs and a session identifier. Responsive to receiving the request, the charging server determines whether the request includes any counter identifiers. When the request does not include any counter identifiers, the charging server determines whether the record corresponding to the received subscriber identifier contains any counter values. When the record includes at least one counter value, the charging server establishes a communications session with the policy server and transmits the at least one counter value to the policy server. When the record does not include any counter values, the charging server establishes a communications session with the policy server.
    Type: Grant
    Filed: August 13, 2015
    Date of Patent: June 18, 2019
    Assignee: REDKNEE INC.
    Inventors: Michael Jung, Jens Schendel
  • Patent number: 10326765
    Abstract: According to one embodiment, a system comprises one or more processors coupled to a memory. The one or more processors when executing logic encoded in the memory provide a topology manager. The topology manager is configured to maintain a security topology of a plurality of hosts. The security topology associates one or more virtual hosts policies with a plurality of virtual hosts in a cloud computing deployment. The topology manager is also configured to request a query for one or more hosts that are candidates to be enforced. A portability manager is configured to receive a request to deploy an access control agent on the one or more candidate hosts, determine an optimal agent to be deployed from a list of available agents, and deploy the optimal agent on the one or more candidate hosts.
    Type: Grant
    Filed: November 8, 2016
    Date of Patent: June 18, 2019
    Assignee: CA, Inc.
    Inventors: Ethan Hadar, Nimrod Vax, Amir Jerbi, Michael Kletskin
  • Patent number: 10325114
    Abstract: A computing system includes: a control unit configured to: obtain an information release setting for a raw user information, the raw user information including an information attribute; determine an information format for the information attribute of the raw user information; determine a privacy notion based on the information release setting; generate perturbed user information from the information attribute based on the privacy notion, wherein the information format for the raw user information is preserved in the perturbed user information; and a communication unit, coupled to the control unit, configured to transmit the perturbed user information.
    Type: Grant
    Filed: October 23, 2015
    Date of Patent: June 18, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Yilin Shen, Hongxia Jin
  • Patent number: 10320991
    Abstract: A policy and charging enforcement function (PCEF) apparatus, an online charging apparatus, and an online charging method, where the online charging method includes receiving a policy and charging control (PCC) rule from a policy and charging rules function (PCRF), determining that a service data flow of a user equipment is a sponsor service data flow sponsored by a sponsor, determining, based on a rating group of the sponsor service data flow included in the PCC rule, whether the PCEF apparatus has a credit quota available to the sponsor service data flow when the sponsor service data flow uses online charging, and sending a credit control request including the rating group to the online charging apparatus when the PCEF apparatus does not have the credit quota available to the sponsor service data flow.
    Type: Grant
    Filed: November 10, 2017
    Date of Patent: June 11, 2019
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Xiaoqian Chai
  • Patent number: 10321470
    Abstract: Provided are a method and apparatus for transmitting control information in device-to-device (D2D) communication. A D2D communication method for a transmitting user equipment (Tx UE) may include: sending a channel sensing signal containing priority information of the Tx UE and data; checking whether a resource transfer request message containing priority information is received from a receiving user equipment (Rx UE); checking, when a resource transfer request message is received, whether the priority of the Tx UE is lower than the priority of the Rx UE; and terminating, when the priority of the Tx UE is lower than the priority of the Rx UE, transmission of the data. As the channel sensing signal required for D2D communication based on distributed resource allocation is used to convey priority information, it is possible to minimize overhead due to introduction of additional control channels and signals for acquiring radio resources.
    Type: Grant
    Filed: November 27, 2014
    Date of Patent: June 11, 2019
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Sangmin Ro, Yongjun Kwak, Hyoungju Ji
  • Patent number: 10320820
    Abstract: A cybersecurity engine can guide a forensic investigation of a security incident by estimating the utility of investigating events associated with the security incident, selecting a subset of such events based on the estimated utilities, and presenting data associated with the selected events to the investigator. A method for guiding a response to a security incident may include estimating, for each of a plurality of security events associated with the security incident, a utility of investigating the security event. The method may further include selecting a subset of the security events based, at least in part, on the estimated utilities of investigating the security events. The method may further include guiding the response to the security incident by presenting, to a user, data corresponding to the selected security events.
    Type: Grant
    Filed: March 24, 2017
    Date of Patent: June 11, 2019
    Assignee: Carbon Black, Inc.
