Management Patents (Class 726/6)
  • Publication number: 20150082400
    Abstract: An improved authentication method and system is provided where a user securely accesses a variety of target servers for online email, online banking, credit card purchases, ecommerce, brokerage services, corporate databases, and online content (movies, music and software). The method involves a bridge server performing authentication tasks that allow a user to access a server or a group of servers with multiple security levels. The method eliminates the need for the user to remember multiple usernames/passwords for each target server. The method also allows one bridge server and one set of security devices to be used to authenticate the user for multiple servers, thereby reducing security costs and increasing user convenience. A location-based password-ID generating device is also described for secure location-based access.
    Type: Application
    Filed: November 25, 2014
    Publication date: March 19, 2015
    Inventors: Delaram Fakhrai, Mehran Moshfeghi
  • Patent number: 8984602
    Abstract: A processing device comprises a processor coupled to a memory and is configured to receive authentication information from a user, to generate a message authentication code based at least in part on the received authentication information, to generate a credential for a particular access control interval based at least in part on the message authentication code and an intermediate value of a hash chain, and to provide the credential to a user in order to allow the user to access a protected resource in the particular access control interval. The message authentication code may be generated over a message payload that includes a password provided by the user. The credential may comprise a combination of the message authentication code and the intermediate value of the hash chain.
    Type: Grant
    Filed: June 28, 2013
    Date of Patent: March 17, 2015
    Assignee: EMC Corporation
    Inventors: Daniel V. Bailey, William M. Duane, Aaron Katz
  • Patent number: 8984283
    Abstract: Methods and apparatuses for validating the status of digital certificates include a relying party receiving at least one digital certificate and determining if the at least one digital certificate is to be validated against a private certificate status database. The relying party accesses the private certificate status database and cryptographically validates the authenticity of data in the private certificate status database. The relying party also validates the at least one digital certificate based on information in at least one of the private certificate status database and a public certificate status database.
    Type: Grant
    Filed: August 3, 2011
    Date of Patent: March 17, 2015
    Assignee: Motorola Solutions, Inc.
    Inventors: Erwin Himawan, Anthony R. Metke, Shanthi E. Thomas
  • Patent number: 8984600
    Abstract: A method for associating a web event with a member of a group of users is implemented at a first computing device. The method includes: receiving a data access request from a second computing device; determining whether the user has previously provided personal information and authorization to the first computing device through the second computing device; if the user's personal information and authorization are found: generating a record for the data access request; if the user's personal information is found but the user's authorization is not found: generating a record for the data access request; and if neither of the user's personal information and authorization is found: identifying one or more user identifiers that are associated with the second computing device; and returning personal information associated with the one or more user identifiers to the second computing device.
    Type: Grant
    Filed: October 25, 2012
    Date of Patent: March 17, 2015
    Assignee: Google Inc.
    Inventor: Simon Michael Rowe
  • Patent number: 8984583
    Abstract: A computer-implemented method for compliance with a privacy requirement. The method comprises analyzing, using one or more processors, an access log related to a history of users accessing records; deriving a plurality of roles assigned to the users and a plurality of accesses reflecting actions taken by the users; and deriving from the access log a mapped log comprising a plurality of mapping records including a plurality of mapped role-access pairs. The method further comprises generating, using the one or more processors, a reduced log including a plurality of reduced records comprising a mapped role-access pair and statistics that are associated with the mapped role-access pair, the statistics being derived from a subset of the mapping records that include the mapped role-access pair; and deriving an access policy based on the reduced log, wherein the access policy includes a plurality of proposed role-access pairs.
    Type: Grant
    Filed: March 13, 2013
    Date of Patent: March 17, 2015
    Assignee: Accenture Global Services Limited
    Inventors: Rafae Bhatti, Paul D. Martin
  • Patent number: 8984599
    Abstract: A method and apparatus for generating a password in real time by creating at least one password map during creation of an account associated with a user, and generating and providing a random password hint sequence grid to the user in real time, authenticating the user for accessing the account using a password created by the user, where the password is created by the user using the random password hint sequence grid and the at least one password map.
