Tickets (e.g., Kerberos Or Certificates, Etc.) Patents (Class 726/10)
  • Patent number: 10327114
    Abstract: A message sending method, a mobile broadband (MBB) device, and a host, where the method includes receiving, by an MBB device, authentication information sent by a host, requesting, by the MBB device, authentication from a notification server according to the authentication information, to establish a transmission path between the MBB device and the notification server, determining, by the MBB device, a message required to be transmitted to the host, and sending, by the MBB device, the message to the notification server using the transmission path such that the notification server sends the message to the host. The message can be actively pushed to the host when the message required to be transmitted to a host is determined such that signaling overheads can be significantly reduced, and power consumption can be reduced.
    Type: Grant
    Filed: June 12, 2015
    Date of Patent: June 18, 2019
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Dedong Yang, Zhen Zhong, Wei Chen
  • Patent number: 10320788
    Abstract: A method for transferring authorization information, a relay device, and a server are provided. The method includes: receiving, by a DHCPv6 relay device, authorization information delivered by an AAA server; and inserting an option into a DHCPv6 Relay-Forward message, encapsulating the authorization information in the option, and sending the option to a DHCPv6 server. By using the technical solutions of the present application, a DHCPv6 relay device sends authorization information delivered by an AAA server to a DHCPv6 server, so that the DHCPv6 server can provide a correct configuration for a DHCPv6 client according to the authorization information delivered by the AAA server.
    Type: Grant
    Filed: August 10, 2018
    Date of Patent: June 11, 2019
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Yuxu Ye, Min Zha
  • Patent number: 10313363
    Abstract: A system for proactive intrusion protection comprises a memory operable to store data identifying a plurality of compromising entities, comprising at least one of a device identifier or a contact identifier, and a processor communicatively coupled to the memory and operable to receive, from a remote application associated with a remote device and with the system, information regarding a destination of the outgoing communication. The processor is further operable to determine an entity associated with the destination of the outgoing communication and to determine that the entity associated with the destination matches at least one of the plurality of compromising entities based on comparing the data identifying the plurality of compromising entities and the entity associated with the destination of the outgoing communication. Furthermore, the processor is operable to send to the remote application, before the outgoing communication is sent, a signal configured to block the outgoing communication.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: June 4, 2019
    Assignee: Bank of America Corporation
    Inventors: Manu J. Kurian, David N. Hillis
  • Patent number: 10313287
    Abstract: Exemplary embodiments relate to techniques for introducing asynchronous messaging concepts into a synchronous messaging system. As a conversation is carried out, different topics may be identified and highlighted as separate threads within the conversation. A new thread may be identified based on a number of factors, including (for example) time between messages, questions raised in a communication, discussions of dates, the inclusion of links, and any mentions of specific names. Further embodiments relate to techniques for navigating in asynchronous message threads. For example, a synchronous message alias may be created that redirects a display to a location of an asynchronous message. An indication may be displayed to designate that the asynchronous message is displayed out-of-order.
    Type: Grant
    Filed: June 1, 2016
    Date of Patent: June 4, 2019
    Assignee: FACEBOOK, INC.
    Inventors: Eric Carl Ertmann, Charles Donald Deets, Jr., Daniel M Giuditta
  • Patent number: 10284366
    Abstract: In existing mobile implementations, there is a disconnect between the mobile device accessing the network and the applicative services inasmuch as the entity responsible for network access, such as the VPN Gateway, differs from the entity governing access to applications, such as email servers and SharePoint repositories. Therefore existing solutions typically employ two authentication methods. Of these, the first may be used to authenticate the mobile device to the VPN Gateway, while the second may be used to authenticate the mobile device towards the applications server. In order to facilitate strong authentication it is often desired to utilize a mechanism that uses or combines two different factors, e.g. “something you have” (such as but not limited to a smart card) and “something you know” (such as but not limited to a password). Most currently available mobile devices offer limited options to connect external devices to them, rendering most “Something you have” solutions irrelevant.
    Type: Grant
    Filed: September 27, 2012
    Date of Patent: May 7, 2019
    Assignee: ELTA SYSTEMS LTD.
    Inventor: Yonathan Striem-Amit
  • Patent number: 10275723
    Abstract: Policy enforcement via attestations is provided. A principal operates within an environment and assumes roles having certain access rights to resources and the principal takes actions while assuming those roles. The roles and actions are monitored and attestations are raised under the proper set of circumstances. The attestations trigger policy restrictions that are enforced against the principal. The policy restrictions circumscribe the access rights to the resources.
