Credential Management Patents (Class 726/18)
  • Patent number: 10348816
    Abstract: A method and apparatus for facilitating access to a plurality of resources is provided. A message that includes a context resource identifier is received at a proxy server from a client through a gateway in communication with both the client and the proxy server. Access to a resource associated with an interface that is referenced by the context resource identifier is controlled by the proxy server using a profile that is dynamically built for a user of the client based on a plurality of resource profiles received from a plurality of interfaces in communication with the proxy server.
    Type: Grant
    Filed: October 14, 2015
    Date of Patent: July 9, 2019
    Assignee: ADP, LLC
    Inventors: Jigesh Saheba, Roberto A. Masiero, Isabel Espina Carvajal
  • Patent number: 10331337
    Abstract: In one embodiment, the invention can be a touch input device capable of unlocking a passcode accordance with a touch pressure. The device can include a touch screen which displays a passcode input window; a controller which generates a first control signal as to whether or not a touch on the passcode input window matches a predetermined passcode; and a memory which stores the predetermined passcode. The passcode input window can include a plurality of nodes which are disposed in different positions. The number of touched nodes among the plurality of nodes, the order of the touched nodes among the plurality of nodes, and a pressure level of the touch on each of the touched nodes among the plurality of nodes can be set as the predetermined passcode. Further, the pressure level of the touch can be classified into at least two levels.
    Type: Grant
    Filed: April 11, 2017
    Date of Patent: June 25, 2019
    Assignee: HiDeep Inc.
    Inventors: Yunjoung Kim, Seyeob Kim, Hyongsub Yun, Sangsic Yoon, Bonkee Kim, Hojun Moon, Taehoon Kim, Sunyoung Kwon
  • Patent number: 10325086
    Abstract: A computing device with a graphical authentication interface in which the device displays a base image and authenticates a user when a pre-selected element in a secondary image overlying the base image is aligned with a pre-selected element in the base image.
    Type: Grant
    Filed: June 15, 2010
    Date of Patent: June 18, 2019
    Assignee: BlackBerry Limited
    Inventor: Martin Philip Riddiford
  • Patent number: 10303577
    Abstract: The present disclosure relates to a method, a device and a storage medium for determining a health state of an information system. At first, a baseline configuration document corresponding to the information system is received, and data records under inspection of the information system are acquired. The baseline configuration document defines baselines. Then, each of the data records under inspection is compared with at least one baseline defined in the baseline configuration document to obtain a comparing result between each of the data records under inspection and the at least one baseline. At last, the health state of the information system is determined according to the comparing result between each of the data records under inspection and the at least one baseline. A health-determining apparatus relative to the above-mentioned method is also provided.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: May 28, 2019
    Assignee: Tencent Technology (Shenzhen) Company Limited
    Inventors: Bin Zhou, Dong Shan Xu, Shan Yang Fu
  • Patent number: 10257198
    Abstract: A system is provided wherein a network control access device that is already in a network, called a Gatekeeper, generates a random short password in the form of a series of audio or visual cues that are visible to the user of a joining device. The joining device can be a simple one button device, or even a no-button device that is part of the internet of things (IOT) standard. The response to each cue can be entered by the user on a single-button joining device. For a no-button joining device, an alternate input method may be utilized on the joining device in response to the audio and visual cues. Alternatively, a password can be generated by the no-button joining device and be entered by the user one bit at-a-time directly onto the Gatekeeper keypad. Once the password is received, the Gatekeeper performs a password verification procedure.
    Type: Grant
    Filed: September 12, 2016
    Date of Patent: April 9, 2019
    Assignee: ARRIS Enterprises LLC
    Inventor: Alexander Medvinsky
  • Patent number: 10230752
    Abstract: The disclosure is directed towards systems and methods for improving security in a computer network. The system can include a planner and a plurality of controllers. The controllers can be deployed within each zone of the production network. Each controller can be configured to assume the role of an attacker or a target for malicious network traffic. Simulations of malicious behavior can be performed by the controllers within the production network, and can therefore account for the complexities of the production network, such as stateful connections through switches, routers, and other intermediary devices. In some implementations, the planner can analyze data received from the controllers to provide a holistic analysis of the overall security posture of the production network.
