Management Patents (Class 726/6)
  • Patent number: 8769639
    Abstract: Some embodiments of the invention are directed to increasing security and lowering risk of attack in connecting automatically to networks by enabling client devices to verify the identity of the networks by, for example, confirming the identity of networks and network components such as wireless access points. In some embodiments, a client device may maintain a data store of characteristics of a network—including, for example, characteristics of a wireless access point or other portion of the network and/or characteristics of a connection previously established with the wireless access point and/or network. Stored characteristics may include characteristics other than those minimally necessary to identify a wireless access point and/or wireless network.
    Type: Grant
    Filed: February 19, 2008
    Date of Patent: July 1, 2014
    Assignee: Microsoft Corporation
    Inventors: Bill Begorre, Deon C. Brewis, Alok Sinha
  • Publication number: 20140181928
    Abstract: A method and system is provided that manages events involving an individual's digital assets and/or external services that the individual interfaces with using external service credentials. The method and system allow the individual to securely store digital assets and external service credentials used to login to external services. The method and system further allow the individual to create a plan of actions to be executed on specified dates, where the actions involve one or more of the individual's digital assets and/or involve one or more external services that the individual interfaces with using one or more external service credentials. The plan of actions takes the format of a timeline that includes one or more timeline events, where an action and a date are associated with a timeline event.
    Type: Application
    Filed: April 11, 2013
    Publication date: June 26, 2014
    Applicant: Capsoole, Inc.
    Inventors: Michael BERGMAN, Ayelet HIRSHFELD, Matthew POWERS
  • Publication number: 20140181931
    Abstract: A security system for defending online users against fraudsters and malicious websites comprises a back-end network server and appropriate apps for each protected user device. An otherwise conventional network server is enhanced with application software instructions for a centralized software-as-a-service (SaaS) to respond to network requests from user devices operating variously under ANDROID-type, APPLE IOS-type, and MICROSOFT WINDOWS-type operating systems. The SaaS investigates, surveys, and watches websites. It calculates confidence scores related to financial fraud and the acceptability and risk to said users of visiting particular websites. It maintains a trusted network database of website URL's calculated to belong to financial websites that can be trusted and present acceptable levels of fraud and financial risk to its visitors. Each user device application provides for secure password management and access via a security browser to websites in the trusted network.
    Type: Application
    Filed: March 1, 2014
    Publication date: June 26, 2014
    Applicant: WHITE SKY, INC.
    Inventors: Konstantin Bokarius, Juan Gamez, Pankaj Srivastava
  • Publication number: 20140181927
    Abstract: In various embodiments, a computer-implemented method for generating and verifying officially verifiable electronic representations may be disclosed. The method may comprise receiving, by a credential database, a request for a credential action. The credential database may be configured to store one or more credentials comprising a status indicator. The method may further comprise determining, by the credential database, a response to the credential action based on the one or more user credentials stored in the credential database and transmitting, by the credential database, the response to a client device.
    Type: Application
    Filed: March 12, 2013
    Publication date: June 26, 2014
    Inventor: Shaunt M. Sarkissian
  • Publication number: 20140181932
    Abstract: The invention relates to a method and system for managing and checking different identity data relating to a person. According to the invention, a derived-identity management server generates for the person at least part of the identity data with which said person can be authenticated in relation to a service provider for the derived-identity domain, on the basis of information derived from identity data from parent domains. The identity data generation processing ensures that no link can be established from two authentications in two separate domains in the absence of link information. If necessary, said link information is transmitted by a parent domain to a derived-identity server so that the latter establishes the link between the identity data of the derived-identity domain and the identity data of the parent domain, e.g. for the cascade revocation of a person from various domains.
    Type: Application
    Filed: August 2, 2012
    Publication date: June 26, 2014
    Inventors: Alain Patey, Herve Chabanne, Julien Bringer
  • Publication number: 20140181929
    Abstract: The disclosure generally relates to methods and apparatuses for user authentication. According to embodiments of the present invention, authentication-related information may be encoded in an image such as a QR code. By communicating and decoding such image information and other authentication information between one or more devices of the user and an authentication server, the authentication server may perform an effective authentication to the user and his/her device. In the meantime, it is possible to avoid the risk of invalid authentication due to the disclosure of the password. Embodiments of the present invention may be used in combination with the existing static password and/or dynamic password authentication and thus they have a good compatibility.
