Management Patents (Class 726/6)
-
Publication number: 20150082400Abstract: An improved authentication method and system is provided where a user securely accesses a variety of target servers for online email, online banking, credit card purchases, ecommerce, brokerage services, corporate databases, and online content (movies, music and software). The method involves a bridge server performing authentication tasks that allow a user to access a server or a group of servers with multiple security levels. The method eliminates the need for the user to remember multiple usernames/passwords for each target server. The method also allows one bridge server and one set of security devices to be used to authenticate the user for multiple servers, thereby reducing security costs and increasing user convenience. A location-based password-ID generating device is also described for secure location-based access.Type: ApplicationFiled: November 25, 2014Publication date: March 19, 2015Inventors: Delaram Fakhrai, Mehran Moshfeghi
-
Patent number: 8984602Abstract: A processing device comprises a processor coupled to a memory and is configured to receive authentication information from a user, to generate a message authentication code based at least in part on the received authentication information, to generate a credential for a particular access control interval based at least in part on the message authentication code and an intermediate value of a hash chain, and to provide the credential to a user in order to allow the user to access a protected resource in the particular access control interval. The message authentication code may be generated over a message payload that includes a password provided by the user. The credential may comprise a combination of the message authentication code and the intermediate value of the hash chain.Type: GrantFiled: June 28, 2013Date of Patent: March 17, 2015Assignee: EMC CorporationInventors: Daniel V. Bailey, William M. Duane, Aaron Katz
-
Patent number: 8984283Abstract: Methods and apparatuses for validating the status of digital certificates include a relying party receiving at least one digital certificate and determining if the at least one digital certificate is to be validated against a private certificate status database. The relying party accesses the private certificate status database and cryptographically validates the authenticity of data in the private certificate status database. The relying party also validates the at least one digital certificate based on information in at least one of the private certificate status database and a public certificate status database.Type: GrantFiled: August 3, 2011Date of Patent: March 17, 2015Assignee: Motorola Solutions, Inc.Inventors: Erwin Himawan, Anthony R. Metke, Shanthi E. Thomas
-
Patent number: 8984600Abstract: A method for associating a web event with a member of a group of users is implemented at a first computing device. The method includes: receiving a data access request from a second computing device; determining whether the user has previously provided personal information and authorization to the first computing device through the second computing device; if the user's personal information and authorization are found: generating a record for the data access request; if the user's personal information is found but the user's authorization is not found: generating a record for the data access request; and if neither of the user's personal information and authorization is found: identifying one or more user identifiers that are associated with the second computing device; and returning personal information associated with the one or more user identifiers to the second computing device.Type: GrantFiled: October 25, 2012Date of Patent: March 17, 2015Assignee: Google Inc.Inventor: Simon Michael Rowe
-
Patent number: 8984583Abstract: A computer-implemented method for compliance with a privacy requirement. The method comprises analyzing, using one or more processors, an access log related to a history of users accessing records; deriving a plurality of roles assigned to the users and a plurality of accesses reflecting actions taken by the users; and deriving from the access log a mapped log comprising a plurality of mapping records including a plurality of mapped role-access pairs. The method further comprises generating, using the one or more processors, a reduced log including a plurality of reduced records comprising a mapped role-access pair and statistics that are associated with the mapped role-access pair, the statistics being derived from a subset of the mapping records that include the mapped role-access pair; and deriving an access policy based on the reduced log, wherein the access policy includes a plurality of proposed role-access pairs.Type: GrantFiled: March 13, 2013Date of Patent: March 17, 2015Assignee: Accenture Global Services LimitedInventors: Rafae Bhatti, Paul D. Martin
-
Patent number: 8984599Abstract: A method and apparatus for generating a password in real time by creating at least one password map during creation of an account associated with a user, and generating and providing a random password hint sequence grid to the user in real time, authenticating the user for accessing the account using a password created by the user, where the password is created by the user using the random password hint sequence grid and the at least one password map.Type: GrantFiled: January 27, 2012Date of Patent: March 17, 2015Assignee: Samsung Electronics Co., Ltd.Inventor: Vikram Bodavula
-
