Authorization Patents (Class 726/17)
  • Patent number: 10356099
    Abstract: A controller for user authentication and access control, configured to: store data representing a graph having: nodes representing data elements associated with accesses made using an access token; and links among the nodes representing connections between the data elements identified in details of the accesses. In response to receiving details of an access made using the access token, the controller updates the graph according to the details and identifies a new connection in the graph resulting from update. The controller communicates with an identity service to verify the association of data elements corresponding to the new connection in the graph. Based on a result of the verification, the controller authenticates the user of the access and/or controls the access.
    Type: Grant
    Filed: February 2, 2018
    Date of Patent: July 16, 2019
    Assignee: IDM GLOBAL, INC.
    Inventors: Jose Caldera, Kieran Sherlock, Garrett Gafke
  • Patent number: 10341306
    Abstract: Systems and methods for application identification in accordance with embodiments of the invention are disclosed. In one embodiment, a user device includes a processor and memory configured to store an application, a session manager, an application identifier, and at least one shared library, and the processor is configured by the session manager to communicate the application identifier and the application identifier data to an authentication server and permit the execution of the application in response to authentication of the application by the authentication server.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: July 2, 2019
    Assignee: DIVX, LLC
    Inventors: Eric William Grab, Kourosh Soroushian, Tung Lin, Francis Yee-Dug Chan, Evan Wallin, William David Amidei
  • Patent number: 10332367
    Abstract: The present disclosure relates to systems and methods for using haptic vibration for inter-device communication. In one implementation, a system for inter-device communication using haptic vibration may include at least one force gauge configured to measure displacements caused by an external device in contact with the at least one force gauge; at least one memory storing instructions; and at least one processor configured to execute the instructions to: receive an identifier associated with a user; retrieve a pattern associated with the received identifier; receive, from the at least one force gauge, one or more measurements over a period of time; assess a degree of difference between the received one or more measurements and the retrieved pattern; and, when the degree of difference is below a threshold, authenticate the user.
    Type: Grant
    Filed: October 17, 2018
    Date of Patent: June 25, 2019
    Assignee: Capital One Services, LLC
    Inventors: Abdelkader Benkreira, Joshua Edwards, Michael Mossoba
  • Patent number: 10305882
    Abstract: A system and method for using a Service-Provider password to simulate F-SSO functionality. A processor receives from an F-SSO Identity Provider authentication data for a user who has requested access to a secured service. The service is managed by an F-SSO Service Provider that does not offer F-SSO functionality for that service. Upon receiving the data, the processor redirects the user to an SU-F-SSO portal of the Service Provider, which uses the received authentication data to authenticate the user. The processor sends the user an on-demand password and, when the user uses that password to sign on, the processor matches the entered password with a stored copy of the password that was sent to the user. If they match, the processor grants the user access to the requested service. In some embodiments, the on-demand password may be a single-use password or may be sent to the user via an out-of-band communication.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: May 28, 2019
    Assignee: International Business Machines Corporation
    Inventors: Heather M. Hinton, Kelly Malone
  • Patent number: 10298589
    Abstract: Role based access control (RBAC) identity management tools, computing systems, computer products and methods of abstracting individual users from the role assignment and revalidation process of traditional RBAC. The RBAC tools, products and systems of the present disclosure organize and manage multi-tenanted networks and cloud computing environments by organizing individual users by service providers having a single or unified identity, which are separately managed by the service provider owners. The service provider identities are treated as a single service provider entity applying for one or more roles in the multi-tenant system, allowing for a simplified role revalidation that no longer requires managers of tenants in a multi-tenant network to approve the role assignment of each individual user, because the tenants and tenant managers are unaware of the users identities that make up the service provider identity.
    Type: Grant
    Filed: January 27, 2016
    Date of Patent: May 21, 2019
    Assignee: International Business Machines Corporation
    Inventors: James D. Cleaver, Michael J. McGuire
  • Patent number: 10268823
    Abstract: A device, system, and method secures executable operations through verification of an operation prior to execution. The method performed at an electronic device comprising a processor in an execution state and a memory representable with a memory map includes receiving a request for the operation from an application installed on the electronic device, the request including a location in the memory map. The method includes determining whether the location is within one of at least one address range included in a security policy register generated prior to the execution phase, the at least one address range respectively corresponding to at least one authorized operation. The method includes, when the location is within one of the at least one address range, servicing the request to perform the operation.
