Management Patents (Class 726/6)
-
Patent number: 8584215Abstract: A method is provided in one example implementation and includes identifying a plurality of exporters that are authorized to communicate data to a collector on behalf of a secure domain; generating secure credentials for the secure domain; communicating the secure credentials to the collector; and authenticating the exporters using the secure credentials. In more particular implementations, the method can include receiving the secure credentials; receiving certain data that includes identifying information, which further includes an Internet protocol (IP) address of a source associated with the certain data; accepting the certain data if the secure credentials validate the identifying information; and rejecting the certain data if the secure credentials do not validate the identifying information.Type: GrantFiled: February 7, 2012Date of Patent: November 12, 2013Assignee: Cisco Technology, Inc.Inventors: Maithili Narasimha, Suraj Nellikar, Srinivas Sardar
-
Patent number: 8584200Abstract: A method for revoking access to a mobile device includes providing a plurality of authenticated applications accessible by the mobile device, and providing a plurality of revocation timeout intervals for revoking access by the mobile device to the plurality of authenticated applications. Access to a first authenticated application is revoked after a first timeout interval and access to a second authenticated application is revoked after a second timeout interval.Type: GrantFiled: September 29, 2005Date of Patent: November 12, 2013Assignee: Broadcom CorporationInventor: Edward H. Frank
-
Patent number: 8584214Abstract: A method, a network element, and a client device for creating a trusted connection with a network are disclosed. A client device 104 may attempt to access a sub-network 106. The client device 104 may determine that a certificate of the sub-network 106 is issued by a certification authority absent from a device certificate trust list. The client device 104 may receive via the sub-network 106 a certificate trust list update 400 from a certificate trust list provider 108.Type: GrantFiled: September 18, 2008Date of Patent: November 12, 2013Assignee: Motorola Mobility LLCInventors: Steven D. Upp, Alexander Medvinsky, Madjid F. Nakhjiri
-
Patent number: 8584216Abstract: A computer-implemented method for efficiently deploying cryptographic key updates may include (1) receiving a request for subscribed cryptographic key material from a client device that includes information that identifies both the client device and cryptographic key material currently possessed by the client device, (2) automatically identifying the client device's subscribed cryptographic key material, (3) determining, by comparing the information received from the client device with the client device's subscribed cryptographic key material, that the cryptographic key material currently possessed by the client device does not match the client device's subscribed cryptographic key material, and (4) deploying at least one update to the client device that causes the client device to update the cryptographic key material currently possessed by the client device to match the client device's subscribed cryptographic key material. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: March 15, 2012Date of Patent: November 12, 2013Assignee: Symantec CorporationInventor: Michael Allen
-
Patent number: 8582471Abstract: A method and apparatus for setting up a wireless ad-hoc network, the method including: interchanging, at a terminal, a terminal identifier and Wi-Fi protected setup (WPS) capability information with another terminal of the wireless ad-hoc network; selecting, at the terminal, a role of the terminal as a registrar or an enrollee based on the interchanged terminal identifier and the interchanged WPS capability information of the wireless ad-hoc network; and optionally registering in the registrar based on the selected role.Type: GrantFiled: March 11, 2009Date of Patent: November 12, 2013Assignee: Samsung Electronics Co., Ltd.Inventors: Suk-Jin Yun, Chang-Yeul Kwon, Seong-Wook Lee, Chil-Youl Yang, Kyung-Ik Cho
-
Patent number: 8584247Abstract: A computer-implemented method for evaluating compliance checks may include (1) maintaining a group of compliance standards for at least one computing network, with each compliance standard comprising at least one compliance check for evaluating at least one aspect of a network device, (2) calculating a reputation score for at least one compliance check within the group of compliance standards, (3) assigning the reputation score to the compliance check, and then (4) providing a recommendation for whether to implement the compliance check based at least in part on the reputation score assigned to the compliance check.Type: GrantFiled: June 9, 2010Date of Patent: November 12, 2013Assignee: Symantec CorporationInventor: Dipak Patil
-
Patent number: 8584208Abstract: An apparatus for providing a framework for supporting a context resource description language may include at least one processor and at least one memory including computer program code. The at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus to perform at least receiving an indication of content loaded at a browser, parsing the content for context resource description language providing an identification of properties requested in association with a service from which the content was loaded, and providing property management with respect to the identified properties for provision to the service. A corresponding method and computer program product are also provided.Type: GrantFiled: November 25, 2009Date of Patent: November 12, 2013Assignee: Nokia CorporationInventor: Sailesh Kumar Sathish