    Type: Application
    Filed: December 18, 2013
    Publication date: June 26, 2014
    Applicant: EMC Corporation
    Inventors: Yingyan Zheng, Zine Zheng He
  • Publication number: 20140181926
    Abstract: The invention relates to a method for generating a data authentication key for allowing data communication over a wireless channel between a first mobile device and a second mobile device, comprising: associating said mobile devices to each other by means of said key. The invention comprises: allowing a shared physical or mechanical condition to be applied generally simultaneously upon said devices; detecting, in said first mobile device, said condition; defining, in said first mobile device, said authentication key based on the detected condition; and transmitting said key to said second mobile device. The invention also relates to a mobile device configured for generating a data authentication key for allowing data communication over a wireless channel to a further mobile device.
    Type: Application
    Filed: December 21, 2012
    Publication date: June 26, 2014
    Applicant: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
    Inventor: TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
  • Publication number: 20140181925
    Abstract: In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.
    Type: Application
    Filed: December 20, 2012
    Publication date: June 26, 2014
    Inventors: Ned M. Smith, Conor P. Cahill, Victoria C. Moore, Jason Martin, Micah J. Sheller
  • Publication number: 20140181930
    Abstract: A method, system and apparatus for protecting a bootstrapping service function (BSF) entity from attack includes: a first temporary identity and a second temporary identity are generated after a BSF entity performs a mutual authentication with a user equipment (UE) by using an initial temporary identity sent from the UE; the BSF entity receives a re-authentication request carrying the first temporary identity from the UE; and the UE sends a service request carrying the second temporary identity to a network application function (NAF) entity. The present disclosure prevents attackers from intercepting the temporary identity at the Ua interface and using the temporary identity to originate a re-authentication request at the Ub interface, thus protecting the BSF entity from attack and avoiding unnecessary load on the BSF entity and saving resources.
    Type: Application
    Filed: February 28, 2014
    Publication date: June 26, 2014
    Applicant: Huawei Technologies Co., Ltd.
    Inventor: Yanmei Yang
  • Patent number: 8763087
    Abstract: A system and method for managing access to content is provided. One example embodiment provides for a method including acts of identifying a filter of content based at least in part on the preferences a user and a subject presented in the content and presenting the content using the filter to the user. Another example embodiment provides for a system that includes a controller configured to identify a filter of content based on preferences of a user, to present content using the identified filter and to update the preferences of the user based on feedback from the user and the subjects presented in the content.
    Type: Grant
    Filed: October 9, 2008
    Date of Patent: June 24, 2014
    Assignee: Yahoo! Inc.
    Inventors: Athellina Athsani, Elizabeth F. Churchill, Joseph O'Sullivan
  • Patent number: 8763099
    Abstract: An information processing apparatus acquires user name information contained in user authentication information transmitted from an authentication server. Then, the information processing apparatus describes the acquired user name information according to a predetermined format which the printer driver can refer to, and stores it in a storage area which the printer driver can refer to. The printer driver, if the user name information is stored in the storage area, and the user name information satisfies a condition described in the format, transmits the user name information added to the print data to a printer apparatus.
    Type: Grant
    Filed: October 29, 2010
    Date of Patent: June 24, 2014
    Assignee: Canon Kabushiki Kaisha
    Inventor: Hiroshi Ozaki
  • Patent number: 8761827
    Abstract: Mobile network services are performed in a mobile data network in a way that is transparent to most of the existing equipment in the mobile data network. The mobile data network includes a radio access network and a core network. A breakout component in the radio access network breaks out data coming from a basestation, and performs one or more mobile network services at the edge of the mobile data network based on the broken out data. The breakout component includes a service interface that performs primary control by one system, and backup control by a different system.
    Type: Grant
    Filed: December 21, 2011
    Date of Patent: June 24, 2014
    Assignee: International Business Machines Corporation
    Inventors: William F. Berg, Michael T. Kalmbach, Scott A. Liebl, Mark D. Schroeder
  • Patent number: 8763098
    Abstract: In accordance with embodiments, there are provided mechanisms and methods for facilitating dynamic and continuous testing of security assertion markup language (SAML) credentials in an on-demand services environment. In one embodiment and by way of example, a method includes identifying, at a computing device, an organization using a SAML process in an on-demand service environment, obtaining SAML credentials relating to the identified organization, and testing the SAML credentials relating to the identified organization. The testing includes asserting a set of test credentials against the SAML credentials relating to the identified organization. The method may further include generating one or more new codes based on testing results obtained from testing.
    Type: Grant
    Filed: July 18, 2012
    Date of Patent: June 24, 2014
    Assignee: Salesforce.com, Inc.
