Management Patents (Class 726/6)
  • Patent number: 8424077
    Abstract: Systems and methods for unattended authentication of software applications to provide these applications with access to shared resources. A server password manager (SPM) module resident on a node also occupied by a requester software application requesting access to resources receives the requestor's request. The SPM module creates a request package containing the requestor's information as well as the node's identifying information. The request package is then transmitted to a credentials manager (CM) module in a CM node. The request package, encrypted by the SPM module with encryption keys previously generated by the CM module, is decrypted by the CM module. The contents are checked against data stored by the CM module regarding the SPM module and the requestor application when these were registered with the CM. If the data matches, then the CM provides credentials which are used to give the requestor application access to the requested resources.
    Type: Grant
    Filed: December 18, 2006
    Date of Patent: April 16, 2013
    Assignee: Irdeto Canada Corporation
    Inventors: Garney David Adams, Robert Grapes, Yuan Xiang Gu, Richard Edward Johnston Mehan, Jack Jiequn Rong
  • Patent number: 8424055
    Abstract: A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network.
    Type: Grant
    Filed: October 5, 2004
    Date of Patent: April 16, 2013
    Assignee: Alcatel Lucent
    Inventors: Michael E. See, John W. Bailey, Charles L. Panza, Yuri Pikover, Geoffrey C. Stone, Michele Wright Goodwin, Robert Leon Sangroniz
  • Patent number: 8424068
    Abstract: Methods and apparatus for providing an application credential for an application running on a device. In one embodiment, a method provides an application credential to an application running on a device, wherein the application credential is used by the application to authenticate to a data server. The method comprises receiving a request to generate the application credential, wherein the request includes an application identifier. The method also comprises generating the application credential using the application identifier and a master credential associated with the device.
    Type: Grant
    Filed: October 11, 2011
    Date of Patent: April 16, 2013
    Assignee: QUALCOMM Incorporated
    Inventor: Laurence Lundblade
  • Patent number: 8422650
    Abstract: A user of a first packet-based communication network is authorized to access a second packet-based communication network. In at least some embodiments, an authorization request is received from a user terminal of the user at a first network element of the first packet-based communication network, the authorization request comprising a first user identity. Responsive to the authorization request, a request is transmitted to create a second user identity from the first network element to a second network element of the second packet-based communication network. The second network element creates the second user identity for use in the second packet-based communication network, the second user identity being derivable from the first user identity according to a predetermined rule. The second user identity in the second packet-based communication network is stored for use with subsequent communication events over the second packet-based communication network.
    Type: Grant
    Filed: April 30, 2012
    Date of Patent: April 16, 2013
    Assignee: Microsoft Corporation
    Inventor: Andres Kütt
  • Patent number: 8424057
    Abstract: A method for inhibiting phishing can include sending information from a mobile network device to a website server, generating a one time password at the mobile network device from the information, generating a one time password at the website server from the information, sending the one time password generated at the website server to the mobile network device when the mobile network device subsequently accesses the website, and comparing the one time password generated at the website server to the one time password generated at the mobile network device. In this manner, the website can be authenticated such that the occurrence of phishing is substantially mitigated.
    Type: Grant
    Filed: December 28, 2007
    Date of Patent: April 16, 2013
    Assignee: Ebay, Inc.
    Inventors: Upendra Mardikar, Kent Griffin, Elizabeth Allison Miller, Amol Patel
  • Patent number: 8424069
    Abstract: There is provided a method and system for authenticating users to an application. The method comprises receiving a master account identifier corresponding to a master account associated with the application. The method further comprises determining if at least one subaccount is assigned to the master account. The method comprises requesting a master password if at least one subaccount is not assigned to the master account. Finally, the method includes requesting a subaccount identifier and a subaccount password if at least one subaccount is assigned to the master account.
    Type: Grant
    Filed: November 20, 2009
    Date of Patent: April 16, 2013
    Assignee: Disney Enterprises, Inc.