    Type: Grant
    Filed: December 13, 2006
    Date of Patent: April 30, 2019
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Duane Fredrick Buss, Stephen R. Carter
  • Patent number: 10270756
    Abstract: A service providing method, the method comprises transmitting, by a first information processing device, a certification token including a first role information on a service provided by the first information processing device to a terminal device when a certification is successful in response to a certification demand from the terminal device, receiving, by the first information processing device, the certification token and a first address information, that identifies a service providing device and indicates the first information processing device, from the terminal device, and transmitting, by the first information processing device, a first token including the first role information indicated by the certification token which is received and a second address information, that identifies the service providing device and indicates a second information processing device, to the second information processing device which is either one of the service providing device or a way device to the service providing dev
    Type: Grant
    Filed: August 23, 2016
    Date of Patent: April 23, 2019
    Assignee: FUJITSU LIMITED
    Inventors: Shouhei Mizuno, Akio Shimono, Mamoru Yoshimuta, Naoki Miyoshi
  • Patent number: 10237269
    Abstract: A method of operating an electronic device and an electronic device are provided. The method includes generating biometric information using at least one sensor of the electronic device, and storing the generated biometric information in a memory of the electronic device, generating access right information relating to the biometric information, determining whether an external electronic device is connected to the electronic device, and when the external electronic device is connected to the electronic device, transmitting the generated access right information to the external electronic device.
    Type: Grant
    Filed: October 15, 2015
    Date of Patent: March 19, 2019
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Su-Young Park, Su-Ha Yoon, Eui-Chang Jung
  • Patent number: 10230566
    Abstract: A system, medium and method for dynamically constructing a service principal name is disclosed. A client request from a user to access a service is received at a network traffic management device which identifies an internet protocol (IP) address of a selected backend server to provide the requested service to the client. The network traffic management device identifies a hostname of the selected backend server based at least on the identified IP address and dynamically generates a service principal name (SPN) of the selected backend server based on the determined host name. The network traffic management device obtains a service ticket from a domain controller server using at least the generated SPN of the selected backend server. The network traffic management device uses the obtained service ticket along with the client request to provide the user access to the selected backend server for the client request.
    Type: Grant
    Filed: December 31, 2012
    Date of Patent: March 12, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Amit Jain, Konstantin Martynenko, Jeff Costlow, David Holmes
  • Patent number: 10212149
    Abstract: In a method for enabling support for backwards compatibility in a User Domain, in one of a Rights Issuer (RI) and a Local Rights Manager (LRM), a Rights Object Encryption Key (REK) and encrypted REK are received from an entity that generated a User Domain Authorization for the one of the RI and the LRM and the REK is used to generate a User Domain Rights Object (RO) that includes the User Domain Authorization and the encrypted REK.
    Type: Grant
    Filed: July 25, 2016
    Date of Patent: February 19, 2019
    Assignee: GOOGLE TECHNOLOGY HOLDINGS LLC
    Inventor: David W. Kravitz
  • Patent number: 10193691
    Abstract: According to an embodiment, an information processing device includes a conversion unit, an encryption unit, and a transmission unit. The conversion unit converts a first encryption key to be used for generation of a master key to be shared with a server device by using a second conversion rule to generate a third encryption key to be a new master key. The second conversion rule is different from a first conversion rule used for generation of a second encryption key that is the master key currently used for encrypted communication with the server device. The encryption unit generates a ciphertext so that the server device derives the third encryption key on a basis of the second encryption key and the third encryption key. The transmission unit transmits the ciphertext to the server device.
    Type: Grant
    Filed: February 27, 2017
    Date of Patent: January 29, 2019
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Yuichi Komano, Takeshi Kawabata
  • Patent number: 10181978
    Abstract: Technology is described for sharing device capabilities between a plurality of Internet of Things (IoT) devices. A first IoT device within a localized network may identify a desired device capability that is capable of augmenting device capabilities of the first IoT device. The first IoT device may identify a second IoT device within the localized network that possesses the desired device capability. The first IoT device may identify the second IoT device using a registry of device capabilities stored in the localized network. The first IoT device may obtain access to the desired device capability of the second IoT device to augment the device capabilities of the first IoT device.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: January 15, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Marco Argenti
  • Patent number: 10171244
    Abstract: A method of increasing communication security may include receiving, at a first computer system, a first message including a first data portion and a second data portion, wherein the first data portion is associated with a security token, wherein the first data portion includes a first instance of a session key, and wherein the second data portion includes a second instance of the session key. The method may also include performing, at the first computer system, message validation associated with the first message. The method may further include generating, if the first message is valid, a second message including the first data portion. The method may also include communicating, if the first message is valid, the second message from the first computer system for delivery to a second computer system.
