Authorization Patents (Class 726/17)
-
Patent number: 10223857Abstract: The present invention relates to a keyless entry system that contains a visual random code generator so that the possible input pattern is different every time a user accesses the system. A keypad device containing an input device and a display are electronically connected to a processor containing the visual random code generator. Positions and associated values are displayed on the input device, such as a touch sensitive screen, allowing the user to enter an access code. The visual random code generator randomizes and controls the input pattern displayed so that the input pattern changes each time the system is accessed.Type: GrantFiled: October 19, 2010Date of Patent: March 5, 2019Assignee: METHODE ELECTRONICS, INC.Inventor: Thomas C. Beshke
-
Patent number: 10187394Abstract: Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which may comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted. However, if it is determined that the current user is likely illegitimate, than a verification procedure may be provided to the current user, such as a temporal, dynamic security challenge based on recent activity conducted by the legitimate user.Type: GrantFiled: March 31, 2016Date of Patent: January 22, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Nadav Bar, Tom Jurgenson
-
Patent number: 10185601Abstract: A system that transforms non-SaaS applications into tenant-aware SaaS applications is disclosed, which analyzes the non SaaS applications to determine which intercepts to external libraries need to be translated into SaaS intercepts that utilize SaaS tenancy services, SaaS operations services, and/or SaaS business services. The system transforms the non-SaaS applications into SaaS applications by providing intercept handlers that call SaaS services on demand when the transformed SaaS application throws a transformed SaaS interrupt.Type: GrantFiled: November 1, 2017Date of Patent: January 22, 2019Assignee: Corent Technology, Inc.Inventors: Shafiullah Syed, Feyzi Fatehi, Sethuraman Venkataraman, Jeya Anantha Prabhu
-
Patent number: 10140465Abstract: In computer-based user authentication, a user may establish or enhance security for a component of a multi-component password by performing a security operation on a selected component of the password. The security operation may comprise encrypting the selected component. The password may be an image-based password and security operation may be encrypting information related to positions of at least one target location on a verification image.Type: GrantFiled: June 14, 2017Date of Patent: November 27, 2018Inventor: Susan Olsen-Kreusch
-
Patent number: 10122698Abstract: Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider's core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session.Type: GrantFiled: August 14, 2017Date of Patent: November 6, 2018Assignee: PAYPAL, INC.Inventors: Igor Yefimov, Scott Atwood
-
Patent number: 10122766Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.Type: GrantFiled: February 23, 2016Date of Patent: November 6, 2018Assignee: Intel CorporationInventors: Tarun Viswanathan, Uri Kahana, Alan D. Ross, Eran Birk
-
Patent number: 10114944Abstract: The disclosed computer-implemented method for classifying permissions on mobile devices may include (1) detecting that an application executing on a mobile device is issuing a request for one or more requested permissions to access one or more components of the mobile device, (2) determining an intended use of the application, (3) performing, through a security system distinct from the application and the operating system, an analysis of the request issued by the application at least in part by determining whether the intended use of the application corresponds to an expected use of the requested permission, and (4) providing, via a graphical user interface, a result of the analysis to an end user of the mobile device that indicates a security implication caused by granting the one or more requested permissions to the application. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: November 12, 2015Date of Patent: October 30, 2018Assignee: Symantec CorporationInventors: Jinghao Li, Joseph Chen
-
Patent number: 10079820Abstract: Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.Type: GrantFiled: September 22, 2014Date of Patent: September 18, 2018Assignee: Oracle International CorporationInventors: Ashish Kolli, Mrudul Uchil, Josh Brunaugh, Dharmvir Singh
-
Patent number: 10038674Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for providing secure mobile data sharing. Actions can include: receiving, by the one or more processors, a request for secure mobile data sharing, the request being received from a mobile device and comprising a security definition; obtaining, by the one or more processors, based at least in part on the security definition of the request: a decryption key, a recipient identifier, and a security policy; receiving, by the one or more processors, a decryption request from a third-party device, the decryption request comprising an identifier distinguishing the third-party device as a recipient of an encrypted message corresponding to the decryption key; and providing the decryption key to the third-party device in response to validating the decryption request.Type: GrantFiled: October 17, 2014Date of Patent: July 31, 2018Assignee: SAP SEInventors: Laurent Gomez, Cedric Hebert
