Authorization Patents (Class 726/17)
  • Patent number: 10671544
    Abstract: Provided herein may be a storage device and a method of operating the same. The method of operating a storage device including a replay protected memory block (RPMB) may include receiving a write request for the RPMB from an external host, selectively storing data in the RPMB based on an authentication operation, receiving a read request from the external host, and providing result data to the external host in response to the read request, wherein the read request includes a message indicating that a read command to be subsequently received from the external host is a command related to the result data.
    Type: Grant
    Filed: August 28, 2018
    Date of Patent: June 2, 2020
    Assignee: SK hynix Inc.
    Inventor: Kwang Su Kim
  • Patent number: 10659237
    Abstract: This document discloses a system and method for verifying system integrity of an electronic device. The electronic device includes a verifier device provided within a secure environment of the electronic device and a scanner device provided within a normal environment of the electronic device whereby the secure environment comprises hardware that is isolated from the hardware in the normal environment, i.e. these two environments are hardware isolated.
    Type: Grant
    Filed: September 28, 2017
    Date of Patent: May 19, 2020
    Assignee: Huawei International Pte. Ltd.
    Inventors: Yongzheng Wu, Xuejun Wen, Chengfang Fang, Tieyan Li
  • Patent number: 10616240
    Abstract: Techniques and technologies for protocols for accessing hosts are described. In at least some embodiments, a system includes a processing component, and a host protocol component. The host protocol component is configured to receive at a host a request from a client device, the request including a Uniform Resource Locator (URL) string locating a container or an ecosystem stored by the host; determine using at least a portion of the URL string whether the request is a container-related request or an ecosystem-related request; generate a response at the host including information responsive to the request, the information including the URL string locating the container or the ecosystem, and at least one response parameter corresponding to the request and associated with the container or the ecosystem; and transmit the response from the host to the client device.
    Type: Grant
    Filed: April 29, 2019
    Date of Patent: April 7, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Matthew J. Ruhlen, Christopher J. Brown, Tyler W. Butler
  • Patent number: 10599826
    Abstract: Systems and methods for performing decoupled authorization, whereby authorizing access permissions of a user to a resource is performed separate and independent from authorizing intent of the user to access the resource. Once both authorizations are successfully completed within a specified timeout interval, the access state of the resource is changed, thereby granting the user access to the resource. The decoupled authorizations are independently performed over different networks, in response to different triggers, or by leveraging different hardware. Access to the resource can therefore be provided prior to the user arriving before the resource, with little to no action by the user, and without comprising security as the resources will remain restricted or locked if the either of the user's intent or access permissions cannot be verified.
    Type: Grant
    Filed: September 5, 2017
    Date of Patent: March 24, 2020
    Assignee: OPENPATH SECURITY INC.
    Inventors: Alexander A. Kazerani, Robert J. Peters, Samy Kamkar
  • Patent number: 10599848
    Abstract: A system may be configured to receive via a user interface a user-initiated prompt to begin start-up of a computer system firmware via access to a firmware start-up utility. The system may also generate a request for user authentication, and detect a private key for user authentication. The system may also determine whether the private key corresponds to a public key previously registered with the computer system firmware, and initiate, when the private key corresponds to the public key, completion of the start-up of the computer system firmware and allowance of operation of the computer system firmware via access to the firmware start-up utility. When the private key does not correspond to the public key, the system may prevent at least one aspect of an operation associated with the start-up of the computer system firmware.
    Type: Grant
    Filed: May 9, 2017
    Date of Patent: March 24, 2020
    Assignee: American Megatrends International, LLC
    Inventors: Kai Yau, William Gysin, Eric Law
  • Patent number: 10579681
    Abstract: The privilege information management system stores a group tree configured with group nodes each representing a group configured with a member enabled to use a privilege, stores an object tree configured with object nodes each representing a target object to be used with a privilege, stores, in a releasable manner, privilege-valid link information indicating a connection between an arbitrary group node and an arbitrary object node in a privilege-valid mode, and regarding a first group node of the group nodes and a first object node of the object nodes connected by the privilege-valid link information, grants a privilege to use a target object of the first object node and a subordinate object node if there are any under the first object node to a member belonging to the first group node and a subordinate group node if there are any under the first group node.