    Type: Grant
    Filed: January 27, 2012
    Date of Patent: March 17, 2015
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Vikram Bodavula
  • Patent number: 8984601
    Abstract: A platform of Trust Management software which is a single, customizable, complete distributed computing security solution designed to be integrated into an enterprise computing environment. Digital Network Authentication (DNA) is the centerpiece of the system of the present invention. It is a unique means to authenticate the identity of a communicating party and authorize its activity. The whole mechanism can be thought of as a trusted third party providing assurances to both clients and servers that each communicating entity is a discrete, authenticated entity with clearly defined privileges and supporting data. Furthermore, the level of trust to be placed in the authorization of every entity communicating within the system is communicated to every entity within a distributed computing environment.
    Type: Grant
    Filed: January 22, 2013
    Date of Patent: March 17, 2015
    Inventor: Gerard A. Gagliano
  • Publication number: 20150074776
    Abstract: Techniques for electronic signature process management are described. Some embodiments provide an electronic signature service (“ESS”) configured to manage electronic identity cards. In some embodiments, the ESS generates and manages an electronic identity card for a user, based on personal information of the user, activity information related to the user's actions with respect to the ESS, and/or social networking information related to the user. The electronic identity card of a signer may be associated with an electronic document signed via the ESS, so that users may obtain information about the signer of the document. Electronic identity cards managed by the ESS may also be shared or included in other contexts, such as via a user's profile page on a social network, a user's email signature, or the like.
    Type: Application
    Filed: November 10, 2014
    Publication date: March 12, 2015
    Inventors: Thomas H. Gonser, Donald G. Peterson, Douglas P. Rybacki
  • Patent number: 8978116
    Abstract: Method for monitoring an online identity of a user on a network is described. In one example, data exchanged between a browser client on a device associated with the user and the network is monitored. Creation or use of an online identity by the user is detected within the data. The online identity is associated with a host site. The host site may be any of a plurality of point of presence sites. A notification of the online identity is generated for presentation to a custodian of the user. The notification may then be sent to the custodian.
    Type: Grant
    Filed: March 30, 2007
    Date of Patent: March 10, 2015
    Assignee: Symantec Corporation
    Inventors: Michael Spertus, Robert Walters, Gerry Egan
  • Patent number: 8977854
    Abstract: Automatic identification and authentication of a user of a mobile application entails receiving from the wireless communications device a unique device identifier and an e-mail address corresponding to the wireless communications device, associating a registration identifier with the unique device identifier and the e-mail address, generating an authentication token, and communicating the authentication token and the registration identifier to the wireless communications device.
    Type: Grant
    Filed: November 20, 2013
    Date of Patent: March 10, 2015
    Assignee: BlackBerry Limited
    Inventors: Dalsu Lee, Kateryna Khvan, Ken Kwok Wai Lo, Andreea Livia Manolescu, Michael Hin Kai Hung
  • Patent number: 8978112
    Abstract: Systems and methods for controlling communication systems for the hearing impaired are disclosed. A portable communication device requests control over a plurality of communication devices. The portable communication device connects to and controls the plurality of communication devices. The portable communication device includes a user interface that enables a user to transfer a call from a first communication device to a second communication device.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: March 10, 2015
    Assignee: Sorenson Communications, Inc.
    Inventors: Scot L. Brooksby, Trevor Wagner, Tara Ault, Bradley Grimm, Jennifer Harris
  • Patent number: 8978102
    Abstract: Methods, devices, and systems are disclosed for simulating a large, realistic computer network. Virtual actors statistically emulate the behaviors of humans using networked devices or responses and automatic functions of networked equipment, and their stochastic actions are queued in buffer pools by a behavioral engine. An abstract machine engine creates the minimal interfaces needed for each actor, and the interfaces then communicate persistently over a network with each other and real and virtual network resources to form realistic network traffic. The network can respond to outside stimuli, such as a network mapping application, by responding with false views of the network in order to spoof hackers, and the actors can respond by altering a software defined network upon which they operate.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: March 10, 2015
    Assignee: Shadow Networks, Inc.
    Inventors: Chad O. Hughes, Steven M. Silva
  • Patent number: 8978114
    Abstract: A recommendation engine for identity management is disclosed. A data store including an identity management access database is provided. Suggested access entitlement operations for potential identities of a listing of identities on which to perform access entitlement operations are generated. Suggested access entitlement operations for the potential identities of the listing of identities on which to perform access entitlement operations are offered through a user interface.