    Type: Grant
    Filed: February 24, 2017
    Date of Patent: March 12, 2019
    Assignee: VERODIN, INC.
    Inventors: Christopher B. Key, Paul E. Holzberger, Jr.
  • Patent number: 10211981
    Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.
    Type: Grant
    Filed: November 16, 2017
    Date of Patent: February 19, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jan L. Camenisch, Franz-Stefan Preiss, Kai Samelin, Dieter M. Sommer
  • Patent number: 10198963
    Abstract: A secured computerized social networking system for pupils including a mail server operative to interface with a secured parent environment; and a secured pupil environment, the system comprising a computerized environment secured to prevent access thereto, other than by end-users who have passed a what-you-know authentication test; a what-you-know testing functionality; and a graphic what-you-know test-configuring functionality, the system being operative to perform a plurality of selectable system-actions responsive to user input, the system being accessible to non-literate users via a touch screen defining a plurality of touch screen locations respectively corresponding to the plurality of selectable system-actions, the touch screen being operative to detect and distinguish between first and second gestures, the system comprising: a processor-controlled touch-triggered actor; and a processor-controlled touch-triggered oral presenter.
    Type: Grant
    Filed: December 11, 2017
    Date of Patent: February 5, 2019
    Assignee: GOOGALE (2009) LTD.
    Inventors: Nir Michalowitz, Michal Peled Rosenvald
  • Patent number: 10182067
    Abstract: The present disclosure relates to a method, a device and a storage medium for determining a health state of an information system. At first, a baseline configuration document corresponding to the information system is received, and data records under inspection of the information system are acquired. The baseline configuration document defines baselines. Then, each of the data records under inspection is compared with at least one baseline defined in the baseline configuration document to obtain a comparing result between each of the data records under inspection and the at least one baseline. At last, the health state of the information system is determined according to the comparing result between each of the data records under inspection and the at least one baseline. A health-determining apparatus relative to the above-mentioned method is also provided. Therefore, by these method and apparatus, the health state of the information system is quantifiable.
    Type: Grant
    Filed: January 7, 2015
    Date of Patent: January 15, 2019
    Assignee: Tencent Technology (Shenzhen) Company Limited
    Inventors: Bin Zhou, Dong Shan Xu, Shan Yang Fu
  • Patent number: 10176318
    Abstract: Techniques for maintaining and updating authentication information for a plurality of accounts may be provided. In an example a first set of authentication information for the plurality of accounts may be maintained. A second set of authentication information that has been marked as potentially compromised may be received. A third set of authentication information may be generated based on the overlap between the first set of authentication information and the second set of authentication information. The first set of authentication information may be updated based at least in part on one or more security authentication protocols and the third set of authentication information.
    Type: Grant
    Filed: October 27, 2017
    Date of Patent: January 8, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: David James Kane-Parry, Darren Ernest Canavor, Jesper Mikael Johansson
  • Patent number: 10162948
    Abstract: An authentication system in accordance with an example includes an image capture device to scan an object. The authentication system also includes an authentication module to identify imperfections in the object based on the scan, to generate model data based on the identified imperfections, and to authenticate the user based on a comparison of currently identified imperfections to the model data.
    Type: Grant
    Filed: December 6, 2013
    Date of Patent: December 25, 2018
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Valentin Popescu, James Robert Waldron
  • Patent number: 10164969
    Abstract: A computer security system comprises a security module adapted to control access to a secure computer resource by a user via a client based on verification of a security credential provided by the user. The computer security system also comprises verification data disposed on the client and accessible by the security module. The security module is adapted to enable the user to recover the security credential based on a response received from the user associated with the verification data.
