Management Patents (Class 726/6)
  • Patent number: 10021081
    Abstract: A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic.
    Type: Grant
    Filed: February 12, 2010
    Date of Patent: July 10, 2018
    Assignee: FACEBOOK, INC.
    Inventor: Christopher Newell Toomey
  • Patent number: 9985941
    Abstract: An embodiment of the invention may include a method, computer program product and computer system for password management. The embodiment may include a computing device that creates a password inventory. The password inventory may be a list of one or more passwords, where each of the one or more passwords corresponds to a password key. The embodiment may update the password inventory without input from a user. The embodiment may receive a first login request from a first device. The embodiment may transmit information detailing a first password key to the first device, where the first password key corresponds to a first password from the list of one or more passwords. The embodiment may receive information detailing a first entered password from the first device. The embodiment may determine whether the first entered password is identical to the first password from the list of one or more passwords.
    Type: Grant
    Filed: September 8, 2015
    Date of Patent: May 29, 2018
    Assignee: International Business Machines Corporation
    Inventors: Rhonda L. Childress, Itzhack Goldberg, Clifford A. Pickover, Neil Sondhi
  • Patent number: 9985991
    Abstract: A method and system for password mediation including identifying an HTTP request issued by a client application executing on a client device, the HTTP request indicating an operation to be performed for a user of the client application at a destination system, obtaining user credentials using the HTTP request, requesting security information for the user with respect to the destination system, determining whether the user is allowed to perform the operation based on the security information, and upon determining that the user is allowed to perform the operation, modifying the HTTP request based on the security information and sending the modified HTTP request to the destination system.
    Type: Grant
    Filed: February 26, 2013
    Date of Patent: May 29, 2018
    Assignee: Red Hat, Inc.
    Inventors: Filip Elias, Filip Nguyen
  • Patent number: 9985949
    Abstract: Embodiments of the present invention disclose a method, computer program product, and system for authenticating a user. The application server receives a user log in request and determines if a unique identification accompanies the received user log in request. The application server uses the unique identification to authenticate the identity of the user. The application server determines if the unique identification has been previously received by searching a first database to see if the unique identification was already stored in the first database. If the unique identification is not in the first database then the application server stores the unique identification and grants the user access to the one or more applications hosted on the application server.
    Type: Grant
    Filed: January 25, 2016
    Date of Patent: May 29, 2018
    Assignee: International Business Machines Corporation
    Inventor: Stanley K. Jerrard-Dunne
  • Patent number: 9979764
    Abstract: Methods, systems, computer-readable media, and apparatuses for providing secure resources to a native operating system resource are described herein. Using one or more aspects described herein, a mobile device may determine that a native operating system service requests to access content located within a wrapped application. The mobile device may transmit, to the native operating system service, a server path to a loopback web server within the wrapped application to elicit a request from the native operating system service to the loopback web server for the content. In response to receiving a request comprising the server path to the loopback web server to retrieve the content from the loopback web server, the mobile device may instruct the loopback web server to transmit an unencrypted version of the content to the native operating system service.
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: May 22, 2018
    Assignee: Citrix Systems, Inc.
    Inventor: Krishna Kumar
  • Patent number: 9979545
    Abstract: Techniques for accelerated authentication include receiving first data that indicates a first portion of user credentials for a first user but not a second portion. It is verified whether the first portion of user credentials is valid. If the first portion of user credentials is valid, then second data that indicates a valid value for the second portion of user credentials for the first user is sent. Other techniques include receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user. A first message that indicates the first portion of user credentials is sent to a remote process that initiates authentication of the first user based on the first portion of user credentials before receiving second data that indicates the second portion of user credentials for the first user.
    Type: Grant
    Filed: May 24, 2017
    Date of Patent: May 22, 2018
    Assignee: Nokia Technologies Oy
    Inventors: Yan Fu, Nadarajah Asokan, Ville Aarni
  • Patent number: 9971894
    Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: May 15, 2018
    Assignee: Advanced Elemental Technologies, Inc.
    Inventors: Victor Henry Shear, Peter Robert Williams, Jaisook Rho, Timothy St. John Redmond
  • Patent number: 9961409
    Abstract: There is provided a reception device configured to receive content broadcast via a broadcasting network, the reception device including an application execution unit configured to execute a link application that is able to change a layout of a screen with reference to a video of the received content, and an application control unit configured to control the application execution unit based on application control information relating to the link application so that activation of the link application is restricted.
