Access Control Patents (Class 726/27)
  • Patent number: 10027497
    Abstract: A content distribution network includes first and second controllers, and multicast enabled routers. The first controller is configured to select a multicast channel for distributing content, to determine that the content has a geographic restriction associated with a restricted area in the content distribution network, to link an exclusion policy for the content to the multicast channel while the multicast channel provides the content, and to deny a request for the content from a client system within the restricted area based on the exclusion policy. The second controller is configured to distribute the exclusion policy to the multicast enabled routers including a first router configured to store the exclusion policy, and to ignore a multicast join message from the client system within the restricted area based on the exclusion policy.
    Type: Grant
    Filed: May 12, 2016
    Date of Patent: July 17, 2018
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Han Q. Nguyen, Huajin Jeng, Douglas M. Nortz
  • Patent number: 10027486
    Abstract: This disclosure concerns homomorphic encryption for database querying. Numerical values are encrypted using keys and random numbers to produce a ciphertext. The ciphertext is homomorphic and is comprised of two or more sub-ciphertexts. Queries based on addition, average and multiplication operations can be performed without decrypting the numerical values relevant to the query. Each sub-ciphertext is stored in a single record and in separate attributes. There is disclosed methods of encrypting and decrypting, creating a suitable table, querying such a database and updating such a database.
    Type: Grant
    Filed: June 21, 2013
    Date of Patent: July 17, 2018
    Assignee: COMMONWEALTH SCIENTIFIC AND INDUSTRIAL RESEARCH ORGANISATION
    Inventor: Dongxi Liu
  • Patent number: 10019572
    Abstract: Disclosed are various embodiments for detecting malicious activities by imported software packages. A monitoring service determines that untrusted code executing in at least one computing device has invoked a privileged operation. A context in which the privileged operation is invoked is identified. The monitoring service determines whether the context and the privileged operation corresponds to an expected behavior of the untrusted code based at least in part on a past behavior profile of the untrusted code. An action is performed in response to determining that the context and the privileged operation do not correspond to the expected behavior.
    Type: Grant
    Filed: August 27, 2015
    Date of Patent: July 10, 2018
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 10021087
    Abstract: A system and method for communicating secure, privatized data stored on a first user device with a second user device requesting access thereto includes initiating a timed access gate for receiving verification of authenticating credentials from the second user device, after the first user credentials associated with the first user device are verified. If the second user device is verified within the predetermined period of time, an authentication handshake between the first user device and the second user device is completed. On completion of the handshake, a communication channel is opened for transmitting the first user's privatized data between the first user device and the second user device.
    Type: Grant
    Filed: August 27, 2015
    Date of Patent: July 10, 2018
    Inventors: Mansour Aaron Karimzadeh, F. Avraham Dilmanian, Farshad Namdar
  • Patent number: 10002512
    Abstract: A system and method of loss prevention using a pair of ID tags is disclosed. The user or owner of the protected object can dynamically create a security perimeter by using key ID tag and object ID tag pair. An object ID tag is either embedded in or attached to a protected object. A key ID tag, which is in a handheld device, has protection to prevent unauthorized scan. The object ID tag information can only be obtained from key ID tag using preprogrammed algorithm. The area security system will be armed after reading and validating a key ID tag scanned by the user. If anyone takes protected object with object ID tag out of the area without proper key ID tag authentication, alarm will be triggered.
    Type: Grant
    Filed: January 30, 2014
    Date of Patent: June 19, 2018
    Inventor: Le-Jun Yin
  • Patent number: 9996705
    Abstract: Techniques for determining potential sharing of private data are described herein. The techniques may include identifying content having computer readable access rules associated with a private domain of a social network, and identifying private data of the content. A potential share of the content outside of the private domain is detected and a search of the potential share to determine whether the potential share is associated with the private data is performed. The techniques may also include detecting a match between the potential share and the private data.
    Type: Grant
    Filed: July 14, 2015
    Date of Patent: June 12, 2018
    Assignee: International Business Machines Corporation
    Inventor: Vladimir Gamaley
  • Patent number: 9996680
    Abstract: The apparatus disclosed herein, in various aspects, includes a digital asset, and an amulet that comprises an encrypted self-validating string. The amulet may be external to the digital asset. The apparatus may include a manager that cooperates securely with the digital asset and cooperates securely with the amulet to control access to the digital asset as specified by the amulet. In some aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through shared memory in process space. In other aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through a RAM drive in memory, the RAM drive at least partially hidden from an operating system of the computer. In yet other aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through a virtual machine accessible only by said apparatus.
