Management Patents (Class 726/6)
  • Patent number: 10284550
    Abstract: The present invention relates to a method and an apparatus for employing an embedded subscriber identity module (hereinafter referred to as eSIM) to apply a policy such as a subsidy policy to, activate, deactivate, add to, update, and delete a user profile in a mobile communications network. The present invention enables a mobile device to determine whether to host the policy of a new service provider when it changes the present service provider or to perform a lock for prohibiting the policy change, and to change the profile related to the determination. The present invention also enables a mobile device to replace the policy related to the service provider by applying the policy, or to employ eSIM so as to activate, deactivate, revise, add, or delete the rules of the policy related to the service provider.
    Type: Grant
    Filed: April 15, 2014
    Date of Patent: May 7, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Kyungjoo Suh
  • Patent number: 10285043
    Abstract: An electronic device is provided. The electronic device includes at least one processor and an embedded universal integrated circuit card (eUICC) configured to be electrically connected with the at least one processor. The at least one processor is configured to implement a management module configured to manage a profile stored in the eUICC. The management module is configured to, when there is an enabled profile in the eUICC, perform a communication function based on the enabled profile and, when there is no the enabled profile in the eUICC, disable at least one of a periodic eUICC verification function and a network search function.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: May 7, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Sung Oh Kim, Jeong Don Kang, Sang Soo Lee, Sang Hwi Lee
  • Patent number: 10270768
    Abstract: A communication system includes a first communication device that determines, using identification information on a frame, whether to receive the frame, and a second communication device that belongs to a network identical to the first communication device. A report frame includes a detection of an attack on the network and target identification information that is identification information included in a frame used to perform the attack. When the first communication device receives a report frame from the second communication device, the first communication device sets the frame including the target identification information to be an authentication processing target. Upon transmitting a transmission frame set to be the authentication processing target, the first communication device transmits authentication information generated from the transmission frame along with the transmission frame.
    Type: Grant
    Filed: January 11, 2017
    Date of Patent: April 23, 2019
    Assignee: FUJITSU LIMITED
    Inventors: Jun Yajima, Takayuki Hasebe, Naoya Torii, Tsutomu Matsumoto
  • Patent number: 10270748
    Abstract: A system, apparatus, method, and machine readable medium are described for performing advanced authentication techniques and associated applications. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.
    Type: Grant
    Filed: March 18, 2014
    Date of Patent: April 23, 2019
    Assignee: Nok Nok Labs, Inc.
    Inventors: Marc Briceno, Brendon Wilson, Ramesh Kesanupalli, Davit Baghdasaryan, Rajiv Dholakia, William J. Blanke, Rolf Lindemann, Igor Polivanyi, Avinash Umap
  • Patent number: 10263994
    Abstract: Systems and methods are described for delegating permissions to enable account access to entities not directly associated with the account. The systems determine a delegation profile associated with a secured account of at least one customer. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.
    Type: Grant
    Filed: August 3, 2015
    Date of Patent: April 16, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory B Roth, Bradley Jeffery Behm
  • Patent number: 10257051
    Abstract: Method and device for managing cloud computing resources with an external account, the resources being associated with one or more internal main accounts. The method includes verifying an identity of the external account via a server, determining, if the identity of the external account is verified, whether a virtual sub-account is bound to the external account, the virtual sub-account being subordinate to an internal main account of the one or more internal main accounts, and allowing, if it is determined that the virtual sub-account is bound to the external account, the external account to manage the resources associated with the internal main account based on pre-configured rights of the virtual sub-account.
    Type: Grant
    Filed: August 2, 2016
    Date of Patent: April 9, 2019
    Assignee: ALIBABA GROUP HOLDING LIMITED
    Inventors: Boyang Liu, Jun Li
  • Patent number: 10248784
    Abstract: Examples of techniques for sequential object set passwords are disclosed. In one example implementation according to aspects of the present disclosure, a computer-implemented method may include receiving, at a user device, a first object set; transmitting, to a processing device, a first rearranged object set that represents the first object set rearranged into a first sequential order by the user; and responsive to the first rearranged object set matching a first known sequential object set, receiving, at the user device, a second object set.
