Management Patents (Class 726/6)
  • Patent number: 8584215
    Abstract: A method is provided in one example implementation and includes identifying a plurality of exporters that are authorized to communicate data to a collector on behalf of a secure domain; generating secure credentials for the secure domain; communicating the secure credentials to the collector; and authenticating the exporters using the secure credentials. In more particular implementations, the method can include receiving the secure credentials; receiving certain data that includes identifying information, which further includes an Internet protocol (IP) address of a source associated with the certain data; accepting the certain data if the secure credentials validate the identifying information; and rejecting the certain data if the secure credentials do not validate the identifying information.
    Type: Grant
    Filed: February 7, 2012
    Date of Patent: November 12, 2013
    Assignee: Cisco Technology, Inc.
    Inventors: Maithili Narasimha, Suraj Nellikar, Srinivas Sardar
  • Patent number: 8584200
    Abstract: A method for revoking access to a mobile device includes providing a plurality of authenticated applications accessible by the mobile device, and providing a plurality of revocation timeout intervals for revoking access by the mobile device to the plurality of authenticated applications. Access to a first authenticated application is revoked after a first timeout interval and access to a second authenticated application is revoked after a second timeout interval.
    Type: Grant
    Filed: September 29, 2005
    Date of Patent: November 12, 2013
    Assignee: Broadcom Corporation
    Inventor: Edward H. Frank
  • Patent number: 8584214
    Abstract: A method, a network element, and a client device for creating a trusted connection with a network are disclosed. A client device 104 may attempt to access a sub-network 106. The client device 104 may determine that a certificate of the sub-network 106 is issued by a certification authority absent from a device certificate trust list. The client device 104 may receive via the sub-network 106 a certificate trust list update 400 from a certificate trust list provider 108.
    Type: Grant
    Filed: September 18, 2008
    Date of Patent: November 12, 2013
    Assignee: Motorola Mobility LLC
    Inventors: Steven D. Upp, Alexander Medvinsky, Madjid F. Nakhjiri
  • Patent number: 8584216
    Abstract: A computer-implemented method for efficiently deploying cryptographic key updates may include (1) receiving a request for subscribed cryptographic key material from a client device that includes information that identifies both the client device and cryptographic key material currently possessed by the client device, (2) automatically identifying the client device's subscribed cryptographic key material, (3) determining, by comparing the information received from the client device with the client device's subscribed cryptographic key material, that the cryptographic key material currently possessed by the client device does not match the client device's subscribed cryptographic key material, and (4) deploying at least one update to the client device that causes the client device to update the cryptographic key material currently possessed by the client device to match the client device's subscribed cryptographic key material. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 15, 2012
    Date of Patent: November 12, 2013
    Assignee: Symantec Corporation
    Inventor: Michael Allen
  • Patent number: 8582471
    Abstract: A method and apparatus for setting up a wireless ad-hoc network, the method including: interchanging, at a terminal, a terminal identifier and Wi-Fi protected setup (WPS) capability information with another terminal of the wireless ad-hoc network; selecting, at the terminal, a role of the terminal as a registrar or an enrollee based on the interchanged terminal identifier and the interchanged WPS capability information of the wireless ad-hoc network; and optionally registering in the registrar based on the selected role.
    Type: Grant
    Filed: March 11, 2009
    Date of Patent: November 12, 2013
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Suk-Jin Yun, Chang-Yeul Kwon, Seong-Wook Lee, Chil-Youl Yang, Kyung-Ik Cho
  • Patent number: 8584247
    Abstract: A computer-implemented method for evaluating compliance checks may include (1) maintaining a group of compliance standards for at least one computing network, with each compliance standard comprising at least one compliance check for evaluating at least one aspect of a network device, (2) calculating a reputation score for at least one compliance check within the group of compliance standards, (3) assigning the reputation score to the compliance check, and then (4) providing a recommendation for whether to implement the compliance check based at least in part on the reputation score assigned to the compliance check.
    Type: Grant
    Filed: June 9, 2010
    Date of Patent: November 12, 2013
    Assignee: Symantec Corporation
    Inventor: Dipak Patil
  • Patent number: 8584208
    Abstract: An apparatus for providing a framework for supporting a context resource description language may include at least one processor and at least one memory including computer program code. The at least one memory and the computer program code may be configured to, with the at least one processor, cause the apparatus to perform at least receiving an indication of content loaded at a browser, parsing the content for context resource description language providing an identification of properties requested in association with a service from which the content was loaded, and providing property management with respect to the identified properties for provision to the service. A corresponding method and computer program product are also provided.