    Type: Grant
    Filed: January 19, 2016
    Date of Patent: June 12, 2018
    Inventor: F. Scott Deaver
  • Patent number: 9984253
    Abstract: Techniques for determining potential sharing of private data are described herein. The techniques may include identifying content having computer readable access rules associated with a private domain of a social network, and identifying private data of the content. A potential share of the content outside of the private domain is detected and a search of the potential share to determine whether the potential share is associated with the private data is performed. The techniques may also include detecting a match between the potential share and the private data.
    Type: Grant
    Filed: May 4, 2016
    Date of Patent: May 29, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Vladimir Gamaley
  • Patent number: 9979544
    Abstract: An example method to monitor usage of a device includes collecting first and second identifiers based on use of an application that does not employ cookies, the first identifier identifying at least one of the device or a user of the device to a first database proprietor, and the second identifier identifying the at least one of the device or the user of the device to a second database proprietor; sending the first identifier to a first server associated with the first database proprietor, sending the second identifier to a second server associated with the second database proprietor; and sending to a data collection server at least one of a media identifier indicative of media accessed via the application at the device or a search term used via the application at the device.
    Type: Grant
    Filed: March 28, 2017
    Date of Patent: May 22, 2018
    Assignee: The Nielsen Company (US), LLC
    Inventors: Alan N. Bosworth, Madhusudhan Reddy Alla, Steven J. Splaine, Brahmanand Reddy Shivampet, Kevin K. Gaynor
  • Patent number: 9965779
    Abstract: A content delivery provider may stream an application to each of a plurality of computing devices. The content delivery provider may transmit an offer to download the application to each of the plurality of computing devices, after a first initial display interval. The provider may receive a number of positive user interactions with the offer after the first initial display interval, and a total number of positive user interactions with the offer. The provider may automatically adjust the initial display interval by a factor proportional to a desired first-display quantile divided by the number of positive user interactions after the first initial display interval. The application may be streamed to a second computing device, and the offer to download the application transmitted to the second computing device, after the adjusted initial display interval.
    Type: Grant
    Filed: February 24, 2015
    Date of Patent: May 8, 2018
    Assignee: Google LLC
    Inventors: Jaehyun Yeom, Dong Ha Lee
  • Patent number: 9961553
    Abstract: The present disclosure provides a method, apparatus and system for readily and conveniently getting network access for a smart device. The method for network access for a smart device includes receiving, by a server comprising a processor and a non-transitory storage medium, a first identification identifying a wireless access point and a first terminal identifier; receiving a second identification identifying a smart device and a second terminal identifier; associating the wireless access point with the smart device if the first terminal identifier corresponds to the second terminal identifier, and sending the second identification for the associated smart device to the wireless access point. The wireless access point provides network access authentication information to the smart device so that the smart device can get access to a network provided by the wireless access point with the network access authentication information.
    Type: Grant
    Filed: August 17, 2016
    Date of Patent: May 1, 2018
    Assignee: Tencent Technology (Shenzhen) Company Limited
    Inventors: Liangliang Fan, Xiangyao Lin, Kai Liu, Lejun Liu
  • Patent number: 9953172
    Abstract: As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.
    Type: Grant
    Filed: September 14, 2017
    Date of Patent: April 24, 2018
    Assignee: International Business Machines Corporation
    Inventors: Pedro M. Barbas, Joseph Duffy, Ken Maycock, David M. Tilson
  • Patent number: 9948651
    Abstract: Network traffic is monitored, and activities concerning posting images to sharing sites are detected. Detected activities can be attempts to login to sharing sites, or attempts to post images. Privacy concerns associated with sharing images on target sites are identified. In the case of detecting a successful attempt to login to a known sharing site, the site is scanned for the privacy settings in effect for the user, and it is determined whether the settings are below a given threshold. Another example of a privacy concern is detecting an attempt to post an image to an unknown site. When a privacy concern is detected, the user is warned, and prompted to indicate whether images are to be posted to the target site anyway. Attempts to post images to sites that are subject to privacy concerns are processed according to received user directives (e.g., blocked or allowed).
