Management Patents (Class 726/6)
-
Patent number: 9336372Abstract: A method, apparatus and system for securely managing account information are disclosed. In some embodiments, the method is performed at a computer system having one or more processors and memory for storing programs to be executed by the one or more processors. The method includes receiving a request associated with an account. The request includes location verification information. The method includes retrieving, in response to the request, information of a set of predefined locations associated with the account. The method also includes comparing information of the set of predefined locations with the received location verification information to determine whether the received location verification information satisfies a predefined condition. The method further includes sending a response to the request to a destination associated with the account when the received location verification information satisfies the predefined condition.Type: GrantFiled: August 14, 2014Date of Patent: May 10, 2016Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITEDInventor: Chang He
-
Patent number: 9332013Abstract: In certain embodiments, a system receives a first request from a user to perform a function with an enterprise. The system communicates a second request for the user to provide a thought to facilitate authenticating the user with the enterprise. The system receives a string of characters corresponding to the thought. The string may be generated based at least in part upon electromagnetic signals, which the user generates by developing the thought. The system compares the received string to a stored string that corresponds to a thought of the user to authenticate the user. Based at least in part upon the comparison, the system determines whether the user is authenticated to perform the function.Type: GrantFiled: August 28, 2014Date of Patent: May 3, 2016Assignee: Bank of America CorporationInventor: Sylvan Tran
-
Patent number: 9325741Abstract: A network analysis tool is provided in support of a data communication network having dynamically provisioned devices at indeterminate endpoints wherein templates, namely, the collection of meta-data about dynamically provisioned devices on a network (beyond the conventional networking concept of an endpoint address), are modeled as fixed endpoints for purposes of tracking. In a specific embodiment, template groups are generated as network interfaces for a modeled template enforcement device, and template groups are represented as if they are network endpoints connected to a template enforcement device, and a device description for the template enforcement device is produced.Type: GrantFiled: February 27, 2015Date of Patent: April 26, 2016Assignee: RedSeal, Inc.Inventor: Michael A. Lloyd
-
Patent number: 9325719Abstract: A network analysis tool is provided in support of a data communication network having user devices at indeterminate endpoints wherein user identities, namely, the collection of meta-data about a user device of a network (beyond the conventional networking concept of an endpoint address), is modeled as fixed endpoints for purposes of tracking. More specifically, users at indeterminate endpoints are identified by modeling using user roles as models of the user devices.Type: GrantFiled: October 27, 2014Date of Patent: April 26, 2016Assignee: RedSeal, Inc.Inventor: Michael A. Lloyd
-
Patent number: 9312949Abstract: Methods, systems, and apparatus, for pairing a wireless card reader and a computing device, including: receiving first user input setting the wireless card reader in a pairing mode; sending an indication from the wireless card reader to the computing device that a pairing mode of the wireless card reader is enabled; receiving an indication from the computing device that a pairing mode of the computing device is enabled; receiving, in the wireless card reader, a second user input of a sequence of actuations of a sensor on the wireless card reader; determining, on the wireless card reader, whether the sequence of actuations matches a stored sequence; and in response to determining that the sequence of actuations matches a stored sequence, pairing the wireless card reader with the computing device.Type: GrantFiled: March 5, 2013Date of Patent: April 12, 2016Assignee: Square, Inc.Inventors: Thomas Templeton, Elliot Sather
-
Patent number: 9305161Abstract: A password hardening system is arranged between one or more clients and a domain controller or other authentication entity. The password hardening system comprises a plurality of servers configured to store in a distributed manner respective shares of at least one of a hardened surrogate password and a corresponding user password. The password hardening system is configured to intercept a first set of one or more communications based at least in part on the user password and directed to an authentication entity external to the password hardening system, and to provide to the authentication entity in place of at least a portion of the intercepted first set of one or more communications a second set of one or more communications based at least in part on the hardened surrogate password. The password hardening system may be configured to serve as a proxy between an authenticating client and the authentication entity.Type: GrantFiled: June 24, 2013Date of Patent: April 5, 2016Assignee: EMC CorporationInventors: Ari Juels, Kenneth D. Ray, Gareth Richards
-