    Type: Grant
    Filed: November 25, 2009
    Date of Patent: November 12, 2013
    Assignee: Nokia Corporation
    Inventor: Sailesh Kumar Sathish
  • Patent number: 8583911
    Abstract: In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user's private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data. When the content site receives a request for the private data from the user or optionally from other users (such as social networking friends), the server can send the encrypted user data to a client associated with the requesting user. This client, if operated by an authorized user, can decrypt the private data and present it to the authorized user.
    Type: Grant
    Filed: December 29, 2010
    Date of Patent: November 12, 2013
    Assignee: Amazon Technologies, Inc.
    Inventor: Kevin Miller
  • Publication number: 20130298208
    Abstract: A method and apparatus for mobile security using a short wireless device. The method and device increases mobile device security and data security and reduces false alerts.
    Type: Application
    Filed: May 6, 2012
    Publication date: November 7, 2013
    Inventor: Mourad Ben Ayed
  • Publication number: 20130298209
    Abstract: Systems, methods, and apparatus embodiments are described herein for enabling one-round trip (ORT) seamless user/device authentication for secure network access. For example, pre-established security associations and/or credentials may be leveraged between a user/device and a network entity (e.g., application server) on a network to perform an optimized fast authentication and/or to complete security layer authentication and secure tunnel setup in an on-demand and seamless fashion on the same or another network.
    Type: Application
    Filed: March 15, 2013
    Publication date: November 7, 2013
    Inventor: INTERDIGITAL PATENT HOLDINGS, INC.
  • Patent number: 8578458
    Abstract: In at least one implementation a method includes receiving an identifier associated with a device, entering the identifier into a network controller device, inviting the device associated with the identifier to join a network, admitting the device associated with the identifier to the network, sending the device associated with the identifier a name of the network, and confirming that the device has joined the network as a device recognized by the network controller device.
    Type: Grant
    Filed: March 3, 2011
    Date of Patent: November 5, 2013
    Assignee: Lantiq Deutschland GmbH
    Inventors: Vladimir Oksman, Pramod Pandey, Joon Bae Kim
  • Patent number: 8578153
    Abstract: A system, method, and owner node for securely changing a mobile device from an old owner to a new owner, or from an old operator network to a new operator network. The old owner initiates the change of owner or operator. The old owner or operator then commands the mobile device to change a currently active first key to a second key. The second key is then transferred to the new owner or operator. The new owner or operator then commands the mobile device to change the second key to a third key for use between the mobile device and the new owner or operator. Upon completion of the change, the new owner or operator does not know the first key in use before the change, and the old owner does not know the third key in use after the change.
    Type: Grant
    Filed: October 27, 2009
    Date of Patent: November 5, 2013
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Mattias Johansson, Hakan Englund
  • Patent number: 8578453
    Abstract: The invention describes a system, method and computer product to regulate user access to websites. The system receives a URL request by a user corresponding to a website that the user wishes to access. Thereafter, the system determines the associated group of the user and the associated category of the website. Subsequently, a message to be displayed to the user is determined based on the associated group of the user and the associated category of the website. The message is included in a block page and then displayed to the user.
    Type: Grant
    Filed: June 23, 2010
    Date of Patent: November 5, 2013
    Assignee: Netsweeper Inc.
    Inventor: Perry J. Roach
  • Patent number: 8578454
    Abstract: Systems and methods for authenticating defined user actions over a computer network. An authentication service receives an authentication request from an authenticating service to perform an action on behalf of a user. The authentication service then sends a permission request to a mobile device associated with the user, asking the user whether or not the action should be allowed. The user sends a permission response via the mobile device to the authentication service, granting or denying the action. The user may automate future similar responses so long as at least one automation criterion is met (e.g., the physical location of the mobile device), eliminating the need to manually provide a response to future permission requests. Information necessary to determine whether the automation criterion is met is stored locally on the mobile device.
    Type: Grant
    Filed: October 25, 2012
    Date of Patent: November 5, 2013
    Assignee: Toopher, Inc.