    Type: Grant
    Filed: December 4, 2017
    Date of Patent: January 1, 2019
    Assignee: Idaax Technologies Private Limited
    Inventor: Vishnu Sharma
  • Patent number: 10157295
    Abstract: A system and method for authenticating data files using a block chain network. An exemplary method includes identifying data files in electronic data storage, computing hash values for files, adding pairs of the hash values and computing hash values for each resulting pair, continuing this process to a root level of a hash tree, and sending the root hash to a blockchain network in which one or more nodes in the blockchain network adds the hash value as one or more blocks in a blockchain.
    Type: Grant
    Filed: October 6, 2017
    Date of Patent: December 18, 2018
    Assignee: Acronis International GmbH
    Inventors: Igor Barinov, Victor Lysenko, Serguei Beloussov, Mark Shmulevich, Stanislav Protasov
  • Patent number: 10146585
    Abstract: Ensuring the fair utilization of system resources using workload based, time-independent scheduling, including: receiving an I/O request associated with an entity; determining whether an amount of system resources required to service the I/O request is greater than an amount of available system resources in a storage system; responsive to determining that the amount of system resources required to service the I/O request is greater than the amount of available system resources in the storage system: queuing the I/O request in an entity-specific queue for the entity; detecting that additional system resources in the storage system have become available; and responsive to detecting that additional system resources in the storage system have become available, issuing an I/O request from an entity-specific queue for an entity that has a highest priority among entities with non-empty entity-specific queues.
    Type: Grant
    Filed: December 19, 2016
    Date of Patent: December 4, 2018
    Assignee: Pure Storage, Inc.
    Inventors: Yuval Frandzel, Kiron Vijayasankar
  • Patent number: 10135802
    Abstract: Some implementations may provide a machine-assisted method for determining a trustworthiness of a requested transaction, the method including: receiving, from a relying party, a request to determine a trustworthiness of a particular transaction request, the transaction request initially submitted by a user to access data managed by the relying party; based on the transaction request, summarizing the particular transaction request into transactional characteristics, the transactional characteristics devoid of source assets of the transaction, the source assets including credential information of the user, the credential information of the relying party, or information content of the requested transaction; generating first machine-readable data encoding transactional characteristics of the underlying transaction as requested, the transactional characteristics unique to the particular transaction request; submitting a first inquiry at a first engine to determine an access eligibility of the user submitting the t
    Type: Grant
    Filed: July 19, 2016
    Date of Patent: November 20, 2018
    Assignee: MorphoTrust USA, LLC
    Inventor: Stephen Miu
  • Patent number: 10104044
    Abstract: Techniques for coercing users to encrypt synchronized content stored at their personal computing devices. In some aspects, one or more computing devices receive, from a personal computing device, an indication of whether data stored in at least a portion of a storage device of the personal computing device is protected by disk encryption. In response to determining, based on the indication, that the portion of the storage device is not protected by encryption, synchronization data for synchronizing a copy of one or more synchronized content items stored in the portion of the storage device with another copy of the synchronized content items stored at one or more server computing devices is withheld from the personal computing device until disk encryption on the personal computing device is enabled so as to coerce the user to enable disk encryption on the personal computing device.
    Type: Grant
    Filed: May 8, 2017
    Date of Patent: October 16, 2018
    Assignee: Dropbox, Inc.
    Inventor: Sean Byrne
  • Patent number: 10091193
    Abstract: A one-time passcode authentication system includes an application server, an authentication server, and an access device, wherein the access includes an authentication engine configured to receive an authentication request from the authentication server and automatically, or in response to a single user input, initiate an access request to the application server, wherein the access request includes a token extracted from the authentication request, and the application server is configured to receive the access request, query the authentication server to authenticate the token, and enable access to an application if the token is authenticated.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: October 2, 2018
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Theunis J. Gerber, Edward Glassman
  • Patent number: 10078836
    Abstract: Systems and methods are provided for authorizing third-party access to a specific service from a service provider. In an example embodiment, a server system identifies a shared service from multiple services provided by the server system. The shared service is specified by an authorizing entity. The server system provides a credential associated with the shared service and the authorizing entity. The server system receives a request to access the shared service from a requesting entity that is separate from the authorizing entity. The server system verifies that the request includes the credential and that the credential is associated with the shared service and the authorizing entity. The server system provides access to the shared service to the requesting entity based on verifying that the request includes the credential. The requesting entity is restricted to accessing the shared service identified by the credential as authorized by the authorizing entity.