    Inventors: Christopher Lord, Benjamin Johnson, Doran Smestad, Joshua Hartley
  • Patent number: 10311155
    Abstract: A system includes identification of a group of records of a plurality of records of a database table associated with a plurality of columns, each of the plurality of records including zero or one value for each column, determination of a plurality of rules, each rule associated with one or more of the plurality of columns and for determining a record from which to select values for the associated one or more columns, evaluation of each of the plurality of rules to determine, for each rule, a record of the group of records, and determination of a first record of the group of records based on the record determined for each rule.
    Type: Grant
    Filed: September 28, 2015
    Date of Patent: June 4, 2019
    Assignee: SAP SE
    Inventors: Ronald Dupey, Jeffrey Woody, Prasanthi Thatavarthy, Ryan Champlin, Chad Taylor
  • Patent number: 10313350
    Abstract: Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource.
    Type: Grant
    Filed: February 27, 2018
    Date of Patent: June 4, 2019
    Assignee: SONICWALL INC.
    Inventors: Chris Hopen, Gary Tomlinson, Parvez Anandam, Brian Young, Alan Flagg, Jude Michael Dylan O'Reilley
  • Patent number: 10313326
    Abstract: Systems and methods are disclosed for managing online advertising data secure sharing. One method includes receiving, at a server, a request for proprietary data from a data consumer, the request including a data consumer identifier; retrieving, from a database of proprietary data, proprietary data based on the request; determining, by the server, whether the retrieved proprietary data is at least one of: designated to be processed and designated to have privileges set; processing, by the server, the proprietary data when the server determines the proprietary data is designated to be processed; setting one or more privileges to the proprietary data using the certificate associated with the data consumer identifier when the server determines the proprietary data is designated to have privileges set; encrypting the proprietary data using the certificate associated with the data consumer identifier; and transmitting the encrypted proprietary data to the data consumer.
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: June 4, 2019
    Assignee: Oath (Americas) Inc.
    Inventors: Matthew M. Patton, Seth Mitchell Demsey
  • Patent number: 10303781
    Abstract: A system and method for deriving associations between assets is disclosed. The method includes determining a first fingerprint for a first asset, determining a second asset that matches at least a portion of the first asset based on the first fingerprint, determining whether the first asset and the second asset have a common owner, and responsive to determining that the first asset and the second asset have the common owner, creating an association between the first asset and the second asset.
    Type: Grant
    Filed: May 15, 2017
    Date of Patent: May 28, 2019
    Assignee: GOOGLE LLC
    Inventors: David E. Rosenstein, David G. King, Kevin RG Montler
  • Patent number: 10303664
    Abstract: Described are techniques for determining utilization. A plurality of indicator values for a plurality of utilization indicators for each system included in a set of one or more systems are received. Each of the plurality of indicator values represents a score for a different one of the plurality of utilization indicators. A system utilization score for each of the one or more systems is determined in accordance with the plurality of indicator values for each system. An overall utilization score of the set of systems is determined in accordance with the system utilization score for each of the one or more systems.
    Type: Grant
    Filed: August 24, 2017
    Date of Patent: May 28, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Brian R. Tetreault, Daniel K. O'Reilly, Benjamin Kelley, Tyler M. Graves
  • Patent number: 10298409
    Abstract: It is provided an apparatus, comprising condition determining means adapted to determine a currently valid condition; selecting means adapted to select a rule-condition pair for a policy controlled object of a user based on the currently valid condition and a received message comprising a first rule-condition pair and a second rule-condition pair for the user, and wherein each of the first and second rule-condition pairs comprises a respective policy rule and a corresponding condition when the respective policy rule is to be applied; rule setting means adapted to set the policy rule comprised in the selected rule-condition pair for the policy controlled object of the user; rule applying means adapted to apply the set policy rule to the policy controlled object of the user.
    Type: Grant
    Filed: April 5, 2013
    Date of Patent: May 21, 2019
    Assignee: NOKIA SOLUTIONS AND NETWORKS OY
    Inventor: Juha Antero Rasanen
  • Patent number: 10298604
    Abstract: In one embodiment, a system is described, the system including a network gateway in communication with a plurality of original equipment manufacturer (OEM) servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of OEM network appliances, wherein each one appliance of the plurality of OEM network appliances is associated with one of the plurality of OEM servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of OEM network appliances from one of the OEM servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.
