Management Patents (Class 726/6)
-
Patent number: 8533789Abstract: Authenticating a user is disclosed. An indication that a portal user wants to access a docbase is received. A non-user-specific credential is used to log in to the docbase on behalf of the portal user. Optionally, the docbase is configured to limit the portal user's access to the docbase, during times when the non-user-specific credential has been used to log in to the docbase on behalf of the portal user, to an extent of access that is associated with a user-specific data associated with the portal user.Type: GrantFiled: December 12, 2006Date of Patent: September 10, 2013Assignee: EMC CorporationInventors: Srikanthan Raghunathan, Arati Pradhan, John Thomas, Kranthi K. Pachipala, Michael H. Walther, Sachin B. Chaudhari
-
Patent number: 8533801Abstract: A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.Type: GrantFiled: June 14, 2011Date of Patent: September 10, 2013Assignee: Microsoft CorporationInventors: Todd Carpenter, Shon Schmidt, David J. Sebesta, William J. Westerinen
-
Patent number: 8533777Abstract: According to one embodiment, computer system is disclosed. The computer system includes a central processing unit (CPU) to simultaneously operate a trusted environment and an untrusted environment and a chipset coupled to the CPU. The chipset includes an interface to couple to a management agent, and protected registers having a bit to indicate if the management agent is provided access to resources within the trusted environment.Type: GrantFiled: December 29, 2004Date of Patent: September 10, 2013Assignee: Intel CorporationInventor: Andrew J. Fish
-
Patent number: 8533272Abstract: The invention includes a method and apparatus for notification and delivery of messages to mobile users using a secure client associated with a user device. The secure client includes a power module, a communication module, a storage module, and an alert module. The power module powers the client device independent of a power state of the user device. The communication module receives a wake-up message and responsively triggers the secure client to switch from an inactive state to an active state without changing the power state of the user device, initiates a secure connection with a secure gateway in response to the wake-up message, and requests and receives a user message from a messaging application using the secure connection. The storage module stores the received message independent of the power state of the user device. The alert module activates an alert to indicate that the message is available.Type: GrantFiled: January 30, 2007Date of Patent: September 10, 2013Assignee: Alcatel LucentInventors: Mansoor Ali Khan Alicherry, Mary S. Chan, Sanjay D. Kamat, Pramod V. N. Koppol, Sunder Rathnavelu Raj, Dimitrios Stiliadis
-
Patent number: 8533807Abstract: A method for accessing content stored on a memory device is provided. In this method, a request to access the content is transmitted and a session ticket is received. The session ticket includes a parameter used to decrypt the content and the session ticket is generated based on a variable that is configured to change at a session. The content may be accessed based on the session ticket.Type: GrantFiled: November 18, 2011Date of Patent: September 10, 2013Assignee: SanDisk Technologies Inc.Inventors: Fabrice Jogand-Coulomb, Haluk Kent Tanik, Oktay Rasizade
-
Patent number: 8533819Abstract: A method and apparatus for detecting compromised host computers (e.g., Bots) are disclosed. For example, the method identifies a plurality of suspicious hosts. Once identified, the method analyzes network traffic of the plurality suspicious hosts to identify a plurality suspicious hub-servers. The method then classifies the plurality of candidate Bots into at least one group. The method then identifies members of each of the at least one group that are connected to a same controller from the plurality suspicious controllers, where the members are identified to be part of a Botnet.Type: GrantFiled: September 29, 2006Date of Patent: September 10, 2013Assignee: AT&T Intellectual Property II, L.P.Inventors: David A. Hoeflin, Anestis Karasaridis, Carl Brian Rexroad
-
Publication number: 20130232553Abstract: An exemplary system includes 1) a mobile computing device provided by a vertical solution provider for use by a customer of a industry service provider to access one or more services provided by the industry service provider and 2) a mobile media platform provider subsystem operated by the vertical solution provider and configured to communicate with the mobile computing device. The mobile media platform provider subsystem and the mobile computing device are configured to provide a mobile media platform managed by the vertical solution provider and configured to facilitate the use of the mobile computing device by the customer to access the one or more services provided by the industry service provider. Corresponding systems and methods are also disclosed.Type: ApplicationFiled: March 2, 2012Publication date: September 5, 2013Applicant: VERIZON PATENT AND LICENSING INC.Inventors: Peter W. Tomfohrde, John R. Williams
-
