Access Control Or Authentication Patents (Class 726/2)
  • Patent number: 9870431
    Abstract: The invention relates to an efficient system for user rights in a semantic digital network, whereby users are arranged in the same semantic network as the information objects. The rights are thus derived from the semantic relations between users and information objects in a common semantic network.
    Type: Grant
    Filed: June 10, 2008
    Date of Patent: January 16, 2018
    Assignee: INTELLIGENT VIEWS GMBH
    Inventors: Clara Hammen, Jan Schümmer, Ralf Rath, Hans Scholz, Christian Schuckmann, Elke Siemon, Patrick Closhen
  • Patent number: 9870461
    Abstract: Techniques are disclosed for generating, utilizing, and validating traceable image CAPTCHAs. In certain embodiments, a traceable image is displayed, and a trace of the image is analyzed to determine whether a user providing the trace is human. In certain embodiments, a computing device receives a request for an image, and in response, creates a traceable image based upon a plurality of image elements. The computing device transmits data representing the traceable image to cause a second computing device to display the traceable image via a touch-enabled display. The computing device receives a user trace input data generated responsive to a trace made at the second computing device, and determines whether the trace is within an error tolerance range of the set of coordinates associated with the traceable image. The computing device then sends a result of the determination.
    Type: Grant
    Filed: October 6, 2016
    Date of Patent: January 16, 2018
    Assignee: Oracle International Corporation
    Inventors: Nagasravani Akula, Rachit Raj, Mohamad Raja Gani Mohamad Abdul
  • Patent number: 9866551
    Abstract: Disclosed are a one time password generation device and an authentication method. The one time password generation device includes: a reference information generator that generates reference information; a virtual input means generator that generates a virtual input means in which a blank is provided; and a password generator that generates a one time password using an initial value, reference information and a blank.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: January 9, 2018
    Inventors: Young Man Hwang, Sung Min Joo
  • Patent number: 9864625
    Abstract: Methods, systems, and techniques for facilitating access to content stored remotely, for example, as part of a virtual machine infrastructure or elsewhere in a networked environment, using a uniform mechanism are provided. Example embodiments provide an Enhanced Virtual Desktop Management Server/System with a Content Abstraction Layer which enables users to access their data stored as part of a virtual machine environment, or replicated otherwise on a network, using a generic API. The API can be incorporated into a web browser or other third party interface to provide access to the users' data without needing to remote a bitmap representation of a virtual desktop display. Accordingly, users can access their data, applications, and settings regardless of the type of access device and regardless of whether the corresponding virtual desktop is running in the data center, provisioned in the datacenter but running on a client device, or not running at all.
    Type: Grant
    Filed: February 29, 2016
    Date of Patent: January 9, 2018
    Assignee: VMware, Inc.
    Inventors: Puneet Chawla, Jad Chamcham
  • Patent number: 9860265
    Abstract: The system and method described herein may leverage passive and active vulnerability discovery to identify network addresses and open ports associated with connections that one or more passive scanners observed in a network and current connections that one or more active scanners enumerated in the network. The observed and enumerated current connections may be used to model trust relationships and identify exploitable weak points in the network, wherein the exploitable weak points may include hosts that have exploitable services, exploitable client software, and/or exploitable trust relationships. Furthermore, an attack that uses the modeled trust relationships to target the exploitable weak points on a selected host in the network may be simulated to enumerate remote network addresses that could compromise the network and determine an exploitation path that the enumerated remote network addresses could use to compromise the network.
    Type: Grant
    Filed: April 17, 2015
    Date of Patent: January 2, 2018
    Assignee: Tenable Network Security, Inc.
    Inventors: Ron Gula, Renaud Deraison
  • Patent number: 9860223
    Abstract: Users on a client system access files served by a web application through the Network File System (NFS) protocol using common web authentication mechanisms while still honoring constraints imposed by the application's authorization rules. To this end, the client system is modified to include an NFS server. Following authentication of the NFS server with the web application, NFS-based requests (from a local NFS client) directed to the application are received at the NFS server instead of being sent to the application directly. The NFS server, in turn, maps those requests to the web application preferably using standard HTTP. Because the web application's normal security model is enforced as intended at the web application, the approach enables individual users of the client system to operate under different visibility constraints dictated by the web application. Thus, fine-grained permissions may be enforced at the web application for different users.