-
Patent number: 10038689Abstract: Aspects of the present disclosure relate to dynamically generating a security challenge and corresponding password. A set of user activity data may be obtained from one or more data sources. The set of user activity data may then be analyzed. Based on the analysis, a security rating may be generated for the user activity data. The security rating may be compared to a security threshold to determine whether the set of user activity data is secure. In response to the security rating satisfying the security threshold, the security challenge and password corresponding to the security challenge may be generated based on the set of user activity data.Type: GrantFiled: December 29, 2017Date of Patent: July 31, 2018Assignee: International Business Machines CorporationInventors: Yuk L. Chan, Michael D. Essenmacher, David B. Lection, Eric L. Masselle
-
Patent number: 10019624Abstract: The disclosure relates to a face recognition system. The face recognition system includes a camera module configured to acquire face recognition information of a target object; a feature point recognition module configured to select facial feature points; a displacement output module configured to output a displacement and azimuth of the camera module during acquiring the face recognition information at different positions; a distance calculation module configured to calculate depth distances between the facial feature points and the displacement between the different positions; and a face recognition module configured to judge whether the target object is the target user. A face recognition method is also related.Type: GrantFiled: May 31, 2016Date of Patent: July 10, 2018Assignee: HON HAI PRECISION INDUSTRY CO., LTD.Inventors: Tien-Ping Liu, Yu-Tai Hung, Fu-Hsiung Yang
-
Patent number: 10015286Abstract: A system and method to establish and maintain access between a secured network and a remote client device communicating with different security protocols. Once the system and method verify that the remote client device had the requisite credentials to access the secured network domain, the system and method are delegated to fetch a service ticket to one or more dedicated servers on behalf of remote client device. The system and method receives a service ticket from the dedicated server and forwards the service ticket to the remote client device to use the service.Type: GrantFiled: June 23, 2010Date of Patent: July 3, 2018Assignee: F5 Networks, Inc.Inventor: Jeff J. Costlow
-
Patent number: 10013547Abstract: An information handling system includes a processor that determines a first orientation from orientation sensors and a sensor hub for detecting a motion gesture. The processor is further activated from a sleep state by the motion gesture and the information handling system includes a limited, ad-hoc access system that permits ad-hoc access to limited user pre-set or context-based system resources in response to the sudden motion gesture.Type: GrantFiled: February 21, 2017Date of Patent: July 3, 2018Assignee: Dell Products, LPInventors: Deeder M. Aurongzeb, Liam B. Quinn, Richard W. Schuckle
-
Patent number: 10007785Abstract: The present disclosure relates to the field of information technologies and discloses a method and an apparatus for implementing virtual machine introspection. The method provided in the present disclosure may further include: determining to-be-checked data in a virtual machine; starting to read the to-be-checked data, saving a copy of the read to-be-checked data, and storing a storage address of the read to-be-checked data in a hardware transactional memory, so that the hardware transactional memory is capable of monitoring the read to-be-checked data according to the storage address; when the read to-be-checked data is modified, stop reading the to-be-checked data, and delete the copy; and when reading the to-be-checked data is completed and it is not detected that the read to-be-checked data is modified, performing security check on the copy. The method can be applied to virtual machine introspection.Type: GrantFiled: June 30, 2016Date of Patent: June 26, 2018Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Bin Tu, Haibo Chen, Yubin Xia
-
Patent number: 10009337Abstract: A first request is received from a first user to revoke an access right of a second user of a first tenant for accessing data of a second tenant, where the first tenant is a parent tenant of the second tenant. In one embodiment, in response to the first request, a first role of the first user within the second tenant and a second role of the first user within the first tenant are determined. A first and second access privileges of the first role and second role of the first user, respectively, are determined to allow the first user to revoke the access right to the second tenant. In response to the first user having a revoke privilege in the first and second tenant, the first user is allowed to remove the second tenant from the first tenant.Type: GrantFiled: June 30, 2015Date of Patent: June 26, 2018Assignee: EMC IP Holding Company LLCInventors: Ilia Fischer, Michal J. Drozd, Aliaksandr Shtop, Vitaly Morozov, Michael G. Roche