Patent number: 9298933Abstract: Embodiments described herein generally relate to creating an autonomous role-based security system for a database management system, wherein a super user may not always be required. A computer-implemented method is described. The method includes establishing one or more privileges in a database system, each privilege controlling access to an administrative function for the database system. Each privilege is assigned to one or more roles. Each role may always have a minimum set of users with only administrative rights over the role. A request is received from a first user to grant a role to a second user. A database management system determines whether the first user has administrative privileges over the role. If the first user has administrative privileges over the role, the role is granted to the second user. The database system may satisfy the principles of least privilege and separation of duties.Type: GrantFiled: July 18, 2013Date of Patent: March 29, 2016Assignee: Sybase, Inc.Inventors: Anil Goel, Asif Iqbal Desai, Ramesh Gupta, Somnath Ghosh, Harin Vadodaria
-
Patent number: 9294293Abstract: A service provider receives from a user who has an account with it contact card information and recipient information picture information, therefrom determines a virtual contact card and contact channels through which the virtual contact card is sent to the recipients designated by the user, and sends the virtual contact card to the designated recipients through the contact channels. The virtual contact card and contact channels may be selected from what have been previously registered, either by the user or a third person, with the service provider and stored in the user's account, or just newly created, updated, and sent from the user at the time of transmission request to the designated recipients. The virtual contact card, when updated by the user, may be automatically sent by the service provider to the same recipients that previously received a pre-updated version.Type: GrantFiled: November 28, 2012Date of Patent: March 22, 2016Assignee: PAYPAL, INC.Inventor: Lucy Ma Zhao
-
Patent number: 9282507Abstract: Methods, systems, and apparatuses are described for avoiding short-lived wireless connections. In one method, a first connection with a first access point may be used for data transmissions. A motion state of a mobile device may be determined based on sensor data from at least one sensor within the mobile device. A second access point may be identified. A determination may be made to use the second access point for data transmissions based at least in part on the motion state of the mobile device.Type: GrantFiled: August 7, 2013Date of Patent: March 8, 2016Assignee: QUALCOMM IncorporatedInventors: Tobias Schlatter, Sha Hua, Arnaud Meylan
-
Patent number: 9275195Abstract: One customer of the license clearinghouse may act as an intermediary and perform selected tasks on behalf of another customer. In particular, an intermediary customer can make rights inquiries that access the portion of the central repository that belongs to its client in order to determine rights available to the client. In one embodiment, the portion of the central repository that is accessed in response to a rights inquiry is determined by an IP address of the device being used to make the rights inquiry. This IP address is used to retrieve a record having a customer ID and a field that indicates whether the IP address corresponds to a rights intermediary. If this is the case, a keyword corresponding to the customer ID of the customer that is provided in the rights request by the rights intermediary is used to access the central repository.Type: GrantFiled: February 19, 2010Date of Patent: March 1, 2016Assignee: COPYRIGHT CLEARANCE CENTER, INC.Inventors: Dan Stine, Keith Meyer
-
Patent number: 9275197Abstract: An individual may wish to make a gift of digital media to a designated recipient. The digital media may be previously purchased by the individual or may be new, unused digital media purchased specifically as a gift for the recipient. The sender of the gift sends a gift notification. The sender is then verified to ensure that the sender is authorized to make the gift by matching an identifier of the digital media with an identifier associated with the sender. The digital media may be associated with a set of rights and privileges. Further rights and privileges associated with the digital media may be offered to the recipient.Type: GrantFiled: August 29, 2011Date of Patent: March 1, 2016Assignee: SONY COMPUTER ENTERTAINMENT AMERICA LLCInventor: Adam Harris
-
Patent number: 9268933Abstract: A brokered authentication request is received corresponding to an interaction between a particular user and a particular online entity. An identity provider corresponding to the particular user is identified that stores user data identifying the particular user. Confirmation is received that the identity provider has authenticated the particular user to a user profile maintained by the identity provider and a unique persistent user identifier is generated for the particular user that is unique within a system to a pairing of the first user with the first entity. The user identifier is caused to be communicated to the first entity for authenticating the first user in interactions with the first entity.Type: GrantFiled: August 22, 2012Date of Patent: February 23, 2016Assignee: McAfee, Inc.Inventor: Martin Stecher
-
