Access Control Or Authentication Patents (Class 726/2)
  • Patent number: 10027667
    Abstract: Methods and apparatus for provisioning and providing services to devices on a local network are described. The methods and apparatus allow for the provisioning of services to customer owned and managed devices on a local network on which another device, e.g., a first device, has already been authenticated and authorized to receive services corresponding to a customer account. After a first device on a local network is authenticated and associated with a customer account it detects the addition of new devices on the local network and assists in the registration of the new device by acting as an intermediary with a service provider device during the registration process. The security and registration established by the first device is leveraged allowing other devices on the network to be registered and authenticated for services corresponding to the same account as the first device without requiring user input of authentication and/or other information.
    Type: Grant
    Filed: November 12, 2014
    Date of Patent: July 17, 2018
    Assignee: Time Warner Cable Enterprises LLC
    Inventors: Albert William Straub, Miles Anton Johnson
  • Patent number: 10021113
    Abstract: Systems and methods for authentication. At an authentication service, key synchronization information is stored for an enrolled authentication device for a user identifier of a service provider. The key synchronization information indicates that a private key stored by the authentication device is synchronized with a public key stored at the service provider. Responsive to an authentication request provided by the service provider for the user identifier, the authentication service determines an authentication device for the user identifier that stores a synchronized private key by using the key synchronization information, and provides the authentication request to the authentication device. The authentication service provides a signed authentication response to the service provider. The authentication response is responsive to the authentication request and signed by using the private key. The service provider verifies the signed authentication response by using the public key.
    Type: Grant
    Filed: July 27, 2017
    Date of Patent: July 10, 2018
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song
  • Patent number: 10019741
    Abstract: The embodiments provide for legally transferring multimedia content stored on a medium to a personal content archive device. The device is configured to consolidate a user's content into a single device or secured storage that allows easy access to the content while preserving the digital rights of the content. When a content medium has been provided, the device queries a registration service over a network, such as the Internet, to register the content and indicate that it was legitimately obtained. The device may then be authorized to download and store an authorized version of the content into its secured storage. The authorized version may be the same or a variation of the registered content. The content may then be downloaded from one or more content sources. The registration process may be based on several criteria, such as an authenticity check of the medium, a fee payment, and the like.
    Type: Grant
    Filed: August 9, 2010
    Date of Patent: July 10, 2018
    Assignee: Western Digital Technologies, Inc.
    Inventor: Lambertus Hesselink
  • Patent number: 10013543
    Abstract: A system, device, and method for binding metadata, such as information derived from the output of a biometric sensor, to hardware intrinsic properties by obtaining authentication-related metadata and combining it with information pertaining to a root of trust, such as a physical unclonable function. The metadata may be derived from a sensor such as a biometric sensor, the root of trust may be a physical unclonable function, the combination of the metadata and root of trust information may employ a hash function, and output from such a hash process may he used as an input to the root of trust. The combined information can he used in interactive or non-interactive authentication.
    Type: Grant
    Filed: June 5, 2017
    Date of Patent: July 3, 2018
    Assignee: Analog Devices, Inc.
    Inventors: John J. Walsh, John Ross Wallrabenstein
  • Patent number: 10003612
    Abstract: A computing system may be protected from revoked system updates. A computing system receives an object and scans it for revocation updates to a security structure of the computing system. The security structure is a monotonically nondecreasing collection of segments containing data on whether a system update is revoked and a system update's status as revoked signifies the revoked system update can no longer be used by the computing system. Based upon scanning the object, the computing system identifies and validates a revocation update. The computing system resolves the revocation update by applying the revocation update to the security structure, by adding or changing one or more segments of the security structure identified by the revocation update, in response to determining that the revocation update is valid, or by denying application of the revocation update to the security structure in response to determining that the revocation update is invalid.
    Type: Grant
    Filed: September 28, 2017
    Date of Patent: June 19, 2018
    Assignee: International Business Machines Corporation
    Inventors: Michael D. Hocker, Brandon S. Johnson
  • Patent number: 9996290
    Abstract: Embodiments include providing content requested by a user via an access point capable of wireless communication. Aspects include receiving the content provided by the management server and storing the content provided by the management server into a volatile memory provided in the wireless communication apparatus. Aspects also include storing difference data into a nonvolatile memory if it is requested to change the content stored in the volatile memory and monitoring a state of communication connection with the access point and whether or not a packet giving an instruction to hold the content has been received. Aspects further include deleting the content stored in the volatile memory if communication with the access point is disconnected or if the packet is unreceived.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: June 12, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Yasunao Katayama, Daiju Nakano, Kohji Takano
  • Patent number: 9990786
    Abstract: A request is received by a member of a credential granting authority to issue an electronic visitor credential to a visitor of the credential granting authority, the electronic visitor credential enabling access to resources of the credential granting authority. It is determined that the member of the credential granting authority is authorized to issue the credential to the visitor. Based on the determination that the member of the credential granting authority is authorized to issue the credential to the visitor, the electronic visitor credential is issued with at least one timing restriction that defines a time period during which the electronic visitor credential is valid and at least one usage restriction that limits resources of the credential granting authority to which the electronic visitor credential enables access It is determined to withdraw the electronic visitor credential. Based on determining to withdraw the electronic visitor credential, the credential is withdrawn.
