Management Patents (Class 726/6)
  • Publication number: 20140325624
    Abstract: A projector system of the present invention includes a projector 10 and a personal computer PC as an information terminal, which communicate with each other via a network connection. The projector 10 generates a password required for establishment of the network connection and projects the password on a screen SC. A user of the personal computer PC inputs the password projected on the screen SC. The password is used for authentication of the network connection between the projector 10 and the personal computer PC and cipher communication therebetween. This arrangement of the present invention enhances the convenience of the projector that is capable of establishing a network connection with the information terminal, while ensuring secrecy of communicating data.
    Type: Application
    Filed: July 7, 2014
    Publication date: October 30, 2014
    Applicant: SEIKO EPSON CORPORATION
    Inventor: Shinji KUBOTA
  • Publication number: 20140325622
    Abstract: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.
    Type: Application
    Filed: April 30, 2013
    Publication date: October 30, 2014
    Applicant: Microsoft Corporation
    Inventor: Microsoft Corporation
  • Publication number: 20140325626
    Abstract: A method and system for securing a user transaction involving a subscriber unit (“SU”) (having a processor, memory, and a display configured to accept user input), a credential information manager (“CIM”) (having a processor and memory), and a transaction service provider (“TSP”) (having a processor and memory). A cyber identifier (“CyberID”), a subscriber identifier (“SubscriberID”), and subscriber information, each associated with the user, is stored in the CIM. A transaction request is sent from the SU to the TSP, which creates a transaction identifier (“TID”), stores it in the TSP memory and transmits it to the SU. The SU transmits an authentication request, the TID, and SubscriberID to the CIM, which authenticates the SubscriberID and verifies the TID to the TSP. The TSP verifies the TID and reports it to the CIM, which transmits the CyberID and subscriber information to the TSP, and transmits a transaction authorization to the SU.
    Type: Application
    Filed: July 9, 2014
    Publication date: October 30, 2014
    Inventors: Yang Lit Fang, Ryan Nacion Trinidad
  • Publication number: 20140325625
    Abstract: A new identification (ID) technology comprising unified and standardized object identification within Cyber Space is disclosed based upon intrinsic properties of the entity to be identified. This Cyber Gene ID (or Cyber ID) technology extracts intrinsic information from either the physical users or their cyberspace counterparts, and such information is categorized into client parameters, dynamic parameters, static parameters, cloud parameters, connection parameters and user parameters.
    Type: Application
    Filed: July 8, 2014
    Publication date: October 30, 2014
    Inventors: Nanjie Liu, Jun Sun, Haitao Zhao, Chengjie Gu, Dapeng Li
  • Patent number: 8874768
    Abstract: Methods for providing for secure communications across data networks, including untrusted networks. In one embodiment, the method comprises establishing security associations between devices on the network using a digital certificate and key exchange protocol. In one variant, the digital certificate comprises a public encryption key; the recipient of the certificate authenticates the sender using at least the signature, and then generates a cryptographic element (e.g., key), and initialization vector. The key is encrypted and sent back to the originator, where it is decrypted and used to encrypt datagrams sent between the devices. The initialization vector may be used to initialize the encryption algorithm on the receiving device.
    Type: Grant
    Filed: December 10, 2010
    Date of Patent: October 28, 2014
    Assignee: Round Rocks Research, LLC
    Inventors: James M Holden, Stephen E Levin, James O Nickel, Edwin H Wrench
  • Patent number: 8874903
    Abstract: A network device, connectable with a service providing server and an authentication sever via a network, includes an acquisition information storage storing acquisition information for acquiring a certificate corresponding to each of services the service providing server provides, a certificate storage storing certificates acquired from the authentication server, a determining unit that, in response to acceptance of a request for utilizing a service, determines whether a certificate necessary for utilizing the requested service is stored in the certificate storage, and a controller that, when the necessary certificate is not stored, reads out acquisition information for the necessary certificate from the acquisition information storage, makes a certificate acquiring unit acquire the necessary certificate from the authentication server using the acquisition information, and stores the necessary certificate into the certificate storage.