    Type: Grant
    Filed: September 8, 2015
    Date of Patent: March 3, 2020
    Assignee: Infoscience Corporation
    Inventor: Norio Miya
  • Patent number: 10558798
    Abstract: Methods and systems are disclosed for sandbox based internet isolation system in a trusted network. A networked computer system may include a trusted local area network (LAN) and at least one host computer system connected to the trusted LAN. The host computer system may include a host-based firewall, an operating system, a first memory space, and a second memory space. The host-based firewall may be configured to prevent unauthorized communication between the host computer system and one or more other devices on the trusted LAN. The second memory space may be configured to enable storage and/or operation of one or more applications and/or processes associated with a sandboxed computing environment. The host computer system may include a sandbox firewall that enforces a separation of the first and second memory spaces.
    Type: Grant
    Filed: June 29, 2017
    Date of Patent: February 11, 2020
    Assignee: L3Harris Technologies, Inc.
    Inventors: Jay Weinstein, Mark Fenkner, Charles King, Ismael Lopez, Peter Martz
  • Patent number: 10560517
    Abstract: Managing a storage array includes: receiving, by a client-side array services module from a cloud-based security module through data communications on a wide area network, a token representing authentication of user credentials; and managing, by the client-side array services module, a storage array only through data communications on a local area network, including sending, to the storage array, the token with a management instruction.
    Type: Grant
    Filed: April 30, 2018
    Date of Patent: February 11, 2020
    Assignee: Pure Storage, Inc.
    Inventors: Jimmy T. Hu, Terence W. Noonan, Neil A. Vachharajani, Daquan Zuo
  • Patent number: 10555112
    Abstract: Exemplary embodiments are disclosed of systems and methods for providing location-based security and/or privacy for restricting user access. In an exemplary embodiment, a system is configured to restrict and condition access to the system and/or data based on a user's selection of location-based data from a plurality of options presented by the system for selection by the user. The plurality of options include the location-based data and one or more other options that are selectable by the user.
    Type: Grant
    Filed: December 13, 2017
    Date of Patent: February 4, 2020
    Inventor: David H. Williams
  • Patent number: 10534730
    Abstract: A first processor that has a trusted relationship with a trusted memory region (TMR) that includes a first region for storing microcode used to execute a microcontroller on a second processor and a second region for storing data associated with the microcontroller. The microcontroller supports a virtual function that is executed on the second processor. An access controller is configured by the first processor to selectively provide the microcontroller with access to the TMR based on whether the request is to write in the first region. The access controller grants read requests from the microcontroller to read from the first region and denies write requests from the microcontroller to write to the first region. The access controller grants requests from the microcontroller to read from the second region or write to the second region.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: January 14, 2020
    Assignee: ATI Technologies ULC
    Inventors: Kathirkamanathan Nadarajah, Anthony Asaro
  • Patent number: 10531243
    Abstract: A method for transmitting data in a mobile device includes transmitting, to a reception device, a connection request message comprising information indicating whether the transmission device supports message transmission having temporal correlation; receiving, from the reception device, a connection response message comprising information indicating whether the reception device supports the message transmission in response to the connection request message; and if both the transmission device and the reception device support the message transmission, transmitting, to the reception device, at least two of messages having temporal correlation, the at least two of messages comprising identification information, wherein the identification information indicates that the at least two of messages have temporal correlation.
    Type: Grant
    Filed: November 4, 2016
    Date of Patent: January 7, 2020
    Assignees: Samsung Electronics Co., Ltd., Seoul National University R&DB Foundation
    Inventors: Yong-Seok Park, Soo-Young Jang, Daedong Park, Seongsoo Hong, Sangwook Kim
  • Patent number: 10511638
    Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.
    Type: Grant
    Filed: October 23, 2018
    Date of Patent: December 17, 2019
    Assignee: Intel Corporation
    Inventors: Tarun Viswanathan, Uri Kahana, Alan D. Ross, Eran Birk
  • Patent number: 10459226
    Abstract: A method including determining occurrence of a virtual information region event, the virtual information region event indicating a change of information that is allocated to a virtual information region that is at least partially beyond a field of view of a head mounted display, the virtual information region having a virtual information region location that is in a direction from the field of view, causing rendering of a non-visual notification that is indicative of the direction from the field of view in response to the virtual information region event, receiving information indicative of a visual notification invocation input, determining a visual notification that is visually descriptive of at least one aspect of the virtual information region event in response to the visual notification invocation input, and causing display of the visual notification on the head mounted display is disclosed.