    Type: Grant
    Filed: October 27, 2016
    Date of Patent: April 23, 2019
    Assignee: WIND RIVER SYSTEMS, INC.
    Inventor: Arlen Baker
  • Patent number: 10223857
    Abstract: The present invention relates to a keyless entry system that contains a visual random code generator so that the possible input pattern is different every time a user accesses the system. A keypad device containing an input device and a display are electronically connected to a processor containing the visual random code generator. Positions and associated values are displayed on the input device, such as a touch sensitive screen, allowing the user to enter an access code. The visual random code generator randomizes and controls the input pattern displayed so that the input pattern changes each time the system is accessed.
    Type: Grant
    Filed: October 19, 2010
    Date of Patent: March 5, 2019
    Assignee: METHODE ELECTRONICS, INC.
    Inventor: Thomas C. Beshke
  • Patent number: 10223093
    Abstract: Systems and methods are described for providing user control over access to private data. An exemplary embodiment is performed on a client computing device in which separate computing environments referred to as context modules are installed. Each context module has a context identifier. An application is installed in a context module. The client computing device receives a request for data from the application, where the request for data includes a schema identifier that identifies the data. If the schema identifier is associated with the context identifier in a rules data storage, then the data is provided to the application. Otherwise, a user is prompted as to whether to permit the data request.
    Type: Grant
    Filed: December 4, 2015
    Date of Patent: March 5, 2019
    Assignee: PCMS Holdings, Inc.
    Inventor: Ville J. Ollikainen
  • Patent number: 10185601
    Abstract: A system that transforms non-SaaS applications into tenant-aware SaaS applications is disclosed, which analyzes the non SaaS applications to determine which intercepts to external libraries need to be translated into SaaS intercepts that utilize SaaS tenancy services, SaaS operations services, and/or SaaS business services. The system transforms the non-SaaS applications into SaaS applications by providing intercept handlers that call SaaS services on demand when the transformed SaaS application throws a transformed SaaS interrupt.
    Type: Grant
    Filed: November 1, 2017
    Date of Patent: January 22, 2019
    Assignee: Corent Technology, Inc.
    Inventors: Shafiullah Syed, Feyzi Fatehi, Sethuraman Venkataraman, Jeya Anantha Prabhu
  • Patent number: 10187394
    Abstract: Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which may comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted. However, if it is determined that the current user is likely illegitimate, than a verification procedure may be provided to the current user, such as a temporal, dynamic security challenge based on recent activity conducted by the legitimate user.
    Type: Grant
    Filed: March 31, 2016
    Date of Patent: January 22, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Nadav Bar, Tom Jurgenson
  • Patent number: 10140465
    Abstract: In computer-based user authentication, a user may establish or enhance security for a component of a multi-component password by performing a security operation on a selected component of the password. The security operation may comprise encrypting the selected component. The password may be an image-based password and security operation may be encrypting information related to positions of at least one target location on a verification image.
    Type: Grant
    Filed: June 14, 2017
    Date of Patent: November 27, 2018
    Inventor: Susan Olsen-Kreusch
  • Patent number: 10122766
    Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.
    Type: Grant
    Filed: February 23, 2016
    Date of Patent: November 6, 2018
    Assignee: Intel Corporation
    Inventors: Tarun Viswanathan, Uri Kahana, Alan D. Ross, Eran Birk
  • Patent number: 10122698
    Abstract: Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider's core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session.
    Type: Grant
    Filed: August 14, 2017
    Date of Patent: November 6, 2018
    Assignee: PAYPAL, INC.
    Inventors: Igor Yefimov, Scott Atwood
  • Patent number: 10114944
    Abstract: The disclosed computer-implemented method for classifying permissions on mobile devices may include (1) detecting that an application executing on a mobile device is issuing a request for one or more requested permissions to access one or more components of the mobile device, (2) determining an intended use of the application, (3) performing, through a security system distinct from the application and the operating system, an analysis of the request issued by the application at least in part by determining whether the intended use of the application corresponds to an expected use of the requested permission, and (4) providing, via a graphical user interface, a result of the analysis to an end user of the mobile device that indicates a security implication caused by granting the one or more requested permissions to the application. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: November 12, 2015
    Date of Patent: October 30, 2018
    Assignee: Symantec Corporation
    Inventors: Jinghao Li, Joseph Chen
  • Patent number: 10079820
    Abstract: Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.