-
Patent number: 8583911Abstract: In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user's private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data. When the content site receives a request for the private data from the user or optionally from other users (such as social networking friends), the server can send the encrypted user data to a client associated with the requesting user. This client, if operated by an authorized user, can decrypt the private data and present it to the authorized user.Type: GrantFiled: December 29, 2010Date of Patent: November 12, 2013Assignee: Amazon Technologies, Inc.Inventor: Kevin Miller
-
Publication number: 20130298208Abstract: A method and apparatus for mobile security using a short wireless device. The method and device increases mobile device security and data security and reduces false alerts.Type: ApplicationFiled: May 6, 2012Publication date: November 7, 2013Inventor: Mourad Ben Ayed
-
Publication number: 20130298209Abstract: Systems, methods, and apparatus embodiments are described herein for enabling one-round trip (ORT) seamless user/device authentication for secure network access. For example, pre-established security associations and/or credentials may be leveraged between a user/device and a network entity (e.g., application server) on a network to perform an optimized fast authentication and/or to complete security layer authentication and secure tunnel setup in an on-demand and seamless fashion on the same or another network.Type: ApplicationFiled: March 15, 2013Publication date: November 7, 2013Inventor: INTERDIGITAL PATENT HOLDINGS, INC.
-
Patent number: 8578458Abstract: In at least one implementation a method includes receiving an identifier associated with a device, entering the identifier into a network controller device, inviting the device associated with the identifier to join a network, admitting the device associated with the identifier to the network, sending the device associated with the identifier a name of the network, and confirming that the device has joined the network as a device recognized by the network controller device.Type: GrantFiled: March 3, 2011Date of Patent: November 5, 2013Assignee: Lantiq Deutschland GmbHInventors: Vladimir Oksman, Pramod Pandey, Joon Bae Kim
-
Patent number: 8578153Abstract: A system, method, and owner node for securely changing a mobile device from an old owner to a new owner, or from an old operator network to a new operator network. The old owner initiates the change of owner or operator. The old owner or operator then commands the mobile device to change a currently active first key to a second key. The second key is then transferred to the new owner or operator. The new owner or operator then commands the mobile device to change the second key to a third key for use between the mobile device and the new owner or operator. Upon completion of the change, the new owner or operator does not know the first key in use before the change, and the old owner does not know the third key in use after the change.Type: GrantFiled: October 27, 2009Date of Patent: November 5, 2013Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Mattias Johansson, Hakan Englund
-
Patent number: 8578453Abstract: The invention describes a system, method and computer product to regulate user access to websites. The system receives a URL request by a user corresponding to a website that the user wishes to access. Thereafter, the system determines the associated group of the user and the associated category of the website. Subsequently, a message to be displayed to the user is determined based on the associated group of the user and the associated category of the website. The message is included in a block page and then displayed to the user.Type: GrantFiled: June 23, 2010Date of Patent: November 5, 2013Assignee: Netsweeper Inc.Inventor: Perry J. Roach
-
Patent number: 8578454Abstract: Systems and methods for authenticating defined user actions over a computer network. An authentication service receives an authentication request from an authenticating service to perform an action on behalf of a user. The authentication service then sends a permission request to a mobile device associated with the user, asking the user whether or not the action should be allowed. The user sends a permission response via the mobile device to the authentication service, granting or denying the action. The user may automate future similar responses so long as at least one automation criterion is met (e.g., the physical location of the mobile device), eliminating the need to manually provide a response to future permission requests. Information necessary to determine whether the automation criterion is met is stored locally on the mobile device.Type: GrantFiled: October 25, 2012Date of Patent: November 5, 2013Assignee: Toopher, Inc.Inventor: Evan Tyler Grim
-