    Type: Grant
    Filed: October 30, 2009
    Date of Patent: October 28, 2014
    Assignee: Brother Kogyo Kabushiki Kaisha
    Inventor: Yasuhiro Kudo
  • Patent number: 8875266
    Abstract: A virtualization system supports secure, controlled execution of application programs within virtual machines. The virtual machine encapsulates a virtual hardware platform and guest operating system executable with respect to the virtual hardware platform to provide a program execution space within the virtual machine. An application program, requiring license control data to enable execution of the application program, is provided within the program execution space for execution within the virtual machine. A data store providing storage of encrypted policy control information and the license control data is provided external to the virtual machine. The data store is accessed through a virtualization system including a policy controller that is selectively responsive to a request received from the virtual machine to retrieve the license control data dependent on an evaluation of the encrypted policy control information.
    Type: Grant
    Filed: May 16, 2008
    Date of Patent: October 28, 2014
    Assignee: VMware, Inc.
    Inventors: Benjamin A. Chambers, Matthew D. Ginzton
  • Patent number: 8875236
    Abstract: Disclosed is a method including allowing an application server to request setup of a session on behalf of a user terminal, and using mechanisms of a generic peer authentication procedure for procedure for enabling authentication of the application server to an interrogating server, the interrogating server being a network element that is configured to process said request to setup a session on behalf of a user terminal. Also disclosed are related devices, systems and computer programs.
    Type: Grant
    Filed: June 11, 2007
    Date of Patent: October 28, 2014
    Assignee: Nokia Corporation
    Inventors: Silke Holtmanns, Tiina S. Koskinen
  • Patent number: 8875263
    Abstract: A technique controls a soft token running within an electronic apparatus. The technique involves providing an initial series of authentication codes based on a first set of machine states. The initial series of authentication codes is provided from the electronic apparatus to a server through a forward channel to authenticate a user. The technique further involves receiving a command from the server through a reverse channel between the electronic apparatus and the server. The reverse channel provides communications in a direction opposite to that of the forward channel. The technique further involves changing the first set of machine states to a second set of machine states in response to the command, and providing a new series of authentication codes based on the second set of machine states. The new series of authentication codes is provided from the electronic apparatus to the server through the forward channel for user authentication.
    Type: Grant
    Filed: March 29, 2012
    Date of Patent: October 28, 2014
    Assignee: EMC Corporation
    Inventors: Marten van Dijk, Kevin D. Bowers, John G. Brainard, Samuel Curry, Sean P. Doyle, Michael J. O'Malley, Nikolaos Triandopoulos
  • Patent number: 8875269
    Abstract: A method for single sign-on with established federation includes triggering a single sign-on operation from a first service to a second service, retrieving, by the first service, an associated federation key and pseudo identification for a user agent, generating, by the first service, a token signed with a federation key for the user agent based on the pseudo identification, redirecting, by the first service, the user agent to the second service, wherein the user agent transfers the token to the second service, verifying, by the second service, the token and determining an associated identification in the second service, and returning, by the second service, a resource to the user agent.
    Type: Grant
    Filed: February 23, 2011
    Date of Patent: October 28, 2014
    Assignee: International Business Machines Corporation
    Inventors: Paula K. Austel, He Yuan Huang, Michael McIntosh, Bin Wang, Jing Min Xu
  • Patent number: 8874912
    Abstract: A system for transferring secured data has an authentication facilitator that transmits data indicative of a graphical key pad to a remote display device of a user computing device and, in response, receives from the user computing device icon location data indicative of locations of icons selected by a user. Additionally, the authentication facilitator recovers a personal identifier (PI) from the icon location data, translates the recovered PI to obtain a translated PI, and transmits the translated PI. The system further has a partner computing apparatus that receives the translated PI and allows the user access to a secured area based upon the translated PI.
    Type: Grant
    Filed: October 4, 2011
    Date of Patent: October 28, 2014
    Assignee: Accullink, Inc.
    Inventor: Timothy W. Barnett
  • Patent number: 8875262
    Abstract: Methods and apparatuses for secure communication are provided. The secure communication method includes receiving a first credential of a remote device; receiving first authentication information of the remote device; storing a user record including the first credential and the first authentication information; and evaluating a security level of the received first authentication information.
    Type: Grant
    Filed: January 14, 2011
    Date of Patent: October 28, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Kyung-hee Lee, Korkishko Tymur
  • Patent number: 8875128
    Abstract: A host controller associates each virtual machine with at least one label from a hierarchy of labels, where each label represents a distinct virtual machine parameter. The host controller also associates a user with one or more roles and with one or more labels from the hierarchy of labels, where each role defines at least one action permitted to be performed with respect to virtual machines. The host controller further facilitates control over user actions pertaining to virtual machines based on the roles and the labels associated with the user.
