Management Patents (Class 726/6)
-
Patent number: 8713653Abstract: According to one embodiment, a storage stores secret data, first identification data, and a first random key. A generation module generates first authentication data from the secret data, first identification data, and second identification data of a removable medium. A first verification module determines whether the first authentication data and second authentication in the removable medium are identical. A second verification module determines whether the first random key and a second random key in the removable medium are identical, if the first and second authentication data are identical. An activation module activates the data processing apparatus if the first and second random keys are identical.Type: GrantFiled: June 28, 2012Date of Patent: April 29, 2014Assignee: Kabushiki Kaisha ToshibaInventors: Tadashi Tsuji, Tsuyoshi Nishida
-
Patent number: 8713654Abstract: In the presently preferred embodiment of the invention, every time a user submits a form the client software tries to match the submitted information with the stored profile of that user. If a match is discovered, the program tags the field of the recognized data with a corresponding type. The resulting profile can be used after that to help all subsequent users to fill the same form.Type: GrantFiled: August 23, 2012Date of Patent: April 29, 2014Assignee: Facebook, Inc.Inventors: Ognian Z. Topalov, Eric Hohenstein
-
Publication number: 20140115676Abstract: In a method for authenticating a device on a wireless local area network (WLAN) there is a once-off registration phase in which the device sends registration data in a MO SMS via the mobile network to the authentication system, and the authentication system performs a query to this mobile network to validate the subscriber and resolve the subscriber and device identifiers. The device receives network access information from the authentication system, allowing it to generate network access credentials on an on-going basis. This is permanent unless the registration is revoked due, for example, to the device being stolen. The network access information may be provided by the authentication system generating and signing a unique subscriber certificate during registration, and the device downloading it. The device uses the signed certificate to generate and encrypt the network access credentials for the network access.Type: ApplicationFiled: June 15, 2012Publication date: April 24, 2014Applicant: ACCURIS TECHNOLOGIES LIMITEDInventors: Finbarr Coghlan, Robert Ryan, Ian Smith
-
Publication number: 20140115675Abstract: Provided are a smart card service method and an apparatus for performing the same. The smart card service method includes receiving a certificate generation request from a terminal, transmitting the certificate generation request to an authentication processing device, and storing credential information with respect to the generated certificate in a virtual machine associated with the terminal in response to a certificate generation success message provided from the authentication processing device. Thus, it is possible to reduce costs in accordance with manufacturing smart card hardware, and support smart card services in a more enhanced security environment.Type: ApplicationFiled: October 17, 2013Publication date: April 24, 2014Applicant: ELECTRONICS & TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Young Woo JUNG, Chang Won AHN, Joong Soo LEE
-
Publication number: 20140115678Abstract: A network configuration having various network elements and user equipments configured to authenticate web access requests is disclosed. Upon receipt of web addresses from various subscribers, the web addresses such as online advertisements are stored in a memory. The network traffic in the communication network is monitored in accordance with the web addresses stored in the memory. After detecting a website assess request such as a click of an online advertisement, an authentication record which authenticates the origin of the network equipment issuing the request. The authentication record is forwarded to a subscription partner via a predefined messaging mechanism.Type: ApplicationFiled: December 30, 2013Publication date: April 24, 2014Applicant: WiChorus, Inc.Inventors: Santhosh Kumar Thodupunoori, Senthil Raja Velu, Sridharan Muthuswamy
-
Publication number: 20140115670Abstract: An interactive method for authentication is based on a shared secret which is in the form of an enumerated pattern of fields on a frame of reference. An instance of the frame of reference comprises an array of characters in which the characters are arranged in a random or other irregular pattern on a grid of content fields. An authentication challenge includes characters from the character set, and is delivered in- or out-of-band. The authentication response includes the enumerated position numbers on the enumerated pattern of the field locations on the grid at which the challenge characters are found.Type: ApplicationFiled: October 23, 2012Publication date: April 24, 2014Inventors: EDWARD M. BARTON, LEN L. MIZRAH
-
Publication number: 20140115677Abstract: A method for calculating a One Time Password. A secret is concatenated with a count, where the secret is uniquely assigned to a token. The secret can be a private key or a shared secret symmetric key. The count is a number that increases monotonically at the token with the number of one-time Passwords generated at the token. The count is also tracked at an authentication server, where it increases monotonically with each calculation of a one-time Password at the authentication server. An OTP can be calculated by hashing a concatenated secret and count. The result can be truncated.Type: ApplicationFiled: December 20, 2013Publication date: April 24, 2014Inventor: Nicolas Popp