Patent number: 8578460Abstract: Technologies are generally described for automatically reconnecting a security principal to cloud services through correlation of security principal identifier attributes. A new security principal for a user may be detected and automatically reconnected to the user's cloud based services. An administrator for the security domains may specify a value of a unique security principal metadata attribute for the original security principal in a customizable security principal metadata attribute in the new security principal in the same or new security domain. A secondary verification metadata attribute may optionally be specified to ensure the correct security principal is reconnected to the user's cloud based resources. The correlation between the original security principal for the user and the new security principal may be used to reconnect the user's cloud resources.Type: GrantFiled: August 8, 2011Date of Patent: November 5, 2013Assignee: Microsoft CorporationInventors: John B. Cucco, Veniamin Rybalka, Ulric Dihle, Larry Draper, Kanika Agrawal, Tony Chan, Guruprakash Rao, Ashwin Chandra
-
Patent number: 8578451Abstract: A method and system for processing a data request from a watcher for a target at a server, the method receiving a request for information; searching through a policy for rules to be applied based on the watcher; applying any rules found by the searching, the rule causing a transformation of the information into at least one aspect interpretable by the watcher, the applying utilizing a presence information data format transformation; and returning the at least one aspect incorporated in a presence information data format.Type: GrantFiled: December 11, 2009Date of Patent: November 5, 2013Assignee: BlackBerry LimitedInventors: Brian Edward Anthony McColgan, Gaelle Christine Martin-Cocher
-
Patent number: 8578452Abstract: The invention proposes a method for securely creating a new user identity within an existing cloud account in a cloud computing system, said cloud computing system providing cloud services and resources, said cloud account comprising cloud user identities, said method comprising enabling a first user to access the cloud services and resources using a first security device, wherein it comprises authenticating to the first security device, creating a new user identity within the cloud account for a second user using the first security device.Type: GrantFiled: April 27, 2011Date of Patent: November 5, 2013Assignee: Gemalto SAInventor: HongQian Karen Lu
-
Patent number: 8578459Abstract: Methods and apparatus to control network access from a user device, are disclosed. An example method includes receiving a request from a user device for access to a network, receiving a first password from the user device, determining that the first password is invalid, and sending a second password and a command to the user device to cause the user device to execute an application to store the second password on a network access device associated with the user device.Type: GrantFiled: January 31, 2007Date of Patent: November 5, 2013Assignee: AT&T Intellectual Property I, L.P.Inventors: Anthony Wood, Chad Carloss, James Bert Grantges
-
Publication number: 20130291077Abstract: An image processing device controls a local resource, retrieves data files from a network, generates partial images from data included in the data files, and displays an image by combining the plurality of partial images. The partial images include first partial images that require access to the local resource and second partial images that do not require such access. Access to the local resource takes place by request and is controlled so that generation of the first partial images requires authentication of the retrieved data files. While authentication is in progress, the image processing device disallows access to the local resource and displays an image by combining the second partial images with a notification image indicating that authentication is being performed.Type: ApplicationFiled: March 18, 2013Publication date: October 31, 2013Applicant: Mitsubishi Electric CorporationInventor: Toshimitsu SATO
-
Publication number: 20130291076Abstract: A subscription proxy receives, from an end user system, a request for a resource provided by a content delivery network, the request comprising a local credential associated with the end user system. The subscription proxy identifies a remote credential associated with the content delivery network and corresponding to the local credential. The subscription proxy replaces the local credential in the request with the corresponding remote credential and sends the request for the resource with the remote credential to the content delivery network.Type: ApplicationFiled: April 26, 2012Publication date: October 31, 2013Applicant: Red Hat, Inc.Inventors: Christopher Duryee, James Bowes, Bryan Kearney
-
Publication number: 20130291078Abstract: An authentication credentials push service (ACPS) that securely pushes non-privileged authentication credentials to registered client entities. The ACPS comprises a classification server and a push server to provide access to non-privileged authentication credentials absent a pull transaction. The classification server in the ACPS classifies authentication credentials as either privileged (i.e. private, forgeable) or non-privileged (i.e. non-forgeable, non-sensitive). Credentials identified as being of a privileged nature are treated with restricted access. Alternatively, credentials classified as being of a non-privileged nature are made available for the push service. Authentication servers register with the ACPS to become consumers of the push service. A push server within the ACPS pushes non-privileged authentication credentials to registered authentication servers at predetermined intervals. Individual authentication credentials push services (ACPS) have access to different authentication credentials.Type: ApplicationFiled: April 10, 2013Publication date: October 31, 2013Inventors: Keith A. McFarland, Kambiz Ghozati, John Stevens, Wiliam P. Wells
