Management Patents (Class 726/6)
-
Publication number: 20140325624Abstract: A projector system of the present invention includes a projector 10 and a personal computer PC as an information terminal, which communicate with each other via a network connection. The projector 10 generates a password required for establishment of the network connection and projects the password on a screen SC. A user of the personal computer PC inputs the password projected on the screen SC. The password is used for authentication of the network connection between the projector 10 and the personal computer PC and cipher communication therebetween. This arrangement of the present invention enhances the convenience of the projector that is capable of establishing a network connection with the information terminal, while ensuring secrecy of communicating data.Type: ApplicationFiled: July 7, 2014Publication date: October 30, 2014Applicant: SEIKO EPSON CORPORATIONInventor: Shinji KUBOTA
-
Publication number: 20140325622Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.Type: ApplicationFiled: April 30, 2013Publication date: October 30, 2014Applicant: Microsoft CorporationInventor: Microsoft Corporation
-
Publication number: 20140325626Abstract: A method and system for securing a user transaction involving a subscriber unit (“SU”) (having a processor, memory, and a display configured to accept user input), a credential information manager (“CIM”) (having a processor and memory), and a transaction service provider (“TSP”) (having a processor and memory). A cyber identifier (“CyberID”), a subscriber identifier (“SubscriberID”), and subscriber information, each associated with the user, is stored in the CIM. A transaction request is sent from the SU to the TSP, which creates a transaction identifier (“TID”), stores it in the TSP memory and transmits it to the SU. The SU transmits an authentication request, the TID, and SubscriberID to the CIM, which authenticates the SubscriberID and verifies the TID to the TSP. The TSP verifies the TID and reports it to the CIM, which transmits the CyberID and subscriber information to the TSP, and transmits a transaction authorization to the SU.Type: ApplicationFiled: July 9, 2014Publication date: October 30, 2014Inventors: Yang Lit Fang, Ryan Nacion Trinidad
-
Publication number: 20140325625Abstract: A new identification (ID) technology comprising unified and standardized object identification within Cyber Space is disclosed based upon intrinsic properties of the entity to be identified. This Cyber Gene ID (or Cyber ID) technology extracts intrinsic information from either the physical users or their cyberspace counterparts, and such information is categorized into client parameters, dynamic parameters, static parameters, cloud parameters, connection parameters and user parameters.Type: ApplicationFiled: July 8, 2014Publication date: October 30, 2014Inventors: Nanjie Liu, Jun Sun, Haitao Zhao, Chengjie Gu, Dapeng Li
-
Patent number: 8874768Abstract: Methods for providing for secure communications across data networks, including untrusted networks. In one embodiment, the method comprises establishing security associations between devices on the network using a digital certificate and key exchange protocol. In one variant, the digital certificate comprises a public encryption key; the recipient of the certificate authenticates the sender using at least the signature, and then generates a cryptographic element (e.g., key), and initialization vector. The key is encrypted and sent back to the originator, where it is decrypted and used to encrypt datagrams sent between the devices. The initialization vector may be used to initialize the encryption algorithm on the receiving device.Type: GrantFiled: December 10, 2010Date of Patent: October 28, 2014Assignee: Round Rocks Research, LLCInventors: James M Holden, Stephen E Levin, James O Nickel, Edwin H Wrench
-
Patent number: 8874903Abstract: A network device, connectable with a service providing server and an authentication sever via a network, includes an acquisition information storage storing acquisition information for acquiring a certificate corresponding to each of services the service providing server provides, a certificate storage storing certificates acquired from the authentication server, a determining unit that, in response to acceptance of a request for utilizing a service, determines whether a certificate necessary for utilizing the requested service is stored in the certificate storage, and a controller that, when the necessary certificate is not stored, reads out acquisition information for the necessary certificate from the acquisition information storage, makes a certificate acquiring unit acquire the necessary certificate from the authentication server using the acquisition information, and stores the necessary certificate into the certificate storage.Type: GrantFiled: October 30, 2009Date of Patent: October 28, 2014Assignee: Brother Kogyo Kabushiki KaishaInventor: Yasuhiro Kudo
-