    Type: Grant
    Filed: September 22, 2014
    Date of Patent: September 18, 2018
    Assignee: Oracle International Corporation
    Inventors: Ashish Kolli, Mrudul Uchil, Josh Brunaugh, Dharmvir Singh
  • Patent number: 10038689
    Abstract: Aspects of the present disclosure relate to dynamically generating a security challenge and corresponding password. A set of user activity data may be obtained from one or more data sources. The set of user activity data may then be analyzed. Based on the analysis, a security rating may be generated for the user activity data. The security rating may be compared to a security threshold to determine whether the set of user activity data is secure. In response to the security rating satisfying the security threshold, the security challenge and password corresponding to the security challenge may be generated based on the set of user activity data.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: July 31, 2018
    Assignee: International Business Machines Corporation
    Inventors: Yuk L. Chan, Michael D. Essenmacher, David B. Lection, Eric L. Masselle
  • Patent number: 10038674
    Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for providing secure mobile data sharing. Actions can include: receiving, by the one or more processors, a request for secure mobile data sharing, the request being received from a mobile device and comprising a security definition; obtaining, by the one or more processors, based at least in part on the security definition of the request: a decryption key, a recipient identifier, and a security policy; receiving, by the one or more processors, a decryption request from a third-party device, the decryption request comprising an identifier distinguishing the third-party device as a recipient of an encrypted message corresponding to the decryption key; and providing the decryption key to the third-party device in response to validating the decryption request.
    Type: Grant
    Filed: October 17, 2014
    Date of Patent: July 31, 2018
    Assignee: SAP SE
    Inventors: Laurent Gomez, Cedric Hebert
  • Patent number: 10019624
    Abstract: The disclosure relates to a face recognition system. The face recognition system includes a camera module configured to acquire face recognition information of a target object; a feature point recognition module configured to select facial feature points; a displacement output module configured to output a displacement and azimuth of the camera module during acquiring the face recognition information at different positions; a distance calculation module configured to calculate depth distances between the facial feature points and the displacement between the different positions; and a face recognition module configured to judge whether the target object is the target user. A face recognition method is also related.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: July 10, 2018
    Assignee: HON HAI PRECISION INDUSTRY CO., LTD.
    Inventors: Tien-Ping Liu, Yu-Tai Hung, Fu-Hsiung Yang
  • Patent number: 10015286
    Abstract: A system and method to establish and maintain access between a secured network and a remote client device communicating with different security protocols. Once the system and method verify that the remote client device had the requisite credentials to access the secured network domain, the system and method are delegated to fetch a service ticket to one or more dedicated servers on behalf of remote client device. The system and method receives a service ticket from the dedicated server and forwards the service ticket to the remote client device to use the service.
    Type: Grant
    Filed: June 23, 2010
    Date of Patent: July 3, 2018
    Assignee: F5 Networks, Inc.
    Inventor: Jeff J. Costlow
  • Patent number: 10013547
    Abstract: An information handling system includes a processor that determines a first orientation from orientation sensors and a sensor hub for detecting a motion gesture. The processor is further activated from a sleep state by the motion gesture and the information handling system includes a limited, ad-hoc access system that permits ad-hoc access to limited user pre-set or context-based system resources in response to the sudden motion gesture.
    Type: Grant
    Filed: February 21, 2017
    Date of Patent: July 3, 2018
    Assignee: Dell Products, LP
    Inventors: Deeder M. Aurongzeb, Liam B. Quinn, Richard W. Schuckle
  • Patent number: 10009337
    Abstract: A first request is received from a first user to revoke an access right of a second user of a first tenant for accessing data of a second tenant, where the first tenant is a parent tenant of the second tenant. In one embodiment, in response to the first request, a first role of the first user within the second tenant and a second role of the first user within the first tenant are determined. A first and second access privileges of the first role and second role of the first user, respectively, are determined to allow the first user to revoke the access right to the second tenant. In response to the first user having a revoke privilege in the first and second tenant, the first user is allowed to remove the second tenant from the first tenant.