-
Patent number: 8572395Abstract: An information processing apparatus is configured to authenticate a user. In one embodiment, the information processing apparatus includes a storage unit that stores user identification information in association with user authentication information. Identification information for identifying a user is inputted into the apparatus. If the inputted identification information matches the stored user identification information, the apparatus selects the user authentication information associated with the user identification information that matches the inputted identification information, and sends the selected user authentication information to an authentication server, so that authentication is executed. If the inputted identification information does not match the stored user identification information, the apparatus requires that authentication information be provided by the user.Type: GrantFiled: November 1, 2006Date of Patent: October 29, 2013Assignee: Canon Kabushiki KaishaInventor: Daisuke Ito
-
Patent number: 8572703Abstract: A system and method for authenticating a user of an image processing system. User credentials are received at an authentication device corresponding to an image processing device, and transmitted to a first server remote from the authentication device. The validity of the user credentials are judged by comparing the received user credentials to authentication information stored at the first server, and a result of the judging is transmitted to the image processing device. The image processing device then requests access to a second server remote from the image processing device, and the second server transmits a request for the user credentials to the first server. After receiving the user credentials from the first server, the second server performs user authentication.Type: GrantFiled: March 29, 2007Date of Patent: October 29, 2013Assignee: Ricoh Americas CorporationInventors: Hiroshi Kitada, Lana Wong, Helen Wang, Weiyun Tang, Andrew Jennings, Revathi Vellanki
-
Patent number: 8572708Abstract: A method that provides efficient integration of infrastructure for federated single sign on (e.g. Liberty ID-FP framework) and generic bootstrapping architecture (e.g. 3GPP GAA/GBA architecture) uses an integrated proxy server (IAP). The IAP is inserted in the path between a user and a service provider (SP). The IAP differentiates type of access and determines corresponding operative state to act as a liberty enabled server or as a GAA/GBA network application function. A Bootstrapping, Identity, Authentication and Session Management arrangement (BIAS) leverages on 3GPP GAA/GBA infrastructure to provide an integrated system for handling Liberty Federated SSO and 3GPP GAA/GBA bootstrapping procedures at the same time. This method and arrangement provides improved use of infrastructure elements and performance for authenticated service access.Type: GrantFiled: December 28, 2006Date of Patent: October 29, 2013Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Luis Barriga, David Castellanos Zamora
-
Patent number: 8570861Abstract: When one actor or network within a broader system of networks is announcing numerous routes or otherwise performing “poorly,” the neighboring networks can suffer because of the strain that the poorly performing network puts on resources. Typically, in order to counteract the effects of a poorly performing neighboring network, a router may simply stop accepting changes or stop accepting packets from the poorly performing neighbor. Some network participants may only temporarily be acting poorly and straining its neighbors' resources, however. Therefore, in some of the embodiments, a reputation score or level for a network participant may be determined based on its actions over time. This reputation may be used to determine whether, when, and how to act on the network request from the participant.Type: GrantFiled: June 29, 2010Date of Patent: October 29, 2013Assignee: Amazon Technologies, Inc.Inventors: Eric Jason Brandwine, Swaminathan Sivasubramanian, Bradley E. Marshall, Tate Andrew Certain
-
Patent number: 8572701Abstract: A first server device is configured to receive an authentication request from a second server device; add the authentication request to a queue associated with a user; and provide a representation of the queue to a mobile device of the user. The representation of the queue includes an entry for the authentication request. The first server device is further configured to receive, from the mobile device, authentication information, provided by the user, for the authentication request; determine that authentication, of the user, for the authentication request is successful based on the authentication information; generate an authentication response that indicates that the authentication, of the user, for the authentication request is successful; and transmit, by the first server device, the authentication response to the second server device.Type: GrantFiled: August 22, 2011Date of Patent: October 29, 2013Assignee: Verizon Patent and Licensing Inc.Inventor: George Steven Rathbun