    Inventor: Evan Tyler Grim
  • Patent number: 8578460
    Abstract: Technologies are generally described for automatically reconnecting a security principal to cloud services through correlation of security principal identifier attributes. A new security principal for a user may be detected and automatically reconnected to the user's cloud based services. An administrator for the security domains may specify a value of a unique security principal metadata attribute for the original security principal in a customizable security principal metadata attribute in the new security principal in the same or new security domain. A secondary verification metadata attribute may optionally be specified to ensure the correct security principal is reconnected to the user's cloud based resources. The correlation between the original security principal for the user and the new security principal may be used to reconnect the user's cloud resources.
    Type: Grant
    Filed: August 8, 2011
    Date of Patent: November 5, 2013
    Assignee: Microsoft Corporation
    Inventors: John B. Cucco, Veniamin Rybalka, Ulric Dihle, Larry Draper, Kanika Agrawal, Tony Chan, Guruprakash Rao, Ashwin Chandra
  • Patent number: 8578451
    Abstract: A method and system for processing a data request from a watcher for a target at a server, the method receiving a request for information; searching through a policy for rules to be applied based on the watcher; applying any rules found by the searching, the rule causing a transformation of the information into at least one aspect interpretable by the watcher, the applying utilizing a presence information data format transformation; and returning the at least one aspect incorporated in a presence information data format.
    Type: Grant
    Filed: December 11, 2009
    Date of Patent: November 5, 2013
    Assignee: BlackBerry Limited
    Inventors: Brian Edward Anthony McColgan, Gaelle Christine Martin-Cocher
  • Patent number: 8578452
    Abstract: The invention proposes a method for securely creating a new user identity within an existing cloud account in a cloud computing system, said cloud computing system providing cloud services and resources, said cloud account comprising cloud user identities, said method comprising enabling a first user to access the cloud services and resources using a first security device, wherein it comprises authenticating to the first security device, creating a new user identity within the cloud account for a second user using the first security device.
    Type: Grant
    Filed: April 27, 2011
    Date of Patent: November 5, 2013
    Assignee: Gemalto SA
    Inventor: HongQian Karen Lu
  • Patent number: 8578459
    Abstract: Methods and apparatus to control network access from a user device, are disclosed. An example method includes receiving a request from a user device for access to a network, receiving a first password from the user device, determining that the first password is invalid, and sending a second password and a command to the user device to cause the user device to execute an application to store the second password on a network access device associated with the user device.
    Type: Grant
    Filed: January 31, 2007
    Date of Patent: November 5, 2013
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Anthony Wood, Chad Carloss, James Bert Grantges
  • Publication number: 20130291077
    Abstract: An image processing device controls a local resource, retrieves data files from a network, generates partial images from data included in the data files, and displays an image by combining the plurality of partial images. The partial images include first partial images that require access to the local resource and second partial images that do not require such access. Access to the local resource takes place by request and is controlled so that generation of the first partial images requires authentication of the retrieved data files. While authentication is in progress, the image processing device disallows access to the local resource and displays an image by combining the second partial images with a notification image indicating that authentication is being performed.
    Type: Application
    Filed: March 18, 2013
    Publication date: October 31, 2013
    Applicant: Mitsubishi Electric Corporation
    Inventor: Toshimitsu SATO
  • Publication number: 20130291076
    Abstract: A subscription proxy receives, from an end user system, a request for a resource provided by a content delivery network, the request comprising a local credential associated with the end user system. The subscription proxy identifies a remote credential associated with the content delivery network and corresponding to the local credential. The subscription proxy replaces the local credential in the request with the corresponding remote credential and sends the request for the resource with the remote credential to the content delivery network.
    Type: Application
    Filed: April 26, 2012
    Publication date: October 31, 2013
    Applicant: Red Hat, Inc.
    Inventors: Christopher Duryee, James Bowes, Bryan Kearney
  • Publication number: 20130291078
    Abstract: An authentication credentials push service (ACPS) that securely pushes non-privileged authentication credentials to registered client entities. The ACPS comprises a classification server and a push server to provide access to non-privileged authentication credentials absent a pull transaction. The classification server in the ACPS classifies authentication credentials as either privileged (i.e. private, forgeable) or non-privileged (i.e. non-forgeable, non-sensitive). Credentials identified as being of a privileged nature are treated with restricted access. Alternatively, credentials classified as being of a non-privileged nature are made available for the push service. Authentication servers register with the ACPS to become consumers of the push service. A push server within the ACPS pushes non-privileged authentication credentials to registered authentication servers at predetermined intervals. Individual authentication credentials push services (ACPS) have access to different authentication credentials.