    Inventor: Kevin Weatherston
  • Patent number: 8424070
    Abstract: Systems and media are provided for authenticating a mobile device using credentials supplied by a network rather than using a credential configured in the mobile device. As the mobile device requests access to the Internet, an AUD request is sent to an AUD service based on the generic credential in the mobile device. The AUD service generates a user-specific credential for the mobile that enables authentication by an authentication server and subsequent registration at a registration server.
    Type: Grant
    Filed: November 5, 2009
    Date of Patent: April 16, 2013
    Assignee: Sprint Communications Company L.P.
    Inventors: Raymond Emilio Reeves, Prabhat Karki, Sailesh Lamsal, Ryan Alan Wick
  • Patent number: 8424067
    Abstract: A system and method for dynamically adjusting or modifying the password expiration period for a given user based upon how a user accesses the password-protected resource. The tighter the physical control of how a user can access a resource results in a loosening or maintaining of the password expiration period to be a relatively long period of time, whereas the looser the physical control of how a user can access a resource results in a tightening of the password expiration period to be a relatively short period of time. The password expiration period is adjusted based on both actual usage patterns as well as variances in such usage patterns.
    Type: Grant
    Filed: January 19, 2006
    Date of Patent: April 16, 2013
    Assignee: International Business Machines Corporation
    Inventors: Susann Marie Keohane, Gerald Francis McBrearty, Shawn Patrick Mullen, Jessica Kelley Murillo, Johnny Meng-Han Shieh
  • Patent number: 8424065
    Abstract: A system for centrally managing credential information of a user and a virtual object of a user across a plurality of virtual world (or corresponding virtual world servers) is disclosed. The system includes an identity service module for managing an authentication request (e.g., verifying credential information of a user) from a user and an inventory service module for managing virtual properties of a user. Furthermore, a method for logging in a virtual world by using the system is disclosed. A method for teleporting a virtual property from a virtual world to another virtual world by using the system is disclosed. A method for logging out from a virtual world by using the system is also disclosed.
    Type: Grant
    Filed: November 25, 2009
    Date of Patent: April 16, 2013
    Assignee: International Business Machines Corporation
    Inventors: Boas Betzler, Neil A. Katz, Gang Wang, Meng Ye, Zi Yu Zhu
  • Patent number: 8418072
    Abstract: Described are techniques for performing a data storage management task. A presentation technology service layer renders a user interface for user interaction in accordance with one or more rendering techniques. A user interaction template service layer includes one or more templates. Each of the templates describes processing to perform the data storage management task. A user interface data model mapping service layer communicates with at least one of a business logic service layer and a data storage interface layer to perform one or more operations in connection with the data storage management task and to map data received therefrom in a form for use by the user interface in accordance with a user interface data model.
    Type: Grant
    Filed: December 24, 2007
    Date of Patent: April 9, 2013
    Assignee: EMC Corporation
    Inventors: Andreas L. Bauer, Brian Castelli, James J. Glennon, Mark A. Parenti
  • Patent number: 8417993
    Abstract: Systems and methods for testing uniform resource identifier protocols, comprising a fuzzer that can accept an input, and produce a fuzzed uniform resource identifier (URI), and a debugger that monitors effects of invoking the fuzzed uniform resource identifier. The input can comprise a directory containing a plurality of valid uniform resource identifier bodies, which can be fuzzed and invoked. The debugger can monitor a target application as well as other applications and/or processes affected by the uniform resource identifier as invoked.
    Type: Grant
    Filed: June 21, 2007
    Date of Patent: April 9, 2013
    Assignee: Microsoft Corporation
    Inventor: Arthur James O'Leary
  • Patent number: 8417976
    Abstract: An apparatus connected to a network via a network interface device and capable of executing encrypted communication with an external device on the network requests that a first algorithm to be used in the encrypted communication with the external device is changed to a second algorithm included in the network interface device when the apparatus detects that a condition for shifting to a power saving mode, in which power consumption is smaller than that in a normal power mode, is satisfied while the apparatus is operated in the normal power mode.