    Type: Grant
    Filed: November 30, 2009
    Date of Patent: October 28, 2014
    Assignee: Red Hat Israel, Ltd.
    Inventors: Vitaly Elyashev, Shahar Havivi
  • Patent number: 8875265
    Abstract: The present application relates generally to wireless communication systems and more specifically to systems, methods, and devices for remote credentials management within wireless communication systems. In one aspect, a method of obtaining provisioning information via a service provider network, such as a cellular network, for a device is provided. The method includes transmitting an attach request via the service provider network for provisioning service, the attach request including device vendor information which includes a unique identifier for the device. The method further includes receiving provisioning information from the service provider upon authentication of the device vendor information. In other aspects, systems and methods for providing provisioning information are described.
    Type: Grant
    Filed: January 25, 2013
    Date of Patent: October 28, 2014
    Assignee: Qualcomm Incorporated
    Inventor: Anand Palanigounder
  • Patent number: 8875264
    Abstract: Provided is an off-line two-factor user authentication system. The off-line two-factor user authentication system is designed to use, as a password, a one-time-password derivation rule to be applied to certain pattern elements included in a presentation pattern at specific positions so as to create a one-time password, and further use, as a second authentication factor, information identifying a client to be used by a user. A plurality of pattern seed values each adapted to uniquely specify a presentation pattern in combination with a client ID, and a plurality of verification codes corresponding to respective ones of the pattern seed values, are stored in an off-line two-factor authentication client. A presentation pattern is created based on a selected one of the pattern seed values and a client ID, and an entered one-time password is verified based on a verification code corresponding to the selected pattern seed value.
    Type: Grant
    Filed: October 5, 2010
    Date of Patent: October 28, 2014
    Assignee: CSE Co., Ltd.
    Inventors: Shigetomo Tamai, Toru Takano, Tsuyoshi Kobayashi
  • Patent number: 8875261
    Abstract: A rules driven multiple passwords system is provided wherein a list of stored passwords are used in rotation over time in accordance with a set of rules or conditions managed by the system. With such an arrangement, the currently active password of a system User may automatically be changed, in accordance with the rules or conditions, to the next password in the list. The User is notified as to the newly assigned password.
    Type: Grant
    Filed: October 22, 2008
    Date of Patent: October 28, 2014
    Assignee: International Business Machines Corporation
    Inventors: Wayne M. Delia, Edward E. Kelley, Franco Motika
  • Publication number: 20140317706
    Abstract: A trust propagation system is disclosed that propagates trust data based on established trust relationships. The trust system may automatically propagate trust data between parties A and C based on trust relationships with a common party B. Trust data may include authentication data such as biometric data, encryption data, passwords, etc. that may be used to conduct exclusive communications.
    Type: Application
    Filed: July 7, 2014
    Publication date: October 23, 2014
    Inventors: PRADEEP K. BANSAL, Lee Begeja, Carroll W. Creswell, Jeffrey Farah, Benjamin J. Stern, Jay Wilpon
  • Publication number: 20140317705
    Abstract: A method for managing passwords for a user. A processor of an apparatus storing at least one received, incorrect password proposal receives via a user interface a further password proposal from a user; generates a hash value for the further password proposal; sends the hash value to the authentication server; receives from the authentication server a message indicative of whether the hash value corresponds to a correct password or to an incorrect password. In case the message indicates that the hash value corresponds to a correct password, the processor uses a distance function on each incorrect password proposal to obtain a distance value representative of a distance between the incorrect password proposal and the correct password; and sending to the authentication server hash values for password proposals for which the distance value is lower than or equal to a threshold value. Also provided are the apparatus and a computer program support.
    Type: Application
    Filed: April 9, 2014
    Publication date: October 23, 2014
    Applicant: THOMSON LICENSING
    Inventors: Marc ELUARD, Yves MAETZ
  • Publication number: 20140317704
    Abstract: A method of enabling the federation of unrelated applications is described herein. The method can include the step of installing a candidate application for inclusion in a secure workspace. A first previously-installed application may have a certificate signed by a first entity, and a second previously-installed application may have a certificate signed by a second entity such that the first and second previously-installed applications have different certificates. The method can also include the steps of generating a federation value for the candidate application for inclusion in the secure workspace and determining the result of a federation check of the candidate application based on the generated federation value. If the federation check for the candidate application is satisfied, the candidate application may be permitted to be part of the secure workspace.