Patent number: 8527780Abstract: A removable drive such as a USB drive or key is provided for connecting to computer devices to provide secure and portable data storage. The drive includes a drive manager adapted to be run by an operating system of the computer device. The drive manager receives a password, generates a random key based on the password, encrypts a user-selected data file in memory of the computer device using the key, and stores the encrypted file in the memory of the removable drive. The drive manager performs the encryption of the data file without corresponding encryption applications being previously loaded on the computer system. The drive manager may include an Advanced Encryption Standard (AES) cryptography algorithm. The drive manager generates a user interface that allows a user to enter passwords, select files for encryption and decryption, and create folders for storing the encrypted files on the removable drive.Type: GrantFiled: May 2, 2011Date of Patent: September 3, 2013Assignee: Strong Bear LLCInventors: Rodney B. Roberts, Ronald B. Gardner
-
Patent number: 8528060Abstract: Efficient secure password protocols are constructed that remain secure against offline dictionary attacks even when a large, but bounded, part of the storage of a server responsible for password verification is retrieved by an adversary through a remote or local connection. A registration algorithm and a verification algorithm accomplish the goal of defeating a dictionary attack. A password protocol where a server, on input of a login and a password, carefully selects several locations from the password files, properly combines their content according to some special function, and stores the result of this function as a tag that can be associated with this password and used in a verification phase to verify access by users.Type: GrantFiled: December 22, 2006Date of Patent: September 3, 2013Assignee: Telcordia Technologies, Inc.Inventors: Giovanni Di Crescenzo, Richard J. Lipton, Sheldon Walfish
-
Patent number: 8528057Abstract: A method, and apparatus for executing the method, that includes creating a virtual account not limited to being associated with any one of a plurality of servers. The method further includes matching at least some authentication credentials of a first server of the plurality of servers with at least some authentication credentials of the virtual account.Type: GrantFiled: March 7, 2006Date of Patent: September 3, 2013Assignee: EMC CorporationInventor: Steven Harold Garrett
-
Patent number: 8528099Abstract: Systems, methods and apparatuses (i.e., utilities) for use in managing access to and use of artifacts (e.g., word or pdf documents, jpegs, and the like) and any copies thereof in an enterprise/cross-enterprise environment. The utility may include a content management system for storing the artifacts and managing use of the artifacts and an information rights management system for use in sealing the artifacts, validating users and granting licenses for use of the artifacts at the directive of the content management system.Type: GrantFiled: January 27, 2011Date of Patent: September 3, 2013Assignee: Oracle International CorporationInventor: Kiran Vedula Venkata Naga Ravi
-
Patent number: 8526028Abstract: A method, system, and computer usable program product for avoiding redundant printing are provided in the illustrative embodiments. An application executing in a data processing system receives a request to print a document. A determination is made whether a valid shared print of the document is available, the valid shared print being a hard-copy of the document that is currently within a validity period and is available for sharing among multiple entities. The shared valid print is requested from a current owner of the shared valid print. If the request is successful, possession of the shared valid print is changed in a prints repository from the current owner to a new owner and a new printing of the document according to the request to print the document is suspended.Type: GrantFiled: October 28, 2010Date of Patent: September 3, 2013Assignee: International Business Machines CorporationInventors: Remo Freddi, Antonio Mangiacotti
-
Patent number: 8528061Abstract: Provided are platforms, systems, and software for verifying a user-agent comprising: a software module configured to transmit a quiz to an unverified user-agent, the quiz comprising at least one user-agent verification question drawn from an inventory of user-agent verification questions; a software module configured to receive a response to the quiz, the response comprising a reported user-agent and a result for each question; and a software module configured to compare each result to a result expected from the reported user-agent to verify the reported user-agent. Also provided are methods of using the same.Type: GrantFiled: December 11, 2012Date of Patent: September 3, 2013Assignee: Quarri Technologies, Inc.Inventor: Jeffrey Anderson Davis
-
Patent number: 8528062Abstract: A system and method to prevent the installation by a hacker of malicious software onto networked electronic systems, computers, and the like, by removing the read, write and execute administrator permission files of a system's OS, and placing them in a in a separate, protected server in the cloud. The secure cloud server records the system's unique ID(s). After relocation of the authorized administrator's permissions files, a strong password is requested from the authorized administrator. Thereafter, the network path to the secure cloud server files is encrypted and recorded on the protected system. This path change replaces the former local path in the computer system to those files. The result of these changes to the OS on a protected system eliminates the hacker's access to the system from a network to illicitly become an administrator of the hacked system.Type: GrantFiled: February 12, 2013Date of Patent: September 3, 2013Assignee: Cloud Cover Safety, Inc.Inventor: Michael James Connor