    Type: Grant
    Filed: May 26, 2016
    Date of Patent: October 29, 2019
    Assignee: Nokia Technologies Oy
    Inventors: Jussi Leppanen, Antti Eronen, Arto Lehtiniemi, Lasse Laaksonen
  • Patent number: 10445304
    Abstract: Automatic identification and creation of user profiles is provided. Interaction data for various users within a subscriber account is collected. Unique user profiles are automatically identified and created based on the interaction data. The identified user profiles are then matched against a plurality of available pre-categorized profiles. A unique set of settings and preferences may be applied to the user profile based on the matched pre-categorized profile and the collected interaction data. Personalization may be provided to the user upon establishment of the user profile. After creation of the user profile, additional user actions taken and the user's viewer history may be collected for further use. According to some aspects, when a user accesses a content item, notification is sent to the user to confirm a matched profile as an active profile. Once confirmation is received, associated settings and preferences are set according to the active profile.
    Type: Grant
    Filed: February 12, 2016
    Date of Patent: October 15, 2019
    Assignee: COX COMMUNICATIONS, INC.
    Inventor: Catherine Elizabeth Thompson
  • Patent number: 10432399
    Abstract: A method and apparatus for storing and using context information in a wireless communication network are provided. Context information is encrypted and transmitted to a mobile device for storage. A cryptographic key usable for decrypting the context information is stored at a radio access node or other node in the network and an indication of the key and the location of the key is stored at the mobile device. The mobile device transmits a message which includes the key identifier and location and the encrypted context information. The message may further include application data and the encrypted context information may include an indication of a further key for encrypting and decrypting application data in transmissions between the mobile device and the communications network. The encrypted context information may include the further key.
    Type: Grant
    Filed: July 7, 2017
    Date of Patent: October 1, 2019
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: William Anthony Gage
  • Patent number: 10432668
    Abstract: A secure mobile financial transaction is provided by receiving, over a communication network, a list of protection mechanisms available for implementation by an external terminal. Security-related data is received from one or more sensors and an attack signature is computed based on the security-related data. An appropriate security policy is selected from multiple security policies stored in a database based on the list of protection mechanisms and the attack signature. A secure communication session is established between the external terminal and an internal network component according to the selected security policy. A data message associated with a mobile financial transaction is communicated over the communication network during the communication session.
    Type: Grant
    Filed: October 28, 2016
    Date of Patent: October 1, 2019
    Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.
    Inventor: Samuel A. Bailey, Jr.
  • Patent number: 10424201
    Abstract: A vehicle assistance device includes a control device for controlling the display of information and a display for displaying the information. When the control device has determined a state of the vehicle and/or a position of the vehicle, the control device takes the determined state of the vehicle and/or the determined position of the vehicle as a basis for providing information for the driver on the display device. When changing between mobility sections in which different information may be of interest to the driver, the vehicle assistance device can provide a driver with the necessary information for each of the mobility sections.
    Type: Grant
    Filed: September 17, 2018
    Date of Patent: September 24, 2019
    Assignee: Bayerische Motoren Werke Aktiengesellschaft
    Inventors: Christopher Roelle, Markus Strassberger, Karl-Ernst Steinberg, Bernhard Niedermaier
  • Patent number: 10372921
    Abstract: Approaches presented herein enable dynamic security policies through a plurality of application profiles. More specifically, a mobile device can open a profile of a plurality of profiles, each associated with an unlock credential and a security scope, in response to an unlock credential associated with that profile. All these profiles can be opened in a single user session and can be swapped within the session in response to an unlock credential corresponding to the desired profile. When the mobile device receives a request to open a digital item, the digital item is compared to a security scope of the opened profile to determine whether access to the digital item is permitted, and, in response to the determination, access to the digital item is permitted or denied. A list of digital items permitted to be accessed in each profile can be synchronized to a list received from a mobile device manager.