    Type: Application
    Filed: March 12, 2014
    Publication date: October 23, 2014
    Inventors: Philip Schentrup, Andrew James Dobson, Robert M. Dare, Christopher Michael Wade
  • Publication number: 20140316989
    Abstract: In one embodiment, a system includes one or more processors having memory coupled thereto. The memory stores instructions executable to cause the system to perform a method that includes generating a request based on 1) transaction information that is available to a user and a service provider and relating to one or more transactions by a user, and 2) at least one user-specified preference as to a type of the transaction information upon which the request is based, communicating the request to a device of the user, receiving a response to the request from the user device, and determining the authenticity of the user based on the response. The request can be in visually or audibly form, such as a Captcha.
    Type: Application
    Filed: July 7, 2014
    Publication date: October 23, 2014
    Inventor: Kevin M. Raper
  • Publication number: 20140317703
    Abstract: A method of sharing data in a computer-implemented system is provided. The system includes at least a publisher device and a viewer device. The system establishes a data communication connection between the publisher device and the viewer device via a Wi-Fi direct (WFD) network. The publisher device sends a desktop sharing request to the viewer device and receiving a character string from the viewer device. When the character string matches the security code, the publisher device transmits a shared desktop of the publisher device to the viewer device using the data communication connection.
    Type: Application
    Filed: October 30, 2013
    Publication date: October 23, 2014
    Applicant: HON HAI PRECISION INDUSTRY CO., LTD.
    Inventors: WUN-JHEN LAI, CHE-CHAUN LIANG
  • Publication number: 20140317702
    Abstract: A method and system to share credentials of the user automatically with the selected external wireless device in the wireless network is disclosed. The method selects the external wireless device based on the parameters and avail the services of the external wireless device in the user home wireless device. The external wireless devices are connected with a different service provider and when the user request to access the service in an external wireless device, then the method selects the optimum external wireless device among plurality of external wireless devices.
    Type: Application
    Filed: April 23, 2013
    Publication date: October 23, 2014
    Inventors: Robbin Hughes, Thomas O'Neill, Perm Jothipragasam Kumar, Ramesh Rajasekaran
  • Publication number: 20140317707
    Abstract: The present invention relates to a method for sharing data of a device in M2M communication and a system therefor. The invention comprises: a step of allowing a resource user terminal to request access authority of protected resource data to a resource owner terminal, in order to prevent a security threat; a verification step of allowing the resource owner terminal to verify the resource user terminal to request the setting of the access authority to an M2M server, and to transmit a verification key issued from the M2M server to the resource user terminal; an access authority setting step of allowing the M2M server to generate an access authentication key based on the verification key, and to transmit the access authentication key to the resource user terminal; and a using step of allowing the resource user terminal to inquire about the protected resource data from the M2M server based on the access authentication key, and to use the protected resource data.
    Type: Application
    Filed: December 16, 2011
    Publication date: October 23, 2014
    Applicant: MODACOM CO., LTD.
    Inventors: Kyung Su Kim, Jae Ho Lee, Yong Jin Kim
  • Patent number: 8869283
    Abstract: A method or system of receiving an electronic file containing content data in a predetermined data format, the method comprising the steps of: receiving the electronic file, determining the data format, parsing the content data, to determine whether it conforms to the predetermined data format, and if the content data does conform to the predetermined data format, regenerating the parsed data to create a regenerated electronic file in the data format.
    Type: Grant
    Filed: April 4, 2012
    Date of Patent: October 21, 2014
    Assignee: Glasswall (IP) Limited
    Inventor: Nicholas John Scales
  • Patent number: 8869142
    Abstract: Sending installation information. A method may be performed, for example, in a network computing environment including one or more servers connected to one or more clients. The method includes signing a package including installation information. A hash of the package is created. A metadata data set is created. The metadata data set includes a description of the package, an identification for the package, applicability rules describing intended recipients of the installation information, the hash of the package, and installation instructions for the package. The metadata data set is sent to a target group of systems in the network computing environment.
