Authorization Patents (Class 726/21)
  • Patent number: 10440999
    Abstract: An electronic vaping device may be designed to enhance or facilitate its use. For example, the electronic vaping device may: allow a capability of the electronic vaping device to provide vapor to be altered (e.g., disabled, reduced, enabled, or increased) in some situations (e.g., to prevent unauthorized vaping by a child, teenager or other individual); be able to communicate with an external communication device (e.g., a smartphone, a computer, etc.) to convey a notification of potential unauthorized use of the electronic vaping device (e.g., by a child, teenager or other unauthorized user); implement a physical deterrent to its unauthorized use; be able to visually convey information (e.g., advertisements, notifications, etc.); and/or be able to capture images and/or sounds (e.g., record pictures and/or video, speech, music, etc.).
    Type: Grant
    Filed: June 13, 2018
    Date of Patent: October 15, 2019
    Inventor: Martin Tremblay
  • Patent number: 10432454
    Abstract: There is provided an electronic device connected to a network, including a transmission unit which transmits device identification information of the electronic device and at least one other electronic device to a server over the network, a reception unit which receives association operation programs for the electronic device and the at least one other electronic device from the server over the network, and a control unit which controls the electronic device according to the association operation program.
    Type: Grant
    Filed: July 24, 2014
    Date of Patent: October 1, 2019
    Assignee: SONY CORPORATION
    Inventors: Hirotoshi Maegawa, Tooru Hiraga
  • Patent number: 10423309
    Abstract: Systems, devices, and methods for managing a security system are described. A method may comprise receiving a request to join a security system by a user device. A whitelist may indicate devices, device types, device makes, device models, and/or device firmware versions authorized to join the security system. The method may further comprise enabling, based on a determination that the whitelist comprises an indication that the user device is authorized to join the security system, the user device to exchange data with the security system.
    Type: Grant
    Filed: July 10, 2017
    Date of Patent: September 24, 2019
    Assignee: iControl Networks, Inc.
    Inventors: Jim Kitchen, Clay Dearman, Thomas Lea, Mark Bryan, Adrian Helen, David Proft, Michael Speer
  • Patent number: 10412148
    Abstract: A client device includes a processor and memory. An operating system and a client application are executed by the processor and memory. The client application is configured to determine first and second coordinated universal time (UTC) time intervals for a first non-UTC time interval associated with a first event type and a second non-UTC time interval associated with the first event type; generate a single request for the remote activity feed server to aggregate corresponding events during the first UTC time interval and the second UTC time interval; and send the single request via a network interface to the remote activity feed server.
    Type: Grant
    Filed: July 21, 2016
    Date of Patent: September 10, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: André Miguel Coelho de Oliveira Rodrigues, Ilya Grebnov, Sunay Vaishnav, Samuel Lenz Banina
  • Patent number: 10404702
    Abstract: In one embodiment, a request is received from a remote device of a user for configuring a tenant-unit of a storage system via a secure connection session. A secure multi-tenancy (SMT) module determines a first network identity associated with the secure connection session. The SMT module examines an SMT registry namespace associated with the tenant-unit of the tenant to determine a second network identity that has been assigned to the tenant-unit. The first network identity is compared with the second network identity. The request is allowed to configure the tenant-unit in response to determining that the first and second network identities match; otherwise, the request is denied.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: September 3, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Subhasish Chakraborty, Uday Jonnala, Hongyu Zhang
  • Patent number: 10405017
    Abstract: Securing access to content provided over a distributed network is provided. A user desiring content from a given content source may provide login credentials via a downloaded content source application that will be used to authenticate the requesting user's access to the requested content item via a content services provider. When the access request is received, the content source application passes to the content services provider login/authentication credentials, location information and access attempt frequency information. If the location information and/or access attempt frequency information for the requesting user and/or user device raises suspicion that the requested access may be unauthorized, an automated notification can be passed to a primary services account holder associated with an account through which the requested content is received to request permission or denial from the primary account holder to allow the requested content access.
    Type: Grant
    Filed: February 21, 2018
    Date of Patent: September 3, 2019
    Assignee: COX COMMUNICATIONS, INC.
