Management Patents (Class 726/6)
  • Patent number: 8789153
    Abstract: To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user's signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret.
    Type: Grant
    Filed: January 21, 2011
    Date of Patent: July 22, 2014
    Assignee: Authentify, Inc.
    Inventor: Ravi Ganesan
  • Patent number: 8789160
    Abstract: Systems and methods to secure authorized access are disclosed. A method includes receiving, an electronic device, a request to generate function-authorization settings including function-access data associated with a particular function of the electronic device to be protected. The method also includes prompting for and receiving function-access data. The received function-access data includes first function-access data that specifies access credentials of a first user to access the particular function and second function-access data that specifies access credentials of a second user to access the particular function. The method also includes associating the received function-access data with the particular function and storing the function-authorization settings including the received function-access data at a memory of the electronic device.
    Type: Grant
    Filed: March 6, 2009
    Date of Patent: July 22, 2014
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Mehrad Yasrebi, Niral Sheth, James Jackson
  • Patent number: 8789156
    Abstract: A tool for establishing a wireless connection from a mobile device to another device in proximity to the mobile device. The mobile device receives requests for data, such as a user profile, medical records, etc. from the device. The mobile device has the ability to register/preapprove the requesting device allowing the device to access the requested data. The mobile device also has the ability to give varying devices different authorization levels. The mobile device has the ability to store the data on another system, and in response to the request, validate the requesting device and the device's authorization level, request the data from the other system through a network, and return the data to the requesting device.
    Type: Grant
    Filed: August 19, 2011
    Date of Patent: July 22, 2014
    Assignee: International Business Machines Corporation
    Inventors: Frank C. Fisk, Sri Ramanathan, Matthew A. Terry, Matthew B. Trevathan
  • Patent number: 8788828
    Abstract: A system and method for verifying ownership of an electronic receipt in a communication system providing a public key infrastructure, the verification arising out of a series of messages being sent and received between a first party and a verifying party, the method comprising the steps of receiving a proof message from the first party, the proof message being derived from at least a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party and an electronic receipt that has been issued by electronically signing a request message with a second public key, determining whether or not the proof message was derived from the second public key.
    Type: Grant
    Filed: September 12, 2012
    Date of Patent: July 22, 2014
    Assignee: International Business Machines Corporation
    Inventors: Elsie van Herrewegen, Jan Camenisch
  • Publication number: 20140197232
    Abstract: A server in a communications network establishes a communication channel between a user's device and another device having a display. Particularly, the server generates a Quick Response (QR) code utilizing one or more parameters, and sends it to a device for display to a user. Using his or her device, the user captures an image of the displayed QR code and extracts the parameters using an image analysis technique. The device then sends the extracted parameters back to the server, which then utilizes them to authenticate the user and establish the communications session.
    Type: Application
    Filed: March 30, 2012
    Publication date: July 17, 2014
    Applicant: Sony Mobile Communications AB
    Inventors: Paul Joergen Birkler, Anton Fedosov, Jeffrey Blattman, Richard Walter Rein, JR.
  • Publication number: 20140201824
    Abstract: A computer-implemented method for providing access to data accounts within user profiles via cloud-based storage services may include (1) identifying a user profile associated with a user of a cloud-based storage service, (2) identifying a plurality of data accounts within the user profile associated with the user of the cloud-based storage service, (3) detecting a request from a client-based application associated with the user of the cloud-based storage service to access at least a portion of data stored in a data account within the user profile, (4) locating a unique account name that identifies the data account in the request, and then (5) satisfying the request from the client-based application associated with the user to access the portion of data stored in the data account via the cloud-based storage service. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Application
    Filed: January 15, 2013
    Publication date: July 17, 2014
    Applicant: Symantec Corporation
    Inventor: Symantec Corporation
  • Patent number: 8782776
    Abstract: A simple, customizable and intuitive virtual combination unlock method and system. More specifically, an unlock system and method is disclosed which includes a virtual combination lock, where the virtual combination lock includes several rows of user-selectable images such as pictures or icons as the virtual combination wheels. In certain embodiments, the images are accessed via the user's database. To unlock the device, the user touches and drags pre-selected images into alignment with each other. Security can be adjusted by changing the number of images that need to be aligned to unlock the device.
    Type: Grant
    Filed: January 4, 2012
    Date of Patent: July 15, 2014
    Assignee: Dell Products L.P.