    Type: Grant
    Filed: January 11, 2017
    Date of Patent: December 25, 2018
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Valuiddin Ali, Manuel Novoa, Matthew J. Wagner
  • Patent number: 10120995
    Abstract: A device unlock pattern (“pattern password”) is static in that the same pattern is entered each time to unlock a device. Due to this repetition, a pattern password may be discovered by an application that captures touchscreen gestures, by inspection of fingerprints or smudges on a screen, or simply by an onlooker that views the pattern password being entered. A variable hint pattern can be used to impede discovery. A hint pattern is a sub-pattern (“hint”) of the pattern password to be completed for device unlock. A variable hint pattern can impede discovery by changing the sub-pattern at a defined change threshold related to unlock attempts. The device can randomly change the sub-pattern or randomly change the missing portions of the pattern password at each change threshold. As a result, different inputs complete the pattern password. This variance stymies the methods typically used to discover pattern passwords.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: November 6, 2018
    Assignee: CA, Inc.
    Inventors: Yashwant Ramkishan Sawant, Mohammed Mujeeb Kaladgi, Ruqiya Nikhat Kaladgi, Junaid Ahmed Jameel, Jameel Ahmed Kaladgi
  • Patent number: 10120989
    Abstract: A process including: displaying icons used for password entry into an electronic system, in such a way that a hand movement associated with entry of the password into the system is randomized.
    Type: Grant
    Filed: June 4, 2014
    Date of Patent: November 6, 2018
    Assignee: NOWWW.US Pty. Ltd.
    Inventor: Mark Rodney Anson
  • Patent number: 10097994
    Abstract: Techniques for resetting authentication for touch-enabled devices are presented. When a user authenticates to a mobile device a touch profile (TP) is recorded. Each subsequent time the user unlocks a locked mobile device via touch, a new TP is noted. The new TP is compared to the recorded TP and if the deviation is within an acceptable tolerance, the user is permitted access to the mobile device without re-authentication. When the new TP is not within the acceptable tolerance of the recorded TP, the user is forced to re-authenticate before access is granted to the mobile device.
    Type: Grant
    Filed: March 14, 2016
    Date of Patent: October 9, 2018
    Assignee: NetIQ Corporation
    Inventors: Lloyd Leon Burch, Michael F. Angelo, Baha Masoud
  • Patent number: 10032015
    Abstract: The invention discloses a password input method based on a two-stage conversion. The method specifically includes providing password symbols and randomly providing password-proxy symbols, and building a two-sage association between the password symbols and the password-proxy symbols.
    Type: Grant
    Filed: August 7, 2017
    Date of Patent: July 24, 2018
    Inventor: Yongpeng Sang
  • Patent number: 10013546
    Abstract: A computer-implemented method of authenticating a user with a computing device is disclosed. The method involves displaying a grid of selectable visually-distinguishable graphical elements on a device display, receiving from a user of the device a drawn pattern across the selectable graphical elements, comparing the received drawn pattern to information representing a stored authentication pattern for the user, and unlocking access to functions on the device if the received drawn pattern substantially matches the stored authentication pattern.
    Type: Grant
    Filed: October 28, 2014
    Date of Patent: July 3, 2018
    Assignee: Google LLC
    Inventors: Daniel Johansson, Tobias Arréhn, Simon M. Thorsander, Erick Tseng
  • Patent number: 9971920
    Abstract: This specification describes technologies relating to biometric authentication based on images of the eye. In general, one aspect of the subject matter described in this specification can be embodied in methods that include obtaining images of a subject including a view of an eye. The methods may further include determining a behavioral metric based on detected movement of the eye as the eye appears in a plurality of the images, determining a spatial metric based on a distance from a sensor to a landmark that appears in a plurality of the images each having a different respective focus distance, and determining a reflectance metric based on detected changes in surface glare or specular reflection patterns on a surface of the eye. The methods may further include determining a score based on the behavioral, spatial, and reflectance metrics and rejecting or accepting the one or more images based on the score.
    Type: Grant
    Filed: July 2, 2015
    Date of Patent: May 15, 2018
    Assignee: EyeVerify LLC
    Inventors: Reza R. Derakhshani, Casey Hughlett, Jeremy Paben, Joel Teply, Toby Rush
  • Patent number: 9965761
    Abstract: Described are apparatus and methods for providing secure identification, payment processing and/or signing using a gesture-based input device without biometrics.
    Type: Grant
    Filed: January 7, 2015
    Date of Patent: May 8, 2018
    Assignee: NOD, INC.