-
Patent number: 8528041Abstract: A computer-implemented method, network management system, and network clients are provided for out-of-band network security management. The network management system includes routers, firewalls, and out-of-band interfaces. The out-of-band interface of the network management system transmits access control lists to network clients connected to a trusted network. The trusted network connects the routers, firewalls, and network clients. The firewalls receive access control lists from the network management system to police communications that traverse the trusted network and an untrusted network. The routers receive access control lists from the network management system to police communications that traverse the router within the trusted network. The access control lists for the routers and firewalls are transmitted over a network interface to the trusted network and are transmitted separately from the access control lists for the network clients.Type: GrantFiled: November 7, 2008Date of Patent: September 3, 2013Assignee: Sprint Communications Company L.P.Inventors: David Wayne Haney, Usman Muhammad Naim, Andrew Lee Davey
-
Patent number: 8528044Abstract: An information processing apparatus that can easily and safely transmit data. A registering unit registers first authentication information in association with user information indicating a first user. The first authentication information is necessary for the first user to log on to the information processing apparatus. A generating unit generates an address data that is used to transmit data from an external apparatus to the information processing apparatus and includes the user information and second authentication information. A transmitting unit transmits the address data to the external apparatus. An authenticating unit authenticates by utilizing the second authentication information included in the address data when the data is transmitted based on the address data from the external apparatus. A storing unit stores the received data in association with the first user when the authentication by the authenticating unit succeeds.Type: GrantFiled: May 15, 2009Date of Patent: September 3, 2013Assignee: Canon Kabushiki KaishaInventor: Toshiyuki Nakazawa
-
Patent number: 8528055Abstract: A first message comprising a received indication of a management key block (MKB) and a received indication of an authorization table (AT) is received at a first network device from a second network device. The received indications of the MKB and AT are validated by comparing them to generated indications of the MKB and AT, respectively. A response is generated based on the validation of the received indications and transmitted from the first network device to the second network device. The generated indications and response are stored. A second message comprising a second received indication of the MKB and a second received indication of the AT is received at the first network device from the second network device. The first network device communicates with the second network device in accordance with the stored response on determining that the second received indications match corresponding stored indications.Type: GrantFiled: November 19, 2010Date of Patent: September 3, 2013Assignee: International Business Machines CorporationInventors: Thomas A. Bellwood, Robert G. Deen, Jeffrey B. Lotspiech, Matthew F. Rutkowski
-
Patent number: 8528063Abstract: Methods, systems, and computer program products are provided for cross domain security information conversion. Embodiments include receiving from a system entity, in a security service, security information in a native format of a first security domain regarding a system entity having an identity in at least one security domain; translating the security information to a canonical format for security information; transforming the security information in the canonical format using a predefined mapping from the first security domain to a second security domain; translating the transformed security information in the canonical format to a native format of the second security domain; and returning to the system entity the security information in the native format of the second security domain.Type: GrantFiled: March 31, 2004Date of Patent: September 3, 2013Assignee: International Business Machines CorporationInventors: Matthew Paul Duggan, Dolapo Martin Falola, Patrick Ryan Wardrop
-
Publication number: 20130227661Abstract: The invention relates to a system and method for generating and authenticating one time dynamic password based on the context information related to a user. It involves retrieving user context information and generating a dynamic value based on that. The first one time dynamic password is generated at the user device using the first dynamic value and the user PIN. The first dynamic value along with the user identifier is sent to the authentication server. The authentication server sends the user identifier to the context management server. The context management server has access the context information used to generate the first dynamic value and based on that they generate a second dynamic value. The authentication server receives this value and generates the second one time dynamic password and if it matches with the first one time dynamic password then the authentication server authenticates the first one time dynamic password.Type: ApplicationFiled: June 25, 2012Publication date: August 29, 2013Applicant: INFOSYS LIMITEDInventors: Puneet Gupta, Venkat Kumar Sivaramamurthy, Harigopal Kanaka Bapiraja Ponnapalli, Akshay Darbari