-
Patent number: 9992207Abstract: Disclosed is a mobile device that selects an authentication process based upon sensor inputs and mobile device capabilities. The mobile device may include: a plurality of sensors; and a processor. The processor may be configured to: determine multiple authentication processes based upon sensor inputs and mobile device capabilities for authentication with at least one of an application or a service provider; select an authentication process from the multiple authentication processes that satisfies a security requirement; and execute the authentication process.Type: GrantFiled: September 23, 2014Date of Patent: June 5, 2018Assignee: QUALCOMM IncorporatedInventors: Robert Tartz, Qazi Bashir, Jonathan Kies, Suzana Arellano, Virginia Keating
-
Patent number: 9984132Abstract: Techniques include displaying, at a user device, a user-selectable link associated with a search result that specifies a state of a software application (app). The state is associated with one or more entities (e.g., business, franchise, product, or service names, and/or geographic locations). The link is configured to, upon being selected, cause the device to set the software app into the state. The techniques further include receiving, at the device, an input from a user. The input specifies a mathematical operation to be performed based on the entities. The techniques include, in response to receiving the input, performing the operation. The techniques also include, in response to performing the operation, displaying another user-selectable link configured to, upon being selected, cause the device to set the same or a different software app into another state that is associated with at least one of the entities.Type: GrantFiled: June 18, 2016Date of Patent: May 29, 2018Assignee: Samsung Electronics Co., Ltd.Inventors: Joseph Nelson, Hadar Dor
-
Patent number: 9973490Abstract: Disclosed in the authentication and authorization of a client device to access a plurality of resources, requiring a user of a client device to enter only one set of login information. Authentication and authorization of a client device to access a plurality of resources after an initial set of login information is received by a networked computing environment. After the initial set of login information is received, a series of steps are performed that may be entirely transparent to the user of the client device.Type: GrantFiled: October 11, 2016Date of Patent: May 15, 2018Assignee: SONICWALL INC.Inventors: Xiao Yu Huang, Zhong Chen, Yi Fei Hu, Riji Cai
-
Patent number: 9971911Abstract: Methods and devices for providing a private page are provided. A method includes operations of entering a security mode based on a user input; extracting the private page that corresponds to the security mode; and providing both the private page and a normal page that is provided during a normal mode, wherein the private page includes at least one object that is selected by a user so as to be provided during the security mode. A device includes a user input configured to receive a user input; a controller configured to enter a security mode based on the received user input, and extracting a private page that corresponds to the security mode; and a display configured to provide both the private page and a normal page that is provided during a normal mode, wherein the private page comprises at least one object that is selected by a user so as to be provided during the security mode.Type: GrantFiled: February 15, 2017Date of Patent: May 15, 2018Assignee: SAMSUNG ELECTRONICS CO., LTD.Inventors: Yoon-su Kim, Jung-joo Sohn, Keum-koo Lee, Young-kyu Jin, Yong-gook Park
-
Patent number: 9959122Abstract: A method includes allocating a first single-cycle instruction to a first pipeline that picks single-cycle instructions for execution in program order. The method further includes marking at least one source register of the first single-cycle instruction as ready for execution in the first pipeline in response to all older single-cycle instructions allocated to the first pipeline being ready and eligible to be picked for execution. An apparatus includes a decoder to decode a first single-cycle instruction and to allocate the first single-cycle instruction to a first pipeline. The apparatus further includes a scheduler to pick single-cycle instructions for execution by the first pipeline in program order and to mark at least one source register of the first single-cycle instruction as ready for execution in the first pipeline in response to determining that all older single-cycle instructions allocated to the first pipeline are ready and eligible.Type: GrantFiled: April 24, 2013Date of Patent: May 1, 2018Assignee: Advanced Micro Devices, Inc.Inventors: Michael D. Estlick, Jay E. Fleischman, Kevin A. Hurd, Mark M. Gibson, Kelvin D. Goveas, Brian M. Lay
-