    Inventors: Anusankar Elangovan, Subash R. Patel
  • Patent number: 9922188
    Abstract: Embodiments described herein relate to a device operable to process input for a picture password for proof of knowledge. In some embodiments, the device includes a display, an input subsystem, processor(s), and memory containing instructions executable by the processor(s) such that the device is operative to display, on the display of the device, an image for the picture password proof of knowledge. The image is associated with an overlaid grid comprising a plurality of elements, and each element corresponds to a distinct area of the image. The device is further operative to, determine an offset to be used and, in response to receiving an input via the input subsystem at a first location of the display, highlight an element of the overlaid grid at a second location on the first image on the display. The second location is offset from the first location by the offset.
    Type: Grant
    Filed: January 18, 2017
    Date of Patent: March 20, 2018
    Assignee: Antique Books, Inc.
    Inventors: Robert H. Thibadeau, Sr., Justin D. Donnell, Robert Thibadeau, Jr.
  • Patent number: 9881148
    Abstract: The present invention is to enable a user to input authentication information without burden, such that the user only has to memorize part of the authentication information even when inputting lengthy authentication information in order to ensure high-level security. When an operation of inputting and arranging authentication information in an information arrangement region is performed in a state where an arrangement status of a specified portion in the information arrangement region is set in advance as partial-authentication reference information in a reference authentication information memory, a CPU detects an arrangement status of the specified portion from an overall arrangement status in the information arrangement region, and performs, as partial authentication, processing of matching the detected arrangement status of the specified portion and the arrangement status of the specified portion set as the partial-authentication reference information.
    Type: Grant
    Filed: December 8, 2015
    Date of Patent: January 30, 2018
    Assignee: CASIO COMPUTER CO., LTD.
    Inventor: Shinichi Hagiwara
  • Patent number: 9858406
    Abstract: An authenticity accuracy, corresponding to a personal identification number, is determined. A device presents a correct image (or group of images) and an incorrect image (or group of images). Selections from a user are received until a sufficient number of correct images are selected to satisfy the authenticity accuracy. For example, a counter may be incremented when the correct image is selected, and the user may be considered to be authenticated if the counter reaches a sufficient level.
    Type: Grant
    Filed: March 24, 2015
    Date of Patent: January 2, 2018
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Jeffrey M. Getchius, Guy Getchius
  • Patent number: 9807090
    Abstract: According to one embodiment, a person authentication method includes obtaining, from a medium carried by a person who passes through a first position, first information indicating the gender and the age of the person; performing a first authentication operation with respect to a person whose face image is included in a first image obtained by capturing a person passing through the first position; and setting, as the first authentication operation, an authentication operation to be performed using the face image of a person having the gender and the age specified in the first information.
    Type: Grant
    Filed: March 10, 2016
    Date of Patent: October 31, 2017
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Hiroo Saito, Hiroshi Sukegawa
  • Patent number: 9779225
    Abstract: A method of providing access to secure features of a device includes detecting motion of a secured device during entry of first access credentials on the secured device, storing first motion data in association with the first access credentials, the first motion data indicating a pattern of the detected motion, and granting access to a secured feature of the secured device when a user enters user access credentials matching the first access credentials accompanied by detected motion that produces user motion data matching the first motion data to a degree within a defined valid data range of the first motion data.
    Type: Grant
    Filed: April 8, 2015
    Date of Patent: October 3, 2017
    Assignee: Google Inc.
    Inventors: J. Eric Mason, Kenneth Louis Herman, Yash Modi
  • Patent number: 9756218
    Abstract: A user detecting unit detects a mobile identification device in a communicable range of a wireless communication device, and determines a user in association with the detected mobile identification device and determines user authority of the user among general user authority and administrator user authority. The general user authority is prohibited from using a specific function allowed to the administrator user authority. The login processing unit performs a login process based on the detected user authority for the user. If the mobile identification device with the administrator user authority is detected after the login process based on the general user authority and a distance is less than a predetermined value between the detected mobile identification devices with the general user authority and the administrator user authority, then the authority changing unit changes the user authority of the user from the general user authority to the administrator user authority.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: September 5, 2017
    Assignee: Kyocera Document Solutions, Inc.