-
Publication number: 20130227663Abstract: The method comprises: i) obtaining, an authentication registrar (S-CSCF) of a IMS control layer, two sets of IMS credentials for a user: a first set from a user equipment (UE) and a second set from a Home Server Subscriber, or HSS (100); and ii) said authentication registrar (S-CSCF) comparing said first and second sets of IMS credentials, and depending on the result of said comparison granting or denying the access of said user to IMS services. The method further comprises, before and in order to perform said steps i) and ii), obtaining, the user equipment (UE), the first set of IMS credentials from a network element (40) via a HTTP-based mechanism. The system is adapted for implementing the method, and the network element is also adapted for implementing the method and for being included in the system.Type: ApplicationFiled: June 8, 2011Publication date: August 29, 2013Applicant: TELEFONICA S.A.Inventor: Alejandro Cadenas Gonzalez
-
Publication number: 20130227662Abstract: A method of generating a token to be used in a Uniform Resource Identifier (URI) for use in the retrieval of a data item by a user device is provided. Security setting data relating to the data item is received. A token to be used in a URI is generated. The token is associated with the data item. The token is transmitted to a user device. Generating comprises selecting a length of the token at least partly on the basis of the security setting data.Type: ApplicationFiled: August 29, 2012Publication date: August 29, 2013Applicant: METASWITCH NETWORKS LTD.Inventor: Shaun Crampton
-
Patent number: 8522326Abstract: A system for authentication comprises a mobile unit and a smart card reader. The mobile unit includes a security application that prevents access to functionalities and data stored thereon and further includes an authentication application that securely stores an authentication token. The smart card reader communicatively connects to a smart card. The smart card includes authentication data. The authentication application transmits the authentication token to the smart card reader to verify the smart card. The authentication application shares the authentication token with the security application when the verification is successful. The authentication token indicates to the security application to grant access to the functionalities and the data.Type: GrantFiled: September 24, 2008Date of Patent: August 27, 2013Assignee: Motorola Mobility LLCInventors: Kashyap Merchant, Jack Cai, Sanjiv Maurya
-
Patent number: 8522318Abstract: The invention enables a client device that does not support IEEE 802.1X authentication to access at least some resources provided through a switch that supports 802.1X authentication by using dynamic authentication with different protocols. When the client device attempts to join a network, the switch monitors for an 802.1X authentication message from the client device. In one embodiment, if the client fails to send an 802.1X authentication message, respond to an 802.1X request from the switch, or a predefined failure condition is detected the client may be deemed incapable of supporting 802.1X authentication. In one embodiment, the client may be initially placed on a quarantine VLAN after determination that the client fails to perform an 802.1X authentication within a backoff time limit. However, the client may still gain access to resources based on various non-802.1X authentication mechanisms, including name/passwords, digital certificates, or the like.Type: GrantFiled: September 10, 2010Date of Patent: August 27, 2013Assignee: McAfee, Inc.Inventors: Alexandru Z. Vank, Xin Shen, Matt B. Cobb, Brad Robel-Forrest, Evan M. Webb
-
Patent number: 8522024Abstract: The present invention provides an authentication method, an authentication system, and an authentication device, which is in information security field.Type: GrantFiled: December 24, 2010Date of Patent: August 27, 2013Assignee: Feitian Technologies Co., Ltd.Inventors: Zhou Lu, Huazhang Yu
-
Publication number: 20130219478Abstract: In one embodiment, a management device in a computer network determines when nodes of the computer network join any one of a plurality of field area routers (FARs), which requires a shared-media mesh security key for that joined FAR. The management device also maintains a database that indicates to which FAR each node in the computer network is currently joined, and to which FARs, if any, each node had previously joined, where the nodes are configured to maintain the mesh security key for one or more previously joined FARs in order to return to those previously joined FARs with the maintained mesh security key. Accordingly, in response to an updated mesh security key for a particular FAR of the plurality of FARs, the management node initiates distribution of the updated mesh security key to nodes having previously joined that particular FAR that are not currently joined to that particular FAR.Type: ApplicationFiled: February 21, 2012Publication date: August 22, 2013Applicant: Cisco Technology, Inc.Inventors: Atul B. Mahamuni, Carol Barrett, Jean-Philippe Vasseur