    Type: Grant
    Filed: April 19, 2016
    Date of Patent: September 18, 2018
    Assignee: Adobe Systems Incorporated
    Inventors: Isak Tenenboym, Marc Thomas Kaufman
  • Patent number: 10075424
    Abstract: Disclosed are various approaches for implementing an application authentication wrapper. An authentication request, such as a Kerberos request, is created for authenticating the computing device. The authentication request is encrypted to generate an encrypted authentication request. The encrypted authentication request is then forwarded to a reverse proxy server. An encrypted authentication response is received from the reverse proxy server. The encrypted authentication response, such as a Kerberos response, is then decrypted to generate a corresponding authentication response, which is then forwarded to the computing device that generated the authentication request.
    Type: Grant
    Filed: March 28, 2016
    Date of Patent: September 11, 2018
    Assignee: AIRWATCH LLC
    Inventors: Kar Fai Tse, Chen Lu, Erich Stuntebeck
  • Patent number: 10068102
    Abstract: Provided are techniques for generating a temporary data access token for a subset of data for a specific period of time for a non-registered user who did not register with a computer providing access to the subset of the data. In response to the non-registered user attempting to access the subset of data with the temporary data access token, it is determined whether the temporary data access token is valid for the subset of data based on the specified period of time. In response to the temporary data access token being valid, the subset of data is provided to the non-registered user. In response to the temporary data access token not being valid, access is denied to the subset of data by the non-registered user.
    Type: Grant
    Filed: June 5, 2012
    Date of Patent: September 4, 2018
    Assignee: International Business Machines Corporation
    Inventors: Al Chakra, Yongcheng Li, Yuping Connie Wu
  • Patent number: 10055609
    Abstract: A third party device is authorized to access data associated with a user account at a service provider, wherein the third party device and a user device are in data communication with the service provider, and are both NFC-enabled. The method comprises obtaining a request token generated by the service provider, transmitting the request token from the third party device to the user device via NFC, authorizing the request token at the user device, transmitting the authorized request token from the user device to the third party device via NFC, and obtaining an access token generated by the service provider, corresponding to the authorized request token, wherein the access token allows the third party device to access data associated with the user account at the service provider.
    Type: Grant
    Filed: March 26, 2015
    Date of Patent: August 21, 2018
    Assignee: NXP B.V.
    Inventor: Jan René Brands
  • Patent number: 10049167
    Abstract: A computer system includes a master controller that receives an HTTP request for a first URL. The URL indicates a first state of a first mobile application. A navigation controller navigates to the first state of the first mobile application within a device. A content scraper extracts content from the first state and identifies forward links to corresponding additional states of the first mobile application. The computer system includes an output formatter configured to package the content and the forward links into an HTTP response and transmit the HTTP response to a source of the first HTTP request. The HTTP response includes a forward URL for each additional state of the first mobile application reachable from the first state. For each additional state, the forward URL includes an indicator of the first mobile application and a path to reach the additional state within the first mobile application.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: August 14, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Omri Weisman, Manikandan Sankaranarasimhan, Benny Zilberstein, Yehuda Rajuan, Idan Elad, Ran Nozik, Kalyan Desineni, Eli Cohen
  • Patent number: 10044725
    Abstract: Systems and methods of verifying a user are provided. In particular, a request to engage in a verification process to gain access to an online resource can be received. The request can be provided by a first user device associated with a user. A validation request associated with a second user device associated with the user can be received. The validation request can include a device profile associated with the second user device. It can then be determined whether to validate the second user device based at least in part on the device profile. When it is determined to validate the second user device, the first user device can be granted access to the online resource.
    Type: Grant
    Filed: December 18, 2015
    Date of Patent: August 7, 2018
    Assignee: Google LLC
    Inventors: Aaron Malenfant, Haidong Shao, Jason Fedor, Jiexing Gu, Wei Liu, Hongshu Liao, Ying Liu
  • Patent number: 10038722
    Abstract: In an example, a method of managing access to resources managed by heterogeneous resource servers having different policy document formats in a cloud services environment includes obtaining, at an identity and access management (IAM) service, a policy document describing privileges of an end user with respect to accessing at least one resource of the resources managed by a resource server of the heterogeneous resource servers; sending the policy document from the IAM service to an resource server endpoint designated by the resource server for validation; storing, by the IAM service, the policy document in a datastore in response to a determination by the resource server endpoint that the policy document is valid; and generating, by the IAM service, an indication that the policy document is invalid in response to a determination by the resource server endpoint that the policy document is invalid.
    Type: Grant
    Filed: September 3, 2015
    Date of Patent: July 31, 2018
    Assignee: VMware, Inc.