Patent number: 9271127Abstract: A communication method for automatically switching between cellular networks and IP networks includes following steps. A mobile phone number is used as an user account. A sending user inputs or selects the user account or the mobile phone number of a receiving user on a sending client to send a message to the receiving user. If there is an user account corresponding to the mobile phone number of the receiving user registered on a server and the user account is on line, the sending client sends a message to the server via the IP networks, and the server transfers the message to a receiving client via the IP networks. If there is no user account corresponding to the mobile phone number of the receiving user registered on the server, the sending client directly sends a short message to the mobile phone number of the receiving user via the cellular networks.Type: GrantFiled: May 18, 2011Date of Patent: February 23, 2016Inventor: Shanzhen Chen
-
Patent number: 9270621Abstract: Securely providing messages from a cloud server to an enterprise is disclosed. In one aspect, a message is received at a first server that provides a cloud service to a plurality of tenants. The message complies with a protocol other than HTTP. The message is put on a message queue for a first tenant of the plurality of tenants. An HTTP connection is established in response to a request from a second server to establish the HTTP connection between the second server and the first server. The first server receives an HTTP request from the second serve over the HTTP connection for a message for the first tenant. The message is provided to the second server over the HTTP connection in response to determining that the second server is authorized to receive messages for the first tenant.Type: GrantFiled: February 25, 2013Date of Patent: February 23, 2016Assignee: CA, Inc.Inventors: Heidi R. Muehlebach, Trent Fitzgibbon, Brad Gossit
-
Patent number: 9262654Abstract: A reading device for contactless communication with a transponder unit includes a first antenna for generating a reading device field in the form of an alternating magnetic field. The reading device further contains one or more second antennas configured, and arranged in relation to the first antenna, such that during a contactless communication of the reading device with a transponder unit which generates communication signals by means of load modulation, a predetermined change of a detection signal is captured on the second antenna or antennas if the transponder unit is located in a predetermined zone around the reading device.Type: GrantFiled: April 30, 2012Date of Patent: February 16, 2016Assignee: GIESECKE & DEVRIENT GMBHInventor: Klaus Finkenzeller
-
Patent number: 9230095Abstract: The systems and methods described herein can be used for enhancing the security of computer passwords by electronically receiving a password, the password comprising a plurality of components, each of the components being of a type of component, storing the received password in an electronic data store, converting the stored password to a topological representation of the password by which each of the plurality of components is represented and stored as its type of component, and storing the topological representation of the password in an electronic data store.Type: GrantFiled: March 2, 2015Date of Patent: January 5, 2016Assignee: KoreLogic, Inc.Inventors: Henry Lewis Leininger, Klayton Lee Monroe, Michael Thomas Wollman
-
Patent number: 9230033Abstract: Concepts and technologies are described herein for processing queries from a user's computing device initiating a query. In one embodiment, responding to the query involves searching for results based on the user's location and a list of federated enterprises. A clearinghouse server receives the query and determine a location of the user by accessing a location information database. The clearinghouse server then uses the location information in formulating a query to a search engine, by including location information with the user's query. The results are then processed in light of the list of federated enterprises. The processing may include ordering the search results, filtering the search results, or allowing enhanced forms of communications between the user and a selected party associated with the federated enterprise. The results are provided to the user. The enhanced forms of communication include instant messaging and video conferencing.Type: GrantFiled: September 6, 2011Date of Patent: January 5, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Wajih Yahyaoui, Warren Vincent Barkley, Kapil Nath Sharma, Joseph Arthur Williams
-
Patent number: 9225512Abstract: Approaches for using a physically unclonable function (PUF) as a key-encrypting key are disclosed. Data is encrypted using a session key, and at least one PUF value is generated from a PUF. The session key and a correctness indicator are encrypted into a corresponding session key pair using the PUF value. Each session key pair is added to the encrypted data. Subsequent decryption, using a subsequently generated PUF value, of the correctness indicator to an expected value indicates a valid decryption. Decryption may be repeated using a different PUF value if the correctness indicator does not match the expected value. In another approach, the session key may be omitted and the payload data may be encrypted with the different PUF values and paired with correctness indicators.Type: GrantFiled: May 1, 2013Date of Patent: December 29, 2015Assignee: XILINX, INC.Inventor: Stephen M. Trimberger
-
Patent number: 9215592Abstract: A personal digital ID device provides a digital identifier to a service for a predetermined duration in response to user interaction. The user interaction may include a button press. The personal digital ID device may be in the form of a bracelet, a key fob, or other form factor. The service may be provided by a mobile device, in the cloud, or elsewhere.Type: GrantFiled: March 15, 2013Date of Patent: December 15, 2015Assignee: Tyfone, Inc.Inventors: Siva G. Narendra, Prabhakar Tadepalli, Saurav Chakraborty