    Type: Grant
    Filed: April 9, 2013
    Date of Patent: May 1, 2018
    Assignee: SONY CORPORATION
    Inventors: Naohisa Kitazato, Yoshiharu Dewa
  • Patent number: 9948683
    Abstract: This disclosure relates to enforcing restrictions on data collected from a first set of systems and disseminated to a second set of systems. For example, a method for enforcing a set of restrictions includes receiving a first trait and a second trait that include data describing a user that has interacted with an online service. The first trait is labelled with a first usage restriction and the second trait is labelled with a second usage restriction different from the first usage restriction. The method further includes combining the first trait and the second trait into a segment. The segment preserves labelling of the first trait with the first usage restriction and the second trait with the second usage restriction. The method further includes controlling use of the segment based on the first usage restriction and the second usage restriction.
    Type: Grant
    Filed: September 15, 2015
    Date of Patent: April 17, 2018
    Assignee: Adobe Systems Incorporated
    Inventors: David Weinstein, Harleen Sahni, Matthew Donofrio, Edward Schuchardt, Vinay Goel, Rafaat Hossain
  • Patent number: 9935849
    Abstract: An approach for assessing a service offering selected by a user in a networked computing environment (e.g., a cloud computing environment) is provided. In one aspect, a network environment containing the service offering is monitored for a software configuration activity performed by the user. This software configuration activity is analyzed to identify the software application that is being configured. A set of provider-managed service offerings can be searched for any provider-managed service offering that contains an offered application corresponding to that of the software application. This managed service offering can be included in an alternative suggestion for the service offering.
    Type: Grant
    Filed: April 13, 2017
    Date of Patent: April 3, 2018
    Assignee: International Business Machines Corporation
    Inventors: Kelly Abuelsaad, Lisa Seacat DeLuca, Soobaek Jang, Daniel C. Krook
  • Patent number: 9935949
    Abstract: Embodiments are provided for mutually authenticating a pair of electronic devices. According to certain aspects, the electronic devices may connect to each other via an out-of-band communication channel. The electronic devices may each output audio signals and detect audio signals output by the other electronic devices. Based on timestamps associated with audio output and detection events, each of the electronic devices may calculate relevant time and distance parameters, and transmit the calculated parameters to the other electronic device via the out-of-band communication channel. The electronic devices may compare the calculated parameters to determine mutual authentication.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: April 3, 2018
    Assignee: GOOGLE LLC
    Inventors: Michael Daley, Peiter Zatko, Deepak Chandra
  • Patent number: 9930032
    Abstract: A mechanism is provided for selective password synchronization. An indication is received that a password is to be changed for an account in a plurality of accounts associated with an individual, where the indication includes a new password. Responsive to receiving the indication of the password change, the account is grouped with one or more other accounts in the plurality of accounts thereby forming a first subset of accounts, where grouping the account with the one or more other accounts in the plurality of accounts excludes at least one account in the plurality of accounts thereby forming a second subset of accounts. The new password is propagated to the first subset of accounts according to a first policy. The new password is propagated to a second subset of accounts of the plurality of accounts according to a second policy, where the second policy is different from the first policy.
    Type: Grant
    Filed: January 3, 2017
    Date of Patent: March 27, 2018
    Assignee: International Business Machines Corporation
    Inventors: Brian R. Matthiesen, Britton G. Thrasher
  • Patent number: 9922318
    Abstract: The disclosed embodiments include methods and systems for providing payment token transactions by a mobile device. The mobile device may be operable to obtain a payment token, where the payment token is associated with one or more payment token parameters and the mobile device may be configured to communicate with a financial service provider system over a first network when connectivity to the first network is available to the mobile device. The mobile device may provide the payment token to a contactless payment terminal (CPT) associated with a merchant, during a purchase transaction involving a product provided by the merchant, where the mobile device may communicate the payment token to the CPT over a local network that is different from the first network such that connectivity between the mobile device and the first network is not required.
    Type: Grant
    Filed: January 26, 2015
    Date of Patent: March 20, 2018
    Assignee: Capital One Services, LLC
    Inventors: Lawrence Douglas, Luke A. Hammock
  • Patent number: 9906419
    Abstract: In one embodiment, a method is performed by a computer system comprising physical computer hardware. The method includes discovering a controlling-user network for at least one user. The controlling-user network comprising a plurality of controlling users. The plurality of controlling users each control one or more sites of a content-management system. The method further includes profiling the plurality of controlling users based, at least in part, on information gleaned from sites on the content-management system controlled by the plurality of controlling users. In addition, the method includes exposing the controlling-user network to the at least one controlling user using a result of the profiling.
    Type: Grant
    Filed: February 28, 2014
    Date of Patent: February 27, 2018
    Assignee: Quest Software Inc.