Patent number: 8984601Abstract: A platform of Trust Management software which is a single, customizable, complete distributed computing security solution designed to be integrated into an enterprise computing environment. Digital Network Authentication (DNA) is the centerpiece of the system of the present invention. It is a unique means to authenticate the identity of a communicating party and authorize its activity. The whole mechanism can be thought of as a trusted third party providing assurances to both clients and servers that each communicating entity is a discrete, authenticated entity with clearly defined privileges and supporting data. Furthermore, the level of trust to be placed in the authorization of every entity communicating within the system is communicated to every entity within a distributed computing environment.Type: GrantFiled: January 22, 2013Date of Patent: March 17, 2015Inventor: Gerard A. Gagliano
-
Publication number: 20150074776Abstract: Techniques for electronic signature process management are described. Some embodiments provide an electronic signature service (“ESS”) configured to manage electronic identity cards. In some embodiments, the ESS generates and manages an electronic identity card for a user, based on personal information of the user, activity information related to the user's actions with respect to the ESS, and/or social networking information related to the user. The electronic identity card of a signer may be associated with an electronic document signed via the ESS, so that users may obtain information about the signer of the document. Electronic identity cards managed by the ESS may also be shared or included in other contexts, such as via a user's profile page on a social network, a user's email signature, or the like.Type: ApplicationFiled: November 10, 2014Publication date: March 12, 2015Inventors: Thomas H. Gonser, Donald G. Peterson, Douglas P. Rybacki
-
Patent number: 8978116Abstract: Method for monitoring an online identity of a user on a network is described. In one example, data exchanged between a browser client on a device associated with the user and the network is monitored. Creation or use of an online identity by the user is detected within the data. The online identity is associated with a host site. The host site may be any of a plurality of point of presence sites. A notification of the online identity is generated for presentation to a custodian of the user. The notification may then be sent to the custodian.Type: GrantFiled: March 30, 2007Date of Patent: March 10, 2015Assignee: Symantec CorporationInventors: Michael Spertus, Robert Walters, Gerry Egan
-
Patent number: 8977854Abstract: Automatic identification and authentication of a user of a mobile application entails receiving from the wireless communications device a unique device identifier and an e-mail address corresponding to the wireless communications device, associating a registration identifier with the unique device identifier and the e-mail address, generating an authentication token, and communicating the authentication token and the registration identifier to the wireless communications device.Type: GrantFiled: November 20, 2013Date of Patent: March 10, 2015Assignee: BlackBerry LimitedInventors: Dalsu Lee, Kateryna Khvan, Ken Kwok Wai Lo, Andreea Livia Manolescu, Michael Hin Kai Hung
-
Patent number: 8978112Abstract: Systems and methods for controlling communication systems for the hearing impaired are disclosed. A portable communication device requests control over a plurality of communication devices. The portable communication device connects to and controls the plurality of communication devices. The portable communication device includes a user interface that enables a user to transfer a call from a first communication device to a second communication device.Type: GrantFiled: March 14, 2013Date of Patent: March 10, 2015Assignee: Sorenson Communications, Inc.Inventors: Scot L. Brooksby, Trevor Wagner, Tara Ault, Bradley Grimm, Jennifer Harris
-
Patent number: 8978102Abstract: Methods, devices, and systems are disclosed for simulating a large, realistic computer network. Virtual actors statistically emulate the behaviors of humans using networked devices or responses and automatic functions of networked equipment, and their stochastic actions are queued in buffer pools by a behavioral engine. An abstract machine engine creates the minimal interfaces needed for each actor, and the interfaces then communicate persistently over a network with each other and real and virtual network resources to form realistic network traffic. The network can respond to outside stimuli, such as a network mapping application, by responding with false views of the network in order to spoof hackers, and the actors can respond by altering a software defined network upon which they operate.Type: GrantFiled: March 15, 2013Date of Patent: March 10, 2015Assignee: Shadow Networks, Inc.Inventors: Chad O. Hughes, Steven M. Silva
-
Patent number: 8978114Abstract: A recommendation engine for identity management is disclosed. A data store including an identity management access database is provided. Suggested access entitlement operations for potential identities of a listing of identities on which to perform access entitlement operations are generated. Suggested access entitlement operations for the potential identities of the listing of identities on which to perform access entitlement operations are offered through a user interface.Type: GrantFiled: March 11, 2013Date of Patent: March 10, 2015Inventors: Nishant Kaushik, Matthew David Crumb
-