    Inventor: Roy Stedman
  • Patent number: 8782796
    Abstract: Novel systems and methods for testing network security are disclosed. In one example, at least one specified data message and at least one specified access credential to at least one third-party web-based service is stored on a monitoring system. At least one software agent configured with the specified data message and the specified access credential to the third-party web-based service is installed on at least on system to be tested. The software agent is executed on the testing system to send the specified data message to the third-party web-based service using the specified access credential. A monitoring system which is independent of the network, access the third-party web-based service with the access credential. The monitoring system compares, if data on the third-party web-based service is equivalent to the specified data message sent by the software agent. In another example, the software agent is configured with a custom start-logging command.
    Type: Grant
    Filed: June 22, 2012
    Date of Patent: July 15, 2014
    Assignee: Stratum Security, Inc.
    Inventors: Trevor Tyler Hawthorn, Nathan Miller, Jeffrey LoSapio
  • Patent number: 8782759
    Abstract: The present invention provides identification and access control for an end user mobile device in a disconnected mode environment, which refers generally to the situation where, in a mobile environment, a mobile device is disconnected from or otherwise unable to connect to a wireless network. The inventive method provides the mobile device with a “long term” token, which is obtained from an identity provider coupled to the network. The token may be valid for a given time period. During that time period, the mobile device can enter a disconnected mode but still obtain a mobile device-aided function (e.g., access to a resource) by presenting for authentication the long term token. Upon a given occurrence (e.g., loss of or theft of the mobile device) the long term token is canceled to restrict unauthorized further use of the mobile device in disconnected mode.
    Type: Grant
    Filed: February 11, 2008
    Date of Patent: July 15, 2014
    Assignee: International Business Machines Corporation
    Inventors: Heather Maria Hinton, Anthony Joseph Nadalin
  • Patent number: 8782735
    Abstract: A method for assessing runtime risk for an application or device includes: storing, in a rules database, a plurality of rules, wherein each rule identifies an action sequence; storing, in a policy database, a plurality of assessment policies, wherein each assessment policy includes at least one rule of the plurality of rules; identifying, using at least one assessment policy, a runtime risk for an application or device, wherein the identified runtime risk identifies and predicts a specific type of threat; and identifying, by a processing device, a behavior score for the application or device based on the identified runtime risk, wherein the action sequence is a sequence of at least two performed actions, and each performed action is at least one of: a user action, an application action, and a system action.
    Type: Grant
    Filed: January 15, 2013
    Date of Patent: July 15, 2014
    Assignee: Taasera, Inc.
    Inventor: Srinivas Kumar
  • Patent number: 8782746
    Abstract: A multiple-identity secure device (MISD) persistently stores a single identification code (a “seed identity”). The seed identity need not be a network address, and may be stored in an integral memory of the device, or on an interchangeable card received in a physical interface of the MISD. The MISD is provided with a transformation engine, in hardware or software form, that is subsequently used to generate one or more unique identities (e.g., network addresses) from the stored seed identity using predefined logic. The generated identities may be dynamically generated, e.g., in real-time as needed after deployment of a device into possession of a subscriber/customer/user, etc., or may be securely stored in the MISD for subsequent retrieval. The transformation engine may generate a unique identity in accordance with an addressing scheme identified as a default setting, a global/network setting, or as determined from a received data transmission.
    Type: Grant
    Filed: November 10, 2008
    Date of Patent: July 15, 2014
    Assignee: Comcast Cable Communications, LLC
    Inventor: Steven J Reynolds
  • Patent number: 8782391
    Abstract: Systems and methods for service activation using algorithmically defined keys are disclosed. A consumer who has a relationship with a first party may wish to enroll in a service provided by a third party. The first party can maintain control of such enrollments through the use of algorithmically defined keys. The algorithmically defined keys also allow the third party service provider to verify data provided by the consumer as matching data stored by the first party. The verification provides for data synchronization without requiring the third party to have access to the first parties data systems.
    Type: Grant
    Filed: June 8, 2010
    Date of Patent: July 15, 2014
    Assignee: Visa International Service Association
    Inventors: Ashwin Raj, John Tullis, Mark Carlson, Patrick Faith, Shalini Mayor, Joseph Mirizzi, Lauren White, Olivier Brand, Mike Lindelsee
  • Patent number: 8782767
    Abstract: The aim of the present invention is to provide a security module capable of supporting the different functions of the latest and the previous generations, by avoiding any possible attack due to this adaptability. This aim is attained by a security module comprising first communication means to a host device, first storage means and first decryption means, characterized in that it includes a state module and second communication means and physical activation or deactivation means of said second means, such activation or deactivation being managed by the state module.