    Type: Grant
    Filed: March 27, 2013
    Date of Patent: January 2, 2018
    Assignee: International Business Machines Corporation
    Inventors: Sheehan Anderson, Richard Lee Kulp, Gili Mendel
  • Patent number: 9854618
    Abstract: A first user terminal according to an embodiment comprises: at least one processor and at least one memory coupled to the processor. The processor is configured to perform processes of: determining first radio resources to be used for transmitting control information, the control information indicating location of second radio resources to be used for transmitting data by direct Device-to-Device communication; and directly transmitting the same control information repeatedly to a second user terminal in each resource block included in the first control resources.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: December 26, 2017
    Assignee: KYOCERA Corporation
    Inventors: Naohisa Matsumoto, Kugo Morita, Masato Fujishiro, Takahiro Saiwai
  • Patent number: 9846892
    Abstract: A location-based information system and method therefor, which is responsive to the user's selection of geographic zone and parameters. A proprietary app (application) is installed in a mobile device of the user, which insures that a connection to the user from a caller is based on the user's defined zone and other parameters without the disclosing the exact location of the user. Various embodiments of the invention provide an option for user-to-user location-based connection without depending on a remote server.
    Type: Grant
    Filed: September 16, 2016
    Date of Patent: December 19, 2017
    Inventor: Boaz Hyman
  • Patent number: 9843578
    Abstract: A computer-implemented method comprising: receiving, from a primary factor authentication device by one or more computer systems, a request to enroll a mobile device as a secondary factor authentication device; and enrolling by the one or more computer systems the mobile device as a first, secondary factor authentication device.
    Type: Grant
    Filed: August 26, 2015
    Date of Patent: December 12, 2017
    Assignee: FMR LLC
    Inventors: Boris Kalinichenko, Joseph G. Ferra
  • Patent number: 9842224
    Abstract: An electronic device includes a housing. One or more processors are operable with a plurality of proximity sensor components that can be disposed behind a grille defining a plurality of reception beams having a cumulative beam reception angle. The cumulative beam reception angle of any one proximity sensor component overlaps the cumulative beam reception angle of at least one other proximity sensor component. The one or more processors can detect whether a single person or a plurality of people are within a thermal reception radius of the electronic device. Where the single person is within the thermal reception radius, the one or more processors can operate the electronic device in a first mode of operation, and where the plurality of people are within the thermal reception radius, operate the electronic device in a second mode of operation.
    Type: Grant
    Filed: May 26, 2015
    Date of Patent: December 12, 2017
    Assignee: Motorola Mobility LLC
    Inventors: Rachid M Alameh, Roger W Ady, Paul Steuer
  • Patent number: 9838383
    Abstract: A method includes receiving a target credential object having administrative rights over a first user account located on a target system. The first user account includes a log-in permission for the target system. The method also includes receiving data indicative of a second user account corresponding to the first user account, wherein the second user account is located on a local system. The method further includes sending a first request to remove the log-in permission from the first user account to the target system using the target credential object. The method still further includes receiving a log-in request corresponding to the second user account on the local system. The method additionally includes, in response to receiving the log-in request for the second user account, sending a second request to add the log-in permission on the first user account to the target system using the target credential object.
    Type: Grant
    Filed: July 9, 2013
    Date of Patent: December 5, 2017
    Assignee: CA, Inc.
    Inventors: Ron Perlmuter, Amir Jerbi, Nir Barak, Miron Gross
  • Patent number: 9832232
    Abstract: Providing streaming of applications from streaming servers onto clients. The applications are contained within isolated environments, and the isolated environments are streamed from the servers onto clients. The system may include the option of running both in on-line and off-line. When on-line, the system may include authentication of the streaming servers and authentication of clients and credentialing of the isolated environments and applications the clients are configured to run. The system may further include encrypted communication between the streaming servers and the clients. When off-line, the system may include the ability to run already installed isolated environments without requiring credentialing. The system may further include a management interface where administrators may add, remove and configure isolated environments, configure client policies and credentials, and force upgrades.
    Type: Grant
    Filed: June 7, 2016
    Date of Patent: November 28, 2017
    Assignee: Open Invention Network LLC
    Inventor: Allan Havemose
  • Patent number: 9830208
    Abstract: The embodiments relate to a method for processing a guest event in a hypervisor-controlled system. A guest event triggers a first firmware service for the guest event in firmware. The guest event is associated with a guest, a guest key, and with a guest state and protected guest memory accessible only by the guest and the firmware. The firmware processes information associated with the guest event. The processed information includes information of the guest state and the protected guest memory. A subset of the processed information is received by a hypervisor to process the guest event, and a non-received portion of the information is retained by the firmware. The hypervisor processes the guest event based on the received subset and sends a process result to the firmware triggering a second firmware service for the guest event. The firmware processes the process result together with the retained information to generate modification associated with the guest event.