    Type: Grant
    Filed: January 16, 2015
    Date of Patent: June 5, 2018
    Assignee: MicroStrategy Incorporated
    Inventor: Siamak Ziraknejad
  • Patent number: 9992020
    Abstract: A request is received to change a first, current encryption root key used to encrypt and decrypt a set of data in a database. A new, second encryption root key is generated. The second encryption root key is stored in a secured area in disk storage as a new current encryption root key. The first encryption root key is maintained in the secured area as a historical encryption root key. New root key version information that identifies the new, second encryption root key is generated and stored as current root key version information. A request is received to encrypt the set of data. The second encryption root key is identified as the current encryption root key based on the current root key version information. The second encryption root key is used to encrypt the set of data to create an encrypted set of data.
    Type: Grant
    Filed: November 21, 2016
    Date of Patent: June 5, 2018
    Assignee: SAP SE
    Inventors: Fabian Garagnon, Thomas Wenckebach
  • Patent number: 9985965
    Abstract: A security verification method, apparatus, and system relate to the field of computer security technologies, and are used to improve reliability of the verification code technology. In the method, an image capture request carrying an image capture parameter is sent to a server end after a verification page starts; a live view picture returned by the server end is received, where the live view picture is obtained by the server end by performing live view image capture according to the image capture parameter and prestored street view tile information; and a security verification operation is performed according to the live view picture.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: May 29, 2018
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Juan Du
  • Patent number: 9985969
    Abstract: Techniques are described for managing access to computing-related resources that, for example, may enable multiple distinct parties to independently control access to the resources (e.g., such that a request to access a resource succeeds only if all of multiple associated parties approve that access). For example, an executing software application may, on behalf of an end user, make use of computing-related resources of one or more types that are provided by one or more remote third-party network services (e.g., data storage services provided by an online storage service)—in such a situation, both the developer user who created the software application and the end user may be allowed to independently specify access rights for one or more particular such computing-related resources (e.g., stored data files), such that neither the end user nor the software application developer user may later access those resources without the approval of the other party.
    Type: Grant
    Filed: March 29, 2013
    Date of Patent: May 29, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Mark Joseph Cavage, John Cormie, Nathan R. Fitch, Don Johnson, Peter Sirota
  • Patent number: 9971566
    Abstract: A method of identifying a memory cell state for use in random number generation (RNG) includes comparing at least one physical parameter of a memory cell with a threshold value of the physical parameter and identifying a relationship of the at least one physical parameter of the memory cell to the threshold value. A state of 0, 1, or X is associated to the memory cell based on the relationship of the at least one physical parameter to the threshold value. At least one state storage memory cell is programmed with a value corresponding with the associated 0, 1, or X state. The programmed value of the at least one state storage memory cell is included in an RNG data stream.
    Type: Grant
    Filed: May 9, 2016
    Date of Patent: May 15, 2018
    Assignee: Arizona Board of Regents acting for and on behalf of Northern Arizona University
    Inventor: Bertrand Cambou
  • Patent number: 9965613
    Abstract: Systems and methods are described to validate user connections to one or more application servers within a multi-tenant application system. A domain-level cookie at the client identifies any active connections for that client. As the client requests a connection to a particular application, the cookie is provided to a validation server that determines if any previously-established sessions with the multi-tenant system exist, and/or if such sessions remain active. If an active session already exists, then the client can be redirected to a particular server to continue the previously-established session. If no valid prior sessions are available, then the client can be validated and a new connection to an appropriate server can be established, as appropriate.
    Type: Grant
    Filed: April 27, 2011
    Date of Patent: May 8, 2018
    Assignee: salesforce.com, inc.
    Inventor: Jong Lee
  • Patent number: 9965625
    Abstract: Provided are a control system and an authentication device capable of detecting abnormality of a development device for distributing a control program and of preventing destruction and tampering of the program caused by the abnormality. To solve the above problem, there is provided: a control device that controls a controlled object; a development device that manages a plurality of control programs executed by the control device and sends the predetermined control program and information accompanying the control program to the network; and an authentication device having an authentication list storing the information accompanying the control program in association with the control program.