    Type: Grant
    Filed: March 9, 2010
    Date of Patent: April 9, 2013
    Assignee: Canon Kabushiki Kaisha
    Inventor: Go Inoue
  • Patent number: 8418238
    Abstract: A system, method and apparatus for managing access across a plurality of applications is disclosed. The system may include a user store connector configured to connect to one or more user stores to retrieve attributes; an authentication connector configured to communicate with at least one authentication subsystem to authenticate a user; a policy engine configured to retrieve attributes from the user store connector corresponding to a user and use the attributes to evaluate access policies, if any, which are defined for protection of resources, to determine whether or not the user should be granted access to the resources; an admin component that is configured to enable the access policies to be defined relative to attributes and the resources; and a policy store configured to store the access policies.
    Type: Grant
    Filed: March 25, 2009
    Date of Patent: April 9, 2013
    Assignee: Symplified, Inc.
    Inventors: Darren C. Platt, Coby Royer, Keshava Berg, Joseph H. Wallingford, III, Eric Olden
  • Patent number: 8418223
    Abstract: A computer-implemented method may include establishing, within a parental-control software system, an academic-performance policy that defines how academic performance of a student affects at least one parental-control setting enforced on a computing system accessible to the student. The computer-implemented method may also include receiving, via an electronic communication from a school of the student, grade information that indicates the student's academic performance. The computer-implemented method may further include applying the academic-performance policy by updating the parental-control setting commensurate with the student's academic performance. In addition, the computer-implemented method may include detecting an attempt by the student to access a resource of the computing system and applying the updated parental-control setting to control the student's access to the resource of the computing system.
    Type: Grant
    Filed: July 19, 2010
    Date of Patent: April 9, 2013
    Assignee: Symantec Corporation
    Inventors: Spencer Smith, Adam Glick, Nicholas Graf
  • Publication number: 20130086660
    Abstract: Disclosed herein are a system for preventing an illegal copy of software and a method for preventing an illegal copy of software. The system for preventing an illegal copy of software includes: a terminal where software to be authenticated is installed and executed; a first Zigbee device connected with the terminal in a wired method and storing a plurality of unique passwords; and a second Zigbee device connected with the first Zigbee device in a wireless method and storing at least all the unique passwords of the first Zigbee device. Utilization is improved as compared with a known hardware lock type and an illegal copy possibility by hooking is excluded and since an authentication process is performed through encoded communication by using random variables, the illegal copy of software can be thoroughly stopped.
    Type: Application
    Filed: September 21, 2012
    Publication date: April 4, 2013
    Applicant: SAMSUNG ELECTRO-MECHANICS CO., LTD.
    Inventor: SAMSUNG ELECTRO-MECHANICS CO., LTD.
  • Publication number: 20130086642
    Abstract: A method begins by a dispersed storage (DS) processing module generating a certificate signing request (CSR) that includes a certificate and a certificate extension, wherein the certificate includes information regarding a requesting device and wherein the certificate extension includes information regarding an accessible dispersed storage network (DSN) address range for the requesting device. The method continues with the DS processing module outputting the CSR to a certificate authority of a DSN and receiving a signed certificate from the certificate authority, wherein the signed certificate includes a certification signature of the certificate authority authenticating the certificate and the certificate extension. The method continues with the DS processing module storing the signed certificate for use when generating a DSN access request, wherein the DSN access request is requesting access to dispersed storage error encoded data in the DSN at an address within the accessible DSN address range.
    Type: Application
    Filed: August 17, 2012
    Publication date: April 4, 2013
    Applicant: CLEVERSAFE, INC.