    Type: Grant
    Filed: December 1, 2016
    Date of Patent: April 2, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Mark E. Maresh, Colm Nolan, Juan F. Vargas, Michael J. Whitney
  • Patent number: 10243935
    Abstract: An apparatus for user authentication based on tracked activity includes an activity tracker module, a challenge module, and an authentication module. The activity tracker module is configured to electronically track one or more activities of a user. Electronically tracking the one or more activities includes obtaining information about at least one activity from an electronic device of the user. The challenge module is configured to present an authentication challenge to the user via a user interface for the electronic device. The authentication challenge is based on the one or more electronically tracked activities for the user. The authentication module is configured to determine whether to authenticate the user for access to one or more resources via the electronic device, based on the user's response to the authentication challenge.
    Type: Grant
    Filed: April 28, 2016
    Date of Patent: March 26, 2019
    Inventors: John M. Weber, Gary D. Cudak, Shareef F. Alshinnawi, Joseph F. Herman
  • Patent number: 10243656
    Abstract: A digital credential is generated for a user device. The digital credential is transmitted to the user device via an optical wireless communication access point (OWC AP). The user device is located in a coverage area of the OWC AP. The digital credential is provided to a wireless local area network (WLAN AP) associated with the OWC AP for authentication of a request from the user device to access the WLAN.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: March 26, 2019
    Assignee: International Business Machines Corporation
    Inventors: Zi Lian Ji, Tao Jiang, Xian Dong Meng, George J. Romano, Zhi Qiang Wei
  • Patent number: 10242362
    Abstract: Systems and methods permit secure and convenient provisional account creation for use in conducting payment transactions. The provisional account does not include sensitive data, thereby mitigating risk to a consumer's financial account if the provisional account were compromised. In one embodiment, a computing device associated with a financial service provider receives customer and customer device information. The provider computing device performs a verification analysis and a fingerprint analysis to authenticate the customer's identity and the customer device authenticity. The provider device also receives an access request message seeking authorization for an identity management service (“IdM”) to interface with the provider device. The provider device generates an access decision message indicating an approval or disapproval of an authorization request.
    Type: Grant
    Filed: October 23, 2015
    Date of Patent: March 26, 2019
    Assignee: Bank of the Ozarks
    Inventors: Trevor Burgess, Marcio deOliveira
  • Patent number: 10243945
    Abstract: Managed identity federation provides numerous options for authentication to access one or more services. A user authenticates with an identity verification provider and provides proof of authentication to a service of a service provider. The service of the service provider is configured to verify the user's identity using a centrally managed identity provider configuration. This configuration is distributed without intervention of the service's administrators. This centrally-managed configuration allows a variety of enterprise and third-party services to utilize the service provider's billing, security, and other administrative services.
    Type: Grant
    Filed: October 28, 2013
    Date of Patent: March 26, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: William Frederick Kruse, Bradley Jeffery Behm
  • Patent number: 10235110
    Abstract: An information processing apparatus includes processors and memories to store a plurality of instructions which cause the processors to store, in the memories, usage authority information associating, for each of users, user information identifying the user with authority information. The authority information associates, for each of image forming apparatuses, device information identifying the image forming apparatus with function information indicating function of the image forming apparatus allowed to be executed or restricted from being executed.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: March 19, 2019
    Assignee: Ricoh Company, Ltd.
    Inventor: Satoshi Sakemi
  • Patent number: 10237080
    Abstract: A first device may obtain a session time record that includes information relating to a secure session. The session time record may include a content identifier and a device identifier that is associated with a second device. The content identifier may be associated with content to be provided via a secure session and via the second device. The content may be associated with a sponsored data campaign. The first device may obtain, from the second device, data usage information identifying an amount of data provided via the second device and in association with the secure session. The first device may determine information identifying a party responsible for the amount of data provided in association with the secure session based on the session time record and based on the data usage information. The first device may store or provide the information identifying the party responsible for the amount of data.
    Type: Grant
    Filed: December 8, 2015
    Date of Patent: March 19, 2019
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Shuai Wu, Fengping Zhang, Susan Kelly, Hector Saint-Hilaire, Dahai Ren
  • Patent number: 10237713
    Abstract: A system for facilitating personal information exchange includes a first computer peripheral device comprising a first near field communication system. A second computer peripheral device includes a second near field communication system. The first near field communication system is communicatively coupled to the second near field communication system. A web server is communicatively coupled to the first computer peripheral device and the second computer peripheral device. The web server is configured to receive personal information from the first computer peripheral device and the second computer peripheral device into a database. The near field communication between the first computer peripheral device and the second computer peripheral device results in sharing the information in the database.