-
Publication number: 20130219479Abstract: Systems and methods are disclosed herein for a user to use a trusted device to provide sensitive information to an identity provider via QR (Quick Response) code for the identity provider to broker a website login or to collect information for the website. A user may securely transact with the website from unsecured devices by entering sensitive information into the trusted device. The identity provider may generate the QR code for display by the website on an unsecured device. A user running an application from the identity provider on the trusted device may scan the QR code to transmit the QR code to the identity provider. The identity provider may validate the QR code and may receive credential information to authenticate the user or may collect information for the website. Advantageously, the user may perform a safe login to the website from untrusted devices using the trusted device.Type: ApplicationFiled: February 15, 2013Publication date: August 22, 2013Inventors: Daniel B. DeSoto, Mark Andrew Peskin
-
Patent number: 8516560Abstract: A method for securely authenticating a user of a portable consumer device at an access device comprising the following steps. First, a dynamic data element and a first set of transactional information is sent to the portable consumer device from the access device. Next, the portable consumer device creates an authentication code as a function of at least the dynamic data element, a subset of the first set of transactional information, and a password. The authentication code, along with other data, is then sent from the portable consumer device back to the access device. The access device then uses the authentication code to send an authentication request message to the service provider of the user. The service provider then attempts to authenticate the user by recreating the authentication code and comparing the recreated authentication code with the authentication code received from the access device.Type: GrantFiled: January 16, 2009Date of Patent: August 20, 2013Inventors: John F. Sheets, Simon Hurry
-
Patent number: 8516562Abstract: Systems and methods for authenticating electronic transactions are provided. The authentication methods employ a combination of security features and communication channels. These security features can be based, for example, on unique knowledge of the person being authenticated, a unique thing that the person has, unique personal features and attributes of the person, the ability of the person to respond, and to do so in a fashion that a machine cannot, and so forth. Methods for enrolling the person prior to authentication are also provided, as well as systems for enrollment and authentication.Type: GrantFiled: August 18, 2011Date of Patent: August 20, 2013Assignee: Veritrix, Inc.Inventor: Paul Headley
-
Patent number: 8516269Abstract: Detection and deterrence of device tampering and subversion may be achieved by including a cryptographic fingerprint unit within a hardware device for authenticating a binding of the hardware device and a physical structure. The cryptographic fingerprint unit includes an internal physically unclonable function (“PUF”) circuit disposed in or on the hardware device, which generate an internal PUF value. Binding logic is coupled to receive the internal PUF value, as well as an external PUF value associated with the physical structure, and generates a binding PUF value, which represents the binding of the hardware device and the physical structure. The cryptographic fingerprint unit also includes a cryptographic unit that uses the binding PUF value to allow a challenger to authenticate the binding.Type: GrantFiled: October 20, 2010Date of Patent: August 20, 2013Assignee: Sandia CorporationInventors: Jason R. Hamlet, David J. Stein, Todd M. Bauer
-
Methods and apparatus for determining user authorization from motion of a gesture-based control unit
Patent number: 8516561Abstract: Methods and apparatus for determining user authorization from motion of a gesture-based control unit are disclosed. An example method to determine user authorization from motion of a gesture-based control unit disclosed herein comprises detecting motion of the gesture-based control unit, the motion caused by a user, determining a detected gesture from a sequence of one or more detected motions of the gesture-based control unit, and identifying the user from the detected gesture to determine an authorization for use by the gesture-based control unit.Type: GrantFiled: September 29, 2008Date of Patent: August 20, 2013Assignee: AT&T Intellectual Property I, L.P.Inventors: Scott White, James Cansler, Ian Schmehl -
Patent number: 8516569Abstract: Techniques for uninterrupted virtual private network (VPN) connection service with dynamic policy enforcement are provided. An existing VPN session between a VPN client and a VPN server detects a change in a VPN network being used for the existing VPN session. New credentials and new policies are received by the VPN client. The new credentials are automatically used to re-authenticate the VPN client to the change during the existing VPN session, and the new policies are dynamically used to enforce the new policies during the existing VPN session on the VPN client.Type: GrantFiled: June 25, 2012Date of Patent: August 20, 2013Assignee: Apple Inc.Inventors: Allu Babula, Vishnu Govind Attur, Gautham Chambrakana Ananda