-
Patent number: 9203822Abstract: A method for processing data with a terminal and a system connected to the terminal via a network, which includes the steps of executing a process according to a request transmitted from the terminal via the network, performing a first user authentication with respect to the terminal by using the terminal or an authentication apparatus connected to the terminal via the network, storing first authentication data used for the first user authentication in association with second authentication data used for a second user authentication in a storage unit, and performing the second user authentication with respect to the system. In a case where at least a portion of the first authentication data is authenticated by the first user authentication, the second user authentication is performed by using the first and second authentication data stored in the storage unit and the portion of the first authentication data.Type: GrantFiled: August 27, 2013Date of Patent: December 1, 2015Assignee: RICOH COMPANY, LTD.Inventors: Yohei Ono, Noriko Kota
-
Patent number: 9203838Abstract: A system and method for registering a client device to obtain network access from a provider device. A server receives an authorization request for a user account to provide network access from provider devices associated with the user account to client devices associated with the user account. The server receives a unique identifier for each of the client devices, and provides the unique identifier for each of the client devices to each of the provider devices. The server provides an indication to at least one provider device to monitor for a request for network access from at least one client device, the request from the client device comprising the unique identifier of the client device. The provider device is configured to provide network access information to the client device in response to the request.Type: GrantFiled: October 31, 2012Date of Patent: December 1, 2015Assignee: GOOGLE INC.Inventors: Alexander Friedrich Kuscher, Trond Thomas Wuellner, Kan Liu
-
Patent number: 9189636Abstract: An example system can comprise a memory to store machine readable instructions. The system can also comprise a processing unit to execute the machine readable instructions. The machine readable instructions can comprise a service layer to generate an office machine security policy for a heterogeneous fleet of office machines. The heterogeneous fleet of office machines can comprise two different office machines. The service layer can also generate a security configuration for each office machine of the office machine fleet. The security configuration for a given office machine of the heterogeneous fleet of office machines can comprise a security setting for the given office machine. The machine readable instructions can comprise can also comprise a device layer to translate the security configuration of the given office machine into security instructions that are executable by the given office machine.Type: GrantFiled: July 30, 2012Date of Patent: November 17, 2015Assignee: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.Inventors: Matthew Lee Deter, Douglas T Albright, Kimberly G Drongesen, John K Gonsalves, John P. Borz, John Bigley, Kathleen M Takayama, Jeffrey H Soesbe, Daryl Wong
-
Patent number: 9183023Abstract: An environment manager in a computer executes multiple environments concurrently. A user management framework (UMF) virtual machine an the computer runs an authentication domain that supports user profile management of the multiple environments.Type: GrantFiled: July 1, 2010Date of Patent: November 10, 2015Assignee: Hewlett-Packard Development Company, L.P.Inventors: Jose Paulo Pires, Valiuddin Y. Ali, Boris Balacheff, James M. Mann, Eduardo Moschetta
-
Patent number: 9185104Abstract: Method and apparatus for communication between client and service provider using external server, and a method and apparatus for controlling communication between a client and a service provider are provided. The method includes: receiving from the service provider a first authentication token indicating that the service provider has authenticated communication with the client by logging on the service provider; storing, in the external server, authentication information containing the first authentication token and additional information relating to communication with the service provider; receiving, when there is a request to access the service provider, authentication information corresponding to the request from the external server; and communicating with the service provider using the received authentication information.Type: GrantFiled: August 14, 2008Date of Patent: November 10, 2015Assignee: SAMSUNG ELECTRONICS CO., LTD.Inventors: Hyok-Sung Choi, Sang-Kwon Lee, Jeong-Rok Yu
-
Patent number: 9185091Abstract: Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.Type: GrantFiled: September 28, 2012Date of Patent: November 10, 2015Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Anthony M. Leibovitz, Mark C. Schurman, Mudit Goel, Paul G. Mayfield, Sudhakar Pasupuleti, Taroon Mandhana, Vivek P. Kamath, Wei Zheng, Xuemei Bao
-