    Type: Grant
    Filed: October 25, 2017
    Date of Patent: March 19, 2019
    Inventor: David Lifschultz
  • Patent number: 10230763
    Abstract: Methods and systems are provided for implementing application layer security. According to one embodiment, security rules applicable to end users of a private IP network and particular resources accessible within the network are maintained by a network appliance. A packet originated within the network is received by the network appliance. An application type associated with the packet is determined based on layer 7 information within the packet. Layer 7 information fields are extracted from the packet that are indicative of an identity of an end user associated with the packet. An SSO process is performed including receiving and authenticating credentials of the end user on behalf of multiple resources within the network based on the identity of the end user. One or more security rules are identified and applied to the packet based on the identity of the end user and the determined application type.
    Type: Grant
    Filed: March 16, 2016
    Date of Patent: March 12, 2019
    Assignee: Fortinet, Inc.
    Inventors: Michael Xie, Wei David Wang, Ihab Khalil
  • Patent number: 10230728
    Abstract: An environment manager in a computer executes multiple environments concurrently. A user management framework (UMF) virtual machine on the computer runs an authentication domain that supports user profile management of the multiple environments.
    Type: Grant
    Filed: November 6, 2015
    Date of Patent: March 12, 2019
    Assignee: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.
    Inventors: Jose Paulo Pires, Valiuddin Y. Ali, Boris Balacheff, James M. Mann, Eduardo Moschetta
  • Patent number: 10219145
    Abstract: A system that incorporates teachings of the subject disclosure may include, for example, a method for facilitating, at a system including at least one processor, establishment of a communication session with a device coupled to a Universal Integrated Circuit Card (UICC) by way of network equipment of a default Mobile Network Operator (MNO), receiving, at the system, information descriptive of an MNO selection, selecting, at the system, from a database of credentials of a plurality of MNOs first credential information according to the received information, wherein the first credential information is associated with a first MNO of the plurality of MNOs, and transmitting, from the system, the first credential information to the UICC over the communication session by way of the device to cause the UICC to facilitate establishment of communications with network equipment of the first MNO according to the first credential information. Other embodiments are disclosed.
    Type: Grant
    Filed: January 12, 2018
    Date of Patent: February 26, 2019
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: David Midkiff
  • Patent number: 10217126
    Abstract: A system for providing access to a distributed marketing platform is disclosed. In particular, the system may be utilized to allow a local marketer to access marketing resources for one or more brands through the use of a sub-account. The system may generate the sub-account for the local marketer, which may be utilized by the local marketer to access a master account associated with a particular brand that the local marketer desires to connect with. Access to the master account and its resources may be granted to the sub-account if the local marketer submits valid key and account information to an online portal associated with the master account. Additionally, the sub-account may be allowed to connect to other master accounts associated with other brands by using the online portal and without violating master account agreements of direct-solicitation and cross-promotion of the master accounts to the sub-account.
    Type: Grant
    Filed: June 7, 2013
    Date of Patent: February 26, 2019
    Assignee: SproutLoud Media Networks, LLC
    Inventors: Anjan Upadhya, Jared Shusterman
  • Patent number: 10210443
    Abstract: An information processing apparatus operated by a user carrying an authentication device, includes: an operation panel accepting an operation performed by the user; and an apparatus hardware processor controlling the operation panel. The apparatus hardware processor performs a matching process of determining whether or not operation history information which is time series data of a sequence of operations performed by the user and accepted by the operation panel, and operation information about an operation of the operation panel performed by the user authenticated as a user permitted to use the information processing apparatus and acquired from the authentication device carried by the user, are related to operation of the same operation panel. If it is determined by the matching process that the operation history information and the operation information, match as information about operation of the same operation panel, the apparatus hardware processor performs an operation acceptance process.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: February 19, 2019
    Assignee: KONICA MINOLTA, INC.
    Inventor: Keishi Sakuma
  • Patent number: 10200355
    Abstract: Systems and methods are provided for authenticating a user. The systems and methods include receiving a request to generate a user profile from a device of a user. The systems and methods may determine first information associated with a first entity from the request, and may also determine second information associated with a second entity distinct from the first entity from the request. The systems and methods may access, using system credentials not associated with the user, multiple distinct data sources in a specified order to retrieve additional information. Accessing these multiple distinct data sources may include retrieving a first item of the additional information using the first information, and retrieving a second item of the additional information using the second information. The systems and methods may authenticate the user based on the additional information, and may generate a user profile based in part on the additional information.
