Management Patents (Class 726/6)
-
Patent number: 8806201Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include an epoch processor that is used to validate authentication and authorization data that is valid only for an epoch. The epoch processor can maintain a public key that can be used to decrypt the authentication and authorization data during the epoch that the key is valid. The epoch processor can receive a new public key during each epoch. The epoch processor can also determine if the authentication or authorization data was fraudulently generated based on the contents of the data, and verifying whether the data is valid for the epoch in which it was decrypted.Type: GrantFiled: July 24, 2008Date of Patent: August 12, 2014Assignee: Zscaler, Inc.Inventors: Kailash Kailash, Shashidhara Mysore Nanjundaswamy, Amarnath Mullick, Jose Raphel
-
Patent number: 8806196Abstract: A relying party obtains a certificate of a certificate subject and acquires a status information object for the certificate. The relying party validates the certificate using information in the status information object and compares authorization attributes present in the status information object with policy attributes associated with the requested service. A policy attribute is a set of constraints used by the relying party to determine if the authorization attributes associated with the certificate subject are sufficient to allow the certificate subject to access the requested service. If the authorization attributes present in the status information object match the policy attributes associated with the requested service, the relying party may grant the certificate subject access to the requested service.Type: GrantFiled: November 4, 2011Date of Patent: August 12, 2014Assignee: Motorola Solutions, Inc.Inventors: Anthony R. Metke, Erwin Himawan, Shanthi E. Thomas
-
Patent number: 8806589Abstract: An aspect of the present invention facilitates flexible credential collection in an authentication server employing diverse authentication schemes. In an embodiment, an access manager in the authentication server determines that an authentication scheme is to be used for allowing access to a resource requested by a user. A custom module (implementing the authentication scheme) in the authentication server then sends to the access manager commands indicating corresponding sets of credentials to be collected. The access manager, in response to receiving each command, collects the corresponding credentials from the user and checks whether the collected credentials authenticates the user. The custom module sends each command after the checking of the previously collected credentials. Accordingly, a developer of the custom module is enabled to request for and to perform the authentication of the user based on different sets of credentials.Type: GrantFiled: June 19, 2012Date of Patent: August 12, 2014Assignee: Oracle International CorporationInventors: Ramya Subramanya, Aarathi Balakrishnan, Vikas Pooven Chatoth
-
Patent number: 8806591Abstract: A computer is configured to receive an authentication request that identifies one or more authentication form factors, and for each form factor identified, further identifies at least one parameter. The computer is further configured to generate a risk score for the authentication request using the parameter, the risk score being based at least in part on a complexity associated with each of the one or more authentication form factors. The computer is further configured to provide the risk score to a requester.Type: GrantFiled: January 7, 2011Date of Patent: August 12, 2014Assignee: Verizon Patent and Licensing Inc.Inventors: Charles Dallas, Mohammad Reza Tayebnejad, Ken Mckeever, Vidhyaprakash Ramachandran, Paul Andrew Donfried
-
Patent number: 8806594Abstract: An image forming apparatus communicates with an authenticating server which stores user information for identifying a user and authentication information included in a storing medium. An authentication requesting unit transmits the user information input to the image forming apparatus to the authenticating server to authenticate the user. An authentication result obtaining unit obtains the user authentication result from the authenticating server. A display unit displays a registering mode for registering the authentication information corresponding to the input user information and a deleting mode for deleting the authentication information corresponding to the input user information so that the modes can be selected according to the obtained authentication result.Type: GrantFiled: September 29, 2009Date of Patent: August 12, 2014Assignee: Canon Kabushiki KaishaInventors: Kazuhiro Ueno, Atsushi Daigo
-
Patent number: 8806494Abstract: Determining execution rights for a process. A user selects a process for execution. A driver intercepts the execution and communicates with a service or its remote agent. Configuration data is accessed to determine an execution role specifying whether the process should be denied execution or should execute with particular rights to access or modify system resources. The execution role is provided to the driver, and the driver allows or denies execution of the process in accordance with the provided execution role.Type: GrantFiled: July 3, 2013Date of Patent: August 12, 2014Assignee: Microsoft CorporationInventors: Mark Russinovich, Bryce Cogswell, Wesley G. Miller