    Inventor: Jong Lee
  • Patent number: 8762541
    Abstract: Devices, systems and methods that route a communication link to a proper destination are disclosed. The method may include connecting the communication link to a first destination; requesting a response from the first destination; validating the response from the first destination; and disconnecting the communication link to the first destination if the response from the first destination is not valid. The method may also include connecting the communication link to a second destination; requesting a response from the second destination; and disconnecting the communication link to the second destination if the response from the second destination is not valid. The devices, systems and methods may provide hunt group, call center and conference call features as discussed later herein.
    Type: Grant
    Filed: February 25, 2005
    Date of Patent: June 24, 2014
    Assignee: Siemens Enterprise Communications, Inc.
    Inventor: Mallikarjuna Samayamantry
  • Patent number: 8763121
    Abstract: A method of identifying a potential attack in network traffic includes payload data transmitted to a host entity in the network. The method includes: performing a first data-check on one or more data bytes of the payload data at the host entity; performing a second data-check, equivalent to the first data-check, on data of the network equivalent to the one or more bytes of payload data; and comparing the results of the first and second data-checks to determine if there is a mismatch, the mismatch being an indication of a potential attack.
    Type: Grant
    Filed: January 20, 2011
    Date of Patent: June 24, 2014
    Assignee: F-Secure Corporation
    Inventor: Daavid Hentunen
  • Patent number: 8763147
    Abstract: A data security manager in a multi-nodal environment enforces processing constraints stored as security relationships that control how different pieces of a multi-nodal application (called execution units) are allowed to execute to insure data security. The security manager preferably checks the security relationships for security violations when new execution units start execution, when data moves to or from an execution unit, and when an execution unit requests external services. Where the security manager determines there is a security violation based on the security relationships, the security manager may move, delay or kill an execution unit to maintain data security.
    Type: Grant
    Filed: November 14, 2012
    Date of Patent: June 24, 2014
    Assignee: International Business Machines Corporation
    Inventors: Michael J. Branson, John M. Santosuosso
  • Patent number: 8763074
    Abstract: Securing large networks having heterogeneous computing resources including provision of multiple services both to clients within and outside of the network, multiple sites, security zones, and other characteristics is provided using access control functionality implemented at hosts within the network. The access control functionality includes respective access control policies for indicating to each host from which other computers it can accept connections. Content of the access control policies can be determined based on application data flow needs, and can draw information from databases including DNS and security zone information for hosts to which the access control policies will be applied. Access control policies can be formatted automatically for different host with different characteristics from the same base logical rule set.
    Type: Grant
    Filed: February 16, 2012
    Date of Patent: June 24, 2014
    Assignee: Yahoo! Inc.
    Inventors: Adam Bechtel, Jayanth Vijayaraghavan, Kuai Xu, Pradeep Hodigere, Herbert Ong
  • Publication number: 20140173705
    Abstract: Techniques and tools are described for performing distributed authentication using persistent stateless credentials. Distributed authentication can be performed during egress by obtaining a principal identifier, generating an expiration time, obtaining a secret key identifier that identifies a secret key, generating an initialization vector, encrypting the principal identifier and the expiration time to produce a ciphertext, creating a credential, and providing the credential for persistence at a client device. The credential comprises the ciphertext, the initialization vector, the secret key identifier.
    Type: Application
    Filed: December 19, 2012
    Publication date: June 19, 2014
    Applicant: Jive Software, Inc.
    Inventor: Zack Manning
  • Publication number: 20140173706
    Abstract: A system and method for providing access to an object over a network may comprise hosting an object on a distributed data processing system accessible over the network, the object contained within a cell; generating, by a cell access provider, a unique and random address for the cell containing the object, utilizing an address resolution module and providing, by the cell access provider, the unique and random address to a computing device of a unique consumer; and upon receipt of the unique and random address from the unique user, matching the unique and random address with the cell to facilitate access by the unique user to the object. The object may comprise a virtual object acting as a cell for facilitating access to one or more additional objects. The virtual object cell may contain one or more unique and random addresses facilitating access to one or more additional objects.
    Type: Application
    Filed: December 11, 2013
    Publication date: June 19, 2014
    Applicant: Servmax, Inc.
    Inventors: Boris Apotovsky, Oleksii Koliadin
  • Patent number: 8756670
    Abstract: Whether a log-in button has been pressed or not is determined. When it is determined that the log-in button has been pressed, an ID selection screen is displayed. Whether an ID has been selected or not is determined. When it is determined that an ID has been selected, whether a secure printing job is present or not is determined. Thereafter, whether password matching is successfully achieved or not is determined. Thereafter, whether a password image function is ON or not is determined. Then, when it is determined that password matching was successfully achieved and a password image authentication function is ON, password image authentication is carried out.