    Inventors: Viswanathan Ramachandran, Jonathan Cook
  • Patent number: 10007776
    Abstract: A technique for distinguishing between a human user and a software robot. The technique includes: receiving a first communication from a device different from the at least one computer; identifying, from the first communication, a request to access a web resource; transmitting software code and location information to the device, wherein the location information specifies a plurality of locations encoding a visual representation of a challenge text, and wherein the software code, when executed by an Internet browser, causes a plurality of graphical elements to be displayed at the plurality of locations in a webpage so that the webpage displays the challenge text; receiving a second communication from the device; identifying, from the second communication, a response text; and providing the device with access to the web resource based on a comparison between the challenge text and the response text.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: June 26, 2018
    Assignee: Mastercard Technologies Canada ULC
    Inventors: Christopher Everett Bailey, Randy Lukashuk, Jonathan Cunningham
  • Patent number: 10009240
    Abstract: A method provides for associating reputation scores with policies, stacks and hosts within a network and upon receiving information about a newly provisioned entity (such as a host or a stack), recommending a policy scheme for the newly provisioned entity that will result in a particular reputation score of the reputation scores. The method further includes implementing the policy scheme for the newly provisioned entity.
    Type: Grant
    Filed: June 3, 2016
    Date of Patent: June 26, 2018
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Supreeth Hosur Nagesh Rao, Ashutosh Kulshreshtha, Omid Madani, Jackson Ngoc Ki Pang, Navindra Yadav
  • Patent number: 9996679
    Abstract: In some embodiments, a method includes sending an authentication request to a client device to obtain a utilization code in response to a request from the client device to access data. The utilization code is uniquely associated with the client device. The method includes obtaining an authentication response including the utilization code from the client device and authenticating the client device if the utilization code matches a utilization identifier stored in a database. The method includes generating an encryption key using a seed based at least in part on the utilization code and encrypting the data with the encryption key to generate encrypted data and sending, when the utilization code matches the utilization identifier stored in the database, the encrypted data to the client device without requiring a user of the client device to login.
    Type: Grant
    Filed: May 3, 2017
    Date of Patent: June 12, 2018
    Assignee: Pegasus Media Security, LLC
    Inventors: Paul Kline, David Weinstein, Allan Weinstein, Changsheng Yang
  • Patent number: 9992166
    Abstract: At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model includes a plurality of message model sections. A representation of the at least one of an HTTP request message and an HTTP response message is parsed into message sections in accordance with the message model sections of the HTTP message model. A plurality of security rules are bounds to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition, which is based, at least in part, on a corresponding given one of the message sections. The at least one of an HTTP request message and an HTTP response message is processed in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.
    Type: Grant
    Filed: December 5, 2015
    Date of Patent: June 5, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Peng Ji, Lin Luo, Vugranam C. Sreedhar, Shun Xiang Yang, Yu Zhang
  • Patent number: 9979712
    Abstract: Disclosed are various embodiments for synchronizing authentication sessions between applications. In one embodiment, a first authentication token is received from a first application in response to determining that the first application is authenticated with a service provider. A second authentication token is requested from a token exchange service associated with the service provider. The second authentication token is requested using the first authentication token. The second application is configured to use the second authentication token in order to access a resource of the service provider.
    Type: Grant
    Filed: August 4, 2015
    Date of Patent: May 22, 2018
    Assignee: Amazon Technologies, Inc.
    Inventor: Bharath Kumar Bhimanaik
  • Patent number: 9979730
    Abstract: The disclosure relates to technology for provisioning out-of-network user equipment with a network relay in a communications network. The network relay device receives an authentication key request message from user equipment including a user equipment identity and an authentication server identity, and communicates the authentication key request message to an authentication server having the authentication server identity. The network relay device communicates a relay authentication key response received from the authentication server to the user equipment such that a secure communication is established between the user equipment and the network. A relay authentication key is generated during establishment of the secure communication between the user equipment and authentication server, and a session with the user equipment is authenticated using a session key generated by the user equipment based on the relay authentication key.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: May 22, 2018
    Assignee: FUTUREWEI TECHNOLOGIES, INC.