-
Patent number: 8806603Abstract: Methods and systems for operating a Smart Device 102 with a secure communication system. A SPARC Security Device (SSD) 104 is in communication with one or more Smart Devices 102. SSD 104 receives a request for a transaction from a Smart Device 102 executing an application obtained from an Application Controlling Institution (ACI) 101, and is asked to verify the validity of the transaction. A one-time identifier (SSD ID, which replaces the user's account number) is generated by the SPARC Security Device 104. The one-time identifier comprises a unique SSD 104 unit identifier and a one-time transaction number. In a Loyalty Application, an ACIRD 81 stores on behalf of participating entities an accounting of at least one of inducements, rebates, loyalty points, and rewards earned by or attributable to users of the SD's 102, and communicates with the SD's 102 and with the associated ACI(s) 101 and SSD(s) 104.Type: GrantFiled: May 15, 2013Date of Patent: August 12, 2014Inventors: Jerome Svigals, Howard M. Svigals, Geoff Ingalls, John D. Hipsley
-
Patent number: 8806592Abstract: To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website, directly from the network site. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user's signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret.Type: GrantFiled: January 21, 2011Date of Patent: August 12, 2014Assignee: Authentify, Inc.Inventor: Ravi Ganesan
-
Patent number: 8806198Abstract: A method and system for communicating between a user network device and a server includes a first server and a user network device that requests an electronic token (eToken) from the first server. The first server communicates the eToken, a signature key, and a server time. The user network device determines a signature using the server time and signature key and communicates a request for data to a second server. The request for data includes a signature. The second server communicates data to a user network device.Type: GrantFiled: March 4, 2010Date of Patent: August 12, 2014Assignee: The DIRECTV Group, Inc.Inventor: Kapil Chaudhry
-
Patent number: 8806590Abstract: Architecture for generating a temporary account (e.g., an email address) with a user-supplied friendly name and a secret used to the sign the temporary account. For example, when a user wishes to create a temporary email address to use with an online organization, a friendly name is provided and the system generates a temporary email address including the friendly name. A signing component signs the temporary email address with a secret. One or more of these secrets can be provisioned prior to the user's creation of a friendly name, which eliminates propagation delay. During use, only incoming email messages having the temporary email address signed with the secret are validated. When the user revokes the temporary email address, the secret is revoked and the revocation is propagated to network gateways, rejecting any email sent to that address.Type: GrantFiled: June 22, 2008Date of Patent: August 12, 2014Assignee: Microsoft CorporationInventors: Charles R. Salada, Mayerber Carvalho Neto, Charlie Chung, Mayank Mehta
-
Patent number: 8806593Abstract: Guest accounts arise in a variety of ways. Hotels, Coffee Shops, internet cafes, internet kiosks, etc provide internet access to its guests, aka customers. Cloud based security services can serve as a platform for supporting efficient and safe guest account management. Guest accounts are managed by the cloud service and are associated and disassociated with individuals as needed by the guest account provider. The cloud service can also provide a guest account provider with greater control over guest account usage and accountability.Type: GrantFiled: May 19, 2011Date of Patent: August 12, 2014Assignee: Zscaler, Inc.Inventors: Jose Raphel, Kailash Kailash, Manoj Shriganesh Apte, Jagtar S Chaudhry
-
Patent number: 8806609Abstract: Techniques are disclosed for improving security in virtual private network. In one embodiment, key information is generated for a virtual private network (VPN) connection between a first device and a second device. A plurality of shares is then generated based on the key information. A first set of one or more shares is stored on a dongle that is paired to the first device. A second set of one or more shares is stored on the first device. In response to a request to resume the VPN connection, the first set of shares is retrieved from the dongle. The key information is reconstructed based on the first set of shares and the second set of shares. The reconstructed key information may then be used to resume the VPN connection.Type: GrantFiled: March 8, 2011Date of Patent: August 12, 2014Assignee: Cisco Technology, Inc.Inventors: Philip John Steuart Gladstone, David A. McGrew
-
Patent number: 8806595Abstract: In accordance with various embodiments, services gatekeeper systems and methods allow mapping and protecting communication services APIs with OAuth and group access to user information. Such a system can include a plurality of applications, executing on one or more application servers. The services gatekeeper is operable to define a group of members using a group URI, intercept requests for access to communication services APIs, obtain authorization from a group owner for access to a specified communication services API for each member of the group, and enable access to the specified communication services API of each member of the group in accordance with the scope authorized by the group owner.Type: GrantFiled: July 25, 2012Date of Patent: August 12, 2014Assignee: Oracle International CorporationInventors: Kirankumar Nimashakavi, Xu Peng Wang, Yun Gao, Min Feng Xu
