Management Patents (Class 726/6)
-
Patent number: 8424077Abstract: Systems and methods for unattended authentication of software applications to provide these applications with access to shared resources. A server password manager (SPM) module resident on a node also occupied by a requester software application requesting access to resources receives the requestor's request. The SPM module creates a request package containing the requestor's information as well as the node's identifying information. The request package is then transmitted to a credentials manager (CM) module in a CM node. The request package, encrypted by the SPM module with encryption keys previously generated by the CM module, is decrypted by the CM module. The contents are checked against data stored by the CM module regarding the SPM module and the requestor application when these were registered with the CM. If the data matches, then the CM provides credentials which are used to give the requestor application access to the requested resources.Type: GrantFiled: December 18, 2006Date of Patent: April 16, 2013Assignee: Irdeto Canada CorporationInventors: Garney David Adams, Robert Grapes, Yuan Xiang Gu, Richard Edward Johnston Mehan, Jack Jiequn Rong
-
Patent number: 8424055Abstract: A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network.Type: GrantFiled: October 5, 2004Date of Patent: April 16, 2013Assignee: Alcatel LucentInventors: Michael E. See, John W. Bailey, Charles L. Panza, Yuri Pikover, Geoffrey C. Stone, Michele Wright Goodwin, Robert Leon Sangroniz
-
Patent number: 8424068Abstract: Methods and apparatus for providing an application credential for an application running on a device. In one embodiment, a method provides an application credential to an application running on a device, wherein the application credential is used by the application to authenticate to a data server. The method comprises receiving a request to generate the application credential, wherein the request includes an application identifier. The method also comprises generating the application credential using the application identifier and a master credential associated with the device.Type: GrantFiled: October 11, 2011Date of Patent: April 16, 2013Assignee: QUALCOMM IncorporatedInventor: Laurence Lundblade
-
Patent number: 8422650Abstract: A user of a first packet-based communication network is authorized to access a second packet-based communication network. In at least some embodiments, an authorization request is received from a user terminal of the user at a first network element of the first packet-based communication network, the authorization request comprising a first user identity. Responsive to the authorization request, a request is transmitted to create a second user identity from the first network element to a second network element of the second packet-based communication network. The second network element creates the second user identity for use in the second packet-based communication network, the second user identity being derivable from the first user identity according to a predetermined rule. The second user identity in the second packet-based communication network is stored for use with subsequent communication events over the second packet-based communication network.Type: GrantFiled: April 30, 2012Date of Patent: April 16, 2013Assignee: Microsoft CorporationInventor: Andres Kütt
-
Patent number: 8424057Abstract: A method for inhibiting phishing can include sending information from a mobile network device to a website server, generating a one time password at the mobile network device from the information, generating a one time password at the website server from the information, sending the one time password generated at the website server to the mobile network device when the mobile network device subsequently accesses the website, and comparing the one time password generated at the website server to the one time password generated at the mobile network device. In this manner, the website can be authenticated such that the occurrence of phishing is substantially mitigated.Type: GrantFiled: December 28, 2007Date of Patent: April 16, 2013Assignee: Ebay, Inc.Inventors: Upendra Mardikar, Kent Griffin, Elizabeth Allison Miller, Amol Patel
-
Patent number: 8424069Abstract: There is provided a method and system for authenticating users to an application. The method comprises receiving a master account identifier corresponding to a master account associated with the application. The method further comprises determining if at least one subaccount is assigned to the master account. The method comprises requesting a master password if at least one subaccount is not assigned to the master account. Finally, the method includes requesting a subaccount identifier and a subaccount password if at least one subaccount is assigned to the master account.Type: GrantFiled: November 20, 2009Date of Patent: April 16, 2013Assignee: Disney Enterprises, Inc.Inventor: Kevin Weatherston
-