    Type: Grant
    Filed: September 5, 2014
    Date of Patent: May 8, 2018
    Assignee: Hitachi, Ltd.
    Inventors: Hiromichi Endoh, Tsutomu Yamada, Satoshi Ohkubo
  • Patent number: 9959563
    Abstract: Systems and methods are disclosed for generating recommendation rules based on the attributes of items that are purchased together at a threshold rate. The attributes of the items may be extracted from item-detail content associated with the items. Using a count of the frequency with which pairs of items include pairs of attributes, a recommendation rule can be created that recommends items with particular attributes to users who access other items with particular attributes. Further, using the recommendation rules, items may be selected for recommendation to users who access an item that lacks historical access data from which to generate recommendations solving the “cold-start” problem. Moreover, negative rules may be generated based on historical access data and attributes of items purchased and/or not purchased together at a threshold rate to prevent the recommendation of particular items to users who access items associated with the negative rules.
    Type: Grant
    Filed: December 19, 2013
    Date of Patent: May 1, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Jianhui Wu, Debprakash Patnaik, Rui Wang
  • Patent number: 9961541
    Abstract: Data in a portable electronic device is protected by using external and internal status detection means to determine if the device is misplaced, lost, or stolen. The device then takes, singly or in combination, one of several actions to protect the data on the device, including declaring its location to an owner or service provider, locking the device or specific functions of the device to disable all data retrieval functionality, erasing or overwriting all the stored data in the device or, where the data has been stored in the device in an encrypted format, destroying an internally-stored encryption key, thereby preventing unauthorized access to the encrypted data in the device.
    Type: Grant
    Filed: November 4, 2016
    Date of Patent: May 1, 2018
    Assignee: Applied Minds, LLC
    Inventors: Bran Ferren, W. Daniel Hillis
  • Patent number: 9948645
    Abstract: Techniques for call-based user verification are described. In one embodiment, for example, an apparatus may comprise a processor circuit and a storage component. The apparatus may further comprise a session component, an identification (ID) component, a mapping component, and a verification component. The session component may be operative on the processor circuit and configured to receive session data from a client device and store the session data in the storage component. The ID component may be operative on the processor circuit and configured to request ID data from a server, receive ID data from the server, and send the ID data to the client device. The mapping component may be operative on the processor circuit and configured to map the session data with the ID data.
    Type: Grant
    Filed: September 12, 2016
    Date of Patent: April 17, 2018
    Assignee: FACEBOOK, INC.
    Inventors: Bradley Edward Hettervik, Surendra Gadodia, Xiao Liang, Antony T. Fu, Molly Jane Fowler
  • Patent number: 9946303
    Abstract: Provided herein are a multi smartphone and a method of controlling the same. The multi smartphone includes a display part configured to output a screen when an input signal is sensed; a memory part configured to store a plurality of operating systems (OSs) which are operated differently based on a time at which the input signal is sensed, a place at which the input signal is input, or a user who inputs the input signal; and a control part configured to perform control such that at least one OS of the plurality of OSs is selected and operated based on any one of a time at which the input signal is sensed, the place at which the input signal is input, and the user who inputs the input signal when the input signal is sensed.
    Type: Grant
    Filed: July 28, 2015
    Date of Patent: April 17, 2018
    Assignee: FOUNDATION OF SOONGSIL UNIVERSITY-INDUSTRY COOPERATION
    Inventor: Jongseong Kim
  • Patent number: 9942933
    Abstract: At least one processor and at least one memory coupled thereto associated with a first user terminal (UT) perform processes of previously storing pre-configuration information not derived from a base station, designating an area of resources for transmitting control information, determining a plurality of first radio resources within the area of resources for transmitting control information from the first UT to a second UT in a case that the first UT is out of coverage of the base station, and directly transmitting to the second UT the control information in each of the plurality of first radio resources by Device-to-Device (D2D) communication, each resource indicating a same at least one subframe of second radio resources to be used for transmitting data by the D2D communication. A second UT includes least one processor and at least one memory coupled thereto receives the control information from the first UT via D2D communication.