Publication number: 20150067796Abstract: The present invention provides a mechanism to activate an original object (12S) so that statistical objects (14S) generated from the original object can be recognized using statistical object identification. An object activation agent (48) with a clock (47) and at least one original object (12S) communicates the original object (12S) and time from the clock (47) to an object activation service (50). The object activation service (50) provides and communicates keying information (61) and expiration criterion (63) for at least one of said original objects (12S) back to the object activation agent (48).Type: ApplicationFiled: August 27, 2013Publication date: March 5, 2015Applicant: BlackRidge Technology Holdings, Inc.Inventors: John William Hayes, Christopher Luis Hamlin, Charles Andrew Gram
-
Publication number: 20150067801Abstract: A communications device provides a biometric reader to authenticate users onto the communications device based on a single biometric input. The communications device maintains a local copy of the strong authentication credentials, such as a user identification and password, and the biometrics which were previously input by users of the communications device. Then, rather than requiring re-entry of the strong authentication credentials to authenticate (or re-authenticate) these users onto the communications device, the communications device is able to authenticate the users based on the input of the appropriate biometric. When a biometric input is received, the communications device identifies the locally stored strong authentication credentials that is associated with the input biometric, and uses the locally stored strong authentication credentials to authenticate the user.Type: ApplicationFiled: November 7, 2014Publication date: March 5, 2015Inventor: Gurdeep S. Pall
-
Publication number: 20150067797Abstract: A certification application automatically generates a certification document associated with a service. A transformation module retrieves a component information associated with a status of a service from a data store maintaining the component information. The component security data and component metadata is included within the component information. The component information is transformed for insertion into a certification information. Risk analysis, phraseology, and localization data is used to transform the component information. The certification document is generated based on the certification template by inserting the component information into the certification template.Type: ApplicationFiled: September 3, 2013Publication date: March 5, 2015Applicant: Microsoft CorporationInventors: David Nunez Tejerina, Steven Bowles
-
Publication number: 20150067800Abstract: An information processing apparatus capable of receiving an authentication request in accordance with a protocol of a plurality of protocols and a method of controlling the same are provided. The information processing apparatus stores a user identifier and a password for each user and a calculation method for each protocol, and when the apparatus receives an authentication request including authentication data from a remote computer in accordance with a protocol of the plurality of protocols, the apparatus obtains stored password corresponding to the authentication data which is included in the authentication request, obtains, stored calculation method corresponding to the protocol, converts the obtained password into a hash in accordance with the obtained calculation method, and verifies the authentication data with the hash.Type: ApplicationFiled: August 28, 2014Publication date: March 5, 2015Inventor: Yasuhiro Hosoda
-
Publication number: 20150067798Abstract: A one time password (OTP) associated with a client device, and a padding rule, of a plurality of possible padding rules, associated with the client device may be determined. A padded OTP that include the OTP and additional data may be formed based on the padding rule. The padding rule may be associated with at least one of a position of the OTP within the padded OTP, a characteristic of the additional data, or a characteristic of the padded OTP. The padded OTP may be provided to the client device. A selection of a portion of the padded OTP may be received from the client device, and the client device may be authenticated when the selected portion of the padded OTP corresponds to the OTP. If the selected portion of the padded OTP does not correspond to the OTP, other actions may be performed based on the selected portion.Type: ApplicationFiled: September 5, 2013Publication date: March 5, 2015Applicant: Verizon Patent and Licensing Inc.Inventors: Jonathan McCown, Paul V. Hubner, Steven T. Archer, Paul Hubbard
-
Publication number: 20150067799Abstract: An electronic password generating method, an electronic password generating apparatus and an electronic password authentication system are provided. The electronic password generating method includes steps of: prompting a user to input a challenge code by a prompting information, wherein the prompting information is an information containing a meaning represented by the challenge code to be input, the prompting information at least comprises a first prompting information and a second prompting information, and the challenge code at least comprises a first information of the challenge code and a second information of the challenge code; receiving the challenge code input by the user; and generating a dynamic electronic password according to the input challenge code and a current time parameter.Type: ApplicationFiled: April 11, 2013Publication date: March 5, 2015Applicant: TENDYRON CORPORATIONInventor: Dongsheng Li
-