    Type: Grant
    Filed: March 11, 2013
    Date of Patent: March 10, 2015
    Inventors: Nishant Kaushik, Matthew David Crumb
  • Publication number: 20150067796
    Abstract: The present invention provides a mechanism to activate an original object (12S) so that statistical objects (14S) generated from the original object can be recognized using statistical object identification. An object activation agent (48) with a clock (47) and at least one original object (12S) communicates the original object (12S) and time from the clock (47) to an object activation service (50). The object activation service (50) provides and communicates keying information (61) and expiration criterion (63) for at least one of said original objects (12S) back to the object activation agent (48).
    Type: Application
    Filed: August 27, 2013
    Publication date: March 5, 2015
    Applicant: BlackRidge Technology Holdings, Inc.
    Inventors: John William Hayes, Christopher Luis Hamlin, Charles Andrew Gram
  • Publication number: 20150067801
    Abstract: A communications device provides a biometric reader to authenticate users onto the communications device based on a single biometric input. The communications device maintains a local copy of the strong authentication credentials, such as a user identification and password, and the biometrics which were previously input by users of the communications device. Then, rather than requiring re-entry of the strong authentication credentials to authenticate (or re-authenticate) these users onto the communications device, the communications device is able to authenticate the users based on the input of the appropriate biometric. When a biometric input is received, the communications device identifies the locally stored strong authentication credentials that is associated with the input biometric, and uses the locally stored strong authentication credentials to authenticate the user.
    Type: Application
    Filed: November 7, 2014
    Publication date: March 5, 2015
    Inventor: Gurdeep S. Pall
  • Publication number: 20150067797
    Abstract: A certification application automatically generates a certification document associated with a service. A transformation module retrieves a component information associated with a status of a service from a data store maintaining the component information. The component security data and component metadata is included within the component information. The component information is transformed for insertion into a certification information. Risk analysis, phraseology, and localization data is used to transform the component information. The certification document is generated based on the certification template by inserting the component information into the certification template.
    Type: Application
    Filed: September 3, 2013
    Publication date: March 5, 2015
    Applicant: Microsoft Corporation
    Inventors: David Nunez Tejerina, Steven Bowles
  • Publication number: 20150067800
    Abstract: An information processing apparatus capable of receiving an authentication request in accordance with a protocol of a plurality of protocols and a method of controlling the same are provided. The information processing apparatus stores a user identifier and a password for each user and a calculation method for each protocol, and when the apparatus receives an authentication request including authentication data from a remote computer in accordance with a protocol of the plurality of protocols, the apparatus obtains stored password corresponding to the authentication data which is included in the authentication request, obtains, stored calculation method corresponding to the protocol, converts the obtained password into a hash in accordance with the obtained calculation method, and verifies the authentication data with the hash.
    Type: Application
    Filed: August 28, 2014
    Publication date: March 5, 2015
    Inventor: Yasuhiro Hosoda
  • Publication number: 20150067798
    Abstract: A one time password (OTP) associated with a client device, and a padding rule, of a plurality of possible padding rules, associated with the client device may be determined. A padded OTP that include the OTP and additional data may be formed based on the padding rule. The padding rule may be associated with at least one of a position of the OTP within the padded OTP, a characteristic of the additional data, or a characteristic of the padded OTP. The padded OTP may be provided to the client device. A selection of a portion of the padded OTP may be received from the client device, and the client device may be authenticated when the selected portion of the padded OTP corresponds to the OTP. If the selected portion of the padded OTP does not correspond to the OTP, other actions may be performed based on the selected portion.
    Type: Application
    Filed: September 5, 2013
    Publication date: March 5, 2015
    Applicant: Verizon Patent and Licensing Inc.
    Inventors: Jonathan McCown, Paul V. Hubner, Steven T. Archer, Paul Hubbard
  • Publication number: 20150067799
    Abstract: An electronic password generating method, an electronic password generating apparatus and an electronic password authentication system are provided. The electronic password generating method includes steps of: prompting a user to input a challenge code by a prompting information, wherein the prompting information is an information containing a meaning represented by the challenge code to be input, the prompting information at least comprises a first prompting information and a second prompting information, and the challenge code at least comprises a first information of the challenge code and a second information of the challenge code; receiving the challenge code input by the user; and generating a dynamic electronic password according to the input challenge code and a current time parameter.
    Type: Application
    Filed: April 11, 2013
    Publication date: March 5, 2015
    Applicant: TENDYRON CORPORATION
    Inventor: Dongsheng Li
  • Patent number: 8973117
    Abstract: Various methods and systems for propagating identity information in a composite application are presented. State data of a composite application, as executed for a particular entity, may be transferred to and stored by a computer-readable storage medium. The state data may include a portion of a set of subject information linked with the entity. A security attribute of the subject may not be present in the portion of the set of subject information in the state data transferred to the non-transitory computer-readable storage medium. After a period of time, such as an hour or a day, the state data of the composite application as executed for the entity may be retrieved and the security attribute of the set of subject information linked with the entity may be determined The composite application may then continue to be executed for the entity.