Patent number: 8875266Abstract: A virtualization system supports secure, controlled execution of application programs within virtual machines. The virtual machine encapsulates a virtual hardware platform and guest operating system executable with respect to the virtual hardware platform to provide a program execution space within the virtual machine. An application program, requiring license control data to enable execution of the application program, is provided within the program execution space for execution within the virtual machine. A data store providing storage of encrypted policy control information and the license control data is provided external to the virtual machine. The data store is accessed through a virtualization system including a policy controller that is selectively responsive to a request received from the virtual machine to retrieve the license control data dependent on an evaluation of the encrypted policy control information.Type: GrantFiled: May 16, 2008Date of Patent: October 28, 2014Assignee: VMware, Inc.Inventors: Benjamin A. Chambers, Matthew D. Ginzton
-
Patent number: 8875236Abstract: Disclosed is a method including allowing an application server to request setup of a session on behalf of a user terminal, and using mechanisms of a generic peer authentication procedure for procedure for enabling authentication of the application server to an interrogating server, the interrogating server being a network element that is configured to process said request to setup a session on behalf of a user terminal. Also disclosed are related devices, systems and computer programs.Type: GrantFiled: June 11, 2007Date of Patent: October 28, 2014Assignee: Nokia CorporationInventors: Silke Holtmanns, Tiina S. Koskinen
-
Patent number: 8875263Abstract: A technique controls a soft token running within an electronic apparatus. The technique involves providing an initial series of authentication codes based on a first set of machine states. The initial series of authentication codes is provided from the electronic apparatus to a server through a forward channel to authenticate a user. The technique further involves receiving a command from the server through a reverse channel between the electronic apparatus and the server. The reverse channel provides communications in a direction opposite to that of the forward channel. The technique further involves changing the first set of machine states to a second set of machine states in response to the command, and providing a new series of authentication codes based on the second set of machine states. The new series of authentication codes is provided from the electronic apparatus to the server through the forward channel for user authentication.Type: GrantFiled: March 29, 2012Date of Patent: October 28, 2014Assignee: EMC CorporationInventors: Marten van Dijk, Kevin D. Bowers, John G. Brainard, Samuel Curry, Sean P. Doyle, Michael J. O'Malley, Nikolaos Triandopoulos
-
Patent number: 8875269Abstract: A method for single sign-on with established federation includes triggering a single sign-on operation from a first service to a second service, retrieving, by the first service, an associated federation key and pseudo identification for a user agent, generating, by the first service, a token signed with a federation key for the user agent based on the pseudo identification, redirecting, by the first service, the user agent to the second service, wherein the user agent transfers the token to the second service, verifying, by the second service, the token and determining an associated identification in the second service, and returning, by the second service, a resource to the user agent.Type: GrantFiled: February 23, 2011Date of Patent: October 28, 2014Assignee: International Business Machines CorporationInventors: Paula K. Austel, He Yuan Huang, Michael McIntosh, Bin Wang, Jing Min Xu
-
Patent number: 8874912Abstract: A system for transferring secured data has an authentication facilitator that transmits data indicative of a graphical key pad to a remote display device of a user computing device and, in response, receives from the user computing device icon location data indicative of locations of icons selected by a user. Additionally, the authentication facilitator recovers a personal identifier (PI) from the icon location data, translates the recovered PI to obtain a translated PI, and transmits the translated PI. The system further has a partner computing apparatus that receives the translated PI and allows the user access to a secured area based upon the translated PI.Type: GrantFiled: October 4, 2011Date of Patent: October 28, 2014Assignee: Accullink, Inc.Inventor: Timothy W. Barnett
-
Patent number: 8875262Abstract: Methods and apparatuses for secure communication are provided. The secure communication method includes receiving a first credential of a remote device; receiving first authentication information of the remote device; storing a user record including the first credential and the first authentication information; and evaluating a security level of the received first authentication information.Type: GrantFiled: January 14, 2011Date of Patent: October 28, 2014Assignee: Samsung Electronics Co., Ltd.Inventors: Kyung-hee Lee, Korkishko Tymur
-
Patent number: 8875128Abstract: A host controller associates each virtual machine with at least one label from a hierarchy of labels, where each label represents a distinct virtual machine parameter. The host controller also associates a user with one or more roles and with one or more labels from the hierarchy of labels, where each role defines at least one action permitted to be performed with respect to virtual machines. The host controller further facilitates control over user actions pertaining to virtual machines based on the roles and the labels associated with the user.Type: GrantFiled: November 30, 2009Date of Patent: October 28, 2014Assignee: Red Hat Israel, Ltd.Inventors: Vitaly Elyashev, Shahar Havivi