Patent number: 9178864Abstract: A user-portable computing device configured as a smart card enables a user to carry identification information and to generate security tokens for use in authenticating the user to a service provider. The device includes memory for storing user identities as information cards that are exported to a host computer, presented to a user in visual form, and then selected for use in the authentication process. A security token service installed on the device issues a security token in response to a token request sent from the host computer that references the selected user identity. The security token service uses user attribute information stored on the user device to compose the claim assertions needed to issue the security token. The token is returned to the host computer and used to facilitate the authentication process.Type: GrantFiled: June 26, 2014Date of Patent: November 3, 2015Assignee: Open Invention Network, LLCInventor: Gail-Joon Ahn
-
Patent number: 9176889Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining image search results. One of the methods includes receiving a notification that contents of a first memory page for a first virtual machine on a first host machine are the same as contents of a second memory page for a second virtual machine on a second different host machine. Storage space occupied by the first memory page on the first host machine is deallocated based on the notification. A request from the first virtual machine for the first memory page is received. In response to the request, a copy of contents of the second memory page is obtained from the second host machine.Type: GrantFiled: March 15, 2013Date of Patent: November 3, 2015Assignee: Google Inc.Inventor: Robert H. Earhart, III
-
Patent number: 9172686Abstract: A method comprises an operation for facilitating authentication of a client device attempting to connect to a port of a network element. Facilitating authentication includes determining whether the client device is configured for being authenticated using a first authentication mechanism and, in response to determining that the client device is not configured for being authenticated using the first authentication mechanism, determining whether the client device is configured for being authenticated using at least one other authentication mechanism.Type: GrantFiled: September 28, 2007Date of Patent: October 27, 2015Assignee: Alcatel LucentInventors: Anthony Chow, Minka Nikolova, L. Michele Goodwin, Vincent Vermeulen
-
Patent number: 9166968Abstract: A user credential sharing mechanism which can suitably implement a single sign-on function while preventing illicit accesses by accidental matches of authentication data in a mixed environment of an environment suitable for use of a single sign-on function and an unsuitable environment is provided. To accomplish this, when an information processing apparatus of this invention receives, from a user, an access request instruction to an external apparatus connected to be able to communicate with the information processing apparatus, if an authentication protocol related to user credentials generated at the time of a login operation is that which can limit a security domain, the apparatus accesses the external apparatus using the user credentials, and if that authentication protocol is that which cannot limit a security domain, the apparatus prompts the user to input an account accessible to the external apparatus.Type: GrantFiled: May 8, 2013Date of Patent: October 20, 2015Assignee: Canon Kabushiki KaishaInventor: Yasuhiro Hosoda
-
Patent number: 9160726Abstract: Authentication systems are provided that select an authentication method to be applied to a given transaction from among a plurality of available authentication methods based on risk reasoning. An authentication request from an authentication requestor for a given transaction is processed by receiving the authentication request from the authentication requester and selecting an authentication method to be applied to the given transaction from among a plurality of available authentication methods based on an evaluation of one or more predefined risk reasons with respect to the available authentication methods. The predefined risk reasons associated with a given transaction comprise, for example, a set of risk reasons that contribute to a risk score that has been assigned to the given transaction. The evaluation may employ one or more of rule-based, heuristic and Bayesian techniques.Type: GrantFiled: June 28, 2013Date of Patent: October 13, 2015Assignee: EMC CorporationInventors: Alon Kaufman, Marcelo Blatt, Alex Vaystikh, Triinu Magi Shaashua, Yael Villa
-
Patent number: 9152783Abstract: Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed.Type: GrantFiled: May 31, 2012Date of Patent: October 6, 2015Assignee: Oracle International CorporationInventors: Buddhika Kottahachchi, Kuang-Yu Shih, Arun Theebaprakasam
-
Patent number: 9154377Abstract: A computer-implemented method to manage a device is described. Communications with an endpoint device are established. A management profile for the endpoint device is received. Information about the endpoint device is acquired based at least in part on the management profile. At least a portion of the acquired information is provided to an upper layer server.Type: GrantFiled: February 26, 2013Date of Patent: October 6, 2015Assignee: Symantec CorporationInventors: Maksim Sokolov, Cody Menard
-