    Type: Grant
    Filed: December 13, 2013
    Date of Patent: March 3, 2015
    Assignee: Oracle International Corporation
    Inventors: Nickolas Kavantzas, Prakash Yamuna
  • Patent number: 8973116
    Abstract: A password evaluation system is provided for determining the password strength of a password. A password is provided for evaluation. The password is parsed and substrings are identified from the password. Each substring is associated with a pattern that can generate the substring. The substrings are scored to determine a substring strength measure for the substring. The substrings are combined to identify non-overlapping substring combinations, which together make up the password. The combinations are assigned a combination strength score based in part on the substring strength of the substrings contained in the substring combinations. The substring combination with the lowest combination strength measure is identified and the associated combination strength measure is used as the password strength measure for the password.
    Type: Grant
    Filed: December 19, 2012
    Date of Patent: March 3, 2015
    Assignee: Dropbox, Inc.
    Inventor: Dan Lowe Wheeler
  • Patent number: 8973114
    Abstract: A method including generating a first and second One Time Password (OTP) token from a shared clock, receiving a third OTP token, and comparing the second and the third OTP tokens. A system including a number generator residing on a first server to generate first and second One Time Password (OTP) tokens from a shared clock, a transmitter residing on the first server to transmit the first and the second OTP tokens, a receiver residing on a second server to receive the first, the second, and a third OTP tokens, and a comparator residing on the second server to compare the second and the third OTP tokens to authenticate an identity of a party who generates the third OTP token.
    Type: Grant
    Filed: September 14, 2012
    Date of Patent: March 3, 2015
    Assignee: eBay, Inc.
    Inventor: Christopher Jurgen von Krogh
  • Patent number: 8973115
    Abstract: An automated system and method for assembling and analyzing a candidate application to determine a type of credential in a professional credentialing area for the candidate is provided. The automated system may facilitate the receipt of application materials from various sources and may enable review and appraisal of the application by multiple parties. The application may be tailored to a specific type of requested credential.
    Type: Grant
    Filed: October 4, 2012
    Date of Patent: March 3, 2015
    Assignee: American Nurses Credentialing Center
    Inventors: Karen Neil Drenkard, Ellen Swartwout, Marianne Horahan, Nancy Jo Robert, David Paulson, Vicki Ann Lundmark, Patricia Rose Deyo, Stephanie Lida Ferguson, Diane Lynn Thompkins, Christine Depascale
  • Patent number: 8973107
    Abstract: The invention described herein provides a method and system for foiling a keylogger by creating a custom keyboard driver and passing the keystrokes directly to the browser in an encrypted format. The browser (which is used to access the Internet) has a component that decrypts the keystroke before it is sent to the website. Thus the present invention enables the user to go to any website and enter sensitive information (passwords, credit card numbers, etc.) without the keystrokes being intercepted by Keyloggers. In general terms, the invention described herein provides a method and system for (1) modifying the keyboard driver, (2) encrypting the keystrokes between the keyboard driver and the browser, and (3) notifying the user if the invention has been compromised.
    Type: Grant
    Filed: May 16, 2014
    Date of Patent: March 3, 2015
    Assignee: StrikeForce Technologies, Inc.
    Inventor: Ram Pemmaraju
  • Patent number: 8973111
    Abstract: A method for secure electronic transaction over a computer network, comprising: at a trusted relationship profile server computer: storing a unique identity of a trusted computing unit; generating a confirmation message regarding the unique identity of the trusted computing unit in response to a request from the trusted computing unit; at a security proxy server computer: storing real credentials and local credentials of a customer in a secure vault; receiving the confirmation message and permitting a login process to be performed with the security proxy server using the local credentials, provided the confirmation message is valid; and replacing the local credentials submitted in the login process with the real credentials. A corresponding system for secure electronic transactions is also provided.
    Type: Grant
    Filed: June 8, 2013
    Date of Patent: March 3, 2015
    Assignee: Inbay Technologies Inc.