-
Patent number: 8875265Abstract: The present application relates generally to wireless communication systems and more specifically to systems, methods, and devices for remote credentials management within wireless communication systems. In one aspect, a method of obtaining provisioning information via a service provider network, such as a cellular network, for a device is provided. The method includes transmitting an attach request via the service provider network for provisioning service, the attach request including device vendor information which includes a unique identifier for the device. The method further includes receiving provisioning information from the service provider upon authentication of the device vendor information. In other aspects, systems and methods for providing provisioning information are described.Type: GrantFiled: January 25, 2013Date of Patent: October 28, 2014Assignee: Qualcomm IncorporatedInventor: Anand Palanigounder
-
Patent number: 8875264Abstract: Provided is an off-line two-factor user authentication system. The off-line two-factor user authentication system is designed to use, as a password, a one-time-password derivation rule to be applied to certain pattern elements included in a presentation pattern at specific positions so as to create a one-time password, and further use, as a second authentication factor, information identifying a client to be used by a user. A plurality of pattern seed values each adapted to uniquely specify a presentation pattern in combination with a client ID, and a plurality of verification codes corresponding to respective ones of the pattern seed values, are stored in an off-line two-factor authentication client. A presentation pattern is created based on a selected one of the pattern seed values and a client ID, and an entered one-time password is verified based on a verification code corresponding to the selected pattern seed value.Type: GrantFiled: October 5, 2010Date of Patent: October 28, 2014Assignee: CSE Co., Ltd.Inventors: Shigetomo Tamai, Toru Takano, Tsuyoshi Kobayashi
-
Patent number: 8875261Abstract: A rules driven multiple passwords system is provided wherein a list of stored passwords are used in rotation over time in accordance with a set of rules or conditions managed by the system. With such an arrangement, the currently active password of a system User may automatically be changed, in accordance with the rules or conditions, to the next password in the list. The User is notified as to the newly assigned password.Type: GrantFiled: October 22, 2008Date of Patent: October 28, 2014Assignee: International Business Machines CorporationInventors: Wayne M. Delia, Edward E. Kelley, Franco Motika
-
Publication number: 20140317706Abstract: A trust propagation system is disclosed that propagates trust data based on established trust relationships. The trust system may automatically propagate trust data between parties A and C based on trust relationships with a common party B. Trust data may include authentication data such as biometric data, encryption data, passwords, etc. that may be used to conduct exclusive communications.Type: ApplicationFiled: July 7, 2014Publication date: October 23, 2014Inventors: PRADEEP K. BANSAL, Lee Begeja, Carroll W. Creswell, Jeffrey Farah, Benjamin J. Stern, Jay Wilpon
-
Publication number: 20140317705Abstract: A method for managing passwords for a user. A processor of an apparatus storing at least one received, incorrect password proposal receives via a user interface a further password proposal from a user; generates a hash value for the further password proposal; sends the hash value to the authentication server; receives from the authentication server a message indicative of whether the hash value corresponds to a correct password or to an incorrect password. In case the message indicates that the hash value corresponds to a correct password, the processor uses a distance function on each incorrect password proposal to obtain a distance value representative of a distance between the incorrect password proposal and the correct password; and sending to the authentication server hash values for password proposals for which the distance value is lower than or equal to a threshold value. Also provided are the apparatus and a computer program support.Type: ApplicationFiled: April 9, 2014Publication date: October 23, 2014Applicant: THOMSON LICENSINGInventors: Marc ELUARD, Yves MAETZ
-
Publication number: 20140317704Abstract: A method of enabling the federation of unrelated applications is described herein. The method can include the step of installing a candidate application for inclusion in a secure workspace. A first previously-installed application may have a certificate signed by a first entity, and a second previously-installed application may have a certificate signed by a second entity such that the first and second previously-installed applications have different certificates. The method can also include the steps of generating a federation value for the candidate application for inclusion in the secure workspace and determining the result of a federation check of the candidate application based on the generated federation value. If the federation check for the candidate application is satisfied, the candidate application may be permitted to be part of the secure workspace.Type: ApplicationFiled: March 12, 2014Publication date: October 23, 2014Inventors: Philip Schentrup, Andrew James Dobson, Robert M. Dare, Christopher Michael Wade