    Type: Grant
    Filed: September 5, 2016
    Date of Patent: May 21, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Steve Epstein, Avi Fruchter, Moshe Kravchik, Yaron Sella, Itay Harush
  • Patent number: 10296745
    Abstract: A method and system of determining a vulnerability of software. Libraries are downloaded and stored in a database. For each library, a set of features are extracted and stored in a library index table of the database. For each library, it is determined whether it poses a security concern and flagged accordingly in the library index table. Applications are downloaded and stored in the database. For each application a set of features are extracted and stored in an application index table of the database. For each application, the set of features of the application of the application are compared to the set of features of each of the libraries in the library index table to identify which libraries in the library index table are associated with the application. For each application, a name of the application and names of the associated libraries are stored in a vulnerability reference table in the database.
    Type: Grant
    Filed: June 23, 2016
    Date of Patent: May 21, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Salman A. Baset, Philippe Suter, Omer Tripp
  • Patent number: 10298621
    Abstract: A method includes acts for establishing a subscription for an entity. The method includes receiving, at a cloud service provider, a request from an entity to establish a subscription. The request includes credentials for the entity that are not proper credentials for an organization associated with the entity that the entity should use to access services for the organization. The method further includes performing a corrective action based on detecting one or more factors to determine that the entity is associated with the organization. The method further includes providing services based on the corrective action.
    Type: Grant
    Filed: April 30, 2018
    Date of Patent: May 21, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ranganathan Srikanth, David James Armour, Ashvinkumar J. Sanghvi, Jeremy Winter, John David Ballard, Dwayne Richard Need, Srivatsan Parthasarathy
  • Patent number: 10291656
    Abstract: A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.
    Type: Grant
    Filed: September 11, 2017
    Date of Patent: May 14, 2019
    Assignee: CUPP Computing AS
    Inventor: Omar Nathaniel Ely
  • Patent number: 10291601
    Abstract: An electronic device according to various embodiments of the present disclosure may include a communication module configured to receive a message associated with a plurality of recipients, a memory configured to store one or more contacts; and a processor coupled to the communication module and the memory, the processor configured to identify at least one contact among the one or more contacts that corresponds to at least one recipient among the plurality of recipients, and store the identified at least one contact in a particular group. Other embodiments are possible and several of which are disclosed.
    Type: Grant
    Filed: July 26, 2016
    Date of Patent: May 14, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Ik-Seon Kang, Young-Sik Yoon
  • Patent number: 10291793
    Abstract: An image forming apparatus 176 capable of easy log-in to a desired cloud service includes a print engine communicable with a cloud server 170 for printing a print job received from cloud server 170, a reader/writer 174 capable of proximity communication with a portable terminal 172, and a log-in executing device receiving log-in information to cloud server 170 from portable terminal 172 through reader/writer 174, for executing the log-in process to cloud server 170 using the log-in information.
    Type: Grant
    Filed: May 23, 2017
    Date of Patent: May 14, 2019
    Assignee: SHARP KABUSHIKI KAISHA
    Inventor: Shinichi Kawano
  • Patent number: 10289980
    Abstract: This disclosure is directed to a procurement server for processing one or more requisition requests from various client devices. The procurement server determines whether there is an approver that can approve of the various requisition requests. The procurement server performs this determination by evaluating one or more requisition expressions, which include various expression attributes associated with corresponding condition operators. To expedite such processing, the procurement server builds an expression index corresponding to the various requisition expressions, where the expression index includes various nodes and associations between nodes. Each node represents a unique value assignable to the expression attributes of the various requisition expressions. When the nodes of the expression index are traversed, the last node in the traversal yields an approver that can approve the requisition request. The expression index requires less memory and time to evaluate than the various requisition expressions.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: May 14, 2019
    Assignee: Ariba, Inc.
    Inventor: Mohammed K.A. Aehthesham
  • Patent number: 10289161
    Abstract: A head-mounted display includes an interface capable of connecting thereto a cartridge of which a return condition is recorded, and a controller configured to determine whether, when the cartridge is connected to the interface, the return condition has been satisfied. When it is determined that the return condition has been satisfied, the controller is configured to execute notification for requesting a user to return the cartridge.