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: April 17, 2018
    Assignee: Symantec Corporation
    Inventors: Michael Shavell, Matthew Boucher
  • Patent number: 9948820
    Abstract: A method for routing object data that defines a 3-dimensional (3D) object to a 3D printer includes receiving the object data at a server and determining, by the server, object attributes associated with the object defined by the object data. The server searches a database that stores 3D printer attributes for one or more 3D printers capable of printing objects that possess the determined object attributes. If one or more capable printers are identified, the server communicates a list that identifies the one or more capable printers to a user.
    Type: Grant
    Filed: February 8, 2017
    Date of Patent: April 17, 2018
    Assignee: ACCENTURE GLOBAL SERVICES LIMITED
    Inventors: Sunny Webb, Kelly L. Dempski, Matthew Short, Michael Balint
  • Patent number: 9940195
    Abstract: A method for use in a distributed storage network (DSN) including a plurality of distributed storage (DS) units includes receiving, at a DS unit, a rebuilding request indicating that the DS unit is to provide an encrypted partial slice to a requesting DS unit included in the DS network. Key pairing requirements associated with the rebuilding request are determined, and an even number of key pairing entities are selected based on the key pairing requirements. The even number of key pairing entities being fewer than a decode threshold number of key pairing entities. The DS unit generates shared secret keys corresponding to each of the even number of key pairing entities, uses those keys to generate an encrypted partial slice, and transmits the encrypted partial slice to the requesting DS unit in accordance with a rebuilding topology.
    Type: Grant
    Filed: September 28, 2017
    Date of Patent: April 10, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jason K. Resch, Greg R. Dhuse, Wesley B. Leggette
  • Patent number: 9940483
    Abstract: This disclosure provides for implementing a firmware security interface within a field-programmable gate array (FPGA) for communicating between secure and non-secure environments executable within the FPGA. A security monitor is implemented within the programmable logic of the FPGA as a soft core processor and the firmware security interface modifies one or more functions of the security monitor. The modifications to the security monitor include establishing a timer “heartbeat” within the FPGA to ensure that the FPGA invokes a secure environment and raising an alarm should the FPGA fail to invoke such environment.
    Type: Grant
    Filed: January 25, 2016
    Date of Patent: April 10, 2018
    Assignee: Raytheon Company
    Inventors: Matthew C. Areno, John Hoffman, William T. Jennings
  • Patent number: 9940333
    Abstract: Various systems described herein facilitate storage of files in various formats. A client device can generate a request for a particular file or content. The client device can submit a request with various request parameters. A file service can identify an appropriate file in an appropriate format. The appropriate file in the appropriate format can be provided to the client device in response to the request.
    Type: Grant
    Filed: June 18, 2015
    Date of Patent: April 10, 2018
    Assignee: AirWatch LLC
    Inventor: Ramani Panchapakesan
  • Patent number: 9935970
    Abstract: A system, method, and computer program product for implementing a phishing assessment that includes a phishing server that implements one or more phishing assessments; the phishing server: identifies legitimate target domain names to be used in the phishing assessment, generates one or more pseudo domain names and pseudo web pages, where the pseudo domain name are visually similar to an identified target domain name and the pseudo web page includes one or more characteristics and attributes of a legitimate web page.
    Type: Grant
    Filed: October 28, 2016
    Date of Patent: April 3, 2018
    Assignee: Duo Security, Inc.
    Inventor: Jon Oberheide
  • Patent number: 9929869
    Abstract: Methods, apparatuses, and computer-readable media for providing a collaboration license to an application for participant user device(s) participating in an on-line collaboration are disclosed. In one embodiment, a method is provided for licensing at least one application. The method includes transmitting a license request for at least one collaboration license. The collaboration license authorizes usage of at least one application on at least one participant user device participating in a collaboration. The collaboration may include at least one collaborative communication session among a plurality of participant user devices. The method further includes receiving the at least one collaboration license. Apparatuses and computer-readable media having instructions for providing the method are also disclosed.
    Type: Grant
    Filed: October 26, 2011
    Date of Patent: March 27, 2018
    Assignee: Avaya Inc.
    Inventor: Terry Don Jennings
  • Patent number: 9923877
    Abstract: An end-to-end secure cloud-hosted collaboration service is provided with a hybrid cloud/on-premise index and search capability. This approach includes on-premise indexing and search handling, while relying on the cloud for persistent storage and search of the index. The on-premise indexer receives a copy of an encrypted message from the cloud-hosted collaboration service. The encrypted message has been encrypted with a conversation key. The indexer receives the conversation key from an on-premise key management service, and decrypts the encrypted message with the conversation key. A set of tokens are extracted from the decrypted message, and subsequently encrypted with a secret key, different than the conversation key, to generate a first set of encrypted tokens. The first set of encrypted tokens is transmitted for storage in a search index on the cloud-hosted collaboration service.