-
Patent number: 8572702Abstract: An exemplary password recovery method is applied on a server. The server is connected to one user terminal. The server stores email addresses and email boxes associated with the corresponding email address. Each email box includes emails sent to each corresponding email address. Each email may be a registration email that includes a website and a username. The method receives a password recovery request for a submitted email address of a user, and determines whether there is a registration email in the email box. If yes, the method obtains the website and the username. The method then controls the user terminal to display the prompt information corresponding to the obtained website. Further, the method receives the input username, and determines whether the input username matches the obtained username. If yes, the method generates a new email password, and controls the user terminal to display the new email password.Type: GrantFiled: March 20, 2012Date of Patent: October 29, 2013Assignees: Fu Tai Industry (Shenzhen) Co., Ltd., Hon Hai Precision Industry Co., Ltd.Inventor: Qiang You
-
Patent number: 8572680Abstract: Systems and methods for creating a list of trustworthy resolvers in a domain name system. A computer receives a resolver profile for a resolver sending queries to a domain name server. The resolver profile is based on any, or a combination, of a top-talker status of the resolver, a normalcy of distribution of domain names queried, a continuity of distribution of query type, and a RD bit status, and information related to query traffic based on the topology of the domain name server. Resolver profiles can be compared to a trust policy to determine whether the resolver is trustworthy. Resolvers deemed trustworthy can be added to a list of trustworthy resolvers. Embodiments can detect the occurrence of a network-based attack. Embodiments can mitigate the effect of a network-based attack by responding only to queries from resolvers on the list of trustworthy resolvers.Type: GrantFiled: March 14, 2013Date of Patent: October 29, 2013Assignee: Verisign, Inc.Inventors: Eric Osterweil, Danny McPherson
-
Publication number: 20130283360Abstract: In one embodiment, each security protocol supplicant in a computer network determines its group temporal key (GTK) state, and exchanges the GTK state with one or more neighbor supplicants in the computer network. Based on the exchange, a supplicant may determine whether any inconsistencies exist in its GTK state, and in response to any inconsistencies in the GTK state, may perform a GTK state synchronization with a security protocol authenticator by indicating to the authenticator what is needed to resolve the inconsistent GTK state at the particular supplicant. In another embodiment, the authenticator, which is configured to not store per-supplicant GTK state, may transmit beacons containing GTK identifiers (IDs) of GTKs currently enabled on the authenticator, and also responds to supplicants having inconsistent GTK states with one or more needed GTKs as indicated by the supplicants.Type: ApplicationFiled: April 20, 2012Publication date: October 24, 2013Applicant: Cisco Technology, Inc.Inventors: Jonathan W. Hui, Anjum Ahuja, Krishna Kondaka, Wei Hong
-
Patent number: 8566605Abstract: A method, system and computer readable media for dynamically updating current communication information, for enabling access to current communication based upon biometric information and/or for allowing communication information to be associated with biometric information and then allowing this communication information to be provided to desired recipients.Type: GrantFiled: March 12, 2012Date of Patent: October 22, 2013Assignee: International Business Machines CorporationInventors: Sarbajit Kumar Rakshit, Shawn K. Sremaniak, Thomas S. Mazzeo, Barry Allan Kritt
-
Patent number: 8566916Abstract: A method, system, and apparatus for agile generation of one time passcodes (OTPs) in a security environment, the security environment having a token generator comprising a token generator algorithm and a validator, the method comprising generating a OTP at the token generator according to a variance technique; wherein the variance technique is selected from a set of variance techniques, receiving the OTP at a validator, determining, at the validator, the variance technique used by the token generator to generate the OTP, and determining whether to validate the OTP based on the OTP and variance technique.Type: GrantFiled: October 30, 2012Date of Patent: October 22, 2013Assignee: EMC CorporationInventors: Daniel Bailey Vernon, John G Brainard, William M Duane, Michael J O'Malley, Robert S Philpott
-
Patent number: 8566915Abstract: Techniques for mixed-mode authentication are described. In one or more embodiments, an authentication service may be implemented to selectively configure and issue authentication tokens based upon an optional secure mode that enables enhanced security. Clients may be provided with an option to choose between an insecure mode and a secure mode for authentications. Based on this choice, tokens may be configured to include an indication of whether the secure mode is disabled or enabled. When secure mode is disabled, an insecure token valid for both secure sites and other sites is issued to a client when the client is authenticated. When the optional secure mode is enabled, both secure and insecure tokens are provided to the client. The authentication services and/or other services may be configured to reject an insecure token when secure mode is enabled to prevent unauthorized use of a stolen token to access secure resources.Type: GrantFiled: October 22, 2010Date of Patent: October 22, 2013Assignee: Microsoft CorporationInventors: Walter C. Hsueh, Yordan I. Rouskov, Spencer Wong Low, Daniel W. Crevier