Patent number: 9921741Abstract: Systems and methods securely authenticate an identity of an individual based on a pattern that is traced by the individual. Embodiments relate to prompting an individual with a pattern to trace when attempting to authenticate the identity of the individual during an identity authentication session. Motion-based behavior data that is generated by motions executed by the individual as the individual traces the pattern is captured via a motion-capturing sensor. The motion-based behavior data is unique to the individual and has a low likelihood of being duplicated by an unauthorized individual attempting to fraudulently pose as the individual. The captured motion-based behavior data is compared to previously-captured motion-based behavior data from previous traces of the pattern completed by the individual. The identity of the individual is authenticated when the motion-based behavior data is within a threshold of the previously captured motion-based behavior data.Type: GrantFiled: May 12, 2014Date of Patent: March 20, 2018Assignee: Ohio UniversityInventors: Chang Liu, Siang Lee Hong
-
Patent number: 9922211Abstract: Methods and devices for providing a private page are provided. A method includes operations of entering a security mode based on a user input; extracting the private page that corresponds to the security mode; and providing both the private page and a normal page that is provided during a normal mode, wherein the private page includes at least one object that is selected by a user so as to be provided during the security mode. A device includes a user input configured to receive a user input; a controller configured to enter a security mode based on the received user input, and extracting a private page that corresponds to the security mode; and a display configured to provide both the private page and a normal page that is provided during a normal mode, wherein the private page comprises at least one object that is selected by a user so as to be provided during the security mode.Type: GrantFiled: February 15, 2017Date of Patent: March 20, 2018Assignee: SAMSUNG ELECTRONICS CO., LTD.Inventors: Yoon-su Kim, Jung-joo Sohn, Keum-koo Lee, Young-kyu Jin, Yong-gook Park
-
Patent number: 9900155Abstract: Security techniques are provided for cooperative file distribution. An encryption key or a nonce (or both) are generated for a package containing one or more files that are to be sent in a cooperative file distribution system. Random access encryption techniques can be employed to encrypt a package containing one or more files to be sent in a cooperative file distribution system. One or more storage proxies are allocated to a package to be transmitted in a cooperative file distribution system, based on load. Access to trackers in the cooperative file distribution system is controlled using security tokens. Content can automatically expire using a defined expiration period when the content is uploaded into the system. Variable announce intervals allow the tracker to control how often the tracker will receive a message, such as an announcement or a heartbeat message, from peers in the system.Type: GrantFiled: May 28, 2010Date of Patent: February 20, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Andrew Hickmott, Laird A. Popkin, Yaar Schnitman
-
Patent number: 9892268Abstract: An extensible deployment system is disclosed that provides for flexible deployment and centralized management of a scalable communication system. The scalable communication system may be segmented into multiple groups of services, e.g. multiple solutions, that may be deployed across one or more servers. The groups of services may each access separate databases in a single database instance that may allow for the groups of services to be deployed and upgraded independently. A management interface may be provided that allows for centralized management, and deployment, of all of the groups of services, irrespective of the independent upgrade paths of the groups of services. The management interface may include a local authentication system and may also be interoperable with one or more external authentication systems, such that users may use login credentials of an external authentication system to access the management interface.Type: GrantFiled: July 3, 2014Date of Patent: February 13, 2018Assignee: CareFusion 303, Inc.Inventors: Nick T. Nguyen, Richard W. Massey, Willis Lam, Ryan Nguyen, Gerald E. Barnefiher
-
Patent number: 9893960Abstract: A device hub system includes: a control unit configured to: generate a workroom for providing access to a workroom accessible resource, including an enterprise multifunctional printer, protected by a network firewall; provide authentication for a participant device to access the workroom; receive a workroom request through the workroom; generate a workroom sharable information from the workroom request; and a communication unit, coupled to the control unit, configured to distribute the workroom sharable information within the workroom.Type: GrantFiled: August 11, 2015Date of Patent: February 13, 2018Assignee: S-PRINTING SOLUTION CO., LTD.Inventors: Ramon Rubio, Joseph Yang, Wei-jhy Chern
-
Patent number: 9883330Abstract: A method and system of secure zone pairing. Using the method, a low-power broadcast message is generated by a pairing device and transmitted within a broadcast zone, where the low-power broadcast message includes pairing information. A host device that is within the broadcast zone receives the low-power broadcast message and transmits a first indication that the host device is within the broadcast zone. A guest device that is within the broadcast zone receives the low-power broadcast message and transmits a second indication that the guest device is within the broadcast zone. The method pairs the host device and the guest device based on the pairing information, the first indication, and the second indication.Type: GrantFiled: June 8, 2016Date of Patent: January 30, 2018Assignee: MOTOROLA SOLUTIONS, INC.Inventors: Subhash P. Nair, Timothy M. Clay