    Inventors: Michel Albert Brisebois, Mikhail Anatolievich Plavskiy
  • Patent number: 9906945
    Abstract: A system that incorporates teachings of the subject disclosure may include, for example, a method for facilitating, at a system including at least one processor, establishment of a communication session with a device coupled to a Universal Integrated Circuit Card (UICC) by way of network equipment of a default Mobile Network Operator (MNO), receiving, at the system, information descriptive of an MNO selection, selecting, at the system, from a database of credentials of a plurality of MNOs first credential information according to the received information, wherein the first credential information is associated with a first MNO of the plurality of MNOs, and transmitting, from the system, the first credential information to the UICC over the communication session by way of the device to cause the UICC to facilitate establishment of communications with network equipment of the first MNO according to the first credential information. Other embodiments are disclosed.
    Type: Grant
    Filed: September 13, 2016
    Date of Patent: February 27, 2018
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: David Midkiff
  • Patent number: 9906955
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving, from a computer system, a request comprising a phone number, identifying a primary channel and one or more secondary channels based on, at least in part, respective performance data of the primary and secondary channels, sending a first message comprising a first text string via the primary channel to a destination device associated with the phone number, after sending the first message, determining that a conversion event for the message and the primary channel did not occur within a specified time period, and based on the determining, sending a second message comprising the first text string via a particular secondary channel to the destination device.
    Type: Grant
    Filed: December 5, 2016
    Date of Patent: February 27, 2018
    Assignee: NEXMO INC.
    Inventors: Thomas Gilles Michel Soulez, Enrico Musuruana, Paul Harry Cook, Eric Nadalin
  • Patent number: 9893901
    Abstract: A method including: receiving, at a conference unit, a command to establish a conference call between the conference unit and another conference unit, the conference unit being connected to at least one access point and the access point being accessible by a terminal; utilizing, by the conference unit, an internet telephony protocol to setup at least one media line between the conference unit and the other conference unit; establishing at least one data channel that transmits LAN traffic between the conference unit and the other conference unit utilizing the internet telephony protocol; establishing, by the conference unit, a connection with the terminal, the terminal being part of a combined local area network; and receiving, at the conference unit, an input from the terminal via the connection to access the combined local area network.
    Type: Grant
    Filed: May 2, 2016
    Date of Patent: February 13, 2018
    Assignee: Cisco Technology, Inc.
    Inventor: Pal-Erik Martinsen
  • Patent number: 9893894
    Abstract: A user equipment (UE) is configured to send a direct communication request to a peer UE, wherein the direct communication request comprises a signature authenticating an identity of the UE. The UE is configured to process a direct communication response from the peer UE to authenticate an identity of the peer UE, wherein the direct communication response comprises a signature authenticating the identity of the peer UE. In response to processing the direct communication response from the peer UE to authenticate the identity of the peer UE, the UE is configured to engage in direct communication with the peer UE.
    Type: Grant
    Filed: September 23, 2015
    Date of Patent: February 13, 2018
    Assignee: INTEL IP CORPORATION
    Inventors: Alexandre S. Stojanovski, Farid Adrangi
  • Patent number: 9882892
    Abstract: The disclosed embodiments provide a system that enables access to a resource. During operation, the system obtains, from a first service, a request for access to the resource on a second service by a user using the first service. Next, the system provides, in a response to the request, an intent token for accessing the resource by the user to the first service. Upon receiving the intent token from an authorized user on the second service, the system enables access to the resource on the second service for the user on the first service.
    Type: Grant
    Filed: June 18, 2014
    Date of Patent: January 30, 2018
    Assignee: INTUIT INC.
    Inventors: Peter Vogel, Vinod K. Nair, Wing Ming Brigitte Chan, Kishore Jonnalagedda
  • Patent number: 9876991
    Abstract: An intermediate server (104) is operable in a distributed key management system (300). The intermediate server comprises one or more processors (205) and an intermediate key material repository (302) to store digital rights management key material. The intermediate server can be operable in the system between a master server (101) and a local server (106), with the local server to deliver content (108) to one or more subscriber devices (109,110). The intermediate server, or optionally a management system (117) can pre-populate the intermediate key material repository with one or key material (1005) corresponding to fragments (1001) of the content prior to the fragments of content being requested by the one or more subscriber devices.