Patent number: 8973117Abstract: Various methods and systems for propagating identity information in a composite application are presented. State data of a composite application, as executed for a particular entity, may be transferred to and stored by a computer-readable storage medium. The state data may include a portion of a set of subject information linked with the entity. A security attribute of the subject may not be present in the portion of the set of subject information in the state data transferred to the non-transitory computer-readable storage medium. After a period of time, such as an hour or a day, the state data of the composite application as executed for the entity may be retrieved and the security attribute of the set of subject information linked with the entity may be determined The composite application may then continue to be executed for the entity.Type: GrantFiled: December 13, 2013Date of Patent: March 3, 2015Assignee: Oracle International CorporationInventors: Nickolas Kavantzas, Prakash Yamuna
-
Patent number: 8973116Abstract: A password evaluation system is provided for determining the password strength of a password. A password is provided for evaluation. The password is parsed and substrings are identified from the password. Each substring is associated with a pattern that can generate the substring. The substrings are scored to determine a substring strength measure for the substring. The substrings are combined to identify non-overlapping substring combinations, which together make up the password. The combinations are assigned a combination strength score based in part on the substring strength of the substrings contained in the substring combinations. The substring combination with the lowest combination strength measure is identified and the associated combination strength measure is used as the password strength measure for the password.Type: GrantFiled: December 19, 2012Date of Patent: March 3, 2015Assignee: Dropbox, Inc.Inventor: Dan Lowe Wheeler
-
Patent number: 8973114Abstract: A method including generating a first and second One Time Password (OTP) token from a shared clock, receiving a third OTP token, and comparing the second and the third OTP tokens. A system including a number generator residing on a first server to generate first and second One Time Password (OTP) tokens from a shared clock, a transmitter residing on the first server to transmit the first and the second OTP tokens, a receiver residing on a second server to receive the first, the second, and a third OTP tokens, and a comparator residing on the second server to compare the second and the third OTP tokens to authenticate an identity of a party who generates the third OTP token.Type: GrantFiled: September 14, 2012Date of Patent: March 3, 2015Assignee: eBay, Inc.Inventor: Christopher Jurgen von Krogh
-
Patent number: 8973115Abstract: An automated system and method for assembling and analyzing a candidate application to determine a type of credential in a professional credentialing area for the candidate is provided. The automated system may facilitate the receipt of application materials from various sources and may enable review and appraisal of the application by multiple parties. The application may be tailored to a specific type of requested credential.Type: GrantFiled: October 4, 2012Date of Patent: March 3, 2015Assignee: American Nurses Credentialing CenterInventors: Karen Neil Drenkard, Ellen Swartwout, Marianne Horahan, Nancy Jo Robert, David Paulson, Vicki Ann Lundmark, Patricia Rose Deyo, Stephanie Lida Ferguson, Diane Lynn Thompkins, Christine Depascale
-
Patent number: 8973107Abstract: The invention described herein provides a method and system for foiling a keylogger by creating a custom keyboard driver and passing the keystrokes directly to the browser in an encrypted format. The browser (which is used to access the Internet) has a component that decrypts the keystroke before it is sent to the website. Thus the present invention enables the user to go to any website and enter sensitive information (passwords, credit card numbers, etc.) without the keystrokes being intercepted by Keyloggers. In general terms, the invention described herein provides a method and system for (1) modifying the keyboard driver, (2) encrypting the keystrokes between the keyboard driver and the browser, and (3) notifying the user if the invention has been compromised.Type: GrantFiled: May 16, 2014Date of Patent: March 3, 2015Assignee: StrikeForce Technologies, Inc.Inventor: Ram Pemmaraju
-
Patent number: 8973111Abstract: A method for secure electronic transaction over a computer network, comprising: at a trusted relationship profile server computer: storing a unique identity of a trusted computing unit; generating a confirmation message regarding the unique identity of the trusted computing unit in response to a request from the trusted computing unit; at a security proxy server computer: storing real credentials and local credentials of a customer in a secure vault; receiving the confirmation message and permitting a login process to be performed with the security proxy server using the local credentials, provided the confirmation message is valid; and replacing the local credentials submitted in the login process with the real credentials. A corresponding system for secure electronic transactions is also provided.Type: GrantFiled: June 8, 2013Date of Patent: March 3, 2015Assignee: Inbay Technologies Inc.Inventors: Randy Kuang, Stanislus Kisito Xavier, David Michael Mann
-
Patent number: 8973113Abstract: A method for automatically resetting a password is described. A failed login attempt in a system is identified. A failed login condition is determined to be satisfied. A user is prompted about resetting a password if the failed login condition is satisfied. A new password is generated based on user input. The new password is sent to the user via voicemail or email.Type: GrantFiled: April 15, 2010Date of Patent: March 3, 2015Assignee: Crimson CorporationInventor: David A. Eatough
-