-
Patent number: 8806204Abstract: Systems and methods for maintaining data security across multiple active domains are presented. Each domain includes a token generator that can generate tokens associated with sensitive data such as credit card numbers. The primary domain includes a centralized key manager. In one embodiment, each domain includes its own local data vault and a replica of each data vault associated with every remote domain. Any domain can access the data vaults (local and replica) and retrieve a token created by any other domain. The possibility of token collision is eliminated by a token generation algorithm that embeds a domain designator corresponding to the active domain where the token was created. When multiple tokens represent the same sensitive data, the token manager returns a set of all such tokens found in the data vaults.Type: GrantFiled: June 20, 2012Date of Patent: August 12, 2014Assignee: Liaison Technologies, Inc.Inventors: Jason Chambers, Theresa Robison, Dameion Dorsner, Sridhar Manickam, Daniel Konisky
-
Patent number: 8806608Abstract: The present invention discloses an authentication server and a method for controlling a mobile communication terminal access to a virtual private network (VPN).Type: GrantFiled: July 6, 2009Date of Patent: August 12, 2014Assignee: ZTE CorporationInventor: Jingwang Ma
-
Publication number: 20140223527Abstract: Some systems allow a user to access content using both a native client application and a web interface. In these systems, the client application authorized to access a user account can assist with automatically logging a user into the web interface through the use of authentication tokens. In response to an authentication request, the client application can select a token and split it into multiple parts. One piece can be embedded in a URL and a second piece can be stored in a file. The file can also contain browser executable instructions that when executed combine the two pieces to re-create the token and send the re-created token to a server to authenticate the user. The client application can forward the URL to the browser, which can direct the browser to the file. The browser can execute the instructions thereby authenticating the user.Type: ApplicationFiled: February 6, 2013Publication date: August 7, 2014Inventors: Andrew Bortz, Ambrus Csaszar, David Euresti, Dwayne Litzenberger
-
Publication number: 20140223524Abstract: A key updating method and system are provided. In the method, (1) a back-end authentication system receives a current dynamic password generated by a dynamic token and authenticates the current dynamic password, and if the authentication succeeds, generates key updating information and goes to (2); (2), the back-end authentication system generates a first updating key according to the key updating information and a first initial key stored therein and copies the first updating key to a buffer of the first initial key; the dynamic token obtains and authenticates the key updating information, and if the authentication succeeds, generates a second updating key according to the key updating information and a second initial key stored in the dynamic token and copies the second updating key to a buffer of the second initial key; or if authentication fails, quits the key updating. The solution avoids risk incurred by accidental key leakage.Type: ApplicationFiled: August 31, 2012Publication date: August 7, 2014Applicant: FEITIAN TECHNOLOGIES CO., LTD.Inventors: Zhou Lu, Huazhang Yu
-
Publication number: 20140223525Abstract: According to an example computer-implemented method, a password management server receives an access request message from a login computer at which a resource requiring vaulted credentials has been requested. The access request message identifies the requested resource and the login computer. A session identifier (ID) is generated for enabling release of the vaulted credentials. The session ID is linked to the login computer and to the requested resource. The session ID is transmitted to the login computer. Responsive to receiving a value indicative of the session ID from a mobile computing device, the password management server transmits the vaulted credentials to the login computer or to the mobile computing device.Type: ApplicationFiled: February 5, 2013Publication date: August 7, 2014Applicant: CA, Inc.Inventors: Itzhak Fadida, Guy Balzam, Amir Jerbi
-
Publication number: 20140223526Abstract: Privacy-preserving smart metering for a smart grid. Issuing a privacy-enhanced credential to a consumer node having smart meter. Operating the consumer node to associate an id with the credential and to use the id to report usage. Other systems and methods are disclosed.Type: ApplicationFiled: February 6, 2013Publication date: August 7, 2014Applicant: GEMALTO SAInventors: HongQian Karen LU, Aline GOUGET
-
