Access Control Patents (Class 726/27)
  • Patent number: 10263993
    Abstract: A multi-tenant logging system that allows a user to have an individual profile that controls the user's access to tenant logs is provided. The system includes a plugin that adds features of an access control list (ACL) to indexes of a logging stack based on a user's access role. The stack is an aggregate of logs for nodes that are stored globally in the system. When a user requests a particular index to logs in the logging stack, an authorization token associated with the user is provided. Before the user request is allowed to proceed, the access guard plugin performs access control on the stack by referencing the ACL using the authorization token to determine which tenants a user can access in view of the user's current access role. The plugin uses the token and the user identifier to construct the ACL to enable each user's access to the stack.
    Type: Grant
    Filed: January 19, 2018
    Date of Patent: April 16, 2019
    Assignee: Red Hat, Inc.
    Inventors: Jeffrey Jon Cantrill, Eric M. Wolinetz, Luke R. Meyer
  • Patent number: 10255054
    Abstract: In response to an attempt to install an instance of a container in a production environment, a set of security criteria associated with the container and features of the production environment are compared. Based on the comparison, a determination is made as to whether the features of the production environment satisfy the set of security criteria.
    Type: Grant
    Filed: April 13, 2016
    Date of Patent: April 9, 2019
    Assignee: International Business Machines Corporation
    Inventors: Sreekanth R. Iyer, Kaushal K. Kapadia, Ravi K. Muthukrishnan, Nataraj Nagaratnam, Sulakshan Vajipayajula
  • Patent number: 10250568
    Abstract: A retrieving system for retrieving information concealed within a sequence of symbols. The system includes a decoder configurable using rule information and operable when so configured to retrieve the information concealed within the sequence of symbols by applying to the sequence of symbols at least one decoder rule determined by the configuration of the encoder.
    Type: Grant
    Filed: December 23, 2016
    Date of Patent: April 2, 2019
    Inventors: Dilipsinhji Jadeja, Anita Jadeja
  • Patent number: 10244272
    Abstract: Systems and methods for performing adaptive bitrate streaming using alternative streams of protected content in accordance with embodiments of the invention are described. One embodiment of the invention includes a processor, and memory containing a client application. In addition, the client application configures the processor to: request a top level index file identifying a plurality of alternative streams of protected content, where each of the alternative streams of protected content are encrypted using common cryptographic information; obtain the common cryptographic information; request portions of content from at least the plurality of alternative streams of protected content; access the protected content using the common cryptographic information; and playback the content.
    Type: Grant
    Filed: April 6, 2017
    Date of Patent: March 26, 2019
    Assignee: DIVX, LLC
    Inventors: Michael George Kiefer, Eric William Grab, Jason Braness
  • Patent number: 10242209
    Abstract: Task scheduling in a hybrid cloud that includes a private cloud and an external cloud is performed. First a job to be performed is identified. Then, the job identified is decomposed into a set of tasks, whereby a task schedule is obtained for tasks of the set of tasks to be executed across the hybrid cloud. Next, a task to be executed in the external cloud that requires private data from the private cloud for its execution is detected from the task schedule. Finally, one or more non-anonymized portions of the private data are anonymized before execution of the detected task in the external cloud, by executing an anonymizing function from the private cloud. De-anonymization functionality may similarly be involved.
    Type: Grant
    Filed: August 27, 2015
    Date of Patent: March 26, 2019
    Assignee: International Business Machines Corporation
    Inventors: John G. Rooney, Patrick M. Stuedi
  • Patent number: 10242232
    Abstract: A security system determines authorizations for entities to access data objects. The security system may train an adaptive model to predict the intent of a user who provides authorization for various entities or other users. In an embodiment, the adaptive model may be configured to determine latent properties of training data by identifying common parameters between entities that are, or are not, permitted to access given data object(s). The training data may include previous authorizations provided to the entities. Based on the identified common parameters, the model may generate usage expressions for determining a likelihood that the user intends to provide authorization for a given entity to access the given data object. If the likelihood is greater than a threshold value, the security system may provide a recommendation to the user to provide the authorization for the given entity.
    Type: Grant
    Filed: July 6, 2018
    Date of Patent: March 26, 2019
    Assignee: Merck Sharp & Dohme Corp.