    Inventor: Pujan Roka
  • Patent number: 10402179
    Abstract: An example method includes generating, by a computing system, first unique configuration information, generating, by the computing system and based on the first unique configuration information, a first unique instance of a software component, generating second unique configuration information, wherein the second unique configuration information is different from the first unique configuration information, and generating, based on the second unique configuration information, a second unique instance of the software component that is executable on the runtime computing system. The first and second unique instances of the software component comprise different instances of the same software component that each are configured to have uniquely different operating characteristics during execution on the runtime computing system.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: September 3, 2019
    Assignee: ARCHITECTURE TECHNOLOGY CORPORATION
    Inventors: Judson Powers, Robert A. Joyce
  • Patent number: 10387491
    Abstract: A method of generating an ontology index for use in mapping content fields to ontology terms from one or more ontologies, the method including, in an electronic processing device, selecting one or more ontologies, each ontology including a number of ontology terms, determining an ontology term meaning for at least some of the ontology terms and generating an index including index terms indicative of the ontology terms, wherein the index identifies ontology terms having equivalent ontology term meanings.
    Type: Grant
    Filed: July 15, 2014
    Date of Patent: August 20, 2019
    Assignee: SEMANTIC TECHNOLOGIES PTY LTD
    Inventor: Albert Donald Tonkin
  • Patent number: 10389845
    Abstract: A method for execution by a dispersed storage (DST) processing module includes receiving a data request. An estimated performance level is determined for each of a set of data access approaches, and one data access approach is selected. A data response that includes direction information is issued to the requesting entity when the selected approach includes directing the requesting entity to access an alternate DS processing module. The data object is recovered and a data response is issued to the requesting entity when the selected approach includes accessing the set of DS units directly. A redirect request is issued to the alternate DS processing module when the selected approach includes redirecting the data request, and the alternate DS processing module obtains and issues the data object. A data response is issued to the requesting entity when the alternate DS processing module issues the data object via a redirect response.
    Type: Grant
    Filed: August 28, 2017
    Date of Patent: August 20, 2019
    Assignee: PURE STORAGE, INC.
    Inventor: Jason K. Resch
  • Patent number: 10372483
    Abstract: Groups of a plurality of tenants are mapped to identity management classes corresponding to respective roles that grant respective permissions. The identity management classes are associated with hierarchical delegation information that specify delegation rights among the identity management classes, the delegation rights specifying rights of members of the respective identity management classes to perform delegation with respect to further members of the identity management classes. In response to a request by a first member of a first of the identity management classes to perform delegation with respect to a second member of one of the identity management classes, it is determined, based on the hierarchical delegation information, whether the first member is allowed to perform the delegation with respect to the second member.
    Type: Grant
    Filed: January 20, 2014
    Date of Patent: August 6, 2019
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Michael B Beiter, Randall E Grohs
  • Patent number: 10375057
    Abstract: In certificate chain validation, a parent certificate is used to validate a child certificate. The child certificate can indicate which parent certificate can be used to validate it. In some situations, a child certificate may not contain a certificate authority identifier that can be used to identify the parent certificate. Instead, the child certificate can contain a hash value of a modulus of the parent public key that can be used to identify the parent certificate. The hash value of the modulus of the parent public key can be associated with the parent public key. As such, the parent public key used in certificate chain validation of the child certificate can be identified using the hash value of the modulus of the parent public key.
    Type: Grant
    Filed: January 27, 2017
    Date of Patent: August 6, 2019
    Assignee: Visa International Service Association
    Inventors: Soumendra Bhattacharya, Mohit Gupta
  • Patent number: 10278620
    Abstract: An individual authentication method includes (i) indicating a first position of a user's arm or arms when gripping an electrocardiographic sensor, (ii) measuring the user's electrocardiographic activity at the first position by using the electrocardiographic sensor, (iii) indicating a second position of the user's arm or arms when gripping the electrocardiographic sensor, the second position being different from the first position, (iv) measuring the user's electrocardiographic activity at the second position by using the electrocardiographic sensor, (v) receiving ID information of the user, and (vi) registering, in a database, electrocardiographic authentication information including first authentication information associating the ID information with the user's electrocardiographic activity measured at the first position, and second authentication information associating the ID information with the user's electrocardiographic activity measured at the second position.
    Type: Grant
    Filed: July 21, 2016
    Date of Patent: May 7, 2019
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventors: Jeffry Fernando, Koji Morikawa
  • Patent number: 10277581
    Abstract: One or more techniques and/or systems are provided for audio verification. An audio signal, comprising a code for user verification, may be identified. A second audio signal is created comprising speech. The audio signal and the second audio signal may be altered to comprise a same or similar volume, pitch, amplitude, and/or speech rate. The audio signal and the second audio signal may be combined to generate a verification audio signal. The verification audio signal may be presented to a user for the user verification. Verification may be performed to determine whether the user has access to content or a service based upon user input, obtained in response to the user verification audio signal, matching the code within the user verification audio signal. In an example, the user verification may comprise verifying that the user is human.