Publication number: 20140223529Abstract: A method of sharing credential in a wireless communication system comprising a first user equipment, a second communication device and a network, includes transmitting a temporal credential and a credential custody request, from the first communication device, to the network; transmitting first custody information, by the network, to the first communication device; transmitting a credential acquiring request and second custody information, by the second communication device, to the network; and determining whether to transmit the temporal credential to the second communication device according to the second custody information.Type: ApplicationFiled: January 6, 2014Publication date: August 7, 2014Applicant: MEDIATEK INC.Inventors: Yuan-Chin Wen, Shih-Chang Su, Shun-Yong Huang, Chih-Shi Yee, Wei-Hung Su
-
Publication number: 20140223530Abstract: In one embodiment, a Manufacturer Installed Certificate (MIC) and a personal identification number are sent to a call controller to request a configuration profile. When the configuration file is received, the IP phone is provisioned according to the configuration profile.Type: ApplicationFiled: April 8, 2014Publication date: August 7, 2014Applicant: Cisco Technology, Inc.Inventors: Plamen Nedeltchev, Robert T. Bell, Max Pritikin
-
Publication number: 20140223528Abstract: A process/method is provided, which facilitates the secure, streamlined and authenticated installation of an end user's personally associated electronic identification, such as but not necessarily limited to Public Key Infrastructure digital certificates, a biometric authentication system, a location-based authentication system, a token-based system, and any ancillary software necessary for facilitating electronic security approaches associated with these technologies onto Mobile Devices with minimal Mobile Device end user interaction and without need for sending the personally associated electronic identification across potentially insecure communication protocols.Type: ApplicationFiled: October 15, 2013Publication date: August 7, 2014Applicant: Open Access Technology International, Inc.Inventors: Ilya Slutsker, Sasan Mokhtari, Eric Mickols, Vuthy Phan, Jaspreet Singh
-
Patent number: 8799674Abstract: Using cryptographic techniques, sensitive data is protected against disclosure in the event of a compromise of a content delivery network (CDN) edge infrastructure. These techniques obviate storage and/or transfer of such sensitive data, even with respect to payment transactions that are being authorized or otherwise enabled from CDN edge servers.Type: GrantFiled: December 6, 2010Date of Patent: August 5, 2014Assignee: Akamai Technologies, Inc.Inventor: F. Thomson Leighton
-
Patent number: 8800014Abstract: A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a service client a request for access to a secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving from the service client a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester. The secured resource has a common identifier by which it may be generally identified outside of the authentication system, but the request for access lacks sufficient information content for the service client to be able to determine the common identifier.Type: GrantFiled: October 23, 2011Date of Patent: August 5, 2014Inventor: Gopal Nandakumar
-
Patent number: 8798273Abstract: A key management protocol (such as KMIP) is extended to provide an extended credential type to pass information from clients to the server to enable the server to deduce pre-provisioned cryptographic materials for the individual clients. Preferably, KMIP client code communicates device information to a key management server in a value in the headers of KMIP requests that flow to the server. In this manner, KMIP requests are associated with pre-provisioned cryptographic materials for particular devices or device groups.Type: GrantFiled: August 19, 2011Date of Patent: August 5, 2014Assignee: International Business Machines CorporationInventors: Bruce Arland Rich, John Thomas Peck, Gordon Kent Arnold
-
Patent number: 8799653Abstract: A storage device and method for storage device state recovery are provided. In one embodiment, a storage device commences an authentication process to authenticate a host device. The authentication process comprises a plurality of phases, and the storage device stores the state of the authentication process, wherein the state indicates the phase(s) of the authentication process that have been successfully completed. After a power loss, the storage device retrieves the state of the authentication process and resumes an operation with the host device without re-performing the phase(s) of the authentication process that have been completed.Type: GrantFiled: February 13, 2012Date of Patent: August 5, 2014Assignee: SanDisk IL Ltd.Inventors: Rotem Sela, Avraham Shmuel
-
Patent number: 8799998Abstract: A method for controlling the traffic of an authentication server and an authentication access apparatus, wherein a local area network token bucket including a high priority token bucket and a low priority token bucket is set according to the capability of the authentication server in processing the request message, and the request message sent by the authentication client is redirected to the authentication server after allocating a token to the authentication client, thus the traffic of the authentication server is controlled, so that the authentication server will not receive more request messages than it can handle. Meanwhile, the tokens in the high priority token bucket are reserved specially for authentication clients of a high priority, and they cannot be used by authentication clients that are not of a high priority, so the quality of service for authentication clients of a high priority is improved.Type: GrantFiled: March 30, 2012Date of Patent: August 5, 2014Assignee: Hangzhou H3C Technologies Co., Ltd.Inventor: Wei Li