    Inventors: David B. Hurry, David J. Tabacco
  • Patent number: 10235730
    Abstract: A method, apparatus and computer readable storage to implement an automated system for video surveillance in a casino or other controlled environment. Players in the casino can be automatically scanned and analyzed for whether they are under the legal gambling age or not. When an underage gambler is detected, a casino security employee (or other casino personnel) is notified so they can take the appropriate action. Similarly, players who are excluded from the casino can also be automatically detected and would be ejected when detected.
    Type: Grant
    Filed: July 8, 2014
    Date of Patent: March 19, 2019
    Assignee: VISUALMITS, LLC
    Inventors: Perry Stasi, Ryan McClellan
  • Patent number: 10230732
    Abstract: A global policy store, in which policies applicable to multiple applications in an enterprise environment can be stored, can be stored in association with that environment. An application-level policy combining algorithm can be associated with a specific application to resolve conflicts between the results of evaluating policies that pertain to that application's resources. A persistent model is defined for an Extensible Access Control Markup Language (XACML) target definition.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: March 12, 2019
    Assignee: Oracle International Corporation
    Inventors: Sirish V. Vepa, Hari Sastry, Alan Cao, Cynthia Ding
  • Patent number: 10225263
    Abstract: Aspects described herein relate to controlling incoming data processing requests or messages and whether the incoming data processing requests are allowed to reach destination applications unmodified. The destination application may be a secure application operating within a secure application wrapper, and the secure application wrapper may determine whether and how much of the request or message is allowed to pass into a managed partition or through the secure application wrapper to reach the secure application for processing.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: March 5, 2019
    Assignee: Citrix Systems, Inc.
    Inventors: Jason Knight, Nitin Desai, Gary Barton, Sameer Mehta
  • Patent number: 10223178
    Abstract: WPD devices can be managed at the device capability level. When a WPD device is connected to a computer, a filter driver can be employed to examine communications with the WPD device. During initialization, the WPD device will provide a list of its capabilities. The filter driver can intercept this list and compare it against any applicable policies to determine whether any capabilities should be blocked. When it is determined that a capability should be blocked, the filter driver can remove the capability from the list while retaining any non-blocked capabilities. The filter driver can also cause device initialization to fail in some scenarios. In this way, an administrator can block specific capabilities of a WPD device rather than blocking the entire device.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: March 5, 2019
    Assignee: WYSE TECHNOLOGY L.L.C.
    Inventor: Gokul Thiruchengode Vajravel
  • Patent number: 10198594
    Abstract: A method for displaying notification information on an electronic device is disclosed. The method includes: receiving notification information in a lockscreen state; determining a user type of a user to view the notification information; determining a display mode of the notification information according to the user type; and displaying the notification information on the electronic device according to the display mode.
    Type: Grant
    Filed: November 5, 2015
    Date of Patent: February 5, 2019
    Assignee: Xiaomi Inc.
    Inventors: Bo Zhang, Ruijun Xu, Zhenwei Wen
  • Patent number: 10187915
    Abstract: A controlling method for a portable information capture device includes controlling the portable information capture device to run in a relay station mode or a workstation mode via a wireless connection by using a mobile device, when the portable information capture device runs in the relay station mode, receiving a media data of the portable information capture device via the wireless connection by using the mobile device, and when the portable information capture device runs in the workstation mode, transmitting a connection data to the portable information capture device via the wireless connection by using the mobile device, so as to cause the portable information capture device using the connection data to build a connection with a relay station.
    Type: Grant
    Filed: February 13, 2017
    Date of Patent: January 22, 2019
    Assignee: GETAC TECHNOLOGY CORPORATION
    Inventor: Chia-Chuan Wu
  • Patent number: 10185838
    Abstract: A processor-based method to defeat file and process hiding techniques in a computing device is provided. The method includes generating one of a path permutation, a symlink, or an address, for a path to open or obtain status of a tool or function in a library in a mobile computing device and making an open or status call for the tool or function, using the one of the path permutation, symlink or address. The method includes avoiding a pattern match and blocking, by an injected library, of the open or status call, the avoiding being a result of making the open or status call using the path permutation, symlink or address.