Patent number: 8424070Abstract: Systems and media are provided for authenticating a mobile device using credentials supplied by a network rather than using a credential configured in the mobile device. As the mobile device requests access to the Internet, an AUD request is sent to an AUD service based on the generic credential in the mobile device. The AUD service generates a user-specific credential for the mobile that enables authentication by an authentication server and subsequent registration at a registration server.Type: GrantFiled: November 5, 2009Date of Patent: April 16, 2013Assignee: Sprint Communications Company L.P.Inventors: Raymond Emilio Reeves, Prabhat Karki, Sailesh Lamsal, Ryan Alan Wick
-
Patent number: 8424067Abstract: A system and method for dynamically adjusting or modifying the password expiration period for a given user based upon how a user accesses the password-protected resource. The tighter the physical control of how a user can access a resource results in a loosening or maintaining of the password expiration period to be a relatively long period of time, whereas the looser the physical control of how a user can access a resource results in a tightening of the password expiration period to be a relatively short period of time. The password expiration period is adjusted based on both actual usage patterns as well as variances in such usage patterns.Type: GrantFiled: January 19, 2006Date of Patent: April 16, 2013Assignee: International Business Machines CorporationInventors: Susann Marie Keohane, Gerald Francis McBrearty, Shawn Patrick Mullen, Jessica Kelley Murillo, Johnny Meng-Han Shieh
-
Patent number: 8424065Abstract: A system for centrally managing credential information of a user and a virtual object of a user across a plurality of virtual world (or corresponding virtual world servers) is disclosed. The system includes an identity service module for managing an authentication request (e.g., verifying credential information of a user) from a user and an inventory service module for managing virtual properties of a user. Furthermore, a method for logging in a virtual world by using the system is disclosed. A method for teleporting a virtual property from a virtual world to another virtual world by using the system is disclosed. A method for logging out from a virtual world by using the system is also disclosed.Type: GrantFiled: November 25, 2009Date of Patent: April 16, 2013Assignee: International Business Machines CorporationInventors: Boas Betzler, Neil A. Katz, Gang Wang, Meng Ye, Zi Yu Zhu
-
Patent number: 8418072Abstract: Described are techniques for performing a data storage management task. A presentation technology service layer renders a user interface for user interaction in accordance with one or more rendering techniques. A user interaction template service layer includes one or more templates. Each of the templates describes processing to perform the data storage management task. A user interface data model mapping service layer communicates with at least one of a business logic service layer and a data storage interface layer to perform one or more operations in connection with the data storage management task and to map data received therefrom in a form for use by the user interface in accordance with a user interface data model.Type: GrantFiled: December 24, 2007Date of Patent: April 9, 2013Assignee: EMC CorporationInventors: Andreas L. Bauer, Brian Castelli, James J. Glennon, Mark A. Parenti
-
Patent number: 8417993Abstract: Systems and methods for testing uniform resource identifier protocols, comprising a fuzzer that can accept an input, and produce a fuzzed uniform resource identifier (URI), and a debugger that monitors effects of invoking the fuzzed uniform resource identifier. The input can comprise a directory containing a plurality of valid uniform resource identifier bodies, which can be fuzzed and invoked. The debugger can monitor a target application as well as other applications and/or processes affected by the uniform resource identifier as invoked.Type: GrantFiled: June 21, 2007Date of Patent: April 9, 2013Assignee: Microsoft CorporationInventor: Arthur James O'Leary
-
Patent number: 8417976Abstract: An apparatus connected to a network via a network interface device and capable of executing encrypted communication with an external device on the network requests that a first algorithm to be used in the encrypted communication with the external device is changed to a second algorithm included in the network interface device when the apparatus detects that a condition for shifting to a power saving mode, in which power consumption is smaller than that in a normal power mode, is satisfied while the apparatus is operated in the normal power mode.Type: GrantFiled: March 9, 2010Date of Patent: April 9, 2013Assignee: Canon Kabushiki KaishaInventor: Go Inoue
-