    Type: Grant
    Filed: June 30, 2015
    Date of Patent: June 26, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Ilia Fischer, Michal J. Drozd, Aliaksandr Shtop, Vitaly Morozov, Michael G. Roche
  • Patent number: 10007785
    Abstract: The present disclosure relates to the field of information technologies and discloses a method and an apparatus for implementing virtual machine introspection. The method provided in the present disclosure may further include: determining to-be-checked data in a virtual machine; starting to read the to-be-checked data, saving a copy of the read to-be-checked data, and storing a storage address of the read to-be-checked data in a hardware transactional memory, so that the hardware transactional memory is capable of monitoring the read to-be-checked data according to the storage address; when the read to-be-checked data is modified, stop reading the to-be-checked data, and delete the copy; and when reading the to-be-checked data is completed and it is not detected that the read to-be-checked data is modified, performing security check on the copy. The method can be applied to virtual machine introspection.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: June 26, 2018
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Bin Tu, Haibo Chen, Yubin Xia
  • Patent number: 9992207
    Abstract: Disclosed is a mobile device that selects an authentication process based upon sensor inputs and mobile device capabilities. The mobile device may include: a plurality of sensors; and a processor. The processor may be configured to: determine multiple authentication processes based upon sensor inputs and mobile device capabilities for authentication with at least one of an application or a service provider; select an authentication process from the multiple authentication processes that satisfies a security requirement; and execute the authentication process.
    Type: Grant
    Filed: September 23, 2014
    Date of Patent: June 5, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Robert Tartz, Qazi Bashir, Jonathan Kies, Suzana Arellano, Virginia Keating
  • Patent number: 9984132
    Abstract: Techniques include displaying, at a user device, a user-selectable link associated with a search result that specifies a state of a software application (app). The state is associated with one or more entities (e.g., business, franchise, product, or service names, and/or geographic locations). The link is configured to, upon being selected, cause the device to set the software app into the state. The techniques further include receiving, at the device, an input from a user. The input specifies a mathematical operation to be performed based on the entities. The techniques include, in response to receiving the input, performing the operation. The techniques also include, in response to performing the operation, displaying another user-selectable link configured to, upon being selected, cause the device to set the same or a different software app into another state that is associated with at least one of the entities.
    Type: Grant
    Filed: June 18, 2016
    Date of Patent: May 29, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Joseph Nelson, Hadar Dor
  • Patent number: 9971911
    Abstract: Methods and devices for providing a private page are provided. A method includes operations of entering a security mode based on a user input; extracting the private page that corresponds to the security mode; and providing both the private page and a normal page that is provided during a normal mode, wherein the private page includes at least one object that is selected by a user so as to be provided during the security mode. A device includes a user input configured to receive a user input; a controller configured to enter a security mode based on the received user input, and extracting a private page that corresponds to the security mode; and a display configured to provide both the private page and a normal page that is provided during a normal mode, wherein the private page comprises at least one object that is selected by a user so as to be provided during the security mode.
    Type: Grant
    Filed: February 15, 2017
    Date of Patent: May 15, 2018
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Yoon-su Kim, Jung-joo Sohn, Keum-koo Lee, Young-kyu Jin, Yong-gook Park
  • Patent number: 9973490
    Abstract: Disclosed in the authentication and authorization of a client device to access a plurality of resources, requiring a user of a client device to enter only one set of login information. Authentication and authorization of a client device to access a plurality of resources after an initial set of login information is received by a networked computing environment. After the initial set of login information is received, a series of steps are performed that may be entirely transparent to the user of the client device.
    Type: Grant
    Filed: October 11, 2016
    Date of Patent: May 15, 2018
    Assignee: SONICWALL INC.
    Inventors: Xiao Yu Huang, Zhong Chen, Yi Fei Hu, Riji Cai
  • Patent number: 9959122
    Abstract: A method includes allocating a first single-cycle instruction to a first pipeline that picks single-cycle instructions for execution in program order. The method further includes marking at least one source register of the first single-cycle instruction as ready for execution in the first pipeline in response to all older single-cycle instructions allocated to the first pipeline being ready and eligible to be picked for execution. An apparatus includes a decoder to decode a first single-cycle instruction and to allocate the first single-cycle instruction to a first pipeline. The apparatus further includes a scheduler to pick single-cycle instructions for execution by the first pipeline in program order and to mark at least one source register of the first single-cycle instruction as ready for execution in the first pipeline in response to determining that all older single-cycle instructions allocated to the first pipeline are ready and eligible.