    Type: Grant
    Filed: November 19, 2015
    Date of Patent: November 28, 2017
    Assignee: International Business Machines Corporation
    Inventors: Utz Bacher, Reinhard T. Buendgen
  • Patent number: 9832184
    Abstract: Apparatus and methods for enhancing group access accountability are provided. The method may include receiving a request from a user to access a system and user-identifying information associated with the user. The method may also include querying a database to retrieve a group ID number associated with at least a portion of the user-identifying information and access permissions associated with the group ID number. The method may further include querying a database to retrieve a user ID and password associated with the group ID number. The user ID and password may be selected from a group of usernames and passwords associated with the group ID number. The method may additionally include flagging the user ID and password with a flag, the flag indicating that the user ID and password are in use, and transmitting the user ID and password to the user.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: November 28, 2017
    Assignee: Bank of America Corporation
    Inventors: Sasidhar Purushothaman, Ramakrishna Gaddam, Rajamanimaran Krishnamoorthy, Surya Kiran Koduru, Santosh Kothuru, Santhosh Kurimilla
  • Patent number: 9818092
    Abstract: A system for implementing at least one cryptocurrency transaction at a point-of-sale by using a mobile terminal is provided. The system is operable to provide authentication for implementing the one or more cryptocurrency transactions, wherein the system is operable to send at least one authentication request for the at least one cryptocurrency transaction from a payment terminal to a payment service hosted via one or more virtual computing machines, wherein the payment service is operable to provide a request for a PIN code at the mobile terminal; to send the PIN code from the mobile terminal via a secure channel to open a vault in the one or more virtual machines, wherein the vault contains one or more private keys (PKI) which are useable for authenticating the at least one cryptocurrency transaction; and to confirm execution of the at least one cryptocurrency transaction to at least the payment terminal.
    Type: Grant
    Filed: June 4, 2014
    Date of Patent: November 14, 2017
    Inventor: Antti Pennanen
  • Patent number: 9811839
    Abstract: A system and method for providing a customer loyalty framework for a customer relationship management (CRM) system. The framework includes an internal CRM system, an internal loyalty system and an internal enterprise resource planning (ERP) system. The internal CRM system has a CRM repository storing CRM data and the internal loyalty system has a loyalty repository storing loyalty data for one or more customers enrolled in a company loyalty program. The internal CRM system stores business logic that is executable by the internal loyalty system, the internal CRM system, and/or the internal ERP system to execute the company loyalty program. The system further includes an external CRM system connected with the internal network by an external communication network.
    Type: Grant
    Filed: April 30, 2014
    Date of Patent: November 7, 2017
    Assignee: SAP SE
    Inventor: Meenakshi Sundaram P
  • Patent number: 9813422
    Abstract: A privileged account management system can maintain a database that defines a normal amount of time that it takes to perform a task associated with a reason code. When an administrator requests admin credentials for accessing a server, the administrator can provide a reason code which defines a task that the administrator intends to accomplish. A PAM system can maintain a database that defines, for each reason code, a normal amount of time that is required to accomplish the task associated with the reason code. The PAM system can then monitor an elapsed time over which the admin credentials are checked out to an administrator to determine whether the elapsed time exceeds the corresponding normal amount of time. If the elapsed time exceeds the normal amount, the PAM system can take appropriate action to mitigate any potential harm to the server.
    Type: Grant
    Filed: April 30, 2015
    Date of Patent: November 7, 2017
    Assignee: Quest Software Inc.
    Inventors: Matthew T. Peterson, Daniel F. Peterson, Jordan S. Jones
  • Patent number: 9811131
    Abstract: An apparatus determines, when receiving a packet transited via a network in a power saving mode, whether or not the packet is a packet according to a predetermined protocol. If the packet is determined to be the packet according to a predetermined protocol, the apparatus analyzes the data of a succeeding packet described in a data description language, and instructs the apparatus to return from the power saving mode to a normal power mode depending on an analysis result.
    Type: Grant
    Filed: November 28, 2012
    Date of Patent: November 7, 2017
    Assignee: Canon Kabushiki Kaisha
    Inventor: Tadahiro Nakamura
  • Patent number: 9806978
    Abstract: Replicated instances in a database environment provide for automatic failover and recovery. A monitoring component can obtain a lease enabling the component to periodically communicate with, and monitor, one or more data instances in the data environment, where the data instance can be a replicated instance including a primary and a secondary replica. For a large number of instances, the data environment can be partitioned such that each monitoring component can be assigned a partition of the workload. In the event of a failure of a monitoring component, the instances can be repartitioned and the remaining monitoring components can be assigned to the new partitions to substantially evenly distribute the workload.