    Type: Grant
    Filed: November 30, 2006
    Date of Patent: July 15, 2014
    Assignee: Nagravision, S.A.
    Inventor: Michael John Hill
  • Patent number: 8782761
    Abstract: Generating user authentication challenges based in part on preferences of one or more contacts of a user includes receiving an authentication request from a user. One or more contacts of the user associated with the authentication request are determined. One or more preferences of the close contact or contacts are determined. An authentication challenge based on the one or more preferences of one or more of the user's contacts is generated. The authentication request is allowed or denied based on the completion on the authentication challenge.
    Type: Grant
    Filed: August 8, 2011
    Date of Patent: July 15, 2014
    Assignee: Google Inc.
    Inventor: Jessica Staddon
  • Patent number: 8782414
    Abstract: A system and methods for establishing a mutually authenticated secure channel between a client device and remote device through a remote access gateway server. The remote access gateway server forwards secure connection requests and acknowledgements between the client and the remote device such that the remote access gateway does not possess any or all session keys necessary to decrypt communication between the client device and remote device.
    Type: Grant
    Filed: May 7, 2007
    Date of Patent: July 15, 2014
    Assignee: Microsoft Corporation
    Inventor: Kestutis Patiejunas
  • Patent number: 8782758
    Abstract: An authentication system in which a authentication server and a plurality of clients are coupled through a network and configured to process an authentication from a user of a client, is configured to determine as a cache target user another user who is different from the user who requested the authentication; is configured to generate an identifier that indicates the cache target user; and is configured to transmit biometric data of the cache target user and the identifier to the client from which the authentication of the user was requested. A cache availability determiner can determine whether biometric data of any cache target user are available on a client.
    Type: Grant
    Filed: September 6, 2011
    Date of Patent: July 15, 2014
    Assignee: Fujitsu Limited
    Inventor: Ken Kamakura
  • Patent number: 8782774
    Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
    Type: Grant
    Filed: March 7, 2013
    Date of Patent: July 15, 2014
    Assignee: Cloudflare, Inc.
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Albertus Strasheim
  • Patent number: 8782755
    Abstract: The present invention provides a system and method for dynamically selecting an authentication virtual server from a plurality of authentication virtual servers. A traffic management virtual server may determine from a request received from a client to access content of a server that the client has not been authenticated. The traffic management virtual server can identify a policy for selecting an authentication virtual server to provide authentication of the client. Responsive to the identification, the traffic management virtual server can select, via the policy, an authentication virtual server of the plurality of authentication virtual servers to authenticate the client. Responsive to the request, the traffic management virtual server may transmit a response to the client The response includes an instruction to redirect to the selected authentication virtual server.
    Type: Grant
    Filed: March 23, 2009
    Date of Patent: July 15, 2014
    Assignee: Citrix Systems, Inc.
    Inventors: James Harris, Rui Li, Arkesh Kumar, Ravindranath Thakur, Puneet Agarwal, Akshat Choudhary
  • Publication number: 20140196130
    Abstract: Systems and methods for managing credentials distribute the credentials to subsets of a set of collectively managed computing resources. The collectively managed computing resources may include one or more virtual machine instances. The credentials distributed to the computing resources may be used by the computing resources to perform one or more actions. Actions may include performing one or more functions in connection with configuration, management, and/or operation of the one or more resources, and/or access of other computing resources. The ability to use credentials may be changed based at least in part on the occurrence of one or more events.
    Type: Application
    Filed: March 11, 2014
    Publication date: July 10, 2014
    Applicant: Amazon Technologies, Inc.
    Inventors: Marc J. Brooker, Mark Joseph Cavage, David Brown, Kevin Ross O'Neill, Eric Jason Brandwine, Christopher Richard Jacques de Kadt
  • Publication number: 20140196129
    Abstract: The present invention provides a user credential management system and a method thereof. The system includes a profile creation module configured to facilitate creation of one or more context specific user profiles. Each context specific user profile comprises a set of user credentials. A profile linking module is configured to link the one or more context specific user profiles to a web browser. A profile selection module is configured to facilitate a selection of a context specific user profile from one of web account creation and a first time access to existing web account post creation of the context specific user profiles. The selection is subsequent to display of a web form associated with the web account. The profile selection module is further configured to populate entries corresponding to one or more credential entry fields on the web form based on the selected context specific user profile and auto populate the web form at the subsequent access to the web account.