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: March 20, 2018
    Assignee: Cisco Technology, Inc.
    Inventor: Shaun Cooley
  • Patent number: 9923919
    Abstract: A computer-implemented method for deflecting abnormal computer interactions includes receiving, at a computer server system and from a client computer device that is remote from the computer server system, a request for web content; identifying, by computer analysis of mark-up code content that is responsive to the request, executable code that is separate from, but programmatically related to, the mark-up code content; generating groups of elements in the mark-up code content and the related executable code by determining that the elements within particular groups are programmatically related to each other; modifying elements within particular ones of the groups consistently so as to prevent third-party code written to interoperate with the elements from modifying from interoperating with the modified elements, while maintain an ability of the modified elements within each group to interoperate with each other; and recoding the mark-up code content and the executable code to include the modified elements.
    Type: Grant
    Filed: August 10, 2015
    Date of Patent: March 20, 2018
    Assignee: Shape Security, Inc.
    Inventors: Justin D. Call, Xiaoming Zhou, Xiaohan Huang, Subramanian Varadarajan, Roger S. Hoover
  • Patent number: 9922207
    Abstract: Subscriber (user) data is encrypted and stored in a service provider cloud in a manner such that the service provider is unable to decrypt and, as a consequence, to view, access or copy the data. Only the user knows a user-specific secret (e.g., a password) that is the basis of the encryption. The techniques herein enable the user to share his or her data, privately or publicly, without exposing the user-specific secret with anyone or any entity (such as the service provider).
    Type: Grant
    Filed: April 18, 2016
    Date of Patent: March 20, 2018
    Assignee: LogMeln, Inc.
    Inventors: Krisztian Kopasz, Marton B. Anka
  • Patent number: 9906557
    Abstract: A mechanism is provided for generating a packet inspection policy for a policy enforcement point in a centralized management environment. Data of a network topology for the policy enforcement point corresponding to a network infrastructure is updated according to metadata of the policy enforcement point, the metadata including a capability of the policy enforcement point. The packet inspection policy for the policy enforcement point is generated according to the data of the network topology and the capability of the policy enforcement point. The packet inspection policy is then deployed to the policy enforcement point.
    Type: Grant
    Filed: June 19, 2015
    Date of Patent: February 27, 2018
    Assignee: International Business Machines Corporation
    Inventors: Wei-Hsiang Hsiung, Sheng-Tung Hsu, Cheng-Ta Lee, Ming-Hsun Wu
  • Patent number: 9894069
    Abstract: Secret application and maintenance policy data is generated for different classes of data. The class of data to be protected is determined and the secret application and maintenance policy data for the determined class of the data to be protected is identified and obtained. Required secrets data representing one or more secrets to be applied to the data to be protected is obtained and then automatically scheduled for application to the data to be protected in accordance with the secret application and maintenance policy data for the determined class of the data to be protected. Maintenance of the one or more secrets is also automatically scheduled in accordance with the secret application and maintenance policy data for the determined class of the data to be protected.
    Type: Grant
    Filed: November 1, 2013
    Date of Patent: February 13, 2018
    Assignee: Intuit Inc.
    Inventors: Brett Weaver, Sabu Kuruvila Philip, Troy Otillio, Jinglei Whitehouse, III, Oleg Gryb, Jeffrey M. Wolfe, Ankur Jain, M. Shannon Lietz, Luis Felipe Cabrera
  • Patent number: 9891271
    Abstract: A power grid provides power to one or more modules of an integrated circuit device via a virtual power supply signal. A test module is configured to respond to assertion of a test signal so that, when the power grid is working properly and is not power gated, an output of the test module matches the virtual power supply. When the power grid is not working properly, the output of the test module is a fixed logic signal that does not vary based on the power gated state of the one or more modules.
    Type: Grant
    Filed: July 19, 2013
    Date of Patent: February 13, 2018
    Assignee: Advanced Micro Devices, Inc.