    Inventors: Randy Kuang, Stanislus Kisito Xavier, David Michael Mann
  • Patent number: 8973113
    Abstract: A method for automatically resetting a password is described. A failed login attempt in a system is identified. A failed login condition is determined to be satisfied. A user is prompted about resetting a password if the failed login condition is satisfied. A new password is generated based on user input. The new password is sent to the user via voicemail or email.
    Type: Grant
    Filed: April 15, 2010
    Date of Patent: March 3, 2015
    Assignee: Crimson Corporation
    Inventor: David A. Eatough
  • Patent number: 8972508
    Abstract: A computer-implemented method for managing email configuration may include receiving a first email message from a first device, identifying device-type information in the first email message, identifying a second email message addressed to the first email address, and using the device-type information to select email-configuration information for the second email. The method may further include reformatting a body of the second email based on the email-configuration information, removing an attachment to the second email in response to the email-configuration information, providing a user with the email-configuration information for the second email message, and associating the device-type information with the first email address. A computer-implemented method for including email-configuration information in an email may involve identifying a first email message from a first user, including email-configuration information in the first email message, and sending the first email message to a first recipient.
    Type: Grant
    Filed: July 6, 2012
    Date of Patent: March 3, 2015
    Assignee: Symantec Corporation
    Inventors: Timothy G. Brown, Brian Hernacki
  • Patent number: 8973112
    Abstract: A system and method for providing a normalized security list including a first module configured to generate a first normalized security list of user identifications within a network and a second module configured to generate a second normalized security list of user identifications within the network. The system and method may also include an equalizer module configured to compare the first normalized security list with the second normalized security list, equalize the first normalized security list based on the second normalized security list, and equalize the second normalized security list based on the first security list. The system and method may also include a processing module configured to perform an audit of user identifications within the network by processing the first equalized normalized security list and the second equalized normalized security list and generating audit results based on the processing.
    Type: Grant
    Filed: January 9, 2009
    Date of Patent: March 3, 2015
    Assignee: Verizon Patent and Licensing Inc.
    Inventor: Paul Michael Golobay
  • Publication number: 20150058940
    Abstract: Implementations of the present disclosure provide systems and methods for automatically preloading data pertaining to credentials determined to be likely to be used during a particular time interval into a memory utilized by a credential emulator. The systems and methods described herein contemplate identifying a particular time interval by identifying events that may designate the beginning and end of that particular time interval, identifying contextual information relevant to the client device or a user account affiliated with the client device during the time interval, identifying a set of credentials available for loading into the memory utilized by the credential emulator, determining from the set of credentials, a subset composed of individual credentials that are likely to be used during the time interval, and loading data pertaining to individual credentials in the subset into the memory utilized by the emulator.
    Type: Application
    Filed: August 20, 2013
    Publication date: February 26, 2015
    Applicant: Google Inc.
    Inventors: Austin Robison, Ben Poiesz, Melissa Frank
  • Publication number: 20150058941
    Abstract: A device may collect environmental information surrounding the device. Based on the collected environmental information, the device may automatically identify a potentially secured location that has lower security risk. When a potentially secured location is identified, the device may prompt the user to setup a security profile having reduced security requirement for the secured location. The device may store and associate the security profile with the secured location. The device may activate the security profile with reduced security requirement when the device is in the secured area. Further, the security profile may require that certain features of the device be disabled when the device is in the secured location.
    Type: Application
    Filed: August 20, 2013
    Publication date: February 26, 2015
    Inventors: Nate L. Lyman, Roy L. Camp, Eric J. Farraro, John R. Tapley
  • Publication number: 20150058942
    Abstract: A method of operation includes detecting that a wearable device is being worn, receiving a certificate from a primary device over a secure wireless link where the wearable device is paired to the primary device using the secure wireless link, storing the certificate in memory of the wearable device, and sending the certificate, over the secure wireless link, to the primary device to unlock the primary device. The method may further include detecting that the wearable device is no longer being worn, and eradicating the certificate from memory of the wearable device in response to detecting that the wearable device is no longer being worn. In some embodiments, the method may also include detecting that the secure wireless link is disconnected, and eradicating the certificate from memory of the wearable device in response to detecting that the secure wireless link is disconnected. The present disclosure also provides a wearable device.
    Type: Application
    Filed: August 22, 2013
    Publication date: February 26, 2015
    Applicant: Motorola Mobility LLC
    Inventor: Francois M. Dermu
  • Publication number: 20150058943
    Abstract: Provided is an information processing device including a program execution unit that loads, interprets, and executes a computer program code created by a first procedural language. The program execution unit opens a communication channel in response to a communication connection request from an external unit, and returns to each communication channel a result for a processing request sent from an external unit on the opened communication channel.