-
Publication number: 20140316989Abstract: In one embodiment, a system includes one or more processors having memory coupled thereto. The memory stores instructions executable to cause the system to perform a method that includes generating a request based on 1) transaction information that is available to a user and a service provider and relating to one or more transactions by a user, and 2) at least one user-specified preference as to a type of the transaction information upon which the request is based, communicating the request to a device of the user, receiving a response to the request from the user device, and determining the authenticity of the user based on the response. The request can be in visually or audibly form, such as a Captcha.Type: ApplicationFiled: July 7, 2014Publication date: October 23, 2014Inventor: Kevin M. Raper
-
Publication number: 20140317703Abstract: A method of sharing data in a computer-implemented system is provided. The system includes at least a publisher device and a viewer device. The system establishes a data communication connection between the publisher device and the viewer device via a Wi-Fi direct (WFD) network. The publisher device sends a desktop sharing request to the viewer device and receiving a character string from the viewer device. When the character string matches the security code, the publisher device transmits a shared desktop of the publisher device to the viewer device using the data communication connection.Type: ApplicationFiled: October 30, 2013Publication date: October 23, 2014Applicant: HON HAI PRECISION INDUSTRY CO., LTD.Inventors: WUN-JHEN LAI, CHE-CHAUN LIANG
-
Publication number: 20140317702Abstract: A method and system to share credentials of the user automatically with the selected external wireless device in the wireless network is disclosed. The method selects the external wireless device based on the parameters and avail the services of the external wireless device in the user home wireless device. The external wireless devices are connected with a different service provider and when the user request to access the service in an external wireless device, then the method selects the optimum external wireless device among plurality of external wireless devices.Type: ApplicationFiled: April 23, 2013Publication date: October 23, 2014Inventors: Robbin Hughes, Thomas O'Neill, Perm Jothipragasam Kumar, Ramesh Rajasekaran
-
Publication number: 20140317707Abstract: The present invention relates to a method for sharing data of a device in M2M communication and a system therefor. The invention comprises: a step of allowing a resource user terminal to request access authority of protected resource data to a resource owner terminal, in order to prevent a security threat; a verification step of allowing the resource owner terminal to verify the resource user terminal to request the setting of the access authority to an M2M server, and to transmit a verification key issued from the M2M server to the resource user terminal; an access authority setting step of allowing the M2M server to generate an access authentication key based on the verification key, and to transmit the access authentication key to the resource user terminal; and a using step of allowing the resource user terminal to inquire about the protected resource data from the M2M server based on the access authentication key, and to use the protected resource data.Type: ApplicationFiled: December 16, 2011Publication date: October 23, 2014Applicant: MODACOM CO., LTD.Inventors: Kyung Su Kim, Jae Ho Lee, Yong Jin Kim
-
Patent number: 8869283Abstract: A method or system of receiving an electronic file containing content data in a predetermined data format, the method comprising the steps of: receiving the electronic file, determining the data format, parsing the content data, to determine whether it conforms to the predetermined data format, and if the content data does conform to the predetermined data format, regenerating the parsed data to create a regenerated electronic file in the data format.Type: GrantFiled: April 4, 2012Date of Patent: October 21, 2014Assignee: Glasswall (IP) LimitedInventor: Nicholas John Scales
-
Patent number: 8869142Abstract: Sending installation information. A method may be performed, for example, in a network computing environment including one or more servers connected to one or more clients. The method includes signing a package including installation information. A hash of the package is created. A metadata data set is created. The metadata data set includes a description of the package, an identification for the package, applicability rules describing intended recipients of the installation information, the hash of the package, and installation instructions for the package. The metadata data set is sent to a target group of systems in the network computing environment.Type: GrantFiled: January 27, 2006Date of Patent: October 21, 2014Assignee: Microsoft CorporationInventors: Christopher S. Gouge, Craig C. Marl, David C. Hennessey, David E. Kays, Edward F. Reus, Krishnan Rangarajan, Marc Shepard, Mazhar N. Mohammed, Steve P. Shih