    Inventors: Russell Schreiber, Joel Irby, Sudha Thiruvengadam, Carl Dietz
  • Patent number: 9894107
    Abstract: A control module arranged to manage a hosted communications platform, the hosted communications platform being located between a telecommunications network and a subscriber communications network, the subscriber communications network being associated with a subscriber to the hosted communications platform, the subscriber being associated with a plurality of users. The module comprises a first communications interface arranged to interface with the telecommunications network, and processing means arranged to configure the hosted communications platform for use with two or more subscribers, each subscriber comprising a respective subscriber communications network. The module further comprises a second communications interface arranged to interface with the hosted communications platform. For each subscriber, the processing means is arranged to form a partition on the hosted communications platform.
    Type: Grant
    Filed: July 23, 2014
    Date of Patent: February 13, 2018
    Inventor: Barnaby Thomas Ritchley
  • Patent number: 9886699
    Abstract: A method for testing a new workflowed item associated with a workflow process in a content management system (CMS) is provided. The method may include adding a workflow stage to the workflow process in the content management system (CMS). The method may also include adding a test associated with the workflow stage. The method may further include determining if a criteria threshold is met based on the test associated with the workflow stage. Additionally, the method may include publishing the new workflowed item based on the criteria threshold being met.
    Type: Grant
    Filed: April 8, 2014
    Date of Patent: February 6, 2018
    Assignee: International Business Machines Corporation
    Inventors: Nicholas A. Baldwin, Laurence A. Hey, Eric Martinez de Morentin, Matthew J. Ponsford
  • Patent number: 9881316
    Abstract: A method for testing a new workflowed item associated with a workflow process in a content management system (CMS) is provided. The method may include adding a workflow stage to the workflow process in the content management system (CMS). The method may also include adding a test associated with the workflow stage. The method may further include determining if a criteria threshold is met based on the test associated with the workflow stage. Additionally, the method may include publishing the new workflowed item based on the criteria threshold being met.
    Type: Grant
    Filed: January 29, 2015
    Date of Patent: January 30, 2018
    Assignee: International Business Machines Corporation
    Inventors: Nicholas A. Baldwin, Laurence A. Hey, Eric Martinez de Morentin, Matthew J. Ponsford
  • Patent number: 9875371
    Abstract: A system for controlling access to copyrighted data comprises, at least: a plurality of users having computers, each computer being assigned a unique identity and each computer being configured for communicating with external units via a core network; a core network operated by a telecommunications organization; an access handler configured to communicate with the computers via the core network and a communication interface configured for routing incoming data traffic to a first database; wherein the first database includes at least one table, in which table the unique identities of the computers are associated with access rights for each one of the unique identities, and the first database is configured to communicate with a second database and a third database/server; the second database includes copyrighted data material, and the second database is further configured to communicate via the core network with the computers for transferring requested copyrighted data material.
    Type: Grant
    Filed: January 9, 2013
    Date of Patent: January 23, 2018
    Assignee: Wire I.P. Limited
    Inventor: Magnus Skraastad Gulbrandsen
  • Patent number: 9875363
    Abstract: Embodiments are directed towards decrypting encrypted content. A key for decrypting the encrypted content may be provided to a web application executing within a browser. The application may employ a generic cryptography application program interface (GCAPI) to perform actions on the key, including, storing the key, decrypting an encrypted key, generating another key, converting the key to a different encryption type, or the like. The GCAPI may or may not be enabled to explicitly share the key with the browser's media engine. In response to receiving encrypted content, the GCAPI may provide the key to the application, explicitly or inexplicitly to the browser's media engine, or the like. The key may be utilized by the application, the browser, the media element, browser's media engine, and/or the GCAPI to decrypt the encrypted content. The decrypted content may be displayed within the browser to a user of a client device.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: January 23, 2018
    Assignee: Google LLC
    Inventors: David Kimbal Dorwin, Ryan David Sleevi, Andrew Martin Scherkus
  • Patent number: 9864482
    Abstract: Electronic publications are increasingly replacing physical media, where standards have evolved to mimic these physical media. Accordingly it is beneficial to provide electronic publication software systems and/or software applications to enable new paradigms that provide consumers, authors, publishers, retailers, and others with a method of navigating electronic content comprising the ability to generate a user interface that supports individual page turns as well as small, moderate and large adjustments of position within the electronic content, wherein the user interface supports these adjustments in a manner that is consistent.
    Type: Grant
    Filed: March 13, 2013
    Date of Patent: January 9, 2018
    Assignee: Cognilore Inc.