-
Patent number: 8707400Abstract: A system and method for consumer-side authorization and authentication is disclosed. In one embodiment, the method comprises receiving a request for a credential from a business-side party, matching the credential request to a set of available credentials, the available credentials comprising consumer-side information. The credential is retrieved from a credential store, and the authorization of the business-side party to receive the credential is evaluated before returning a response. In another embodiment, the system comprises a receiver module adapted to receive credential requests from business-side parties. The credential request is passed to a selection and matching module for matching against consumer-side credentials. The credential is retrieved from a storage and retrieval module, but is not passed until an authorization module allows a sender module to return a credential response to the business-side party.Type: GrantFiled: January 22, 2007Date of Patent: April 22, 2014Assignee: Apple Inc.Inventor: Duane Buss
-
Patent number: 8707387Abstract: A host based security system for a computer network includes in communication with the network a credential host that is operative in concert with a local computer and a destination site. The destination site has a credential authentication policy under which credentials associated with the local computer upon being authenticated authorizes data to be communicated between each of the destination site and the local computer during a communication session over the network. The credential host stores the credentials to be used by the destination and is operative to transmit the credentials onto the network in response to a request received from the local computer. The destination site upon the credentials being received and authenticated thereat is operative to transmit session information onto the network. In turn, the local computer is then operative to commence the communication session upon receipt of said the information.Type: GrantFiled: October 22, 2008Date of Patent: April 22, 2014Assignee: Personal Capital Technology CorporationInventors: Louis A. Gasparini, William H. Harris, Jr., Do-Pil (Don) Park
-
Patent number: 8706643Abstract: Techniques for generating and providing phrases are described herein. These techniques may include analyzing one or more sources to generate a first corpus of phrases, each of the phrases for use as an identifier and/or for association with a user for executing a transaction. Once a first corpus of phrases has been generated, these phrases may be filtered to define a second corpus of phrases. Phrases of this second corpus may then be suggested to one or more users. In some instances, the phrases suggested to a particular user are personalized to the user based on information previously known about the user or based on information provided by the user.Type: GrantFiled: January 13, 2009Date of Patent: April 22, 2014Assignee: Amazon Technologies, Inc.Inventors: James Jesensky, Isaac Oates, Steve Huynh, Vinay Vaidya
-
Patent number: 8707404Abstract: Various embodiments of a system and method for transparently authenticating a user to a digital rights management entity are described. In various embodiments, a digital rights management server may be configured to receive an authentication token from a first remote computer system. Such authentication token may indicate that a particular user of the first remote computer system was authenticated by a first content provider of one or more content providers. In various embodiments, the digital rights management server may also be configured to verify the authentication token by determining that one or more portions of the authentication token were generated based on respective authentication information issued to the first content provider. In various embodiments, the digital rights management server may also be configured to, in response to verification of the authentication token, issue to the first remote computer system one or more credentials.Type: GrantFiled: August 28, 2009Date of Patent: April 22, 2014Assignee: Adobe Systems IncorporatedInventors: Peter Sorotokin, James L. Lester, Sunil C. Agrawal, Andrei Sheretov
-
Patent number: 8707405Abstract: A method for selectively refreshing group membership for an identifier associated with an authenticated user. The identifier represents an application server security context, and it is generated to enable a user credential associated with the authenticated user to be persisted. Following such authentication, the client is provided with a time-bounded, renewable security token. The method begins by configuring an option whether group membership information is refreshed during renewal of an expired security token. During renewal of an expired security token, the method determines whether the option is set. If so, an attempt is made to refresh information. This attempt performs a set of checks to verify certain conditions. If these checks are valid, the identifier is refreshed and the security token renewed with updated group membership information. If any check is not valid, the identifier is refreshed and the security token renewed with existing information.Type: GrantFiled: January 11, 2012Date of Patent: April 22, 2014Assignee: International Business Machines CorporationInventors: William J. O'Donnell, Paul William Bennett, Elisa Ferracane, Michael Craig Thompson, Michael Dettlaff Christopher
-