    Type: Grant
    Filed: May 25, 2010
    Date of Patent: June 17, 2014
    Assignee: Konica Minolta Holdings, Inc.
    Inventors: Motohiro Asano, Chiho Murai
  • Patent number: 8756656
    Abstract: A computer-implemented method for creating and synchronizing security metadata for data objects within a synchronized-data network is disclosed. This method may comprise: 1) identifying a data object, 2) determining the trustworthiness of the data object, 3) generating security metadata for the data object that identifies the trustworthiness of the data object, and 4) synchronizing the security metadata within the synchronized-data network. The method may also comprise identifying a need to perform a security operation on the data object to determine the trustworthiness of the data object and then offloading or load balancing the security operation within the synchronized-data network. Corresponding systems and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 30, 2008
    Date of Patent: June 17, 2014
    Assignee: Symantec Corporation
    Inventor: Alfred Hartmann
  • Patent number: 8756413
    Abstract: The present invention relates to a method and a device for ensuring information integrity and non-repudiation over time. A basic idea of the present invention is to provide a mechanism for secure distribution of information, which information relates to an instance in time when usage of cryptographic key pairs associated with a certain brand identity commenced, as well as when the key pairs ceased to be used, i.e. when the key pairs were revoked. The mechanism further allows a company or an organization to tie administration of cryptographic key pairs and a procedure for verifying information integrity and non-repudiation to their own brand. This can be seen as a complement or an alternative to using a certificate authority (CA) as a trusted third party, which CA guarantees an alleged relation between a public key and the identity of the company or organization using the cryptographic key pair to which that public key belongs.
    Type: Grant
    Filed: April 20, 2005
    Date of Patent: June 17, 2014
    Assignee: Brandsign AB
    Inventors: Anders Thoursie, Peter Holm, Sven-HĂĄkan Olsson
  • Patent number: 8756652
    Abstract: A PIN is automatically generated based on at least one rule when the user enters a password through a user device. In one example, the PIN is a truncated version of the password where each character in the truncated version is mapped onto a number. The mapping can be a truncation at the beginning or end of the password, or the mapping can be with any pattern or sequence of characters in the password. This PIN generation may be transparent to the user, such that the user may not even know the PIN was generated when the password was entered. When the user attempts to access restricted content, the user may enter the PIN instead of the password, where the user may be notified of the rule used to generate the PIN so that the user will know the PIN by knowing the password.
    Type: Grant
    Filed: October 25, 2011
    Date of Patent: June 17, 2014
    Assignee: eBay Inc.
    Inventor: Markus Jakobsson
  • Patent number: 8756668
    Abstract: Systems and methods for providing secured network access are provided. A user device located within range of a hotspot initiates a request sent via an open communication network associated with the hotspot. The request concerns secured network access at the hotspot by the user device. A unique pre-shared key is generated for the user device based on information in the received request and transmitted over the open communication network for display on a webpage accessible to the user device. The unique pre-shared key is stored in association with information regarding the user device. The user device may then use the unique pre-shared key in subsequent requests for secured network access.
    Type: Grant
    Filed: February 9, 2012
    Date of Patent: June 17, 2014
    Assignee: Ruckus Wireless, Inc.
    Inventors: Prashant Ranade, Ming-Jye Sheu
  • Patent number: 8756669
    Abstract: A system and method of implementing a security mode in a mobile communications device, including a mobile communications device comprising a processor, and a computer readable storage medium storing programming for execution by the processor, the programming including instructions to activate a security mode of the mobile communications device, and pursuant to activation of the security mode, disable a first class of features of the mobile communications device, wherein other features of the mobile communications device remain enabled after activation of the mobile security.
    Type: Grant
    Filed: June 20, 2012
    Date of Patent: June 17, 2014
    Assignee: Futurewei Technologies, Inc.
    Inventor: Richard Malinowski
  • Patent number: 8755770
    Abstract: Techniques for determining whether a cellular device is suspect, i.e., perhaps serving as an activator for a device such as a bomb. One way of doing this with cellular telephones that are in the idle state is to use a baiting beacon to bait and automatically call all the cellular telephones in an area that are in the idle state. If the call to a given cellular telephone is not answered by a human voice, the cellular telephone is suspect. Another way of doing this with cellular telephones that are in the traffic state is to use surgical analysis to examine the DTX pattern for the telephone. If it indicates persistent silence, the cellular telephone is suspect. The surgical analysis may also be used to trace the DTX pattern back to another telephone that is controlling the suspect cellular device.