    Type: Grant
    Filed: March 15, 2017
    Date of Patent: August 6, 2019
    Assignee: International Business Machines Corporation
    Inventors: Sergio Jose Deras Arreola, Alejandra Sarahi Galindo Copado, Victor Adrian Sosa Herrera
  • Patent number: 10366248
    Abstract: Aspects of the present disclosure are directed to methods and systems for protecting sensitive data in a hosted service system. The system includes a host system and the host system includes a key management system (KMS) and a metadata service system (MSS). The KMS and the MSS are communicatively coupled to each other. The system further includes a database management system (DBMS) having a database, a query pre-parser, and a results handler. The query pre-parser and the results handler are communicatively coupled to the KMS and the MSS, and the system also includes a processing application adapted to process at least some data received from a tenant system.
    Type: Grant
    Filed: July 8, 2016
    Date of Patent: July 30, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Pallavi T. Nagesha Rao
  • Patent number: 10356099
    Abstract: A controller for user authentication and access control, configured to: store data representing a graph having: nodes representing data elements associated with accesses made using an access token; and links among the nodes representing connections between the data elements identified in details of the accesses. In response to receiving details of an access made using the access token, the controller updates the graph according to the details and identifies a new connection in the graph resulting from update. The controller communicates with an identity service to verify the association of data elements corresponding to the new connection in the graph. Based on a result of the verification, the controller authenticates the user of the access and/or controls the access.
    Type: Grant
    Filed: February 2, 2018
    Date of Patent: July 16, 2019
    Assignee: IDM GLOBAL, INC.
    Inventors: Jose Caldera, Kieran Sherlock, Garrett Gafke
  • Patent number: 10341306
    Abstract: Systems and methods for application identification in accordance with embodiments of the invention are disclosed. In one embodiment, a user device includes a processor and memory configured to store an application, a session manager, an application identifier, and at least one shared library, and the processor is configured by the session manager to communicate the application identifier and the application identifier data to an authentication server and permit the execution of the application in response to authentication of the application by the authentication server.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: July 2, 2019
    Assignee: DIVX, LLC
    Inventors: Eric William Grab, Kourosh Soroushian, Tung Lin, Francis Yee-Dug Chan, Evan Wallin, William David Amidei
  • Patent number: 10332367
    Abstract: The present disclosure relates to systems and methods for using haptic vibration for inter-device communication. In one implementation, a system for inter-device communication using haptic vibration may include at least one force gauge configured to measure displacements caused by an external device in contact with the at least one force gauge; at least one memory storing instructions; and at least one processor configured to execute the instructions to: receive an identifier associated with a user; retrieve a pattern associated with the received identifier; receive, from the at least one force gauge, one or more measurements over a period of time; assess a degree of difference between the received one or more measurements and the retrieved pattern; and, when the degree of difference is below a threshold, authenticate the user.
    Type: Grant
    Filed: October 17, 2018
    Date of Patent: June 25, 2019
    Assignee: Capital One Services, LLC
    Inventors: Abdelkader Benkreira, Joshua Edwards, Michael Mossoba
  • Patent number: 10305882
    Abstract: A system and method for using a Service-Provider password to simulate F-SSO functionality. A processor receives from an F-SSO Identity Provider authentication data for a user who has requested access to a secured service. The service is managed by an F-SSO Service Provider that does not offer F-SSO functionality for that service. Upon receiving the data, the processor redirects the user to an SU-F-SSO portal of the Service Provider, which uses the received authentication data to authenticate the user. The processor sends the user an on-demand password and, when the user uses that password to sign on, the processor matches the entered password with a stored copy of the password that was sent to the user. If they match, the processor grants the user access to the requested service. In some embodiments, the on-demand password may be a single-use password or may be sent to the user via an out-of-band communication.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: May 28, 2019
    Assignee: International Business Machines Corporation
    Inventors: Heather M. Hinton, Kelly Malone
  • Patent number: 10298589
    Abstract: Role based access control (RBAC) identity management tools, computing systems, computer products and methods of abstracting individual users from the role assignment and revalidation process of traditional RBAC. The RBAC tools, products and systems of the present disclosure organize and manage multi-tenanted networks and cloud computing environments by organizing individual users by service providers having a single or unified identity, which are separately managed by the service provider owners. The service provider identities are treated as a single service provider entity applying for one or more roles in the multi-tenant system, allowing for a simplified role revalidation that no longer requires managers of tenants in a multi-tenant network to approve the role assignment of each individual user, because the tenants and tenant managers are unaware of the users identities that make up the service provider identity.