    Type: Application
    Filed: March 14, 2013
    Publication date: February 26, 2015
    Applicant: Sony Corporation
    Inventor: Tadashi Morita
  • Patent number: 8966599
    Abstract: Approaches are described for automatically generating new security credentials, such as security tokens, which can involve automatically re-authenticating a user (or client device) using a previous security token issued to that user (or device). The re-authentication can happen without any knowledge and/or action on the part of the user. The re-authentication mechanism can invalidate and/or keep track of the previous security token, such that when a subsequent request is received that includes the previous security token, the new security token can be invalidated, and the user caused to re-authenticate, as receiving more than one request with the previous security token can be indicative that the user's token might have been stolen.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: February 24, 2015
    Assignee: Amazon Technologies, Inc.
    Inventors: Maximilian Francis Barrows, Paul Francis Dean Ferraro, Jason George Mchugh, Abraham Martin Passaglia, Andrew Jay Roths, Eric Allan Shell
  • Patent number: 8966598
    Abstract: A group video messaging method stores user information identifying authorized users of a video messaging system, and provides a user interface to the video messaging system. The user interface permits authorized users to transfer video files to the video messaging system for storage and retrieval, and to identify criteria for other authorized users to access each transferred video file. The method also stores in the video messaging system the video files transferred to the system by the authorized users; stores information identifying the user that transferred each stored video file to the video messaging system, and the criteria for authorized users to access the stored video files; and stores information identifying different groups of the authorized users and which of the stored video files are to be accessible to each of the authorized users or authorized user groups.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: February 24, 2015
    Assignee: LiveQoS Inc.
    Inventors: Ryan Brink, Pranay Kumar, Gregory Flatt, Desmond McNamee
  • Patent number: 8966570
    Abstract: Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.
    Type: Grant
    Filed: March 22, 2012
    Date of Patent: February 24, 2015
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Nathan R. Fitch, Kevin Ross O'Neill, Graeme D. Baer, Bradley Jeffery Behm, Brian Irl Pratt
  • Patent number: 8963952
    Abstract: A display control system includes: a display information acquisition section that acquires display information by using given account information; and a corrected display information creation section that, based on first display information acquired by the display information acquisition section using first account information and second display information acquired by the display information acquisition section using second account information different from the first account information, determines whether the display contents shown by the first display information are included in display contents shown by the second display information or not, selects part or all of the display contents shown by the first display information in accordance with a result of the determination, and creates corrected display information which includes the selected part of the display contents shown by the first display information.
    Type: Grant
    Filed: July 12, 2010
    Date of Patent: February 24, 2015
    Assignee: Fuji Xerox Co., Ltd.
    Inventor: Yuki Nakamori
  • Patent number: 8966572
    Abstract: Techniques are provided for dynamically propagating identity context for a user in a Service-Oriented Architecture. Methods and apparatus are provided that include receiving a request to invoke a web service, retrieving first security claims from application identity context information pertaining to a user, generating second security claims at runtime, packaging the first and second security claims into an authentication token, and transmitting the authentication token to a second computer system in a service request. The second computer system can be configured to extract the first and second security claims from the authentication token, validate the extracted first and second security claims, generate identity context information based upon the extracted first and second security claims, and publish and propagate the identity content information in an identity context object.
    Type: Grant
    Filed: June 1, 2012
    Date of Patent: February 24, 2015
    Assignee: Oracle International Corporation
    Inventors: Nickolas Kavantzas, Jiandong Guo, Pratibha Gupta
  • Patent number: 8966592
    Abstract: A computer-implemented technique is presented. The technique can include selectively initiating, at a mobile computing device including one or more processors, communication between the mobile computing device and a public computing device. The technique can include transmitting, from the mobile computing device, authentication information to the public computing device. The authentication information can indicate access privileges to a private account associated with a user of the mobile computing device. The technique can include receiving, at the mobile computing device, an access inquiry from the public computing device. The access inquiry can indicate an inquiry as to whether the user wishes to login to the private account at the public computing device. The technique can also include transmitting, from the mobile computing device, an access response to the public computing device. The access response can cause the public computing device to provide the user with access to the private account.
    Type: Grant
    Filed: March 1, 2013
    Date of Patent: February 24, 2015
    Assignee: Google Inc.