    Type: Grant
    Filed: August 10, 2009
    Date of Patent: June 17, 2014
    Assignee: L-3 Communications Corporation
    Inventor: James D Haverty
  • Patent number: 8756667
    Abstract: In the context of computer systems, the generation of preboot passwords at a server instead of at a client. Preferably, preboot passwords generated at the server are distributed to the client, and a process is offered whereby a user can establish his/her own proxy, not known to the server, that can be used to release the stored passwords to the client hardware. Since the passwords are generated at the server, management of the passwords is greatly facilitated since they are generated at the site where they are stored. This also makes it easy to implement management features such as a group policy, since the password generation software will be able to make logical connections between users and hardware.
    Type: Grant
    Filed: December 22, 2008
    Date of Patent: June 17, 2014
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Randall S. Springfield, Jeffrey M. Estroff, Seiichi Kawano, Mikio Hagiwara, David C. Challener, James P. Hoff, Binqiang Ma
  • Patent number: 8756660
    Abstract: Techniques for enabling two-factor authentication for terminal services are described. A client receives an authentication token from an authentication server. The authentication token is used as a factor for authenticating the client to a terminal services device. Native authentication of the client is also performed.
    Type: Grant
    Filed: April 17, 2008
    Date of Patent: June 17, 2014
    Assignee: Microsoft Corporation
    Inventors: Meher Malakapalli, Lisen Ding, Ido Ben-Shachar, Ashwin Palekar
  • Patent number: 8756664
    Abstract: A method and system for managing user authentication. First authentication data associated with a user is received from a first authentication mechanism. The first authentication data is generated in response to the first authentication mechanism successfully authenticating the user. In response to receipt of the first authentication data, a first identifier associated with the user is registered. The first authentication data is associated with the first identifier. In response to associating the first authentication data with the first identifier, second authentication data associated with the user is received from a second authentication mechanism. The second authentication data is generated in response to the second authentication mechanism successfully authenticating the user. The second authentication data is associated with the first authentication data and the first identifier.
    Type: Grant
    Filed: September 26, 2008
    Date of Patent: June 17, 2014
    Assignee: International Business Machines Corporation
    Inventor: Gareth Edward Jones
  • Patent number: 8756666
    Abstract: Authentication codes associated with an entity are generated. A stored secret associated with an entity is retrieved. At a first point in time, a first dynamic value associated with a first time interval is determined. A first authentication code based on the first dynamic value is determined. At a second point in time, a second dynamic value associated with a second time interval is determined. A second authentication code based on the second dynamic value is determined. The first and second authentication codes are derived from the stored secret and the amount of time between the first and second points in time is different from the length of the first time interval.
    Type: Grant
    Filed: September 30, 2008
    Date of Patent: June 17, 2014
    Assignee: EMC Corporation
    Inventors: Eric A. Silva, William M. Duane
  • Publication number: 20140165168
    Abstract: A system for secure information storage and delivery includes a vault repository that includes a secure vault associated with a user, wherein the secure vault is associated with a service level including at least one of a data type or a data size limit associated with the secure vault, the secure vault being adapted to receive and at least one data entry and securely store the at least one data entry if the at least one of a size or a type of the at least one data entry is consistent with the service level. A mobile vault server coupled to the vault repository creates a mobile vault on a mobile device based on the secure vault and is capable of authenticating the mobile device based on user authentication information. The mobile vault server includes a mobile device handler that communicates with the mobile device.
    Type: Application
    Filed: December 2, 2013
    Publication date: June 12, 2014
    Applicant: Intersections, Inc.
    Inventors: Jonathan Slaton, Ryan B. Johnson, Toan Tran, David Reed, Abhilash Ravindran, George K. Tsantes
  • Publication number: 20140165165
    Abstract: Various embodiments provide techniques for sharing network service access credentials among multiple devices that share a common user or are associated in a device group. After connecting to a network service (e.g., a wireless network, wired network, or web site), a first device can upload the credentials used to access the network service to a cloud-hosted credential service. The credential service can store the credentials and associate them with the first device and/or its user. Later, a second device can log in to the credential service and receive a download of one or more sets of credentials to enable access to one or more network services that are authorized for the second device. Various embodiments include a credential management interface to enable an authorized user to manage device/network service pairings, permissions, and/or restrictions for network service access.