    Type: Grant
    Filed: January 27, 2017
    Date of Patent: February 5, 2019
    Assignee: Insurify, Inc.
    Inventors: Todor V. Kiryazov, Steven G. Moseley, Snezhina Zacharia
  • Patent number: 10200349
    Abstract: In one embodiment, a computer program product includes a computer readable storage medium having program instructions embodied therewith. The embodied program instructions, in response to being executed by a processing circuit, cause the processing circuit to receive an eye gaze of a source user generated by a source augmented reality or virtual reality device (source AR/VR device) on a receiver AR/VR device and determine gazed content from the eye gaze of the source user using a password key phrase determination feature. The embodied program instructions also cause the processing circuit to generate a symmetric password key utilizing the gazed content according to a set of password determination rules and receive encrypted data from the source AR/VR device on the receiver AR/VR device. Additionally, the embodied program instructions cause the processing circuit to decrypt the encrypted data using the symmetric password on the receiver AR/VR device.
    Type: Grant
    Filed: October 16, 2017
    Date of Patent: February 5, 2019
    Assignee: International Business Machines Corporation
    Inventors: Su Liu, John D. Wilson, Yin Xia
  • Patent number: 10193701
    Abstract: Provided is an information processing apparatus including a physical unclonable function (PUF) to generate a unique key using a process variation in a semiconductor manufacturing process, and an encryption unit to encrypt a password and/or bio-information received from a user using the unique key.
    Type: Grant
    Filed: June 27, 2017
    Date of Patent: January 29, 2019
    Assignee: ICTK Holdings Co., Ltd.
    Inventors: Dong Kyue Kim, Byong Deok Choi, Dong Hyun Kim, Kwang Hyun Jee
  • Patent number: 10193874
    Abstract: Provided is a communication system in which a terminal communicates with a server via a portable communication network used for communication between smartphones. The smart phone includes first pre-shared key and encryption keys, the terminal includes a second pre-shared key, the server includes the encryption keys same as the encryption keys included in the smartphone, authentication between the terminal and the smartphone is performed by using the first pre-shared key and the second pre-shared key, and the terminal and the server perform communication via the smartphone by performing key synchronization of the encryption keys while setting a hash value of the encryption keys as an ID.
    Type: Grant
    Filed: November 9, 2016
    Date of Patent: January 29, 2019
    Assignee: NATIONAL INSTITUTE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY
    Inventors: Mikio Fujiwara, Masahide Sasaki
  • Patent number: 10181024
    Abstract: The present disclosure discloses a method, a device, and a system for updating authenticating information in the field of Internet technologies. The method comprises: receiving a service processing request containing user information and service object information; extracting according to the user information, first authentication information associated with the service object information from prestored authentication information; authenticating the first authentication information; displaying an information update interface when the first authentication information fails to be authenticated; obtaining second authentication information from the information update interface; replacing the first authentication information with the second authentication information; authenticating the second authentication information; and processing the service processing request if the second authentication information is authenticated.
    Type: Grant
    Filed: May 3, 2016
    Date of Patent: January 15, 2019
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Wenpeng Zhang, Chen Gong, Wenjing Zhang, Yiyong Yang, Jiawei Jiang, Guoguo Liu, Yaqin Guo, Yinbo Song, Mingheng Zhong, Shaobo Liao, Yawei Du, Leilei Li, Lin Huang, Zhiyong Lan, Fumin Zhou, Huashan Li
  • Patent number: 10171479
    Abstract: To prevent legitimate message recipients from forging new messages and to encrypt messages for a specific set of recipients (channel), a root key is encrypted and combined with a base session management key to render a combined root key, which in turn is encrypted with a public key of at least one recipient device to render a session management key. The public key of each of “N” intended recipient device encrypts the combined root key to render “N” session management keys. The session management keys are then combined with the combined root key to render a multicast root key, which is signed with a private key of a sending device. The signed multicast root key is combined with the session management keys to render an encrypted, signed multicast root key that is used to encrypt digital information prior to transmitting the digital information.