    Type: Grant
    Filed: April 24, 2013
    Date of Patent: May 1, 2018
    Assignee: Advanced Micro Devices, Inc.
    Inventors: Michael D. Estlick, Jay E. Fleischman, Kevin A. Hurd, Mark M. Gibson, Kelvin D. Goveas, Brian M. Lay
  • Patent number: 9922211
    Abstract: Methods and devices for providing a private page are provided. A method includes operations of entering a security mode based on a user input; extracting the private page that corresponds to the security mode; and providing both the private page and a normal page that is provided during a normal mode, wherein the private page includes at least one object that is selected by a user so as to be provided during the security mode. A device includes a user input configured to receive a user input; a controller configured to enter a security mode based on the received user input, and extracting a private page that corresponds to the security mode; and a display configured to provide both the private page and a normal page that is provided during a normal mode, wherein the private page comprises at least one object that is selected by a user so as to be provided during the security mode.
    Type: Grant
    Filed: February 15, 2017
    Date of Patent: March 20, 2018
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Yoon-su Kim, Jung-joo Sohn, Keum-koo Lee, Young-kyu Jin, Yong-gook Park
  • Patent number: 9921741
    Abstract: Systems and methods securely authenticate an identity of an individual based on a pattern that is traced by the individual. Embodiments relate to prompting an individual with a pattern to trace when attempting to authenticate the identity of the individual during an identity authentication session. Motion-based behavior data that is generated by motions executed by the individual as the individual traces the pattern is captured via a motion-capturing sensor. The motion-based behavior data is unique to the individual and has a low likelihood of being duplicated by an unauthorized individual attempting to fraudulently pose as the individual. The captured motion-based behavior data is compared to previously-captured motion-based behavior data from previous traces of the pattern completed by the individual. The identity of the individual is authenticated when the motion-based behavior data is within a threshold of the previously captured motion-based behavior data.
    Type: Grant
    Filed: May 12, 2014
    Date of Patent: March 20, 2018
    Assignee: Ohio University
    Inventors: Chang Liu, Siang Lee Hong
  • Patent number: 9900155
    Abstract: Security techniques are provided for cooperative file distribution. An encryption key or a nonce (or both) are generated for a package containing one or more files that are to be sent in a cooperative file distribution system. Random access encryption techniques can be employed to encrypt a package containing one or more files to be sent in a cooperative file distribution system. One or more storage proxies are allocated to a package to be transmitted in a cooperative file distribution system, based on load. Access to trackers in the cooperative file distribution system is controlled using security tokens. Content can automatically expire using a defined expiration period when the content is uploaded into the system. Variable announce intervals allow the tracker to control how often the tracker will receive a message, such as an announcement or a heartbeat message, from peers in the system.
    Type: Grant
    Filed: May 28, 2010
    Date of Patent: February 20, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Andrew Hickmott, Laird A. Popkin, Yaar Schnitman
  • Patent number: 9893960
    Abstract: A device hub system includes: a control unit configured to: generate a workroom for providing access to a workroom accessible resource, including an enterprise multifunctional printer, protected by a network firewall; provide authentication for a participant device to access the workroom; receive a workroom request through the workroom; generate a workroom sharable information from the workroom request; and a communication unit, coupled to the control unit, configured to distribute the workroom sharable information within the workroom.
    Type: Grant
    Filed: August 11, 2015
    Date of Patent: February 13, 2018
    Assignee: S-PRINTING SOLUTION CO., LTD.
    Inventors: Ramon Rubio, Joseph Yang, Wei-jhy Chern
  • Patent number: 9892268
    Abstract: An extensible deployment system is disclosed that provides for flexible deployment and centralized management of a scalable communication system. The scalable communication system may be segmented into multiple groups of services, e.g. multiple solutions, that may be deployed across one or more servers. The groups of services may each access separate databases in a single database instance that may allow for the groups of services to be deployed and upgraded independently. A management interface may be provided that allows for centralized management, and deployment, of all of the groups of services, irrespective of the independent upgrade paths of the groups of services. The management interface may include a local authentication system and may also be interoperable with one or more external authentication systems, such that users may use login credentials of an external authentication system to access the management interface.