    Type: Application
    Filed: December 6, 2012
    Publication date: June 12, 2014
    Applicant: Audible, Inc.
    Inventor: Audible, Inc.
  • Publication number: 20140165167
    Abstract: A secret (e.g. a password, key, certificate) is automatically generated by a system. For example, at the time of deployment of a computing machine, a password may be generated and securely stored by the system with other secrets. The password may be used by the system to perform various operations (e.g. configuring the machine, . . . ). When a secret is requested by a user to access a resource, a secret is provided to the user. Once the secret has been utilized by the user, the secret is reset and replaced with a newly generated secret. All/portion of the secrets may also be automatically regenerated. For example, when a breach occurs and/or is suspected, each of the secrets may be replaced with newly generated secrets and securely stored. Auditing and reporting may also be provided (e.g. each request/access to a secret is logged).
    Type: Application
    Filed: December 12, 2012
    Publication date: June 12, 2014
    Applicant: MICROSOFT CORPORATION
    Inventors: James Nunn, Michael Friedman, Andrey Lukyanov, Rajmohan Rajagopalan, Rage Hawley, Shane Brady, Bryan Atwood
  • Publication number: 20140165166
    Abstract: In a method for limiting access to a digital item, a count for the digital item is stored, wherein the count is a number of accesses permitted for the digital item. A password for accessing the digital item is received. A one-way hash function is performed on the password based on the number of accesses of the count to generate a password hash based on the count. The password hash is stored as the stored password hash.
    Type: Application
    Filed: December 12, 2012
    Publication date: June 12, 2014
    Applicant: VMware, Inc.
    Inventor: Uday Kurkure
  • Patent number: 8752159
    Abstract: An information processing apparatus employing user access authorization management verifies user access authorization using a portable storage medium storing identification (ID) information for the portable storage medium and user verification information registered in the information processing apparatus while including the portable storage medium ID as verified ID information for the portable storage medium.
    Type: Grant
    Filed: July 11, 2011
    Date of Patent: June 10, 2014
    Assignee: Ricoh Company, Ltd.
    Inventors: Jongsook Eun, Takahiko Uno
  • Patent number: 8752143
    Abstract: According to one embodiment, an apparatus may monitor a session that facilitates a user's access to a resource. The user may be granted a privilege associated with accessing the resource. The apparatus may detect a change associated with the privilege granted to the user in at least one token of a plurality of tokens. The apparatus may then communicate a token that represents the change, and receive a risk token associated with the token. The apparatus may then determine to revoke the privilege based on the risk token, and generate a second token that represents the determination to revoke the privilege. The apparatus may then communicate the second token to facilitate the revoking of the privilege.
    Type: Grant
    Filed: August 15, 2011
    Date of Patent: June 10, 2014
    Assignee: Bank of America Corporation
    Inventors: Rakesh Radhakrishnan, Cynthia Ann Frick, Radu Marian, Abdulkader Omar Barbir, Rajat P. Badhwar
  • Patent number: 8752145
    Abstract: An improved authentication technique employs a user's mobile device to obtain a picture of the user from which facial geometry is extracted and applied as part of an authentication operation of the user to the remote network. In some examples, a server stores facial geometry for different users along with associated PINs. By matching facial geometry of the user with facial geometry on the server, the user's PIN can be obtained, without the user ever having to register or remember the PIN.
    Type: Grant
    Filed: December 30, 2011
    Date of Patent: June 10, 2014
    Assignee: EMC Corporation
    Inventors: Yedidya Dotan, Sorin Faibish, Samuel Adams, Yael Villa, Robert S. Philpott
  • Patent number: 8751233
    Abstract: A speaker-verification digital signature system is disclosed that provides greater confidence in communications having digital signatures because a signing party may be prompted to speak a text-phrase that may be different for each digital signature, thus making it difficult for anyone other than the legitimate signing party to provide a valid signature.
    Type: Grant
    Filed: July 31, 2012
    Date of Patent: June 10, 2014
    Assignee: AT&T Intellectual Property II, L.P.
    Inventors: Pradeep K. Bansal, Lee Begeja, Carroll W. Creswell, Jeffrey Farah, Benjamin J. Stern, Jay Wilpon
  • Patent number: 8752144
    Abstract: An improved technique tailors a biometric challenge activity to a particular user. The particular user submits electronic input from which an authentication system extracts information concerning traits of the particular user; such traits can include keystroke and swiping patterns, handheld device positions, and place of origin. An authentication server maps values of user attributes such as place of origin, age, and UI device to the extracted traits. The authentication server then selects biometric challenges for the particular user based on user attributes having values which deviate most from a mean value of that attribute taken across a population of users. That is, the authentication server bases biometric challenges on the most distinguishing traits of the particular user.