    Type: Grant
    Filed: March 27, 2017
    Date of Patent: May 14, 2019
    Assignee: KYOCERA CORPORATION
    Inventors: Jun Matsuzawa, Kouichirou Fujihara, Keisuke Okada, Tomohiro Degawa, Yoshiteru Kurosaki, Susumu Ozawa, Shingo Ito
  • Patent number: 10291518
    Abstract: A device may receive a packet associated with a flow and may identify a capacity indicator associated with a flow table. The capacity indicator may indicate an available storage capacity associated with the flow table. The flow table may be stored by another device and may include entries for one or more flows and one or more corresponding actions to be taken in association with the one or more flows. The device may determine a service indicator that indicates a priority associated with the flow and may compare the capacity indicator and the service indicator. The device may selectively provide a message to the other device based on comparing the capacity indicator and the service indicator. The message may include an instruction for the other device to store an entry, associated with the flow, in the flow table.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: May 14, 2019
    Assignee: Juniper Networks, Inc.
    Inventors: Qiang Shen, Si Yuan Tong, Jianhua Gu, Guangsong Huang
  • Patent number: 10284564
    Abstract: The disclosed computer-implemented method for dynamically validating remote requests within enterprise networks may include (1) receiving, on a target system within an enterprise network, a request to access a portion of the target system from a remote system within the enterprise network, (2) performing a validation operation to determine whether the remote system is trustworthy to access the portion of the target system by (A) querying an enterprise security system to authorize the request from the remote system and (B) receiving, from the enterprise security system in response to the query, a notification indicating whether the remote system is trustworthy to access the portion of the target system, and then (3) determining whether to grant the request based at least in part on the notification received from the enterprise security system as part of the validation operation. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: November 15, 2018
    Date of Patent: May 7, 2019
    Assignee: Symantec Corporation
    Inventors: Kevin Alejandro Roundy, Christopher Gates, Petrus Johannes Viljoen
  • Patent number: 10284576
    Abstract: Adware and viruses are examples of objects that may be embedded in a web page or linked to a web page. When such an object is detected to be associated with a web page loading on a browser, an analysis may be performed to determine a trust level for the object. The object is suppressed based on the trust level. A prompt is displayed to advise a user that the object has been suppressed, and to provide an opportunity to interactively accept or decline activation of an action for the object.
    Type: Grant
    Filed: November 25, 2015
    Date of Patent: May 7, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Aaron Sauve, Li-Hsin Huang, Tony Schreiner, Jeffrey Davis, Tom Pipinich, Jonathan Gass, J. Craig Hally
  • Patent number: 10284602
    Abstract: Described herein are embodiments for managing policies of a mobile device. In embodiments, a mobile device receives policy containers from a plurality of disparate management agents. Each policy container has one or more policies. Each policy corresponds to a particular category that governs various aspects of the device. The policies described herein may be device wide policies corresponding to various features on the device. The policies may also be data specific policies which dictate how data is stored on and transferred to and from the device. Once the policies are received, a determination is made as to which policy in each category is the most secure policy. The most secure policy for each category is merged to create a global policy that is applied to the mobile device.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: May 7, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Juan V. Esteve Balducci, Michael K. Higashi, David Paul Limont, John Allen Atwood, Burhan Ateeq, Patrick Tousignant
  • Patent number: 10278075
    Abstract: A method of controlling screen lock and a mobile terminal employing the same is provided. The mobile device includes a User Interface (UI) for setting a screen unlock mode using a wireless device other than the mobile terminal and stores IDentifier (ID) information of the wireless device designated by the UI corresponding to the screen unlock mode. The mobile terminal is capable of detecting a wireless device. After the ID information of the wireless device is stored, if the wireless device is detected by the mobile terminal and ID information of the detected wireless device is identical to the stored ID information, the mobile terminal controls not to display an unlock requesting screen when the display unit of the mobile terminal is turned on.
    Type: Grant
    Filed: December 8, 2016
    Date of Patent: April 30, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Ju-youn Lee, Sang-hyup Lee
  • Patent number: 10270859
    Abstract: The present disclosure provides systems and methods for generating a system-wide event report for electrical power delivery systems. A monitoring device within the power system may generate a key message upon the occurrence of a predetermined condition. A master IED within the power system may generate and/or transmit a system-wide key message to a plurality of monitoring IEDs within the power system. Digital process bus data, continuously recorded by a plurality of monitoring IEDs within the power system, may be saved locally by each monitoring IED within the power system and retrieved by a master IED within the power system. Alternatively, digital process bus data may be transmitted to a master IED and saved locally. A software and/or hardware module may be used to merge the local reports into a system-wide event report.