    Type: Grant
    Filed: September 8, 2015
    Date of Patent: April 30, 2019
    Assignee: Oath, Inc.
    Inventors: Manjana Chandrasekharan, Keiko Horiguchi, Amanda Joy Stent, Ricardo Alberto Baeza-Yates, Jeffrey Kuwano, Achint Oommen Thomas, Yi Chang
  • Patent number: 10235535
    Abstract: The present embodiments relate to a method for transmitting medical data records. The method includes receiving a patient data record from an internal data storage unit, selecting an anonymization setting from a set of predetermined anonymization settings, generating an anonymized patient data record on the basis of the selected anonymization setting or rule, and transmitting the anonymized patient data record to an external data storage unit.
    Type: Grant
    Filed: November 19, 2015
    Date of Patent: March 19, 2019
    Assignee: Siemens Aktiengesellschaft
    Inventors: Thomas Goβler, David Schottlander, Vladyslav Ukis
  • Patent number: 10230696
    Abstract: In one embodiment, a method includes: request enrollment of the device with an identity provider, the enrollment including at least one role for the device for a publish-subscribe protocol of a distributed network; receiving a device identity credential from the identity provider and store the device identity credential in the device; receiving a ticket credential for a first topic associated with a first publisher, the ticket credential including the at least one role for the device; receiving a group key from a key manager for a group associated with the publish-subscribe protocol; and receiving content for the first topic in the device, the content protected by the group key.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: March 12, 2019
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Nathan Heldt-Sheller
  • Patent number: 10230734
    Abstract: Systems and techniques to identify and modify unused (or seldom used) access privileges are described. Group membership data may be correlated with access map data to create a user-resource access map identifying privilege levels associated with individual user accounts to access computing resources in a computing system. User activity event logs generated as a result of user accounts accessing the resources may be correlated with the user-resource access map to identify user accounts that do not use (or seldom use) particular privilege levels to access particular resources. The identified user accounts may be modified to remove the unused (or seldom used) privileges levels.
    Type: Grant
    Filed: December 8, 2015
    Date of Patent: March 12, 2019
    Assignee: QUEST SOFTWARE INC.
    Inventors: Jake Seigel, Robert MacIntosh
  • Patent number: 10212189
    Abstract: Systems and methods for detecting phishing attacks and identifying attackers are described. In embodiments, a server system may modify a template image based on user information and provide the modified image to a user system with a login page. The server system may obtain authentication credentials with an image rendered by the user system. The server system may authenticate the user system based on the authentication credentials and information included in the rendered image. Other embodiments may be described and/or claimed.
    Type: Grant
    Filed: October 11, 2016
    Date of Patent: February 19, 2019
    Assignee: SALESFORCE.COM, INC.
    Inventor: Paul Anthony Mason
  • Patent number: 10187275
    Abstract: A solution is provided for associating network traffic traversing a networked environment according to a selected category item, such as a user name or other network entity identity-related information. The solution includes a collector and a monitor. The collector extracts a user name and a network address from an event log maintained on the networked environment. The monitor receives the network traffic and identifies at least one packet having a network address that matches the extracted network address. After at least one of the packets is identified, the collector associates the identified packet(s) with the extracted user name.
    Type: Grant
    Filed: January 31, 2017
    Date of Patent: January 22, 2019
    Assignee: VMware, Inc.
    Inventors: Pramod John, Yingxian Wang, Ramachandran V. Marti, Maxine R. Erlund
  • Patent number: 10152588
    Abstract: A proposed password is decomposed into basic components to determine and score transitions between the basic components and create a password score that measures the strength of the proposed password based on rules, such as concatenation, insertion, and replacement. The proposed password is scored against all known words, such as when a user is first asked to create a password for an account or access. The proposed password can also be scored against one or more previous passwords for the user, such as when the user is asked to change the user's previous password, to determine similarity between the two passwords.
    Type: Grant
    Filed: September 1, 2017
    Date of Patent: December 11, 2018
    Assignee: PAYPAL, INC.