    Inventor: Takushi Dandoko
  • Patent number: 9721090
    Abstract: A system and method of efficiently inspecting content is provided. Embodiments of the invention may inspect files accessed by an application prior to an activation of the application. Selective inspection of files accessed by an application may be based on a previous inspection. Inspection of files accessed by an application may be postponed or performed concurrently with the access. A prioritized queue may include references to files, a priority may be related to a risk level and an inspection order may be according to a risk level.
    Type: Grant
    Filed: April 27, 2011
    Date of Patent: August 1, 2017
    Assignee: Safend Ltd.
    Inventors: Pavel Berengoltz, Leonid Dorrendorf, Adam Carmi, Ofer Diamant
  • Patent number: 9720513
    Abstract: Provided are an apparatus and method for inputting a character The apparatus includes a recognition unit configured to measure lengths from arbitrary points on a user's hands to respective fingertips and recognize a click gesture using the measured lengths, a control unit configured to control character input according to the recognized click gesture, and a display unit configured to display a character pad for the character input and display a character input according to the click gesture recognized on the character pad.
    Type: Grant
    Filed: July 20, 2015
    Date of Patent: August 1, 2017
    Assignee: Korea Electronics Technology Institute
    Inventors: Yang Keun Ahn, Kwang Mo Jung
  • Patent number: 9716706
    Abstract: The present invention relates to an application that is configured to provide secure access to confidential information. To protect the confidential information, the application may include functions that utilize a decoy application to disguise the functionality of the application. A unique sequence of inputs received through an interface associated with the decoy application may permit a user to access the confidential information. An authorized user that has been provided access to the confidential information may access configuration interfaces that permit the user to define the inputs that will serve as login credentials and to customize the appearance and functionality of the decoy application.
    Type: Grant
    Filed: December 29, 2016
    Date of Patent: July 25, 2017
    Inventor: Joseph Fitzgerald
  • Patent number: 9705878
    Abstract: A method of operating a server comprises receiving an authorization request comprising a password, accessing an expiry date for the password, transmitting a response comprising the expiry date, ascertaining whether the password has expired, and receiving a new password, if the password has expired. Optionally, the transmitted response further comprises a date representing the last use of the password and/or an integer value representing a retry parameter.
    Type: Grant
    Filed: April 1, 2009
    Date of Patent: July 11, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Peter E. Havercan
  • Patent number: 9701280
    Abstract: A mobile communication system that includes a vehicle and a mobile device is provided. The method pertains to revoking communication control privileges of the mobile device previously authorized to control the vehicle. The method includes the steps of receiving a revocation request at the vehicle via a user interface device, the revocation request including a request to revoke the communication control privileges of the previously authorized mobile device, wherein the control privileges includes a capacity to remotely command at least one of a plurality of vehicle functions; and based on the revocation request, revoking at the vehicle the communication control privileges of the previously authorized mobile device.
    Type: Grant
    Filed: April 3, 2015
    Date of Patent: July 11, 2017
    Assignee: GM Global Technology Operations LLC
    Inventors: Jennifer J. Schussmann, Karl B. Leboeuf, Lynn Saxton, Alessandro Testa
  • Patent number: 9674177
    Abstract: A personal computing device, server or other type of processing device authenticates a user attempting to access a protected resource by verifying user knowledge of one or more extracted characteristics of stored information indicative of an internal operating state of that resource. The one or more extracted characteristics are characteristics that would likely be known to the user if that user had made one or more previous authenticated accesses to the protected resource. For example, the extracted characteristics may be indicative of a manner in which the user had utilized the protected resource during the one or more previous authenticated accesses to the protected resource. The processing device receives input from the user regarding the one or more extracted characteristics, and grants or denies access to the protected resource based at least in part on the input received from the user.
    Type: Grant
    Filed: December 12, 2008
    Date of Patent: June 6, 2017
    Assignee: EMC IP Holding Company LLC
    Inventor: Magnus Nyström
  • Patent number: 9660982
    Abstract: Disclosed are various embodiments for management functions relating to security credentials. Account data, which includes multiple security credentials for multiple network sites for a user, is stored in an encrypted form. A request to temporarily change the account data is obtained from a client. The request specifies a master security credential for accessing the account data. In response to the request, the multiple security credentials for the account data are changed to a single temporary security credential, as specified by a user. After an expiration period expires, the multiple security credentials are automatically reset to a plurality of different security credentials.