    Inventors: Jason K. Resch, Wesley Leggette, Andrew Baptist
  • Publication number: 20130086656
    Abstract: Disclosed is a method for protecting a single sign-on domain from credential leakage. In the method, an authentication server provides an authentication cookie to a browser client. The cookie has at least one user authentication credential for the domain, and is associated with an authentication subdomain of the domain. The server receives the cookie from the browser client. Upon authentication of the user authentication credential in the received cookie, the server responds to the access request by forwarding, to the browser client, a limited-use cookie for the domain. The server receives a request from the content server to validate a session identifier of the limited-use cookie received from the browser client. Upon validation of the session identifier of the limited-use cookie, the server provides a valid session message to the content server for enabling the content server to forward requested content to the browser client.
    Type: Application
    Filed: October 4, 2011
    Publication date: April 4, 2013
    Applicant: QUALCOMM Incorporated
    Inventors: Michael W. Paddon, Jessica M. Flanagan, Craig M. Brown
  • Publication number: 20130086659
    Abstract: According to one embodiment, a storage stores secret data, first identification data, and a first random key. A generation module generates first authentication data from the secret data, first identification data, and second identification data of a removable medium. A first verification module determines whether the first authentication data and second authentication in the removable medium are identical. A second verification module determines whether the first random key and a second random key in the removable medium are identical, if the first and second authentication data are identical. An activation module activates the data processing apparatus if the first and second random keys are identical.
    Type: Application
    Filed: June 28, 2012
    Publication date: April 4, 2013
    Inventors: Tadashi Tsuji, Tsuyoshi Nishida
  • Publication number: 20130086655
    Abstract: In one example, a computing device generates a new password for accessing a user account and/or computing system and inspires a change of an existing password for the user account and/or computing system to the new password. Thereafter, the computing device detects occurrence of a condition to trigger another change of the password for the user account and/or computing system and, responsively, inspires another change of the password for the user account and/or computing system.
    Type: Application
    Filed: September 29, 2011
    Publication date: April 4, 2013
    Inventor: Alan H. Karp
  • Publication number: 20130086658
    Abstract: Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed.
    Type: Application
    Filed: May 31, 2012
    Publication date: April 4, 2013
    Applicant: Oracle International Corporation
    Inventor: Oracle International Corporation
  • Publication number: 20130086657
    Abstract: A framework is provided for integrating Internet identities in enterprise identity and access management (IAM) infrastructures. A framework is provided for open authorization. A framework is also provided for relying party functionality.
    Type: Application
    Filed: May 4, 2012
    Publication date: April 4, 2013
    Applicant: Oracle International Corporation
    Inventors: Venkataraman Uppili Srinivasan, Rajeev Angal, Ajay Sondhi, Shivaram Bhat
  • Patent number: 8413213
    Abstract: Embodiments of the present invention provide a method, apparatus and system for selecting a wireless communication device for establishing a connection. The method according to some exemplary embodiments of the invention may include selecting a communication device for establishing a connection by determining whether one or more security-related characteristics of the communication device satisfy a security policy corresponding to a selected security class. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 28, 2004
    Date of Patent: April 2, 2013
    Assignee: Intel Corporation
    Inventor: Claudio Glickman
  • Patent number: 8413220
    Abstract: A method for user authentication involves initiating an authentication process, receiving images associated with the authentication process, selecting an image from the images to generate a selection; and obtaining authentication based on the selection, where the image is associated with the authentication process and sent prior to initiating the authentication process.
    Type: Grant
    Filed: July 30, 2007
    Date of Patent: April 2, 2013
    Assignee: Intuit Inc.