    Type: Grant
    Filed: March 17, 2014
    Date of Patent: October 31, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Grant Alexander MacDonald McAlister, Swaminathan Sivasubramanian, Barry B. Hunter, Jr., Silas M. Brazil
  • Patent number: 9797115
    Abstract: A power transmission device includes an input shaft, an output shaft, a gear mechanism, an energy-generating motor, a first clutch, and a locking device. The energy storage unit is configured to store the energy generated by the energy-generating motor. The gear mechanism includes a planetary gear mechanism, which includes a first rotation element, a second rotation element, and a third rotation element, which are mutually different. The first clutch is provided in the power transmission route between the engine and the first rotation element. The locking device locks or releases the second rotation element. The energy-generating motor is connected to the third rotation element. A controller locks the second rotation element, converges the rotation speeds of two rotation shafts in the first clutch to cause the first clutch to engage, and rotates the energy-generating motor using drive power from the engine to thereby accumulate energy in the energy storage unit.
    Type: Grant
    Filed: January 20, 2015
    Date of Patent: October 24, 2017
    Assignee: KOMATSU LTD.
    Inventors: Yasuki Kishimoto, Hiroshi Monden, Yasunori Ohkura
  • Patent number: 9800319
    Abstract: A relay apparatus provided to a vehicle, performing first data communication with a first communication apparatus arranged outside the vehicle, and performing at least second data communication with multiple second communication apparatuses provided to the vehicle is provided. The relay apparatus includes a permission determination portion and an initiation switch portion. The permission determination portion determines whether first data communication between the first communication apparatus and a target second communication apparatus is permitted. The permission determination portion receives the first communication frame from the first communication apparatus through a connection switch portion determining a connection destination according to a control signal. The initiation switch portion outputs to the connection switch portion, the control signal designating the target second communication apparatus as the connection destination of the first communication apparatus.
    Type: Grant
    Filed: August 10, 2015
    Date of Patent: October 24, 2017
    Assignee: DENSO CORPORATION
    Inventors: Tetsuo Nakagawa, Tomohisa Kishigami
  • Patent number: 9794782
    Abstract: Described herein are systems and methods for connecting devices to secured networks, such as secured wireless networks, by storing credentials for the network and passing the credentials to a new device, such as, for example, when the new device is attempting to connect to the secured network for the first time.
    Type: Grant
    Filed: October 15, 2014
    Date of Patent: October 17, 2017
    Assignee: BELKIN INTERNATIONAL INC.
    Inventor: Venkata Subba Rao Pathuri
  • Patent number: 9792423
    Abstract: Methods and systems are provided for electronic authentication. A modified electronic image is generated by altering at least a pixel of an electronic image. The electronic image is an image that has been previously viewed by a user during a setup process. In response to receiving an authentication request from the user, the modified electronic image is displayed to the user via an electronic display along with one or more other electronic images. A determination is made as to whether the user is able to recognize the modified electronic image. In response to determination that the user is able to recognize the modified electronic image, the authenticating request is granted.
    Type: Grant
    Filed: August 13, 2015
    Date of Patent: October 17, 2017
    Assignee: PAYPAL, INC.
    Inventor: William Joseph Leddy
  • Patent number: 9785942
    Abstract: Methods for purchasing of goods or services over the internet. A customer has a customer account set up at a bank with associated account information. The account information includes verification information for verification parameters, such as authorized computer identification, authorized delivery addresses, authorized global positioning satellite or other secure location information, authorized user identification, authorized telephone caller identification, and/or other account information. An order is placed by a user via an ordering computer which provides order information. Such order information includes verification variables used by the bank. Verification and/or authentication using one or more variables of the customer account information is used by the bank to validate the order before assuring payment to the merchant.
    Type: Grant
    Filed: December 1, 2015
    Date of Patent: October 10, 2017
    Assignee: eCardless Bancorp, Ltd.
    Inventors: Randy D. Sines, Randy A. Gregory
  • Patent number: 9787689
    Abstract: A network authentication system and method is described for authenticating multiple profile accesses from a single remote device. A device remote from a web server, yet connected to the web server via, for example, the Internet, can allow multiple users to register their profiles within the device. The profiles are registered using a pre-existing user ID and password corresponding to, for example, the user's financial accounts. Multiple profiles and, specifically, the indicia of those profiles, can appear on the display of the remote device allowing each user the ability to select their own registered profile. Access to a profile is granted when the user enters their private PIN. Once the PIN is entered, the private information such as financial account information will be securely forwarded from the web server to the remote device.