    Type: Grant
    Filed: February 28, 2014
    Date of Patent: January 23, 2018
    Assignee: Concurrent Computer Corporation
    Inventors: David Leon Ray, James Wesley Bell
  • Patent number: 9876800
    Abstract: A method for associating a web event with a member of a group of users is implemented at a first computing device. The method includes: receiving a data access request from a second computing device; determining whether the user has previously provided personal information and authorization to the first computing device through the second computing device; if the user's personal information and authorization are found: generating a record for the data access request; if the user's personal information is found but the user's authorization is not found: generating a record for the data access request; and if neither of the user's personal information and authorization is found: identifying one or more user identifiers that are associated with the second computing device; and returning personal information associated with the one or more user identifiers to the second computing device.
    Type: Grant
    Filed: March 16, 2015
    Date of Patent: January 23, 2018
    Assignee: Google LLC
    Inventor: Simon Michael Rowe
  • Patent number: 9871774
    Abstract: In one embodiment, a system includes a processing circuit and logic integrated with the processing circuit, executable by the processing circuit, or integrated with and executable by the processing circuit. The logic is configured to cause the processing circuit to initiate a password selection session on a source augmented reality or virtual reality device (hereafter the source AR/VR device). The logic is also configured to cause the processing circuit to generate a symmetric password key according to a set of password determination rules. Also, the logic is configured to cause the processing circuit to encrypt data using the symmetric password key prior to sending the encrypted data to a receiver AR/VR device. Moreover, the logic is configured to cause the processing circuit to send the encrypted data from the source AR/VR device to the receiver AR/VR device. The symmetric password key is not exchanged with any other device.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: January 16, 2018
    Assignee: International Business Machines Corporation
    Inventors: Su Liu, John D. Wilson, Yin Xia
  • Patent number: 9870071
    Abstract: An apparatus and a method for managing security of a terminal which increases reliability of an electronic signature. The apparatus includes a controller for detecting coordinate values of input positions of an electronic pen as interruption information when the interruption is received, and a memory for storing the detected input positions as additional electronic signature information.
    Type: Grant
    Filed: February 10, 2014
    Date of Patent: January 16, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Ji-Yoon Park, Jae-Yung Yeo, Seung-Eun Lee, Seong-Min Je
  • Patent number: 9853977
    Abstract: Particular systems, methods, and program products for web-based security systems for user authentication and processing in a distributed computing environment are disclosed. A computing sub-system may receive an electronic processing request and a first signed data packet having a first payload that was hashed and encrypted using a first private key. The first payload may comprise first processing output and a first timestamp. The sub-system may verify the first signed data packet by decrypting it using a first public key. The sub-system may execute computing operations to satisfy the electronic processing request, producing second processing output. The sub-system may configure a data packet with a second payload comprising at least the second processing output and a second timestamp. The sub-system may encrypt the second payload using a second private key producing a second signed data packet. The sub-system may transmit to a second sub-system the second signed data packet.
    Type: Grant
    Filed: January 26, 2016
    Date of Patent: December 26, 2017
    Assignee: WINKLEVOSS IP, LLC
    Inventors: Andrew Laucius, Cem Paya, Eric Winer
  • Patent number: 9847988
    Abstract: A wireless local area network system establishes a PASSPOINT™ connection between a mobile station and a hotspot using an enhanced single SSID method or an enhanced dual SSID method. In the dual SSID method, an access point associates and authenticates a mobile device to a secondary SSID of the access point during enrollment and provisioning. After enrollment, the access point authenticates the mobile station to a primary SSID of the access point using the credential that the mobile station received from an online sign-up (“OSU”) server in connection with the secondary SSID. In the single SSID method, an access point performs two levels of authentication. During authentication, communications are limited to an 802.1x controlled port running on the mobile station and access point. After a first authentication, communications between the OSU server and the mobile station are unblocked. After the second authentication, all traffic from the mobile station is unblocked.
    Type: Grant
    Filed: November 23, 2015
    Date of Patent: December 19, 2017
    Assignee: STMICROELECTRONICS, INC.
    Inventors: Liwen Chu, George A. Vlantis
  • Patent number: 9847667
    Abstract: A method of handling wireless charging authentication for an electronic device of a wireless charging system includes sending a first message to a controller of the wireless charging system to notify the controller that an authentication is required by a wireless charger of the wireless charging system; receiving a second message including authentication information from the controller; and sending a third message including the authentication information to the wireless charger, in order to satisfy the authentication.
    Type: Grant
    Filed: February 11, 2015
    Date of Patent: December 19, 2017
    Assignee: HTC Corporation
    Inventor: Feng-Seng Chu
  • Patent number: 9843592
    Abstract: To prevent legitimate message recipients from forging new messages and to encrypt messages for a specific set of recipients (channel), a root key is encrypted and combined with a base session management key to render a combined root key, which in turn is encrypted with a public key of at least one recipient device to render a session management key. The public key of each of “N” intended recipient device encrypts the combined root key to render “N” session management keys. The session management keys are then combined with the combined root key to render a multicast root key, which is signed with a private key of a sending device. The signed multicast root key is combined with the session management keys to render an encrypted, signed multicast root key that is used to encrypt digital information prior to transmitting the digital information.