    Type: Application
    Filed: December 30, 2013
    Publication date: July 10, 2014
    Inventor: Umesh J. AMIN
  • Patent number: 8776191
    Abstract: Techniques for reducing storage space and detecting corruption in hash-based applications are presented. Data strings are hashed or transformed into numerically represented strings. Groupings of the numeric strings form a set. Each numeric string of a particular set is associated with a unique co-prime number. All the numeric strings and their corresponding co-prime numbers for a particular set are processed using a Chinese Remainder Theorem algorithm (CRT) to produce a single storage value. The single storage value is retained in place of the original numeric strings. The original numeric strings can be subsequently reproduced and verified using the single storage value and the co-prime numbers.
    Type: Grant
    Filed: January 25, 2008
    Date of Patent: July 8, 2014
    Assignee: Novell Intellectual Property Holdings, Inc.
    Inventors: Vardhan Itta Vishnu, Hithalapura Basavaraj Puttali
  • Patent number: 8776195
    Abstract: An improved technique involves converting facts from multiple fact sources to a common data format. Along these lines, for each fact source having a source-specific format, a KBA system provides an adaptor that converts incoming facts in the source-specific format to the common data format prior to generating questions. The KBA system stores the facts in the common format in a database for subsequent access. In response to an authorization request, the KBA system then builds questions based on the facts from multiple sources in the common data format stored in the database.
    Type: Grant
    Filed: March 30, 2012
    Date of Patent: July 8, 2014
    Assignee: EMC Corporation
    Inventors: Ayelet Avni, Bryan Knauss, Yedidya Dotan, Erez Yakoel
  • Patent number: 8775807
    Abstract: In one implementation, a credential associated with a user identifier and a location is stored at a client device. A request to output a representation of the credential in a manner that enables a credential authority to validate the representation is received. Responsive to receiving the request to render the representation of the credential, a location of the client device is obtained and a determination that the location of the client device is within a predefined distance of the location associated with the credential is made. Responsive to determining that the location of the client device is within the predefined distance of the location associated with the credential, data indicating that the user has entered the location associated with the credential is stored in a memory of the client device.
    Type: Grant
    Filed: October 26, 2012
    Date of Patent: July 8, 2014
    Assignee: MicroStrategy Incorporated
    Inventors: Hector Vazquez, Gang Chen
  • Patent number: 8776196
    Abstract: A computer-implemented method for automatically detecting and preventing phishing attacks may include (1) maintaining a credentials store for a user of the computing device that identifies both at least one known-legitimate website and credentials associated with the known-legitimate website, (2) detecting an attempt by the user to enter the same credentials that are associated with the known-legitimate website into a new website that is not associated with the credentials in the credentials store, and then, prior to allowing the credentials to pass to the new website, (3) automatically warning the user that the new website potentially represents an attempt to phish the credentials associated with the known-legitimate website from the user. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: July 24, 2012
    Date of Patent: July 8, 2014
    Assignee: Symantec Corporation
    Inventors: Ian Oliver, Adam Glick, Nicholas Graf, Spencer Smith
  • Patent number: 8775804
    Abstract: A matching authentication method for wireless communication equipment comprises that: a device at the transmitting end sends a matching request (S101) to a device at the receiving end; the device at the transmitting end receives the response messages feedback from the device at the receiving end, and the response message carry with feature codes (S102); the device at the transmitting end obtains the feature codes and takes the feature codes as the authentication and authorization codes communicating with the receiving end. The invention also provides a wireless communication device with the function of matching authentication correspondingly. The wireless communication device comprises a memory unit, a communication unit, and an authentication and authorization unit and a feature code updating unit. The invention also provides a wireless communication system with the function of matching authentication correspondingly.
    Type: Grant
    Filed: June 23, 2009
    Date of Patent: July 8, 2014
    Assignee: Sany Heavy Industry Co., Ltd.