-
Publication number: 20130212661Abstract: A server may communicate with a mobile device and/or a reader device via an Internet connection. The server may be configured to generate a credential and transmit the credential to the mobile device. The mobile device may use the credential in an access control system, a payment system, a transit system, a vending system, or the like.Type: ApplicationFiled: February 13, 2013Publication date: August 15, 2013Applicant: XceedlD CorporationInventor: XceedlD Corporation
-
Publication number: 20130212660Abstract: A server may communicate with a mobile device and/or a reader device via an Internet connection. The server may be configured to generate a credential and transmit the credential to the mobile device. The mobile device may use the credential in an access control system, a payment system, a transit system, a vending system, or the like.Type: ApplicationFiled: February 13, 2013Publication date: August 15, 2013Applicant: XceedID CorporationInventor: XceedID Corporation
-
Publication number: 20130212656Abstract: Systems and methods for providing secured network access are provided. A user device located within range of a hotspot initiates a request sent via an open communication network associated with the hotspot. The request concerns secured network access at the hotspot by the user device. A unique pre-shared key is generated for the user device based on information in the received request and transmitted over the open communication network for display on a webpage accessible to the user device. The unique pre-shared key is stored in association with information regarding the user device. The user device may then use the unique pre-shared key in subsequent requests for secured network access.Type: ApplicationFiled: February 9, 2012Publication date: August 15, 2013Inventors: Prashant Ranade, Ming-Jye Sheu
-
Publication number: 20130212659Abstract: This disclosure relates to systems and methods for facilitating a security and trust architecture in connected vehicles. In certain embodiments, a method for creating a trusted architecture in a connected vehicle may include generating a connected vehicle ecosystem map including information relating to a plurality of electronic control units and network connections included in the connected vehicle. Based on the vehicle ecosystem map, trusted relationships involving electronic control units may be identified. Trusted credentials may be generated and issued to electronic control units that meet one or more trust requirements. Using the trusted credentials, trusted communication within the connected vehicle may be achieved.Type: ApplicationFiled: February 13, 2013Publication date: August 15, 2013Applicant: INTERTRUST TECHNOLOGIES CORPORATIONInventor: Intertrust Technologies Corporation
-
Publication number: 20130212658Abstract: A system for preventing fraud of a web service offered by a service provider at a website, which comprises:Type: ApplicationFiled: December 28, 2012Publication date: August 15, 2013Applicant: TELEFÓNICA, S.A.Inventors: Antonio Manuel AMAYA CALVO, Antonio Agustín PASTOR PERALES
-
Publication number: 20130212657Abstract: A computerized method resets an unlocking password of an electronic device. Verification information used for resetting a first unlocking password currently used for unlocking the electronic device, and a destination for receiving a second unlocking password in place of the first unlocking password are preset in the electronic device. A request message from a terminal device is monitored in real-time, and checked for the inclusion of the verification information. The second unlocking password is generated, the first unlocking password of the electronic device is replaced by the second unlocking password, and the second unlocking password is sent to the destination if the verification information is included in the request message.Type: ApplicationFiled: June 15, 2012Publication date: August 15, 2013Applicants: HON HAI PRECISION INDUSTRY CO., LTD., FU TAI HUA INDUSTRY (SHENZHEN) CO., LTD.Inventor: YONG-LIANG LU
-
Patent number: 8510794Abstract: Various embodiments of methods and apparatus for a unified management interface across internal and shared computing applications are disclosed. In some embodiments, one or more processors perform, responsive to receiving a plurality of access management requests at an identity management interface, transmitting an access management instruction to a customer internal application via an on-premise proxy, and transmitting another access management instruction to a shared computing system application via a multi-customer gateway on the shared computing system.Type: GrantFiled: October 19, 2012Date of Patent: August 13, 2013Assignee: Identropy, Inc.Inventors: Nishant Kaushik, Francisco Villavicencio, Ashraf Motiwala, Christopher Hydak
-