-
Patent number: 8868921Abstract: A method for authenticating users over networks includes requesting a one-time password, entering a personal identification number into a communications device, and retrieving a replaceable shared secret stored in the communications device. Moreover, the method includes generating a hashed personal identification number from the entered personal identification number, combining the hashed personal identification number with the replaceable shared secret to generate a modified shared secret, and generating a one-time password with the modified shared secret and the time of requesting the one-time password.Type: GrantFiled: July 20, 2011Date of Patent: October 21, 2014Assignee: Daon Holdings LimitedInventors: Jason Scott Cramer, Andrew Supplee Webb, Christopher Eric Holland, Conor Robert White
-
Methods, apparatuses, and computer program products for bootstrapping device and user authentication
Patent number: 8869252Abstract: An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key. The processor may be further configured to provide the generated security certificate to the remote device.Type: GrantFiled: May 19, 2008Date of Patent: October 21, 2014Assignee: Nokia CorporationInventors: Nadarajah Asokan, Jan-Erik Ekberg, Antti Kiiveri, Olli Muukka -
Patent number: 8869233Abstract: Preferred embodiments of the invention provide systems and methods to maintain a policy within a network management system, receive a command to be executed on one of the one or more network elements, determine whether the command can be executed on the one of the one or more network elements based on the policy maintained within the network management system, and provide an indication that the command can be executed on the one of the one or more network elements based on a determination that the command can be executed on the one of the one or more network elements.Type: GrantFiled: December 22, 2006Date of Patent: October 21, 2014Assignee: Verizon Patent and Licensing Inc.Inventors: William J. Moran, Michael T. Bayne
-
Patent number: 8869253Abstract: A method of accessing an internet based service, involves using a cellular telephony device to obtain a token from the provider of the internet based service, and within the cellular telephony device, using the token to calculate a time-limited password. The time-limited password is used in combination with at least one further user identification parameter to obtain access to the internet based service.Type: GrantFiled: March 8, 2007Date of Patent: October 21, 2014Assignee: Monitise Group LimitedInventor: Steven Paul Atkinson
-
Patent number: 8869234Abstract: Embodiments dynamically manage privileged access to a computer system according to policies enforced by rule engine. User input to the rule engine may determine an extent of system access, as well as other features such as intensity of user activity logging (including logging supplemental to a system activity log). Certain embodiments may provide access based upon user selection of a pre-configured ID at a dashboard, while other embodiments may rely upon direct user input to the rule engine to generate an ID at a policy enforcement point. Embodiments of methods and apparatuses may be particularly useful in granting and/or logging broad temporary access rights allowed based upon emergency conditions.Type: GrantFiled: May 3, 2012Date of Patent: October 21, 2014Assignee: SAP AGInventors: John Christopher Radkowski, Swetta Singh
-
Patent number: 8868868Abstract: Method and system for providing information regarding a plurality of storage devices managed by a plurality of storage servers are provided. The storage space at the storage devices is presented to a plurality of computing systems as logical storage space. A plurality of searchable data structures having a plurality of data object types are stored at a temporary memory storage device of a management console that interfaces with the plurality of computing systems and the storage servers. Each data object type stores information regarding the storage device. The searchable data structure includes information regarding the storage devices and the logical storage space presented to the computing systems. A lock data structure for tracking locks that are assigned for accessing information pertaining to a storage server and a data object type is maintained to prevent unauthorized access to at least one of the searchable data structures.Type: GrantFiled: May 31, 2012Date of Patent: October 21, 2014Assignee: NetApp, Inc.Inventors: Nilesh P. Maheshwari, Sreenivasa Potakamuri, Robert M. Armitano, Yinzen Hwang
-
Patent number: 8869255Abstract: A security system and method for authenticating a user's access to a system is disclosed. The security system receives an authentication request from the user and responds by generating a security matrix based on a previously stored user keyword and user preference data, the security matrix being different for each authentication request. The security system sends the security matrix to the user and awaits a one-time code in response to the security matrix. The user forms the one-time code based on the user keyword, the user preferences, and the security matrix. The security system validates the one-time code against the security matrix, the keyword, and the user preferences, and responds by sending an authentication result to the user that either permits or denies access to the system. Additionally, the security system sends a success or fail message to the system to be accessed.Type: GrantFiled: October 25, 2011Date of Patent: October 21, 2014Assignee: Forticom Group LtdInventor: Antony Smales