-
Patent number: 8566945Abstract: A recursive web crawling and analysis tool that includes conducting an initial crawl of a target to identify testable or analyzable objects. The objects are then parsed to identify vulnerabilities, as well as additional objects that can be analyzed. An attack is then launched against the analyzable objects in an effort to break or verify the vulnerabilities. During this attack, additional analyzable objects may be discovered. If such additional objects are discovered, the web crawler is invoked on the additional objects as well, and the results of the crawl are fed back into the parser and attacker functions.Type: GrantFiled: February 11, 2005Date of Patent: October 22, 2013Assignee: Hewlett-Packard Development Company, L.P.Inventor: Caleb Sima
-
Publication number: 20130276077Abstract: A computerized method for resetting a password of a user, the user uses an electronic device to access to an information system provided by a server according to a user ID of the user and the password. An index code and device information of the electronic device are stored in the server corresponding to the user ID. When the password is to be reset, the user ID and the index code are inputted by the user and the device information of the electronic device is acquired. A verification string is generated using the index code and the user ID inputted by the user and the acquired device information, and is sent to the server for verification, thereby requesting to reset the password.Type: ApplicationFiled: April 9, 2013Publication date: October 17, 2013Applicants: HON HAI PRECISION INDUSTRY CO., LTD., FU TAI HUA INDUSTRY (SHENZHEN) CO., LTD.Inventors: YU-KAI XIONG, XIN-HUA LI
-
Publication number: 20130275748Abstract: Secure password-based authentication for cloud service computing. A request for cloud computing resource access includes a derivative password that contains a parameter that the recipient may extract in order to independently calculate the derivative password based on the parameter and a stored password which may then be verified against a known-to-be-correct password. Other systems and methods are disclosed.Type: ApplicationFiled: April 17, 2012Publication date: October 17, 2013Applicant: GEMALTO SAInventor: HongQian Karen LU
-
Patent number: 8561156Abstract: A server apparatus capable of preventing unauthorized use of services by a third party through an electronic appliance that stores information used for user authentication by the server apparatus. The server apparatus receives, from an information processing apparatus, pieces of user identification information, pieces of appliance identification information, and pieces of use permission/prohibition information representing on a per service type basis whether uses of services are permitted or prohibited, and stores them so as to be associated with one another. When determining based on use permission/prohibition information, which is associated with a combination of user identification information and appliance identification information that are accepted from an electronic appliance, that use of a service represented by service type information accepted from the electronic appliance is permitted, the server apparatus transmits screen information for use of the service to the electronic appliance.Type: GrantFiled: May 26, 2011Date of Patent: October 15, 2013Assignee: Canon Kabushiki KaishaInventors: Araki Matsuda, Yosato Hitaka
-
Patent number: 8561147Abstract: The present invention is to ensure security of a local network, e.g., a home network from remote access while allowing remote access. In a method of the present invention, if a device on the local network is to be accessed remotely, user identifying information (and/or device identifying information) and connection information of a target device, that are accompanied by the access, are compared with information of registered allowance entries and whether to allow the access is determined based on the comparison result. According to the method, remote access to a device invoked by a user (and/or a remote device) whose remote access is not set to allowance is blocked while remote access invoked by a user (and/or a remote device) whose remote access is set to allowance is admitted.Type: GrantFiled: April 19, 2006Date of Patent: October 15, 2013Assignee: LG Electronics Inc.Inventors: Kyung Ju Lee, Yu Kyoung Song
-
Patent number: 8561138Abstract: In some embodiments, the invention involves protecting a platform using locality-based data and, more specifically, to using the locality-based data to ensure that the platform has not been stolen or subject to unauthorized access. In some embodiments, a second level of security, such as a key fob, badge or other source device having an identifying RFID is used for added security. Other embodiments are described and claimed.Type: GrantFiled: December 31, 2008Date of Patent: October 15, 2013Assignee: Intel CorporationInventors: Michael M. Rothman, Vincent Zimmer
-