    Type: Application
    Filed: April 10, 2013
    Publication date: October 31, 2013
    Inventors: Keith A. McFarland, Kambiz Ghozati, John Stevens, Wiliam P. Wells
  • Patent number: 8572395
    Abstract: An information processing apparatus is configured to authenticate a user. In one embodiment, the information processing apparatus includes a storage unit that stores user identification information in association with user authentication information. Identification information for identifying a user is inputted into the apparatus. If the inputted identification information matches the stored user identification information, the apparatus selects the user authentication information associated with the user identification information that matches the inputted identification information, and sends the selected user authentication information to an authentication server, so that authentication is executed. If the inputted identification information does not match the stored user identification information, the apparatus requires that authentication information be provided by the user.
    Type: Grant
    Filed: November 1, 2006
    Date of Patent: October 29, 2013
    Assignee: Canon Kabushiki Kaisha
    Inventor: Daisuke Ito
  • Patent number: 8572703
    Abstract: A system and method for authenticating a user of an image processing system. User credentials are received at an authentication device corresponding to an image processing device, and transmitted to a first server remote from the authentication device. The validity of the user credentials are judged by comparing the received user credentials to authentication information stored at the first server, and a result of the judging is transmitted to the image processing device. The image processing device then requests access to a second server remote from the image processing device, and the second server transmits a request for the user credentials to the first server. After receiving the user credentials from the first server, the second server performs user authentication.
    Type: Grant
    Filed: March 29, 2007
    Date of Patent: October 29, 2013
    Assignee: Ricoh Americas Corporation
    Inventors: Hiroshi Kitada, Lana Wong, Helen Wang, Weiyun Tang, Andrew Jennings, Revathi Vellanki
  • Patent number: 8572708
    Abstract: A method that provides efficient integration of infrastructure for federated single sign on (e.g. Liberty ID-FP framework) and generic bootstrapping architecture (e.g. 3GPP GAA/GBA architecture) uses an integrated proxy server (IAP). The IAP is inserted in the path between a user and a service provider (SP). The IAP differentiates type of access and determines corresponding operative state to act as a liberty enabled server or as a GAA/GBA network application function. A Bootstrapping, Identity, Authentication and Session Management arrangement (BIAS) leverages on 3GPP GAA/GBA infrastructure to provide an integrated system for handling Liberty Federated SSO and 3GPP GAA/GBA bootstrapping procedures at the same time. This method and arrangement provides improved use of infrastructure elements and performance for authenticated service access.
    Type: Grant
    Filed: December 28, 2006
    Date of Patent: October 29, 2013
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Luis Barriga, David Castellanos Zamora
  • Patent number: 8570861
    Abstract: When one actor or network within a broader system of networks is announcing numerous routes or otherwise performing “poorly,” the neighboring networks can suffer because of the strain that the poorly performing network puts on resources. Typically, in order to counteract the effects of a poorly performing neighboring network, a router may simply stop accepting changes or stop accepting packets from the poorly performing neighbor. Some network participants may only temporarily be acting poorly and straining its neighbors' resources, however. Therefore, in some of the embodiments, a reputation score or level for a network participant may be determined based on its actions over time. This reputation may be used to determine whether, when, and how to act on the network request from the participant.
    Type: Grant
    Filed: June 29, 2010
    Date of Patent: October 29, 2013
    Assignee: Amazon Technologies, Inc.
    Inventors: Eric Jason Brandwine, Swaminathan Sivasubramanian, Bradley E. Marshall, Tate Andrew Certain
  • Patent number: 8572701
    Abstract: A first server device is configured to receive an authentication request from a second server device; add the authentication request to a queue associated with a user; and provide a representation of the queue to a mobile device of the user. The representation of the queue includes an entry for the authentication request. The first server device is further configured to receive, from the mobile device, authentication information, provided by the user, for the authentication request; determine that authentication, of the user, for the authentication request is successful based on the authentication information; generate an authentication response that indicates that the authentication, of the user, for the authentication request is successful; and transmit, by the first server device, the authentication response to the second server device.
    Type: Grant
    Filed: August 22, 2011
    Date of Patent: October 29, 2013
    Assignee: Verizon Patent and Licensing Inc.