    Type: Grant
    Filed: July 3, 2014
    Date of Patent: February 13, 2018
    Assignee: CareFusion 303, Inc.
    Inventors: Nick T. Nguyen, Richard W. Massey, Willis Lam, Ryan Nguyen, Gerald E. Barnefiher
  • Patent number: 9880871
    Abstract: An example method for secure virtual machine access to a protected virtual machine function includes storing a first virtual machine function instruction, which is executable to configure access privileges of a guest according to a trampoline view, as a last instruction on a first trampoline page. The method also includes storing a clear interrupt flag instruction as a first instruction on a second trampoline page. The method further includes storing a second virtual machine function instruction, which is executable to configure access privileges of the guest according to a protected view, as a last instruction on the second trampoline page. The method also includes in response to detecting an extended page fault violation while the trampoline view is active, clearing the interrupt flag of the guest and entering execution on an instruction following the clear interrupt flag instruction on the second trampoline page.
    Type: Grant
    Filed: February 23, 2016
    Date of Patent: January 30, 2018
    Assignee: Red Hat Israel, Ltd.
    Inventors: Michael Tsirkin, Paolo Bonzini
  • Patent number: 9883330
    Abstract: A method and system of secure zone pairing. Using the method, a low-power broadcast message is generated by a pairing device and transmitted within a broadcast zone, where the low-power broadcast message includes pairing information. A host device that is within the broadcast zone receives the low-power broadcast message and transmits a first indication that the host device is within the broadcast zone. A guest device that is within the broadcast zone receives the low-power broadcast message and transmits a second indication that the guest device is within the broadcast zone. The method pairs the host device and the guest device based on the pairing information, the first indication, and the second indication.
    Type: Grant
    Filed: June 8, 2016
    Date of Patent: January 30, 2018
    Assignee: MOTOROLA SOLUTIONS, INC.
    Inventors: Subhash P. Nair, Timothy M. Clay
  • Patent number: 9880882
    Abstract: A multi-tenant software as a service (SaaS) platform for automatic deployment of a connector application, and a method for automatic deployment of a connector application in a multi-tenant software as a service (SaaS) platform, the method including: deploying a tenant service connector package to a tenant among a plurality of tenants, the tenant service connector package being a package configured to cause a tenant virtual machine to be created in order to provide a service to at least one tenant of the plurality of tenants in a virtual machine form; activating the tenant virtual machine through execution of the tenant service connector package in the tenant that receives the tenant service connector package; forming a connection channel between a virtual machine of the SaaS platform and the tenant virtual machine; and providing the service between the SaaS platform and the at least one tenant through the formed connection channel.
    Type: Grant
    Filed: October 24, 2014
    Date of Patent: January 30, 2018
    Assignee: SAMSUNG SDS CO., LTD.
    Inventors: Jik Soo Kim, Nam Kyung Kim, Hyung Won Choi
  • Patent number: 9836969
    Abstract: A system and method are provided for connecting intersections, to enable two-way wireless communication between a cloud-based traffic operations service and new and existing traffic cabinet hardware using “connected intersection” technology. By providing hardware in existing (or new) traffic control cabinets that can communicate wirelessly with a cloud-based traffic operations system, customers can enhance and upgrade legacy traffic networks using existing IT infrastructure (i.e. servers, hard drives, etc.) or existing communication networks. The connected intersection technology further provides software functionalities including real-time alerts, connectivity between existing cabinets and central systems, and signal timing-plan management for customers that lack an existing central system.
    Type: Grant
    Filed: May 9, 2016
    Date of Patent: December 5, 2017
    Assignee: Miovision Technologies Incorporated
    Inventors: David Thompson, Tyler Abbott, Kashif Umer, David Hillis, Roy Lemke, Jason Chan
  • Patent number: 9824496
    Abstract: In an information display system, an information apparatus includes a target information storage section that stores target information to be published by the information apparatus and an extraction section that extracts the target information from the target information storage section on the basis of user information that is information regarding a user of a head mounted display device, and the head mounted display device includes an information generating section that generates information for additional presentation for providing the augmented reality to the user using the target information acquired from the information apparatus and an image display section that enables the user to view the generated information for additional presentation as a virtual image.