    Type: Grant
    Filed: February 20, 2018
    Date of Patent: January 22, 2019
    Assignee: SYMANTEC CORPORATION
    Inventors: Nathan Evans, Azzedine Benameur, Yun Shen
  • Patent number: 10180975
    Abstract: According to an implementation, a host computing device receives, from a first computing device, a data collection request of a first user. The data collection request indicates a data point (whose characteristics are defined in a mark-up language schema) that is to be the subject of the data collection and identifies a second user as provider of a value for the data point. The host computing device notifies the second user of the data collection request and receives, from a second computing device, a request of the second user for the data point to be assigned a plurality of categories. In response to the request of the second user, the host computing device extends the mark-up language schema to characterize the plurality of categories within the mark-up language schema.
    Type: Grant
    Filed: April 8, 2016
    Date of Patent: January 15, 2019
    Assignee: Workiva Inc.
    Inventors: Matthew James Heying, Matthew Keller, Dean Anthony Ritz, Christian Plazas, Jacob Joshua Caban-Tomski, Matthew Sanders
  • Patent number: 10181177
    Abstract: The invention relates to a method for masking an item among a plurality of items displayed on a touchscreen terminal, the method being such that it has, following an action (300) by a user, steps of display (301) of a masking symbol associated with an item at a first location; of detection (302) of contact with the screen on a non-masked item; of continuous movement (303) of the masking symbol on the item in correlation with movement of the contact detected on the screen and of masking of that portion of the item that is situated between the masking symbol and the first location; and of masking (304) of the whole of the item when the masking symbol is at a second location and the contact is no longer detected. The invention likewise relates to a device and a terminal that implement this method.
    Type: Grant
    Filed: June 16, 2015
    Date of Patent: January 15, 2019
    Assignee: Orange
    Inventors: Cedric Floury, Violaine Mercier
  • Patent number: 10171395
    Abstract: Systems and methods for filtering aircraft messages are provided. In one embodiment, the method can include receiving a message including a plurality of data fields containing data associated with the message. The method can include accessing a set of configuration data. The set of configuration data can include a set of data identifying one or more potential message structures and one or more parameters. The parameters can include one or more conditions for processing the data fields. The method can include determining a message structure of the message based at least in part on the data fields and the first set of data identifying one or more potential message structures. The method can include processing the message based at least in part on the message structure and the parameters. The method can include generating a filtered message that is based at least in part on the processed message.
    Type: Grant
    Filed: March 22, 2016
    Date of Patent: January 1, 2019
    Assignee: GE Aviation Systems LLC
    Inventors: David Barnard Pierce, Adam Veenendaal, Brent Hooker, Steven Furtwangler
  • Patent number: 10169589
    Abstract: A method for allowing a computer to boot from a user trusted device is provided. The computer includes a long-term data storage device storing operating system (OS) services. The user trusted device is connectable to the computer and stores a boot loader detectable and executable by a firmware of the computer, an OS loader designed to load an OS of the computer, and one or more crypto drivers designed for allowing access to the OS and data stored encrypted on the data storage device. The method comprises letting the boot loader be executed to cause to transfer the OS loader from the user trusted device to the computer and executing the transferred OS loader to cause to execute the one or more crypto drivers for the OS and the data stored encrypted on the data storage device to start the OS services and complete booting of the computer.
    Type: Grant
    Filed: July 21, 2017
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventor: Thomas Gschwind
  • Patent number: 10169610
    Abstract: According to one embodiment of the present invention, a system for protecting data determines a desired duplication rate based on a level of desired anonymity for the data and generates a threshold for data records within the data based on the desired duplication rate. The system produces a data record score for each data record based on comparisons of attributes for that data record, compares the data record scores to the threshold, and controls access to the data records based on the comparison. Embodiments of the present invention further include a method and computer program product for protecting data in substantially the same manners described above.
    Type: Grant
    Filed: November 11, 2016
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: Lawrence Dubov, Scott Schumacher
  • Patent number: 10169468
    Abstract: The present invention is directed to a method of calculating the results of a moving k-nearest query and safe exit locations in a road network, and more particularly to a method and apparatus that receive a request from a client terminal and provide the results of a k-nearest query, a safe zone and safe exit locations together. In the present invention, a query is processed in a server, a request for a query from a querying user and the location information of the querying user are received from an LBS, the location information of the querying user is anonymized and then the query request is transferred to the server, and query results corresponding to the anonymized location information of the querying user are received from the server and then transferred to the querying user, thereby protecting the location information of the querying user.