    Type: Grant
    Filed: October 13, 2017
    Date of Patent: April 10, 2018
    Assignee: KYOCERA Corporation
    Inventors: Naohisa Matsumoto, Kugo Morita, Masato Fujishiro, Takahiro Saiwai
  • Patent number: 9942937
    Abstract: A method, a device, and a non-transitory storage medium provide storing context information pertaining to an end device and previous attachments of the end device to the network; receiving an indication that the end device requests an attachment to the network subsequent to the storing and subsequent to previously occurring detachments of the end device; authenticating the end device using the context information during the attachment; and causing a creation of a bearer connection between the end device and the network using the context information and during the attachment.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: April 10, 2018
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Paul H. Siedelhofer, Abdul Subhan, Gregory L. Miceli
  • Patent number: 9940121
    Abstract: An electronic apparatus includes a control portion (1) including: an installation portion (11) that associates the user who performs installation with the installed program; and a program use control portion (17) that permits all users to use a first installed program associated with a first user and permit a second user and a third user who attempts to install a second installed program associated with the second user to use the second installed program. When the third user who is a user other than an administrator attempts to install an application program that the third user is not permitted to use, if the application program is the second installed program, the installation portion (11) does not perform installation and causes the program use control portion (17) to permit the third user to use the second installed program.
    Type: Grant
    Filed: May 2, 2016
    Date of Patent: April 10, 2018
    Assignee: KYOCERA Document Solutions Inc.
    Inventors: Kentaro Okamoto, Kyota Mitsuyama, Koji Ikawa
  • Patent number: 9934504
    Abstract: A transaction is authorized using an authentication process that prompts the user to perform an action in view of a camera or sensor. The process identifies the user and verifies that the user requesting the transaction is a living human being. The user is identified using image information which is processed utilizing facial recognition. The device verifies that the image information corresponds to a living human using one or more human-verification processes. The device prompts the user to perform an action to confirm the transaction, and causes the transaction to be performed after verifying performance of the action by the identified user.
    Type: Grant
    Filed: October 19, 2015
    Date of Patent: April 3, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Yicong Wang, Haizhi Xu
  • Patent number: 9935891
    Abstract: A computing resource policy specification (CRPRS) applies to a set of computing resources that share at least a portion of a first domain. The CRPRS comprises a plurality of rules describing a set of requirements with which a given computing resource in the set must comply. A determination is made, based at least in part on information received from a job scheduler, that an assessment of a particular computing resource for compliance with a first subset of rules included in the CRPRS should be initiated at a first time. A different subset of rules for compliance assessment is selected at a different time. A pre-scan associated with the particular computing resource is performed to assess functionality provided by the particular computing resource. A test set, of a subset of the tests associated with the assessment, is selected, and an assessment that uses the test set is dispatched and results of the assessment are delivered.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: April 3, 2018
    Assignee: Artemis Internet Inc.
    Inventor: Alexander Charles Stamos
  • Patent number: 9930034
    Abstract: A mobile device can receive, from an application installed on a wearable device, an authentication query. Based upon the authentication query, an application installed on the mobile device can be determined to have been authenticated. In response to determining that the application installed on the mobile device has been authenticated, a temporary password can be generated at the mobile device and converted into a vibration pattern. The vibration pattern can be vibrated at the mobile device. The temporary password sent from the mobile device can be compared with user input received via a tap interface on the wearable device. In response to determining that the user input corresponds to the temporary password, the application installed on the wearable device can be authenticated based on authentication parameters of the corresponding application on the mobile device.
    Type: Grant
    Filed: July 29, 2015
    Date of Patent: March 27, 2018
    Assignee: International Business Machines Corporation
    Inventors: Vijay Ekambaram, Ashish K. Mathur, Ashok Pon Kumar Sree Prakash
  • Patent number: 9922183
    Abstract: An electronic device and an information processing method are disclosed in the disclosure. The electronic device comprises: a wearable apparatus capable of forming a ring or an approximate ring, which is able to surround a first cylinder; a first sensor arranged at least partly in the wearable apparatus and towards an interior of the ring or the approximate ring, and configured to detect first biometric information of at least part of a wearer's body surrounded by the wearable apparatus if the wearable apparatus is worn on the part of the wearer's body; a first processor arranged in the wearable apparatus, and configured to determine whether the first biometric information matches first preset biometric information to obtain a determination result and to perform security processing corresponding to the determination result based on the determination result.
    Type: Grant
    Filed: September 29, 2015
    Date of Patent: March 20, 2018
    Assignees: BEIJING LENOVO SOFTWARE LTD., LENOVO (BEIJING) LIMITED
    Inventor: Yiqiang Yan
  • Patent number: 9924319
    Abstract: A tracking system is disclosed that enables the tracking of a beacon device and a credential device being held by the beacon device. The beacon device may communicate with readers of an access control system using a first communication protocol whereas the credential device being held by the beacon device may communicate with readers of the access control system using a second communication protocol. As the beacon device and the credential device being held by the beacon device may also communicate with readers at different times, a beacon device may be associated with a credential device being held thereby such that tracking of one device enables inferred tracking of the other device.