Patent number: 8509431Abstract: A wireless device may perform a local authentication to reduce the traffic on a network. The local authentication may be performed using a local web server and/or a local OpenID provider (OP) associated with the wireless device. The local web server and/or local OP may be implemented on a security module, such as a smartcard or a trusted execution environment for example. The local OP and/or local web server may be used to implement a provisioning phase to derive a session key, associated with a service provider, from an authentication between the wireless device and the network. The session key may be reusable for subsequent local authentications to locally authenticate a user of the wireless device to the service provider.Type: GrantFiled: September 20, 2011Date of Patent: August 13, 2013Assignee: InterDigital Patent Holdings, Inc.Inventors: Andreas U. Schmidt, Michael V. Meyerstein, Andreas Leicher, Yogendra C. Shah, Louis J. Guccione, Inhyok Cha
-
Patent number: 8510817Abstract: A computerized method of providing access to a secure resource includes, to each of a plurality of authorized users, providing a link to the secure resource. Each link includes a unique password embedded therein and each unique password relates to a particular user identification (userID) and personal identification number (PIN). The method also includes receiving a request to access the resource using a link having a password embedded therein, which request originates at a web browser. The method further includes directing the browser to a login screen and receiving via the login screen a userID and PIN. The method also includes determining whether the userID and PIN relate to one another and to the password and allowing or denying access to the resource in accordance with the determination.Type: GrantFiled: August 2, 2011Date of Patent: August 13, 2013Assignee: CA, Inc.Inventor: Geoffrey Hird
-
Patent number: 8510795Abstract: A system and a method automatically generate video-based tests to distinguish human users from computer software agents. The system comprises a CAPTCHA generation engine, a CAPTCHA serving engine, a video clips database, and a video tests database. The CAPTCHA generation engine selects a video clip from the video clips database, and segments the video clip into multiple video segments. For each video segment, the CAPTCHA generation engine associates a plurality of related queries with the video segment, generates a video test based on the association, and stores in the video tests database. A CAPTCHA serving engine selects a video test for a user, maintaining a user trial counter for each user taking the video test. Based on the user trial counter information and the response to the selected video test, the CAPTCHA serving engine determines whether the user is a human user.Type: GrantFiled: September 4, 2007Date of Patent: August 13, 2013Assignee: Google Inc.Inventor: Ullas Gargi
-
Patent number: 8510367Abstract: A computer network processor for managing information access, exchange, and interaction over a communications network has at least one input port for receiving input from the network, a first portion of memory for storing an operations framework, the framework supporting an information model including attributes and at least one communications system interface, a second portion of memory for caching information; and at least one interface to a at least one communications interface. The processor performs role-based task execution and related workflow based in part on defined attributes of the information model and in part on instruction solicited from a user through the at least one communications interface.Type: GrantFiled: March 17, 2008Date of Patent: August 13, 2013Assignee: Corybant, Inc.Inventors: Mohammad S. Salim, Barbara J. Rossner, Ronald M. Barber
-
Patent number: 8510563Abstract: A communication apparatus includes: a first storage unit storing a certification authority certificate; a verification unit verifying an electronic signature attached to a first electronic mail received by a receiving unit from a mail server based on the certification authority certificate; an output unit outputting the first electronic mail when a verification result of the verification unit is positive; a deletion unit deleting the first electronic mail from the mail server; a notification unit notifying a user of information regarding a specific certification authority when a specific certification authority certificate is not stored in the first storage unit; an acquiring unit acquiring the specific certification authority certificate; and a storage control unit storing the acquired specific certification authority certificate. The receiving unit again receives the first electronic mail.Type: GrantFiled: March 22, 2010Date of Patent: August 13, 2013Assignee: Brother Kogyo Kabushiki KaishaInventor: Takao Seki
-
Patent number: 8510553Abstract: Apparatus and methods associated with providing secure credential management are described. One apparatus embodiment includes a data store to store authentication data and an authentication supplicant (AS) logic to provide a response to an authentication communication (ACM) received from an authentication process. An authentication management (AM) logic may receive the ACM from a connection management (CM) logic associated with a host operating system (HOS), provide the ACM to the AS logic, and provide the response back to the CM logic. The apparatus may include a device management (DM) client logic to provide a secure connection to an operator DM server associated with the authentication process and to store authentication data provided by the operator DM server in the data store. The AS logic, AM logic, and DM logic may reside in firmware that is not accessible to the HOS.Type: GrantFiled: June 29, 2007Date of Patent: August 13, 2013Assignee: Intel CorporationInventors: Farid Adrangi, Ranjit Narjala, Hani Elgebaly