    Type: Grant
    Filed: February 20, 2014
    Date of Patent: November 21, 2017
    Assignee: Seiko Epson Corporation
    Inventor: Fusashi Kimura
  • Patent number: 9800554
    Abstract: According to an aspect of the invention, a method for establishing secure communication between nodes in a network is conceived, wherein the network comprises a key manager which accommodates a key-manager-specific public key and a corresponding key-manager-specific private key; wherein a copy of the key-manager-specific public key is stored in an installation device; wherein the installation device provides a new node with the copy of the key-manager-specific public key; and wherein said new node is registered with the key manager by providing a node-specific public key and an identifier of said new node to the key manager, such that other nodes in the network may setup end-to-end secure connections with said new node by requesting the node-specific public key of said new node from the key manager.
    Type: Grant
    Filed: April 19, 2013
    Date of Patent: October 24, 2017
    Assignee: NXP B.V.
    Inventors: Timo van Roermund, Ewout Brandsma, Maarten Christiaan Pennings
  • Patent number: 9767172
    Abstract: An interactive user interface for displaying projects comprising a collection of links specifying data to be displayed from a plurality of different applications and/or data sources. When loading a project for display, links are automatically parsed to identify the application and/or data source they are associated with. Retrieved data associated with the links is displayed in a format based upon that of their native application. The data may be displayed in an interactive format, allowing the user to change or manipulate the data in a manner that would be possible in the data's native application. A project may be expressed as a “project link,” comprising a text string, wherein the links of the assets associated with the project are included or embedded within the text string, and which may be shared between different users, and may function as a snapshot of the project.
    Type: Grant
    Filed: October 2, 2015
    Date of Patent: September 19, 2017
    Assignee: PALANTIR TECHNOLOGIES INC.
    Inventors: Steven Fackler, David Skiff
  • Patent number: 9767304
    Abstract: Techniques for representation of operating system context in a trusted platform module are described. In at least some embodiments, authorization principals that corresponds to representations of operating system context are derived in a trusted platform module. The authorization principals can be used to define authorization policies for access to security assets stored in a trusted platform module.
    Type: Grant
    Filed: September 25, 2014
    Date of Patent: September 19, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Ronald Aigner, Navin Pai
  • Patent number: 9769181
    Abstract: A method, system and computer-usable medium are disclosed for protecting data stored on a mobile device, based upon its location. Data stored on a mobile device is encrypted with a network-stored secret key that is unknown to the user of the mobile device. The secret key is provided directly to the mobile device once the user is authenticated and it has been determined that the mobile device is located within a predetermined geographical area. The provided secret key is then used to decrypt the encrypted data stored on the mobile device such that it can then be accessed by the user. The user is then prevented from accessing the encrypted data when it is determined that the mobile device is no longer located within the predetermined geographical area.
    Type: Grant
    Filed: June 23, 2014
    Date of Patent: September 19, 2017
    Assignee: International Business Machines Corporation
    Inventors: Judith H. Bank, Lisa M. Bradley, Aaron J. Quirk, Lin Sun
  • Patent number: 9740390
    Abstract: A dynamic clip analysis system for use in a networked server-client system includes: a client including a client-side remote application module configured to analyze content from one or more of a client-side clipboard and a client-side drag and drop utility; and a remote application interactively connected with the client over a network via the client-side remote application module, the remote application including: one or more of a remote clipboard and a remote drag and drop utility; and a client-side remote application module configured to analyze content from one or more of the remote clipboard and the remote drag and drop utility, so as to perform dynamic clip analysis in the server-client system.
    Type: Grant
    Filed: March 11, 2014
    Date of Patent: August 22, 2017
    Assignee: Spikes, Inc.
    Inventors: Branden L. Spikes, Walter Sims
  • Patent number: 9736141
    Abstract: Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider's core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session.
    Type: Grant
    Filed: September 2, 2016
    Date of Patent: August 15, 2017
    Assignee: PAYPAL, INC.