Patent number: 8707180Abstract: A system for executing a cyber investigation by a non-expert user, including a computer having a processor, a memory, and a display; a computer-readable medium having stored thereon instructions for execution of a wizard application, the processor adapted to execute the instructions when the computer-readable medium is inserted into the computer, the processor programmed to: receive case information; receive a type of activity being investigated in response to user inputs to select the activity type from a list of possible activity types; guide the user through capturing data related to the selected activity type through steps presented to the user through one or more screens shown in the display, the steps presented such that a non-expert user can follow them; receive user inputs through a screens to obtain information needed to continue capturing the data related to the selected activity; and store the captured data in a removable data storage device or medium for analysis and use in the cyber investigationType: GrantFiled: August 17, 2010Date of Patent: April 22, 2014Assignee: The Board of Trustees of the University of IllinoisInventors: Randy L. Butler, L. Bradlee Sheafe, Von Welch
-
Patent number: 8705067Abstract: A print server configured to acquire temporary identification information used for uniquely identifying device identification and user identification from temporary identification information stored in a storage area according to a print instruction including device identification information used for identifying a device and user identification information used for identifying a user, and searches for and acquires a print job including the temporary identification information out of spooled print jobs, and provides the acquired print job including the temporary identification information to the device.Type: GrantFiled: March 1, 2011Date of Patent: April 22, 2014Assignee: Canon Kabushiki KaishaInventor: Koji Kikuchi
-
Patent number: 8706644Abstract: Techniques for generating and providing phrases are described herein. These techniques may include analyzing one or more sources to generate a first corpus of phrases, each of the phrases for use as an identifier and/or for association with a user for executing a transaction. Once a first corpus of phrases has been generated, these phrases may be filtered to define a second corpus of phrases. Phrases of this second corpus may then be suggested to one or more users. In some instances, the phrases suggested to a particular user are personalized to the user based on information previously known about the user or based on information provided by the user.Type: GrantFiled: January 13, 2009Date of Patent: April 22, 2014Assignee: Amazon Technologies, Inc.Inventors: James Jesensky, Isaac Oates, Steve Huynh, Vinay Vaidya
-
Publication number: 20140109207Abstract: The present disclosure provides techniques for generating an authentication code. These techniques may modularize processing diagram, noise element and words content as several modules. Then, a context message is added in individual modules by a computing device. The computing device may generate a plurality of contexts based on a configuration rendering style. Individual contexts correspond to one kind of diagram style allocation of authentication code. The computing device may define an executing sequence of the context based on a predetermined algorithm rule, and execute the drawing of diagram authentication code of the context based on the executing sequence of the sharp context.Type: ApplicationFiled: October 11, 2013Publication date: April 17, 2014Applicant: Alibaba Group Holding LimitedInventors: Xinjie Hou, Xuefei Zhang
-
Publication number: 20140109205Abstract: An online protection suite provides password management and a dashboard set of services combining single-click access to user accounts and a simple browser window automatically filled with offers for a variety of related products and services targeted especially for particular users. Each user is identified to a business partner server with a unique customer automatically sent from a simple browser embedded in the password management dashboard. The business partner server returns a webpage back to the simple browser that has been constructed especially for this user by leveraging sensitive and proprietary information collected by the business partner. Such customer information is not directly accessible to the password manager.Type: ApplicationFiled: October 12, 2012Publication date: April 17, 2014Inventors: Brent Lymer, Pankaj Srivastava, Juan Gamez
-
Publication number: 20140109206Abstract: Multi-control password changing includes initiating a password change cycle to change a target user's password, selecting a plurality of administrators to provide password part inputs, receiving password part inputs separately and confidentially from the plurality of administrators, generating a multi-control password comprised of multiple password part inputs, changing the target user's password to the multi-control password, and transmitting either the single multi-control password or multiple password parts each separately to target user.Type: ApplicationFiled: December 27, 2012Publication date: April 17, 2014Inventors: Anil Goel, Ramesh Gupta, Asif Iqbal Desai, Vivek Kandiyanallur, Somnath Ghosh
-