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 10105605
    Abstract: An apparatus for interworking a mobile terminal account and a gaming account by interworking game record information in the mobile terminal and a game integration account used in multiple games. The method includes: storing information, on a storage device, on a game integration ID used to manage games for the gaming account; receiving, from a mobile terminal, unique terminal identification information of the mobile terminal; confirming whether a mobile ID is mapped to the terminal identification information; creating a mobile ID mapped to the terminal identification information when the confirming determines that a mobile ID is not mapped to the terminal identification information; and mapping, one-to-one, the created mobile ID and the game integration ID.
    Type: Grant
    Filed: February 25, 2016
    Date of Patent: October 23, 2018
    Assignee: NHN Entertainment Corporation
    Inventors: Hyun Jung Kim, Seong Youn Joo, Jong Yoon Kim, Hye Kyung Park, Yu Ik Yim
  • Patent number: 10110610
    Abstract: Methods and systems of the present disclosure provide techniques for dynamically assessing a permission of a user that one of modifies or adds at least one content change in a source environment. The methods may further assess the permission of the user when the at least one content change relates to role content data or functional content data. The permissions of the users may be evaluated based on rule data specific to the source environment or user assignment data relating to the source environment. In addition, the disclosure provides techniques for reporting the dynamic assessment to an administrator based on a triggering event.
    Type: Grant
    Filed: December 8, 2015
    Date of Patent: October 23, 2018
    Assignee: SAP SE
    Inventors: Viktor Povalyayev, Senthil Chinnathambi, Alex Hsu, Lata Krishnamohan
  • Patent number: 10111277
    Abstract: An IOT module includes a thermostat controller operable by the user to remotely (e.g., wirelessly) control the state of the relay which, in turn, operates the PTAC/HVAC unit in much the same way (typically a wired connection) as the wall mounted thermostat previously did so before being replaced (or augmented) by the relay.
    Type: Grant
    Filed: October 25, 2017
    Date of Patent: October 23, 2018
    Assignee: ATOM, Inc.
    Inventors: Yani Deros, Jodi Deros
  • Patent number: 10083439
    Abstract: Devices, systems, and methods of user authentication, as well as automatic differentiation between a legitimate user and a cyber-attacker. A system detects that two different accounts of the same computerized service, were accessed by a single computing device over a short period of time. The system may employ various techniques in order to determine automatically whether a legitimate user accessed the two different account, such as, a husband accessing his own bank account and shortly after that accessing also his wife's bank account, or a payroll company accessing bank accounts of two clients for payroll management purposes. Conversely, the system is able to detect that the same user exhibited the same pattern of interactions when operating the two accounts, a pattern of interactions that does not frequently appear in the general population of legitimate users, thereby indicating that the single user is a cyber-attacker.
    Type: Grant
    Filed: June 26, 2016
    Date of Patent: September 25, 2018
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Oren Kedem
  • Patent number: 10075443
    Abstract: In one embodiment, a system includes a processor having a first logic to execute in a trusted execution environment, and a storage to store a plurality of access control policies, each of the plurality of access control policies associated with a composite device state of the system and including an access policy for a resource to be protected by the first logic, where the first logic is to apply one or more of the plurality of access control policies to a request for access to the resource, responsive to a matching of the associated composite device state of the one or more access control policies with a current composite device state of the system. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 24, 2015
    Date of Patent: September 11, 2018
    Assignee: Intel Corporation
    Inventors: Nathan Heldt-Sheller, Ned M. Smith
  • Patent number: 10049143
    Abstract: A method and system for harmonizing and mediating ontologies to search across large data sources is disclosed. The method comprises receiving a query targeting a first ontology. The method further comprises translating the query into one or more translated queries, each translated query targeting a respective ontology different from the first ontology. For each of the queries, issuing the query to a respective database organized according to the respective ontology of the query, and receiving a respective result set for the query, wherein the respective result set corresponds to the respective ontology of the query. The method further comprises translating the respective result set into a translated result set corresponding to the first ontology, aggregating the result sets into an aggregated result set corresponding to the first ontology, and returning the aggregated results set corresponding to the first ontology.
    Type: Grant
    Filed: November 18, 2016
    Date of Patent: August 14, 2018
    Assignee: ORBIS TECHNOLOGIES, INC.