    Inventors: Andre Dube, Darryl Beallie, Brian Anderson, Cody Thompson
  • Patent number: 9860387
    Abstract: Programmatically reversing numerical line identity presented at a communications services gateway into named IP Telephony users with “prior association”, delivers dynamic “reverse address resolution” switching connections from ground to cloud, permitting any conventional telephone to dial and connect to any associated IP Telephony endpoint in the world, without changes to the conventional telephone. Reversing line identity into associated named users bridges both the addressability and economic divide between mass conventional “paying” (mobile and fixed) and “free”. IP Telephony networks.
    Type: Grant
    Filed: February 15, 2016
    Date of Patent: January 2, 2018
    Assignee: Starlogik IP LLC
    Inventor: Ari Kahn
  • Patent number: 9860061
    Abstract: A method of encrypting information using a computational tag may include, by a mobile electronic device, detecting a computational tag within a near field communication range of the mobile electronic device, identifying a document to be encrypted by the mobile electronic device, transmitting the document to the computational tag by the mobile electronic device, receiving, from the computational tag, an encrypted document, wherein the encrypted document comprises an encrypted version of the document that was to be encrypted, and storing the encrypted document in a memory of the mobile electronic device.
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: January 2, 2018
    Assignee: Xerox Corporation
    Inventors: Gavan Leonard Tredoux, Kanishk Jain
  • Patent number: 9848325
    Abstract: The present disclosure provides for methods and devices for enabling distribution of a first security application comprised in the first wireless device to the second wireless device. One method comprises the steps of receiving, in the first wireless device, using a short distance communication technology, a hardware identifier of the second wireless device, sending, from the first wireless device, the hardware identifier and information identifying the first security application to the network node, receiving, in the network node, from the first wireless device, the hardware identifier of the second wireless device and the information identifying the security application and authorizing, in the network node, the second wireless device to receive and/or activate a second security application associated with the first security application of the first wireless device.
    Type: Grant
    Filed: November 3, 2014
    Date of Patent: December 19, 2017
    Assignees: Sony Corporation, Sony Mobile Communications Inc.
    Inventors: Anders Mellqvist, David Berthet
  • Patent number: 9830295
    Abstract: A resource domain controller in a data processing system stores information that is used to group various resources, such as bus masters and peripherals, into common domains. Each group can be referred to as a resource domain and can include one or more data processor and peripheral devices. The resource domain information is then used to determine whether a particular access request from a data processor is authorized to access its intended target, e.g., one of the peripheral devices, by determining whether the access request and the intended target each belong to a common resource domain. If so, the access request is allowed, otherwise the access request is prevented from being successfully completed.
    Type: Grant
    Filed: January 15, 2015
    Date of Patent: November 28, 2017
    Assignee: NXP USA, Inc.
    Inventors: Lawrence L. Case, Charles E. Cannon, Simon J. Gallimore, Glen G. Wienecke
  • Patent number: 9811799
    Abstract: In a method, system, and computer-readable medium having instructions for providing distributed customer support, a customer care provider for a first business entity receives a request for customer care and the request may be handled by the customer care provider with a remedy, transaction information involving any number of transactions from a repository is accessed using a customer care credential and the repository comprises transaction information for a second business entity, and a limitation on the customer care provider is determined for providing the remedy using the transaction information.
    Type: Grant
    Filed: June 10, 2011
    Date of Patent: November 7, 2017
    Assignees: SONY ELETRONICS, INC., SONY CORPORATION
    Inventor: Albhy Galuten
  • Patent number: 9811645
    Abstract: Technology is disclosed herein for licensing applications using a preferred authorization process dynamically identified based on conditions associated with an initiation of an application. Authorization is then attempted using the preferred authorization process. In some examples, the preferred authorization process is selected from at least a keyless authorization process and a key-based authorization process.
    Type: Grant
    Filed: October 9, 2015
    Date of Patent: November 7, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Gregory Akselrod, Tianyu Xie, Scott Kurtzebom, Gordon Hardy, Sanjay Garg, Chad Shurtz, Karvell Li, Robert Donner
  • Patent number: 9805219
    Abstract: One or more elements on a computing device can be selected and locked from use. For example, a first user (e.g., adult) of a computing device can allow a second user (e.g., child) to use the former's device; however, the first user might not want the second user to have access to all of the elements on the device, and so the first user can select which elements he/she wants to share with the second user and which elements he/she does not want to share. For example, the first user can select elements and choose to lock the selected elements, lock all other elements, lock the selected elements for a certain period of time, or lock the selected elements but allow for earned usage, etc. The lock can be removed in response to an unlock event, which can comprise a user-initiated unlock, a timed unlock, or a user-earned locked.