Patent number: 8701171Abstract: An information processing apparatus includes an authentication unit configured to identify a user who uses a data processing apparatus, a storage unit configured to store user identification information for identifying the user who is identified by the authentication unit and is identified as not having ended using the data processing apparatus, and an acquisition unit configured to, in accordance with the user identification information stored in the storage unit, acquire from the data processing apparatus information about using of the data processing apparatus by the user identified with the user identification information that has not been acquired during the state in which communication with the data processing apparatus is unavailable.Type: GrantFiled: July 27, 2007Date of Patent: April 15, 2014Assignee: Canon Kabushiki KaishaInventor: Kei Sato
-
Patent number: 8700898Abstract: Systems and methods for providing sensitive data protection in a virtual computing environment. The systems and methods utilize a sensitive data control monitor on a virtual appliance machine administering guest virtual machines in a virtual computing environment, wherein each of the guest virtual machines may include a local sensitive data control agent. The sensitive data control monitor generates encryption keys for each guest virtual machine which are sent to the local sensitive data control agents and used to encrypt data locally on a protected guest virtual machine. In this manner the data itself on the virtual (or physical) disc associated with the guest virtual machine is encrypted while access attempts are gated by a combination of the local agent and the environment-based monitor, providing for secure yet administrable sensitive data protection.Type: GrantFiled: October 2, 2012Date of Patent: April 15, 2014Assignee: CA, Inc.Inventors: Alex Korthny, Nir Barak, Amir Jerbi
-
Patent number: 8701169Abstract: A method and apparatus are disclosed for using a single credential request (e.g., registered public key or ECQV certificate) to obtain a plurality of credentials in a secure digital communication system having a plurality of trusted certificate authority CA entities and one or more subscriber entities A. In this way, entity A can be provisioned onto multiple PKI networks by leveraging a single registered public key or implicit certificate as a credential request to one or more CA entities to obtain additional credentials, where each additional credential can be used to derive additional public key-private key pairs for the entity A.Type: GrantFiled: February 10, 2012Date of Patent: April 15, 2014Assignee: Certicom Corp.Inventors: Matthew John Campagna, Robert John Lambert, James Robert Alfred
-
Patent number: 8701168Abstract: One embodiment of the present invention provides a system that associates a digital certificate with an enterprise profile. During operation, an identity store receives a digital certificate from a client. Next, the identity store searches for a mapping rule which determines if an enterprise profile is associated with the digital certificate, wherein the enterprise profile facilitates in identifying user capabilities. If a mapping rule is found, the identity store executes the mapping rule to determine if an enterprise profile is associated with the digital certificate. If so, the enterprise profile, which is associated with the digital certificate, is returned to the client.Type: GrantFiled: November 21, 2005Date of Patent: April 15, 2014Assignee: Oracle International CorporationInventors: Hari V. N. Sastry, Dipankar Thakuria, Quan H. Dinh
-
Patent number: 8701170Abstract: A system and method for providing, as a service over a computer network (especially a packet-switched computer network) to a body of merchants connected to the computer network, verification of consumer identification based on data provided over the computer network by scanning devices attached to the computers operated by consumers.Type: GrantFiled: May 10, 2002Date of Patent: April 15, 2014Assignee: Kount Inc.Inventor: Timothy P. Barber
-
Publication number: 20140101738Abstract: A method includes transmitting a User ID and a full Password of a user of a client device to a server via the client device, and then establishing a network connection between the client device and the server after the User ID and the full Password. The method also includes receiving, from the server via the client device, an encrypted secret PIN (ESPIN) and a challenge for corresponding positions of a Partial Password, entering the Partial Password via the client device, and computing a secret PIN (SPIN) from the ESPIN via the client device in response to a correct entry of the Partial Password. The Additional Factor is unlocked using the SPIN, and the unlocked Additional Factor is transmitted to the server to request authentication of the user of the client device. The client device includes a processor and memory having instructions for the above method.Type: ApplicationFiled: December 13, 2013Publication date: April 10, 2014Applicant: CA, Inc.Inventor: VenkataBabji Sama
-
Publication number: 20140101737Abstract: A mobile device and a method are provided. A mobile device includes a display, a sensor configured to sense a user operation with respect to the display, a fingerprint sensor configured to sense a fingerprint of the user that input the user operation, a storage configured to store preregistered fingerprint information, and a controller configured to perform an operation corresponding to the user operation when the fingerprint sensed by the fingerprint sensor matches the stored fingerprint information and perform a fingerprint registration operation when the fingerprint sensed by the fingerprint sensor does not match the stored fingerprint information.Type: ApplicationFiled: December 9, 2013Publication date: April 10, 2014Applicant: SAMSUNG ELECTRONICS CO., LTD.Inventor: Young-ho RHEE
-