Patent number: 8418238Abstract: A system, method and apparatus for managing access across a plurality of applications is disclosed. The system may include a user store connector configured to connect to one or more user stores to retrieve attributes; an authentication connector configured to communicate with at least one authentication subsystem to authenticate a user; a policy engine configured to retrieve attributes from the user store connector corresponding to a user and use the attributes to evaluate access policies, if any, which are defined for protection of resources, to determine whether or not the user should be granted access to the resources; an admin component that is configured to enable the access policies to be defined relative to attributes and the resources; and a policy store configured to store the access policies.Type: GrantFiled: March 25, 2009Date of Patent: April 9, 2013Assignee: Symplified, Inc.Inventors: Darren C. Platt, Coby Royer, Keshava Berg, Joseph H. Wallingford, III, Eric Olden
-
Patent number: 8418223Abstract: A computer-implemented method may include establishing, within a parental-control software system, an academic-performance policy that defines how academic performance of a student affects at least one parental-control setting enforced on a computing system accessible to the student. The computer-implemented method may also include receiving, via an electronic communication from a school of the student, grade information that indicates the student's academic performance. The computer-implemented method may further include applying the academic-performance policy by updating the parental-control setting commensurate with the student's academic performance. In addition, the computer-implemented method may include detecting an attempt by the student to access a resource of the computing system and applying the updated parental-control setting to control the student's access to the resource of the computing system.Type: GrantFiled: July 19, 2010Date of Patent: April 9, 2013Assignee: Symantec CorporationInventors: Spencer Smith, Adam Glick, Nicholas Graf
-
Publication number: 20130086660Abstract: Disclosed herein are a system for preventing an illegal copy of software and a method for preventing an illegal copy of software. The system for preventing an illegal copy of software includes: a terminal where software to be authenticated is installed and executed; a first Zigbee device connected with the terminal in a wired method and storing a plurality of unique passwords; and a second Zigbee device connected with the first Zigbee device in a wireless method and storing at least all the unique passwords of the first Zigbee device. Utilization is improved as compared with a known hardware lock type and an illegal copy possibility by hooking is excluded and since an authentication process is performed through encoded communication by using random variables, the illegal copy of software can be thoroughly stopped.Type: ApplicationFiled: September 21, 2012Publication date: April 4, 2013Applicant: SAMSUNG ELECTRO-MECHANICS CO., LTD.Inventor: SAMSUNG ELECTRO-MECHANICS CO., LTD.
-
Publication number: 20130086642Abstract: A method begins by a dispersed storage (DS) processing module generating a certificate signing request (CSR) that includes a certificate and a certificate extension, wherein the certificate includes information regarding a requesting device and wherein the certificate extension includes information regarding an accessible dispersed storage network (DSN) address range for the requesting device. The method continues with the DS processing module outputting the CSR to a certificate authority of a DSN and receiving a signed certificate from the certificate authority, wherein the signed certificate includes a certification signature of the certificate authority authenticating the certificate and the certificate extension. The method continues with the DS processing module storing the signed certificate for use when generating a DSN access request, wherein the DSN access request is requesting access to dispersed storage error encoded data in the DSN at an address within the accessible DSN address range.Type: ApplicationFiled: August 17, 2012Publication date: April 4, 2013Applicant: CLEVERSAFE, INC.Inventors: Jason K. Resch, Wesley Leggette, Andrew Baptist
-
Publication number: 20130086656Abstract: Disclosed is a method for protecting a single sign-on domain from credential leakage. In the method, an authentication server provides an authentication cookie to a browser client. The cookie has at least one user authentication credential for the domain, and is associated with an authentication subdomain of the domain. The server receives the cookie from the browser client. Upon authentication of the user authentication credential in the received cookie, the server responds to the access request by forwarding, to the browser client, a limited-use cookie for the domain. The server receives a request from the content server to validate a session identifier of the limited-use cookie received from the browser client. Upon validation of the session identifier of the limited-use cookie, the server provides a valid session message to the content server for enabling the content server to forward requested content to the browser client.Type: ApplicationFiled: October 4, 2011Publication date: April 4, 2013Applicant: QUALCOMM IncorporatedInventors: Michael W. Paddon, Jessica M. Flanagan, Craig M. Brown