    Type: Grant
    Filed: January 27, 2006
    Date of Patent: October 21, 2014
    Assignee: Microsoft Corporation
    Inventors: Christopher S. Gouge, Craig C. Marl, David C. Hennessey, David E. Kays, Edward F. Reus, Krishnan Rangarajan, Marc Shepard, Mazhar N. Mohammed, Steve P. Shih
  • Patent number: 8868921
    Abstract: A method for authenticating users over networks includes requesting a one-time password, entering a personal identification number into a communications device, and retrieving a replaceable shared secret stored in the communications device. Moreover, the method includes generating a hashed personal identification number from the entered personal identification number, combining the hashed personal identification number with the replaceable shared secret to generate a modified shared secret, and generating a one-time password with the modified shared secret and the time of requesting the one-time password.
    Type: Grant
    Filed: July 20, 2011
    Date of Patent: October 21, 2014
    Assignee: Daon Holdings Limited
    Inventors: Jason Scott Cramer, Andrew Supplee Webb, Christopher Eric Holland, Conor Robert White
  • Patent number: 8869252
    Abstract: An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key. The processor may be further configured to provide the generated security certificate to the remote device.
    Type: Grant
    Filed: May 19, 2008
    Date of Patent: October 21, 2014
    Assignee: Nokia Corporation
    Inventors: Nadarajah Asokan, Jan-Erik Ekberg, Antti Kiiveri, Olli Muukka
  • Patent number: 8869233
    Abstract: Preferred embodiments of the invention provide systems and methods to maintain a policy within a network management system, receive a command to be executed on one of the one or more network elements, determine whether the command can be executed on the one of the one or more network elements based on the policy maintained within the network management system, and provide an indication that the command can be executed on the one of the one or more network elements based on a determination that the command can be executed on the one of the one or more network elements.
    Type: Grant
    Filed: December 22, 2006
    Date of Patent: October 21, 2014
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: William J. Moran, Michael T. Bayne
  • Patent number: 8869253
    Abstract: A method of accessing an internet based service, involves using a cellular telephony device to obtain a token from the provider of the internet based service, and within the cellular telephony device, using the token to calculate a time-limited password. The time-limited password is used in combination with at least one further user identification parameter to obtain access to the internet based service.
    Type: Grant
    Filed: March 8, 2007
    Date of Patent: October 21, 2014
    Assignee: Monitise Group Limited
    Inventor: Steven Paul Atkinson
  • Patent number: 8869234
    Abstract: Embodiments dynamically manage privileged access to a computer system according to policies enforced by rule engine. User input to the rule engine may determine an extent of system access, as well as other features such as intensity of user activity logging (including logging supplemental to a system activity log). Certain embodiments may provide access based upon user selection of a pre-configured ID at a dashboard, while other embodiments may rely upon direct user input to the rule engine to generate an ID at a policy enforcement point. Embodiments of methods and apparatuses may be particularly useful in granting and/or logging broad temporary access rights allowed based upon emergency conditions.
    Type: Grant
    Filed: May 3, 2012
    Date of Patent: October 21, 2014
    Assignee: SAP AG
    Inventors: John Christopher Radkowski, Swetta Singh
  • Patent number: 8868868
    Abstract: Method and system for providing information regarding a plurality of storage devices managed by a plurality of storage servers are provided. The storage space at the storage devices is presented to a plurality of computing systems as logical storage space. A plurality of searchable data structures having a plurality of data object types are stored at a temporary memory storage device of a management console that interfaces with the plurality of computing systems and the storage servers. Each data object type stores information regarding the storage device. The searchable data structure includes information regarding the storage devices and the logical storage space presented to the computing systems. A lock data structure for tracking locks that are assigned for accessing information pertaining to a storage server and a data object type is maintained to prevent unauthorized access to at least one of the searchable data structures.
    Type: Grant
    Filed: May 31, 2012
    Date of Patent: October 21, 2014
    Assignee: NetApp, Inc.
    Inventors: Nilesh P. Maheshwari, Sreenivasa Potakamuri, Robert M. Armitano, Yinzen Hwang
  • Patent number: 8869255
    Abstract: A security system and method for authenticating a user's access to a system is disclosed. The security system receives an authentication request from the user and responds by generating a security matrix based on a previously stored user keyword and user preference data, the security matrix being different for each authentication request. The security system sends the security matrix to the user and awaits a one-time code in response to the security matrix. The user forms the one-time code based on the user keyword, the user preferences, and the security matrix. The security system validates the one-time code against the security matrix, the keyword, and the user preferences, and responds by sending an authentication result to the user that either permits or denies access to the system. Additionally, the security system sends a success or fail message to the system to be accessed.