-
Patent number: 8800011Abstract: In one embodiment a method for receiving a request from a user to update a pointer record of a domain name system (DNS) in a DNS service includes issuing a query from the DNS service to a resource of a first service of the data center from the DNS service using a uniform resource indicator (URI) of the request corresponding to the resource, receiving a list of Internet protocol (IP) addresses in the DNS service from the first service, determining whether an IP address received in the request corresponds to one of the IP addresses of the list, and if so, enabling the user to update the pointer record.Type: GrantFiled: May 31, 2012Date of Patent: August 5, 2014Assignee: Rackspace US, Inc.Inventors: Keith Bray, Daniel Morris, Randall Burt
-
Patent number: 8800010Abstract: In one embodiment, each security protocol supplicant in a computer network determines its group temporal key (GTK) state, and exchanges the GTK state with one or more neighbor supplicants in the computer network. Based on the exchange, a supplicant may determine whether any inconsistencies exist in its GTK state, and in response to any inconsistencies in the GTK state, may perform a GTK state synchronization with a security protocol authenticator by indicating to the authenticator what is needed to resolve the inconsistent GTK state at the particular supplicant. In another embodiment, the authenticator, which is configured to not store per-supplicant GTK state, may transmit beacons containing GTK identifiers (IDs) of GTKs currently enabled on the authenticator, and also responds to supplicants having inconsistent GTK states with one or more needed GTKs as indicated by the supplicants.Type: GrantFiled: April 20, 2012Date of Patent: August 5, 2014Assignee: Cisco Technology, Inc.Inventors: Jonathan W. Hui, Anjum Ahuja, Krishna Kondaka, Wei Hong
-
Patent number: 8800008Abstract: Various hardware and software configurations are described herein which provide improved security and control over protected data. In some embodiments, a computer includes a main motherboard card coupled to all input/output devices connected to the computer, and a trusted operating system operates on the main motherboard which includes an access control module for controlling access to the protected data in accordance with rules. The trusted operating system stores the protected data in an unprotected form only on the memory devices on the main motherboard. The computer may also have a computer card coupled to the main motherboard via a PCI bus, on which is operating a guest operating system session for handling requests for data from software applications on the computer.Type: GrantFiled: June 1, 2007Date of Patent: August 5, 2014Assignee: Intellectual Ventures II LLCInventors: Daniel Joseph Sturtevant, Christopher Lalancette
-
Patent number: 8800012Abstract: The present invention is directed to perform high-reliable authentication using a one-way function that a communication is a communication which was performed with the same apparatus to be authenticated by storing a password only in an apparatus to be authenticated (it is unnecessary to store a password in both of an authentication apparatus and an apparatus to be authenticated) without transmitting a challenge code. When a setting is updated in a setting management server, authentication is performed by using a one-time password obtained last time. A sound communication terminal performs a process using a hash function once on a one-time password transmitted this time, and performs authentication by determining whether the processed one-time password matches a one-time password obtained last time or not. Whether the information at the time of the change in the setting is proper or not is determined by a sound terminal.Type: GrantFiled: November 1, 2012Date of Patent: August 5, 2014Assignee: NEC CorporationInventor: Yasuhiro Mizukoshi
-
Patent number: 8800009Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for accessing services from a virtual machine. One of the methods includes receiving requests for long-term security tokens from a host machine, each request comprising authentication information for a respective service account. The method include providing long-term security tokens to the host machine, wherein the long-term security tokens can be used to generate short-term security tokens for a virtual machine executing on the host machine. The method also includes generating by a process executing in a host operating system of the host machines a short-term security token based on a long-term security token of the long-term security tokens for use by a virtual machine executing on the host machine to access one of the respective service accounts, wherein the short-term security token is useable for a pre-determined amount of time.Type: GrantFiled: February 23, 2012Date of Patent: August 5, 2014Assignee: Google Inc.Inventors: Joseph S. Beda, III, Ridhima Kedia