    Type: Grant
    Filed: January 27, 2016
    Date of Patent: May 21, 2019
    Assignee: International Business Machines Corporation
    Inventors: James D. Cleaver, Michael J. McGuire
  • Patent number: 10268823
    Abstract: A device, system, and method secures executable operations through verification of an operation prior to execution. The method performed at an electronic device comprising a processor in an execution state and a memory representable with a memory map includes receiving a request for the operation from an application installed on the electronic device, the request including a location in the memory map. The method includes determining whether the location is within one of at least one address range included in a security policy register generated prior to the execution phase, the at least one address range respectively corresponding to at least one authorized operation. The method includes, when the location is within one of the at least one address range, servicing the request to perform the operation.
    Type: Grant
    Filed: October 27, 2016
    Date of Patent: April 23, 2019
    Assignee: WIND RIVER SYSTEMS, INC.
    Inventor: Arlen Baker
  • Patent number: 10223857
    Abstract: The present invention relates to a keyless entry system that contains a visual random code generator so that the possible input pattern is different every time a user accesses the system. A keypad device containing an input device and a display are electronically connected to a processor containing the visual random code generator. Positions and associated values are displayed on the input device, such as a touch sensitive screen, allowing the user to enter an access code. The visual random code generator randomizes and controls the input pattern displayed so that the input pattern changes each time the system is accessed.
    Type: Grant
    Filed: October 19, 2010
    Date of Patent: March 5, 2019
    Assignee: METHODE ELECTRONICS, INC.
    Inventor: Thomas C. Beshke
  • Patent number: 10223093
    Abstract: Systems and methods are described for providing user control over access to private data. An exemplary embodiment is performed on a client computing device in which separate computing environments referred to as context modules are installed. Each context module has a context identifier. An application is installed in a context module. The client computing device receives a request for data from the application, where the request for data includes a schema identifier that identifies the data. If the schema identifier is associated with the context identifier in a rules data storage, then the data is provided to the application. Otherwise, a user is prompted as to whether to permit the data request.
    Type: Grant
    Filed: December 4, 2015
    Date of Patent: March 5, 2019
    Assignee: PCMS Holdings, Inc.
    Inventor: Ville J. Ollikainen
  • Patent number: 10185601
    Abstract: A system that transforms non-SaaS applications into tenant-aware SaaS applications is disclosed, which analyzes the non SaaS applications to determine which intercepts to external libraries need to be translated into SaaS intercepts that utilize SaaS tenancy services, SaaS operations services, and/or SaaS business services. The system transforms the non-SaaS applications into SaaS applications by providing intercept handlers that call SaaS services on demand when the transformed SaaS application throws a transformed SaaS interrupt.
    Type: Grant
    Filed: November 1, 2017
    Date of Patent: January 22, 2019
    Assignee: Corent Technology, Inc.
    Inventors: Shafiullah Syed, Feyzi Fatehi, Sethuraman Venkataraman, Jeya Anantha Prabhu
  • Patent number: 10187394
    Abstract: Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which may comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted. However, if it is determined that the current user is likely illegitimate, than a verification procedure may be provided to the current user, such as a temporal, dynamic security challenge based on recent activity conducted by the legitimate user.
    Type: Grant
    Filed: March 31, 2016
    Date of Patent: January 22, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Nadav Bar, Tom Jurgenson
  • Patent number: 10140465
    Abstract: In computer-based user authentication, a user may establish or enhance security for a component of a multi-component password by performing a security operation on a selected component of the password. The security operation may comprise encrypting the selected component. The password may be an image-based password and security operation may be encrypting information related to positions of at least one target location on a verification image.
    Type: Grant
    Filed: June 14, 2017
    Date of Patent: November 27, 2018
    Inventor: Susan Olsen-Kreusch
  • Patent number: 10122766
    Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.
    Type: Grant
    Filed: February 23, 2016
    Date of Patent: November 6, 2018
    Assignee: Intel Corporation
    Inventors: Tarun Viswanathan, Uri Kahana, Alan D. Ross, Eran Birk
  • Patent number: 10122698
    Abstract: Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider's core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session.
    Type: Grant
    Filed: August 14, 2017
    Date of Patent: November 6, 2018
    Assignee: PAYPAL, INC.