Publication number: 20140101718Abstract: Providing services within a network of service providers sharing an authentication service and a set of business rules. A central server receives a first request from a first server to provide a first service to a user via a client without forcing the user to present credentials. In response to the received first request, the central server stores data identifying the first service on the client. The central server further receives a second request from a second server to provide a second service to the user via the client after the user presents the credentials to the second service. After receiving the second request and the presented credentials, the central server allows the user access to the second service. In response to allowing the user access to the second service, the central server further allows the user access to the first service as a result of the stored data.Type: ApplicationFiled: December 10, 2013Publication date: April 10, 2014Applicant: Microsoft CorporationInventors: Arnold N. Blinn, Wei-Quiang Michael Guo, Wei Jiang, Raja Pazhanivel Perumal, Iulian D. Calinov
-
Publication number: 20140101736Abstract: Systems and methods for providing services are disclosed. One aspect comprises authenticating a user associated with a first service, receiving a selection of a second service, generating an opaque identifier associated with the user and the first service, wherein the opaque identifier facilitates the anonymous collection of data relating to the second service. Another aspect can comprise transmitting the opaque identifier to the second service, and receiving data relating to the second service.Type: ApplicationFiled: October 8, 2012Publication date: April 10, 2014Applicant: Comcast Cable Communications, LLCInventors: David Mays, Jason Press
-
Publication number: 20140101735Abstract: An automated system and method for assembling and analyzing a candidate application to determine a type of credential in a professional credentialing area for the candidate is provided. The automated system may facilitate the receipt of application materials from various sources and may enable review and appraisal of the application by multiple parties. The application may be tailored to a specific type of requested credential.Type: ApplicationFiled: October 4, 2012Publication date: April 10, 2014Inventors: Karen Neil DRENKARD, Ellen SWARTWOUT, Marianne HORAHAN, Nancy Jo ROBERT, David PAULSON, Vicki Ann LUNDMARK, Patricia Rose DEYO, Stephanie Lida FERGUSON, Diane Lynn THOMPKINS, Christine DEPASCALE
-
Patent number: 8695072Abstract: A user identification method and a system thereof. A user device delivers a certificate packet with a unique serial number to a certificate server, and receives a reply packet with a password from a password server. The user device then uses the password and the unique serial number to produce a user terminal identification code, and then delivers an identification packet with the user terminal identification code to the certificate server. After receiving the certificate packet, the certificate server delivers an inquiry packet with the unique serial number to the password server, and then the password server inquires about password and expiration time thereof according to the unique serial number. After receiving the identification packet, the certificate server verifies the validity of the user terminal identification code and the expiration time with a database to determine if the user is admitted to proceed to the subsequent transaction.Type: GrantFiled: December 1, 2011Date of Patent: April 8, 2014Assignee: Fonestock Technology Inc.Inventor: Ching-Feng Wang
-
Patent number: 8695080Abstract: When transmitting position/time information calculated by means of a GPS function to a server apparatus, authentication is carried out with the server apparatus. The position/time information may be certified as legitimate measured by a portable apparatus with a GPS reception function employed by a user. When transmitting information related to the position and the time acquired from a portable phone terminal having the GPS function and a network function by means of the GPS function to the server apparatus, authentication is carried out between the portable phone terminal and the server apparatus. The position/time information is transmitted to the server apparatus, only if the server apparatus is authenticated as a legitimate counterpart for connection.Type: GrantFiled: September 30, 2011Date of Patent: April 8, 2014Assignee: Sony CorporationInventors: Masayuki Takada, Takayasu Muto
-
Patent number: 8695097Abstract: In a networked computer system, a user accesses a webserver via a web interface presenting credentials comprising a user identification. The webserver is communicatively connected to an application server. If fraud with respect to the user identification is detected, the application server sends a notification or alert to add the user identification to a list of compromised user identifications. The system also comprises a database for storing the list of compromised user identifications on a computer. Another category of user identifications is created referred to as phish phood which is comprised of fabricated user identifications.Type: GrantFiled: August 28, 2007Date of Patent: April 8, 2014Assignee: Wells Fargo Bank, N.A.Inventors: Chris Mathes, Bryan Hall, Michael Toth
-