-
Patent number: 8868915Abstract: An authorization server receives a request for an access token, for accessing a protected resource, from a client application executing on a device, wherein the request includes a client identifier that uniquely identifies the client application and a device identifier that uniquely identifies the device. The authorization server performs authentication of the client identifier and the device identifier. The authorization server returns a valid access token to the client application, based on the authentication of the client identifier and the device identifier, to enable the client application access to the protected resource.Type: GrantFiled: December 6, 2010Date of Patent: October 21, 2014Assignee: Verizon Patent and Licensing Inc.Inventor: Raymond C. Counterman
-
Patent number: 8869251Abstract: Consistent one-time password (OTP) functionality is provided from a presentation server to secure various on-line resources. A seed file can be provided to or created by a service provider for execution as part of a hosted page displayed at a client to a user. A presentation server receives a call from the seed file. A user interface widget can be initialized at the presentation server in response to the call from the seed file. The widget can be displayed as part of the remotely hosted Web page so that the user perceives the UI widget to be embedded in the page as viewed on the client computer system. Security for the interaction between the servers can be provided through use of security assertion markup language (SAML).Type: GrantFiled: September 12, 2007Date of Patent: October 21, 2014Assignee: Bank of America CorporationInventors: Eric W. Miller, Clay D. Newton
-
Patent number: 8869266Abstract: Assigning identifiers to a plurality of test devices to manage the test devices, and displaying the assigned identifiers on the test devices to distinguish the test devices.Type: GrantFiled: December 22, 2011Date of Patent: October 21, 2014Assignee: Samsung Electronics Co., Ltd.Inventors: Jong Rip Lee, Seock Woo Jang, Seok Ho Kim, Sung Hwa Lee
-
Publication number: 20140310788Abstract: A system to access one or more user profiles that govern one or more vehicle functions. The system cooperates with a processor and verification module which are adapted to verify, using one or more of biometric information, gesture recognition, facial recognition and device identification information, that a user has authority to access the one or more user profiles, where the one or more profiles are stored in one or more of a vehicle, a cloud and a communications device. An edit module is further provided and adapted to allow the user to make one or more edits to the one or more user profiles.Type: ApplicationFiled: April 15, 2014Publication date: October 16, 2014Applicant: Flextronics AP, LLCInventor: Christopher P. Ricci
-
Publication number: 20140310787Abstract: A system and method for establishing a virtual network connection between an initiating computing device operated by an initiator and a target computing device operated by a target so that one of said computing devices is able to control the other of said computing devices. The system comprises a third party proxy to which the computing devices are connected. The third party proxy receives a request for a virtual network connection to said target computing device from said initiating computing device and requests initiator credentials for said initiating computing device and target credentials for said target computing device. Said credentials are delivered to the respective computing device. The system also comprises a core node configured to receive the credentials from the respective computing device, authenticate the received credentials, and if said credentials are authentic, establish the virtual network connection between said initiating computing device and said target computing device.Type: ApplicationFiled: December 4, 2013Publication date: October 16, 2014Applicant: REALVNC LTDInventors: Jason Barrie Morley, Nicolas David Reeves, Adam Greenwood Byrne, Katarzyna Maria Czeczot
-
Patent number: 8863255Abstract: Techniques are described for deploying a security credential for an application deployed in a cloud. An encrypted security credential is received from a remote system and is inserted into a virtual machine image associated with the application. Upon deploying the virtual machine image as a virtual machine instance, embodiments transmit a request to a cryptex server for a decrypted security credential, the request including the encrypted security credential and a virtual machine identifier for the virtual machine instance. The cryptex server is configured to retrieve metadata associated with the virtual machine identifier and to authenticate the virtual machine instance using the retrieved metadata. Embodiments receive, from the cryptex server, the decrypted security credential for use by the application.Type: GrantFiled: September 14, 2012Date of Patent: October 14, 2014Assignee: Netflix, Inc.Inventors: James R. Zarfoss, III, Yong Yuan
-