    Type: Grant
    Filed: July 14, 2016
    Date of Patent: March 20, 2018
    Assignee: ASSA ABLOY AB
    Inventors: Philip Hoyer, Julian Eric Lovelock, Mark Robinton
  • Patent number: 9917831
    Abstract: A method of authenticating a user of an image forming apparatus is provided that includes receiving, at the image forming apparatus, a one-time password (OTP) generating request, generating, at the image forming apparatus, an OTP according to the OTP generating request, receiving, at the image forming apparatus, an authentication request, from the host apparatus, including the OTP, and when the OTP received from the host apparatus matches the OTP generated according to the OTP generating request and absent a condition, approving an access to the image forming apparatus.
    Type: Grant
    Filed: July 29, 2014
    Date of Patent: March 13, 2018
    Assignee: S-PRINTING SOLUTION CO., LTD.
    Inventor: Kwang-woo Lee
  • Patent number: 9917834
    Abstract: A digital verified identification system and method are presented for verifying and/or authenticating the identification of an entity associated with an electronic file, such as, for example the digital signatory thereof. In particular, the system and method include a module generating assembly structured to receive at least one verification data element, and at least one digital identification module structured to be associated with at least one entity. The digital identification module is capable of being disposed or embedded within at least one electronic file. Further, the digital Identification module with the entity, and one or more metadata identification module includes at least one primary components identification module includes at least one primary component structured to at least partially associate the digital.
    Type: Grant
    Filed: June 8, 2015
    Date of Patent: March 13, 2018
    Inventor: Leigh M. Rothschild
  • Patent number: 9912670
    Abstract: Resource feature transfer is described. In one or more embodiments, information is collected about interaction of an unauthenticated user of a computing device with a resource, such as content (e.g., a web page) or an application. The information may identify the user, a device or application used to interact with the resource, and so on. This information is communicated to an identity management service (IMS) to determine features to make accessible to the unauthenticated user when interacting with the resource. During the interaction, the user initiates authentication to a corresponding user profile. To achieve a consistent user experience, the features made accessible to the user when unauthenticated are transferred so they are also accessible when authenticated. To do this, authentication information is communicated to the IMS with a token indicating the features determined for the unauthenticated user. The IMS then merges these features with features indicated by the user profile.
    Type: Grant
    Filed: April 19, 2016
    Date of Patent: March 6, 2018
    Assignee: ADOBE SYSTEMS INCORPORATED
    Inventors: Sanjeev Kumar Biswas, Mayank Goyal, John A. Trammel
  • Patent number: 9906469
    Abstract: The invention relates to an aircraft control system, situated in the avionics bay, including a computer, a remote equipment, such as an actuator of control surfaces, and an AFDX network. The computer includes a first module and a second module, respectively connected to a corresponding first module and a second module of the equipment, by a first and a second virtual link sharing a common path through the network, the first and second virtual links being segregated by a separate encoding at the applicative level. A replication and/or frame switching device is connected, on the one hand, to the common port and, on the other hand, to the ports of the first and second modules of the equipment.
    Type: Grant
    Filed: December 11, 2013
    Date of Patent: February 27, 2018
    Assignee: Airbus Operations (S.A.S.)
    Inventors: Marc Fervel, Antoine Maussion, Arnaud Lecanu, Sylvain Sauvant
  • Patent number: 9906544
    Abstract: Methods and systems for malicious non-human user detection on computing devices are described. The method includes collecting, by a processing device, raw data corresponding to a user action, converting, by the processing device, the raw data to features, wherein the features represent characteristics of a human user or a malicious code acting as if it were the human user, and comparing, by the processing device, at least one of the features against a corresponding portion of a characteristic model to differentiate the human user from the malicious code acting as if it were the human user.
    Type: Grant
    Filed: December 2, 2015
    Date of Patent: February 27, 2018
    Assignee: Akamai Technologies, Inc.
    Inventor: Sreenath Kurupati
  • Patent number: 9898120
    Abstract: Disclosed is a watch type mobile terminal wearable on a wrist. The watch type mobile terminal includes a main body, a band unit, a sensing unit and a controller. The main body has a display unit. The band unit is connected to the main body so that the mobile terminal is worn on the wrist, and surrounds the wrist. The sensing unit senses at least one tap applied to at least one of the main body and the band unit. The controller configured performs a function corresponding to a pattern to which the tap is applied.
    Type: Grant
    Filed: April 29, 2015
    Date of Patent: February 20, 2018
    Assignee: LG ELECTRONICS INC.
    Inventors: Jeongyoon Rhee, Taeseong Kim, Yujune Jang
  • Patent number: 9898874
    Abstract: A method of controlling the use of a custom image by a user in a value dispensing system, such as a mail processing system, that enables the system provider to account and charge for the use of the custom image without ever actually receiving the data representing custom image. The method includes steps of receiving a hash generated from at least the custom image at a provider location, such as a data center, generating a digital signature from data including at least the received hash, and transmitting the digital signature and data used to generate the digital signature to the user at a user location. The method may further include additional steps of determining whether the digital signature can be successfully verified, and allowing the custom image to be printed by the user only if it is determined that the digital signature can be successfully verified.