Patent number: 8695070Abstract: A user identification method and a system thereof are provided. A user device delivers a certificate packet with a user identification number to a certificate server, and receives a reply packet with a code from a password server. The user device uses the code to produce a user terminal identification code, and delivers an identification packet with the user terminal identification code to the certificate server. After having received the certificate packet, the certificate server delivers an inquiry packet with the user identification number to the password server, for the password server to inquire about the password and expiration time according to the user identification number. After having received the identification packet, the certificate server verifies the validity of the user terminal identification code and the expiration time with a database to determine whether the user is allowed to proceed to the subsequent transaction.Type: GrantFiled: March 29, 2012Date of Patent: April 8, 2014Assignee: Fonestock Technology Inc.Inventor: Ching-Feng Wang
-
Patent number: 8695069Abstract: Embodiments of the present invention provide a system that facilitates session management between a web application and a Customer Relationship Management (CRM) system. During operation, the system receives, at a proxy, a service call intended for a CRM system. Next, the system modifies a header of the service call to include authentication credentials for the CRM system. The system then determines if an available session token for the CRM system exists at the proxy. If so, the system modifies the header of the service call to include the session token. Next, the system forwards the service call with the modified header to the CRM system. The system then receives a response to the service call, which includes the session token. Upon receiving the response, the system stores the session token at the proxy for a subsequent service call. Finally, the system forwards the response to the web application.Type: GrantFiled: January 31, 2012Date of Patent: April 8, 2014Assignee: Intuit Inc.Inventors: Rajagopal Chandramohan, Rajkumar Ramakrishnan, Jeffery W. Kester
-
Patent number: 8695067Abstract: A method to authenticate a device and service, and a system thereof, the authentication method including: requesting device authentication information from a device provider in order to receive a service from a service provider, distinct from the device provider, and receiving the device authentication information from the device provider, the device authentication information being used by the service provider to authenticate the device. Therefore, it is possible to perform a device authentication process and service authentication process more simply.Type: GrantFiled: May 27, 2009Date of Patent: April 8, 2014Assignee: Samsung Electronics Co., Ltd.Inventors: Jin-hee Kim, Kyong-yong Yu, Moon Kyu Kim, Young-won Song
-
Publication number: 20140096177Abstract: Systems and methods may provide for determining a composite false match rate for a plurality of authentication factors in a client device environment. Additionally, the composite false match rate can be mapped to a score, wherein an attestation message is generated based on the score. In one example, the score is associated with one or more of a standardized range and a standardized level.Type: ApplicationFiled: September 28, 2012Publication date: April 3, 2014Inventors: Ned Smith, Keith Shippy, Tobias Kohlenberg, Manish Dave, Omer Ben-Shalom, Mubashir Mian
-
Publication number: 20140096211Abstract: A method is provided for network identification based on high entropy data on a network which are not easily guessed or obtained outside the network, which can prevent an attacker from “spoofing” the network. A component in a client computer connected to a network may obtain over the network a network data block including device identification information of a device controlling the network. Upon parsing the network data block, such high entropy data as unique device identifiers may be obtained from the device identification information. Depending on availability of the unique device identifiers and authentication history of the client computer, different combinations of the unique device identifiers and/or other identification information may be used to generate a unique network identifier such as a network signature. The component may provide the network signature to applications within the client computer.Type: ApplicationFiled: December 4, 2013Publication date: April 3, 2014Applicant: Microsoft CorporationInventors: Bill Begorre, Deon C. Brewis
-
Patent number: 8688987Abstract: One embodiment is directed to a method for managing cryptographic information. The method includes initiating cryptographic information loading application on a general purpose mobile device (GPMD) and establishing a connection between the GPMD and a server that includes cryptographic information. Authentication input is received from a user of the GPMD. Data identifying the GPMD and the authentication input is sent from the GPMD to the server for authentication of the GPMD and the user. The GPMD also sends data identifying an electronic device into which cryptographic information is to be loaded. In response, the GPMD receives cryptographic information for the electronic device at the GPMD from the server. The GPMD then sends the cryptographic information from the GPMD to the electronic device for loading therein.Type: GrantFiled: July 30, 2012Date of Patent: April 1, 2014Assignee: Honeywell International Inc.Inventors: James Christopher Kirk, Michael L. Olive, Louis T. Toth
-