    Inventors: Sameer Joshi, Zachery Whitley
  • Patent number: 10007498
    Abstract: An example method includes generating, by a computing system, first unique configuration information, generating, by the computing system and based on the first unique configuration information, a first unique instance of a software component, generating second unique configuration information, wherein the second unique configuration information is different from the first unique configuration information, and generating, based on the second unique configuration information, a second unique instance of the software component that is executable on the runtime computing system. The first and second unique instances of the software component comprise different instances of the same software component that each are configured to have uniquely different operating characteristics during execution on the runtime computing system.
    Type: Grant
    Filed: August 4, 2016
    Date of Patent: June 26, 2018
    Assignee: Architecture Technology Corporation
    Inventors: Judson Powers, Robert A. Joyce
  • Patent number: 10002006
    Abstract: A computer with multiple software applications has defined for it plural software profiles for selection of one of the profiles in response to a system and/or user signal. Each profile when selected enables a respective set of applications to run on the system.
    Type: Grant
    Filed: November 21, 2013
    Date of Patent: June 19, 2018
    Assignees: SONY ELECTRONICS INC., SONY CORPORATION
    Inventors: Adrian Crisan, Fredrik Carpio
  • Patent number: 9998476
    Abstract: According to an embodiment, a data distribution apparatus is connected with electronic apparatuses through a network. The data distribution apparatus includes a storage, a transmitter, a receiver, and an output unit. The storage is configured to store management information in which predetermined data is associated with number specification information for specifying number of electronic apparatuses belonging to the group. The transmitter is configured to transmit a sharing start instruction including the predetermined data. The receiver is configured to receive one or more distribution requests transmitted from one or more electronic apparatuses in response to the instruction. The output unit is configured to output an error signal indicating that an unauthorized electronic apparatus is connected when the number of received distribution requests exceeds the number specified.
    Type: Grant
    Filed: September 13, 2016
    Date of Patent: June 12, 2018
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Yuichi Komano, Takeshi Kawabata
  • Patent number: 9979751
    Abstract: Embodiments of an application gateway architecture may include an application gateway server computer communicatively connected to backend systems and client devices operating on different platforms. The application gateway server computer may include application programming interfaces and services configured for communicating with the backend systems and managed containers operating on the client devices. The application gateway server computer may provide applications that can be centrally managed and may extend the capabilities of the client devices, including the ability to authenticate across backend systems. A managed container may include a managed cache and may provide a secure shell for applications received from the application gateway server computer. The managed container may store the applications in the managed cache and control access to the managed cache according to rules propagated from at least one of the backend systems via the application gateway server computer.
    Type: Grant
    Filed: September 19, 2014
    Date of Patent: May 22, 2018
    Assignee: Open Text SA ULC
    Inventors: Gregory Beckman, Robert Laird, Alain Gagne
  • Patent number: 9830458
    Abstract: Techniques are presented herein for classifying a variety of enterprise computing resources based on asset characteristics. In particular, a computing asset, e.g., a server, may be classified based on any digital certificates provisioned on that server. That is, the properties of a digital certificate may be used to determine a measure of business value or importance of a server (or data hosted on that server). Once the computing asset has been classified, a monitoring system may use the assigned classifications to prioritize security incidents for review.
    Type: Grant
    Filed: April 25, 2014
    Date of Patent: November 28, 2017
    Assignee: Symantec Corporation
    Inventors: Kevin McBride, Quentin Liu, Hari Veladanda, George Tomic, Peter Ashley
  • Patent number: 9805015
    Abstract: Methods and systems that implement enhanced user interactions with a grid are described. A method may include generating a grid of cells arranged in a number of rows and columns. Each row may correspond to a data record of a database. The grid may be displayed to a user while identifying one or more cells as editable cells. Input data may be received from the user for each of the editable cells. The input data may be validated using predefined criteria to identify incorrect input data and errors associated with the incorrect input data may be displayed to the user. Additional methods and systems are disclosed.
    Type: Grant
    Filed: December 16, 2009
    Date of Patent: October 31, 2017
    Assignee: Teradata US, Inc.
    Inventor: Mona Singh
  • Patent number: 9800906
    Abstract: A method for creating a list of display devices that are available to receive a video signal from an image generator via network video streaming. One version of the method includes transmitting a display availability packet indicating one or more of the display devices that are available for connection, updating a network display listing module with the information stored in the display availability packet, and transmitting an availability request packet requesting a list of the display devices that are available to receive the video signal. In response to receiving an availability request packet, a display resource list, indicating the display devices available to receive the video signal, is generated from the metadata contained in the availability request packet.