    Type: Grant
    Filed: October 14, 2015
    Date of Patent: December 12, 2017
    Assignee: SONY INTERACTIVE ENTERTAINMENT AMERICA LLC
    Inventor: Bryan Cotta
  • Patent number: 9843574
    Abstract: Static and dynamic embodiments are presented for generating chaff passwords for use in a password-hardening system. Chaff passwords are generated by obtaining a source set of passwords comprising at least one valid password for each of a plurality of users; and generating a chaff set of passwords for a given user, wherein the chaff set comprises at least one valid password for the given user and a plurality of chaff passwords for the given user, wherein the plurality of chaff passwords for the given user are obtained from the source set of passwords. Chaff passwords can also be generated by modifying portions of base passwords based on a distribution with which particular strings of digits and symbols appear in user passwords. Location oblivious chaff passwords are generated from a chaff set of passwords obtained from a chaff generation method by applying a random permutation over the elements of the obtained chaff set of passwords.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: December 12, 2017
    Assignee: EMC IP Holding Company LLC
    Inventors: Nikolaos Triandopoulos, Kevin Bowers, Ari Juels, Ronald Rivest, Guoying Luo
  • Patent number: 9843569
    Abstract: A method and apparatus are provided for access credential provisioning. A method may include receiving, at a first mobile apparatus, information about a second mobile apparatus. The first mobile apparatus may be provisioned with network access credential information to be transferred from the first mobile apparatus to the second mobile apparatus. The method may further include causing the information about the second mobile apparatus to be provided to a provisioning apparatus for the network. The method may additionally include receiving authorization form the provisioning apparatus to transfer the network access credential information from the first mobile apparatus to the second mobile apparatus. The method may also include, in response to receipt of the authorization, causing the network access credential information to be provided to the second mobile apparatus. A corresponding apparatus is also provided.
    Type: Grant
    Filed: July 30, 2015
    Date of Patent: December 12, 2017
    Assignee: Nokia Technologies Oy
    Inventors: Silke Holtmanns, André Dolenc
  • Patent number: 9838392
    Abstract: An approach is provided for proxy-based access controls. A proxy platform causes, at least in part, designation of at least one monitoring client of a proxy server. The proxy platform receives an input for associating one or more accessing clients with the at least one monitoring client. The at least one monitoring client manages access to one or more resources of the proxy server by the one or more accessing clients.
    Type: Grant
    Filed: March 24, 2011
    Date of Patent: December 5, 2017
    Assignee: Nokia Technologies Oy
    Inventors: Miikka Johannes Sainio, Atte Lahtiranta
  • Patent number: 9838366
    Abstract: A system for auditing authorized key files associated with secure shell (SSH) servers is disclosed. In an example, the system may include a purpose-built SSH audit server. The SSH audit server may be configured to receive an authorized key file and a list of users. The SSH audit sever may generate and provide unique registration codes for each of the users in the list. The SSH audit server may associate particular users with particular public keys as each of the users accesses the SSH audit server using a public key and inputs a registration code.
    Type: Grant
    Filed: January 22, 2015
    Date of Patent: December 5, 2017
    Assignee: QUEST SOFTWARE INC.
    Inventor: Matthew Todd Peterson
  • Patent number: 9824206
    Abstract: In one embodiment, a method includes initiating a password selection session on a source augmented reality or virtual reality device (hereafter the source AR/VR device). The method also includes tracking an eye gaze of a source user using the source AR/VR device. In addition, the method includes determining gazed content from the eye gaze of the source user using a password key phrase determination feature. Additionally, the method includes generating a symmetric password key utilizing the gazed content according to a set of password determination rules. Moreover, the method includes performing an operation using the source AR/VR device, the operation being secured by the symmetric password key. The symmetric password key is not exchanged with any other device.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: November 21, 2017
    Assignee: International Business Machines Corporation
    Inventors: Su Liu, John D. Wilson, Yin Xia
  • Patent number: 9826571
    Abstract: Embodiments of the present disclosure provide for configuring and managing mesh nodes during occasional failure of mesh nodes or addition of new mesh nodes. The disclosed system first determines whether a mesh node is a mesh portal or a mesh point. If it is a mesh portal, the mesh node will advertise its capacity as a mesh portal to other mesh nodes in the network. If it is a mesh point, the mesh node attempts to automatically recover connection to the wireless mesh network if it identifies a unique wireless network based on its associated network identifier. If more than one network identifiers are discovered, the mesh node delays establishing connection to the wireless mesh network until a selection is received.