-
Publication number: 20130086659Abstract: According to one embodiment, a storage stores secret data, first identification data, and a first random key. A generation module generates first authentication data from the secret data, first identification data, and second identification data of a removable medium. A first verification module determines whether the first authentication data and second authentication in the removable medium are identical. A second verification module determines whether the first random key and a second random key in the removable medium are identical, if the first and second authentication data are identical. An activation module activates the data processing apparatus if the first and second random keys are identical.Type: ApplicationFiled: June 28, 2012Publication date: April 4, 2013Inventors: Tadashi Tsuji, Tsuyoshi Nishida
-
Publication number: 20130086655Abstract: In one example, a computing device generates a new password for accessing a user account and/or computing system and inspires a change of an existing password for the user account and/or computing system to the new password. Thereafter, the computing device detects occurrence of a condition to trigger another change of the password for the user account and/or computing system and, responsively, inspires another change of the password for the user account and/or computing system.Type: ApplicationFiled: September 29, 2011Publication date: April 4, 2013Inventor: Alan H. Karp
-
Publication number: 20130086658Abstract: Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed.Type: ApplicationFiled: May 31, 2012Publication date: April 4, 2013Applicant: Oracle International CorporationInventor: Oracle International Corporation
-
Publication number: 20130086657Abstract: A framework is provided for integrating Internet identities in enterprise identity and access management (IAM) infrastructures. A framework is provided for open authorization. A framework is also provided for relying party functionality.Type: ApplicationFiled: May 4, 2012Publication date: April 4, 2013Applicant: Oracle International CorporationInventors: Venkataraman Uppili Srinivasan, Rajeev Angal, Ajay Sondhi, Shivaram Bhat
-
Patent number: 8413213Abstract: Embodiments of the present invention provide a method, apparatus and system for selecting a wireless communication device for establishing a connection. The method according to some exemplary embodiments of the invention may include selecting a communication device for establishing a connection by determining whether one or more security-related characteristics of the communication device satisfy a security policy corresponding to a selected security class. Other embodiments are described and claimed.Type: GrantFiled: December 28, 2004Date of Patent: April 2, 2013Assignee: Intel CorporationInventor: Claudio Glickman
-
Patent number: 8413220Abstract: A method for user authentication involves initiating an authentication process, receiving images associated with the authentication process, selecting an image from the images to generate a selection; and obtaining authentication based on the selection, where the image is associated with the authentication process and sent prior to initiating the authentication process.Type: GrantFiled: July 30, 2007Date of Patent: April 2, 2013Assignee: Intuit Inc.Inventors: Chris Quinn, Anthony Creed, Kenichi Mori, Bennett R. Blank
-
Patent number: 8411866Abstract: In one embodiment, a Home Agent receives a Mobile IP registration request from a group member, where the group member is a Mobile Node. The Home Agent generates a mobility binding for the group member that associates the group member with a care-of address, wherein the group member is a member of one or more groups. The Home Agent generates a Mobile IP registration reply, where the Mobile IP registration reply identifies one or more key servers. Each of the one or more key servers serves at least one of the one or more groups and is adapted for distributing group cryptography material to members of each group that is served by the corresponding key server. The Home Agent sends the Mobile IP registration reply to the group member, thereby enabling the group member to obtain cryptography material for at least one of the one or more groups from at least one of the one or more key servers to enable the group member to use the cryptography group material to securely communicate with other group members.Type: GrantFiled: November 14, 2007Date of Patent: April 2, 2013Assignee: Cisco Technology, Inc.Inventors: Mohamed Khalid, Ciprian Pompiliu Popoviciu, Kavitha Kamarthy, Aamer Saeed Akhter, Rajiv Asati
-