-
Patent number: 9880871Abstract: An example method for secure virtual machine access to a protected virtual machine function includes storing a first virtual machine function instruction, which is executable to configure access privileges of a guest according to a trampoline view, as a last instruction on a first trampoline page. The method also includes storing a clear interrupt flag instruction as a first instruction on a second trampoline page. The method further includes storing a second virtual machine function instruction, which is executable to configure access privileges of the guest according to a protected view, as a last instruction on the second trampoline page. The method also includes in response to detecting an extended page fault violation while the trampoline view is active, clearing the interrupt flag of the guest and entering execution on an instruction following the clear interrupt flag instruction on the second trampoline page.Type: GrantFiled: February 23, 2016Date of Patent: January 30, 2018Assignee: Red Hat Israel, Ltd.Inventors: Michael Tsirkin, Paolo Bonzini
-
Patent number: 9880882Abstract: A multi-tenant software as a service (SaaS) platform for automatic deployment of a connector application, and a method for automatic deployment of a connector application in a multi-tenant software as a service (SaaS) platform, the method including: deploying a tenant service connector package to a tenant among a plurality of tenants, the tenant service connector package being a package configured to cause a tenant virtual machine to be created in order to provide a service to at least one tenant of the plurality of tenants in a virtual machine form; activating the tenant virtual machine through execution of the tenant service connector package in the tenant that receives the tenant service connector package; forming a connection channel between a virtual machine of the SaaS platform and the tenant virtual machine; and providing the service between the SaaS platform and the at least one tenant through the formed connection channel.Type: GrantFiled: October 24, 2014Date of Patent: January 30, 2018Assignee: SAMSUNG SDS CO., LTD.Inventors: Jik Soo Kim, Nam Kyung Kim, Hyung Won Choi
-
Patent number: 9836969Abstract: A system and method are provided for connecting intersections, to enable two-way wireless communication between a cloud-based traffic operations service and new and existing traffic cabinet hardware using “connected intersection” technology. By providing hardware in existing (or new) traffic control cabinets that can communicate wirelessly with a cloud-based traffic operations system, customers can enhance and upgrade legacy traffic networks using existing IT infrastructure (i.e. servers, hard drives, etc.) or existing communication networks. The connected intersection technology further provides software functionalities including real-time alerts, connectivity between existing cabinets and central systems, and signal timing-plan management for customers that lack an existing central system.Type: GrantFiled: May 9, 2016Date of Patent: December 5, 2017Assignee: Miovision Technologies IncorporatedInventors: David Thompson, Tyler Abbott, Kashif Umer, David Hillis, Roy Lemke, Jason Chan
-
Patent number: 9824496Abstract: In an information display system, an information apparatus includes a target information storage section that stores target information to be published by the information apparatus and an extraction section that extracts the target information from the target information storage section on the basis of user information that is information regarding a user of a head mounted display device, and the head mounted display device includes an information generating section that generates information for additional presentation for providing the augmented reality to the user using the target information acquired from the information apparatus and an image display section that enables the user to view the generated information for additional presentation as a virtual image.Type: GrantFiled: February 20, 2014Date of Patent: November 21, 2017Assignee: Seiko Epson CorporationInventor: Fusashi Kimura
-
Patent number: 9800554Abstract: According to an aspect of the invention, a method for establishing secure communication between nodes in a network is conceived, wherein the network comprises a key manager which accommodates a key-manager-specific public key and a corresponding key-manager-specific private key; wherein a copy of the key-manager-specific public key is stored in an installation device; wherein the installation device provides a new node with the copy of the key-manager-specific public key; and wherein said new node is registered with the key manager by providing a node-specific public key and an identifier of said new node to the key manager, such that other nodes in the network may setup end-to-end secure connections with said new node by requesting the node-specific public key of said new node from the key manager.Type: GrantFiled: April 19, 2013Date of Patent: October 24, 2017Assignee: NXP B.V.Inventors: Timo van Roermund, Ewout Brandsma, Maarten Christiaan Pennings