Patent number: 8972508Abstract: A computer-implemented method for managing email configuration may include receiving a first email message from a first device, identifying device-type information in the first email message, identifying a second email message addressed to the first email address, and using the device-type information to select email-configuration information for the second email. The method may further include reformatting a body of the second email based on the email-configuration information, removing an attachment to the second email in response to the email-configuration information, providing a user with the email-configuration information for the second email message, and associating the device-type information with the first email address. A computer-implemented method for including email-configuration information in an email may involve identifying a first email message from a first user, including email-configuration information in the first email message, and sending the first email message to a first recipient.Type: GrantFiled: July 6, 2012Date of Patent: March 3, 2015Assignee: Symantec CorporationInventors: Timothy G. Brown, Brian Hernacki
-
Patent number: 8973112Abstract: A system and method for providing a normalized security list including a first module configured to generate a first normalized security list of user identifications within a network and a second module configured to generate a second normalized security list of user identifications within the network. The system and method may also include an equalizer module configured to compare the first normalized security list with the second normalized security list, equalize the first normalized security list based on the second normalized security list, and equalize the second normalized security list based on the first security list. The system and method may also include a processing module configured to perform an audit of user identifications within the network by processing the first equalized normalized security list and the second equalized normalized security list and generating audit results based on the processing.Type: GrantFiled: January 9, 2009Date of Patent: March 3, 2015Assignee: Verizon Patent and Licensing Inc.Inventor: Paul Michael Golobay
-
Publication number: 20150058940Abstract: Implementations of the present disclosure provide systems and methods for automatically preloading data pertaining to credentials determined to be likely to be used during a particular time interval into a memory utilized by a credential emulator. The systems and methods described herein contemplate identifying a particular time interval by identifying events that may designate the beginning and end of that particular time interval, identifying contextual information relevant to the client device or a user account affiliated with the client device during the time interval, identifying a set of credentials available for loading into the memory utilized by the credential emulator, determining from the set of credentials, a subset composed of individual credentials that are likely to be used during the time interval, and loading data pertaining to individual credentials in the subset into the memory utilized by the emulator.Type: ApplicationFiled: August 20, 2013Publication date: February 26, 2015Applicant: Google Inc.Inventors: Austin Robison, Ben Poiesz, Melissa Frank
-
Publication number: 20150058941Abstract: A device may collect environmental information surrounding the device. Based on the collected environmental information, the device may automatically identify a potentially secured location that has lower security risk. When a potentially secured location is identified, the device may prompt the user to setup a security profile having reduced security requirement for the secured location. The device may store and associate the security profile with the secured location. The device may activate the security profile with reduced security requirement when the device is in the secured area. Further, the security profile may require that certain features of the device be disabled when the device is in the secured location.Type: ApplicationFiled: August 20, 2013Publication date: February 26, 2015Inventors: Nate L. Lyman, Roy L. Camp, Eric J. Farraro, John R. Tapley
-
Publication number: 20150058942Abstract: A method of operation includes detecting that a wearable device is being worn, receiving a certificate from a primary device over a secure wireless link where the wearable device is paired to the primary device using the secure wireless link, storing the certificate in memory of the wearable device, and sending the certificate, over the secure wireless link, to the primary device to unlock the primary device. The method may further include detecting that the wearable device is no longer being worn, and eradicating the certificate from memory of the wearable device in response to detecting that the wearable device is no longer being worn. In some embodiments, the method may also include detecting that the secure wireless link is disconnected, and eradicating the certificate from memory of the wearable device in response to detecting that the secure wireless link is disconnected. The present disclosure also provides a wearable device.Type: ApplicationFiled: August 22, 2013Publication date: February 26, 2015Applicant: Motorola Mobility LLCInventor: Francois M. Dermu
-
Publication number: 20150058943Abstract: Provided is an information processing device including a program execution unit that loads, interprets, and executes a computer program code created by a first procedural language. The program execution unit opens a communication channel in response to a communication connection request from an external unit, and returns to each communication channel a result for a processing request sent from an external unit on the opened communication channel.Type: ApplicationFiled: March 14, 2013Publication date: February 26, 2015Applicant: Sony CorporationInventor: Tadashi Morita