    Type: Grant
    Filed: June 30, 2011
    Date of Patent: November 21, 2017
    Assignee: ARUBA NETWORKS, INC.
    Inventors: Pradeep Iyer, Santashil Palchaudhuri, Shravan Kumar Mettu
  • Patent number: 9811581
    Abstract: Provided are techniques for cyclic based data partitioning policy with automatic physical schema management. A data partitioning policy for data is received, wherein the data partitioning policy identifies a condition for automatically implementing the data partitioning policy and criteria for modifying a set of partitions. In response to the condition occurring, the data partitioning policy is automatically applied to select at least one partition from the set of partitions based on the criteria. An operation is performed on the at least one partition to modify the set of partitions.
    Type: Grant
    Filed: June 13, 2014
    Date of Patent: November 7, 2017
    Assignee: International Business Machines Corporation
    Inventors: Lynette D. Adayilamuriyil, Marco Greco, John F. Miller, III, Raghupathi K. Murthy, Sitaram Vemulapalli
  • Patent number: 9811580
    Abstract: Provided are techniques for cyclic based data partitioning policy with automatic physical schema management. A data partitioning policy for data is received, wherein the data partitioning policy identifies a condition for automatically implementing the data partitioning policy and criteria for modifying a set of partitions. In response to the condition occurring, the data partitioning policy is automatically applied to select at least one partition from the set of partitions based on the criteria. An operation is performed on the at least one partition to modify the set of partitions.
    Type: Grant
    Filed: October 10, 2013
    Date of Patent: November 7, 2017
    Assignee: International Business Machines Corporation
    Inventors: Lynette D. Adayilamuriyil, Marco Greco, John F. Miller, III, Raghupathi K. Murthy, Sitaram Vemulapalli
  • Patent number: 9811655
    Abstract: Embodiments of the present application relate to a method and system for managing user accounts. The method includes receiving a registration request from a current user, wherein the registration request comprises a login name main part, determining, in a database, whether a conflicting old user exists, wherein a conflicting old user corresponds to another user that has a conflicting login name main part that is the same as the login name main part received in connection with the registration request, in the event that a conflicting old user exists, executing a login password differentiation process that requires a user to register a different login password that is different from a login password associated with the conflicting old user, and storing the different login password to the database in connection with a registration of the current user.
    Type: Grant
    Filed: May 4, 2015
    Date of Patent: November 7, 2017
    Assignee: Alibaba Group Holding Limited
    Inventors: Jianbo Qian, Xingjun Ni, Feng Yu
  • Patent number: 9807087
    Abstract: A system and method for using a single-use password to add SSO functionality to a service of a Service Provider belonging to an F-SSO federation that does not support F-SSO functionality for the service. In response to receiving notification from an Identity Provider that a user has requested access to the service, the Service Provider uses information provided by the Identity Provider to identify and authenticate the user, and then uses standard API calls to create and send a temporary password to the user. This password may be created as a function of the user's physical location or IP address and may be communicated out-of-band. Upon determining that the user has correctly returned the temporary password to the Service Provider, the Service Provider generates and sends the user a strong single-use password through a secure in-band communication, through which the user may access the service.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: October 31, 2017
    Assignee: International Business Machines Corporation
    Inventors: Heather M. Hinton, Kelly Malone
  • Patent number: 9807570
    Abstract: A remote keyless system for a vehicle includes a plurality of slave transmitter modules arranged in a plurality of locations in the vehicle. A master transceiver module is configured to pair with a wireless device; wirelessly transmit data to and receive data from the wireless device; transmit first wired messages to the plurality of slave transmitter modules to send first wireless messages to the wireless device; receive a plurality of second wireless messages directly from the wireless device, wherein the second wireless messages comprise data including received signal strength indicators (RSSIs) corresponding to each of the plurality of slave transmitter modules, respectively; and determine a location of the wireless device relative to the vehicle based on the RSSIs in the plurality of second wireless messages.
    Type: Grant
    Filed: June 23, 2016
    Date of Patent: October 31, 2017
    Assignee: GM GLOBAL TECHNOLOGY OPERATIONS LLC
    Inventors: Marcelo V. Lazarini, Roddi L. Macinnes
  • Patent number: 9807080
    Abstract: An approach is provided for providing authentication session sharing between browsers and run time environments in network communication. An interface receives an authentication context associated with a first service. The interface causes, at least in part, storage of the authentication context in a first cache associated with the interface. The interface causes, at least in part, population of the authentication context to a second cache associated with a second service. The second cache is not directly linked to the interface. The authentication context in the second cache authenticates access to the second service.