-
Publication number: 20140215589Abstract: A method is provided for generating a soft token by which attributes of a user may be authenticated. A request to generate the soft token is transmitted from an electronic device of the user to a service provider computer via a first secure connection. After receiving the request, the service computer generates a one-time password, records the password as a session identifier, and transmits the password to the electronic device. The password is output by the electronic device via a user interface. The user enters the password into a user computer system, from where it is transmitted, via a second secure connection, to the service computer system. If the recorded password agrees with the received password, one or more attributes are read from an ID token of the user and a corresponding soft token is generated and transmitted to the electronic device or user computer system.Type: ApplicationFiled: August 22, 2012Publication date: July 31, 2014Applicant: BUNDESDRUCKEREI GMBHInventors: Frank Dietrich, Micha Kraus
-
Publication number: 20140215588Abstract: Communication by location method that geoplaces asynchronous message threads to a specific first geographic location geo-fence within which they are visible, and a second sub geo-fence for replies. The message threads have a first viewing distance parameter, a second reply parameter, and other parameters such as optional user set password prefixes. Users with mobile devices such as GPS equipped smart phones may set their devices to discover non-password protected message threads that are within a specified radius of the actual device itself, or a device virtual map location, and may use passwords to find password protected message threads. Generally only users with a real geographic proximity to the thread within the specified reply distance may reply to the thread. The method will generally be implemented by software residing on mobile devices and host servers, and may additionally use data from map servers to place the treads in a map context.Type: ApplicationFiled: March 24, 2014Publication date: July 31, 2014Inventor: Hazem I. Sayed
-
Publication number: 20140215585Abstract: In one embodiment, a method includes establishing a connection with an access-point (AP) device via a first communication path. The method further includes establishing a connection with a proxy device for the AP device via a second communication path that is distinct from the first communication path. In addition, the method includes determining a set of connection credentials maintained by the AP device. Furthermore, the method includes determining a set of connection credentials maintained by the proxy device. Additionally, the method includes identifying a correct set of connection credentials. The correct set includes at least one of the first set and the second set. The method also includes synchronizing the first set and the second set according to the correct set.Type: ApplicationFiled: January 31, 2013Publication date: July 31, 2014Applicant: DELL PRODUCTS L.P.Inventors: Abu Shaher Sanaullah, Yuan-Chang Lo, Raziuddin Ali, Claude Lano Cox, Michael S. Gatson, Karthikeyan Krishnakumar
-
Publication number: 20140215584Abstract: A pin associated with an identification number (ID) of a subscription device and a sequence number of a credit is output to a user. The pin is inputted to the subscription device. The subscription device is to allow the user to use a resource up to an extension value stored in the subscription device, if the entered pin correlates to a stored pin of the subscription device.Type: ApplicationFiled: January 30, 2013Publication date: July 31, 2014Applicant: HEWLETT-PACKARD DEVELOPMENT COMPANYInventor: HEWLETT-PACKARD DEVELOPMENT COMPANY
-
Publication number: 20140215587Abstract: An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset.Type: ApplicationFiled: January 31, 2013Publication date: July 31, 2014Inventors: Lloyd Leon Burch, Michael F. Angelo, Baha Masoud
-
Publication number: 20140215586Abstract: A method for generating a derived authentication credential includes determining whether a first authentication credential obtained from an individual is valid. The first authentication credential includes device data. Moreover, the method includes verifying the individual is a first authentication credential legitimate user after the first authentication credential is validated, and determining that a second authentication credential associated with the individual is valid after the individual is determined to be the legitimate user. Furthermore, the method includes capturing authentication data from the individual with a communications device, and after successfully authenticating the individual with an authentication computer system with the captured authentication data, combining the second authentication credential with the device data.Type: ApplicationFiled: January 31, 2013Publication date: July 31, 2014Inventor: Catherine Jo TILTON
-
Publication number: 20140215590Abstract: A multi-tenant cloud storage system is provided. The cloud storage system a plurality of tenants, each tenant is configured to utilize an isolated logical partition of the cloud storage system accessible to a respective tenant portal, wherein the plurality of tenants includes at least a first type tenant and a second type tenant, each of the first type tenant and the second type tenant are configured to provision its respective set of members with a different storage policy.Type: ApplicationFiled: April 3, 2014Publication date: July 31, 2014Applicant: CTERA NETWORKS, LTD.Inventor: Aron Brand