Patent number: 8862880Abstract: A two-stage anonymization process is applied to monitored network traffic in which unique user identifiers, such as the MSISDN (Mobile Station International Subscriber Directory Number), are extracted from the traffic and anonymized to generate an ASI (anonymized subscriber identifier). A strictly random RSI (random subscriber identifier) is generated and used to replace the ASI. The RSI is generated upon a first occurrence of an ASI and stored in a lookup table for utilization upon subsequent ASI occurrences. Use of the strictly random RSI enables various studies and analysis of user behavior to be performed at a heightened level of privacy protection as compared with conventional anonymization schemes that do not utilize strictly random identifiers.Type: GrantFiled: September 23, 2011Date of Patent: October 14, 2014Assignee: GfK Holding Inc.Inventors: Jacques Combet, Yves-Marie LeMaitre, Antero Kivi
-
Patent number: 8863256Abstract: A method in one embodiment includes detecting an event for a transaction on an on-board unit (OBU) of a vehicle, where the event has a trigger associated with an agent. The method also includes determining whether the transaction is authorized, identifying network credentials in an identity profile that corresponds to the agent, providing network credentials to a transaction application corresponding to the transaction, and accessing a remote network using the network credentials. Certain embodiments include selecting the network credentials from a plurality of available network credentials corresponding to the agent. In more specific embodiments, the network credentials include one or more virtual subscriber identity modules (VSIMs) of a plurality of VSIMs provisioned on the OBU. In specific embodiments, the network credentials are mapped to a combination of two or more of the agent, the transaction application, and a predefined current location of the vehicle.Type: GrantFiled: January 26, 2011Date of Patent: October 14, 2014Assignee: Cisco Technology, Inc.Inventors: Sateesh K. Addepalli, Fabio R. Maino, Flavio Bonomi, Lillian Lei Dai, Vina Ermagan, Alexander Loukissas, Erick D. Lee, Landon Curt Noll
-
Patent number: 8863252Abstract: A method of downloading trusted content. The method comprises sending by a mobile device a request for a trusted content to a server, wherein the mobile device comprises a first mobile device trusted security zone and builds the request while executing in the first mobile device trusted security zone and wherein the server comprises a server trusted security zone and wherein the server handles the request for the trusted content at least partly in the server trusted security zone. The method comprises receiving the trusted content by the first mobile device trusted security zone, storing the trusted content in a second mobile device trusted security zone of the mobile device, inspecting the trusted content in the second mobile device trusted security zone, and when the trusted content passes inspection, at least one of executing or presenting a portion of the trusted content by the first mobile device trusted security zone.Type: GrantFiled: July 25, 2012Date of Patent: October 14, 2014Assignee: Sprint Communications Company L.P.Inventors: Robin D. Katzer, Lyle W. Paczkowski, William M. Parsel, Carl J. Persson, Matthew C. Schlesener
-
Patent number: 8863254Abstract: An authentication information management program of an authentication information management apparatus allowing the authentication information management apparatus to execute: changing the first authentication information in correspondence information which is information including the first authentication information and second authentication information in association with each other and stored in a storage section of the authentication information management apparatus; transmitting the authentication apparatus of the changed first authentication information; determining, in response to a request from the apparatus to be authenticated, whether the second authentication information in the authentication request coincides with the second authentication information in the correspondence information; and returning, in the case where it is determined that the second authentication information in the authentication request coincides with the second authentication information in the correspondence information, theType: GrantFiled: March 22, 2010Date of Patent: October 14, 2014Assignee: Fujitsu LimitedInventors: Itaru Nakagawa, Kazuo Sasaki
-
Patent number: 8862105Abstract: In particular implementations, a mobile device management system allows network administrators to control the distribution and publication of applications to mobile device users in an enterprise network. A user profile is accessed to determine a user attribute. A catalog of applications is filtered based at least in part on the user attribute and an enterprise application availability policy to determine a set of applications to be returned and provided via an enterprise mobile device application management interface.Type: GrantFiled: February 14, 2014Date of Patent: October 14, 2014Assignee: Mobile Iron, Inc.Inventors: Jesse Wagner Lindeman, Thomas Edward Wagner, Suresh Kumar Batchu, Ojas Udayan Rege, Ajay Kumar Mishra, Robert Bates Tinker
-