    Inventor: George Steven Rathbun
  • Patent number: 8572702
    Abstract: An exemplary password recovery method is applied on a server. The server is connected to one user terminal. The server stores email addresses and email boxes associated with the corresponding email address. Each email box includes emails sent to each corresponding email address. Each email may be a registration email that includes a website and a username. The method receives a password recovery request for a submitted email address of a user, and determines whether there is a registration email in the email box. If yes, the method obtains the website and the username. The method then controls the user terminal to display the prompt information corresponding to the obtained website. Further, the method receives the input username, and determines whether the input username matches the obtained username. If yes, the method generates a new email password, and controls the user terminal to display the new email password.
    Type: Grant
    Filed: March 20, 2012
    Date of Patent: October 29, 2013
    Assignees: Fu Tai Industry (Shenzhen) Co., Ltd., Hon Hai Precision Industry Co., Ltd.
    Inventor: Qiang You
  • Patent number: 8572680
    Abstract: Systems and methods for creating a list of trustworthy resolvers in a domain name system. A computer receives a resolver profile for a resolver sending queries to a domain name server. The resolver profile is based on any, or a combination, of a top-talker status of the resolver, a normalcy of distribution of domain names queried, a continuity of distribution of query type, and a RD bit status, and information related to query traffic based on the topology of the domain name server. Resolver profiles can be compared to a trust policy to determine whether the resolver is trustworthy. Resolvers deemed trustworthy can be added to a list of trustworthy resolvers. Embodiments can detect the occurrence of a network-based attack. Embodiments can mitigate the effect of a network-based attack by responding only to queries from resolvers on the list of trustworthy resolvers.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: October 29, 2013
    Assignee: Verisign, Inc.
    Inventors: Eric Osterweil, Danny McPherson
  • Publication number: 20130283360
    Abstract: In one embodiment, each security protocol supplicant in a computer network determines its group temporal key (GTK) state, and exchanges the GTK state with one or more neighbor supplicants in the computer network. Based on the exchange, a supplicant may determine whether any inconsistencies exist in its GTK state, and in response to any inconsistencies in the GTK state, may perform a GTK state synchronization with a security protocol authenticator by indicating to the authenticator what is needed to resolve the inconsistent GTK state at the particular supplicant. In another embodiment, the authenticator, which is configured to not store per-supplicant GTK state, may transmit beacons containing GTK identifiers (IDs) of GTKs currently enabled on the authenticator, and also responds to supplicants having inconsistent GTK states with one or more needed GTKs as indicated by the supplicants.
    Type: Application
    Filed: April 20, 2012
    Publication date: October 24, 2013
    Applicant: Cisco Technology, Inc.
    Inventors: Jonathan W. Hui, Anjum Ahuja, Krishna Kondaka, Wei Hong
  • Patent number: 8566605
    Abstract: A method, system and computer readable media for dynamically updating current communication information, for enabling access to current communication based upon biometric information and/or for allowing communication information to be associated with biometric information and then allowing this communication information to be provided to desired recipients.
    Type: Grant
    Filed: March 12, 2012
    Date of Patent: October 22, 2013
    Assignee: International Business Machines Corporation
    Inventors: Sarbajit Kumar Rakshit, Shawn K. Sremaniak, Thomas S. Mazzeo, Barry Allan Kritt
  • Patent number: 8566916
    Abstract: A method, system, and apparatus for agile generation of one time passcodes (OTPs) in a security environment, the security environment having a token generator comprising a token generator algorithm and a validator, the method comprising generating a OTP at the token generator according to a variance technique; wherein the variance technique is selected from a set of variance techniques, receiving the OTP at a validator, determining, at the validator, the variance technique used by the token generator to generate the OTP, and determining whether to validate the OTP based on the OTP and variance technique.
    Type: Grant
    Filed: October 30, 2012
    Date of Patent: October 22, 2013
    Assignee: EMC Corporation
    Inventors: Daniel Bailey Vernon, John G Brainard, William M Duane, Michael J O'Malley, Robert S Philpott
  • Patent number: 8566915
    Abstract: Techniques for mixed-mode authentication are described. In one or more embodiments, an authentication service may be implemented to selectively configure and issue authentication tokens based upon an optional secure mode that enables enhanced security. Clients may be provided with an option to choose between an insecure mode and a secure mode for authentications. Based on this choice, tokens may be configured to include an indication of whether the secure mode is disabled or enabled. When secure mode is disabled, an insecure token valid for both secure sites and other sites is issued to a client when the client is authenticated. When the optional secure mode is enabled, both secure and insecure tokens are provided to the client. The authentication services and/or other services may be configured to reject an insecure token when secure mode is enabled to prevent unauthorized use of a stolen token to access secure resources.