    Type: Grant
    Filed: October 17, 2016
    Date of Patent: April 23, 2019
    Assignee: Schweitzer Engineering Laboratories, Inc.
    Inventors: Qiaoyin Yang, Normann Fischer
  • Patent number: 10270783
    Abstract: Monitoring and controlling modules of a system includes obtaining, with a portable piece of equipment associated with an installation operator, an identifier that encodes a physical network address of a communicating module, and obtaining, with the portable piece of equipment, an installation geolocation information item. The physical network address and the installation geolocation are transmitted to a central server by the portable piece of equipment, and the central server verifies prior storage of said physical network address. If the physical network address cannot be verified, the server stores the physical network address in association with the identifier.
    Type: Grant
    Filed: July 27, 2016
    Date of Patent: April 23, 2019
    Assignee: SCHNEIDER ELECTRIC INDUSTRIES SAS
    Inventors: Roland Goutay, Philippe Canton, Yann Golaz
  • Patent number: 10270759
    Abstract: A system for a containerized application includes an interface and a processor. The interface is configured to receive an indication from a user to create a containerized application. The indication comprises a first user authentication information (e.g., an authentication token issued by an authentication server) and an application permission information. The processor is configured to determine whether the first user authentication information indicates that the user has permission to create a definition for the containerized application with the application permission information, and, if so, create the definition for the containerized application with the application permission information. The processor is configured to determine whether a second user authentication information indicates that the user has permission to execute the containerized application using the definition for the containerized application, and, if so, indicate to process a job using the containerized application.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: April 23, 2019
    Assignee: Mesosphere, Inc.
    Inventors: Adam Bordelon, Jan Philip Gehrcke, Albertus Strasheim
  • Patent number: 10268476
    Abstract: A system and method for fast restart of user apps on a user device. A host system hosts classes and resources of the user app, and a service app host application on the host system deploys an initial instance of the user app on the user device that includes additional instrumentation for enabling the user app to be quickly restarted on the user device with a set of changed classes and/or changed resources that comprise the latest version of the user app during development of the user app. This can significantly reduce the typically long turnaround time when developing and testing user apps as compared to current systems and methods. In a preferred embodiment, the system enables a fast restart of user apps running on Android user devices.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: April 23, 2019
    Assignee: ZeroTurnaround AS
    Inventors: Allan Raundahl Gregersen, Rein Raudjärv, Madis Pink
  • Patent number: 10265618
    Abstract: A device, a method, and a computer program for providing a game service. The device for providing a game service, changes the level of a reader by using a level change source, and includes a communication unit for receiving reader recognition information of the reader and/or level change source recognition information of the level change source, an account managing unit for changing the level of the reader on the basis of the reader recognition information and the level change source recognition information, and a database for saving information related to the reader.
    Type: Grant
    Filed: June 7, 2016
    Date of Patent: April 23, 2019
    Assignee: VISUALSHOWER CORP.
    Inventor: Hong Kwan Park
  • Patent number: 10270784
    Abstract: Systems, devices, software, and methods of the present invention enable users and owners/operators, such as employers, vendors, and other administrators to restrict the accessibility and use of applications residing on mobile and portable user devices, when those user devices are near or within a controlled area, such as non-residential and residential properties, and/or access a controlled network, either locally or remotely. The device management system may impose restrictions on one or more user devices that may include, for example, one or more of disabling applications, preventing applications from being enabled, deleting applications, limiting or preventing applications from being downloaded, and/or performing application inventories on the user device. When the user device is no longer in, on, and/or around their facilities and/or networks, the device management system may remove or impose the restrictions on the user device.
    Type: Grant
    Filed: March 20, 2018
    Date of Patent: April 23, 2019
    Assignee: CRUZEIRO ASSOCIATES, INC.
    Inventors: Eric Narges, Edward Bishop
  • Patent number: 10263947
    Abstract: An LDAP (Lightweight Directory Access Protocol) to SCIM (System for Cross-domain Identity Management) proxy service is provided. The LDAP to SCIM proxy service receives an LDAP request from an LDAP-based application running on an LDAP-based application server, translates the LDAP request to a SCIM request, and forwards the SCIM request to a SCIM server within the IDCS. The LDAP to SCIM proxy service then receives a SCIM response from the SCIM server within the IDCS, translates the SCIM response to an LDAP response, and forwards the LDAP response to the LDAP-based application.