    Inventors: Xiaogang Yi, Yonghong Liu, Yaohui Ou, Jihui Zhou
  • Patent number: 8776234
    Abstract: A method for reducing the size of the AV database on a user computer by dynamically generating an AV database according to user parameters is provided. Critical user parameters that affect the content of the AV database required for this user are determined. The AV database for the single user is generated based on the user parameters. When the parameters of the user computer change or when new malware threats are detected, the user AV database is dynamically updated according to the new parameters and the new malware threats. The update procedure becomes more efficient since a need of updating large volumes of data is eliminated. The AV system, working with a small AV database, finds malware objects more efficiently and uses less of computer system resources.
    Type: Grant
    Filed: April 20, 2011
    Date of Patent: July 8, 2014
    Assignee: Kaspersky Lab, ZAO
    Inventor: Andrey P. Doukhvalov
  • Patent number: 8776194
    Abstract: Disclosed are various embodiments for authentication management services, where authentication services of network sites may support authentication management clients associated with different authentication management services. An authentication request is obtained by way of an authentication protocol from an authentication management client executed in a client computing device. The authentication request specifies a security credential associated with a user account. The user account at the client computing device is authenticated for access to at least one secured resource of a network site in response to the authentication request and in response to the authentication management client being supported.
    Type: Grant
    Filed: February 1, 2012
    Date of Patent: July 8, 2014
    Assignee: Amazon Technologies, Inc.
    Inventors: Daniel W. Hitchcock, Brad Lee Campbell
  • Patent number: 8776193
    Abstract: A mobile computing device comprising a first application adapted to provide information to a server. The information is adapted to be shared by the server with at least one additional mobile computing device when the at least one additional mobile computing device is located within a specified range of the mobile computing device. Additionally, a password entered through a second application located on the additional mobile computing device may be required to correspond to a password received from the mobile computing device in order to share the information. Furthermore, the additional mobile computing device may be required to access the information within a specified time period.
    Type: Grant
    Filed: May 16, 2011
    Date of Patent: July 8, 2014
    Assignee: Qualcomm Innovation Center, Inc.
    Inventor: Xintian Li
  • Patent number: 8776192
    Abstract: Methods for automatically verifying and populating an encryption keystore are provided. Pursuant to these methods, the keystore may be automatically checked to determine if it is missing a required digital certificate; if so, the missing required digital certificate may be automatically inserted into the keystore. The methods may also include automatically obtaining the required digital certificates and a list of the required digital certificates, and automatically comparing the list of required digital certificates with the digital certificates in the keystore to determine if the keystore is missing a required digital certificate. The methods may further include sending an informational alert if a missing required digital certificate was automatically inserted into the keystore, and may include checking the keystore to determine if any required digital certificates have expired, will expire within a predetermined time period, or are inoperative.
    Type: Grant
    Filed: November 17, 2009
    Date of Patent: July 8, 2014
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: Andrew Schiefelbein
  • Patent number: 8775820
    Abstract: A system for password generation and control is provided. The system includes a client and a server system. A password component is operable on the client system for automatically on a re-occurring basis generating a password for an application operable by the client system based upon at least two inputs accessible from the client system. A password manager component is operable on the server system to generate the password using the at least two inputs to enable access to the application the client system.
    Type: Grant
    Filed: June 2, 2006
    Date of Patent: July 8, 2014
    Assignee: Sprint Communications Company L.P.
    Inventor: Alexander B. Freeburne
  • Patent number: 8776197
    Abstract: A device receives enterprise information associated with enterprises supported by a network, and determines enterprise identifiers for one or more enterprises identified in the enterprise information. The device also receives information associated with devices and subscribers of the network, and determines security key parameters based on the information associated with the devices and the subscribers of the network. The device further generates, based on the security key parameters, a security key for each of the enterprise identifiers.
    Type: Grant
    Filed: August 27, 2012
    Date of Patent: July 8, 2014
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: William C. King, Lawrence S. Rybar, Bjorn Hjelm, Xuming Chen, Kwai Y. Lee
  • Patent number: 8775188
    Abstract: Embodiments of the present invention provide a method for voice approval, where the method includes: receiving voice approval request information sent by an enterprise application server; establishing a voice communication connection with the terminal according to the contact information of the approver terminal; sending approval content audio information corresponding to the voice approval request information to the approver terminal; receiving feedback information, and obtaining approval result information according to the feedback information; and sending the approval result information to the enterprise application server. Embodiments of the present invention also provide a device and system for voice approval. In the embodiments of the present invention, the enterprise application server and the enterprise gateway are combined and improved to enable an approver to approve, in voice mode, an approval request raised by an applicant, thereby increasing the approval efficiency.