Patent number: 8689298Abstract: A first request is received, at a service application programming interface (API) of an authorization server, to change a permission of a first role for accessing a first resource. In response to the first request, a first role-based permission data structure associated with the first role is accessed to identify an entry associated with the first resource, where the first role-based permission data structure includes entries corresponding to resources, respectively. Each resource is associated with one or more permissions for a user of the first role to access the corresponding resource. One or more permissions are updated in the identified entry associated with the first resource.Type: GrantFiled: May 31, 2011Date of Patent: April 1, 2014Assignee: Red Hat, Inc.Inventors: Jason Lilaus Connor, Michael B. McCune
-
Patent number: 8686829Abstract: A lock code recovery system for selectively sending a lock code to a proximate personal electronic device is provided. A recognizable code is associated with the proximate personal electronic device. The lock code recovery system includes a user input device for receiving feedback and a control module. The control module is in communication with the user input device, and has a memory with an application and at least one recognizable code stored thereon. The application has the lock code associated with the application for at least activating or deactivating the application. The control module includes control logic for monitoring the user input device for feedback indicating the lock code associated with the application should be sent to the proximate personal device.Type: GrantFiled: June 10, 2011Date of Patent: April 1, 2014Assignee: GM Global Technology Operations LLCInventor: Matthew M. Highstrom
-
Patent number: 8689004Abstract: A server system receives and installs multiple claim provider plug-ins. Each of the claim provider plug-ins implements the same software interface. However, each of the claim provider plug-ins can provide claims that assert different things. Claims provided by the claim provider plug-ins can be used to control access of users to a resource.Type: GrantFiled: December 15, 2010Date of Patent: April 1, 2014Assignee: Microsoft CorporationInventors: Javier Dalzell, Bryant Fong, Sarat Chandra Subramaniam, Christian Roy, Sadia Sharmin, Benoit Schmitlin, Venkatesh Veeraraghavan
-
Patent number: 8689296Abstract: A system and method for controlling distribution and use of digital identity representations (“DIRs”) increases security, usability, and oversight of DIR use. A DIR stored on a first device may be obtained by a second device for use in satisfying the security policy of a relying party. Release of the DIR to the second device requires permission from a device or entity that may be different from the device or entity attempting to access the relying party. Further, the use of the DIR to obtain an identity token may separately require permission of even a different person or entity and may be conditioned upon receiving satisfactory information relating to the intended use of the DIR (e.g., the name of the relying party, type of operation being attempted, etc.). By controlling the distribution and use of DIRs, security of the principal's identity and supervisory control over a principal's activities are enhanced.Type: GrantFiled: December 7, 2007Date of Patent: April 1, 2014Assignee: Microsoft CorporationInventors: John Shewchuk, Kim Cameron, Arun Nanda, Xiao Xie
-
Patent number: 8689299Abstract: Systems and methods for managing a user identity on a mobile device are provided. The system comprises the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other. The system further comprises an identity provider in communication with the mobile device, and a client service in communication with the mobile device. The user agent is configured to communicate with the identity provider and retrieve the user identity for the client application, and the client application is configured to transmit the user identity to the client service.Type: GrantFiled: December 22, 2011Date of Patent: April 1, 2014Assignee: BlackBerry LimitedInventors: Brian Everett McBride, Avinash Chidambaram, Jér{hacek over (o)}me Bertrand Nicolas Cornet
-
Patent number: 8689291Abstract: The disclosure discloses a wireless access device (2), which includes: a wireless module (204) which establishes a wireless connection with a network, a solid state memory (203) partitioned into different storage volumes, a driver management module (202) and an enumeration management module (201). In the solid state memory, the fourth storage volume stores a bootstrap, the first storage volume stores an operating system and system management software, and the third storage volume stores encryption driver management software, device drive software and device management software. The driver management module (202) stores storage volume information.Type: GrantFiled: October 29, 2010Date of Patent: April 1, 2014Assignee: ZTE CorporationInventor: Jian Cui
-
Patent number: 8688970Abstract: The invention provides a method for trust relationship detection between a core and access network for a user equipment. The gist is that a security tunnel establishment procedure is used so one entity, be it part of the core network or be it the user equipment itself, is provided with information to determine whether the access network is trusted or untrusted. The information may comprise a first IP address/prefix, which is initially assigned to the user equipment, upon attaching to the access network. The necessary information may further comprise a second IP address/prefix, which is an address/prefix that is allocated at a trusted entity of the core network. Depending which entity determines the trust relationship of the access network, it might be necessary to transmit either the first IP address/prefix or the second IP address/prefix or the first and the second IP address/prefix using the security tunnel establishment procedure.Type: GrantFiled: June 12, 2008Date of Patent: April 1, 2014Assignee: Panasonic CorporationInventors: Jens Bachmann, Kilian Weniger, Takashi Aramaki, Jon Schuringa, Jun Hirano, Shinkichi Ikeda