    Type: Grant
    Filed: October 22, 2010
    Date of Patent: October 22, 2013
    Assignee: Microsoft Corporation
    Inventors: Walter C. Hsueh, Yordan I. Rouskov, Spencer Wong Low, Daniel W. Crevier
  • Patent number: 8566945
    Abstract: A recursive web crawling and analysis tool that includes conducting an initial crawl of a target to identify testable or analyzable objects. The objects are then parsed to identify vulnerabilities, as well as additional objects that can be analyzed. An attack is then launched against the analyzable objects in an effort to break or verify the vulnerabilities. During this attack, additional analyzable objects may be discovered. If such additional objects are discovered, the web crawler is invoked on the additional objects as well, and the results of the crawl are fed back into the parser and attacker functions.
    Type: Grant
    Filed: February 11, 2005
    Date of Patent: October 22, 2013
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventor: Caleb Sima
  • Publication number: 20130276077
    Abstract: A computerized method for resetting a password of a user, the user uses an electronic device to access to an information system provided by a server according to a user ID of the user and the password. An index code and device information of the electronic device are stored in the server corresponding to the user ID. When the password is to be reset, the user ID and the index code are inputted by the user and the device information of the electronic device is acquired. A verification string is generated using the index code and the user ID inputted by the user and the acquired device information, and is sent to the server for verification, thereby requesting to reset the password.
    Type: Application
    Filed: April 9, 2013
    Publication date: October 17, 2013
    Applicants: HON HAI PRECISION INDUSTRY CO., LTD., FU TAI HUA INDUSTRY (SHENZHEN) CO., LTD.
    Inventors: YU-KAI XIONG, XIN-HUA LI
  • Publication number: 20130275748
    Abstract: Secure password-based authentication for cloud service computing. A request for cloud computing resource access includes a derivative password that contains a parameter that the recipient may extract in order to independently calculate the derivative password based on the parameter and a stored password which may then be verified against a known-to-be-correct password. Other systems and methods are disclosed.
    Type: Application
    Filed: April 17, 2012
    Publication date: October 17, 2013
    Applicant: GEMALTO SA
    Inventor: HongQian Karen LU
  • Patent number: 8561156
    Abstract: A server apparatus capable of preventing unauthorized use of services by a third party through an electronic appliance that stores information used for user authentication by the server apparatus. The server apparatus receives, from an information processing apparatus, pieces of user identification information, pieces of appliance identification information, and pieces of use permission/prohibition information representing on a per service type basis whether uses of services are permitted or prohibited, and stores them so as to be associated with one another. When determining based on use permission/prohibition information, which is associated with a combination of user identification information and appliance identification information that are accepted from an electronic appliance, that use of a service represented by service type information accepted from the electronic appliance is permitted, the server apparatus transmits screen information for use of the service to the electronic appliance.
    Type: Grant
    Filed: May 26, 2011
    Date of Patent: October 15, 2013
    Assignee: Canon Kabushiki Kaisha
    Inventors: Araki Matsuda, Yosato Hitaka
  • Patent number: 8561147
    Abstract: The present invention is to ensure security of a local network, e.g., a home network from remote access while allowing remote access. In a method of the present invention, if a device on the local network is to be accessed remotely, user identifying information (and/or device identifying information) and connection information of a target device, that are accompanied by the access, are compared with information of registered allowance entries and whether to allow the access is determined based on the comparison result. According to the method, remote access to a device invoked by a user (and/or a remote device) whose remote access is not set to allowance is blocked while remote access invoked by a user (and/or a remote device) whose remote access is set to allowance is admitted.
    Type: Grant
    Filed: April 19, 2006
    Date of Patent: October 15, 2013
    Assignee: LG Electronics Inc.