Patent number: 8561158Abstract: A system and method for searching and retrieving certificates, which may be used in the processing of encoded messages. In one broad aspect, certificate identification data that uniquely identifies a certificate associated with a message is generated. The certificate identification data can then be used to determine whether the certificate is stored on a computing device. Only the certificate identification data is needed to facilitate the determination alleviating the need for a user to download the entire message to the computing device in order to make the determination.Type: GrantFiled: September 13, 2012Date of Patent: October 15, 2013Assignee: Blackberry LimitedInventors: Neil Patrick Adams, Michael Stephen Brown, Herbert Anthony Little
-
Patent number: 8561157Abstract: A method, system, and computer-readable storage medium are provided. Embodiments of the invention include receiving notification of a log-in event associated with a first login session wherein a user is authorized to access a resource of a computing system based on a credential. During the first login session and in response to determining the credential is valid, a second login session is established by granting the user access to a resource of an application associated with the computing system. During the first login session and in response to receiving information indicating an event has occurred, the second login session is terminated such that the user does not have access to the resource of the application. And during the first login session and in response to determining again that the credential is valid, a third login session is established by granting the user access to a resource of the application.Type: GrantFiled: September 23, 2011Date of Patent: October 15, 2013Assignee: Canon U.S.A., Inc.Inventor: Jiuyuan Ge
-
Patent number: 8560859Abstract: A storage controller and program product is provided for performing double authentication for controlling disruptive operations on storage resources generated by a system administrator. A first request is received from a first user for generation of a first key. A first key is generated, provided to the first user and associated with the storage resource. An input is received from the administrator, the input comprises a second key and a command for performing the disruptive operation. The second key and the first key are compared. It is verified that the administrator is authorized as an administrator of the storage resource. The disruptive operation is performed on the storage resource if the second key and the first key match and the administrator is authorized. Otherwise, the performance of the disruptive operation is denied.Type: GrantFiled: March 15, 2013Date of Patent: October 15, 2013Assignee: International Business Machines CorporationInventors: Vincent Boucher, Sebastien Chabrolles, Benoit Granier, Arnaud Mante
-
Patent number: 8560839Abstract: A secure location system is described herein that leverages location-based services and hardware to make access decisions. Many mobile computers have location devices, such as GPS. They also have a trusted platform module (TPM) or other security device. Currently GPS location data is made directly accessible to untrusted application code using a simple protocol. The secure location system provides a secure mechanism whereby the GPS location of a computer at a specific time can be certified by the operating system kernel and TPM. The secure location system logs user activity with a label indicating the geographic location of the computing device at the time of the activity. The secure location system can provide a difficult to forge, time-stamped location through a combination of kernel-mode GPS access and TPM security hardware. Thus, the secure location system incorporates secure location information into authorization and other operating system decisions.Type: GrantFiled: December 20, 2010Date of Patent: October 15, 2013Assignee: Microsoft CorporationInventors: Paul Barham, Joseph N. Figueroa
-
Publication number: 20130269010Abstract: A password evaluation system is provided for determining the password strength of a password. A password is provided for evaluation. The password is parsed and substrings are identified from the password. Each substring is associated with a pattern that can generate the substring. The substrings are scored to determine a substring strength measure for the substring. The substrings are combined to identify non-overlapping substring combinations, which together make up the password. The combinations are assigned a combination strength score based in part on the substring strength of the substrings contained in the substring combinations. The substring combination with the lowest combination strength measure is identified and the associated combination strength measure is used as the password strength measure for the password.Type: ApplicationFiled: December 19, 2012Publication date: October 10, 2013Applicant: DROPBOX, INC.Inventor: Dan Lowe Wheeler
-
Publication number: 20130269008Abstract: Systems and methods for providing secured network access are provided. A user device located within range of a branded hotspot initiates a request for the secured network access. The request concerns secured network access at the hotspot by the user device and includes a unique pre-shared key. A query regarding the unique pre-shared key is sent to a database, which retrieves information regarding a corresponding pre-shared key. That information is sent to the hotspot controller, which allows the user device secured network access as governed by one or more parameters associated with the pre-shared key.Type: ApplicationFiled: April 4, 2012Publication date: October 10, 2013Inventors: Ming-Jye Sheu, Prashant Ranade