    Type: Grant
    Filed: February 13, 2014
    Date of Patent: January 1, 2019
    Assignee: AJOU UNIVERSITY INDUSTRY—ACADEMIC COOPERATION FOUNDATION
    Inventors: Hyung Ju Cho, Tae Sun Chung, Se Jin Kwon, Rize Jin
  • Patent number: 10158488
    Abstract: An example apparatus to collect distributed user information for media impressions and search terms includes means for collecting first and second identifiers based on use of an application that does not employ cookies, the first identifier identifying at least one of a device or a user of the device to a first database proprietor that stores first user information associated with the first identifier, and the second identifier identifying the at least one of the device or the user of the device to a second database proprietor that stores second user information associated with the second identifier, and means for sending identifiers to: send the first identifier to a first server associated with the first database proprietor, send the second identifier to a second server associated with the second database proprietor, and send to a data collection server at least one of a media identifier indicative of media accessed via the application at the device or a search term used via the application at the device.
    Type: Grant
    Filed: May 18, 2018
    Date of Patent: December 18, 2018
    Assignee: THE NIELSEN COMPANY (US), LLC
    Inventors: Alan N. Bosworth, Madhusudhan Reddy Alla, Steven J. Splaine, Brahmanand Reddy Shivampet, Kevin K. Gaynor
  • Patent number: 10140194
    Abstract: A system that includes a storage volume comprising a plurality of regions. The system also includes a plurality of nodes to receive transactions related to the storage volume from one or more client computers and execute the transactions. Each node is designated as an owner of one region of the plurality of regions. Each one of the plurality of nodes includes a ticket dispenser for dispensing tickets that ensure that the transactions that are actively being executed have exclusive access to a storage object identified in the transaction.
    Type: Grant
    Filed: March 20, 2014
    Date of Patent: November 27, 2018
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Mark Doherty, Siamak Nazari, Jonathan Stewart, Richard Dalzell, Peter Hynes
  • Patent number: 10142955
    Abstract: A method for controlling device triggering in a mobile communication system includes registering a default urgent level of a terminal when the terminal is connected, receiving a device trigger register including urgent level information transmitted from an application server, and setting the received urgent level in a packet filter, and comparing, upon reception of a downlink data packet from the application server, a default urgent level and an urgent level of the application server to determine whether to transmit a downlink data notification. The method further includes receiving a device trigger register including wait time information transmitted from an application server, and then setting the received wait time in the packet filter, and buffering during the wait time upon reception of the downlink data packet from the application server, and then determining a downlink data notification transmission upon expiration of the wait time.
    Type: Grant
    Filed: July 6, 2012
    Date of Patent: November 27, 2018
    Assignee: Samsung Electronic Co., Ltd.
    Inventors: Song Yean Cho, Ji Cheol Lee, Beom Sik Bae, Sang Soo Jeong
  • Patent number: 10140600
    Abstract: A system and method for mobile peer authentication and asset control. The system and method may be configured to authenticate peer users across any digital network and platform and may allow users to independently control access to content they share with others across the same platforms from their computing devices. Senders may anonymously verify other mobile users according to device, location, behavior, and knowledge contexts, and may independently control or monetize shares with one or more of those peers in real-time across any social, messaging, or electronic communication network, either by value or by reference.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: November 27, 2018
    Assignee: LIVEENSURE, INC.
    Inventor: Christian J. Hessler
  • Patent number: 10136312
    Abstract: Some embodiments relate to a device that transmits/receives encrypted communications with another device. A first device, such as a smart phone or smart watch, may generate a message associated with a certain data class, which may determine the security procedure used in the communication of the message. The first device may establish an encryption session for the purpose of communicating the message to a second device. Prior to sending the message, the first device may wait until encryption credentials are accessible according to certain conditions, which may be determined at least in part by the data class of the message. Similarly, after receiving the message, the second device may not be able to decrypt the message until encryption credentials are accessible according to certain conditions, which may be determined at least in part by the message data class.
    Type: Grant
    Filed: June 16, 2017
    Date of Patent: November 20, 2018
    Assignee: Apple Inc.