    Type: Grant
    Filed: June 28, 2017
    Date of Patent: April 16, 2019
    Assignee: Oracle International Corporation
    Inventors: Kanika Vats, Loganathan Ramasamy, Anand Murugesan, Mohamad Raja Gani Mohamad Abdul
  • Patent number: 10262267
    Abstract: The present invention disclose a method for processing a policy, including: obtaining at least one user policy, where the user policy is used to instruct a service processing unit to perform service processing; reading information of an application knowledge base corresponding to each user policy and performing rule conversion on the read information, so that the description language of the information is consistent with the rule description language of the user policy; combining a condition element and an action element of each user policy with information corresponding to the condition element and the action element, and compiling each result obtained through combination; and sending each compilation result to a service processing unit corresponding to each compilation result. Correspondingly, the embodiments of the present invention further disclose a device for processing a policy. The embodiments of the present invention can reduce system overhead.
    Type: Grant
    Filed: December 10, 2013
    Date of Patent: April 16, 2019
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Mingzhen Xia
  • Patent number: 10261672
    Abstract: Users can switch between applications using contextual interface elements. These elements can include icons for applications determined to likely be accessed by the user for a current context. Information is gathered to determine the current context, then information such as patterns of historical usage are utilized to determine and rank the applications by likelihood of use. Different contexts can include different icons, and a given context can include different icons for different points in time or locations. A user can access a contextual interface element by performing a swipe motion, for example. The user can continue the motion to an area associated with an icon of interest, and perform an action such as a tap or release to cause the associated application to be launched. Such an approach enables a user to quickly and easily launch another application independent of the application currently active on the device.
    Type: Grant
    Filed: September 16, 2014
    Date of Patent: April 16, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Levon Dolbakian, Arnaud Marie Froment, Gy Stuart Fullmer, Sean Thomas Congden, Brett Nathan Lynnes, Nadim Awad, Kenneth Paul Kiraly
  • Patent number: 10255445
    Abstract: Some embodiments of the invention may enhance security, usability, and/or efficiency for entities by identifying destination servers on behalf of the entity. In an embodiment, the destination identification may be based on secure authentication of the destination server. The entity may be a business communication agent, or a business user, or an end user. An embodiment of the invention may enhance security by preventing sensitive data from being released to unintended destination(s) and/or ensuring sensitive data is released to intended destination(s). An embodiment of the invention may improve usability by removing the need for the entity to identify the server. An embodiment of the invention may improve usability by removing the need for an entity to remember and/or specifying sensitive data. An embodiment of the invention may improve efficiency by automating the tasks of identifying the destination servers and determining whether the destination server is allowed receipt of the sensitive data.
    Type: Grant
    Filed: November 2, 2007
    Date of Patent: April 9, 2019
    Inventor: Jeffrey E. Brinskelle
  • Patent number: 10257220
    Abstract: A method of carrying out a penetration testing campaign of a networked system by a penetration testing system comprising (A) a penetration testing software module installed on a remote computing device and (B) a reconnaissance agent software module (RASM) installed on at least some network nodes of the networked system. In embodiments, at least the following is performed at the remote computing device: a target network node of the networked system on which the RASM is installed is selected; based on the target network node, a potential vulnerability that may compromise the target network node is selected; internal data of the target network node is received; and a validation step is performed. The validation is (i) carried out in a manner which does not expose the target network node to a risk of being compromised and (ii) is based on the received internal data of the target network node.
    Type: Grant
    Filed: May 18, 2018
    Date of Patent: April 9, 2019
    Assignee: XM Cyber Ltd.
    Inventors: Boaz Gorodissky, Adi Ashkenazy, Ronen Segal
  • Patent number: 10257180
    Abstract: Methods and an apparatus are provided for securely authorizing access to remote resources. For example, a method is provided that includes receiving a request to determine whether a user device communicatively coupled to a resource server is authorized to access at least one resource hosted by the resource server and determining whether the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server based at least in part on whether the user device communicatively coupled to the resource server has been issued a management identifier. The method further includes providing a response indicating that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server in response to a determination that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server.