    Inventors: Chris Quinn, Anthony Creed, Kenichi Mori, Bennett R. Blank
  • Patent number: 8411866
    Abstract: In one embodiment, a Home Agent receives a Mobile IP registration request from a group member, where the group member is a Mobile Node. The Home Agent generates a mobility binding for the group member that associates the group member with a care-of address, wherein the group member is a member of one or more groups. The Home Agent generates a Mobile IP registration reply, where the Mobile IP registration reply identifies one or more key servers. Each of the one or more key servers serves at least one of the one or more groups and is adapted for distributing group cryptography material to members of each group that is served by the corresponding key server. The Home Agent sends the Mobile IP registration reply to the group member, thereby enabling the group member to obtain cryptography material for at least one of the one or more groups from at least one of the one or more key servers to enable the group member to use the cryptography group material to securely communicate with other group members.
    Type: Grant
    Filed: November 14, 2007
    Date of Patent: April 2, 2013
    Assignee: Cisco Technology, Inc.
    Inventors: Mohamed Khalid, Ciprian Pompiliu Popoviciu, Kavitha Kamarthy, Aamer Saeed Akhter, Rajiv Asati
  • Patent number: 8413216
    Abstract: Methods, devices, and systems are disclosed for simulating a large, realistic computer network. Virtual actors statistically emulate the behaviors of humans using networked devices or responses and automatic functions of networked equipment, and their stochastic actions are queued in buffer pools by a behavioral engine. An abstract machine engine creates the minimal interfaces needed for each actor, and the interfaces then communicate persistently over a network with each other and real and virtual network resources to form realistic network traffic. The network can respond to outside stimuli, such as a network mapping application, by responding with false views of the network in order to spoof hackers, and the actors can respond by altering a software defined network upon which they operate.
    Type: Grant
    Filed: December 15, 2011
    Date of Patent: April 2, 2013
    Assignee: Zanttz, Inc.
    Inventors: Chad O. Hughes, Steven M. Silva
  • Patent number: 8413222
    Abstract: A method and apparatus for synchronously changing authentication credentials of a plurality of domains comprising detecting an authentication credential change event for a particular domain, where the authentication credential is being changed from a first credential to a second credential, determining whether the particular domain is within a domain group, and, if the particular domain is within the domain group, changing the authentication credential of at least one other domain in the domain group from the first credential to the second credential.
    Type: Grant
    Filed: June 27, 2008
    Date of Patent: April 2, 2013
    Assignee: Symantec Corporation
    Inventors: Shaun Cooley, Brian Hernacki
  • Publication number: 20130081118
    Abstract: A method, system, and computer-readable storage medium are provided. Embodiments of the invention include receiving notification of a log-in event associated with a first login session wherein a user is authorized to access a resource of a computing system based on a credential. During the first login session and in response to determining the credential is valid, a second login session is established by granting the user access to a resource of an application associated with the computing system. During the first login session and in response to receiving information indicating an event has occurred, the second login session is terminated such that the user does not have access to the resource of the application. And during the first login session and in response to determining again that the credential is valid, a third login session is established by granting the user access to a resource of the application.
    Type: Application
    Filed: September 23, 2011
    Publication date: March 28, 2013
    Applicant: Canon U.S.A., Inc.
    Inventor: Jiuyuan Ge
  • Patent number: 8407770
    Abstract: A user token management system in a client device on a network comprises an obtaining module, a web controller and a processing module. The obtaining module obtains a user token from a database in response to a retrieving request for retrieving authorization of a web service provider on the network. The web controller transmits an authenticating request for authenticating the user token to the web service provider and receives an authentication result authenticating the user token. The processing module deletes the user token from the database when that user token is not authenticated by the web service provider.
    Type: Grant
    Filed: July 5, 2011
    Date of Patent: March 26, 2013
    Assignee: Hon Hai Precision Industry Co., Ltd.