-
Patent number: 9769181Abstract: A method, system and computer-usable medium are disclosed for protecting data stored on a mobile device, based upon its location. Data stored on a mobile device is encrypted with a network-stored secret key that is unknown to the user of the mobile device. The secret key is provided directly to the mobile device once the user is authenticated and it has been determined that the mobile device is located within a predetermined geographical area. The provided secret key is then used to decrypt the encrypted data stored on the mobile device such that it can then be accessed by the user. The user is then prevented from accessing the encrypted data when it is determined that the mobile device is no longer located within the predetermined geographical area.Type: GrantFiled: June 23, 2014Date of Patent: September 19, 2017Assignee: International Business Machines CorporationInventors: Judith H. Bank, Lisa M. Bradley, Aaron J. Quirk, Lin Sun
-
Patent number: 9767304Abstract: Techniques for representation of operating system context in a trusted platform module are described. In at least some embodiments, authorization principals that corresponds to representations of operating system context are derived in a trusted platform module. The authorization principals can be used to define authorization policies for access to security assets stored in a trusted platform module.Type: GrantFiled: September 25, 2014Date of Patent: September 19, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Stefan Thom, Ronald Aigner, Navin Pai
-
Patent number: 9767172Abstract: An interactive user interface for displaying projects comprising a collection of links specifying data to be displayed from a plurality of different applications and/or data sources. When loading a project for display, links are automatically parsed to identify the application and/or data source they are associated with. Retrieved data associated with the links is displayed in a format based upon that of their native application. The data may be displayed in an interactive format, allowing the user to change or manipulate the data in a manner that would be possible in the data's native application. A project may be expressed as a “project link,” comprising a text string, wherein the links of the assets associated with the project are included or embedded within the text string, and which may be shared between different users, and may function as a snapshot of the project.Type: GrantFiled: October 2, 2015Date of Patent: September 19, 2017Assignee: PALANTIR TECHNOLOGIES INC.Inventors: Steven Fackler, David Skiff
-
Patent number: 9740390Abstract: A dynamic clip analysis system for use in a networked server-client system includes: a client including a client-side remote application module configured to analyze content from one or more of a client-side clipboard and a client-side drag and drop utility; and a remote application interactively connected with the client over a network via the client-side remote application module, the remote application including: one or more of a remote clipboard and a remote drag and drop utility; and a client-side remote application module configured to analyze content from one or more of the remote clipboard and the remote drag and drop utility, so as to perform dynamic clip analysis in the server-client system.Type: GrantFiled: March 11, 2014Date of Patent: August 22, 2017Assignee: Spikes, Inc.Inventors: Branden L. Spikes, Walter Sims
-
Patent number: 9736141Abstract: Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider's core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session.Type: GrantFiled: September 2, 2016Date of Patent: August 15, 2017Assignee: PAYPAL, INC.Inventors: Igor Yefimov, Scott Atwood
-
Patent number: 9697373Abstract: Embodiments of the present invention support a flexible access control design that includes flexible ownership and assignment of access control lists (ACLs). The ACLs can be assigned to one or more resources, or items, or types of resources or items. A creator or owner of an ACL can grant privileges to others such that they may modify or assign the ACL. Each ACL can have one or more owners, i.e., users that can exercise control over the ACL. Any owner of an ACL can designate certain privileges to other users. These other users may then use the ACL based on the privileges granted to them.Type: GrantFiled: November 5, 2004Date of Patent: July 4, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Kenneth Carlin Nelson, Marilene A Noronha
-
Patent number: 9654474Abstract: To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a process's token. The rule includes an application-criterion set and changes to be made to the groups and/or privileges of a token. The rule is set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers. When a GPO containing a rule is applied to a computer, a driver installed on the computer accesses the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process.Type: GrantFiled: September 11, 2013Date of Patent: May 16, 2017Assignee: BEYONDTRUST SOFTWARE, INC.Inventor: Marco Peretti