    Type: Grant
    Filed: August 17, 2016
    Date of Patent: May 23, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Daniel W. Hitchcock, Brad Lee Campbell
  • Patent number: 9659171
    Abstract: In accordance with embodiments of the present disclosure, a method may include storing a system fingerprint of an information handling system, the system fingerprint comprising information associated with one or more information handling resources of the information handling system recorded during creation of the system fingerprint including information regarding a security seed, wherein the security seed comprises a value stored at a location of a non-transitory computer readable medium integral to an information handling resource of the one or more information handling resources. The method may also include during a verification mode, based on the information in the system fingerprint, determining whether potential tampering of the information handling system has occurred, and if potential tampering has occurred, issuing an alert indicating potential tampering with the information handling system.
    Type: Grant
    Filed: August 21, 2015
    Date of Patent: May 23, 2017
    Assignee: Dell Producrs L.P.
    Inventors: Lisa B. Treweek, Christopher C. Dumas, Alaric J. N. Silveira
  • Patent number: 9632603
    Abstract: A method and apparatus for password entry, the method comprising: displaying a password inputting keyboard on a display, the keyboard including a character carrier and a position carrier, the character carrier and the position carrier are capable of relative movement between each other so that when the position of a character in the character carrier is corresponding to a position mark on the position carrier, the position of at least one other character in the character carrier is corresponding to at least one other position mark in the position carrier; in response to a user causing relative movement between the character carrier and the position carrier, aligning a character in the character carrier with a position mark in the position carrier; and in response to a lapse of a predetermined time, recording the character and its input order and changing the layout of the password inputting keyboard.
    Type: Grant
    Filed: August 21, 2015
    Date of Patent: April 25, 2017
    Assignee: International Business Machines Corporation
    Inventors: Wu Song Fang, Su Liu, Jun Su, Cheng Xu, Quan Wen Zhang
  • Patent number: 9628465
    Abstract: Methods and systems are described for state driven orchestration of authentication components to access a resource protected by an access manager framework. In response to a client request for a protected resource, relevant authentication components and their respective order are determined. Upon successful authentication of the first authentication component, proper state information of the authentication process is stored by the client indicating the next authentication component. In response to a request for additional credential information for the authentication process from the next authentication component, the client provides the stored state information so that the authentication process continues with the second authentication component according to the determined order of the authentication components within an authentication process.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: April 18, 2017
    Assignee: Oracle International Corporation
    Inventors: Aarathi Balakrishnan, Ramya Kukkehali Subramanya, Deepak Ramakrishnan
  • Patent number: 9626395
    Abstract: A document management apparatus includes a reception unit, an operation information extraction unit, a memory, an executability determination unit, and an operation execution unit. The reception unit receives an operation request for an electronic document from an operator. The operation information extraction unit extracts operation information related to the operation request. The memory stores operation history information which is an accumulation of previous operation information which is operation information related to previous operation requests previously made for electronic documents. The executability determination unit reads the operation history information from the memory to determine whether or not an operation pertaining to the operation request is executable on the basis of the operation information and the operation history information.
    Type: Grant
    Filed: June 20, 2014
    Date of Patent: April 18, 2017
    Assignee: FUJI XEROX CO., LTD.
    Inventor: Mai Suzuki
  • Patent number: 9613201
    Abstract: A technique provides access control on a mobile device (e.g., a smart phone, a tablet, etc.). The technique involves displaying an image on a touch screen of the mobile device. The technique further involves, while the image is displayed on the touch screen, receiving user input from a user. The user input includes user gestures applied to the touch screen over the displayed image. The technique further involves performing an access control operation which provides an access control result based on the user input, the access control result (i) providing access to a set of protected resources when the user input matches expected input and (ii) denying access to the set of protected resources when the user input does not match the expected input.