    Type: Grant
    Filed: May 7, 2015
    Date of Patent: October 24, 2017
    Assignee: Mersive Technologies, Inc.
    Inventors: Christopher O. Jaynes, Scott Allen Ruff, Thomas Georg Erich Ruge
  • Patent number: 9779234
    Abstract: Knowledge of a module's behavior when the module's reputation is formed is obtained. If the module's behavior changes, this change is detected. In one embodiment, upon a determination that the module's behavior has changed, the module's original reputation is lost. In this manner, malicious trusted modules are detected and defeated.
    Type: Grant
    Filed: June 18, 2008
    Date of Patent: October 3, 2017
    Assignee: Symantec Corporation
    Inventors: William E. Sobel, Brian Hernacki
  • Patent number: 9769123
    Abstract: One particular example implementation of an apparatus for mitigating unauthorized access to data traffic, comprises: an operating system stack to allocate unprotected kernel transfer buffers; a hypervisor to allocate protected memory data buffers, where data is to be stored in the protected memory data buffers before being copied to the unprotected kernel transfer buffers; and an encoder module to encrypt the data stored in the protected memory data buffers, where the unprotected kernel transfer buffers receive a copy the encrypted data.
    Type: Grant
    Filed: April 15, 2013
    Date of Patent: September 19, 2017
    Assignee: Intel Corporation
    Inventors: Karanvir S. Grewal, Ravi L. Sahita, David Durham
  • Patent number: 9760716
    Abstract: In one implementation, a computer-implemented method includes receiving, at a process risk classifier running on a computer system, a request to determine a risk level for a particular process; accessing one or more signatures that provide one or more snapshots of characteristics of the particular process at one or more previous times; identifying one or more differences between the particular process in its current form and the one or more signatures; accessing information identifying previous usage of the computer system's resources by the particular process; determining a current risk score for the particular process based, at least in part, on (i) the one or more signatures for the particular process, (ii) the one or more differences between the particular process in its current form and the one or more signatures, and (iii) the previous usage of the resources; and providing the current risk score for the particular process.
    Type: Grant
    Filed: May 8, 2017
    Date of Patent: September 12, 2017
    Assignee: Accenture Global Services Limited
    Inventor: Shaan Mulchandani
  • Patent number: 9754101
    Abstract: A proposed password is decomposed into basic components to determine and score transitions between the basic components and create a password score that measures the strength of the proposed password based on rules, such as concatenation, insertion, and replacement. The proposed password is scored against all known words, such as when a user is first asked to create a password for an account or access. The proposed password can also be scored against one or more previous passwords for the user, such as when the user is asked to change the user's previous password, to determine similarity between the two passwords.
    Type: Grant
    Filed: August 15, 2016
    Date of Patent: September 5, 2017
    Assignee: PAYPAL, INC.
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 9756037
    Abstract: A certification provenance tree (CPT) structure may provide information concerning a layered certification of a device that comprises a hierarchy of components. The CPT structure may include a hierarchy of secure certification provenance document (SCPD) structures. Each SCPD structure in the hierarchy may represent a given component at a given level of the hierarchy of components of the device. Each SCPD structure may include a field that stores a certification proof indicating that security properties of the given component have been certified by a certification authority. An SCPD structure may further include accreditation information fields that store a pointer to an SCPD structure of a component at a next layer of the hierarchy of components of the device. The pointer may provide an indication of assurance that the component at that next layer will perform securely within this component at said given layer.
    Type: Grant
    Filed: September 19, 2013
    Date of Patent: September 5, 2017
    Assignee: InterDigital Patent Holdings, Inc.
    Inventors: Dolores F. Howry, Yogendra C. Shah, Alec Brusilovsky, Joseph Gredone
  • Patent number: 9747063
    Abstract: Disclosed is a print apparatus including: a memory configured to store the print job; a print unit configured to execute a print based on the print job; a first detector configured to detect the print allowed user; a second detector configured to detect a print disallowed user; and a hardware processor configured to: obtain the print job, change a danger distance according to a first distance from the print apparatus to the print allowed user, compare the danger distance with a second distance from the print apparatus to the nearest print disallowed user when the first distance is not more than a predetermined print start distance, and instruct the print unit to start the print based on the print job in accordance with a result of the comparison.
    Type: Grant
    Filed: June 15, 2016
    Date of Patent: August 29, 2017
    Assignee: KONICA MINOLTA, INC.