    Type: Grant
    Filed: October 25, 2011
    Date of Patent: October 21, 2014
    Assignee: Forticom Group Ltd
    Inventor: Antony Smales
  • Patent number: 8868915
    Abstract: An authorization server receives a request for an access token, for accessing a protected resource, from a client application executing on a device, wherein the request includes a client identifier that uniquely identifies the client application and a device identifier that uniquely identifies the device. The authorization server performs authentication of the client identifier and the device identifier. The authorization server returns a valid access token to the client application, based on the authentication of the client identifier and the device identifier, to enable the client application access to the protected resource.
    Type: Grant
    Filed: December 6, 2010
    Date of Patent: October 21, 2014
    Assignee: Verizon Patent and Licensing Inc.
    Inventor: Raymond C. Counterman
  • Patent number: 8869251
    Abstract: Consistent one-time password (OTP) functionality is provided from a presentation server to secure various on-line resources. A seed file can be provided to or created by a service provider for execution as part of a hosted page displayed at a client to a user. A presentation server receives a call from the seed file. A user interface widget can be initialized at the presentation server in response to the call from the seed file. The widget can be displayed as part of the remotely hosted Web page so that the user perceives the UI widget to be embedded in the page as viewed on the client computer system. Security for the interaction between the servers can be provided through use of security assertion markup language (SAML).
    Type: Grant
    Filed: September 12, 2007
    Date of Patent: October 21, 2014
    Assignee: Bank of America Corporation
    Inventors: Eric W. Miller, Clay D. Newton
  • Patent number: 8869266
    Abstract: Assigning identifiers to a plurality of test devices to manage the test devices, and displaying the assigned identifiers on the test devices to distinguish the test devices.
    Type: Grant
    Filed: December 22, 2011
    Date of Patent: October 21, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Jong Rip Lee, Seock Woo Jang, Seok Ho Kim, Sung Hwa Lee
  • Publication number: 20140310788
    Abstract: A system to access one or more user profiles that govern one or more vehicle functions. The system cooperates with a processor and verification module which are adapted to verify, using one or more of biometric information, gesture recognition, facial recognition and device identification information, that a user has authority to access the one or more user profiles, where the one or more profiles are stored in one or more of a vehicle, a cloud and a communications device. An edit module is further provided and adapted to allow the user to make one or more edits to the one or more user profiles.
    Type: Application
    Filed: April 15, 2014
    Publication date: October 16, 2014
    Applicant: Flextronics AP, LLC
    Inventor: Christopher P. Ricci
  • Publication number: 20140310787
    Abstract: A system and method for establishing a virtual network connection between an initiating computing device operated by an initiator and a target computing device operated by a target so that one of said computing devices is able to control the other of said computing devices. The system comprises a third party proxy to which the computing devices are connected. The third party proxy receives a request for a virtual network connection to said target computing device from said initiating computing device and requests initiator credentials for said initiating computing device and target credentials for said target computing device. Said credentials are delivered to the respective computing device. The system also comprises a core node configured to receive the credentials from the respective computing device, authenticate the received credentials, and if said credentials are authentic, establish the virtual network connection between said initiating computing device and said target computing device.
    Type: Application
    Filed: December 4, 2013
    Publication date: October 16, 2014
    Applicant: REALVNC LTD
    Inventors: Jason Barrie Morley, Nicolas David Reeves, Adam Greenwood Byrne, Katarzyna Maria Czeczot
  • Patent number: 8863255
    Abstract: Techniques are described for deploying a security credential for an application deployed in a cloud. An encrypted security credential is received from a remote system and is inserted into a virtual machine image associated with the application. Upon deploying the virtual machine image as a virtual machine instance, embodiments transmit a request to a cryptex server for a decrypted security credential, the request including the encrypted security credential and a virtual machine identifier for the virtual machine instance. The cryptex server is configured to retrieve metadata associated with the virtual machine identifier and to authenticate the virtual machine instance using the retrieved metadata. Embodiments receive, from the cryptex server, the decrypted security credential for use by the application.
    Type: Grant
    Filed: September 14, 2012
    Date of Patent: October 14, 2014
    Assignee: Netflix, Inc.