Patent number: 9148787Abstract: A method and apparatus are for automatically accessing a social network account that provides member information about each of a plurality of social network members. The member information about at least one of the social network members, denoted as a particular member, includes a network detection portion and a security portion. The network detection portion is retrieved from the social network for at least the particular member. A detection is made that the wireless device is within range of a secure wireless network associated with the particular member. The detection uses the network detection portion of the particular member as an input. The security portion of the member information of the particular member is retrieved from the social network. The security portion is used to derive access credentials for the secure wireless network. The derived access credentials are used to securely access the secure wireless network.Type: GrantFiled: December 6, 2012Date of Patent: September 29, 2015Assignee: Google Technology Holdings LLCInventor: Apostolis K. Salkintzis
-
Patent number: 9143514Abstract: A hierarchical security model for networked computer users is described. Files and resources are controlled or created by users within the network. Each user within the network has an account that is managed by a network administrator. The account specifies the user identifier and password. Users are grouped into organizations depending upon function or other organizational parameter. The groups within the network are organized hierarchically in terms of access and control privileges. Users within a higher level group may exercise access and control privileges over files or resources owned by users in a lower level group. The account for each user further specifies the group that the owner belongs to and an identifier for any higher level groups that have access privileges over the user's group. All users within a group inherit the rights and restrictions of the group.Type: GrantFiled: June 23, 2014Date of Patent: September 22, 2015Assignee: Ellie Mae, Inc.Inventors: Limin Hu, Ting-Hu Wu, Ching-Chih Jason Han
-
Patent number: 9143549Abstract: A communication system offering remote access and a communication method thereof are provided. The communication system includes a remote device, a relay node, and at least one server device. The relay node controls a connection from the remote device to a local area network (LAN). The at least one server device is located in the LAN. The remote device communicates with the relay node by using a web access protocol. The relay node converts a first command compliant with the web access protocol into a second command compliant with a LAN data access protocol, so that the remote device can remotely access the at least one server device through the relay node. Thereby, the remote device can remotely access the at least one server device without setting parameters of related network nodes.Type: GrantFiled: October 24, 2012Date of Patent: September 22, 2015Assignee: ASUSTeK COMPUTER INC.Inventor: Jeng-Hung Hung
-
Patent number: 9137662Abstract: A method and apparatus are provided for access credential provisioning. A method may include receiving, at a first mobile apparatus, information about a second mobile apparatus. The first mobile apparatus may be provisioned with network access credential information to be transferred from the first mobile apparatus to the second mobile apparatus. The method may further include causing the information about the second mobile apparatus to be provided to a provisioning apparatus for the network. The method may additionally include receiving authorization form the provisioning apparatus to transfer the network access credential information from the first mobile apparatus to the second mobile apparatus. The method may also include, in response to receipt of the authorization, causing the network access credential information to be provided to the second mobile apparatus. A corresponding apparatus is also provided.Type: GrantFiled: October 21, 2010Date of Patent: September 15, 2015Assignee: Nokia Technologies OyInventors: Silke Holtmanns, André Dolenc
-
Patent number: 9135412Abstract: Systems and methods of token-based protection for remote resources are disclosed. For example, a method may include receiving, at a second computing device, a configuration message from a first computing device. The configuration message includes information to configure a resource at the second computing device. For example, the resource may be a cloud transcoder. The method also includes generating, at the second computing device, a short token that enables the first computing device to access the resource. For example, the short token may be used to receive a long token that can be used to send application programming interface (API) requests to the cloud transcoder.Type: GrantFiled: February 24, 2015Date of Patent: September 15, 2015Assignee: WOWZA MEDIA SYSTEMS, LLCInventors: Michael Dean Talvensaari, Ian Zenoni
-
Patent number: 9137740Abstract: Systems and methods of providing network access information from one or more servers to a wireless device. The wireless device acquires information from the servers about available networks at a current location of the wireless device. The network information is based on a plurality of device parameters, network parameters and regulatory requirements that govern the operation of the wireless device. In addition, the wireless device may assess the acquired information for suitability for communications to be carried out by the wireless device.Type: GrantFiled: September 10, 2012Date of Patent: September 15, 2015Assignee: Spectrum Bridge, Inc.Inventors: Peter Stanforth, Jeffrey C. Schmidt, Manish Shukla
-