    Inventor: Takenori Idehara
  • Patent number: 9725098
    Abstract: A user gesture is detected based on received data from one or more motion sensors. User gesture attributes are identified including at least one of hand vectoring, wrist articulation, and finger articulation from the gesture including respective movements of each of a plurality of a user's fingers. Based on the gesture attributes, a user and an action to be performed in a vehicle are identified. The action is performed in the vehicle to control at least one vehicle component based on the gesture.
    Type: Grant
    Filed: July 15, 2015
    Date of Patent: August 8, 2017
    Assignee: FORD GLOBAL TECHNOLOGIES, LLC
    Inventors: Mahmoud A. Abou-Nasr, Devinder Singh Kochhar, Walter Joseph Talamonti
  • Patent number: 9730268
    Abstract: An accessory can communicate wirelessly with a host device such as a portable electronic device. Existing accessory protocols developed for wired communication can be used without modification, and a wireless network connecting the two devices can provide a transport or channel connecting the two devices. Establishing a wireless channel can involve the active participation of both devices. For instance, the host device can create and identify virtual port to be used by the accessory, after which the accessory can initiate communication on that virtual port. A host device can be configured to automatically connect to certain accessories upon detection of that accessory on a wireless network under various specific conditions. Encryption of accessory-protocol communications between an accessory and a host device is also provided.
    Type: Grant
    Filed: June 4, 2014
    Date of Patent: August 8, 2017
    Assignee: Apple Inc.
    Inventors: Lawrence G. Bolton, Jason J. Yew, Robert J. Walsh, Awartika Pandey
  • Patent number: 9614839
    Abstract: Secure computer architectures, systems, and applications are provided herein. An exemplary computing system may include a trusted environment having a trusted processor and memory that provides a trusted computing environment that performs computing functions that could expose the computing device to a security risk, and a legacy environment having a secondary processor and memory for providing a legacy computing environment that manages computing functions exposed to unsecure environments.
    Type: Grant
    Filed: June 18, 2015
    Date of Patent: April 4, 2017
    Inventor: Mordecai Barkan
  • Patent number: 9589120
    Abstract: A method, system, and one or more computer-readable storage media for behavior based authentication for touch screen devices are provided herein. The method includes acquiring a number of training samples corresponding to a first action performed on a touch screen of a touch screen device, wherein the first action includes an input of a signature or a gesture by a legitimate user. The method also includes generating a user behavior model based on the training samples and acquiring a test sample corresponding to a second action performed on the touch screen, wherein the second action includes an input of the signature or the gesture by a user. The method further includes classifying the test sample based on the user behavior model, wherein classifying the test sample includes determining whether the user is the legitimate user or an imposter.
    Type: Grant
    Filed: April 5, 2013
    Date of Patent: March 7, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Arjmand Samuel, Muhammad Shahzad
  • Patent number: 9584525
    Abstract: Systems, methods, and devices for predicting entitlements to computing resources are described. An entitlement associated with a user of a computer system may be identified. The entitlement may indicate a computing resource of the computer system that is accessible to the user. A set of attributes associated with the user may be selected, and an entitlement probability value may be obtained. The entitlement probability value may be based on the set of attributes and indicate a probability that the user is authorized to have the entitlement. The entitlement probability value may be used to determine whether to include the entitlement in an access review. Depending on the entitlement probability value the entitlement may be included in the access review or excluded from the access review.
    Type: Grant
    Filed: August 31, 2015
    Date of Patent: February 28, 2017
    Assignee: Bank of America Corporation
    Inventors: Igor A. Baikalov, Randy Jia
  • Patent number: 9542337
    Abstract: Described is a technology by which a transient storage device or secure execution environment-based (e.g., including an embedded processor) device validates a host computer system. The device compares hashes of host system data against valid hashes maintained in protected storage of the device. The host data may be a file, data block, and/or memory contents. The device takes action when the host system data does not match the information in protected storage, such as to log information about the mismatch and/or provide an indication of validation failure, e.g., via an LED and/or display screen output. Further, the comparison may be part of a boot process validation, and the action may prevent the boot process from continuing, or replace an invalid file. Alternatively, the validation may take place at anytime.