    Inventors: Berkat S. Tung, Daniel B. Pollack, Hyeonkuk Jeong, Joe S. Abuan, Pierre J. De Filippis, Yan Yang
  • Patent number: 10136313
    Abstract: The invention relates to a method and a device for the control of a locking mechanism (2) by a user (5) by means of a mobile terminal (1) comprising a user interface (4), means for establishing a local data connection (3) and means for establishing a connection to a network (6), in particular the Internet, wherein the locking mechanism (2) can be connected to the local data connection (3), wherein an identity provider (7) that can be connected to a network (6) and an authorization entity (8) that can be connected to a network (6) are provided, and wherein the mobile terminal (1) is designed to log in to the identity provider (7).
    Type: Grant
    Filed: May 29, 2013
    Date of Patent: November 20, 2018
    Assignee: TAPKEY GMBH
    Inventor: Markus Minichmayr
  • Patent number: 10129035
    Abstract: A device identification is generated for a programmable device. A security key is generated to protect a content of the programmable device. A device birth certificate is generated with the device identification and the security key. The programmable device is programmed with the device birth certificate at time of manufacture of the programmable device.
    Type: Grant
    Filed: July 1, 2016
    Date of Patent: November 13, 2018
    Assignee: Data I/O Corporation
    Inventors: Rajeev Gulati, Anthony Ambrose
  • Patent number: 10122601
    Abstract: To provide a technique for appropriately managing the log of a change of state of an electronic device, an electronic device including a wireless communication unit, detects, via the wireless communication unit, wireless communication from a terminal existing on the periphery of the electronic device; detects a change of state of the electronic device. The electronic device generates a first log that associates identification information corresponding to information included in the wireless communication with the detected change of state, generates a second log that associates identification information used to identify a user specified based on the login operation with the detected change of state, and stores the first log and the second log.
    Type: Grant
    Filed: March 16, 2016
    Date of Patent: November 6, 2018
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Noboru Oba
  • Patent number: 10108733
    Abstract: Computer implemented methods and systems are provided for providing customized web pages that are customized for each user. A database can store first entries each being configured to store user information for each user, and second entries each being configured to store an identifier and customized content for each user (or alternatively a way to retrieve such customized content). A tree-like data structure is stored in cache and includes nodes that each store an identifier that refers to one of the second entries. After log in, the server system retrieves user information associated with the particular user and uses it to retrieve a particular identifier stored by a particular node. Using a corresponding one of the second entries that includes the particular identifier, particular customized content for the particular user can be retrieved and sent to a user system where it is used to display a particular customized web page for that particular user.
    Type: Grant
    Filed: May 26, 2016
    Date of Patent: October 23, 2018
    Assignee: salesforce.com, inc.
    Inventors: Anil Jacob, Amol Hardikar, Archana Sethuraman
  • Patent number: 10108808
    Abstract: Data access sharing may be provided. Requests may be received to display an data item associated with a list of data items. Upon determining whether a property of the data item is restricted by an access control policy, the property may be modified prior to rendering a display of the data item.
    Type: Grant
    Filed: January 11, 2016
    Date of Patent: October 23, 2018
    Assignee: AIRWATCH LLC
    Inventor: Erich Stuntebeck
  • Patent number: 10104129
    Abstract: Various embodiments provide confidentiality-based file hosting by automatically directing assets in a shared workspace to appropriate storage locations. The storage location can be determined by comparing a security level that is associated with an asset to security levels of multiple possible storage locations. If a security level of the asset is changed in the shared workspace, the asset is automatically directed to an appropriate storage location based on the changed security level. This can include directing the asset to either a more secure or a less secure storage location.
    Type: Grant
    Filed: June 15, 2016
    Date of Patent: October 16, 2018
    Assignee: Prysm, INC.
    Inventors: Brandon Fischer, Adam P. Cuzzort
  • Patent number: 10097402
    Abstract: In accordance with examples disclosed herein, a filter table for Media Access Control (MAC) chaining contains mappings between signature addresses, service functions, and management functions, to identify corresponding service function chains. The filter table is to store statistic information about the packet. A controller is to uniquely identify a management function corresponding to the signature address, and modify tables of packet signature addresses usable to modify the packet to cause the packet to be forwarded to the management function. The controller is to update the statistic information about the packet.