Patent number: 8863248Abstract: A technique for automated login to a browser application from a non-browser based client application begins upon the end user taking an action to access a target resource. A credential is associated with the client application as a result of a prior login operation. The technique is implemented in a server application associated with the client application. It enables automatic and secure passing of the client application credential to the counterpart browser application that is launched by the client application.Type: GrantFiled: April 7, 2011Date of Patent: October 14, 2014Assignee: International Business Machines CorporationInventors: David Mark Wendt, Joseph Kubik
-
Patent number: 8863295Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for linking video sharing accounts with content delivery accounts. In one aspect, a method includes providing a control in a user interface associated with a campaign management tool for a content delivery system. The control includes a linking tool for linking a content delivery account associated with a user in the content delivery system with one or more video sharing accounts in a video sharing environment.Type: GrantFiled: October 18, 2011Date of Patent: October 14, 2014Assignee: Google Inc.Inventors: Phuong B. Le, Jonathan Goldman, Simon P. Hofer
-
Patent number: 8863262Abstract: Systems and methods are provided to authorize users to anonymously access resources of different web sites. For example, a business listing service may authenticate users and allow the authenticated users to access the resources of the businesses listed via the business listing service, without the users having to create separate accounts with the businesses and without having to reveal the identities of the users to the businesses.Type: GrantFiled: August 20, 2008Date of Patent: October 14, 2014Assignee: Yellowpages.com LLCInventor: Jakhongir Samatov
-
Patent number: 8863246Abstract: Apparatus and methods are described for searching and replacing user credentials in a multiple disparate credential store environment. Upon authentication of a user to change credentials, credential information of multiple disparate credential stores is searched. Upon population of search results, users indicate which of the credentials they desire to change and results are committed upon affirmative execution in a user interface dialog. In this manner, users locate their credential information, from whatever store, and change it in quantity or singularly from a single point of control. They can also fully understand how many passwords, secrets, keys, etc., they have over the many disparate stores available to them and affirmatively control their relationship to other credential information. Reversion of credential information to an earlier time is still another feature as is retrofitting existing SSO services. Computer program products and computing network interaction are also disclosed.Type: GrantFiled: August 31, 2007Date of Patent: October 14, 2014Assignee: Apple Inc.Inventors: James M. Norman, Cameron Mashayekhi, Karl E. Ford
-
Patent number: 8863234Abstract: A method of providing collaborative security and collaborative decision making in a service-oriented environment. The method includes validating request(s) by application(s) for service(s) in the environment, and providing each service for which an application request is validated. The method also includes monitoring a situational state exposed by services being provided in the environment. Based on the monitored state, the validating of one or more service requests is influenced.Type: GrantFiled: August 6, 2008Date of Patent: October 14, 2014Assignee: The Boeing CompanyInventor: Yefim Zhuk
-
Patent number: 8862888Abstract: In one aspect, systems and methods for three-factor authentication include receiving a user's identification and password transmitted from the user's mobile device, generating a One Time Password (OTP), encrypting the OTP, and encoding the encrypted OTP in a two-dimensional barcode. The two-dimensional barcode of the encrypted OTP is transmitted to a computing device of the user, and an image of the two-dimensional barcode of the encrypted OTP displayed on the user's computing device is captured using the user's mobile device. The two-dimensional barcode of the encrypted OTP is decoded using the user's mobile device to obtain the encrypted OTP. The encrypted OTP is decrypted using the user's mobile device and displayed. The OTP then is spoken by the user, and the user's voice and the OTP are recognized to authenticate the user.Type: GrantFiled: January 11, 2012Date of Patent: October 14, 2014Assignee: King Saud UniversityInventors: Ahmed Saleh Mohamed Tolba, Muhammad Khurram Khan, Khaled Soliman Alghathbar
-
Patent number: 8863253Abstract: In various embodiments, a method comprises scanning a directory structure to generate a scan result comprising a plurality of discovered systems, identifying one or more accounts associated with at least one of the plurality of discovered systems, configuring a security appliance to change one or more old passwords to one or more new passwords for the one or more accounts, and changing, with the configured security appliance, the one or more old passwords to the one or more new passwords.Type: GrantFiled: September 30, 2009Date of Patent: October 14, 2014Assignee: BeyondTrust Software, Inc.Inventors: Gyle Iverson, Jeffery Nielsen, Julie Lustig-Rusch, James Mitchell