    Inventors: Igor Yefimov, Scott Atwood
  • Patent number: 9697373
    Abstract: Embodiments of the present invention support a flexible access control design that includes flexible ownership and assignment of access control lists (ACLs). The ACLs can be assigned to one or more resources, or items, or types of resources or items. A creator or owner of an ACL can grant privileges to others such that they may modify or assign the ACL. Each ACL can have one or more owners, i.e., users that can exercise control over the ACL. Any owner of an ACL can designate certain privileges to other users. These other users may then use the ACL based on the privileges granted to them.
    Type: Grant
    Filed: November 5, 2004
    Date of Patent: July 4, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Kenneth Carlin Nelson, Marilene A Noronha
  • Patent number: 9654474
    Abstract: To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a process's token. The rule includes an application-criterion set and changes to be made to the groups and/or privileges of a token. The rule is set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers. When a GPO containing a rule is applied to a computer, a driver installed on the computer accesses the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process.
    Type: Grant
    Filed: September 11, 2013
    Date of Patent: May 16, 2017
    Assignee: BEYONDTRUST SOFTWARE, INC.
    Inventor: Marco Peretti
  • Patent number: 9648497
    Abstract: A login control method and apparatus is provided for facilitating usage right authentication of a mobile terminal, when the user unlocks the mobile terminal. The login control method includes determining, when a lock image is displayed on a screen, a posture of a mobile terminal, detecting unlock information, comparing the unlock information with a pre-registered unlock information, selecting, when the unlock information and the pre-registered unlock information are identical, an operation mode corresponding to the matched unlock information, from a plurality of operation modes, as the current operation mode, and displaying an image representing the current operation mode.
    Type: Grant
    Filed: November 22, 2013
    Date of Patent: May 9, 2017
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Dayama Dwarkaprasad, Das Kumarbrata
  • Patent number: 9639487
    Abstract: An apparatus comprises a plurality of processor cores, each comprising a computation unit and a memory. The apparatus further comprises an interconnection network to transmit data among the processor cores. At least some of the memories are configured as a cache for memory external to the processor cores, and at least some of the processor cores are configured to transmit a message over the interconnection network to access a cache of another processor core.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: May 2, 2017
    Assignee: Mellanox Technologies, Ltd.
    Inventor: Matthew Mattina
  • Patent number: 9621702
    Abstract: A control system includes a control device, a controller, a plurality of user mobile devices, and a manager mobile device. Initial first identification information picked up by each user mobile device is sent to the manager mobile device, is authenticated, and is encoded. Every time a user mobile device is connected to the controller for opening the control device, a holder of the user mobile device is requested to input an instant first identification information. After decoding by a decoding key, the controller identifies whether the instant first identification information is identical to the authenticated initial first identification information. The identification result is used to decide whether the control device should be set to be an open state.
    Type: Grant
    Filed: July 16, 2015
    Date of Patent: April 11, 2017
    Inventor: I-Ting Shen
  • Patent number: 9613219
    Abstract: In some implementations, a method of managing access to resources in a single device including receiving, from a first resource assigned to a first perimeter, a request to access a second resource assigned to a second perimeter different from the first perimeter. The single device includes the first perimeter and the second perimeter. Whether access to the second resource is prohibited is determined based on a management policy for the first perimeter. The management policy defining one or more rules for accessing resources assigned to the second perimeter including the second resource.
    Type: Grant
    Filed: November 10, 2011
    Date of Patent: April 4, 2017
    Assignees: BlackBerry Limited, 2236008 Ontario Inc.
    Inventors: Geordon Thomas Ferguson, Christopher Lyle Bender, Alberto Daniel Zubiri, Kenneth Cyril Schneider, Oliver Whitehouse, Christopher William Lewis Hobbs
  • Patent number: 9614823
    Abstract: A system, method, and computer program product are provided for a pre-deactivation grace period on a processing device (e.g., mobile device). In operation, a deactivation request is detected for a deactivation event. Further, the commencement of the deactivation event is delayed for a predetermined time period, in response to the deactivation request. Additionally, the deactivation event is commenced, after the predetermined time period. To return to full functionality of the processing device while in the deactivation grace period all that may be required is entry of a authentication information (e.g., password) that is weaker than a stronger authentication information initially used to log into the processing device.
    Type: Grant
    Filed: September 13, 2013
    Date of Patent: April 4, 2017
    Assignee: McAfee, Inc.
    Inventors: Rajkaran Dhesi, Simon Hunt, Paul Parke