    Inventors: Marcus Wong, Zhibi Wang
  • Patent number: 9980144
    Abstract: A wireless relay serves User Equipment (UE) with hardware-trusted wireless data communications over Institute of Electrical and Electronics Engineers (IEEE) 802.11 links and Long Term Evolution (LTE) links. The wireless relay maintains hardware-trusted wireless backhaul links to a data network. The wireless relay broadcasts an IEEE 802.11 Service Set Identifier (SSID) and a Long-Term Evolution (LTE) Network Identifier (NID). The UE wirelessly transfers a hardware-trusted attachment request using the 802.11 SSID or the LTE NID. The wireless relay validates hardware-trust of the UE, and in response, establishes a hardware-trusted attachment of the UE. The wireless relay exchanges user data with the UE using hardware-trusted circuitry. The wireless relay exchanges the user data over hardware-trusted wireless backhaul links.
    Type: Grant
    Filed: April 13, 2017
    Date of Patent: May 22, 2018
    Assignee: Sprint Communications Company L.P.
    Inventors: Lyle Walter Paczkowski, George Jason Schnellbacher
  • Patent number: 9973399
    Abstract: The present application provides an IPv6 address tracing method, apparatus, and system, where the method includes: receiving a to-be-traced target IPv6 address; selecting, in a longest match manner, IPv6 address information that matches the target IPv6 address, where the IPv6 address information includes an IPv6 address or IPv6 prefix information; and acquiring a user identifier corresponding to the IPv6 address information. The present application implements IPv6 address tracing.
    Type: Grant
    Filed: June 23, 2015
    Date of Patent: May 15, 2018
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Xi Yang, Yafeng Zhang, Shuxiang Wang
  • Patent number: 9973503
    Abstract: An internet-connected server comprising a first module for authorizing a user to access the server for: setting up, on the server, a given configuration for conducting a computer-executable experiment, wherein the given configuration comprises at least an executable instruction and a parameter or input data; executing, on the server, the computer-executable experiment with the given configuration so to produce a numerical result; certifying, on the server, the numerical result so to produce a certified result; and generating, on the server, a certification identifier of the certified result. The internet-connected server further comprises a second module for authorizing a reviewer for: providing the server with the certification identifier; and requesting and/or accessing, on the server, the certified numerical result on the basis of the provided certification identifier.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: May 15, 2018
    Assignee: Foundation of the IDIAP Research Institute (IDIAP)
    Inventors: Sebastien Marcel, Andre Anjos, Philip Abbet
  • Patent number: 9935765
    Abstract: The present disclosure presents methods, systems, and devices for encrypting and comparing genomic data. The comparison of genomic data allows the owner of the data to ensure security of the data even when the party conducting the comparison is beyond the control of the owner of the data. The encryption of the genomic data enables the transmission, storage, and use of the genomic data in a secure media.
    Type: Grant
    Filed: September 19, 2016
    Date of Patent: April 3, 2018
    Assignee: GENFORMATIC, LLC
    Inventors: Daniel Weaver, Justin MacCarthy, Stephen Ayers, Justin Reese
  • Patent number: 9935997
    Abstract: A computer system includes a master controller that receives an HTTP request for a first URL. The URL indicates a first state of a first mobile application. A navigation controller navigates to the first state of the first mobile application within a device. A content scraper extracts content from the first state and identifies forward links to corresponding additional states of the first mobile application. The computer system includes an output formatter configured to package the content and the forward links into an HTTP response and transmit the HTTP response to a source of the first HTTP request. The HTTP response includes a forward URL for each additional state of the first mobile application reachable from the first state. For each additional state, the forward URL includes an indicator of the first mobile application and a path to reach the additional state within the first mobile application.
    Type: Grant
    Filed: August 24, 2016
    Date of Patent: April 3, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Omri Weisman, Manikandan Sankaranarasimhan, Benny Zilberstein, Yehuda Rajuan, Idan Elad, Ran Nozik, Kalyan Desineni, Eli Cohen
  • Patent number: 9935936
    Abstract: A federated realm discovery system within a federation determines a “home” realm associated with a portion of the user's credentials before the user's secret information (such as a password) is passed to a non-home realm. A login user interface accepts a user identifier and, based on the user identifier, can use various methods to identify an account authority service within the federation that can authenticate the user. In one method, a realm list of the user device can be used to direct the login to the appropriate home realm of the user. In another method, an account authority service in a non-home realm can look up the user's home realm and provide realm information directing the user device to login at the home realm.
    Type: Grant
    Filed: June 27, 2017
    Date of Patent: April 3, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Wei-Qiang Guo, Lynn Ayres, Rui Chen, Sarah Faulkner, Yordan Rouskov
  • Patent number: 9916536
    Abstract: Certain relationships representing material insights are identified from among a set of discovered relationships. Cognitive discovery of relationships in a knowledge base, or corpus, are ranked according to one or more metrics indicative of material insights, including recentness and degree of alignment.