    Inventors: Igor Yefimov, Scott Atwood
  • Patent number: 10114944
    Abstract: The disclosed computer-implemented method for classifying permissions on mobile devices may include (1) detecting that an application executing on a mobile device is issuing a request for one or more requested permissions to access one or more components of the mobile device, (2) determining an intended use of the application, (3) performing, through a security system distinct from the application and the operating system, an analysis of the request issued by the application at least in part by determining whether the intended use of the application corresponds to an expected use of the requested permission, and (4) providing, via a graphical user interface, a result of the analysis to an end user of the mobile device that indicates a security implication caused by granting the one or more requested permissions to the application. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: November 12, 2015
    Date of Patent: October 30, 2018
    Assignee: Symantec Corporation
    Inventors: Jinghao Li, Joseph Chen
  • Patent number: 10079820
    Abstract: Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.
    Type: Grant
    Filed: September 22, 2014
    Date of Patent: September 18, 2018
    Assignee: Oracle International Corporation
    Inventors: Ashish Kolli, Mrudul Uchil, Josh Brunaugh, Dharmvir Singh
  • Patent number: 10038689
    Abstract: Aspects of the present disclosure relate to dynamically generating a security challenge and corresponding password. A set of user activity data may be obtained from one or more data sources. The set of user activity data may then be analyzed. Based on the analysis, a security rating may be generated for the user activity data. The security rating may be compared to a security threshold to determine whether the set of user activity data is secure. In response to the security rating satisfying the security threshold, the security challenge and password corresponding to the security challenge may be generated based on the set of user activity data.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: July 31, 2018
    Assignee: International Business Machines Corporation
    Inventors: Yuk L. Chan, Michael D. Essenmacher, David B. Lection, Eric L. Masselle
  • Patent number: 10038674
    Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for providing secure mobile data sharing. Actions can include: receiving, by the one or more processors, a request for secure mobile data sharing, the request being received from a mobile device and comprising a security definition; obtaining, by the one or more processors, based at least in part on the security definition of the request: a decryption key, a recipient identifier, and a security policy; receiving, by the one or more processors, a decryption request from a third-party device, the decryption request comprising an identifier distinguishing the third-party device as a recipient of an encrypted message corresponding to the decryption key; and providing the decryption key to the third-party device in response to validating the decryption request.
    Type: Grant
    Filed: October 17, 2014
    Date of Patent: July 31, 2018
    Assignee: SAP SE
    Inventors: Laurent Gomez, Cedric Hebert
  • Patent number: 10019624
    Abstract: The disclosure relates to a face recognition system. The face recognition system includes a camera module configured to acquire face recognition information of a target object; a feature point recognition module configured to select facial feature points; a displacement output module configured to output a displacement and azimuth of the camera module during acquiring the face recognition information at different positions; a distance calculation module configured to calculate depth distances between the facial feature points and the displacement between the different positions; and a face recognition module configured to judge whether the target object is the target user. A face recognition method is also related.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: July 10, 2018
    Assignee: HON HAI PRECISION INDUSTRY CO., LTD.
    Inventors: Tien-Ping Liu, Yu-Tai Hung, Fu-Hsiung Yang
  • Patent number: 10015286
    Abstract: A system and method to establish and maintain access between a secured network and a remote client device communicating with different security protocols. Once the system and method verify that the remote client device had the requisite credentials to access the secured network domain, the system and method are delegated to fetch a service ticket to one or more dedicated servers on behalf of remote client device. The system and method receives a service ticket from the dedicated server and forwards the service ticket to the remote client device to use the service.
    Type: Grant
    Filed: June 23, 2010
    Date of Patent: July 3, 2018
    Assignee: F5 Networks, Inc.
    Inventor: Jeff J. Costlow
  • Patent number: 10013547
    Abstract: An information handling system includes a processor that determines a first orientation from orientation sensors and a sensor hub for detecting a motion gesture. The processor is further activated from a sleep state by the motion gesture and the information handling system includes a limited, ad-hoc access system that permits ad-hoc access to limited user pre-set or context-based system resources in response to the sudden motion gesture.