    Inventors: Sheridan Kates, Arnaud Sahuguet, Amir Menachem Mané, Jeremy Brand Sussman, Aaron Baeten Brown, Travis Harrison Kroll Green
  • Publication number: 20150052594
    Abstract: The disclosed embodiment relates to identity verification and identity management, and in particular, to methods and systems for identifying individuals, identifying users accessing one or more services over a network, determining member identity ratings, and based on member identity ratings that restrict access to identity rating-restricted services and certain user-to-user interactions. Further, the user experience in performing identity management is simplified and enhanced as disclosed herein.
    Type: Application
    Filed: September 26, 2014
    Publication date: February 19, 2015
    Applicant: SAFEFACES LLC
    Inventors: Jason J. Liberman, David Scott Trandal
  • Publication number: 20150052593
    Abstract: A capability is provided for securely transferring a file within network-based storage. A capability is provided for securely transferring a user file of a user from a first server to a second server. The first server may be associated with a first service provider and the second server may be associated with a second service provider. The secure transfer of a user file from the first server to the second server may be performed based on a One-Click File Transfer capability in which only a single click by the user is needed in order for the user file to be transferred. The secure transfer of a user file from the first server to the second server may be performed based on a Zero-Click File Transfer capability in which the user file may be transferred without any interaction by the user.
    Type: Application
    Filed: August 13, 2013
    Publication date: February 19, 2015
    Applicant: Alcatel-Lucent USA Inc.
    Inventors: Katherine H. Guo, Emina Soljanin, Thomas Woo
  • Publication number: 20150052592
    Abstract: Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.
    Type: Application
    Filed: September 26, 2014
    Publication date: February 19, 2015
    Applicant: Google Inc.
    Inventor: Ulfar Erlingsson
  • Patent number: 8959597
    Abstract: A method begins by a processing module outputting a registration request message that includes requesting access to a local dispersed storage network (DSN) and requesting access to a global DSN. The method continues with the processing module receiving a registration response message that includes a global universal unique identifier (UUID) and a local UUID. The method continues with the processing module generating a global public-private key pair and a local public-private key pair and generating a global certificate signing request (CSR) based on the global UUID and a private key of the global public-private key pair. The method continues with the processing module generating a local CSR based on the local UUID and a private key of the local public-private key pair, sending the global and local CSRs to a certificate authority (CA), and receiving a signed global certificate and a signed local certificate.
    Type: Grant
    Filed: May 11, 2011
    Date of Patent: February 17, 2015
    Assignee: Cleversafe, Inc.
    Inventors: Jason K. Resch, Gary W. Grube, Timothy W. Markison
  • Patent number: 8959634
    Abstract: Methods and systems reduce exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password. In one aspect, a method includes performing a search of network traffic based, at least in part, on a weak validation using a Bloom filter based on an organizational password file, determining the existence of a password in the network traffic based only on the weak validation, and determining whether to block, alert, or quarantine the network traffic based at least in part on the existence of the password in the network traffic.
    Type: Grant
    Filed: March 22, 2013
    Date of Patent: February 17, 2015
    Assignee: Websense, Inc.
    Inventor: Lidror Troyansky
  • Patent number: 8959606
    Abstract: A key updating method and system are provided. In the method, (1) a back-end authentication system receives a current dynamic password generated by a dynamic token and authenticates the current dynamic password, and if the authentication succeeds, generates key updating information and goes to (2); (2), the back-end authentication system generates a first updating key according to the key updating information and a first initial key stored therein and copies the first updating key to a buffer of the first initial key; the dynamic token obtains and authenticates the key updating information, and if the authentication succeeds, generates a second updating key according to the key updating information and a second initial key stored in the dynamic token and copies the second updating key to a buffer of the second initial key; or if authentication fails, quits the key updating. The solution avoids risk incurred by accidental key leakage.
    Type: Grant
    Filed: August 31, 2012
    Date of Patent: February 17, 2015
    Assignee: Feitian Technologies Co., Ltd.