-
Publication number: 20130269011Abstract: According to one embodiment of the invention, a method for controlling access to a network comprises a first operation of determining a type of electronic device to join the network. Then, unique device credentials are sent to the electronic device. These unique device credentials are used in authenticating the electronic device, and the format of the unique device credentials is based on the type of electronic device determined.Type: ApplicationFiled: February 7, 2013Publication date: October 10, 2013Inventor: David Wilson
-
Publication number: 20130269012Abstract: A secure processor such as a TPM generates one-time-passwords used to authenticate a communication device to a service provider. In some embodiments the TPM maintains one-time-password data and performs the one-time-password algorithm within a secure boundary associated with the TPM.Type: ApplicationFiled: May 17, 2013Publication date: October 10, 2013Inventors: Mark Buer, Douglas Allen
-
Publication number: 20130269009Abstract: A method and system for securing a user transaction involving a subscriber unit (“SU”) (having a processor, memory, and a display configured to accept user input), a credential information manager (“CIM”) (having a processor and memory), and a transaction service provider (“TSP”) (having a processor and memory). A cyber identifier (“CyberID”), a subscriber identifier (“SubscriberID”), and subscriber information, each associated with the user, is stored in the CIM. A transaction request is sent from the SU to the TSP, which creates a transaction identifier (“TID”), stores it in the TSP memory and transmits it to the SU. The SU transmits an authentication request, the TID, and SubscriberID to the CIM, which authenticates the SubscriberID and verifies the TID to the TSP. The TSP verifies the TID and reports it to the CIM, which transmits the CyberID and subscriber information to the TSP, and transmits a transaction authorization to the SU.Type: ApplicationFiled: April 9, 2012Publication date: October 10, 2013Applicant: MEDIUM ACCESS SYSTEMS PRIVATE LIMITEDInventors: Yang Lit Fang, Ryan Nacion Trinidad
-
Patent number: 8553245Abstract: An image forming apparatus connected via a network with an authentication server for user authentication based on biometric information about a user. The image forming apparatus is also connected with a managing server for managing an operation of the image forming apparatus. The image forming apparatus includes a transmission unit transmitting the biometric information about the user to the authentication server, a reception unit receiving use limit information corresponding to the biometric information about the user from the managing server, and a control unit controlling the operation of the image forming apparatus based on the use limit information.Type: GrantFiled: June 16, 2009Date of Patent: October 8, 2013Assignee: Ricoh Company, Ltd.Inventors: Atsushi Sakagami, Naoto Sakurai, Koji Sasaki, Tomoko Saeki, Tsuyoshi Hoshino
-
Patent number: 8555365Abstract: Enabling web filtering by authenticated group membership, role, or user identity is provided by embedding a uniform resource identifier into an electronic document requested by a client. A client browser will provide directory credentials to a trusted web filter apparatus enabling a policy controlled access to resources external to the trusted network. An apparatus comprises circuits for transmitting a uniform resource identifier to a client, receiving a request comprising authentication credentials, querying a policy database and determining a customized policy for access to an externally sourced electronic document or application. A computer-implemented technique to simplify web filter administrator tasks by removing a need to set each browsers settings or install additional software on each user terminal.Type: GrantFiled: May 21, 2010Date of Patent: October 8, 2013Assignee: Barracuda Networks, Inc.Inventor: Fleming Shi
-
Patent number: 8555362Abstract: Two factor LDAP authentication systems and methods are presented. In one embodiment, implementation of a method for authenticating a user through a two factor process includes: at an LDAP proxy server, receiving a BIND request from a client, wherein the BIND request is for authenticating a user associated with a username to an LDAP server, and wherein the BIND request comprises a password comprising a first factor security code and a second factor security code; stripping the second factor security code from the password; reconfiguring the BIND request with the password that is stripped of the second factor security code; forwarding the reconfigured BIND request to the LDAP server for authentication of the username using the first factor security code; performing authentication of the second factor security code; and positively authenticating the username to the LDAP server when the first factor security code and the second factor security code are authenticated in connection with the username.Type: GrantFiled: July 20, 2011Date of Patent: October 8, 2013Assignee: Symantec CorporationInventor: Srinath Venkataramani