-
Patent number: 8966599Abstract: Approaches are described for automatically generating new security credentials, such as security tokens, which can involve automatically re-authenticating a user (or client device) using a previous security token issued to that user (or device). The re-authentication can happen without any knowledge and/or action on the part of the user. The re-authentication mechanism can invalidate and/or keep track of the previous security token, such that when a subsequent request is received that includes the previous security token, the new security token can be invalidated, and the user caused to re-authenticate, as receiving more than one request with the previous security token can be indicative that the user's token might have been stolen.Type: GrantFiled: March 14, 2013Date of Patent: February 24, 2015Assignee: Amazon Technologies, Inc.Inventors: Maximilian Francis Barrows, Paul Francis Dean Ferraro, Jason George Mchugh, Abraham Martin Passaglia, Andrew Jay Roths, Eric Allan Shell
-
Patent number: 8966598Abstract: A group video messaging method stores user information identifying authorized users of a video messaging system, and provides a user interface to the video messaging system. The user interface permits authorized users to transfer video files to the video messaging system for storage and retrieval, and to identify criteria for other authorized users to access each transferred video file. The method also stores in the video messaging system the video files transferred to the system by the authorized users; stores information identifying the user that transferred each stored video file to the video messaging system, and the criteria for authorized users to access the stored video files; and stores information identifying different groups of the authorized users and which of the stored video files are to be accessible to each of the authorized users or authorized user groups.Type: GrantFiled: March 14, 2013Date of Patent: February 24, 2015Assignee: LiveQoS Inc.Inventors: Ryan Brink, Pranay Kumar, Gregory Flatt, Desmond McNamee
-
Patent number: 8966570Abstract: Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.Type: GrantFiled: March 22, 2012Date of Patent: February 24, 2015Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Nathan R. Fitch, Kevin Ross O'Neill, Graeme D. Baer, Bradley Jeffery Behm, Brian Irl Pratt
-
Patent number: 8963952Abstract: A display control system includes: a display information acquisition section that acquires display information by using given account information; and a corrected display information creation section that, based on first display information acquired by the display information acquisition section using first account information and second display information acquired by the display information acquisition section using second account information different from the first account information, determines whether the display contents shown by the first display information are included in display contents shown by the second display information or not, selects part or all of the display contents shown by the first display information in accordance with a result of the determination, and creates corrected display information which includes the selected part of the display contents shown by the first display information.Type: GrantFiled: July 12, 2010Date of Patent: February 24, 2015Assignee: Fuji Xerox Co., Ltd.Inventor: Yuki Nakamori
-
Patent number: 8966572Abstract: Techniques are provided for dynamically propagating identity context for a user in a Service-Oriented Architecture. Methods and apparatus are provided that include receiving a request to invoke a web service, retrieving first security claims from application identity context information pertaining to a user, generating second security claims at runtime, packaging the first and second security claims into an authentication token, and transmitting the authentication token to a second computer system in a service request. The second computer system can be configured to extract the first and second security claims from the authentication token, validate the extracted first and second security claims, generate identity context information based upon the extracted first and second security claims, and publish and propagate the identity content information in an identity context object.Type: GrantFiled: June 1, 2012Date of Patent: February 24, 2015Assignee: Oracle International CorporationInventors: Nickolas Kavantzas, Jiandong Guo, Pratibha Gupta
-
Patent number: 8966592Abstract: A computer-implemented technique is presented. The technique can include selectively initiating, at a mobile computing device including one or more processors, communication between the mobile computing device and a public computing device. The technique can include transmitting, from the mobile computing device, authentication information to the public computing device. The authentication information can indicate access privileges to a private account associated with a user of the mobile computing device. The technique can include receiving, at the mobile computing device, an access inquiry from the public computing device. The access inquiry can indicate an inquiry as to whether the user wishes to login to the private account at the public computing device. The technique can also include transmitting, from the mobile computing device, an access response to the public computing device. The access response can cause the public computing device to provide the user with access to the private account.Type: GrantFiled: March 1, 2013Date of Patent: February 24, 2015Assignee: Google Inc.Inventors: Sheridan Kates, Arnaud Sahuguet, Amir Menachem Mané, Jeremy Brand Sussman, Aaron Baeten Brown, Travis Harrison Kroll Green