    Type: Grant
    Filed: December 14, 2011
    Date of Patent: June 10, 2014
    Assignee: EMC Corporation
    Inventors: Alon Kaufman, Yael Villa, Yedidya Dotan
  • Patent number: 8752148
    Abstract: A processorless hardware token provides a one-time password for user authentication. The processorless hardware token contains a non-volatile memory upon which is stored a pre-produced sequence of one-time passwords. The processorless hardware token uses limited circuitry on a circuit board to read from the non-volatile memory and display a one-time password associated with a current interval. The displayed one-time password is then used for authentication by an authentication server that compares the one-time password displayed on the processorless hardware token with a one-time password retrieved from a copy of the pre-produced sequence of one-time passwords stored on the Authentication Server.
    Type: Grant
    Filed: June 25, 2012
    Date of Patent: June 10, 2014
    Assignee: EMC Corporation
    Inventors: Edward W. Vipond, Karl Ackerman
  • Patent number: 8752146
    Abstract: A technique provides authentication codes to authenticate a user to an authentication server. The technique involves generating, by an electronic apparatus (e.g., a smart phone, a tablet, a laptop, etc.), token codes from a cryptographic key. The technique further involves obtaining biometric measurements from a user, and outputting composite passcodes as the authentication codes. The composite passcodes include the token codes and biometric factors based on the biometric measurements. Additionally, the token codes and the biometric factors of the composite passcodes operate as authentication inputs to user authentication operations performed by the authentication server. In some arrangements, the biometric factors are results of facial recognition (e.g., via a camera), voice recognition (e.g., via a microphone), gate recognition (e.g., via an accelerometer), touch recognition and/or typing recognition (e.g., via a touchscreen or keyboard), combinations thereof, etc.
    Type: Grant
    Filed: March 29, 2012
    Date of Patent: June 10, 2014
    Assignee: EMC Corporation
    Inventors: Marten van Dijk, Kevin D. Bowers, Samuel Curry, Sean P. Doyle, Nikolaos Triandopoulos, Riaz Zolfonoon
  • Patent number: 8752127
    Abstract: Embodiments of the invention provide systems and methods for identifying devices by a trusted service manager. According to one example embodiment of the invention, a method for identifying communications is provided. The method can include receiving, by a service provider from a device, a message comprising card production life cycle (CPLC) information associated with a secure element incorporated into the device; and evaluating, by the service provider, the received CPLC information in order to identify the secure element.
    Type: Grant
    Filed: May 25, 2012
    Date of Patent: June 10, 2014
    Assignee: First Data Corporation
    Inventors: Roger Lynn Musfeldt, Brent Dewayne Adkisson, Brian Kean
  • Patent number: 8751791
    Abstract: A method and device for confirming authenticity of a public key infrastructure (PKI) transaction event between a relying node and a subject node in a communication network enables improved network security. According to some embodiments, the method includes establishing at a PKI event logging (PEL) server a process to achieve secure communications with the relying node (step 705). Next, the PEL server processes reported PKI transaction event data received from the relying node (step 710). The reported PKI transaction event data describe the PKI transaction event between the relying node and the subject node. The reported PKI transaction event data are then transmitted from the PEL server to the subject node (step 715). The subject node can thus compare the reported PKI transaction event data with corresponding local PKI transaction event data to confirm the authenticity of the PKI transaction event.
    Type: Grant
    Filed: September 17, 2008
    Date of Patent: June 10, 2014
    Assignee: Motorola Solutions, Inc.
    Inventors: Erwin Himawan, Ananth Ignaci, Anthony R. Metke, Shanthi E. Thomas
  • Patent number: 8752123
    Abstract: According to one embodiment, an apparatus may receive a first data token indicating a request for data associated with the resource, a subject token indicating that at least one form of authentication has been completed, and a network token indicating that at least one form of encryption has been performed. The apparatus may determine at least one token-based rule based at least in part upon the first data token, the subject token, and the network token. The apparatus may determine, based at least in part upon the at least one token-based rule, that a second data token representing the data should be generated. The apparatus may generate a message indicating the determination that the second data token should be generated and then transmit the message.