    Type: Grant
    Filed: July 8, 2016
    Date of Patent: October 10, 2017
    Assignee: Cullen/Frost Bankers, Inc.
    Inventors: James M. Stead, Arun Muthukrishnan, Michael R. Johnson, Laurie A. Rivera, Selina D. Bilyeu
  • Patent number: 9781107
    Abstract: A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction and determining whether the transaction requires access to protected resources. Moreover, the method determines whether inputted information is known, determines a state of a communications device when the inputted information is known, and transmits a biometric authentication request from a server to an authentication system when the state of the communications device is enrolled.
    Type: Grant
    Filed: October 26, 2015
    Date of Patent: October 3, 2017
    Assignee: DAON HOLDINGS LIMITED
    Inventors: Conor Robert White, Michael Peirce, Jason Scott Cramer, Chet Bradford Steiner, Suzanna Diebes
  • Patent number: 9781088
    Abstract: By a Web browser, an authentication screen is displayed based on HTML data received from a Web server, and authentication information inputted via the authentication screen is managed. Upon a display of the authentication screen, in a case where it is set to display an address of the HTML data as the identification information of the authentication screen, the address of the HTML data is displayed in a case where the title of the authentication screen does not exist, and in a case where it is set to not display the address of the HTML data as the identification information of the authentication screen, a predetermined character string is displayed in a case where the title of the authentication screen does not exist.
    Type: Grant
    Filed: December 1, 2014
    Date of Patent: October 3, 2017
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Katsuya Sakai
  • Patent number: 9781130
    Abstract: A method, system and computer program product for use in managing policies is disclosed. Policies associated with a communications device are correlated with respective locations. The location of the communications device is determined. The policy correlated with the determined location is applied to the communications device.
    Type: Grant
    Filed: June 28, 2012
    Date of Patent: October 3, 2017
    Assignee: EMC IP Holding Company LLC
    Inventors: Daniel V. Bailey, Lawrence N. Friedman, Riaz Zolfonoon, Yedidya Dotan
  • Patent number: 9781118
    Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: October 3, 2017
    Assignee: Intel Corporation
    Inventors: Hong C. Li, John B. Vicente, Prashant Dewan
  • Patent number: 9779052
    Abstract: A PCIe bridge transformation device and a method thereof are provided, which is adapted to a storage unit in a lock state. The transformation device includes a connecting unit, a PCIe interface and a bridge. The connecting unit is connected to the storage unit and the connecting unit receives an identification command from the storage unit. The PCIe interface is electrically connected to an electronic unit. The bridge is installed with a first firmware for identifying an identification command. When the identification command is an access validity command, the first firmware unlocks the lock state of the storage unit, wherein the storage unit includes a second firmware corresponding to the first firmware, and the second firmware produces the identification command.
    Type: Grant
    Filed: January 21, 2016
    Date of Patent: October 3, 2017
    Assignee: Apacer Technology Inc.
    Inventors: Liang-Cheng Li, Chih-Hung Kuo
  • Patent number: 9779230
    Abstract: An information handling system includes a first processor, a second processor, and a third processor. The first processor requests a single-factor authentication from the second processor. The second processor receives a first authentication factor in response to the single-factor authentication request and requests a multi-factor authentication from the third processor. The third processor receives a second authentication factor in response to the multi-factor authentication request and provides the second authentication factor to the second processor. The second processor further verifies the first authentication factor and the second authentication factor and provides a single-factor authentication reply to the first processor in response to verifying the first authentication factor and the second authentication factor.
    Type: Grant
    Filed: September 11, 2015
    Date of Patent: October 3, 2017
    Assignee: DELL PRODUCTS, LP
    Inventors: Daniel L. Hamlin, Charles D. Robison, Jr., Nicholas D. Grobelny
  • Patent number: 9774596
    Abstract: A method includes receiving a registration input including a first raw biometric template and a user identifier. The first raw biometric template may be representative of unique features of a biometric characteristic of a user associated with the user identifier. The method includes generating a first transformed biometric template by applying a random projection to the first raw biometric template and communicating the first transformed biometric template and the user identifier to an authentication server. The method includes receiving a challenge input including a second raw biometric template and the user identifier. The method includes generating a second transformed biometric template and communicating the second transformed biometric template and the user identifier to the authentication server. The method includes receiving a signal indicative of an authentication decision from the authentication server.