-
Patent number: 9648497Abstract: A login control method and apparatus is provided for facilitating usage right authentication of a mobile terminal, when the user unlocks the mobile terminal. The login control method includes determining, when a lock image is displayed on a screen, a posture of a mobile terminal, detecting unlock information, comparing the unlock information with a pre-registered unlock information, selecting, when the unlock information and the pre-registered unlock information are identical, an operation mode corresponding to the matched unlock information, from a plurality of operation modes, as the current operation mode, and displaying an image representing the current operation mode.Type: GrantFiled: November 22, 2013Date of Patent: May 9, 2017Assignee: Samsung Electronics Co., LtdInventors: Dayama Dwarkaprasad, Das Kumarbrata
-
Patent number: 9639487Abstract: An apparatus comprises a plurality of processor cores, each comprising a computation unit and a memory. The apparatus further comprises an interconnection network to transmit data among the processor cores. At least some of the memories are configured as a cache for memory external to the processor cores, and at least some of the processor cores are configured to transmit a message over the interconnection network to access a cache of another processor core.Type: GrantFiled: March 29, 2016Date of Patent: May 2, 2017Assignee: Mellanox Technologies, Ltd.Inventor: Matthew Mattina
-
Patent number: 9621702Abstract: A control system includes a control device, a controller, a plurality of user mobile devices, and a manager mobile device. Initial first identification information picked up by each user mobile device is sent to the manager mobile device, is authenticated, and is encoded. Every time a user mobile device is connected to the controller for opening the control device, a holder of the user mobile device is requested to input an instant first identification information. After decoding by a decoding key, the controller identifies whether the instant first identification information is identical to the authenticated initial first identification information. The identification result is used to decide whether the control device should be set to be an open state.Type: GrantFiled: July 16, 2015Date of Patent: April 11, 2017Inventor: I-Ting Shen
-
Patent number: 9614823Abstract: A system, method, and computer program product are provided for a pre-deactivation grace period on a processing device (e.g., mobile device). In operation, a deactivation request is detected for a deactivation event. Further, the commencement of the deactivation event is delayed for a predetermined time period, in response to the deactivation request. Additionally, the deactivation event is commenced, after the predetermined time period. To return to full functionality of the processing device while in the deactivation grace period all that may be required is entry of a authentication information (e.g., password) that is weaker than a stronger authentication information initially used to log into the processing device.Type: GrantFiled: September 13, 2013Date of Patent: April 4, 2017Assignee: McAfee, Inc.Inventors: Rajkaran Dhesi, Simon Hunt, Paul Parke
-
Patent number: 9613219Abstract: In some implementations, a method of managing access to resources in a single device including receiving, from a first resource assigned to a first perimeter, a request to access a second resource assigned to a second perimeter different from the first perimeter. The single device includes the first perimeter and the second perimeter. Whether access to the second resource is prohibited is determined based on a management policy for the first perimeter. The management policy defining one or more rules for accessing resources assigned to the second perimeter including the second resource.Type: GrantFiled: November 10, 2011Date of Patent: April 4, 2017Assignees: BlackBerry Limited, 2236008 Ontario Inc.Inventors: Geordon Thomas Ferguson, Christopher Lyle Bender, Alberto Daniel Zubiri, Kenneth Cyril Schneider, Oliver Whitehouse, Christopher William Lewis Hobbs
-
Patent number: 9594896Abstract: There is provided a method and apparatus for communications using short range communications such as Near Field Communications (NFC). A mobile device comprising an NFC subsystem provides a dynamic credential for use to login to a network requiring two factor authentication. A terminal used for logging in to the network is associated with an NFC reader, and bringing the NFC device in proximity to the NFC reader provides the terminal with the dynamic credential required for two factor authentication.Type: GrantFiled: December 21, 2012Date of Patent: March 14, 2017Assignee: BlackBerry LimitedInventor: Anthony Rosati
-