    Type: Grant
    Filed: May 31, 2005
    Date of Patent: February 20, 2018
    Assignee: Pitney Bowes Inc.
    Inventors: Andrei Obrea, Frederick W. Ryan, Jr.
  • Patent number: 9900344
    Abstract: Embodiments can identify requests that may be tied to a DDOS attack. For example, the primary identifiers (e.g., a source address) of requests for a network resource (e.g., an entire website or a particular element of the website) can be tracked. In one embodiment, a statistical analysis of how often a particular source address (or other primary identifier) normally makes a request can be used to identify source addresses that make substantially more requests. A normal amount can correspond to an average number of request that a source address makes. According to some embodiments, a system can use statistical analysis methods on various request data in web server logs to identify potential attacks and send data concerned potential attacks to an HBA system for further analysis.
    Type: Grant
    Filed: November 3, 2015
    Date of Patent: February 20, 2018
    Assignee: Level 3 Communications, LLC
    Inventors: Robert Smith, Shawn Marck
  • Patent number: 9900318
    Abstract: There is provided a method of authenticating a user in a network. The method can be executed on a server. The method comprises: acquiring a non-authorized user-behavior model associated with a non-authorized access to a network resource by an unauthorized entity, the non-authorized user-behavior model having been generated during blocking the non-authorized access to the network resource by the unauthorized entity; retrieving from a log stored on the network server, an indication of a plurality of users, each respective user associated with a respective user-behavior model; responsive to one of the respective user-behavior model matching the non-authorized user-behavior model, associating a user account associated with the respective user associated with the one of the respective user-behavior model with a security-violation parameter; responsive to the security-violation parameter, restricting user activity within the user account.
    Type: Grant
    Filed: February 11, 2015
    Date of Patent: February 20, 2018
    Assignee: YANDEX EUROPE AG
    Inventors: Ekaterina Aleksandrovna Andreeva, Yury Alekseyevich Leonychev, Egor Vladimirovich Ganin, Sergey Aleksandrovich Lavrinenko
  • Patent number: 9888755
    Abstract: Luggage as well as systems, devices, methodologies, and software for use with such luggage are disclosed. The luggage may include one or more compartments and lids that can be locked. The luggage may also include an identification device for obtaining information identifying a user and a computing device, such as a microcontroller or processor. The computing device may be configured to compare identification information with reference identification information to determine whether a user is authorized to access an interior of the luggage. Based on results of the comparison, the computing device may control a locking mechanism to unlock one or more of lids of the luggage to allow a user access to the interior of the luggage. The luggage may also include a GPS transceiver for tracking the luggage, a sensor for weighing the luggage, or a coupling mechanism to couple the luggage to another piece of luggage.
    Type: Grant
    Filed: January 4, 2016
    Date of Patent: February 13, 2018
    Assignee: Matte-Veede FZE
    Inventor: Jonathan Jacob
  • Patent number: 9891803
    Abstract: In one general aspect, a method can include displaying, on a display device included in a computing device, content in an application executing on the computing device, and determining that the computing device is proximate to a videoconferencing system. The method can further include displaying, in a user interface on the display device, at least one identifier associated with a videoconference, receiving a selection of the at least one identifier, and initiating the videoconference on the videoconferencing system in response to receiving the selection of the at least one identifier. The videoconference on the videoconferencing system can be initiated such that the content is provided for display on a display device included in the videoconferencing system.
    Type: Grant
    Filed: November 13, 2014
    Date of Patent: February 13, 2018
    Assignee: Google LLC
    Inventors: Mark David Scott, Mark Alan Foltz, Kurt Mauro Dresner, Adam Parker
  • Patent number: 9886726
    Abstract: Social networking spam is detected using usage profiles for social networking groups. A mapping module maps a social networking group with a number of members. A pattern module determines a pattern of publishing activity of the members in posting information on blogs of other of the members. A profiling module defines a group usage profile for the social networking group based on the pattern. Global usage profiles can also be created for the social networking environment. An identification module identifies when a new entry has been posted on a blog of a members of a social networking group. An analysis module analyzes the new entry in comparison to a group usage profile (or other profiles). A determination module determines whether the new entry deviates from the pattern of activity of the members based on the analysis. If the new entry deviates, a spam detection module detects that the new entry is spam.