-
Publication number: 20150052594Abstract: The disclosed embodiment relates to identity verification and identity management, and in particular, to methods and systems for identifying individuals, identifying users accessing one or more services over a network, determining member identity ratings, and based on member identity ratings that restrict access to identity rating-restricted services and certain user-to-user interactions. Further, the user experience in performing identity management is simplified and enhanced as disclosed herein.Type: ApplicationFiled: September 26, 2014Publication date: February 19, 2015Applicant: SAFEFACES LLCInventors: Jason J. Liberman, David Scott Trandal
-
Publication number: 20150052593Abstract: A capability is provided for securely transferring a file within network-based storage. A capability is provided for securely transferring a user file of a user from a first server to a second server. The first server may be associated with a first service provider and the second server may be associated with a second service provider. The secure transfer of a user file from the first server to the second server may be performed based on a One-Click File Transfer capability in which only a single click by the user is needed in order for the user file to be transferred. The secure transfer of a user file from the first server to the second server may be performed based on a Zero-Click File Transfer capability in which the user file may be transferred without any interaction by the user.Type: ApplicationFiled: August 13, 2013Publication date: February 19, 2015Applicant: Alcatel-Lucent USA Inc.Inventors: Katherine H. Guo, Emina Soljanin, Thomas Woo
-
Publication number: 20150052592Abstract: Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.Type: ApplicationFiled: September 26, 2014Publication date: February 19, 2015Applicant: Google Inc.Inventor: Ulfar Erlingsson
-
Patent number: 8959597Abstract: A method begins by a processing module outputting a registration request message that includes requesting access to a local dispersed storage network (DSN) and requesting access to a global DSN. The method continues with the processing module receiving a registration response message that includes a global universal unique identifier (UUID) and a local UUID. The method continues with the processing module generating a global public-private key pair and a local public-private key pair and generating a global certificate signing request (CSR) based on the global UUID and a private key of the global public-private key pair. The method continues with the processing module generating a local CSR based on the local UUID and a private key of the local public-private key pair, sending the global and local CSRs to a certificate authority (CA), and receiving a signed global certificate and a signed local certificate.Type: GrantFiled: May 11, 2011Date of Patent: February 17, 2015Assignee: Cleversafe, Inc.Inventors: Jason K. Resch, Gary W. Grube, Timothy W. Markison
-
Patent number: 8959634Abstract: Methods and systems reduce exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password. In one aspect, a method includes performing a search of network traffic based, at least in part, on a weak validation using a Bloom filter based on an organizational password file, determining the existence of a password in the network traffic based only on the weak validation, and determining whether to block, alert, or quarantine the network traffic based at least in part on the existence of the password in the network traffic.Type: GrantFiled: March 22, 2013Date of Patent: February 17, 2015Assignee: Websense, Inc.Inventor: Lidror Troyansky
-
Patent number: 8959606Abstract: A key updating method and system are provided. In the method, (1) a back-end authentication system receives a current dynamic password generated by a dynamic token and authenticates the current dynamic password, and if the authentication succeeds, generates key updating information and goes to (2); (2), the back-end authentication system generates a first updating key according to the key updating information and a first initial key stored therein and copies the first updating key to a buffer of the first initial key; the dynamic token obtains and authenticates the key updating information, and if the authentication succeeds, generates a second updating key according to the key updating information and a second initial key stored in the dynamic token and copies the second updating key to a buffer of the second initial key; or if authentication fails, quits the key updating. The solution avoids risk incurred by accidental key leakage.Type: GrantFiled: August 31, 2012Date of Patent: February 17, 2015Assignee: Feitian Technologies Co., Ltd.Inventors: Zhou Lu, Huazhang Yu
-
Patent number: 8959356Abstract: A storage controller and program product is provided for performing double authentication for controlling disruptive operations on storage resources generated by a system administrator. A first request is received from a first user for generation of a first key. A first key is generated, provided to the first user and associated with the storage resource. An input is received from the administrator, the input comprises a second key and a command for performing the disruptive operation. The second key and the first key are compared. It is verified that the administrator is authorized as an administrator of the storage resource. The disruptive operation is performed on the storage resource if the second key and the first key match and the administrator is authorized. Otherwise, the performance of the disruptive operation is denied.Type: GrantFiled: March 15, 2013Date of Patent: February 17, 2015Assignee: International Business Machines CorporationInventors: Vincent Boucher, Sebastien Chabrolles, Benoit Granier, Arnaud Mante