    Type: Grant
    Filed: February 21, 2017
    Date of Patent: July 3, 2018
    Assignee: Dell Products, LP
    Inventors: Deeder M. Aurongzeb, Liam B. Quinn, Richard W. Schuckle
  • Patent number: 10009337
    Abstract: A first request is received from a first user to revoke an access right of a second user of a first tenant for accessing data of a second tenant, where the first tenant is a parent tenant of the second tenant. In one embodiment, in response to the first request, a first role of the first user within the second tenant and a second role of the first user within the first tenant are determined. A first and second access privileges of the first role and second role of the first user, respectively, are determined to allow the first user to revoke the access right to the second tenant. In response to the first user having a revoke privilege in the first and second tenant, the first user is allowed to remove the second tenant from the first tenant.
    Type: Grant
    Filed: June 30, 2015
    Date of Patent: June 26, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Ilia Fischer, Michal J. Drozd, Aliaksandr Shtop, Vitaly Morozov, Michael G. Roche
  • Patent number: 10007785
    Abstract: The present disclosure relates to the field of information technologies and discloses a method and an apparatus for implementing virtual machine introspection. The method provided in the present disclosure may further include: determining to-be-checked data in a virtual machine; starting to read the to-be-checked data, saving a copy of the read to-be-checked data, and storing a storage address of the read to-be-checked data in a hardware transactional memory, so that the hardware transactional memory is capable of monitoring the read to-be-checked data according to the storage address; when the read to-be-checked data is modified, stop reading the to-be-checked data, and delete the copy; and when reading the to-be-checked data is completed and it is not detected that the read to-be-checked data is modified, performing security check on the copy. The method can be applied to virtual machine introspection.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: June 26, 2018
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Bin Tu, Haibo Chen, Yubin Xia
  • Patent number: 9992207
    Abstract: Disclosed is a mobile device that selects an authentication process based upon sensor inputs and mobile device capabilities. The mobile device may include: a plurality of sensors; and a processor. The processor may be configured to: determine multiple authentication processes based upon sensor inputs and mobile device capabilities for authentication with at least one of an application or a service provider; select an authentication process from the multiple authentication processes that satisfies a security requirement; and execute the authentication process.
    Type: Grant
    Filed: September 23, 2014
    Date of Patent: June 5, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Robert Tartz, Qazi Bashir, Jonathan Kies, Suzana Arellano, Virginia Keating
  • Patent number: 9984132
    Abstract: Techniques include displaying, at a user device, a user-selectable link associated with a search result that specifies a state of a software application (app). The state is associated with one or more entities (e.g., business, franchise, product, or service names, and/or geographic locations). The link is configured to, upon being selected, cause the device to set the software app into the state. The techniques further include receiving, at the device, an input from a user. The input specifies a mathematical operation to be performed based on the entities. The techniques include, in response to receiving the input, performing the operation. The techniques also include, in response to performing the operation, displaying another user-selectable link configured to, upon being selected, cause the device to set the same or a different software app into another state that is associated with at least one of the entities.
    Type: Grant
    Filed: June 18, 2016
    Date of Patent: May 29, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Joseph Nelson, Hadar Dor
  • Patent number: 9971911
    Abstract: Methods and devices for providing a private page are provided. A method includes operations of entering a security mode based on a user input; extracting the private page that corresponds to the security mode; and providing both the private page and a normal page that is provided during a normal mode, wherein the private page includes at least one object that is selected by a user so as to be provided during the security mode. A device includes a user input configured to receive a user input; a controller configured to enter a security mode based on the received user input, and extracting a private page that corresponds to the security mode; and a display configured to provide both the private page and a normal page that is provided during a normal mode, wherein the private page comprises at least one object that is selected by a user so as to be provided during the security mode.
    Type: Grant
    Filed: February 15, 2017
    Date of Patent: May 15, 2018
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Yoon-su Kim, Jung-joo Sohn, Keum-koo Lee, Young-kyu Jin, Yong-gook Park
  • Patent number: 9973490
    Abstract: Disclosed in the authentication and authorization of a client device to access a plurality of resources, requiring a user of a client device to enter only one set of login information. Authentication and authorization of a client device to access a plurality of resources after an initial set of login information is received by a networked computing environment. After the initial set of login information is received, a series of steps are performed that may be entirely transparent to the user of the client device.
    Type: Grant
    Filed: October 11, 2016
    Date of Patent: May 15, 2018
    Assignee: SONICWALL INC.