    Type: Grant
    Filed: May 25, 2016
    Date of Patent: March 13, 2018
    Assignee: International Business Machines Corporation
    Inventors: John B. Gordon, John P. Hogan, Sanjay F. Kottaram
  • Patent number: 9917770
    Abstract: A traffic on-boarding method is operative at an acceleration server of an overlay network. It begins at the acceleration server when that server receives an assertion generated by an identity provider (IdP), the IdP having generated the assertion upon receiving an authentication request from a service provider (SP), the SP having generated the authentication request upon receiving from a client a request for a protected resource. The acceleration server receives the assertion and forwards it to the SP, which verifies the assertion and returns to the acceleration server a token, together with the protected resource. The acceleration server then returns a response to the requesting client that includes a version of the protected resource that points back to the acceleration server and not the SP. When the acceleration server then receives an additional request from the client, the acceleration server interacts with the service provider using an overlay network optimization.
    Type: Grant
    Filed: November 11, 2017
    Date of Patent: March 13, 2018
    Assignee: Akamai Technologies, Inc.
    Inventors: Andrew B. Ellis, Charles E. Gero, Andrew F. Champagne
  • Patent number: 9912748
    Abstract: A method includes storing data generated in a source node by sending write requests to multiple destination nodes. The destination nodes are requested to create snapshots of the data. The write requests are marked at the source node with marks that indicate to each destination node which of the write requests are pre-snapshot write requests that were issued before a snapshot request for a snapshot that the destination node is currently storing, and which of the write requests are post-snapshot write requests that were issued after the snapshot request for the snapshot that the destination node is currently storing. The snapshots are synchronized with one another at the destination nodes based on the marks.
    Type: Grant
    Filed: January 12, 2015
    Date of Patent: March 6, 2018
    Assignee: STRATO SCALE LTD.
    Inventors: Aharon Lazar, Yael Feldmann
  • Patent number: 9894048
    Abstract: Communications methods and appliances are described. According to one embodiment, a communications method includes prior to deployment of an appliance, establishing a trusted association between the appliance and a certificate authority, during deployment of the appliance, associating the appliance with a communications address of a communications medium, using the certificate authority, creating a signed certificate including the communications address of the appliance, announcing the signed certificate using the appliance, after the announcing, extracting the communications address of the appliance from the signed certificate, and after the extracting, verifying the communications address of the appliance.
    Type: Grant
    Filed: February 7, 2013
    Date of Patent: February 13, 2018
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Rajesh K Shenoy, Keith E Moore
  • Patent number: 9876643
    Abstract: A method of increasing communication security may include determining, responsive to receiving a first message from a first computer system, whether said first computer system is authorized to communicate with a second computer system, wherein said determining is performed at a third computer system. The method may also include generating a first data portion associated with a security token, wherein said generating said first data portion includes accessing data, wherein said data includes a first instance of a session key, and wherein said generating said first data portion further includes encrypting, using a key associated with said second computer system, said data to generate said first data portion. The method may further include communicating, if said first computer system is authorized to communicate with said second computer system, a second message from said third computer system for delivery to said first computer system.
    Type: Grant
    Filed: July 21, 2016
    Date of Patent: January 23, 2018
    Assignee: EXILANT Technologies Private Limited
    Inventor: Vishnu Sharma
  • Patent number: 9787666
    Abstract: Systems, methods and computer-readable media are disclosed for performing single sign-on processing between associated mobile applications. The single sign-on processing may include processing to generate an interaction session between a user and a back-end server associated with a mobile application based at least in part on one or more existing interaction sessions between the user and one or more back-end servers associated with one or more other mobile applications. In order to establish an interaction session with an associated back-end server, a mobile application may leverage existing interaction sessions that have already been established in connection with the launching of other associated mobile applications.
    Type: Grant
    Filed: May 17, 2017
    Date of Patent: October 10, 2017
    Assignee: FISERV, INC.
    Inventors: David Francis Scavo, Barbara Wilson Whiteside
  • Patent number: 9762392
    Abstract: Systems and methods for trusted provisioning and authentication for networked devices in a cloud-based IoT/M2M platform is disclosed. In one embodiment, a fully qualified domain name and public key is registered in a domain name server for each networked device during device configuration. A network device establishes its trustworthiness to a data collection and processing server by providing credentials to the data collection and processing server. The data collection and processing server deduces the username, the device's fully qualified domain name, and encrypted password from the credentials. The domain name server is queried for the fully qualified domain name and the public key is returned. The encrypted password is decrypted using the public key and an attempt is made to verify the password. When the password is verified, the username is provided to the data collection and processing server to authorize a network connection between the networked device and the data collection and processing server.