-
Patent number: 8689304Abstract: A system and associated method for providing enhanced site access security by use of multiple authentications from independent sources. A security enhanced user service system has components of a user authentication process, a service application, a multi-authentication module and an authentication database. A user attempting to use the service application accesses through a client system that is coupled to the security enhanced user service system. The user authentication process receives login information from the user, checks for validity, and sends to the multi-authentication module to further verify the login information. The multi-authentication module generates a grant or denial by use of predefined logical condition to satisfy for the grant response, data stored in the authentication database, another security enhanced user service system etc., pursuant to a specific configuration.Type: GrantFiled: May 2, 2011Date of Patent: April 1, 2014Assignee: International Business Machines CorporationInventor: Arnaud Lund
-
Patent number: 8689321Abstract: A portable computer terminal having an operating system configured to switch from a first state to a second state in response to a first command from a user and to switch from the second state to the first state in response to a second command from the user, the second command including inputting an identification code of the user, the operating system being capable, in the first state, of causing execution in interactive manner of an application selected from a set of applications, the operating system being capable, in a second state, of causing execution in interactive manner of an application of said set of applications in compliance with an access condition, wherein the access condition is determined as a function of said first command.Type: GrantFiled: June 14, 2012Date of Patent: April 1, 2014Assignee: Oberthur TechnologiesInventor: Paul Dischamp
-
Patent number: 8689297Abstract: A system, devices and method for authenticating a user requesting access, through a computing device connected to a network, to an on-line resource hosted by a server in communication with the network. The system, devices and method employing an authentication server and a mobile communications device in communication over a wireless network. The authentication server forwarding an authentication to the mobile communications device. Optionally, the authentication server also returning security information related to the authentication in response to the request. The mobile communications device operative to receive and process the authentication, and forward the processed authentication to the computing device over a short-range communications link.Type: GrantFiled: November 19, 2010Date of Patent: April 1, 2014Assignee: BlackBerry LimitedInventors: Jerome Pasquero, David Ryan Walker
-
Patent number: 8688813Abstract: Embodiments of the present invention provide methods, system and machine-readable media for dynamically providing identity management or other services. According to one embodiment, dynamically providing services can comprise receiving a request related to an unknown principal. A service to which the principal is known can be selected. Once a service to which the principal is known has been located, an identity management result can be obtained from the selected service. The method can further comprise determining based on the identity management result whether the principal is authorized to access a requested resource. In response to determining the principal is authorized, the requested resource can be accessed.Type: GrantFiled: January 11, 2006Date of Patent: April 1, 2014Assignee: Oracle International CorporationInventor: Stephane H. Maes
-
Patent number: 8689355Abstract: An improved technique involves creating a new lockbox mechanism which is configured to work on a new or upgraded operating platform having different operating platform parameters, and then storing confidential information within the new lockbox (e.g., a copy of credentials which are also stored at a main site). When the new lockbox is then moved to the new or upgraded operating platform, the new lockbox mechanism properly works. Such operation enables the maintained compatibility with applications, control and maintenance of lockbox security throughout, and can be performed automatically and/or remotely.Type: GrantFiled: August 30, 2011Date of Patent: April 1, 2014Assignee: EMC CorporationInventors: Janardana Neelakanta, Suresh Krishnappa
-
Publication number: 20140090035Abstract: Security is improved as compared to the security of conventional authentication systems, only by requesting a user to perform operations involving the same number of operations as that of the conventional authentication systems. When login information is registered, an authentication system (1, 1A) accepts registration of a type of a login image that composes an authentication button for initiating user authentication. When displaying an authentication page that is used for user authentication, the authentication system (1, 1A) displays buttons including the authentication button composed of the login image and dummy buttons composed of other images. The authentication system (1, 1A) performs user authentication in a case in which an operation button selected by the user is the authentication button.Type: ApplicationFiled: June 13, 2011Publication date: March 27, 2014Inventor: Shoji Kodama