    Type: Grant
    Filed: July 25, 2013
    Date of Patent: July 8, 2014
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Weijun Deng, Yu Yin, Liyan Song
  • Publication number: 20140189830
    Abstract: A method, system, and computer program product for multi-component signature generation are provided in the illustrative embodiments. A set of original signature components is received comprising original signature components of different types. A subset of original signature components from the set of original signature components is modified to create a set of modified signature components. Members of a subset of the set of modified signature components are arranged in a modified order. The modified order is different from an original order in which original signature components corresponding to the members of the subset of the set of modified signature components appear in the set of original signature components. The multi-component signature is generated in response to the arranging.
    Type: Application
    Filed: January 2, 2013
    Publication date: July 3, 2014
    Applicant: International Business Machines Corporation
    Inventor: Scott R. Crarrier
  • Publication number: 20140189829
    Abstract: An authentication challenge system for performing secondary authentication for an account associated with an online store is described. In one embodiment, the authentication challenge system includes a question generation engine, which can derive a series of questions based upon activity associated with a user account of an online store; a network interface, which can transport the series of one or more questions derived by the question generation engine to authenticate the user to the online store; a confidence engine, which can determine a required confidence level for a successful authentication, and can compute a confidence score of the user identity; and a quality engine, which can adjust the question generation engine and the confidence engine based upon an analysis of question and answer metrics across multiple accounts of the online store. The online store can include digital media, such as music, movies, books or applications for electronic computing devices.
    Type: Application
    Filed: December 31, 2012
    Publication date: July 3, 2014
    Applicant: Apple Inc.
    Inventors: Jonathan G. McLachlan, Augustin J. Farrugia, Nicholas T. Sullivan
  • Publication number: 20140189833
    Abstract: An information processing apparatus determines whether a device accesses a box region of the information processing apparatus. When it is determined that the box region is accessed, a box ID entry screen is displayed on the device. The information processing apparatus determines whether a box ID is entered by a user of the device. If it is determined that a box ID is entered, then device information about the device is obtained. After the device information is obtained, the information processing apparatus determines whether the device possesses a hardware keyboard. If it is determined that the device possesses a hardware keyboard, a password authentication screen is displayed on the device. If it is determined that the device does not possess a hardware keyboard, an image authentication screen is displayed on the device.
    Type: Application
    Filed: March 7, 2014
    Publication date: July 3, 2014
    Applicant: Konica Minolta, Inc.
    Inventors: Chiho MURAI, Motohiro ASANO
  • Publication number: 20140189831
    Abstract: Time-based authentication apparatus deploys a seed record to user equipment such as a mobile telephone pre-equipped with an app. When a user initiates login access to a protected product or service, using a computing device, they run the app on their mobile equipment which delivers an output such as a QR code (or other local communication such as NFC) containing two time-based codes. The login process on the computing device accepts the output and sends the time-based codes to the authentication apparatus, either together or the second code on request. The authentication apparatus now locates the codes and automatically resynchronises to any time zone across the world plus 1 hour of clock drift (+/?13 hours UTC).
    Type: Application
    Filed: December 26, 2013
    Publication date: July 3, 2014
    Inventor: Andrew Christopher Kemshall
  • Publication number: 20140189782
    Abstract: Authenticating a user to a first service to allow the user to access a resource provided by the first service. The resource is a protected resource requiring a general purpose credential (e.g. a user name and/or password) to access the resource. The method includes receiving at a second service, from the device, an ad-hoc credential. The ad-hoc credential is a credential that is particular to the device. The ad-hoc credential can be used to authenticate both the user and the device, but cannot be directly used to as authentication at the first service for the user to access the resource. The method further includes, at the second service, substituting the general purpose credential for the ad-hoc credential and forwarding the general purpose credential to the first service. As such the first service can provide the resource to the user at the device.
    Type: Application
    Filed: January 2, 2013
    Publication date: July 3, 2014
    Applicant: MICROSOFT CORPORATION
    Inventors: Meir Mendelovich, Ron Matchoro
  • Publication number: 20140189775
    Abstract: Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token.
    Type: Application
    Filed: December 27, 2012
    Publication date: July 3, 2014
    Applicant: Novell, Inc.