Patent number: 8413216Abstract: Methods, devices, and systems are disclosed for simulating a large, realistic computer network. Virtual actors statistically emulate the behaviors of humans using networked devices or responses and automatic functions of networked equipment, and their stochastic actions are queued in buffer pools by a behavioral engine. An abstract machine engine creates the minimal interfaces needed for each actor, and the interfaces then communicate persistently over a network with each other and real and virtual network resources to form realistic network traffic. The network can respond to outside stimuli, such as a network mapping application, by responding with false views of the network in order to spoof hackers, and the actors can respond by altering a software defined network upon which they operate.Type: GrantFiled: December 15, 2011Date of Patent: April 2, 2013Assignee: Zanttz, Inc.Inventors: Chad O. Hughes, Steven M. Silva
-
Patent number: 8413222Abstract: A method and apparatus for synchronously changing authentication credentials of a plurality of domains comprising detecting an authentication credential change event for a particular domain, where the authentication credential is being changed from a first credential to a second credential, determining whether the particular domain is within a domain group, and, if the particular domain is within the domain group, changing the authentication credential of at least one other domain in the domain group from the first credential to the second credential.Type: GrantFiled: June 27, 2008Date of Patent: April 2, 2013Assignee: Symantec CorporationInventors: Shaun Cooley, Brian Hernacki
-
Publication number: 20130081118Abstract: A method, system, and computer-readable storage medium are provided. Embodiments of the invention include receiving notification of a log-in event associated with a first login session wherein a user is authorized to access a resource of a computing system based on a credential. During the first login session and in response to determining the credential is valid, a second login session is established by granting the user access to a resource of an application associated with the computing system. During the first login session and in response to receiving information indicating an event has occurred, the second login session is terminated such that the user does not have access to the resource of the application. And during the first login session and in response to determining again that the credential is valid, a third login session is established by granting the user access to a resource of the application.Type: ApplicationFiled: September 23, 2011Publication date: March 28, 2013Applicant: Canon U.S.A., Inc.Inventor: Jiuyuan Ge
-
Patent number: 8407770Abstract: A user token management system in a client device on a network comprises an obtaining module, a web controller and a processing module. The obtaining module obtains a user token from a database in response to a retrieving request for retrieving authorization of a web service provider on the network. The web controller transmits an authenticating request for authenticating the user token to the web service provider and receives an authentication result authenticating the user token. The processing module deletes the user token from the database when that user token is not authenticated by the web service provider.Type: GrantFiled: July 5, 2011Date of Patent: March 26, 2013Assignee: Hon Hai Precision Industry Co., Ltd.Inventors: Teng-Yu Tsai, Jing-Lin Wu, Ting-Chieh Lin
-
Patent number: 8407769Abstract: Disclosed are a system and methods for associating a “generic” wireless device, i.e., a device that is not pre-programmed with subscription credentials corresponding to a particular operator, with a Home Operator designated by the device's owner. The disclosed system and methods further facilitate the automatic linking of a newly activated M2M device to an appropriate server for downloading the subscription credentials for the Home Operator. The disclosed system includes a registration server for maintaining electronic registration data for a plurality of wireless devices and for directing newly activated wireless devices to a server for downloading “permanent” subscription credentials, such as a downloadable USIM. The disclosed system further includes a subscription server for updating registration server entries to reflect an association between a first wireless device and its corresponding home network.Type: GrantFiled: June 9, 2008Date of Patent: March 26, 2013Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Patrik Mikael Salmela, Kristian Slavov
-
Patent number: 8407766Abstract: A method and apparatus for monitoring sensitive data on a computer network is described. In one embodiment, a method for protecting sensitive data from being leaked to a computer network comprises monitoring data related to a user that is presented on one or more web pages through a common interface, which enables a search for sensitive data on the one or more web pages of the one or more web sites and determining a disclosure of the sensitive data on a web page of one or more web pages.Type: GrantFiled: March 24, 2008Date of Patent: March 26, 2013Assignee: Symantec CorporationInventors: Keith Newstadt, Adam P. Schepis, Shaun Cooley
-