    Inventors: Zhou Lu, Huazhang Yu
  • Patent number: 8959356
    Abstract: A storage controller and program product is provided for performing double authentication for controlling disruptive operations on storage resources generated by a system administrator. A first request is received from a first user for generation of a first key. A first key is generated, provided to the first user and associated with the storage resource. An input is received from the administrator, the input comprises a second key and a command for performing the disruptive operation. The second key and the first key are compared. It is verified that the administrator is authorized as an administrator of the storage resource. The disruptive operation is performed on the storage resource if the second key and the first key match and the administrator is authorized. Otherwise, the performance of the disruptive operation is denied.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: February 17, 2015
    Assignee: International Business Machines Corporation
    Inventors: Vincent Boucher, Sebastien Chabrolles, Benoit Granier, Arnaud Mante
  • Patent number: 8959605
    Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for asset lease management. The system receives, from a client device associated with a user profile, a lease start request for an asset for which the user profile is authorized. The system identifies a number of available slots for progressively downloading content. If the number of available slots is greater than zero, the system assigns an available slot from the number of available slots to the client device to yield an assigned slot. The system transmits security information, a lease key, and a lease duration associated with the assigned slot to the client device in response to the lease start request, wherein the security information and lease key allow the client device to start a progressive download of the asset for the lease duration. At the end of the lease, the system terminates the lease and releases the assigned slot.
    Type: Grant
    Filed: December 14, 2011
    Date of Patent: February 17, 2015
    Assignee: Apple Inc.
    Inventors: Justin J. Henzie, Amine El Kamel, William Luh, Augustin J. Farrugia
  • Patent number: 8959603
    Abstract: An authentication system by which character strings in squares are selected by a rule determined by a user out of a table in which character strings are assigned to obtain a one-time password. The user memorizes a rule of successively selecting three out of the positions of the squares in a table having five rows and five columns, for example. To each square (402) in the table (401) to be presented to the user, a randomly generated two-digit number is assigned. The table (401) is presented to the user, who arranges the numbers in the squares (402) on the basis of the user's own rule to generate a six-digit number used as a one-time password for authenticating the user. Therefore, the rule for obtaining a one-time password is easy for the user to memorize and a long one-time password can be obtained.
    Type: Grant
    Filed: January 9, 2009
    Date of Patent: February 17, 2015
    Inventor: Hideharu Ogawa
  • Patent number: 8959604
    Abstract: A client device is coupled with a server. The client device prompts a user to enter a number associated with a mobile device, which can be the client device, and generates data including a code. The code is typically hidden from the user when the code is generated and is saved on the client device. The client device transmits the number entered by the user and the code generated by the client device to the server, which sends a message, including the code, to the mobile device associated with the number. The client device prompts the user to enter the code included in the message. Validity of the number is based on one or more factors, including the accuracy of the code entered by the user. In addition, validity of the number can also be based on whether the second user input was entered within a predetermined time limit.
    Type: Grant
    Filed: November 25, 2011
    Date of Patent: February 17, 2015
    Assignee: Synchronoss Technologies, Inc.
    Inventor: Sumeet Sohan Singh
  • Patent number: 8959582
    Abstract: Certain embodiments of the present invention provide an archive management application that operates within a host application to provide access to an archive and/or allow access to and/or modification of files in an archive using the host application's interface, instead of operating as a separate standalone archive management application. In an embodiment of the present invention, a file archiving system may include a user interface component, a file management component and a compression/extraction engine component. The user interface component may include an enhanced user interface of a host application that provides an interface for a user. The file management component may include a central directory that provides a representation of the contents of an archive. The compression/extraction engine component may include a file size module and/or a security module. The security module may be used to encrypt, decrypt, digitally sign and/or authenticate a file in an archive.
    Type: Grant
    Filed: July 2, 2012
    Date of Patent: February 17, 2015
    Assignee: PKWARE, Inc.
    Inventors: James C. Peterson, Karen L. Peterson, Yuri Basin, Michael J. Beirne
  • Patent number: 8959596
    Abstract: A single passcode can be used for validation by a user of several entities in a system without compromising security. The source of the entity providing validation credentials, along with the passcode, is considered when determining validity. A one-time password system validates credentials if a validation credentials, such as a user's valid passcode and the source of the credentials, have not been used previously. In a one-time passcode system, a validation processor receives validation credentials from a client processor. If the client processor has not previously sent the validation credentials to the validation processor, and the credentials are valid, the validation processor will validate the credentials. Otherwise, the credentials are invalid. Other client processors can utilize the same passcode and their respective source identifiers, and as long as the other client processors have not previously utilized the credentials, the credentials are declared valid.
    Type: Grant
    Filed: June 15, 2006
    Date of Patent: February 17, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Nir Nice, Ron Mondri, Tomer Shiran, Boaz Ein-Gil