    Type: Grant
    Filed: September 22, 2015
    Date of Patent: September 12, 2017
    Assignee: Eurotech S.P.A.
    Inventors: Marco Carrer, Cristiano De Alti, Diego Rughetti, Antonio Abramo, Stefano Adami
  • Patent number: 9749130
    Abstract: In some embodiments, a server can establish a session with a remote client. The server can generate a session key portion for the session and a client key portion for the remote client. The server can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key can be generated from a static key portion accessible by the server, the session key portion, and the client key portion. The server can associate the session key portion with the session. The session key portion is accessible by the server during the session. The server can delete the client key portion after providing the client key portion to the remote client. The server can obtain the client key portion from the remote client in response to determining that subsequent transactions during the session involve decrypting the encrypted client data.
    Type: Grant
    Filed: November 12, 2015
    Date of Patent: August 29, 2017
    Assignee: Adobe Systems Incorporated
    Inventors: Jeffrey Michael Day, Peter Raymond Fransen
  • Patent number: 9742788
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for correlating domain activity data. First domain activity data from a first network domain and second domain activity data from a second network domain is received. The first domain activity data and the second domain activity data is filtered to remove irrelevant activity data, based on a first set of profile data for devices in the first network domain and a second set of profile data for devices in the second network domain. Unfiltered first and second domain activity data is aggregated. Aggregated unfiltered first and second domain activity data is correlated to determine an attack path for an attack that occurs across the first network domain and the second network domain, based on attack signatures and profiles associated with previously identified attacks. A visualization of the attack path is generated.
    Type: Grant
    Filed: August 31, 2015
    Date of Patent: August 22, 2017
    Assignee: Accenture Global Services Limited
    Inventors: Amin Hassanzadeh, Shimon Modi, Shaan Mulchandani, Walid Negm
  • Patent number: 9721074
    Abstract: The subject matter of this specification can be embodied in, among other things, a method that includes receiving, by one or more servers associated with an application marketplace, a policy that includes data that identifies one or more users, and a restricted permission. A request is received, by the servers associated with the application marketplace, to access one or more applications that are distributed through the application marketplace, wherein the request includes data that identifies a particular one of the users. One or more of the applications that are associated with the restricted permission are identified by the servers associated with the application marketplace, and access by the particular user to the applications that are associated with the restricted permission is restricted by the servers associated with the application marketplace.
    Type: Grant
    Filed: August 21, 2014
    Date of Patent: August 1, 2017
    Assignee: Google Inc.
    Inventor: Gabriel A. Cohen
  • Patent number: 9710640
    Abstract: Disclosed are various embodiments that facilitate bootstrap authentication of a second application by way of a user confirmation via a first application, where the first application is authenticated using trusted credentials. A security credential for a user account is received from a user. A first application is authenticated with an authentication service using the security credential. One or more user actions are received by the first application. The user actions constitute a confirmation of a bootstrap authentication request submitted by a second application. Data encoding the user actions is sent to the authentication service.
    Type: Grant
    Filed: March 28, 2014
    Date of Patent: July 18, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Harsha Ramalingam, Jesper Mikael Johansson, Bharath Kumar Bhimanaik
  • Patent number: 9698990
    Abstract: Very strong, complex, unforgettable passwords unique to each web site are created for a user's Web site authentication by altering all or part of the web site address using, in a preferred embodiment, a predetermined encoding dictionary with more a single code for each entry and unique to each user. The entries in this preferred embodiment are single characters including characters used for words, punctuation, symbols and numerals; each single entry character appears more than once in the dictionary. The codes are of various character lengths and can be comprised of the same characters used in the entries. In a Web site authentication embodiment as well as for embodiments not used for Web site authentication, including pass-protecting files, the string of characters altered by encoding can be a private word or group of words. In another embodiment the password created by encoding is pseudo-randomly scrambled by using a seed unique to the user in order to create the password actually used.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: July 4, 2017
    Inventors: Robert Barry O'Dell, James D. Ivey
  • Patent number: 9699160
    Abstract: A system and method for exchanging identity information and for correlating protected data across independent data systems connected through a network is disclosed. The system contains connectors in communication with protected data systems which house the protected data. Data is correlated between the protected data systems through coincident authentication of both systems by a user. Messages are exchanged which allow the identity exchange system to correlate data based on a session identifier from an authenticated session on one of the protected data systems.
    Type: Grant
    Filed: January 9, 2015
    Date of Patent: July 4, 2017
    Assignee: Verato, Inc.
    Inventors: J. Brent Williams, Dennis Tackett, Dennis Rizzi