-
Patent number: 8510819Abstract: Systems and methods are provided for securing at least one mobile device. A server includes a controller and a non-transitory computer readable medium storing instructions executable by the controller. The executable instructions are configured to perform a method in which a secure communications session is established with a user and the user is allowed to input a list of a plurality of security actions to be performed at a mobile device associated with the user. A secure communications session is established with the mobile device, and the list of the plurality of security actions is provided to the mobile device simultaneously as a single instruction set.Type: GrantFiled: May 20, 2011Date of Patent: August 13, 2013Assignee: Neevo, LLCInventors: Stuart James Saunders, Kenneth Alan Adair
-
Patent number: 8508771Abstract: A job processing apparatus that is capable of recording an execution history of a job appropriately for each user even if a user does not spontaneously instruct a change of a user who operates an apparatus by a key operation etc. A receiving unit receives an operation of a user via an operation unit. A determining unit determines, when the receiving unit receives an operation, whether a user who performs the operation is identical to the user who has operated the operation, without inputting information for specifying the user. A control unit controls, when the determining unit determines that the user who performs the operation is not identical to the user who has operated the operation unit, so as not to keep an execution history of a job that is instructed to execute as an execution history of the user who has operated the operation.Type: GrantFiled: September 1, 2009Date of Patent: August 13, 2013Assignee: Canon Kabushiki KaishaInventor: Toru Ushiku
-
Patent number: 8510812Abstract: Embodiments of the present invention provide a framework for facilitating the deployment of management tunnels between management and managed devices. The tunnel may be initiated either from the management device or from the managed device. When the channel is first established, the credentials of the respective devices are verified. To this end, each of the devices may be pre-provisioned with unique identifier, as well as certificate assigned by a certificate authority together with associated private key. Upon initial setup of the tunnel, the identity of the management device may be provided by the administrator. Alternatively, the devices may be pre-configured by the manufacturer to participate in a web of trust, with each device capable to accept recommendations for an identity of the management server from the other member devices. Finally, a management device locator server may be provided to facilitate easy configuration.Type: GrantFiled: March 15, 2006Date of Patent: August 13, 2013Assignee: Fortinet, Inc.Inventor: Andrew Krywaniuk
-
Publication number: 20130205376Abstract: A method is provided in one example implementation and includes identifying a plurality of exporters that are authorized to communicate data to a collector on behalf of a secure domain; generating secure credentials for the secure domain; communicating the secure credentials to the collector; and authenticating the exporters using the secure credentials. In more particular implementations, the method can include receiving the secure credentials; receiving certain data that includes identifying information, which further includes an Internet protocol (IP) address of a source associated with the certain data; accepting the certain data if the secure credentials validate the identifying information; and rejecting the certain data if the secure credentials do not validate the identifying information.Type: ApplicationFiled: February 7, 2012Publication date: August 8, 2013Inventors: Maithili Narasimha, Suraj Nellikar, Srinivas Sardar
-
Publication number: 20130205360Abstract: Protecting user credentials from a computing device includes establishing a secure session between a computing device and an identity provider (e.g., a Web service). Parameters of the secure session are communicated to a credential service, which renegotiates or resumes the secure session to establish a new secure session between the credential service and the identity provider. User credentials are passed from the credential service to the identity provider via the new secure session, but the computing device does not have the parameters of the new secure session and thus does not have access to the passed user credentials. The credential service then renegotiates or resumes the secure session again to establish an additional secure session between the credential service and the identity provider. Parameters of the additional secure session are communicated to the computing device to allow the computing device to continue communicating securely with the identity provider.Type: ApplicationFiled: February 8, 2012Publication date: August 8, 2013Applicant: MICROSOFT CORPORATIONInventors: Mark F. Novak, Andrew J. Layman
-
Patent number: 8505066Abstract: Methods, apparatuses and a system are provided for performing a security audit of, for example, a multi-function device.Type: GrantFiled: October 28, 2008Date of Patent: August 6, 2013Assignees: Ricoh Company, Ltd., Ricoh Americas CorporationInventor: Atsushi Watanabe