    Type: Grant
    Filed: September 19, 2017
    Date of Patent: April 9, 2019
    Assignee: AirWatch LLC
    Inventor: Jonathan Blake Brannon
  • Patent number: 10257548
    Abstract: Delivering, protecting, and playing content, including: executing a content-bound executable application in a trusted execution environment by a player device; performing an integrity check of the player device using the content-bound executable application; sending a request from the player device for update information to at least one of the license server and the content server using the content-bound executable application; receiving update information at the player device from the at least one of the license server and the content server; updating local environment of the player device using the content-bound executable application; and decrypting the content data by the content-bound executable application. Key words include content-bound and executable.
    Type: Grant
    Filed: July 2, 2014
    Date of Patent: April 9, 2019
    Assignees: SONY CORPORATION, SONY PICTURES ENTERTAINMENT INC.
    Inventors: Christopher Taylor, Spencer Stephens
  • Patent number: 10257188
    Abstract: Techniques to facilitate offline access control for an application associated with an industrial automation environment are disclosed herein. In at least one implementation, a a user login prompt for the application is displayed on a display system of a computing system, wherein the user login prompt provides an offline access option for a user to request offline access to the application for a period of time. User login credentials are received along with a selection of the offline access option, which are transferred for delivery to an authentication server, wherein the authentication server authorizes the user for the offline access to the application for the period of time based on the user login credentials. An authentication response is received from the authentication server, wherein the authentication response instructs the application to authorize the user to operate the application for the period of time without requiring authorization from the authentication server.
    Type: Grant
    Filed: September 1, 2017
    Date of Patent: April 9, 2019
    Assignee: Rockwell Automation Technologies, Inc.
    Inventors: Ashish Anand, Kyle Reissner
  • Patent number: 10254971
    Abstract: Certain embodiments of the present disclosure provide systems and associated methods for dynamically re-serializing virtual tape library cartridges. The system comprises a first server node including a first virtual tape library residing on a deduplication file system, in which a backup data file corresponding to a first cartridge is stored in a first container with a first base prefix. A second server node includes a second virtual tape library residing on a second deduplication file system, and is configured to receive and store a replica of the backup data file corresponding to a second cartridge in a second container such that the second cartridge includes the same first base prefix as the first cartridge. An activation code is assigned to the second container, and used to re-serialize the first base prefix to form a second base prefix such that the second cartridge is presented with the second base prefix.
    Type: Grant
    Filed: September 2, 2016
    Date of Patent: April 9, 2019
    Assignee: QUEST SOFTWARE INC.
    Inventors: Tarun K. Tripathy, Abhijit Dinkar, Vladimir Fonseca Alvarez
  • Patent number: 10257228
    Abstract: A system is configured for real time detection and prevention of segregation of duties violations in business-critical applications. The system includes a software application monitor, a Segregation of Duties (SoD) conflict detection engine, a processor and a memory. The software application monitor configured to monitor an action executed by a user in the software application in real-time. The SoD conflict detection engine receives an action notification from the software application monitor having an action and an associated user, and determines whether the action is associated with a conflict in a conflict rule database. The engine looks up the user and action and determines if the user has permission to execute the action and/or if the user has previously executed the action, and if so outputs a preventive alert indicating a segregation of duties violation.
    Type: Grant
    Filed: October 27, 2015
    Date of Patent: April 9, 2019
    Assignee: Onapsis, Inc.
    Inventors: Ezequiel David Gutesman, Juan Pablo Perez Etchegoyen, Pablo Müller, Julián Rapisardi
  • Patent number: 10250689
    Abstract: A method and system for securing a controlled area network (CAN) of a vehicle is disclosed, where the CAN has a number of electronic control units (ECUs) that control vehicular systems. An on-board diagnostic port of the vehicle is monitored for suspicious activity which does not fit within the baseline profile of the destination ECU. If suspicious activity is detected, countermeasures are taken to minimize harm, such as placing the vehicle in safe mode, reducing the functionality or disabling non-critical ECUs, resetting the targeted ECU, and notifying the driver and non-targeted ECUs.