    Type: Grant
    Filed: September 30, 2013
    Date of Patent: April 4, 2017
    Assignee: EMC IP Holding Company LLC
    Inventors: Yedidya Dotan, Lawrence N. Friedman, Gareth Richards, Daniel V. Bailey
  • Patent number: 9600077
    Abstract: The present invention provides an image display device comprising: a sensing unit for sensing an input gesture of a user; a display unit for outputting visual information among the executed data of an application when the application is executed; a collection unit for collecting control gesture information included in the executed data; and a control unit for executing an event of the application which is included in the executed data and corresponds to the control gesture information if the control gesture information and the input gesture sensed by the sensing unit are matching while the application is executed.
    Type: Grant
    Filed: October 23, 2013
    Date of Patent: March 21, 2017
    Assignee: LG ELECTRONICS INC.
    Inventors: Soonbo Han, Hyojin Song, Sangjo Park, Dongyoung Lee
  • Patent number: 9596231
    Abstract: Systems and methods for generating secure passwords, personal identification numbers (PINs), and other user credentials using touch-aware devices are described. In some cases, an end user of a computing device may use a touch-sensitive interface (e.g., a touchscreen) to indirectly enter user credentials for accessing protected information or a protected computing resource using the computing device. The end user may indirectly enter the user credentials by entering information that is different from the actual user credentials. In one example, the touch-sensitive interface may display a plurality of numbers and paths connecting the plurality of numbers and the end user of the computing device may select a sequence of numbers of the plurality of numbers using a touch gesture. The computing device may generate a user credential different from the sequence of numbers using the sequence of numbers selected by the end user.
    Type: Grant
    Filed: August 21, 2015
    Date of Patent: March 14, 2017
    Assignee: CA, INC.
    Inventors: Vikrant Nandakumar, Naveen Harry Michael, Hemanth Pinninti, Vardhineedi Satyanarayana Murthy
  • Patent number: 9589001
    Abstract: A document management apparatus includes a reception unit, an operation information extraction unit, a memory, an executability determination unit, and an operation execution unit. The reception unit receives an operation request for an electronic document from an operator. The operation information extraction unit extracts operation information related to the operation request. The memory stores operation history information which is an accumulation of previous operation information which is operation information related to previous operation requests previously made for electronic documents. The executability determination unit reads the operation history information from the memory to determine whether or not an operation pertaining to the operation request is executable on the basis of the operation information and the operation history information.
    Type: Grant
    Filed: June 20, 2014
    Date of Patent: March 7, 2017
    Assignee: FUJI XEROX CO., LTD.
    Inventor: Mai Suzuki
  • Patent number: 9571487
    Abstract: The present invention relates to an application that is configured to provide secure access to confidential information. To protect the confidential information, the application may include functions that utilize a decoy application to disguise the functionality of the application. A unique sequence of inputs received through an interface associated with the decoy application may permit a user to access the confidential information. An authorized user that has been provided access to the confidential information may access configuration interfaces that permit the user to define the inputs that will serve as login credentials and to customize the appearance and functionality of the decoy application.
    Type: Grant
    Filed: February 3, 2016
    Date of Patent: February 14, 2017
    Inventor: Joseph Fitzgerald
  • Patent number: 9565020
    Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.
    Type: Grant
    Filed: February 2, 2016
    Date of Patent: February 7, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jan L. Camenisch, Franz-Stefan Preiss, Kai Samelin, Dieter M. Sommer
  • Patent number: 9558340
    Abstract: The invention prevents robots from browsing a Web site beyond a welcome page. When an initial request from an undefined originator is received, the Web site responds to it with a welcome page including a challenge. Then, on receiving a further request from the undefined originator, the Web site can check whether the challenge is fulfilled or not. If fulfilled, the undefined originator is assumed to be a human being and authorized to go on. If the challenge is not fulfilled, the undefined originator is assumed to be a robot, in which case site access is further denied. The invention prevents Web site contents from being investigated by robots while not requiring users to have to log on.
    Type: Grant
    Filed: August 15, 2015
    Date of Patent: January 31, 2017
    Assignee: International Business Machines Corporation
    Inventors: Marc Lamberton, Eric Levy-Abegnoli, Pascal Thubert
  • Patent number: 9544312
    Abstract: Methods and systems for managing directory information, such as onboarding a LDAP server, employing a processor coupled to memory and other computer hardware and software components for receiving a request related to one or more applications from a requestor in pre-determined business logic, acknowledging the request by an approver function without requiring the requestor to negotiate, for example, with an LDAP administrator to justify the request, and provisioning the request into the enterprise LDAP server in the pre-determined business logic.