    Type: Grant
    Filed: May 23, 2014
    Date of Patent: September 26, 2017
    Assignee: FUJITSU LIMITED
    Inventors: Avradip Mandal, Arnab Roy
  • Patent number: 9769202
    Abstract: Embodiments provide system and methods for a DDoS service using a mix of mitigation systems (also called scrubbing centers) and non-mitigation systems. The non-mitigation systems are less expensive and thus can be placed at or near a customer's network resource (e.g., a computer, cluster of computers, or entire network). Under normal conditions, traffic for a customer's resource can go through a mitigation system or a non-mitigation system. When an attack is detected, traffic that would have otherwise gone through a non-mitigation system is re-routed to a mitigation system. Thus, the non-mitigation systems can be used to reduce latency and provide more efficient access to the customer's network resource during normal conditions. Since the non-mitigation servers are not equipped to respond to an attack, the non-mitigation systems are not used during an attack, thereby still providing protection to the customer network resource using the mitigation systems.
    Type: Grant
    Filed: September 12, 2015
    Date of Patent: September 19, 2017
    Assignee: Level 3 Communications, LLC
    Inventors: Robert Smith, Shawn Marck, Christopher Newton
  • Patent number: 9760323
    Abstract: An image processing apparatus including a reader, a storage configured to store identification information, one or more setting operations, and one or more pieces of state information in association with each other, each setting operation being a previously-set operation of operations executable by the image processing apparatus, each piece of the state information indicating a predetermined apparatus state of apparatus states in which the image processing apparatus is allowed to be, and a controller configured to control the reader to read the identification information from a recording medium, acquire particular state information indicating a particular apparatus state of the image processing apparatus, and when determining that the acquired particular state information is coincident with a specific piece of the state information, perform a particular operation of the one or more setting operations that is stored in the storage in association with the specific piece of the state information.
    Type: Grant
    Filed: September 18, 2015
    Date of Patent: September 12, 2017
    Assignee: BROTHER KOGYO KABUSHIKI KAISHA
    Inventor: Toyoshi Adachi
  • Patent number: 9749864
    Abstract: Embodiments of the disclosure relate to controlling access to a mobile device with a paired device. Aspects include pairing the paired device with the mobile device and defining a security profile for the mobile device. Aspects also include receiving a user access request for a desired action via the mobile device and determining signal strength between the paired device and the mobile device. Aspects further include executing the desired action based on a determination that the signal strength is greater than a threshold in the security profile for the desired action.
    Type: Grant
    Filed: June 25, 2015
    Date of Patent: August 29, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Yu Deng, Jenny S. Li, Theresa Y. Tai, Liangzhao Zeng
  • Patent number: 9742763
    Abstract: A user device transmits a login request. A provider server, receives a random number from and transmits other information to an authentication server. The provider server transmits the random number to the device. The random number is transferred to a second user device, which transmits it to the authentication server. The authentication server transmits provider authentication policy requirements and further transmits the other information to the second device. The second device transmits user validation information to the authentication server. The authentication server determines that the transmitted validation information corresponds to the service provider authentication policy requirements, compares the validation information with stored validation information for the user to authenticate the user. The second device transmits a message, including the random number and the other information, signed with a user credential to the authentication server.
    Type: Grant
    Filed: June 15, 2016
    Date of Patent: August 22, 2017
    Assignee: Early Warning Services, LLC
    Inventors: Michael Neuman, Diana Neuman
  • Patent number: 9734500
    Abstract: A system and method for authenticating a candidate user accessing a host computing device as an authentic user is provided. The host computing device is in communication with an authenticating computing device. The method includes receiving, by the authenticating computing device, a request to authenticate the candidate user as an authentic user. The authentication request includes a user identifier. The method also includes retrieving, by the authenticating computing device, transaction data including payment transactions performed by the authentic user based on the user identifier. The method also includes generating, by the authenticating computing device, a challenge question and a correct answer based on the transaction data associated with the authentic user, and transmitting the challenge question for display on a candidate user computing device used by the candidate user.