    Type: Grant
    Filed: December 12, 2017
    Date of Patent: January 1, 2019
    Assignee: SONY INTERACTIVE ENTERTAINMENT AMERICA LLC
    Inventor: Bryan Cotta
  • Patent number: 10171852
    Abstract: The present invention presents a method for transmitting a broadcast signal. According to the present invention, the method for transmitting a broadcast signal presents a system capable of supporting a next-generation broadcast service in an environment supporting a next-generation hybrid broadcast using a terrestrial broadcast network and an Internet network. In addition, presented is an efficient signaling method capable of covering both a terrestrial broadcast network and an Internet network in an environment supporting a next-generation hybrid broadcast.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: January 1, 2019
    Assignee: LG ELECTRONICS INC.
    Inventors: Seungryul Yang, Minsung Kwak, Woosuk Ko, Sungryong Hong, Woosuk Kwon, Kyoungsoo Moon, Jangwon Lee
  • Patent number: 10171508
    Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.
    Type: Grant
    Filed: September 27, 2016
    Date of Patent: January 1, 2019
    Assignee: SSH Communications Security OYJ
    Inventor: Tatu J. Ylonen
  • Patent number: 10164976
    Abstract: Disclosed is a method of substituting for authentication of subscriber terminals of a mobile communication network for a third party site in a radio mobile communication system, the method including: obtaining traffic information for each subscriber terminal from the mobile communication network to which the subscriber terminals connect; receiving an authentication request for a first subscriber terminal from the third party site that has received a service request of the first subscriber terminal from the mobile communication network; and authenticating, if an IP address of the first subscriber terminal is one of IP addresses of the subscriber terminals contained in the traffic information, the first subscriber terminal using traffic information of the first subscriber terminal, and providing an authentication result to the third party site.
    Type: Grant
    Filed: December 28, 2012
    Date of Patent: December 25, 2018
    Assignee: Samsung Eelctronics Co., Ltd.
    Inventors: Su-Jin Bae, Young-Ki Jeon
  • Patent number: 10165000
    Abstract: Systems and methods for malware attack prevention are provided. The malware attack prevention system features a heuristic module, an analysis environment and an interception module. The heuristic module is configured to (i) receive incoming data from a particular source over a first communication path and (ii) analyze the incoming data to determine whether the incoming data is suspicious, where the suspicious incoming data represents a prescribed likelihood that the incoming data is associated with a malware attack. The analysis environment is configured to analyze the suspicious incoming data to identify whether the suspicious incoming data is associated with a malware attack. Lastly, the interception module is configured to redirect a subsequent flow of data from the particular source to the malware attack prevention system in response to determining, by at least the heuristic module, that the incoming data is suspicious.
    Type: Grant
    Filed: November 24, 2014
    Date of Patent: December 25, 2018
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Wei-Lung Lai, Jayaraman Manni
  • Patent number: 10164954
    Abstract: The present invention relates to a method to manage a One Time Password key, referenced OTP key, used in an OTP algorithm in a user device having access to an unsafe storage including the steps of retrieving a Personal Identification Number, named PIN, of a user of the user device, deriving a symmetric key from the PIN, encrypting the OTP key using the derived symmetric key, storing the encrypted OTP key in the unsafe storage, decrypting the OTP key using the derived symmetric key, and generating a next OTP key using an incremental parameter, wherein the start value of the incremental parameter of the OTP key generation is random.
    Type: Grant
    Filed: March 25, 2015
    Date of Patent: December 25, 2018
    Assignee: GEMALTO SA
    Inventors: Martin Lansler, Sébastien Petit, Guillaume Pierquin
  • Patent number: 10154026
    Abstract: Methods, systems, and computer program products are provided that enable secure remote modification of device credentials using device-generated credentials. A plurality of credentials policies is stored by the user device. The credentials policies are merged to generate a merged credentials policy. An instruction is received by the user device from a trusted service to initiate a device credentials change. A new device credentials is generated on the user device based at least on the merged credentials policy.