    Type: Grant
    Filed: January 28, 2016
    Date of Patent: October 31, 2017
    Assignee: A9.COM, INC.
    Inventors: Matthew Warren Amacker, Dawn R Dodd
  • Patent number: 9792450
    Abstract: A method for preserving data redundancy in a data deduplication system in a computing environment is provided. A selected data segment, to be written through the data deduplication system, is encrypted such that the selected data segment is not subject to a deduplication operation. The method determines and identifies copies of the data segment that are to be precluded from data deduplication. A unique encryption key is used to encrypt the selected data segment to be written through the data deduplication system such that the selected data segment is not subject to a deduplication operation. The data deduplication system is tricked to recognize the encrypted, selected data segment as new, undeduplicated data by the encrypting thereby skipping steps of the deduplication operation that includes fingerprint generation and matching. The encrypted, selected data segment is directly written to a new physical storage location.
    Type: Grant
    Filed: February 9, 2015
    Date of Patent: October 17, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Rahul M. Fiske, Carl E. Jones, Subhojit Roy
  • Patent number: 9794907
    Abstract: A wireless location device comprises a BLUETOOTH beacon configured to emit wireless signals and an electromagnetic shielding cover. The BLUETOOTH beacon is positioned within the electromagnetic shielding cover. The electromagnetic shielding cover comprises an inner surface comprising a plurality of micro-structures, and an opening below the inner surface. The inner surface is configured to reflect towards the opening the wireless signals emitted by the BLUETOOTH beacon which are not directly emitted out of the opening.
    Type: Grant
    Filed: August 18, 2016
    Date of Patent: October 17, 2017
    Assignee: HON HAI PRECISION INDUSTRY CO., LTD.
    Inventors: Hsin-Pei Hsieh, Fu-Hsin Chiu, Jen-Tsorng Chang
  • Patent number: 9794151
    Abstract: One embodiment of the present invention sets forth a technique for identifying active streaming connections associated with a particular user account. Each active streaming connection transmits heartbeat packets periodically to a server that tracks the receipt of the heartbeat packets. If, for a particular streaming connection, the server stops receiving heartbeat packets, then the server is able to infer that the streaming connection has been terminated.
    Type: Grant
    Filed: February 7, 2016
    Date of Patent: October 17, 2017
    Assignee: NETFLIX, INC.
    Inventors: James Mitch Zollinger, Julie Amundson Pitt
  • Patent number: 9794239
    Abstract: A method and system for authenticating a user device includes an identity provider reading service and an external service provider receiving a request to access content from a user device and communicating the request to access content from a service provider to the reading service. The request to access content includes cookie data. The external service requests an identity provider token from the cookie data from the reading service based on the request to access. The identity provider reading service communicates the identity provider token to the external service provider. An identity provider communicates with the service provider. The external service generates and communicates an authentication request to the identity provider having the identity provider token and a service provider identifier. The identity provider communicates an assertion signal to the service provider when the cookie data is resolved at the identity provider.
    Type: Grant
    Filed: February 18, 2011
    Date of Patent: October 17, 2017
    Assignee: The DIRECTV Group, Inc.
    Inventors: Kapil Chaudhry, David N. Schlacht
  • Patent number: 9785776
    Abstract: An execution of a data object is identified by a computing device. In response to identifying the execution of the data object, it is determined that the data object has requested a sensitive action of the computing device before interacting with a user of the computing device. In response to determining that the data object has requested the sensitive action, the data object is classified as a high-risk data object.
    Type: Grant
    Filed: April 27, 2015
    Date of Patent: October 10, 2017
    Assignee: iboss, Inc.
    Inventors: Paul Michael Martini, Peter Anthony Martini
  • Patent number: 9781098
    Abstract: Methods, devices, and systems are described for enrolling a user's bring-your-own-device for secure connection to a company's enterprise computer network. From her mobile device, user clicks on a uniform resource locator (URL) to connect with the login web page on the enterprise network. After authentication, checks are performed to verify that the user has authorization to enroll the type of electronic device, and the profile is installed on the device. A notification is sent to the device by a server on the enterprise network, and a secure workspace application is pushed to the device along with configuration data that automatically links the workspace with the parent device enrollment. Once the user launches the secure workspace application the workspace access configuration data and initializes enrollment with the enterprise network, resulting in a linking of the secure workspace application with its parent device enrollment.