    Type: Grant
    Filed: April 5, 2016
    Date of Patent: October 31, 2017
    Assignee: Nokia Technologies Oy
    Inventors: Jari Otranen, Anssi Karhinen
  • Patent number: 9805202
    Abstract: In an assessment or audit of a computer system, an auditing subsystem will parse software development kit (“SDK”) interfaces and obtain customer usage, configuration and security information by applying requests for information to the application programming interfaces provided by the SDK interfaces.
    Type: Grant
    Filed: November 13, 2014
    Date of Patent: October 31, 2017
    Assignee: EVIDENT.IO, INC.
    Inventors: Claire Medeiros, Justin Lundy
  • Patent number: 9800569
    Abstract: During a data protection operation, a system exploits a virtual hierarchy to centralize the configuration and management of operating system credentials of numerous virtual guests. For each virtual guest, the system uses the credential to collect a single Globally Unique Identifier (GUID) previously generated and stored in-guest by any data protection agent. The system stores the collected GUID as a custom property in the context of the virtual hierarchy. The system also exploits the virtual hierarchy custom properties to determine if GUIDs are copies due to virtual guest replication. The system ensures GUID uniqueness by requesting regeneration of the GUID by in-guest data protection agents. Using GUIDs that are unique across the virtual hierarchy, the system can correlate application data of multiple in-guest data protection agents.
    Type: Grant
    Filed: June 5, 2014
    Date of Patent: October 24, 2017
    Assignee: International Business Machines Corporation
    Inventors: Robert C. Edwards, Jr., Avishai H. Hochberg, Jawed Iqbal, Tai W. Nam, Joanne T. Nguyen, Neil G. Rasmussen, James P. Smith, Peter B. Symonds, Jean X. Yu
  • Patent number: 9794362
    Abstract: Disclosed is a portal push method, which comprises: a broadband remote access server (BRAS) equipment acquiring a website identification list, after the BRAS equipment receives a hypertext transport protocol (HTTP) request message sent by a user terminal. The BRAS equipment determines whether to send portal pages to the user terminal according to whether the identification of a target website visited by the user client has a matched item in the list. The embodiments of the present disclosure further provide a corresponding BRAS equipment. The technical solutions of the embodiments of the present disclosure can reduce push times of invalid portals and improve portal push success rate.
    Type: Grant
    Filed: March 24, 2015
    Date of Patent: October 17, 2017
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Junli Hu, Lili Wang, Chi Zhang
  • Patent number: 9794253
    Abstract: A method provides device access security via use of periodically changing Quick Response (QR) codes. The method includes: generating (706) a first authentication QR code and assigning (708) the generated QR code as the current authentication mechanism for accessing the device. Contemporaneously with the generation of the QR code, at least one QR code validity parameter is established (710) to define when access to the device can be provided to a second device that provides the correct authentication QR code along with the access request. The method includes, in response to a pre-defined trigger (712) of the QR code validity parameter: generating (704) a new authentication QR code, different from a previously generated authentication QR code; assigning (708) the new authentication QR code as the current authentication mechanism for accessing the device; and enabling access to the first device to only second devices that provide the current authentication QR code.
    Type: Grant
    Filed: May 14, 2015
    Date of Patent: October 17, 2017
    Assignee: GOOGLE INC.
    Inventors: Shyam Narayan, Naveen Aerrabotu, Rohit R. Sinha
  • Patent number: 9788205
    Abstract: As individuals increasingly engage in different types of transactions they face a growing threat from, possibly among other things, identity theft, financial fraud, information misuse, etc. and the serious consequences or repercussions of same. Leveraging the ubiquitous nature of wireless devices and the popularity of (Short Message Service, Multimedia Message Service, etc.) messaging, an infrastructure that enhances the security of the different types of transactions within which a wireless device user may participate through a Second Factor Authentication facility. The infrastructure may optionally leverage the capabilities of a centrally-located Messaging Inter-Carrier Vendor.
    Type: Grant
    Filed: March 24, 2016
    Date of Patent: October 10, 2017
    Assignee: SYBASE, INC.