    Type: Grant
    Filed: May 11, 2016
    Date of Patent: October 9, 2018
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Donald Fedyk, Paul Allen Bottorff
  • Patent number: 10097523
    Abstract: In order to provide secure user access to a device or service on a remote network, upon receipt of a request to access the device or service on a portal on a central server, a request is sent to a probe application installed on the remote network to establish a secure link to the central server. A message is then sent to the user directing the user to initiate a specific session request to the central server. The session request is cross connected to the probe application installed on the remote network over the secure link to establish a secure tunnel to the probe application. A secure user session is set up through the secure tunnel to the device or service via the probe application.
    Type: Grant
    Filed: January 30, 2012
    Date of Patent: October 9, 2018
    Assignee: Martello Technologies Corporation
    Inventors: Bill Kuker, Ryan Tenney, Clement Tse
  • Patent number: 10084784
    Abstract: Functionality is disclosed herein for providing a resource monitoring environment that restricts access to computing resource data in a service provider network. The resource monitoring environment processes requests to access computing resource data, and denies requests not signed or authorized by a customer of a service provider network or other entity. Access to the computing resource data includes access to non-obfuscated data and/or access to encrypted computing resource data encrypted by way of a public encryption key held by a customer of the service provider network or other entity instead of a requestor of the computing resource data.
    Type: Grant
    Filed: December 2, 2014
    Date of Patent: September 25, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Eric J. Brandwine, Matthew Shawn Wilson
  • Patent number: 10078762
    Abstract: The disclosed computer-implemented method for digitally enforcing computer parental controls may include (i) identifying a parental-control policy that controls a user's computer usage in some way, (ii) determining that the user is using a primary device, which is configured to restrict its usage according to the terms of the parental-control policy, to access a secondary device, which is not configured to restrict its usage according to the terms of the parental-control policy, and (iii) restricting, in response to the determination, the user's access to the secondary device according to the terms of the parental-control policy. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 23, 2016
    Date of Patent: September 18, 2018
    Assignee: Symantec Corporation
    Inventors: Lei Gu, Keith Newstadt
  • Patent number: 10073978
    Abstract: For efficient authorization settings in a computing environment, user access permissions are created or modified by mapping, granting, and/or limiting access to resources by resource type, and using checkboxes for controlling user access for individual resources and for mapping one of a multiplicity of icons to control a type of user access and control over the individual resources.
    Type: Grant
    Filed: April 16, 2014
    Date of Patent: September 11, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Paul A. Jennas, II, Jason L. Peipelman, Cory Thorpe, Chris Zukowski
  • Patent number: 10061924
    Abstract: Trusted executable images are run in a controlled environment, such as a dynamic malware analysis platform. For each trusted executable image, a corresponding baseline import-load signature is generated. This can be done by applying a cryptographic hash function to the specific instructions which resolve imports and/or load libraries, and their operands. Sample programs are run in the controlled environment and tested for maliciousness. Any executable image run by a given sample program in the controlled environment is identified, and an import-load signature of the executable image when run by the sample program is generated. The import-load signature of the executable image when run by the sample program is compared to the corresponding stored baseline import-load signature for the same executable image. The sample program is adjudicated as being benign or malicious based on at least the results of the comparison.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: August 28, 2018
    Assignee: Symantec Corporation
    Inventor: Prashant Gupta
  • Patent number: 10055418
    Abstract: The disclosed technology provides systems and methods for filtering information based on a set of properties. The information consists of a set of items that the user is interacting with, such as documents, presentations, audio and video files, and the like. The properties can be specified by the user (by, for example, putting a set of items in lists and folders), based on actions taken by users in the system (such as commenting on, or liking, or viewing an item), or can represent a variety of other characteristics. Related properties can also be grouped together. Furthermore, the disclosed techniques provide mechanisms for automatically identifying useful properties and providing an indication of those useful properties to a user to use in narrowing results.
    Type: Grant
    Filed: March 13, 2015
    Date of Patent: August 21, 2018
    Assignee: Highspot, Inc.
    Inventors: Oliver Sharp, David Wortendyke, Scot Gellock, Robert Wahbe
  • Patent number: 10055444
    Abstract: A system may receive a query configured to access a column in a data table. The data table may be in a flat file in a big data storage format. The system may detect the language type of the query and validate the query against the syntax of the language type. The system may also validate an access permission for data in the data table. The access permission may be stored in a permissions database. The system may generate a temporary table including the column with the temporary table configured to support the language type. The system may execute the query against the temporary table to generate a query result based on the temporary table as though it were the underlying data table. The system may enforce column-level or row-level access permissions by excluding columns or rows from the temporary table.