    Type: Grant
    Filed: January 22, 2014
    Date of Patent: December 11, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Justin Alexander Hou, Christopher William Thilgen, Vladimir Holostov, Roy Williams
  • Patent number: 10146931
    Abstract: A computer system includes a management computer for automatically changing a password used to authenticate a user to a service application. A user device includes a password vault managed by a password management application. The management computer monitors for an event signifying that the password is to be changed, e.g., a predetermined number of uses, etc. A new password is assigned, and a first message is generated and sent to the service application including the new password and an indication that it is to be used for subsequent user authentication. A second message is also generated and sent to the password management application, also including the new password and an indication that it replaces a current password in the vault for user authentication. The new password is automatically used by both the service application and the user device during subsequent authentications until expiration.
    Type: Grant
    Filed: March 13, 2015
    Date of Patent: December 4, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Boris Kronrod, Lawrence N. Friedman
  • Patent number: 10146957
    Abstract: Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.
    Type: Grant
    Filed: December 11, 2017
    Date of Patent: December 4, 2018
    Assignee: Verisk Crime Analytics, Inc.
    Inventors: David A. Duhaime, Brad J. Duhaime
  • Patent number: 10142344
    Abstract: System, method and media for managing user credentials by securely caching credentials to access shared, secure resources for subsequent reuse. When a user accesses a shared, secure resource for the first time, the system determines credentials for the user, which are then stored in a file readable only by that user but in a location hidden from that user. On subsequent attempts to access the resource, a system process running on behalf of the user accesses the hidden file to prepopulate the user's credentials so that they need not be re-entered. In this way, stored processes can access the resource with the correct user's credentials without requiring that they be entered every time.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: November 27, 2018
    Assignee: HRB Innovations, Inc.
    Inventors: Cale Licklider, William F. Vander Lippe
  • Patent number: 10136281
    Abstract: A method is performed at an application platform running at a computer server for logging in to an application (App) by an end user, the method comprising: receiving a login request from a server associated with the application; obtaining an App identity (ID) and a key from the login request; verifying the obtained App ID and key with predefined information associated with the application and the terminal; and when the verification succeeds, sending, to the application server, a message including first user account number information of the end user at the application platform. The application server is configured to generate second user account number information of the end user at the application according to the first user account number information and return the second user account number information to the terminal so that the end user can log into the application using the second user account number information.
    Type: Grant
    Filed: August 31, 2017
    Date of Patent: November 20, 2018
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Zhang Chen, Haiyu Liu, Jingfu Chen, Yuanfang Lv
  • Patent number: 10135613
    Abstract: Disclosed is a method for generating a privilege-based key using a computer. In the method, a privilege is received from an application, and verified as being associated with the application. The computer cryptographically generates a second key using a first key and the privilege. The second key is provided to the application.
    Type: Grant
    Filed: January 13, 2012
    Date of Patent: November 20, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Ivan Hugh McLean, Laurence G. Lundblade, Brian Harold Kelley, Robert G. Walker
  • Patent number: 10129219
    Abstract: Methods and systems for securing data are provided. For example, one method includes providing context information for an input/output (I/O) operation to a security module by an adapter communicating with a computing device and a storage device via a network; storing encryption parameters associated to a security association handle by the security module; using a workflow handle by the security module to obtain the security association handle for retrieving stored encryption parameters for encrypting payload transmitted by the adapter and for decrypting payload received by the adapter; predicting a first frame header for encrypting the payload transmitted by the adapter and a second frame header for decrypting payload received by the adapter; providing the encrypted payload for transmission to the adapter by the security module, after discarding the first predicted header; and providing the decrypted payload to the computing device by the security module, after discarding the second predicted header.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: November 13, 2018
    Assignee: Cavium, LLC
    Inventors: Somnath Paul, Bruce A. Klemin, Muralidhar Jammula
  • Patent number: 10111064
    Abstract: A system and method is disclosed for converting smart cell phone applications to applications that operate on basic cell phones. The invention has a classifying process that classifies one or more functions of a cell phone application into those functions capable being performing by a basic cell phone and those functions, missing functions, that can not be performed by a basic cell phone. Substitute functions for the missing functions are developed. An emulator monitors the execution of the cell phone application and provides the substitute cell phone functions at points in the execution where a missing function is to be executed. Therefore, the smart phone application is converted into a basic phone application that can be executed by the basic cell phones with reduced functionality. The invention can run on a smart phone or a server. The invention can also be provided as a server based service for basic cell phone users.