    Type: Grant
    Filed: April 17, 2015
    Date of Patent: October 3, 2017
    Assignee: Oracle International Corporation
    Inventors: Mohamad Raja Gani Mohamad Abdul, Bhagavati Kumar Jayanti Venkata, Krithiga Gopalan, Harsh Maheshwari, Nagaraj Pattar, Ravi Verma
  • Patent number: 9769141
    Abstract: Methods and an apparatus are provided for securely authorizing access to remote resources. For example, a method is provided that includes receiving a request to determine whether a user device communicatively coupled to a resource server is authorized to access at least one resource hosted by the resource server and determining whether the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server based at least in part on whether the user device communicatively coupled to the resource server has been issued a management identifier. The method further includes providing a response indicating that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server in response to a determination that the user device communicatively coupled to the resource server is authorized to access the at least one resource hosted by the resource server.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: September 19, 2017
    Assignee: AirWatch LLC
    Inventor: Jonathan Blake Brannon
  • Patent number: 9769137
    Abstract: An extensible mechanism for providing access control for logical objects in a network environment. A security broker is able to dynamically register one or more claims providers, each of which can assert one or more claims about logical objects. The claims providers may be purpose built or may be third party applications which expose data or business rules for use. Claims may be augmented by additional claims providers after the original claim is asserted. The applicability of claims may be scope limited either at the time the claims provider is registered or when the user requests that a security token be issued.
    Type: Grant
    Filed: February 17, 2015
    Date of Patent: September 19, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Venkatesh Veeraraghavan, Javier Dalzell, Benoit Schmitlin, Ambrose T. Treacy, Bryant Fong, Christian Roy
  • Patent number: 9762642
    Abstract: A method implemented by a first client device, the method comprising receiving a media presentation description (MPD) for a media content from a streaming server, receiving a plurality of segments for the media content from one or more streaming servers, and packaging the MPD and at least part of the received segments such that the packaged segments are accessible by a second client device through the packaged MPD.
    Type: Grant
    Filed: January 16, 2014
    Date of Patent: September 12, 2017
    Assignee: Futurewei Technologies, Inc.
    Inventors: Xin Wang, Yongliang Liu
  • Patent number: 9760712
    Abstract: Methods and systems for protecting a virtual machine network are disclosed. In an embodiment, a method involves storing an application whitelist including application-to-user associations in memory such that the application whitelist is immutable by a guest virtual machine, receiving a request to execute an application including an application identifier and a user identifier, comparing the application identifier and the user identifier of the request with the application whitelist, and generating an execution decision indicating whether the requested application can execute on the guest virtual machine.
    Type: Grant
    Filed: May 23, 2014
    Date of Patent: September 12, 2017
    Assignee: VMware, Inc.
    Inventors: Azeem Feroz, Binyuan Chen, Prasad Sharad Dabak
  • Patent number: 9754089
    Abstract: Embodiments of the disclosure provide application management capabilities to enterprises. A computing device of a user, associated with the enterprise, receives an enrollment token signed with a certificate. The enrollment token includes an enterprise identifier associated with the enterprise. The computing device receives a package containing one or more applications. The package also includes an enterprise identifier. Installation and execution of one or more applications from the received package is accepted or rejected based on a comparison of the enterprise identifier from the enrollment token with the enterprise identifier from the received package or application. A web service provides validation services by monitoring the installation and execution of applications on the computing devices associated with the enterprise.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: September 5, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Clifford Paul Strom, Daniel Kevin McBride, Arvind Ramakrishnan, Yashraj Motilal Borse, Chittaranjan Pattekar
  • Patent number: 9749334
    Abstract: In one embodiment, a method includes receiving, from a client device of an author of a message, a request for a restricted ideogram to be inserted into a message; accessing social-networking information for the author; determining, based on the social-networking information for the author, whether the author is authorized to access the restricted ideogram; accessing social-networking information for a recipient user; determining, based on the social-networking information for the recipient user, whether the recipient user is authorized to access the restricted ideogram; and if the author and the recipient user are authorized to access the restricted ideogram, then sending, to the client device of the author, information to insert the restricted ideogram into the message.
    Type: Grant
    Filed: November 14, 2016
    Date of Patent: August 29, 2017
    Assignee: Facebook, Inc.
    Inventors: David Ebersman, Samuel Lessin, Thomas Stocky, Michael Vernal