Patent number: 8407772Abstract: A system for issuing a license includes a Content Issuer (CI) configured to receive a Cooperate-RORequest from a Rights Issuer (RI). The CI encapsulates, according to the information carried in the Cooperate-RORequest, content related information by using a key of a destination entity to obtain an encapsulation key, and generates a Message Authentication Code (MAC) on part of information of a license. The CI sends the generated MAC and obtained encapsulation key to the RI, so that the RI sends the license that includes the MAC and the encapsulation key to the destination entity.Type: GrantFiled: October 25, 2011Date of Patent: March 26, 2013Assignee: Huawei Technologies Co., Ltd.Inventors: Weizhong Yuan, Renzhou Zhang, Chen Huang, Zhipeng Zhou, Qingliang Li
-
Patent number: 8407474Abstract: A pre-authentication method and an authentication system related to the mobile communications field are disclosed. The pre-authentication method includes: when a mobile node (MN) enters a visited network other than a home network, the MN obtains the identity information of the visited network, selects, according to the identity information of the visited network, a first pre-auth-key-file corresponding to the visited network and a first ticket corresponding to the visited network, where the first ticket carries the first pre-auth-key-file, and authenticates the visited authentication, authorization and accounting (VAAA) server according to the first pre-auth-key-file.Type: GrantFiled: December 27, 2010Date of Patent: March 26, 2013Assignee: Huawei Technologies Co., Ltd.Inventor: Yunbo Pan
-
Patent number: 8407767Abstract: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. Various methods are provided for creating new DIRs, requesting DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.Type: GrantFiled: September 17, 2007Date of Patent: March 26, 2013Assignee: Microsoft CorporationInventors: Vijay K. Gajjala, Colin H. Brace, Derek T. Del Conte, Arun K. Nanda, Stuart L. S. Kwan, Rashmi Raj, Vijayavani Nori
-
Patent number: 8407765Abstract: A system and method for restricting access to network performance information associated with communications over a packet network. A request may be received from a user to access network performance information associated with communications of data packets over a packet network. A determination as to whether the user has permission to access the network performance information may be made. In response to determining that the user has permission to access the network performance information, the user may be enabled to access the network performance information; otherwise, the user may be prevented from accessing the network performance information. The network performance information may include information associated with communications of data packets including real-time content and non-real-time content.Type: GrantFiled: May 31, 2007Date of Patent: March 26, 2013Assignee: CenturyLink Intellectual Property LLCInventors: William L. Wiley, Michael K. Bugenhagen
-
Patent number: 8407764Abstract: Provided are a user authentication apparatus and method for supporting PMIPv6 (Proxy Mobile Internet Protocol version 6) in next generation networks. Authentication and mobility signaling protocol can be performed without having an additional signaling process when a mobile terminal moves by extending user profiles of the next generations to support the PMIPv6.Type: GrantFiled: September 4, 2009Date of Patent: March 26, 2013Assignee: Electronics and Telecommunications Research InstituteInventors: Yoo Hwa Kang, Boo Geum Jung, Bong Tae Kim
-
Patent number: 8407771Abstract: A system and method for providing persistence in a secure network access by using a client certificate sent by a client device to maintain the identity of a target. A security handshake is performed with a client device to establish a secure session. A target is determined. A client certificate is associated with the target. During subsequent secure sessions, the client certificate is used to maintain persistent communications between the client and a target. A session ID can be used in combination with the client certificate, by identifying the target based on the session ID or the client certificate, depending on which one is available in a client message.Type: GrantFiled: July 5, 2011Date of Patent: March 26, 2013Assignee: F5 Networks, Inc.Inventors: John R. Hughes, Richard Roderick Masters, Robert George Gilde
-
Publication number: 20130074166Abstract: A method includes receiving data related to an individual, the data comprising a plurality of elements of personally-identifying information (PII). The method further includes building, via the plurality of elements of the PII, a compositional key for the individual. In addition, the method includes storing the compositional key and a biometric print for the individual as a biometric record in a biometric repository. The method also includes, via the compositional key, providing a plurality of federated entity (FE) computer systems with access to the biometric repository.Type: ApplicationFiled: September 20, 2011Publication date: March 21, 2013Inventor: Harold E. Gottschalk, JR.