    Type: Grant
    Filed: June 15, 2017
    Date of Patent: October 23, 2018
    Assignee: International Business Machines Corporation
    Inventors: Eric Mibuari, Osamuyimen Stewart, Aisha Walcott-Bryant
  • Patent number: 10104121
    Abstract: Methods and systems are provided for implementing application layer security. According to one embodiment, an application layer packet is received by a network appliance and one or more information fields, selected based on an application type associated with the packet, are used to identify an associated end user. Then, security rules that match the traffic pattern, traffic content and identified end user can be applied to the packet. Identification of end users based on application layer information allows different security rules to be implemented for end users or groups thereof. Application of security rules based on identification of an end user based on application layer information can also facilitate implementation of an application-layer-based single sign-on (SSO) process.
    Type: Grant
    Filed: July 3, 2013
    Date of Patent: October 16, 2018
    Assignee: Fortinet, Inc.
    Inventors: Michael Xie, Wei David Wang, Ihab Khalil
  • Patent number: 10104702
    Abstract: A communication apparatus capable of communicating with an external device via a wireless network, comprises: a transmission unit configured to transmit relevant information regarding data to be transmitted to the external device, before connecting to the wireless network; a reception unit configured to receive a response to the relevant information transmitted; a connection unit configured to connect to the wireless network, in a case where the response is received; a data communication unit configured to establish communication and transmit the data, after the connection unit has connected to the wireless network; a conversion unit configured to convert data; and a specification unit configured to specify relevant information regarding data to be converted, wherein in a case of converting the data to be transmitted, the transmission unit transmits relevant information regarding the data to be converted.
    Type: Grant
    Filed: September 8, 2016
    Date of Patent: October 16, 2018
    Assignee: Canon Kabushiki Kaisha
    Inventor: Jun Matsuda
  • Patent number: 10084602
    Abstract: A working method of a dynamic token, including the steps of grouping, by the dynamic token, the second hash data to obtain a plurality of byte groups, transforming respective byte groups into corresponding binary data by shifting and combining the bytes contained in respective byte groups; performing modulo operation on a first preset value by using sum of all the binary data obtained by transforming to a modulo result, performing modulo operation on a second preset value by using the obtained modulo result so as to obtain the first bit interception result. According to this working method, on the basis of different purpose codes, an authentication server authenticates the dynamic passwords applicable to each application scenarios, reducing the risk of keys used for generating dynamic passwords being stolen, improving the security of a token authentication system.
    Type: Grant
    Filed: January 5, 2015
    Date of Patent: September 25, 2018
    Assignee: Feitian Technologies Co., Ltd.
    Inventors: Zhou Lu, Huazhang Yu
  • Patent number: 10079813
    Abstract: Methods and apparatus are disclosed to provide for security within a network enclave. In one embodiment authentication logic initiates authentication with a central network authority. Packet processing logic receives a key and an identifier from the central network authority. Security protocol logic then establishes a client-server security association through a communication that includes a client identifier and an encrypted portion and/or an authorization signature, wherein a client authorization key allocated by the central network authority can be reproduced by a server, other than said central network authority, from the client identifier and a derivation key provided to the server by the central network authority to decrypt the encrypted portion and/or to validate the communication using the authorization signature.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: September 18, 2018
    Assignee: Intel Corporation
    Inventors: Karanvir Grewal, Men Long, Prashant Dewan
  • Patent number: 10063644
    Abstract: Disclosed are various embodiments for an instance monitoring service. Instances are associated with alarm conditions indicating a deviation in the operational health of the instance. Upon an alarm condition being satisfied, a remedy operation may be applied to restore the operational health of the instance. A notification system may let customers know of satisfied alarms, and confirm or cancel remedy operations.
    Type: Grant
    Filed: June 13, 2013
    Date of Patent: August 28, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Derek Solomon Pai, Richard Nel-Boland, Brian Dennehy, Mai-Lan Tomsen Bukovec
  • Patent number: 10051404
    Abstract: The present invention relates to a method for the notification of a resource subscription in a machine-to-machine (M2M) system and devices for same, the method comprising the steps of: detecting a change in the resources to subscribe to comprising a subscription resource as a child resource; generating a notification message including a value indicating the event category of the change in accordance with the second attribute information configured in the subscription resource; and determining if a reception device is reachable on the basis of the scheduling information configured in a scheduling resource for an M2M device and the scheduling information configured in a scheduling resource for the reception device, wherein: if the reception device is determined to be reachable on the basis of the scheduling information, the notification message is immediately transmitted to the reception device; and if the reception device is determined to be unreachable on the basis of the scheduling information, the notificat
    Type: Grant
    Filed: September 26, 2014
    Date of Patent: August 14, 2018
    Assignee: LG ELECTRONICS INC.