    Inventors: Lloyd Leon Burch, Carolyn B. McClain, Robert Skousen Stilmar, Dipto Chakravarty, Baha Masoud, Michael F. Angelo
  • Publication number: 20140189826
    Abstract: Techniques for dynamic generation and management of password dictionaries are presented. Passwords are parsed for recognizable terms. The terms are housed in dictionaries or databases. Statistics associated with the terms are maintained and managed. The statistics are used to provide strength values to the passwords and determine when passwords are acceptable and unacceptable.
    Type: Application
    Filed: September 14, 2012
    Publication date: July 3, 2014
    Inventors: Srinivas Vedula, Cameron Craig Morris
  • Publication number: 20140189832
    Abstract: A computer-implemented method includes generating data indicative of one or more times in which to sample content of a first resource and content of a second resource; receiving, from a client device, content of the first resource sampled at the one or more times; comparing the sampled content from the first resource to content sampled from the second resource at the one or more times; determining, based on comparing, that the first resource includes a same resource as the second resource; verifying, based on determining, ownership of the second resource; generating, based on a verifying, a user key specifying ownership of the second resource; and transmitting the user key to the client device.
    Type: Application
    Filed: March 7, 2014
    Publication date: July 3, 2014
    Applicant: Google Inc.
    Inventor: Gabriel A. Cohen
  • Publication number: 20140189828
    Abstract: A system, apparatus, method, and machine readable medium are described for transparently requesting a new random challenge from a server within an authentication framework. For example, one embodiment of a method comprises: transmitting a random challenge and an indication of a timeout period associated with the random challenge from a server to a client within the context of a network registration or authentication process using authentication devices communicatively coupled to the client; automatically detecting that the random challenge is no longer valid based on the timeout period; and responsively transmitting a request for a new random challenge from the client to a server, wherein transmitting is performed transparently to a user of the client.
    Type: Application
    Filed: December 28, 2012
    Publication date: July 3, 2014
    Inventors: Davit Baghdasaryan, Matthew Lourie, Brendon J. Wilson, Naga Nagarajan
  • Publication number: 20140189827
    Abstract: A system and method for enabling a primary and a secondary communication device to share a user identity assertion is presented. The user identity assertion enables the devices to access an application system. The primary and secondary devices are paired to place them in collaboration with each other. The primary device requests an identity provider system to issue a user identity assertion scoped to the primary and secondary communication device. The identity provider system authenticates the primary device and generates the user identity assertion scoped to the primary device and the secondary device identified in the request. The primary communication device receives the user identity assertion and communicates the user identity assertion to the secondary device. The primary device may request the user identity assertion by communicating a user identity assertion scoped to the primary device and a single sign on session cookie or a request for an extension assertion.
    Type: Application
    Filed: December 27, 2012
    Publication date: July 3, 2014
    Applicant: MOTOROLA SOLUTIONS, INC.
    Inventors: George Popovich, Adam C. Lewis, Anthony R. Metke, Steven D. Upp
  • Patent number: 8769651
    Abstract: Features are disclosed for authentication of mobile device applications using a native, independent browser using a single-sign-on system. An authentication module within the mobile application can direct the mobile device's native browser to a URL to initiate authentication with an authentication appliance. The mobile browser can receive and store a browser-accessible token to indicate previous authentication performed by the user. The mobile application can receive from the application appliance and store a client application ID token that may be presented to network services for access. A second mobile device application may direct the same browser to the authentication appliance. The authentication appliance may inspect the persistent browser-accessible token and issue a second client application ID identity to the second application without collecting additional authentication information, or collecting additional authentication information that is different from the first authentication information.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: July 1, 2014
    Assignee: SecureAuth Corporation
    Inventors: Garret Florian Grajek, Jeff Chiwai Lo, Robert Jason Phillips, Shu Jen Tung
  • Patent number: 8769645
    Abstract: Leveraging a persistent connection to provide a client access to a secured service may include establishing a persistent connection with a client in response to a first request from the client, and brokering a connection between the client and a secured service based on a second request from the client by leveraging the persistent connection with the client. The brokering may occur before the client attempts to connect to the secured service directly and the connection may be established between the client and the secured service without provision by the client of authentication information duplicative or additional to authentication information provided by the client to establish the persistent connection.
    Type: Grant
    Filed: September 15, 2012
    Date of Patent: July 1, 2014
    Assignee: Facebook, Inc.