    Type: Grant
    Filed: August 22, 2016
    Date of Patent: August 15, 2017
    Assignee: Mastercard International Incorporated
    Inventors: Debashis Ghosh, Randy Shuken
  • Patent number: 9721075
    Abstract: Method for processing data, in which a Petri net is encoded, written into a memory and read and executed by at least one instance, wherein transitions of the Petri net read from at least one tape and/or write on at least one tape symbols or symbol strings, with the aid of at least one head. [Fig 1]. In an alternative, data-processing, co-operating nets are composed, the composition result is encoded, written into a memory and read and executed from the memory by at least one instance. In doing this, components can have cryptological functions. The data-processing nets can receive and process second data from a cryptological function which is executed in a protected manner. The invention enables processing of data which prevents semantic analysis of laid-open, possibly few processing steps and which can produce a linkage of the processing steps with a hardware which is difficult to isolate.
    Type: Grant
    Filed: February 24, 2016
    Date of Patent: August 1, 2017
    Inventor: Wulf Harder
  • Patent number: 9712328
    Abstract: A computer network for data transmission between network nodes, the network nodes being authenticatable to one another by authentication information of a public key infrastructure, with a root certificate authority configured to generate the authentication information for the public key infrastructure. The root certificate authority is arranged separate from the computer network and is not linked to the computer network. A network node of the computer network comprises an authentication information storage, a processor, a network communication device and an initialization device having an initialization communication device and a temporary authentication information storage that can be read out by the processor.
    Type: Grant
    Filed: June 18, 2014
    Date of Patent: July 18, 2017
    Assignee: EADS DEUTSCHLAND GMBH
    Inventor: Oliver Hanka
  • Patent number: 9712536
    Abstract: An embodiment of the present invention is provided with an access control device, an access control method, and a program that are capable of easily managing access control and easily confirming whether appropriate access control is exercised. An access control device has a screen generation unit for generating selection screen information allowing for an access rule used by a user having logged in to a working terminal to be selected from one or a plurality of access rules created by an administrator of a client environment, and an access control unit for executing access control on a user according to an access rule selected from access rules displayed on the basis of the selection screen information.
    Type: Grant
    Filed: January 9, 2013
    Date of Patent: July 18, 2017
    Assignee: NOMURA RESEARCH INSTITUTE, LTD.
    Inventors: Jun Hashimoto, Ryoichi Teramura
  • Patent number: 9710634
    Abstract: Methods, apparatus, and systems for securing application interactions are disclosed.
    Type: Grant
    Filed: August 2, 2013
    Date of Patent: July 18, 2017
    Assignee: Vasco Data Security, Inc.
    Inventors: Nicolas Fort, Frank Coulier, Guilaume Teixeron
  • Patent number: 9710045
    Abstract: A method for managing network wake-up commands by a controller of a server includes receiving a system health data. The method includes receiving a network wake-up command from a network interface controller of the server. The method further includes the determining whether to wake-up the server based on the system health data to yield a determination, and commanding the server to wake-up, when the determination is to wake-up the server.
    Type: Grant
    Filed: October 14, 2015
    Date of Patent: July 18, 2017
    Assignee: QUANTA COMPUTER INC.
    Inventors: Yung-Fu Li, Chin-Fu Tsai, Kai-Fan Ku
  • Patent number: 9705905
    Abstract: A sandbox architecture that isolates and identifies misbehaving plug-ins (intentional or unintentional) to prevent system interruptions and failure. Based on plug-in errors, the architecture automatically disables and blocks registration of the bad plug-in via a penalty point system. Publishers of bad plug-ins are controlled by disabling the bad plug-ins and registering the publisher in an unsafe list. Isolation can be provided in multiple levels, such as machine isolation, process isolation, secure accounts with limited access rights, and application domain isolation within processes using local security mechanisms. A combination of the multiple levels of isolation achieves a high level of security. Isolation provides separation from other plug-in executions and restriction to system resources such as file system and network IP.
    Type: Grant
    Filed: May 8, 2014
    Date of Patent: July 11, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Nirav Yogesh Shah, Allen F. Hafezipour, Steve Jamieson, Shashi Ranjan
  • Patent number: 9705999
    Abstract: A system includes an ingestion component configured to receive a request from an entity for content related to a content item and a user identity. The request has a content identifier representative of the content item and a token. A request processing component of the system is configured to access a database associated with the system and identify the content item and the user identity using the content identifier and the token, wherein the database has information associating the token with the user identity and associating the content identifier with the content item. In response to identification of the content item and the user identity, the request processing component directs a recommendation engine associated with the system to identify the content related to the content item and the user identity. Information identifying the content related to the content item and the user identity is then transmitted back to the entity.
    Type: Grant
    Filed: December 11, 2015
    Date of Patent: July 11, 2017
    Assignee: Google Inc.