Patent number: 9582684Abstract: A method for configuring an application for an end device having a predefined end-device configuration with a predefined security level. A query about the predefined end-device configuration is directed by means of the application to a central place in which a multiplicity of security levels of end-device configurations have respective application configurations associated therewith. In response to the query, the central place ascertains the predefined security level of the predefined end-device configuration from the multiplicity of security levels, and outputs it to the application together with the associated application configuration. In dependence on the output security level, one or several functions of the application are configured by means of the application on the basis of the output application configuration for the end device.Type: GrantFiled: April 21, 2011Date of Patent: February 28, 2017Assignee: Giesecke & Devrient GmbHInventor: Stephan Spitz
-
Patent number: 9563753Abstract: A computer system for dumping a confidential image on a trusted computer system. A trusted computer system loads an encrypted client dumper image key. The trusted computer system decrypts, with a private host key, the encrypted client dumper image key to generate a client dumper image key. The trusted computer system loads an encrypted dumper including a client dump key, in response to determining that the client dumper image key matches a client image key which encrypts a boot image of a current operating system. The trusted computer system decrypts, with the client dumper image key, the encrypted dumper to generate a dumper including the client dump key. The trusted computer system starts the dumper. The dumper generates an encrypted dump by encrypting, with the client dump key, an image to be dumped in the secure logical partition, and the dumper writes the encrypted dump on a client dump device.Type: GrantFiled: July 8, 2016Date of Patent: February 7, 2017Assignee: International Business Machines CorporationInventors: Reinhard T. Buendgen, James A. O'Connor, William J. Rooney
-
Patent number: 9563780Abstract: In some implementations, a method of managing access to resources in a single device including receiving, from a first resource assigned to a first perimeter, a request to access a second resource assigned to a second perimeter different from the first perimeter. The single device includes the first perimeter and the second perimeter. Whether access to the second resource is prohibited is determined based on a management policy for the first perimeter. The management policy defining one or more rules for accessing resources assigned to the second perimeter including the second resource.Type: GrantFiled: November 10, 2011Date of Patent: February 7, 2017Assignees: BlackBerry Limited, 2236008 Ontario Inc.Inventors: Geordon Thomas Ferguson, Christopher Lyle Bender, Alberto Daniel Zubiri, Kenneth Cyril Schneider, Oliver Whitehouse, Christopher William Lewis Hobbs
-
Patent number: 9547759Abstract: A method comprises receiving an additional user provided access token requesting application at a device already having a user provided access token requesting application. The method also comprises requesting information from a user of said device if an access token of one of said applications is to be changed to that of the other of said applications and accepting verification by one of said applications as verification of another of said applications.Type: GrantFiled: October 31, 2012Date of Patent: January 17, 2017Assignee: Nokia Technology OyInventors: Silke Holtmanns, Rune Lindholm
-
Patent number: 9538380Abstract: A control system includes a control device, a controller, a plurality of user mobile devices, a manager mobile device, and a manager server. An initial first identification information of each user mobile device obtained by the manager mobile device is sent to the manager server, is authenticated, and is encoded. Every time a user mobile device is connected to the controller for opening the control device, a holder of the user mobile device is requested to input an instant first identification information. After decoding by a decoding key, the controller identifies whether the instant first identification information is identical to the authenticated initial first identification information. The identification result is used to decide whether the control device should be set to be an open state.Type: GrantFiled: July 16, 2015Date of Patent: January 3, 2017Inventor: I-Ting Shen
-
Patent number: 9471786Abstract: A method for dumping a confidential image on a trusted computer system. A trusted computer system loads an encrypted client dumper image key. The trusted computer system decrypts, with a private host key, the encrypted client dumper image key to generate a client dumper image key. The trusted computer system loads an encrypted dumper including a client dump key, in response to determining that the client dumper image key matches a client image key which encrypts a boot image of a current operating system. The trusted computer system decrypts, with the client dumper image key, the encrypted dumper to generate a dumper including the client dump key. The trusted computer system starts the dumper. The dumper generates an encrypted dump by encrypting, with the client dump key, an image to be dumped in the secure logical partition, and the dumper writes the encrypted dump on a client dump device.Type: GrantFiled: March 16, 2016Date of Patent: October 18, 2016Assignee: International Business Machines CorporationInventors: Reinhard T. Buendgen, James A. O'Connor, William J. Rooney