    Inventors: Heedong Choi, Seungkyu Park, Seongyun Kim, Hongbeom Ahn, Seungmyeong Jeong
  • Patent number: 10033532
    Abstract: A method includes receiving a first biometric data set representative of a first biometric sample provided by a user and public parameters. The method includes generating a first set of exchange information based thereon and communicating it to a system server. The method includes receiving a second set of exchange information based on the public parameters and a second biometric data set representative of a second biometric sample and is symmetric with respect to the first set of exchange information. The method includes computing a session key for the communication session by applying a first hash function based on a hash key to a subset of the second set of exchange information and a second hash function based on a projected key to a subset of the first set of exchange information. The method includes using the session key in communications during the communication session.
    Type: Grant
    Filed: June 20, 2015
    Date of Patent: July 24, 2018
    Assignee: FUJITSU LIMITED
    Inventors: Avradip Mandal, Hart Montgomery, Arnab Roy
  • Patent number: 10021081
    Abstract: A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic.
    Type: Grant
    Filed: February 12, 2010
    Date of Patent: July 10, 2018
    Assignee: FACEBOOK, INC.
    Inventor: Christopher Newell Toomey
  • Patent number: 9985949
    Abstract: Embodiments of the present invention disclose a method, computer program product, and system for authenticating a user. The application server receives a user log in request and determines if a unique identification accompanies the received user log in request. The application server uses the unique identification to authenticate the identity of the user. The application server determines if the unique identification has been previously received by searching a first database to see if the unique identification was already stored in the first database. If the unique identification is not in the first database then the application server stores the unique identification and grants the user access to the one or more applications hosted on the application server.
    Type: Grant
    Filed: January 25, 2016
    Date of Patent: May 29, 2018
    Assignee: International Business Machines Corporation
    Inventor: Stanley K. Jerrard-Dunne
  • Patent number: 9985991
    Abstract: A method and system for password mediation including identifying an HTTP request issued by a client application executing on a client device, the HTTP request indicating an operation to be performed for a user of the client application at a destination system, obtaining user credentials using the HTTP request, requesting security information for the user with respect to the destination system, determining whether the user is allowed to perform the operation based on the security information, and upon determining that the user is allowed to perform the operation, modifying the HTTP request based on the security information and sending the modified HTTP request to the destination system.
    Type: Grant
    Filed: February 26, 2013
    Date of Patent: May 29, 2018
    Assignee: Red Hat, Inc.
    Inventors: Filip Elias, Filip Nguyen
  • Patent number: 9985941
    Abstract: An embodiment of the invention may include a method, computer program product and computer system for password management. The embodiment may include a computing device that creates a password inventory. The password inventory may be a list of one or more passwords, where each of the one or more passwords corresponds to a password key. The embodiment may update the password inventory without input from a user. The embodiment may receive a first login request from a first device. The embodiment may transmit information detailing a first password key to the first device, where the first password key corresponds to a first password from the list of one or more passwords. The embodiment may receive information detailing a first entered password from the first device. The embodiment may determine whether the first entered password is identical to the first password from the list of one or more passwords.
    Type: Grant
    Filed: September 8, 2015
    Date of Patent: May 29, 2018
    Assignee: International Business Machines Corporation
    Inventors: Rhonda L. Childress, Itzhack Goldberg, Clifford A. Pickover, Neil Sondhi
  • Patent number: 9979764
    Abstract: Methods, systems, computer-readable media, and apparatuses for providing secure resources to a native operating system resource are described herein. Using one or more aspects described herein, a mobile device may determine that a native operating system service requests to access content located within a wrapped application. The mobile device may transmit, to the native operating system service, a server path to a loopback web server within the wrapped application to elicit a request from the native operating system service to the loopback web server for the content. In response to receiving a request comprising the server path to the loopback web server to retrieve the content from the loopback web server, the mobile device may instruct the loopback web server to transmit an unencrypted version of the content to the native operating system service.
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: May 22, 2018
    Assignee: Citrix Systems, Inc.
    Inventor: Krishna Kumar