    Inventors: Xiao Yu Huang, Zhong Chen, Yi Fei Hu, Riji Cai
  • Patent number: 9959122
    Abstract: A method includes allocating a first single-cycle instruction to a first pipeline that picks single-cycle instructions for execution in program order. The method further includes marking at least one source register of the first single-cycle instruction as ready for execution in the first pipeline in response to all older single-cycle instructions allocated to the first pipeline being ready and eligible to be picked for execution. An apparatus includes a decoder to decode a first single-cycle instruction and to allocate the first single-cycle instruction to a first pipeline. The apparatus further includes a scheduler to pick single-cycle instructions for execution by the first pipeline in program order and to mark at least one source register of the first single-cycle instruction as ready for execution in the first pipeline in response to determining that all older single-cycle instructions allocated to the first pipeline are ready and eligible.
    Type: Grant
    Filed: April 24, 2013
    Date of Patent: May 1, 2018
    Assignee: Advanced Micro Devices, Inc.
    Inventors: Michael D. Estlick, Jay E. Fleischman, Kevin A. Hurd, Mark M. Gibson, Kelvin D. Goveas, Brian M. Lay
  • Patent number: 9922211
    Abstract: Methods and devices for providing a private page are provided. A method includes operations of entering a security mode based on a user input; extracting the private page that corresponds to the security mode; and providing both the private page and a normal page that is provided during a normal mode, wherein the private page includes at least one object that is selected by a user so as to be provided during the security mode. A device includes a user input configured to receive a user input; a controller configured to enter a security mode based on the received user input, and extracting a private page that corresponds to the security mode; and a display configured to provide both the private page and a normal page that is provided during a normal mode, wherein the private page comprises at least one object that is selected by a user so as to be provided during the security mode.
    Type: Grant
    Filed: February 15, 2017
    Date of Patent: March 20, 2018
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Yoon-su Kim, Jung-joo Sohn, Keum-koo Lee, Young-kyu Jin, Yong-gook Park
  • Patent number: 9921741
    Abstract: Systems and methods securely authenticate an identity of an individual based on a pattern that is traced by the individual. Embodiments relate to prompting an individual with a pattern to trace when attempting to authenticate the identity of the individual during an identity authentication session. Motion-based behavior data that is generated by motions executed by the individual as the individual traces the pattern is captured via a motion-capturing sensor. The motion-based behavior data is unique to the individual and has a low likelihood of being duplicated by an unauthorized individual attempting to fraudulently pose as the individual. The captured motion-based behavior data is compared to previously-captured motion-based behavior data from previous traces of the pattern completed by the individual. The identity of the individual is authenticated when the motion-based behavior data is within a threshold of the previously captured motion-based behavior data.
    Type: Grant
    Filed: May 12, 2014
    Date of Patent: March 20, 2018
    Assignee: Ohio University
    Inventors: Chang Liu, Siang Lee Hong
  • Patent number: 9900155
    Abstract: Security techniques are provided for cooperative file distribution. An encryption key or a nonce (or both) are generated for a package containing one or more files that are to be sent in a cooperative file distribution system. Random access encryption techniques can be employed to encrypt a package containing one or more files to be sent in a cooperative file distribution system. One or more storage proxies are allocated to a package to be transmitted in a cooperative file distribution system, based on load. Access to trackers in the cooperative file distribution system is controlled using security tokens. Content can automatically expire using a defined expiration period when the content is uploaded into the system. Variable announce intervals allow the tracker to control how often the tracker will receive a message, such as an announcement or a heartbeat message, from peers in the system.
    Type: Grant
    Filed: May 28, 2010
    Date of Patent: February 20, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Andrew Hickmott, Laird A. Popkin, Yaar Schnitman
  • Patent number: 9893960
    Abstract: A device hub system includes: a control unit configured to: generate a workroom for providing access to a workroom accessible resource, including an enterprise multifunctional printer, protected by a network firewall; provide authentication for a participant device to access the workroom; receive a workroom request through the workroom; generate a workroom sharable information from the workroom request; and a communication unit, coupled to the control unit, configured to distribute the workroom sharable information within the workroom.
    Type: Grant
    Filed: August 11, 2015
    Date of Patent: February 13, 2018
    Assignee: S-PRINTING SOLUTION CO., LTD.
    Inventors: Ramon Rubio, Joseph Yang, Wei-jhy Chern