-
Patent number: 8793757Abstract: An identity management system incorporates privacy management processes that enable the user to exercise privacy controls over the disclosure of user identity information within the context of an authentication process. A combination includes an identity selector, a privacy engine, and a ruleset. The identity selector directs the release of a user identity in the form of a security token to satisfy the requirements dictated by a security policy. Prior to release of the user identity, the engine conducts a privacy enforcement process that examines the privacy policy of the service provider and determines if it is acceptable. The engine evaluates a ruleset against the privacy policy. A preference editor enables the user to construct, in advance, the ruleset, which embodies the user's privacy preferences regarding the disclosure of identity information.Type: GrantFiled: May 27, 2009Date of Patent: July 29, 2014Assignee: Open Invention Network, LLCInventor: Gail-Joon Ahn
-
Patent number: 8793780Abstract: A system and method, implementable using an authenticating device, are provided for authenticating requesting devices such as mobile devices and other communication devices over a network. At least one group shared secret is provisioned on a plurality of requesting devices, which are further provided with other authentication credentials such as a shared secret for full authentication by the authenticating device. When authentication is sought, the requesting device transmits a pre-authentication request comprising one of the group shared secrets to the authenticating device, which verifies that group shared secret. The group shared secrets may be stored in volatile memory at the authenticating device. If the group shared secret is verified, the authenticating device will authenticate that same device in response to a subsequent authentication request.Type: GrantFiled: April 11, 2011Date of Patent: July 29, 2014Assignee: BlackBerry LimitedInventor: David Robert Suffling
-
Patent number: 8793215Abstract: Systems and methods for publishing datasets are provided herein. According to some embodiments, methods for publishing datasets may include receiving a request to publish a dataset to at least one of an internal environment located within a secured zone and an external environment located outside the secured zone, the request comprising at least one selection criteria, selecting the dataset based upon the at least one selection criteria, the dataset being selected from an index of collected datasets, and responsive to the request, publishing the dataset to at least one of the internal environment and the external environment.Type: GrantFiled: June 4, 2011Date of Patent: July 29, 2014Assignee: Recommind, Inc.Inventor: Robert Tennant
-
Patent number: 8793774Abstract: In one embodiment, a method includes receiving a configuration request and a first key from a network device, granting a first class of access to the network device, sending a configuration instruction to the network device, receiving an association request from the network device, and granting a second class of access to the network device. The configuration request and the first key are received at a first time. The network device is outside a secure network segment at a first time. The first class of access is granted based on the first key. The configuration instruction is send in response to granting the first class of access. The association request includes a second key. The granting the second class of access is based on the second key.Type: GrantFiled: March 31, 2009Date of Patent: July 29, 2014Assignee: Juniper Networks, Inc.Inventors: Jainendra Kumar, Vineet Dixit, Prabhu Seshachellum
-
Publication number: 20140208403Abstract: The invention provides a method for identifying pulse optical signal, including: a. receiving first trigger information; b. collecting and identifying pulse optical signal with a predetermined method to obtain a unit of data; c. parsing the unit of data and determining type of it, if the unit of data is a unit of data representing header information, step d is executed; or if the unit of data is other type of unit of data, step b is executed; d. going on collecting and identifying pulse optical signal with the predetermined method to obtain a unit of data; e. determining whether all units of data corresponding to the unit of data representing the header information is received; f. packeting the unit of data representing the header information with all corresponding units of data into a group of data packets.Type: ApplicationFiled: December 27, 2011Publication date: July 24, 2014Applicant: FEITIAN TECHNOLOGIES CO., LTD.Inventors: Zhou Lu, Huazhang Yu
-
Publication number: 20140208404Abstract: Some embodiments provide a program that synchronizes a keychain stored on a device with a set of other devices. The keychain includes a set of keychain items. The program receives (1) a list of keychain items for updating the keychain stored on the device and (2) data representing the keychain items specified in the list of keychain items. For each keychain item in the list of keychain items, the program updates the keychain stored on the device with the data that represents the keychain item.Type: ApplicationFiled: March 15, 2013Publication date: July 24, 2014Inventors: Michael Brouwer, Dallas B. De Atley, Mitchell D. Adler