    Type: Grant
    Filed: December 16, 2015
    Date of Patent: August 21, 2018
    Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.
    Inventors: Shubham Arora, Balaji Balaraman, Sandeep Bose, Arindam Chatterjee, Sastry Durvasula, Manoj Kumar Rana, Nitish Sharma
  • Patent number: 10055992
    Abstract: The invention relates to a method for managing on-street parking spaces. The method includes querying, by a unit of a vehicle, vehicle sensors about the occupancy status of a parking space around the vehicle, the setting up of a communication channel between the unit and a remote server, the authentication of the unit with the server, the sending of a message with a public encryption key by the server to the unit, the encryption of the geolocation data and the occupancy status, the sending of the encrypted data to server, the decryption by the server of the received encrypted data, the comparison of the geolocation data received with a database containing referenced parking spaces and the update in the database of the occupancy status of referenced parking spaces.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: August 21, 2018
    Assignee: GEMALTO SA
    Inventors: Mikael Riou, Francois-Xavier Marseille
  • Patent number: 10044718
    Abstract: In a method of controlling sharing of an object between entities in a distributed system, a processor will identify an object and generate an access control list (ACL) for the object so that the ACL includes a list of clauses. Each clause will include a blessing pattern that will match one or more blessings, and at least one of the clauses also may include a reference to one or more groups. Each group represents a set of strings that represent blessing patterns or fragments of blessing patterns. The processor may generate each clause of the ACL as either a permit clause or a deny clause to indicate whether an entity or entities that have a blessing matched by the blessing pattern are permitted to access the object. The processor will save the ACL to a data store for use in responding to a request to access the object.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: August 7, 2018
    Assignee: Google LLC
    Inventors: Michael Burrows, Martin Abadi, Himabindu Pucha, Adam Sadovsky, Asim Shankar, Ankur Taly
  • Patent number: 10034061
    Abstract: A method and system are performed by a processor of an audio-visual device according to instructions stored in a memory of that device that determines identity of a content medium based upon attributes associated with it and a set of user-defined settings associated with the content medium. The processor identifies a set of source-defined settings for configuring the device and selects one set of user-defined settings or the set of source-defined settings for configuring the audio-visual device. In addition, the processor determines if preexisting attributes exist that if it has to override the set of user-defined settings. It then configures one of the set of user-defined or overrides the settings. All channels from a particular network provider utilize the same set of user-defined settings, including channels that have not been visited by a user and future channels that have not yet been created.
    Type: Grant
    Filed: November 8, 2013
    Date of Patent: July 24, 2018
    Assignee: THOMSON Licensing
    Inventor: Alan Jay Stein
  • Patent number: 10033793
    Abstract: Methods and apparatus for monitoring a portable device are disclosed herein. An example method includes connecting to a portable device using a shell. Whether the shell has an elevated privilege on the portable device is verified. In response to detecting that the shell does not have the elevated privilege, the elevated privilege is gained. A packet capturer is installed on the portable device using the elevated privilege, the packet capturer to capture packets to produce media exposure data, the elevated privileges to enable the packet capturer to capture packets after disconnection of the shell from the portable device.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: July 24, 2018
    Assignee: The Nielsen Company (US), LLC
    Inventors: Tero Lindberg, Jason Browne, John Stavropoulos
  • Patent number: 10027486
    Abstract: This disclosure concerns homomorphic encryption for database querying. Numerical values are encrypted using keys and random numbers to produce a ciphertext. The ciphertext is homomorphic and is comprised of two or more sub-ciphertexts. Queries based on addition, average and multiplication operations can be performed without decrypting the numerical values relevant to the query. Each sub-ciphertext is stored in a single record and in separate attributes. There is disclosed methods of encrypting and decrypting, creating a suitable table, querying such a database and updating such a database.