    Type: Grant
    Filed: October 30, 2012
    Date of Patent: January 10, 2017
    Assignee: CITIGROUP TECHNOLOGY, INC.
    Inventors: Sandeep Nair, Jerry Speyer, Udaya Chandupatla
  • Patent number: 9524395
    Abstract: A method and apparatus for obtaining a password hint is disclosed. In some embodiments, the method includes: receiving a spatial pattern from a user; obtaining a password comprising a plurality of characters; obtaining a password hint comprising an arrangement of characters, wherein the arrangement of characters includes the plurality of characters of the password and additional characters, and the plurality of characters of the password are located within the arrangement of characters according to the received spatial pattern. The method may also include storing the password hint or providing the password hint to the user.
    Type: Grant
    Filed: November 8, 2011
    Date of Patent: December 20, 2016
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Göran Selander, Mats Näslund
  • Patent number: 9519763
    Abstract: A system and method is provided for visual authentication and authorization of a user for mobile devices, the system having: a login display on a mobile selection device displaying a visual pattern, a data collection engine whereby selection features are obtained from a plurality of user selection events to the mobile selection device with reference to the visual pattern, the selection attributes comprise measured selection attributes and derived selection attributes calculated from the measured selection attributes; an authentication engine whereby the selection attributes are compared to projected user selection attributes derived from user selection attribute values obtained during prior successful logins.
    Type: Grant
    Filed: May 30, 2014
    Date of Patent: December 13, 2016
    Inventors: Raphael A. Rodriguez, Daniel Volovik
  • Patent number: 9519824
    Abstract: The invention relates to a method for enabling the authentication or identification of a person (1) using a first electronic device (2) comprising an image-capturing unit and a data-transmission unit, the method including a step of registering said person in a verification system (3). The registration step includes the steps of: capturing, using the image-capturing unit of said electronic device, a first image (h) of at least one object (O) of any kind that is secretly selected by the person; and transmitting said first image to the verification system by means of said data transmission device of said first electronic device.
    Type: Grant
    Filed: November 29, 2011
    Date of Patent: December 13, 2016
    Assignee: MORPHO
    Inventors: Jean-Christophe Fondeur, Hervé Chabanne
  • Patent number: 9516032
    Abstract: Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.
    Type: Grant
    Filed: September 26, 2014
    Date of Patent: December 6, 2016
    Assignee: GOOGLE INC.
    Inventor: Ulfar Erlingsson
  • Patent number: RE46301
    Abstract: Image based login procedures for computer systems include: (a) displaying a first image on a computer screen; (b) receiving user input indicating a portion of the first image; (c) determining if the user input corresponds to a first acceptable user input for user authentication; and (d) proceeding with the authentication procedure when this user input corresponds to the first acceptable user input for user authentication. Additionally or optionally, when proceeding with this authentication procedure, the systems and methods further may include: displaying a second image on the screen; receiving new user input indicating a portion of the second image; and determining if this new input corresponds to a second acceptable user input for user authentication.
    Type: Grant
    Filed: January 15, 2014
    Date of Patent: February 7, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Erik L. Holt, Matthew E. Kowalczyk, Russell Humphries
  • Patent number: RE47518
    Abstract: Image based login procedures for computer systems include: (a) displaying a first image on a computer screen; (b) receiving user input indicating a portion of the first image; (c) determining if the user input corresponds to a first acceptable user input for user authentication; and (d) proceeding with the authentication procedure when this user input corresponds to the first acceptable user input for user authentication. Additionally or optionally, when proceeding with this authentication procedure, the systems and methods further may include: displaying a second image on the screen; receiving new user input indicating a portion of the second image; and determining if this new input corresponds to a second acceptable user input for user authentication.
    Type: Grant
    Filed: January 12, 2017
    Date of Patent: July 16, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Matthew E. Kowalczyk, Russell Humphries, Erik L. Holt