    Inventors: Teng-Yu Tsai, Jing-Lin Wu, Ting-Chieh Lin
  • Patent number: 8407769
    Abstract: Disclosed are a system and methods for associating a “generic” wireless device, i.e., a device that is not pre-programmed with subscription credentials corresponding to a particular operator, with a Home Operator designated by the device's owner. The disclosed system and methods further facilitate the automatic linking of a newly activated M2M device to an appropriate server for downloading the subscription credentials for the Home Operator. The disclosed system includes a registration server for maintaining electronic registration data for a plurality of wireless devices and for directing newly activated wireless devices to a server for downloading “permanent” subscription credentials, such as a downloadable USIM. The disclosed system further includes a subscription server for updating registration server entries to reflect an association between a first wireless device and its corresponding home network.
    Type: Grant
    Filed: June 9, 2008
    Date of Patent: March 26, 2013
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Patrik Mikael Salmela, Kristian Slavov
  • Patent number: 8407766
    Abstract: A method and apparatus for monitoring sensitive data on a computer network is described. In one embodiment, a method for protecting sensitive data from being leaked to a computer network comprises monitoring data related to a user that is presented on one or more web pages through a common interface, which enables a search for sensitive data on the one or more web pages of the one or more web sites and determining a disclosure of the sensitive data on a web page of one or more web pages.
    Type: Grant
    Filed: March 24, 2008
    Date of Patent: March 26, 2013
    Assignee: Symantec Corporation
    Inventors: Keith Newstadt, Adam P. Schepis, Shaun Cooley
  • Patent number: 8407772
    Abstract: A system for issuing a license includes a Content Issuer (CI) configured to receive a Cooperate-RORequest from a Rights Issuer (RI). The CI encapsulates, according to the information carried in the Cooperate-RORequest, content related information by using a key of a destination entity to obtain an encapsulation key, and generates a Message Authentication Code (MAC) on part of information of a license. The CI sends the generated MAC and obtained encapsulation key to the RI, so that the RI sends the license that includes the MAC and the encapsulation key to the destination entity.
    Type: Grant
    Filed: October 25, 2011
    Date of Patent: March 26, 2013
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Weizhong Yuan, Renzhou Zhang, Chen Huang, Zhipeng Zhou, Qingliang Li
  • Patent number: 8407474
    Abstract: A pre-authentication method and an authentication system related to the mobile communications field are disclosed. The pre-authentication method includes: when a mobile node (MN) enters a visited network other than a home network, the MN obtains the identity information of the visited network, selects, according to the identity information of the visited network, a first pre-auth-key-file corresponding to the visited network and a first ticket corresponding to the visited network, where the first ticket carries the first pre-auth-key-file, and authenticates the visited authentication, authorization and accounting (VAAA) server according to the first pre-auth-key-file.
    Type: Grant
    Filed: December 27, 2010
    Date of Patent: March 26, 2013
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Yunbo Pan
  • Patent number: 8407767
    Abstract: A system and method for provisioning digital identity representations (“DIRs”) uses various techniques and structures to ease administration, increase accuracy, and decrease inconsistencies of a digital-identity provisioning system. Various methods are provided for creating new DIRs, requesting DIRs, notifying principals of available DIRs, and approving issuance of new DIRs.
    Type: Grant
    Filed: September 17, 2007
    Date of Patent: March 26, 2013
    Assignee: Microsoft Corporation
    Inventors: Vijay K. Gajjala, Colin H. Brace, Derek T. Del Conte, Arun K. Nanda, Stuart L. S. Kwan, Rashmi Raj, Vijayavani Nori
  • Patent number: 8407765
    Abstract: A system and method for restricting access to network performance information associated with communications over a packet network. A request may be received from a user to access network performance information associated with communications of data packets over a packet network. A determination as to whether the user has permission to access the network performance information may be made. In response to determining that the user has permission to access the network performance information, the user may be enabled to access the network performance information; otherwise, the user may be prevented from accessing the network performance information. The network performance information may include information associated with communications of data packets including real-time content and non-real-time content.