    Inventors: Dilip Sarmah, Kyle Warner Erickson, Rajat Mounendrababu Gadagkar
  • Patent number: 9779232
    Abstract: A user equipment. The user equipment comprises a processor, a memory, a trusted security zone, wherein the trusted security zone provides hardware assisted trust, a ticket generator stored in the trusted security zone to generate a plurality of access codes, and a code generator stored in the trusted security zone. The code generator generates a different one-time-password for each of the plurality of access codes, wherein the one-time-password is not displayed on the user equipment, stores the one-time-password in the trusted security zone, and transmits the one-time-password to a trusted server through a trusted channel. Responsive to an associated access code from the plurality of access codes being displayed and upon request of a user of the user equipment, the code generator displays the one-time-password and invalidates the one-time-password promptly after the display ends.
    Type: Grant
    Filed: January 14, 2015
    Date of Patent: October 3, 2017
    Assignee: Sprint Communications Company L.P.
    Inventors: Lyle W. Paczkowski, William M. Parsel, Carl J. Persson, Matthew C. Schlesener
  • Patent number: 9775044
    Abstract: Systems, devices and methods are directed toward authenticating users to provide access to the users. A portable communication device, suitable for use in authenticating a user, includes a memory including a reference biometric for a user, a biometric reader, and a processor coupled to the memory and biometric reader. The processor is configured to, among other operations, compare a biometric of the user, as captured at the biometric reader, to the reference biometric stored in the memory. When the captured biometric matches the reference biometric, the processor is configured to authenticate the user and transmit an authentication signal to thereby provide access to the user. In various aspects, the authentication signal includes an identifier associated with the user, whereby other devices are able to recognize the user and authenticate the user based on the authentication signal, generally, without the user being separately authenticated at the other devices.
    Type: Grant
    Filed: July 8, 2016
    Date of Patent: September 26, 2017
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventor: Arvind Jangi
  • Patent number: 9763022
    Abstract: A system and method is disclosed for converting smart cell phone applications to applications that operate on basic cell phones. The invention has a classifying process that classifies one or more functions of a cell phone application into those functions capable being performing by a basic cell phone and those functions, missing functions, that can not be performed by a basic cell phone. Substitute functions for the missing functions are developed. An emulator monitors the execution of the cell phone application and provides the substitute cell phone functions at points in the execution where a missing function is to be executed. Therefore, the smart phone application is converted into a basic phone application that can be executed by the basic cell phones with reduced functionality. The invention can run on a smart phone or a server. The invention can also be provided as a server based service for basic cell phone users.
    Type: Grant
    Filed: October 13, 2014
    Date of Patent: September 12, 2017
    Assignee: International Business Machines Corporation
    Inventors: Eric Mibuari, Osamuyimen Stewart, Aisha Walcott-Bryant
  • Patent number: 9760722
    Abstract: A method of addressing an unauthorized disclosure of sensitive information at an imaging device, including receiving an indication of the unauthorized disclosure of sensitive information; receiving or generating preliminary information about the unauthorized disclosure; and transmitting the indication and the preliminary information to a remote location to initiate an investigation on the unauthorized disclosure. After receiving the indication, the method includes entering a reduced function mode by the imaging device; receiving a clearance key when in the reduced function mode; and after receiving the clearance key, exiting the reduced function mode and entering a normal mode of operation.
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: September 12, 2017
    Assignee: KOFAX INTERNATIONAL SWITZERLAND SARL
    Inventor: Kevin James Albrecht
  • Patent number: 9760704
    Abstract: An electronic device includes multiple applications that can access a smart card or other security apparatus. A first application that is to use the security apparatus prompts a user for a security string such as a PIN or password. Upon receipt of the PIN or password, the first application unlocks the security apparatus for use. Additionally, the first application receives a token from a security service that interfaces with the security apparatus. The token can be shared by the first application with other applications. For example, the first application can share the token with other trusted applications. The other applications that receive the token can refrain from issuing a prompt for a security string and receiving a response from the user. The token can be used instead of the security string to obtain access to the security apparatus.
    Type: Grant
    Filed: May 23, 2014
    Date of Patent: September 12, 2017
    Assignee: BlackBerry Limited
    Inventor: Alexander Sherkin
  • Patent number: 9749300
    Abstract: Example embodiments of the present invention relate to a method and a system for immediate recovery of virtual machines encrypted in the cloud. The method includes retrieving at least a portion of data from an off-premise replica site configured to store an encrypted first data part of an I/O as data at the off-premise replica site according to a second metadata part of the I/O. The first data part of the at least the portion of the data then may be decrypted at the on-premise recovery site according to a private key not available to the replica site and stored at the on-premise recovery site in a cache at the recovery site.
    Type: Grant
    Filed: March 30, 2015
    Date of Patent: August 29, 2017
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Yonatan Cale, Assaf Natanzon