    Inventors: Kyung Ju Lee, Yu Kyoung Song
  • Patent number: 8561138
    Abstract: In some embodiments, the invention involves protecting a platform using locality-based data and, more specifically, to using the locality-based data to ensure that the platform has not been stolen or subject to unauthorized access. In some embodiments, a second level of security, such as a key fob, badge or other source device having an identifying RFID is used for added security. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 31, 2008
    Date of Patent: October 15, 2013
    Assignee: Intel Corporation
    Inventors: Michael M. Rothman, Vincent Zimmer
  • Patent number: 8561158
    Abstract: A system and method for searching and retrieving certificates, which may be used in the processing of encoded messages. In one broad aspect, certificate identification data that uniquely identifies a certificate associated with a message is generated. The certificate identification data can then be used to determine whether the certificate is stored on a computing device. Only the certificate identification data is needed to facilitate the determination alleviating the need for a user to download the entire message to the computing device in order to make the determination.
    Type: Grant
    Filed: September 13, 2012
    Date of Patent: October 15, 2013
    Assignee: Blackberry Limited
    Inventors: Neil Patrick Adams, Michael Stephen Brown, Herbert Anthony Little
  • Patent number: 8561157
    Abstract: A method, system, and computer-readable storage medium are provided. Embodiments of the invention include receiving notification of a log-in event associated with a first login session wherein a user is authorized to access a resource of a computing system based on a credential. During the first login session and in response to determining the credential is valid, a second login session is established by granting the user access to a resource of an application associated with the computing system. During the first login session and in response to receiving information indicating an event has occurred, the second login session is terminated such that the user does not have access to the resource of the application. And during the first login session and in response to determining again that the credential is valid, a third login session is established by granting the user access to a resource of the application.
    Type: Grant
    Filed: September 23, 2011
    Date of Patent: October 15, 2013
    Assignee: Canon U.S.A., Inc.
    Inventor: Jiuyuan Ge
  • Patent number: 8560859
    Abstract: A storage controller and program product is provided for performing double authentication for controlling disruptive operations on storage resources generated by a system administrator. A first request is received from a first user for generation of a first key. A first key is generated, provided to the first user and associated with the storage resource. An input is received from the administrator, the input comprises a second key and a command for performing the disruptive operation. The second key and the first key are compared. It is verified that the administrator is authorized as an administrator of the storage resource. The disruptive operation is performed on the storage resource if the second key and the first key match and the administrator is authorized. Otherwise, the performance of the disruptive operation is denied.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: October 15, 2013
    Assignee: International Business Machines Corporation
    Inventors: Vincent Boucher, Sebastien Chabrolles, Benoit Granier, Arnaud Mante
  • Patent number: 8560839
    Abstract: A secure location system is described herein that leverages location-based services and hardware to make access decisions. Many mobile computers have location devices, such as GPS. They also have a trusted platform module (TPM) or other security device. Currently GPS location data is made directly accessible to untrusted application code using a simple protocol. The secure location system provides a secure mechanism whereby the GPS location of a computer at a specific time can be certified by the operating system kernel and TPM. The secure location system logs user activity with a label indicating the geographic location of the computing device at the time of the activity. The secure location system can provide a difficult to forge, time-stamped location through a combination of kernel-mode GPS access and TPM security hardware. Thus, the secure location system incorporates secure location information into authorization and other operating system decisions.
    Type: Grant
    Filed: December 20, 2010
    Date of Patent: October 15, 2013
    Assignee: Microsoft Corporation
    Inventors: Paul Barham, Joseph N. Figueroa
  • Publication number: 20130269010
    Abstract: A password evaluation system is provided for determining the password strength of a password. A password is provided for evaluation. The password is parsed and substrings are identified from the password. Each substring is associated with a pattern that can generate the substring. The substrings are scored to determine a substring strength measure for the substring. The substrings are combined to identify non-overlapping substring combinations, which together make up the password. The combinations are assigned a combination strength score based in part on the substring strength of the substrings contained in the substring combinations. The substring combination with the lowest combination strength measure is identified and the associated combination strength measure is used as the password strength measure for the password.
    Type: Application
    Filed: December 19, 2012
    Publication date: October 10, 2013
    Applicant: DROPBOX, INC.
    Inventor: Dan Lowe Wheeler
  • Publication number: 20130269008
    Abstract: Systems and methods for providing secured network access are provided. A user device located within range of a branded hotspot initiates a request for the secured network access. The request concerns secured network access at the hotspot by the user device and includes a unique pre-shared key. A query regarding the unique pre-shared key is sent to a database, which retrieves information regarding a corresponding pre-shared key. That information is sent to the hotspot controller, which allows the user device secured network access as governed by one or more parameters associated with the pre-shared key.