Patent number: 9137251Abstract: The present invention teaches a methodology for provisioning and managing a network having many network devices. In certain embodiments, groups of member devices are created each having a group policy configuration inherited by member devices. A variety of rules regarding prioritization, versioning, system snapshot, redo and undo are also taught. This embodiment is useful when the network devices can be partitioned into groups of similar type devices for similar applications. Similar physical attributes can also be mapped into identical virtual attributes, enabling policy configurations to be applied to varying devices and physical attribute configurations can be resolved upon device installation.Type: GrantFiled: March 16, 2005Date of Patent: September 15, 2015Assignee: Fortinet, Inc.Inventors: Michael Xie, Langtian Du, Jun Li
-
Patent number: 9131185Abstract: A data communication apparatus that is capable of improving operability when inputting authentication information. An authentication unit accepts authentication information inputted when a user logs in to the data communication apparatus and authenticates the user based on the accepted authentication information. A designation unit designates a file transmission destination that is inputted by the authenticated user. A transmission unit transmits a file to the transmission destination inputted. A registration unit registers the transmission destination of the file. A control unit prohibits registration of the authentication information at the time of registration of the transmission destination of the file when the accepted authentication information is used for file transmission, and permits registration of the authentication information at the time of registration of the transmission destination of the file when the inputted authentication information is not used for file transmission.Type: GrantFiled: November 21, 2012Date of Patent: September 8, 2015Assignee: CANON KABUSHIKI KAISHAInventor: Hiroyasu Morita
-
Patent number: 9130920Abstract: A network security layer with a role mapping component with a current role mapping between services and access permissions is provided between a user and the services. A multi-tenancy module with current membership mapping is also provided. The security layer has a network authentication protocol for user authentication at log-in. Snapshots of a baseline role mapping between services and permissions are taken at certain times. The role mapping component verifies snapshots at set intervals, and when the user performs certain actions, the current role mapping is compared with the baseline role mapping. Upon discrepancy, the role mapping component executes a set of rules, including forceful log-out to prevent system intrusion. Comparison of current membership mapping with a baseline membership mapping can also be applied. The security layer can thus monitor authorization-exceeding modifications to baseline policies attempted by logged-in and initially authorized users.Type: GrantFiled: January 7, 2013Date of Patent: September 8, 2015Assignee: ZETTASET, Inc.Inventor: Konstantin I. Pelykh
-
Patent number: 9122852Abstract: A password input system and a method inputting a password are provided. The password input system includes a signal receiving unit, a processing unit and a storage device. The signal receiving unit receives input signals comprising key-pressing signals and key-releasing signals respectively corresponding to the key-pressing signals and each key-pressing signal corresponds to an alphanumeric symbol. The processing unit, according to a predetermined key-releasing rule, sequentially groups the alphanumeric symbols corresponding to the key-pressing signals into groups. Each group is regarded as a password element and the password elements together form a multi-key input password set. The storage device stores the multi-key input password set.Type: GrantFiled: June 3, 2013Date of Patent: September 1, 2015Assignee: Wistron CorporationInventor: Bin Jiang
-
Patent number: 9124649Abstract: Methods and systems provide indirect and temporary access to a company's IT infrastructure and business applications. The methods/systems involve establishing an access control center (ACC) to control the access that technical support personnel may have to the company's IT infrastructure and business applications. Thin client terminals with limited functionality may then be set up in the ACC for use by the technical support personnel. The thin client terminals connect the technical support personnel to workstations outside the ACC that operate as virtual desktops. The virtual desktops in turn connect the technical support personnel to the IT infrastructure and business applications. An ACC application may be used to automatically establish the connection between the thin client terminals and the virtual desktops and the virtual desktops and the IT infrastructure and business applications.Type: GrantFiled: April 21, 2014Date of Patent: September 1, 2015Assignee: United Services Automobile Associate (USAA)Inventors: Christopher Thomas Wilkinson, Edward Allen Francovich, Jeremy Ryan Scott, Steven Dale Sternitzke
-
Patent number: 9118710Abstract: A system, method, and computer program product are provided for identifying operating system information associated with at least one of a plurality of networked devices, and an occurrence in connection with the at least one of the networked device. It is also determined whether at least one vulnerability capable being exploited by the occurrence is relevant to the at least one networked device based on the operating system information. To this send, the occurrence is reported in a first manner, if it is determined that the at least one vulnerability capable being exploited by the occurrence is relevant to the at least one networked device based on the operating system information. Further, the occurrence is reported in a second manner different from the first manner, if it is determined that the at least one vulnerability capable being exploited by the occurrence is not relevant to the at least one networked device based on the operating system information.Type: GrantFiled: September 29, 2014Date of Patent: August 25, 2015Assignee: SecurityProfiling, LLCInventors: Brett M. Oliphant, John P. Blignaut