    Type: Grant
    Filed: August 12, 2014
    Date of Patent: January 10, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: David Abzarian, Todd L. Carpenter, Harish S. Kulkarni, Salahuddin J. Khan
  • Patent number: 9530016
    Abstract: In response to a local Advanced Persistent Threat (APT) agent identifying a potential data exfiltration attack, the binary identified in the attack is sent to a static analysis tool for further analysis. The agent also identifies a source and a sink involved in the potential data exfiltration. The static analysis tool decompiles the binary, and then runs the de-compiled code through a static analysis to identify data flows between the source and the sink, e.g., a data flow from the source that is the method used to read sensitive information, and a data flow to the sink that is the method used to write to the remote system. If there are such data flows, the activity reported by the agent is likely a true exfiltration attack. Based on this flow determination, the static analysis tool returns a response to the agent validating that the activity is an attack.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: December 27, 2016
    Assignee: International Business Machines Corporation
    Inventor: Ori Pomerantz
  • Patent number: 9531652
    Abstract: A system allowing a user to efficiently locate and contact those individuals the user would like to communicate with and for collection of data about users to determine the best contact point to use at a particular time. The system monitors the data and may determine an individual's usage patterns in order to select or suggest contact points that are the best to contact a particular user at a particular time. The system may also allow for the routing of communications to particular contact points based on how the user receiving the communication would prefer to be contacted. The system allows for the single selection of an icon by an individual and automatically determines the contact point to contact the particular user. If further allows for the particular user to push out to others updated contact information.
    Type: Grant
    Filed: October 24, 2014
    Date of Patent: December 27, 2016
    Assignee: Tangoe, Inc.
    Inventors: Christopher J. DeBenedictis, Albert R. Subbloie, Jr., Paul Schmidt, Charles Gamble
  • Patent number: 9529990
    Abstract: A computer-implemented method for validating login attempts based on user location may include (1) detecting a login attempt by a user to log into a user account, where the login attempt originates from an atypical location, (2) determining that the atypical location is inconsistent with a pattern of past login locations for the user, (3) retrieving location information that indicates a current location of the user from at least one third-party Internet resource, (4) determining, based on the location information, that the atypical location of the login attempt matches the current location of the user, and (5) trusting that the login attempt legitimately originates from the user based at least in part on the atypical location matching the current location of the user. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 10, 2015
    Date of Patent: December 27, 2016
    Assignee: Symantec Corporation
    Inventors: Keith Newstadt, Ilya Sokolov
  • Patent number: 9521182
    Abstract: Methods and apparatus related to identifying authorship of Internet content. Some implementations are directed to methods and apparatus for identifying a content submission form on a webpage, recognizing submission of content by a user via the content submission form, and transmitting verification data in response to submission of the content by the user. The verification data may include content data indicative of at least some of the content submitted for publication via the content submission form.
    Type: Grant
    Filed: February 8, 2013
    Date of Patent: December 13, 2016
    Assignee: Google Inc.
    Inventors: Jonathan David Tang, Robert Jonathan Ennals, Benedict Gomes, Matthew Cutts
  • Patent number: 9489536
    Abstract: A social media computer system and method for transmission of data between a first mobile phone and a second mobile phone includes a database that is configured to be in network communication with the first mobile phone and the second mobile phone. The database is configured to receive a first set of data input by the first mobile phone and a second set of data input by the second mobile phone. The database is configured to allow the second mobile phone to access at least a portion of the first set of data only after the second mobile phone authorizes the first mobile phone via the database to access the second set of data. The database can include a plurality of privacy levels that are alternately selectable by the first mobile phone to control the amount of the first set of data that is accessible by the second mobile phone.
    Type: Grant
    Filed: February 19, 2016
    Date of Patent: November 8, 2016
    Assignee: BOSS Logic, LLC
    Inventors: Daniel D. Shoemaker, Lee Thomas O'Donnell, James P. Broder, Scott D. Shoemaker
  • Patent number: 9491199
    Abstract: A device having: an application program that assists the device in accessing a data service over a wireless access network, an application credential associated with the application program, and a policy to be applied when the application program initiates or attempts to initiate communication over the wireless access network. The device also has one or more agents that detect an attempted installation of update software on the device, the update software purporting to be a modification, update, or replacement of the application program; obtain an update-software credential associated with the update software; obtain the application credential; allow the update software to be installed if the update-software credential matches the application credential; and interact with the application program to arrange a setting of the application program, the setting configured to assist in applying the policy when the application program initiates or attempts to initiate communication over the wireless access network.
    Type: Grant
    Filed: July 24, 2014
    Date of Patent: November 8, 2016
    Assignee: Headwater Partners I LLC
    Inventors: Gregory G. Raleigh, James Lavine, Jeffrey Green