    Type: Grant
    Filed: May 24, 2012
    Date of Patent: June 10, 2014
    Assignee: Bank of America Corporation
    Inventors: Rakesh Radhakrishnan, Cynthia A. Frick, Ronald Wayne Ritchey, Abdulkader Omar Barbir, Lawrence Robert Labella
  • Patent number: 8751802
    Abstract: A storage device and method for storage device state recovery are provided. In one embodiment, a storage device commences an authentication process to authenticate a host device. The authentication process comprises a plurality of phases, and the storage device stores the state of the authentication process, wherein the state indicates the phase(s) of the authentication process that have been successfully completed. After a power loss, the storage device retrieves the state of the authentication process and resumes an operation with the host device without re-performing the phase(s) of the authentication process that have been completed.
    Type: Grant
    Filed: June 30, 2010
    Date of Patent: June 10, 2014
    Assignee: SanDisk IL Ltd.
    Inventors: Rotem Sela, Avraham Shmuel
  • Patent number: 8752190
    Abstract: The present invention relates to a method and a device for determining access to multimedia content from an entry identifier, in a domain which comprises a number of entry identifiers, and where the multimedia content is assigned an access number n indicating the number of entry identifiers which may access the multimedia content. This is obtained by accessing a domain list indicating at least some of said entry identifiers in said network domain and by further determining that the entry identifier may access said multimedia content if said entry identifier is between the n entries in said domain list determined by an evaluation rule.
    Type: Grant
    Filed: May 3, 2006
    Date of Patent: June 10, 2014
    Assignee: Adrea LLC
    Inventor: Franciscus Lucas Antonius Johannes Kamperman
  • Patent number: 8752155
    Abstract: A removable communication card for mobile network devices, and respectively a corresponding authentication method applied therewith. The removable communication card includes an identification module for storing identification data for users, a measurement device for capturing a first biometric feature and a second biometric feature of a user, and an analysis module with a processor unit for comparison of the first and the second biometric features with the stored identification data for the user.
    Type: Grant
    Filed: March 5, 2012
    Date of Patent: June 10, 2014
    Assignee: Swisscom AG
    Inventor: Eric Lauper
  • Patent number: 8752149
    Abstract: A device (300s) has an authentication ID generator (320) for applying a first one-way function to a combination of a process password and information to be shared, and generating an authentication ID; an anonymizer (330) for generating anonymized information from the authentication ID and the information to be shared; an information sharing section (340) for causing the anonymized information to be held on another device; and an anonymized information process requesting section (350) for sending a process request containing the process password, and requesting the other device to subject the held anonymized information to a predetermined process, the request being sent on the basis of a match between the authentication ID of the anonymized information and the result of the first one-way function being applied to the combination of the process password and the anonymized information held on the other device.
    Type: Grant
    Filed: July 22, 2011
    Date of Patent: June 10, 2014
    Assignee: Panasonic Corporation
    Inventors: Koichi Emura, Seiya Miyazaki
  • Patent number: 8752147
    Abstract: Provided is a two-actor user authentication system with a reduced risk of leakage of authentication information. The two-factor user authentication system is designed to use, as a password, a one-time-password derivation rule to be applied to certain pattern elements included in a presentation pattern at specific positions so as to create a one-time password, and further use, as a second authentication factor, information identifying a client to be used by a user. An authentication server is operable to generate a pattern seed value adapted to uniquely specify a presentation pattern in combination with a client ID, and transmit the pattern seed value to an authentication-requesting client. The authentication-requesting client is operable to create a presentation pattern based on a client ID acquired therefrom, and display the presentation pattern to allow a user to enter thereinto a one-time password based on the presentation pattern.
    Type: Grant
    Filed: October 5, 2010
    Date of Patent: June 10, 2014
    Assignee: CSE Co., Ltd
    Inventors: Shigetomo Tamai, Toru Takano, Tsuyoshi Kobayashi
  • Publication number: 20140157378
    Abstract: An aspect provides a method, including: receiving at a remote device a client log in to a cloud based account issued from a client device; determining the client device is not associated with the client log in; issuing an instruction to unbind at least one client device application log in credential and bind a cloud client log in credential to the at least one client device application; and providing an instruction to unbind the cloud client log in credential from the at least one client device application in response to at least one predetermined criteria being satisfied. Other aspects are described and claimed.
    Type: Application
    Filed: November 30, 2012
    Publication date: June 5, 2014
    Applicant: Lenovo (Singapore) Pte. Ltd.
    Inventors: Philip Lee Childs, Michael Terrell Vanover, Goran Hans Wibran, Hui Wang, Shaowei Chen