    Type: Grant
    Filed: August 5, 2016
    Date of Patent: April 2, 2019
    Assignee: Robert Bosch GmbH
    Inventor: Robert Kaster
  • Patent number: 10248674
    Abstract: Embodiments of the present invention provide a method and an apparatus for data quality management and control. The method includes: receiving application information transmitted by a service sub-system; resolving datasheet operation trigger information to obtain datasheet flow information; receiving user information transmitted by the service sub-system and a target datasheet transmitted by the service sub-system; if a name of the target datasheet is different from a plurality of datasheet names corresponding to the service sub-system identifier, then instructing the service sub-system to store the target datasheet into a data center; if the datasheet operation information is updating a datasheet, instructing the data center to replace datasheet contents corresponding to the datasheet name with contents of the target datasheet.
    Type: Grant
    Filed: August 5, 2016
    Date of Patent: April 2, 2019
    Assignees: JIANGXI ELECTRIC POWER CORPORATION INFORMATION AND COMMUNICATIONS BRANCH OF STATE GRID, STATE GRID CORPORATION OF CHINA
    Inventors: Pingping Fu, Yong Ma, Hanyong Hao, Yanqing Chen, Xuelian Chen
  • Patent number: 10250602
    Abstract: Provided is a method for authenticating a user communicating with an enterprise via a network. The method includes receiving, via the network, authenticators for a user from a first user device associated with the user, and storing the received authenticators. A first authenticator from the stored authenticators is selected to be used for authenticating the user based on an authentication policy received from the enterprise. An authentication request is transmitted to a user device requesting the first authenticator and the user is authentication by by comparing the received authenticator with the stored first authenticator.
    Type: Grant
    Filed: August 28, 2018
    Date of Patent: April 2, 2019
    Assignee: Early Warning Services, LLC
    Inventors: Andrew Robert Rolfe, Alan Dundas, Gregory Slowiak
  • Patent number: 10250585
    Abstract: Disclosed are various embodiments for identity data migration from one organization to another. An authentication service operated by a first organization receives user login information from a client device. The authentication service identifies a second organization for which the authentication service authenticates users. The user login information is verified according to an identity data associated with the second organization. An authentication token is returned to the client device and used by the client device to access resources of a network site operated by the second organization.
    Type: Grant
    Filed: October 16, 2017
    Date of Patent: April 2, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Yogesh Vilas Golwalkar
  • Patent number: 10248782
    Abstract: A method and system includes: receiving an access request for a protected web application server by the requesting browser application; returning a web page embedded with code that initiates a browser testing session between the requesting web browser and a remote access control server; generating a browser identity inspector based on a selection of two or more predetermined browser identity tests; executing the browser identity inspector to collect runtime environment data of the requesting web browser based on an execution of the selected two or more predetermined browser identity tests at the requesting web browser; compiling the collected runtime environment data into a browser digital fingerprint of the requesting web browser; using the browser digital fingerprint to: identify a browser version and type of the requesting web browser; calculating a browser identity confidence score that indicates a likelihood or a probability that the identified browser version and type is accurate.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: April 2, 2019
    Assignee: Duo Security, Inc.
    Inventors: Mujtaba Hussain, Jon Oberheide, Jonathan Hurshman
  • Patent number: 10244077
    Abstract: In one example, an Enterprise Service Bus (ESB) Sequencer may receive a request token that includes a plurality of ESB requests. The request token may be parsed into a plurality of service frames. Verification confirms a) each of the plurality of ESB requests are valid and corresponding services available and b) sufficient computing resources are available to complete each of the plurality of ESB requests. For each of the service frames an ESB may be called using a requested input source and format provided in the request token for the service frame. The respective output source from the ESB is received and stored. The respective output source may be used as an input source for one or more other service frames. One or more service frame output sources as requested by the request token may be sent to a calling application.
    Type: Grant
    Filed: January 28, 2015
    Date of Patent: March 26, 2019
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Scott Lopez, Jeff Kalibjian
  • Patent number: 10242200
    Abstract: Apparatus and methods are disclosed herein for analyzing computer programs for potential security vulnerabilities. In one computer-implemented embodiment of the disclosed technology, a method includes analyzing a package for an application (e.g., a mobile device application package) by disassembling at least a portion of executable code associated with the application, searching for a pattern associated with a potentially vulnerably function or method, and, if the function or method is defined, then analyzing disassembled code for the function to determine whether a vulnerability is present. In some examples, a number of packages are stored in an application store database and scanned periodically to statically analyze the package for vulnerabilities.
    Type: Grant
    Filed: March 4, 2016
    Date of Patent: March 26, 2019
    Assignee: Tripwire, Inc.
    Inventor: Craig Young