    Inventors: Justin Lewis, Gavin James
  • Patent number: 9699179
    Abstract: A method for authenticating a user of a computing device. The method includes a computer processor receiving an indication that a user of a computing device is accessing an object that utilizes an authentication process. The method further includes a computer processor selecting a first multi-media file that is associated with a user profile of the user and the object of the authentication process, wherein the first multi-media file is associated with a baseline user input authentication sequence. The method further includes creating a first temporal manipulation vector based on the user profile and a security requirement of the object of the authentication process, wherein the temporal manipulation vector modifies a presentation of a multi-media file and a corresponding time sequence of a user input authentication sequence in the multi-media file. The method further includes transmitting the first temporal manipulation vector and the first multi-media file to the computing device.
    Type: Grant
    Filed: April 15, 2015
    Date of Patent: July 4, 2017
    Assignee: International Business Machines Corporation
    Inventors: Saritha Arunkumar, Stephen D. Pipes
  • Patent number: 9699178
    Abstract: A method for authenticating a user of a computing device. The method includes a computer processor receiving an indication that a user of a computing device is accessing an object that utilizes an authentication process. The method further includes a computer processor selecting a first multi-media file that is associated with a user profile of the user and the object of the authentication process, wherein the first multi-media file is associated with a baseline user input authentication sequence. The method further includes creating a first temporal manipulation vector based on the user profile and a security requirement of the object of the authentication process, wherein the temporal manipulation vector modifies a presentation of a multi-media file and a corresponding time sequence of a user input authentication sequence in the multi-media file. The method further includes transmitting the first temporal manipulation vector and the first multi-media file to the computing device.
    Type: Grant
    Filed: November 25, 2014
    Date of Patent: July 4, 2017
    Assignee: International Business Machines Corporation
    Inventors: Saritha Arunkumar, Stephen D. Pipes
  • Patent number: 9697379
    Abstract: Aspects of the subject matter described herein relate database virtualization. In aspects, clusters of database servers may be located at various locations of the Internet. When a client seeks to access a logical database, the client may send a logical server and logical database name in a data structure. These names may be used to find a physical server(s) and database(s) that correspond to the logical database. Once the location is determined, a proxy component is used to intercept and/or forward communications between the client and the physical server(s) and database(s) corresponding to the logical database. Using this system, a client may access data from a logical database without knowing the physical address of the logical user database.
    Type: Grant
    Filed: June 8, 2015
    Date of Patent: July 4, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Andrew E. Kimball, Jeffrey R. Currier, Xiaoyu Wu, Zhongwei Wu
  • Patent number: 9697374
    Abstract: One or more techniques and/or systems are provided for deploying an application according to a data access profile used to sandbox the application. For example, an event planner app may be identified for download from an app store. A deployment mock data configuration interface may be presented to a user prior to or as a preliminary operation of downloading and/or installing the event planner app. A data access profile, specifying that the event planner app has access to user age data, but is blocked from accessing user phone number data, for example, may be received through the deployment mock data configuration interface. The event planner app may thus be deployed in a sandbox mode on the device based upon the data access profile (e.g., real age data may be provided to the event planner app whereas mock phone number data may be provided to the event planner app).
    Type: Grant
    Filed: February 19, 2014
    Date of Patent: July 4, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Fadi Haik, Nadav Bar
  • Patent number: 9697649
    Abstract: This application describes, in part, system and methods for controlling access to a device, application or service available through a device. In some implementations, an access request may be received and a three-dimensional representation of an object presented on a display of the device that allows a user to provide a three-dimensional input pattern. The input pattern may traverse multiple surface areas of the graphical representation of the three-dimensional object and in some instances the graphical representation of the object may rotate as the input pattern is received. The input pattern may then be verified and access to the device either granted or denied.
    Type: Grant
    Filed: September 4, 2012
    Date of Patent: July 4, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Isaac J Shepard, Keela N Robison
  • Patent number: 9693224
    Abstract: An apparatus for restricting execution of software is disclosed. The apparatus includes a telecommunication device configured to communicate with a wireless device (e.g., an RFID device) using a first wireless communication protocol. The telecommunication device is configured to determine whether or not the telecommunication device is located in an authorized wireless environment, based on wireless devices detected by the telecommunication device. The telecommunication device is also configured to execute a program in response to determining that it is located in an authorized wireless environment. Conversely, the telecommunication device is also configured to inhibit execution of the program in response to determining that it is not located in an authorized wireless environment.
    Type: Grant
    Filed: December 13, 2013
    Date of Patent: June 27, 2017
    Assignee: NXP B.V.
    Inventors: Philippe Teuwen, Peter Rombouts, Frank Michaud