    Type: Grant
    Filed: May 31, 2007
    Date of Patent: March 26, 2013
    Assignee: CenturyLink Intellectual Property LLC
    Inventors: William L. Wiley, Michael K. Bugenhagen
  • Patent number: 8407764
    Abstract: Provided are a user authentication apparatus and method for supporting PMIPv6 (Proxy Mobile Internet Protocol version 6) in next generation networks. Authentication and mobility signaling protocol can be performed without having an additional signaling process when a mobile terminal moves by extending user profiles of the next generations to support the PMIPv6.
    Type: Grant
    Filed: September 4, 2009
    Date of Patent: March 26, 2013
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Yoo Hwa Kang, Boo Geum Jung, Bong Tae Kim
  • Patent number: 8407771
    Abstract: A system and method for providing persistence in a secure network access by using a client certificate sent by a client device to maintain the identity of a target. A security handshake is performed with a client device to establish a secure session. A target is determined. A client certificate is associated with the target. During subsequent secure sessions, the client certificate is used to maintain persistent communications between the client and a target. A session ID can be used in combination with the client certificate, by identifying the target based on the session ID or the client certificate, depending on which one is available in a client message.
    Type: Grant
    Filed: July 5, 2011
    Date of Patent: March 26, 2013
    Assignee: F5 Networks, Inc.
    Inventors: John R. Hughes, Richard Roderick Masters, Robert George Gilde
  • Publication number: 20130074166
    Abstract: A method includes receiving data related to an individual, the data comprising a plurality of elements of personally-identifying information (PII). The method further includes building, via the plurality of elements of the PII, a compositional key for the individual. In addition, the method includes storing the compositional key and a biometric print for the individual as a biometric record in a biometric repository. The method also includes, via the compositional key, providing a plurality of federated entity (FE) computer systems with access to the biometric repository.
    Type: Application
    Filed: September 20, 2011
    Publication date: March 21, 2013
    Inventor: Harold E. Gottschalk, JR.
  • Publication number: 20130074167
    Abstract: Embodiments of authenticating linked accounts are presented herein. In an implementation, an authentication service provides functionality to form links between a plurality of user accounts. A client may then authenticate by providing credentials for one account in a group of linked accounts, and is permitted access to each account in the group of linked accounts based upon the linking. Thus, a single sign-in of a client to one account may permit the client to obtain services for service providers corresponding to multiple linked accounts, without an individual sign-in to each account.
    Type: Application
    Filed: November 8, 2012
    Publication date: March 21, 2013
    Applicant: Microsoft Corporation
    Inventor: Microsoft Corporation
  • Patent number: 8402523
    Abstract: A system and method for associating message addresses with certificates, in which one or more secondary message addresses are identified and associated with a user-selected certificate that does not contain any e-mail addresses. In certain situations, a message may be encrypted using a certificate that does not contain an e-mail address that matches the e-mail address of the individual to which the message is to be sent, so long as the address to which the message is to be sent matches any of the message addresses associated with the certificate. The message addresses are saved in a data structure that resides in a secure data store on a computing device, such as a mobile device.
    Type: Grant
    Filed: May 27, 2010
    Date of Patent: March 19, 2013
    Assignee: Research In Motion Limited
    Inventors: Neil P. Adams, Michael S. Brown, Herbert A. Little
  • Patent number: 8401195
    Abstract: Methods of automatically populating a secure group list in a key variable loader and of providing keys to a secure group are presented. After a user selects a secure group and encryption algorithm using inputs of the loader, the loader provides a group identifier and corresponding key for the group. The group identifier, encryption algorithm, and key are transmitted to a portable communication device over a physical connection between the two while a device identifier of the communication device is transmitted concurrently to the loader. The key variable loader automatically populates a stored list of subscribers of the group with the device identifier. When it is desired to transmit a new key to all of or fewer than all of the subscribers, one of the subscribers is connected with the loader and used to wirelessly transmit a new key to the remaining subscribers.
    Type: Grant
    Filed: September 22, 2008
    Date of Patent: March 19, 2013
    Assignee: Motorola Solutions, Inc.