    Type: Application
    Filed: April 4, 2012
    Publication date: October 10, 2013
    Inventors: Ming-Jye Sheu, Prashant Ranade
  • Publication number: 20130269011
    Abstract: According to one embodiment of the invention, a method for controlling access to a network comprises a first operation of determining a type of electronic device to join the network. Then, unique device credentials are sent to the electronic device. These unique device credentials are used in authenticating the electronic device, and the format of the unique device credentials is based on the type of electronic device determined.
    Type: Application
    Filed: February 7, 2013
    Publication date: October 10, 2013
    Inventor: David Wilson
  • Publication number: 20130269012
    Abstract: A secure processor such as a TPM generates one-time-passwords used to authenticate a communication device to a service provider. In some embodiments the TPM maintains one-time-password data and performs the one-time-password algorithm within a secure boundary associated with the TPM.
    Type: Application
    Filed: May 17, 2013
    Publication date: October 10, 2013
    Inventors: Mark Buer, Douglas Allen
  • Publication number: 20130269009
    Abstract: A method and system for securing a user transaction involving a subscriber unit (“SU”) (having a processor, memory, and a display configured to accept user input), a credential information manager (“CIM”) (having a processor and memory), and a transaction service provider (“TSP”) (having a processor and memory). A cyber identifier (“CyberID”), a subscriber identifier (“SubscriberID”), and subscriber information, each associated with the user, is stored in the CIM. A transaction request is sent from the SU to the TSP, which creates a transaction identifier (“TID”), stores it in the TSP memory and transmits it to the SU. The SU transmits an authentication request, the TID, and SubscriberID to the CIM, which authenticates the SubscriberID and verifies the TID to the TSP. The TSP verifies the TID and reports it to the CIM, which transmits the CyberID and subscriber information to the TSP, and transmits a transaction authorization to the SU.
    Type: Application
    Filed: April 9, 2012
    Publication date: October 10, 2013
    Applicant: MEDIUM ACCESS SYSTEMS PRIVATE LIMITED
    Inventors: Yang Lit Fang, Ryan Nacion Trinidad
  • Patent number: 8553245
    Abstract: An image forming apparatus connected via a network with an authentication server for user authentication based on biometric information about a user. The image forming apparatus is also connected with a managing server for managing an operation of the image forming apparatus. The image forming apparatus includes a transmission unit transmitting the biometric information about the user to the authentication server, a reception unit receiving use limit information corresponding to the biometric information about the user from the managing server, and a control unit controlling the operation of the image forming apparatus based on the use limit information.
    Type: Grant
    Filed: June 16, 2009
    Date of Patent: October 8, 2013
    Assignee: Ricoh Company, Ltd.
    Inventors: Atsushi Sakagami, Naoto Sakurai, Koji Sasaki, Tomoko Saeki, Tsuyoshi Hoshino
  • Patent number: 8555365
    Abstract: Enabling web filtering by authenticated group membership, role, or user identity is provided by embedding a uniform resource identifier into an electronic document requested by a client. A client browser will provide directory credentials to a trusted web filter apparatus enabling a policy controlled access to resources external to the trusted network. An apparatus comprises circuits for transmitting a uniform resource identifier to a client, receiving a request comprising authentication credentials, querying a policy database and determining a customized policy for access to an externally sourced electronic document or application. A computer-implemented technique to simplify web filter administrator tasks by removing a need to set each browsers settings or install additional software on each user terminal.
    Type: Grant
    Filed: May 21, 2010
    Date of Patent: October 8, 2013
    Assignee: Barracuda Networks, Inc.
    Inventor: Fleming Shi
  • Patent number: 8555362
    Abstract: Two factor LDAP authentication systems and methods are presented. In one embodiment, implementation of a method for authenticating a user through a two factor process includes: at an LDAP proxy server, receiving a BIND request from a client, wherein the BIND request is for authenticating a user associated with a username to an LDAP server, and wherein the BIND request comprises a password comprising a first factor security code and a second factor security code; stripping the second factor security code from the password; reconfiguring the BIND request with the password that is stripped of the second factor security code; forwarding the reconfigured BIND request to the LDAP server for authentication of the username using the first factor security code; performing authentication of the second factor security code; and positively authenticating the username to the LDAP server when the first factor security code and the second factor security code are authenticated in connection with the username.
    Type: Grant
    Filed: July 20, 2011
    Date of Patent: October 8, 2013
    Assignee: Symantec Corporation
    Inventor: Srinath Venkataramani