-
Publication number: 20130074167Abstract: Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.Type: ApplicationFiled: November 8, 2012Publication date: March 21, 2013Applicant: Microsoft CorporationInventor: Microsoft Corporation
-
Patent number: 8402523Abstract: A system and method for associating message addresses with certificates, in which one or more secondary message addresses are identified and associated with a user-selected certificate that does not contain any e-mail addresses. In certain situations, a message may be encrypted using a certificate that does not contain an e-mail address that matches the e-mail address of the individual to which the message is to be sent, so long as the address to which the message is to be sent matches any of the message addresses associated with the certificate. The message addresses are saved in a data structure that resides in a secure data store on a computing device, such as a mobile device.Type: GrantFiled: May 27, 2010Date of Patent: March 19, 2013Assignee: Research In Motion LimitedInventors: Neil P. Adams, Michael S. Brown, Herbert A. Little
-
Patent number: 8401195Abstract: Methods of automatically populating a secure group list in a key variable loader and of providing keys to a secure group are presented. After a user selects a secure group and encryption algorithm using inputs of the loader, the loader provides a group identifier and corresponding key for the group. The group identifier, encryption algorithm, and key are transmitted to a portable communication device over a physical connection between the two while a device identifier of the communication device is transmitted concurrently to the loader. The key variable loader automatically populates a stored list of subscribers of the group with the device identifier. When it is desired to transmit a new key to all of or fewer than all of the subscribers, one of the subscribers is connected with the loader and used to wirelessly transmit a new key to the remaining subscribers.Type: GrantFiled: September 22, 2008Date of Patent: March 19, 2013Assignee: Motorola Solutions, Inc.Inventors: Kenneth C. Fuchs, Larry Murrill
-
Patent number: 8402522Abstract: Systems and methods for managing access to a computer account of a computer system that is not associated with a human user. The system comprises a password repository for storing a password for the computer account. The password is preferably encrypted with at least two secrets. The system also comprises a first data storage device for storing the first secret and a second data storage device for storing the second secret. The system additionally comprises a computer device in communication with the password repository and the first and second data storage devices for managing access to the computer account. The computer device is programmed to, in response to a request to perform an action under the computer account: (i) retrieve the first secret from the first data storage device; (ii) retrieve the second secret from the second data storage device; and (iii) decrypt the password with the first second secrets.Type: GrantFiled: April 17, 2008Date of Patent: March 19, 2013Assignee: Morgan StanleyInventors: Andrei Keis, Indur Mandhyan
-
Patent number: 8402521Abstract: Systems and methods for emulating credentials are disclosed. In some cases, the systems include an access credential reader and an access credential writer. The access credential reader is communicably coupled to the access credential writer. The access credential reader is operable to receive information from an access credential, and to transfer at least a portion of the information to the access credential writer. The access credential writer is operable to transfer at least the portion of the information to an emulation access credential.Type: GrantFiled: July 28, 2005Date of Patent: March 19, 2013Assignee: XceedidInventors: Jean-Hugues Wendling, John D. Menzel, Michael T. Conlin
-
Patent number: 8402278Abstract: The present invention is directed to a method and system for protecting data. In accordance with a particular embodiment of the present invention a new file is created. Key information is retrieved for the file from a keyserver. The key information includes, a key, a key identifier, and encryption algorithm information. The file is encrypted using the encryption algorithm. The key identifier is stored in a data repository. The data repository relates the key identifier to the encrypted file.Type: GrantFiled: April 13, 2007Date of Patent: March 19, 2013Assignee: CA, Inc.Inventor: Paul A. Gassoway
-
Patent number: 8402524Abstract: An ID bridge service system manages a type and assurance of identity information required for provision of service by an application service system and a type and assurance of identity information managed by plural authentication service systems, and is provided with a selecting measure that selects an authentication service system that manages identity information corresponding to the identity information required for the provision of the service by the application service system out of the plural authentication service systems when a request for authentication is received from the application service system and a requesting measure that requests the selected authentication service system to authenticate.Type: GrantFiled: February 1, 2011Date of Patent: March 19, 2013Assignee: Hitachi, Ltd.Inventors: Tadashi Kaji, Naoki Hayashi, Akifumi Yato, Shinichi Irube