-
Patent number: 8959605Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for asset lease management. The system receives, from a client device associated with a user profile, a lease start request for an asset for which the user profile is authorized. The system identifies a number of available slots for progressively downloading content. If the number of available slots is greater than zero, the system assigns an available slot from the number of available slots to the client device to yield an assigned slot. The system transmits security information, a lease key, and a lease duration associated with the assigned slot to the client device in response to the lease start request, wherein the security information and lease key allow the client device to start a progressive download of the asset for the lease duration. At the end of the lease, the system terminates the lease and releases the assigned slot.Type: GrantFiled: December 14, 2011Date of Patent: February 17, 2015Assignee: Apple Inc.Inventors: Justin J. Henzie, Amine El Kamel, William Luh, Augustin J. Farrugia
-
Patent number: 8959603Abstract: An authentication system by which character strings in squares are selected by a rule determined by a user out of a table in which character strings are assigned to obtain a one-time password. The user memorizes a rule of successively selecting three out of the positions of the squares in a table having five rows and five columns, for example. To each square (402) in the table (401) to be presented to the user, a randomly generated two-digit number is assigned. The table (401) is presented to the user, who arranges the numbers in the squares (402) on the basis of the user's own rule to generate a six-digit number used as a one-time password for authenticating the user. Therefore, the rule for obtaining a one-time password is easy for the user to memorize and a long one-time password can be obtained.Type: GrantFiled: January 9, 2009Date of Patent: February 17, 2015Inventor: Hideharu Ogawa
-
Patent number: 8959604Abstract: A client device is coupled with a server. The client device prompts a user to enter a number associated with a mobile device, which can be the client device, and generates data including a code. The code is typically hidden from the user when the code is generated and is saved on the client device. The client device transmits the number entered by the user and the code generated by the client device to the server, which sends a message, including the code, to the mobile device associated with the number. The client device prompts the user to enter the code included in the message. Validity of the number is based on one or more factors, including the accuracy of the code entered by the user. In addition, validity of the number can also be based on whether the second user input was entered within a predetermined time limit.Type: GrantFiled: November 25, 2011Date of Patent: February 17, 2015Assignee: Synchronoss Technologies, Inc.Inventor: Sumeet Sohan Singh
-
Patent number: 8959582Abstract: Certain embodiments of the present invention provide an archive management application that operates within a host application to provide access to an archive and/or allow access to and/or modification of files in an archive using the host application's interface, instead of operating as a separate standalone archive management application. In an embodiment of the present invention, a file archiving system may include a user interface component, a file management component and a compression/extraction engine component. The user interface component may include an enhanced user interface of a host application that provides an interface for a user. The file management component may include a central directory that provides a representation of the contents of an archive. The compression/extraction engine component may include a file size module and/or a security module. The security module may be used to encrypt, decrypt, digitally sign and/or authenticate a file in an archive.Type: GrantFiled: July 2, 2012Date of Patent: February 17, 2015Assignee: PKWARE, Inc.Inventors: James C. Peterson, Karen L. Peterson, Yuri Basin, Michael J. Beirne
-
Patent number: 8959596Abstract: A single passcode can be used for validation by a user of several entities in a system without compromising security. The source of the entity providing validation credentials, along with the passcode, is considered when determining validity. A one-time password system validates credentials if a validation credentials, such as a user's valid passcode and the source of the credentials, have not been used previously. In a one-time passcode system, a validation processor receives validation credentials from a client processor. If the client processor has not previously sent the validation credentials to the validation processor, and the credentials are valid, the validation processor will validate the credentials. Otherwise, the credentials are invalid. Other client processors can utilize the same passcode and their respective source identifiers, and as long as the other client processors have not previously utilized the credentials, the credentials are declared valid.Type: GrantFiled: June 15, 2006Date of Patent: February 17, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Nir Nice, Ron Mondri, Tomer Shiran, Boaz Ein-Gil