    Inventors: James R. Zarfoss, III, Yong Yuan
  • Patent number: 8862880
    Abstract: A two-stage anonymization process is applied to monitored network traffic in which unique user identifiers, such as the MSISDN (Mobile Station International Subscriber Directory Number), are extracted from the traffic and anonymized to generate an ASI (anonymized subscriber identifier). A strictly random RSI (random subscriber identifier) is generated and used to replace the ASI. The RSI is generated upon a first occurrence of an ASI and stored in a lookup table for utilization upon subsequent ASI occurrences. Use of the strictly random RSI enables various studies and analysis of user behavior to be performed at a heightened level of privacy protection as compared with conventional anonymization schemes that do not utilize strictly random identifiers.
    Type: Grant
    Filed: September 23, 2011
    Date of Patent: October 14, 2014
    Assignee: GfK Holding Inc.
    Inventors: Jacques Combet, Yves-Marie LeMaitre, Antero Kivi
  • Patent number: 8863256
    Abstract: A method in one embodiment includes detecting an event for a transaction on an on-board unit (OBU) of a vehicle, where the event has a trigger associated with an agent. The method also includes determining whether the transaction is authorized, identifying network credentials in an identity profile that corresponds to the agent, providing network credentials to a transaction application corresponding to the transaction, and accessing a remote network using the network credentials. Certain embodiments include selecting the network credentials from a plurality of available network credentials corresponding to the agent. In more specific embodiments, the network credentials include one or more virtual subscriber identity modules (VSIMs) of a plurality of VSIMs provisioned on the OBU. In specific embodiments, the network credentials are mapped to a combination of two or more of the agent, the transaction application, and a predefined current location of the vehicle.
    Type: Grant
    Filed: January 26, 2011
    Date of Patent: October 14, 2014
    Assignee: Cisco Technology, Inc.
    Inventors: Sateesh K. Addepalli, Fabio R. Maino, Flavio Bonomi, Lillian Lei Dai, Vina Ermagan, Alexander Loukissas, Erick D. Lee, Landon Curt Noll
  • Patent number: 8863252
    Abstract: A method of downloading trusted content. The method comprises sending by a mobile device a request for a trusted content to a server, wherein the mobile device comprises a first mobile device trusted security zone and builds the request while executing in the first mobile device trusted security zone and wherein the server comprises a server trusted security zone and wherein the server handles the request for the trusted content at least partly in the server trusted security zone. The method comprises receiving the trusted content by the first mobile device trusted security zone, storing the trusted content in a second mobile device trusted security zone of the mobile device, inspecting the trusted content in the second mobile device trusted security zone, and when the trusted content passes inspection, at least one of executing or presenting a portion of the trusted content by the first mobile device trusted security zone.
    Type: Grant
    Filed: July 25, 2012
    Date of Patent: October 14, 2014
    Assignee: Sprint Communications Company L.P.
    Inventors: Robin D. Katzer, Lyle W. Paczkowski, William M. Parsel, Carl J. Persson, Matthew C. Schlesener
  • Patent number: 8863254
    Abstract: An authentication information management program of an authentication information management apparatus allowing the authentication information management apparatus to execute: changing the first authentication information in correspondence information which is information including the first authentication information and second authentication information in association with each other and stored in a storage section of the authentication information management apparatus; transmitting the authentication apparatus of the changed first authentication information; determining, in response to a request from the apparatus to be authenticated, whether the second authentication information in the authentication request coincides with the second authentication information in the correspondence information; and returning, in the case where it is determined that the second authentication information in the authentication request coincides with the second authentication information in the correspondence information, the
    Type: Grant
    Filed: March 22, 2010
    Date of Patent: October 14, 2014
    Assignee: Fujitsu Limited
    Inventors: Itaru Nakagawa, Kazuo Sasaki
  • Patent number: 8862105
    Abstract: In particular implementations, a mobile device management system allows network administrators to control the distribution and publication of applications to mobile device users in an enterprise network. A user profile is accessed to determine a user attribute. A catalog of applications is filtered based at least in part on the user attribute and an enterprise application availability policy to determine a set of applications to be returned and provided via an enterprise mobile device application management interface.
    Type: Grant
    Filed: February 14, 2014
    Date of Patent: October 14, 2014
    Assignee: Mobile Iron, Inc.
    Inventors: Jesse Wagner Lindeman, Thomas Edward Wagner, Suresh Kumar Batchu, Ojas Udayan Rege, Ajay Kumar Mishra, Robert Bates Tinker
  • Patent number: 8863248
    Abstract: A technique for automated login to a browser application from a non-browser based client application begins upon the end user taking an action to access a target resource. A credential is associated with the client application as a result of a prior login operation. The technique is implemented in a server application associated with the client application. It enables automatic and secure passing of the client application credential to the counterpart browser application that is launched by the client application.