    Type: Grant
    Filed: March 31, 2009
    Date of Patent: February 6, 2018
    Assignee: SYMANTEC CORPORATION
    Inventor: William Gauvin
  • Patent number: 9886334
    Abstract: The embodiments relate to processing a guest event in a hypervisor-controlled system. A guest event triggers a first firmware service for the guest event in firmware. The guest event is associated with a guest, a guest key, and with a guest state and protected guest memory accessible only by the guest and the firmware. The firmware processes information associated with the guest event. The processed information includes information of the guest state and the protected guest memory. A subset of the processed information is received by a hypervisor to process the guest event, and a non-received portion of the information is retained by the firmware. The hypervisor processes the guest event based on the received subset and sends a process result to the firmware triggering a second firmware service for the guest event. The firmware processes the process result together with the retained information to generate modification associated with the guest event.
    Type: Grant
    Filed: October 28, 2015
    Date of Patent: February 6, 2018
    Assignee: International Business Machines Corporation
    Inventors: Utz Bacher, Reinhard T. Buendgen
  • Patent number: 9882911
    Abstract: A trust rating is computed for a data requester across one or more dimensions by identifying the data requester, collecting information regarding the data requester from one or more sources, and generating the trust rating for the data requester across the one or more dimensions based on the collected information. The trust rating is utilized to either grant or deny a request by the data requester to access data associated with one or more data providers.
    Type: Grant
    Filed: December 1, 2015
    Date of Patent: January 30, 2018
    Assignee: International Business Machines Corporation
    Inventors: Alexandre de Queiroz Baltar, Silvia Cristina Sardela Bianchi, Marcio da Ros Gomes, Marcos Vinicius Landivar Paraiso, Sergio Varga
  • Patent number: 9880833
    Abstract: Initialization status of a register to be used as a pointer to a reference data structure is used to determine how a stub is to be generated to access the reference data structure. The register is one type of pointer configuration to be used to access the reference data structure, which is used to resolve a symbol associated with a function of a program. An indication is obtained as to whether the register has been initialized with a reference data structure pointer. Based on obtaining the indication, a stub is generated that is to be used to access the function. The generating depends on whether the register has been initialized. If the register has not been initialized, then the stub is generated to include another type of pointer configuration to be used to access the reference data structure.
    Type: Grant
    Filed: June 30, 2015
    Date of Patent: January 30, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Michael K. Gschwind
  • Patent number: 9880835
    Abstract: Initialization status of a register to be used as a pointer to a reference data structure is used to determine how a stub is to be generated to access the reference data structure. The register is one type of pointer configuration to be used to access the reference data structure, which is used to resolve a symbol associated with a function of a program. An indication is obtained as to whether the register has been initialized with a reference data structure pointer. Based on obtaining the indication, a stub is generated that is to be used to access the function. The generating depends on whether the register has been initialized. If the register has not been initialized, then the stub is generated to include another type of pointer configuration to be used to access the reference data structure.
    Type: Grant
    Filed: November 14, 2015
    Date of Patent: January 30, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Michael K. Gschwind
  • Patent number: 9876784
    Abstract: A method for authenticating a user of a computing device. The method includes a computer processor receiving an indication that a user of a computing device is accessing an object that utilizes an authentication process. The method further includes a computer processor selecting a first multi-media file that is associated with a user profile of the user and the object of the authentication process, wherein the first multi-media file is associated with a baseline user input authentication sequence. The method further includes creating a first temporal manipulation vector based on the user profile and a security requirement of the object of the authentication process, wherein the temporal manipulation vector modifies a presentation of a multi-media file and a corresponding time sequence of a user input authentication sequence in the multi-media file. The method further includes transmitting the first temporal manipulation vector and the first multi-media file to the computing device.
    Type: Grant
    Filed: February 6, 2017
    Date of Patent: January 23, 2018
    Assignee: International Business Machines Corporation
    Inventors: Saritha Arunkumar, Stephen D. Pipes
  • Patent number: 9870431
    Abstract: The invention relates to an efficient system for user rights in a semantic digital network, whereby users are arranged in the same semantic network as the information objects. The rights are thus derived from the semantic relations between users and information objects in a common semantic network.
    Type: Grant
    Filed: June 10, 2008
    Date of Patent: January 16, 2018
    Assignee: INTELLIGENT VIEWS GMBH
    Inventors: Clara Hammen, Jan Schümmer, Ralf Rath, Hans Scholz, Christian Schuckmann, Elke Siemon, Patrick Closhen
  • Patent number: 9870461
    Abstract: Techniques are disclosed for generating, utilizing, and validating traceable image CAPTCHAs. In certain embodiments, a traceable image is displayed, and a trace of the image is analyzed to determine whether a user providing the trace is human. In certain embodiments, a computing device receives a request for an image, and in response, creates a traceable image based upon a plurality of image elements. The computing device transmits data representing the traceable image to cause a second computing device to display the traceable image via a touch-enabled display. The computing device receives a user trace input data generated responsive to a trace made at the second computing device, and determines whether the trace is within an error tolerance range of the set of coordinates associated with the traceable image. The computing device then sends a result of the determination.