    Type: Grant
    Filed: June 21, 2013
    Date of Patent: July 17, 2018
    Assignee: COMMONWEALTH SCIENTIFIC AND INDUSTRIAL RESEARCH ORGANISATION
    Inventor: Dongxi Liu
  • Patent number: 10027497
    Abstract: A content distribution network includes first and second controllers, and multicast enabled routers. The first controller is configured to select a multicast channel for distributing content, to determine that the content has a geographic restriction associated with a restricted area in the content distribution network, to link an exclusion policy for the content to the multicast channel while the multicast channel provides the content, and to deny a request for the content from a client system within the restricted area based on the exclusion policy. The second controller is configured to distribute the exclusion policy to the multicast enabled routers including a first router configured to store the exclusion policy, and to ignore a multicast join message from the client system within the restricted area based on the exclusion policy.
    Type: Grant
    Filed: May 12, 2016
    Date of Patent: July 17, 2018
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Han Q. Nguyen, Huajin Jeng, Douglas M. Nortz
  • Patent number: 10021087
    Abstract: A system and method for communicating secure, privatized data stored on a first user device with a second user device requesting access thereto includes initiating a timed access gate for receiving verification of authenticating credentials from the second user device, after the first user credentials associated with the first user device are verified. If the second user device is verified within the predetermined period of time, an authentication handshake between the first user device and the second user device is completed. On completion of the handshake, a communication channel is opened for transmitting the first user's privatized data between the first user device and the second user device.
    Type: Grant
    Filed: August 27, 2015
    Date of Patent: July 10, 2018
    Inventors: Mansour Aaron Karimzadeh, F. Avraham Dilmanian, Farshad Namdar
  • Patent number: 10019572
    Abstract: Disclosed are various embodiments for detecting malicious activities by imported software packages. A monitoring service determines that untrusted code executing in at least one computing device has invoked a privileged operation. A context in which the privileged operation is invoked is identified. The monitoring service determines whether the context and the privileged operation corresponds to an expected behavior of the untrusted code based at least in part on a past behavior profile of the untrusted code. An action is performed in response to determining that the context and the privileged operation do not correspond to the expected behavior.
    Type: Grant
    Filed: August 27, 2015
    Date of Patent: July 10, 2018
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 10002512
    Abstract: A system and method of loss prevention using a pair of ID tags is disclosed. The user or owner of the protected object can dynamically create a security perimeter by using key ID tag and object ID tag pair. An object ID tag is either embedded in or attached to a protected object. A key ID tag, which is in a handheld device, has protection to prevent unauthorized scan. The object ID tag information can only be obtained from key ID tag using preprogrammed algorithm. The area security system will be armed after reading and validating a key ID tag scanned by the user. If anyone takes protected object with object ID tag out of the area without proper key ID tag authentication, alarm will be triggered.
    Type: Grant
    Filed: January 30, 2014
    Date of Patent: June 19, 2018
    Inventor: Le-Jun Yin
  • Patent number: 9996680
    Abstract: The apparatus disclosed herein, in various aspects, includes a digital asset, and an amulet that comprises an encrypted self-validating string. The amulet may be external to the digital asset. The apparatus may include a manager that cooperates securely with the digital asset and cooperates securely with the amulet to control access to the digital asset as specified by the amulet. In some aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through shared memory in process space. In other aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through a RAM drive in memory, the RAM drive at least partially hidden from an operating system of the computer. In yet other aspects, the manager cooperates with the digital asset and with the amulet, at least in part, through a virtual machine accessible only by said apparatus.
    Type: Grant
    Filed: January 19, 2016
    Date of Patent: June 12, 2018
    Inventor: F. Scott Deaver
  • Patent number: 9996705
    Abstract: Techniques for determining potential sharing of private data are described herein. The techniques may include identifying content having computer readable access rules associated with a private domain of a social network, and identifying private data of the content. A potential share of the content outside of the private domain is detected and a search of the potential share to determine whether the potential share is associated with the private data is performed. The techniques may also include detecting a match between the potential share and the private data.
    Type: Grant
    Filed: July 14, 2015
    Date of Patent: June 12, 2018
    Assignee: International Business Machines Corporation
    Inventor: Vladimir Gamaley
  • Patent number: 9984253
    Abstract: Techniques for determining potential sharing of private data are described herein. The techniques may include identifying content having computer readable access rules associated with a private domain of a social network, and identifying private data of the content. A potential share of the content outside of the private domain is detected and a search of the potential share to determine whether the potential share is associated with the private data is performed. The techniques may also include detecting a match between the potential share and the private data.
    Type: Grant
    Filed: May 4, 2016
    Date of Patent: May 29, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Vladimir Gamaley