-
Patent number: 8787567Abstract: In accordance with particular embodiments, a computer-implemented method for execution by one or more processors includes intercepting a communication comprising a message. The method also includes identifying words from within the message. The method further includes storing in a dictionary words from within the message of the communication and one or more parameters of the communication for each of the words. The dictionary comprises a plurality of words from a plurality of intercepted text-based communications. The method also includes receiving an encrypted file that is configured to be decrypted using a password. The method additionally includes identifying words from the dictionary to be used to attempt to decrypt the encrypted file. The identified words are identified based on at least one parameter associated with the encrypted file and the one or more parameters stored in the dictionary.Type: GrantFiled: February 22, 2011Date of Patent: July 22, 2014Assignee: Raytheon CompanyInventors: Monty D. McDougal, Randy S. Jennings, William E. Sterns
-
Patent number: 8789197Abstract: A system and method facilitate the use of a multi-function computer for an examination. An application implementing the method receives a hash input from a user and, upon successful completion of the examination, displays a hash output. The hash output may be displayed as a visual hash. During the examination, the application or system monitors the multi-function computer to determine whether the user has activated, viewed, or launched any prohibited functions or applications on the multi-function computer. If the user views a prohibited function or application, the examination application does not display the hash output. The system and application implement various security measures to prevent spoofing or duplication of the hash output or tampering with the application.Type: GrantFiled: September 17, 2010Date of Patent: July 22, 2014Assignee: Wolfram Alpha LLCInventors: Stephen Wolfram, Taliesin Sebastian Beynon, Robert Kerr Lockhart
-
Patent number: 8789152Abstract: A method and technique for managing authentication procedures for a user having access to several applications within a computing environment includes registering at an authentication manager different applications to which a user shall be given an authentication access by defining at the authentication manager a specific address identification allowing addressing the application specific authentication rules, logging the user to the authentication manager, the user requesting access to an application accessible by the authentication manager, and using the application specific address identification stored at the authentication manager to retrieve the application specific authentication rules for authenticating the user to the requested application.Type: GrantFiled: November 19, 2010Date of Patent: July 22, 2014Assignee: International Business Machines CorporationInventors: Thomas H. Gnech, Rainer Himmelsbach, Oliver Petrik, Heike Schmidt
-
Patent number: 8789154Abstract: Disclosed is a client device that includes: a user interface to receive a username and a first password associated with a server site visited by a user; a random number generator to generate a random number; and a processor to generate a second password by implementing a function based upon the first password and the random number and to command storage of the random number, the username, and the associated server site. If the user attempts to log onto the server site by inputting their username and the second password, the processor extracts the random number associated with the username and the server site and implements the function based upon the second password and the random number to generate the first password which replaces the second password entered by the user and is submitted to the server site.Type: GrantFiled: June 30, 2011Date of Patent: July 22, 2014Assignee: QUALCOMM IncorporatedInventor: Qing Li
-
Patent number: 8789151Abstract: Managing via a web portal a remote device from a source device connected to a communication network. A device ID is assigned to the remote device, and a remote management software for remote management of the remote device is not installed on the source device or the remote device. Based on the assigned device ID, a connection is established with the remote device via the communication network. A first instruction is received from a user for authenticating access to the web portal. The user is authenticated in response to the received first instruction. An online status is established for the authenticated user. A second instruction is received from the authenticated user requesting access to the remote device. The device ID of the remote device is validated. The validated device ID is associated with the authenticated user. A connection is established between the remote device and the web portal.Type: GrantFiled: January 9, 2008Date of Patent: July 22, 2014Assignee: Microsoft CorporationInventors: Todd Ryun Manion, Kestutis Patiejunas, Junfeng Zhang, Ryan Yonghee Kim