    Type: Grant
    Filed: April 7, 2011
    Date of Patent: October 14, 2014
    Assignee: International Business Machines Corporation
    Inventors: David Mark Wendt, Joseph Kubik
  • Patent number: 8863295
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for linking video sharing accounts with content delivery accounts. In one aspect, a method includes providing a control in a user interface associated with a campaign management tool for a content delivery system. The control includes a linking tool for linking a content delivery account associated with a user in the content delivery system with one or more video sharing accounts in a video sharing environment.
    Type: Grant
    Filed: October 18, 2011
    Date of Patent: October 14, 2014
    Assignee: Google Inc.
    Inventors: Phuong B. Le, Jonathan Goldman, Simon P. Hofer
  • Patent number: 8863262
    Abstract: Systems and methods are provided to authorize users to anonymously access resources of different web sites. For example, a business listing service may authenticate users and allow the authenticated users to access the resources of the businesses listed via the business listing service, without the users having to create separate accounts with the businesses and without having to reveal the identities of the users to the businesses.
    Type: Grant
    Filed: August 20, 2008
    Date of Patent: October 14, 2014
    Assignee: Yellowpages.com LLC
    Inventor: Jakhongir Samatov
  • Patent number: 8863246
    Abstract: Apparatus and methods are described for searching and replacing user credentials in a multiple disparate credential store environment. Upon authentication of a user to change credentials, credential information of multiple disparate credential stores is searched. Upon population of search results, users indicate which of the credentials they desire to change and results are committed upon affirmative execution in a user interface dialog. In this manner, users locate their credential information, from whatever store, and change it in quantity or singularly from a single point of control. They can also fully understand how many passwords, secrets, keys, etc., they have over the many disparate stores available to them and affirmatively control their relationship to other credential information. Reversion of credential information to an earlier time is still another feature as is retrofitting existing SSO services. Computer program products and computing network interaction are also disclosed.
    Type: Grant
    Filed: August 31, 2007
    Date of Patent: October 14, 2014
    Assignee: Apple Inc.
    Inventors: James M. Norman, Cameron Mashayekhi, Karl E. Ford
  • Patent number: 8863234
    Abstract: A method of providing collaborative security and collaborative decision making in a service-oriented environment. The method includes validating request(s) by application(s) for service(s) in the environment, and providing each service for which an application request is validated. The method also includes monitoring a situational state exposed by services being provided in the environment. Based on the monitored state, the validating of one or more service requests is influenced.
    Type: Grant
    Filed: August 6, 2008
    Date of Patent: October 14, 2014
    Assignee: The Boeing Company
    Inventor: Yefim Zhuk
  • Patent number: 8862888
    Abstract: In one aspect, systems and methods for three-factor authentication include receiving a user's identification and password transmitted from the user's mobile device, generating a One Time Password (OTP), encrypting the OTP, and encoding the encrypted OTP in a two-dimensional barcode. The two-dimensional barcode of the encrypted OTP is transmitted to a computing device of the user, and an image of the two-dimensional barcode of the encrypted OTP displayed on the user's computing device is captured using the user's mobile device. The two-dimensional barcode of the encrypted OTP is decoded using the user's mobile device to obtain the encrypted OTP. The encrypted OTP is decrypted using the user's mobile device and displayed. The OTP then is spoken by the user, and the user's voice and the OTP are recognized to authenticate the user.
    Type: Grant
    Filed: January 11, 2012
    Date of Patent: October 14, 2014
    Assignee: King Saud University
    Inventors: Ahmed Saleh Mohamed Tolba, Muhammad Khurram Khan, Khaled Soliman Alghathbar
  • Patent number: 8863253
    Abstract: In various embodiments, a method comprises scanning a directory structure to generate a scan result comprising a plurality of discovered systems, identifying one or more accounts associated with at least one of the plurality of discovered systems, configuring a security appliance to change one or more old passwords to one or more new passwords for the one or more accounts, and changing, with the configured security appliance, the one or more old passwords to the one or more new passwords.
    Type: Grant
    Filed: September 30, 2009
    Date of Patent: October 14, 2014
    Assignee: BeyondTrust Software, Inc.
    Inventors: Gyle Iverson, Jeffery Nielsen, Julie Lustig-Rusch, James Mitchell