    Inventor: Robert Bruce Hirsh
  • Patent number: 8769618
    Abstract: A method for authorizing access to a first computing device is provided. The method comprises the first computing device forming a challenge, encoding the challenge into a symbol, and displaying the symbol. The first computing device receives a request for access from a user. Access to the first computing device is allowed in response to provision of an access code to the first computing device by the user. The access code is formed by a server in response to capturing the symbol, decoding the symbol into the challenge, forming a request from the challenge, and providing the request to the server. The server forms a decision to allow access by the user to the first computing device.
    Type: Grant
    Filed: May 24, 2012
    Date of Patent: July 1, 2014
    Assignee: International Business Machines Corporation
    Inventors: Dirk Husemann, Michael Elton Nidd
  • Patent number: 8769131
    Abstract: A cloud connector key includes a network interface configured to connect to a network, a mass storage interface configured to connect to a network isolated device, and a computation module operatively connected to the network interface and the mass storage interface. The computational module is configured to connect to a cloud repository using the network interface by obtaining, from storage on the cloud connector key, a network address of the cloud repository, requesting connection to the cloud repository using the network address, and authenticating, using credentials in the storage on the cloud connector key, to an account in the cloud repository. The computational module is further configured to transfer a file between the account in the cloud repository and a network isolated device via the mass storage interface.
    Type: Grant
    Filed: April 16, 2010
    Date of Patent: July 1, 2014
    Assignee: Oracle America, Inc.
    Inventors: Omer Pomerantz, Jeremy Hoyland, Daniel David Blaukopf
  • Patent number: 8769652
    Abstract: The invention provides a method for registering a user at a server computer system. A first interface is transmitted from the server computer system to a user computer system, the first interface having a field for entering a mobile telephone number. A mobile phone number entered into the field for the mobile phone number is received from the user computer system at the server computer system. A password is generated and transmitting from the server computer system to a mobile device having a mobile phone number corresponding to the mobile phone number received from the user computer system and a second interface is transmitted from the server computer system to the user computer system, the second interface including a field for entering the password. A follow-up message is transmitted from the server computer system to the mobile device if the password is not received from the user computer system at the server computer system within a predetermined period of time.
    Type: Grant
    Filed: April 23, 2008
    Date of Patent: July 1, 2014
    Assignee: Clear Channel Management Services, Inc.
    Inventor: Paula Buzzard
  • Patent number: 8769655
    Abstract: A system and method for more efficiently establishing a chain of trust from a registrant to a registry. A registrant credential is associated with a Shared Registration command and is sent by a registrar to a registry. Upon successful validation, a token is generated and bound to a registrant identifier. The token is included along with the registrant identifier in subsequent discrete Shared Registration commands submitted to the registry on behalf of the registrant. The registrant thus needs to submit its credential only once for changes that require several discrete commands. Also, it is more efficient for the Shared Registration System to validate a token for a set of commands than to validate different registrant credential for each discrete command.
    Type: Grant
    Filed: December 30, 2010
    Date of Patent: July 1, 2014
    Assignee: Verisign, Inc.
    Inventors: James Gould, David Smith, Mingliang Pei
  • Patent number: 8769607
    Abstract: Systems, methods and articles of manufacture for evaluating a password policy are disclosed. The password evaluation system receives password policy data regarding a password policy, including a password constraint. The system analyzes the password policy data to determine a usability index and a password strength index for the password policy, and also determines a usability index and password strength index for a plurality of modified password policies having password constraints different from the password policy. The system then provides a graphical representation of the usability index and the password strength for the password policy and the modified password policies, thereby allowing a password designer to optimize the tradeoffs between usability and security of a password policy.
    Type: Grant
    Filed: January 26, 2011
    Date of Patent: July 1, 2014
    Assignee: Intuit Inc.
    Inventors: Robert A. Jerdonek, Christopher C. Chung
  • Patent number: 8768852
    Abstract: Techniques for generating and providing phrases are described herein. These techniques may include analyzing one or more sources to generate a statistically improbable phrase, determining words that compose the statistically improbable phrase, inputting the words into an index, and determine phrases associated with the words. The determined phrases may then be presented to a user.
    Type: Grant
    Filed: January 13, 2009
    Date of Patent: July 1, 2014
    Assignee: Amazon Technologies, Inc.
    Inventors: Steve Huynh, Isaac Oates, James Jesensky, Vinay Vaidya