    Type: Grant
    Filed: October 6, 2016
    Date of Patent: January 16, 2018
    Assignee: Oracle International Corporation
    Inventors: Nagasravani Akula, Rachit Raj, Mohamad Raja Gani Mohamad Abdul
  • Patent number: 9864625
    Abstract: Methods, systems, and techniques for facilitating access to content stored remotely, for example, as part of a virtual machine infrastructure or elsewhere in a networked environment, using a uniform mechanism are provided. Example embodiments provide an Enhanced Virtual Desktop Management Server/System with a Content Abstraction Layer which enables users to access their data stored as part of a virtual machine environment, or replicated otherwise on a network, using a generic API. The API can be incorporated into a web browser or other third party interface to provide access to the users' data without needing to remote a bitmap representation of a virtual desktop display. Accordingly, users can access their data, applications, and settings regardless of the type of access device and regardless of whether the corresponding virtual desktop is running in the data center, provisioned in the datacenter but running on a client device, or not running at all.
    Type: Grant
    Filed: February 29, 2016
    Date of Patent: January 9, 2018
    Assignee: VMware, Inc.
    Inventors: Puneet Chawla, Jad Chamcham
  • Patent number: 9866551
    Abstract: Disclosed are a one time password generation device and an authentication method. The one time password generation device includes: a reference information generator that generates reference information; a virtual input means generator that generates a virtual input means in which a blank is provided; and a password generator that generates a one time password using an initial value, reference information and a blank.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: January 9, 2018
    Inventors: Young Man Hwang, Sung Min Joo
  • Patent number: 9860265
    Abstract: The system and method described herein may leverage passive and active vulnerability discovery to identify network addresses and open ports associated with connections that one or more passive scanners observed in a network and current connections that one or more active scanners enumerated in the network. The observed and enumerated current connections may be used to model trust relationships and identify exploitable weak points in the network, wherein the exploitable weak points may include hosts that have exploitable services, exploitable client software, and/or exploitable trust relationships. Furthermore, an attack that uses the modeled trust relationships to target the exploitable weak points on a selected host in the network may be simulated to enumerate remote network addresses that could compromise the network and determine an exploitation path that the enumerated remote network addresses could use to compromise the network.
    Type: Grant
    Filed: April 17, 2015
    Date of Patent: January 2, 2018
    Assignee: Tenable Network Security, Inc.
    Inventors: Ron Gula, Renaud Deraison
  • Patent number: 9860223
    Abstract: Users on a client system access files served by a web application through the Network File System (NFS) protocol using common web authentication mechanisms while still honoring constraints imposed by the application's authorization rules. To this end, the client system is modified to include an NFS server. Following authentication of the NFS server with the web application, NFS-based requests (from a local NFS client) directed to the application are received at the NFS server instead of being sent to the application directly. The NFS server, in turn, maps those requests to the web application preferably using standard HTTP. Because the web application's normal security model is enforced as intended at the web application, the approach enables individual users of the client system to operate under different visibility constraints dictated by the web application. Thus, fine-grained permissions may be enforced at the web application for different users.
    Type: Grant
    Filed: March 27, 2013
    Date of Patent: January 2, 2018
    Assignee: International Business Machines Corporation
    Inventors: Sheehan Anderson, Richard Lee Kulp, Gili Mendel
  • Patent number: 9854618
    Abstract: A first user terminal according to an embodiment comprises: at least one processor and at least one memory coupled to the processor. The processor is configured to perform processes of: determining first radio resources to be used for transmitting control information, the control information indicating location of second radio resources to be used for transmitting data by direct Device-to-Device communication; and directly transmitting the same control information repeatedly to a second user terminal in each resource block included in the first control resources.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: December 26, 2017
    Assignee: KYOCERA Corporation
    Inventors: Naohisa Matsumoto, Kugo Morita, Masato Fujishiro, Takahiro Saiwai
  • Patent number: 9846892
    Abstract: A location-based information system and method therefor, which is responsive to the user's selection of geographic zone and parameters. A proprietary app (application) is installed in a mobile device of the user, which insures that a connection to the user from a caller is based on the user's defined zone and other parameters without the disclosing the exact location of the user. Various embodiments of the invention provide an option for user-to-user location-based connection without depending on a remote server.
    Type: Grant
    Filed: September 16, 2016
    Date of Patent: December 19, 2017
    Inventor: Boaz Hyman