-
Patent number: 9118708Abstract: A system, method, and computer program product are provided for a database associating a plurality of device vulnerabilities to which computing devices can be subject with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities. Each of the device vulnerabilities is associated with at least one remediation technique. Each remediation technique associated with a particular device vulnerability remediates that particular vulnerability. Further, each remediation technique has a remediation type are selected from the type group consisting of patch, policy setting, and configuration option. Still yet, a first one of the device vulnerabilities is associated with at least two alternative remediation techniques.Type: GrantFiled: September 28, 2014Date of Patent: August 25, 2015Assignee: SecurityProfiling, LLCInventors: Brett M. Oliphant, John P. Blignaut
-
Patent number: 9118675Abstract: In embodiments, a method of securing access to a computer memory and other computer resources includes authoring a 3D projection of data by a registering user customizing elements in the 3D projection, resulting in a registered 3D projection. The method further includes presenting to a requesting user a representation of the elements of the 3D projection in a randomized fashion. The method additionally includes receiving, from the requesting user, manipulations of the presented elements of the 3D projection toward undoing or solving the randomization. The method includes determining whether the manipulated elements of the 3D projection match the customized elements of the registered 3D projection. Then, the method includes granting, to the registered user, access to the computer memory if the manipulated elements of the 3D projection match the customized elements of the registered 3D projection.Type: GrantFiled: December 27, 2012Date of Patent: August 25, 2015Assignee: Dassault SystemesInventor: Jean-Jacques Grimaud
-
Patent number: 9118656Abstract: Requests to gain access to secure resources are adjudicated according to authentication policies that include rules based on user-states derived from multiple heterogeneous access-control systems. Comprehensive user authentication and access control based on rules and policies that encompass a user's status in multiple access-control systems, including both logical access (e.g., Active Directory, RADIUS, Virtual Private Network, etc.) as well as physical access (e.g., card-based) control systems, may be realized.Type: GrantFiled: January 25, 2007Date of Patent: August 25, 2015Assignee: Imprivata, Inc.Inventors: David M. T. Ting, Omar Hussain, Gregg LaRoche
-
Patent number: 9111117Abstract: Sensitive content is securely shared. A request is received from a first communication device to share sensitive content. The first communication device is associated with an account for a communication service provided by a network provider. A message including a link to the sensitive content is sent to a second communication device associated with a phone number. That message is addressed to the second communication device. An authentication message is received, indicating that the second communication device is associated with the phone number. Responsive to receipt of the authentication message, the sensitive content is made accessible via the second communication device without requiring that the second communication device be associated with an account for the communication service provided by the network provider.Type: GrantFiled: October 11, 2013Date of Patent: August 18, 2015Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Emily Soelberg, Jeffrey Mikan
-
Patent number: 9112846Abstract: A system and method for using a GSSAPI security token to transport additional non-GSSAPI data that includes authorization data used by third-party software. The system includes a hook that intercepts a client process's interactions with the GSSAPI. When a client process requests a security context from the GSSAPI, the hook intercepts the security token the GSSAPI provides for the client process. The hook checks to see if there is additional authorization data to transport, adds the additional data to the security token, then gives the token to the client process. The client process sends the security token to the server process, which submits the token to the GSSAPI for evaluation.Type: GrantFiled: October 11, 2013Date of Patent: August 18, 2015Assignee: CENTRIFY CORPORATIONInventor: Hon Wai Kwok
-
Patent number: 9106642Abstract: Disclosed are various embodiments for synchronizing authentication sessions between applications. In one embodiment, a first authentication token is received from a first application in response to determining that the first application is authenticated with a service provider. A second authentication token is requested from a token exchange service associated with the service provider. The second authentication token is requested using the first authentication token. The second application is configured to use the second authentication token in order to access a resource of the service provider.Type: GrantFiled: September 11, 2013Date of Patent: August 11, 2015Assignee: Amazon Technologies, Inc.Inventor: Bharath Kumar Bhimanaik