-
Publication number: 20130067521Abstract: Methods and systems for linking a service provider account with patient care information are disclosed. A patient's account information is received. A service account for the patient is identified, and an association between a patient's care record and the service account is stored. Care information for the patient is received and transmitted to a device associated with the patient's service account.Type: ApplicationFiled: September 12, 2011Publication date: March 14, 2013Applicant: CSC Holdings, LLCInventors: Robert MARKEL, Adam Labelson
-
Publication number: 20130067545Abstract: A system and method for employing fingerprints for user authentication on a website is described. Embodiments of the invention employ a fingerprint scanner integrated into a USB device to scan a current user's fingerprint, and compare it against a stored fingerprint associated with the authorized user. If the current user is determined to be the authorized user, a user name and password associated with a requested website and stored on the USB device is entered onto the website. In one embodiment, the USB device is a password bank that both generates and stores passwords for various websites, removing the need for user memorization altogether.Type: ApplicationFiled: September 13, 2011Publication date: March 14, 2013Applicant: Sony Computer Entertainment America LLCInventor: Justin Hanes
-
Patent number: 8397281Abstract: A method for providing a secret that is provisioned to a first device to a second device includes generating a One-Time Password at the first device using the secret and obtaining an identifier of the secret. The method also includes providing the One-Time Password and the identifier to the second device and sending the One-Time Password and the identifier to a remote provisioning service. The method also includes verifying that the One-Time Password corresponds to the secret, and sending to the second device an encrypted secret and a decryption key for decrypting the encrypted secret. The encrypted secret and the decryption key may be sent using different communications methods. The method also includes decrypting the encrypted secret using the decryption key to provide the secret and storing the secret at the second device.Type: GrantFiled: December 30, 2009Date of Patent: March 12, 2013Assignee: Symantec CorporationInventors: Mingliang Pei, Slawek Ligier
-
Patent number: 8396806Abstract: A message that includes an end user license agreement is received at a client from a service in a distributed computing system. The client determines whether to accept the end user license agreement. The message is processed if the end user license agreement is accepted.Type: GrantFiled: October 30, 2007Date of Patent: March 12, 2013Assignee: Red Hat, Inc.Inventor: Mark Cameron Little
-
Patent number: 8397063Abstract: A system, and method related thereto, for providing a vehicular communications network public-key infrastructure. The system comprises a plurality of communications infrastructure nodes and a plurality of vehicles each having a communications component. The communications component provides vehicle to vehicle (V2V) communications, and communications via infrastructure nodes. A communications security component in each of the plurality of vehicles provides security for the communications between the plurality of vehicles using a plurality of security modules. The security modules include a certificate management module. A public key interface module may include a public key, a private key, an anonymous key and a management key. The system further includes a detection and response module for attack detection and attack mitigation. The communications security component assigns and installs at least one security key, a certificate of operation, and a current certificate revocation list.Type: GrantFiled: July 13, 2010Date of Patent: March 12, 2013Assignee: Telcordia Technologies, Inc.Inventor: Giovanni DiCrescenzo
-
Patent number: 8397026Abstract: An access control system (10) is disclosed for controlling access to data stored on at least one data storage medium (14) of a computing system. The access control system (10) comprises authentication means (25) to authenticate users permitted to access data stored in the at least one data storage medium (14) and database means (29) arranged to store data access profiles. Each data access profile is associated with a user permitted to access data stored in the at least one data storage medium (14), each data access profile includes information indicative of the degree of access permitted by a user to data stored in the at least one data storage medium (14), and each data access profile includes a master data access profile (M) and a current data access profile (C). The current data access profile (C) is modifiable within parameters defined by the master data access profile (M).Type: GrantFiled: March 4, 2005Date of Patent: March 12, 2013Assignee: Secure Systems LimitedInventors: Michael J. Wynne, Michael R. Geddes