    Inventors: Kenneth C. Fuchs, Larry Murrill
  • Patent number: 8402522
    Abstract: Systems and methods for managing access to a computer account of a computer system that is not associated with a human user. The system comprises a password repository for storing a password for the computer account. The password is preferably encrypted with at least two secrets. The system also comprises a first data storage device for storing the first secret and a second data storage device for storing the second secret. The system additionally comprises a computer device in communication with the password repository and the first and second data storage devices for managing access to the computer account. The computer device is programmed to, in response to a request to perform an action under the computer account: (i) retrieve the first secret from the first data storage device; (ii) retrieve the second secret from the second data storage device; and (iii) decrypt the password with the first second secrets.
    Type: Grant
    Filed: April 17, 2008
    Date of Patent: March 19, 2013
    Assignee: Morgan Stanley
    Inventors: Andrei Keis, Indur Mandhyan
  • Patent number: 8402521
    Abstract: Systems and methods for emulating credentials are disclosed. In some cases, the systems include an access credential reader and an access credential writer. The access credential reader is communicably coupled to the access credential writer. The access credential reader is operable to receive information from an access credential, and to transfer at least a portion of the information to the access credential writer. The access credential writer is operable to transfer at least the portion of the information to an emulation access credential.
    Type: Grant
    Filed: July 28, 2005
    Date of Patent: March 19, 2013
    Assignee: Xceedid
    Inventors: Jean-Hugues Wendling, John D. Menzel, Michael T. Conlin
  • Patent number: 8402278
    Abstract: The present invention is directed to a method and system for protecting data. In accordance with a particular embodiment of the present invention a new file is created. Key information is retrieved for the file from a keyserver. The key information includes, a key, a key identifier, and encryption algorithm information. The file is encrypted using the encryption algorithm. The key identifier is stored in a data repository. The data repository relates the key identifier to the encrypted file.
    Type: Grant
    Filed: April 13, 2007
    Date of Patent: March 19, 2013
    Assignee: CA, Inc.
    Inventor: Paul A. Gassoway
  • Patent number: 8402524
    Abstract: An ID bridge service system manages a type and assurance of identity information required for provision of service by an application service system and a type and assurance of identity information managed by plural authentication service systems, and is provided with a selecting measure that selects an authentication service system that manages identity information corresponding to the identity information required for the provision of the service by the application service system out of the plural authentication service systems when a request for authentication is received from the application service system and a requesting measure that requests the selected authentication service system to authenticate.
    Type: Grant
    Filed: February 1, 2011
    Date of Patent: March 19, 2013
    Assignee: Hitachi, Ltd.
    Inventors: Tadashi Kaji, Naoki Hayashi, Akifumi Yato, Shinichi Irube
  • Publication number: 20130067521
    Abstract: Methods and systems for linking a service provider account with patient care information are disclosed. A patient's account information is received. A service account for the patient is identified, and an association between a patient's care record and the service account is stored. Care information for the patient is received and transmitted to a device associated with the patient's service account.
    Type: Application
    Filed: September 12, 2011
    Publication date: March 14, 2013
    Applicant: CSC Holdings, LLC
    Inventors: Robert MARKEL, Adam Labelson
  • Publication number: 20130067545
    Abstract: A system and method for employing fingerprints for user authentication on a website is described. Embodiments of the invention employ a fingerprint scanner integrated into a USB device to scan a current user's fingerprint, and compare it against a stored fingerprint associated with the authorized user. If the current user is determined to be the authorized user, a user name and password associated with a requested website and stored on the USB device is entered onto the website. In one embodiment, the USB device is a password bank that both generates and stores passwords for various websites, removing the need for user memorization altogether.
    Type: Application
    Filed: September 13, 2011
    Publication date: March 14, 2013
    Applicant: Sony Computer Entertainment America LLC
    Inventor: Justin Hanes
  • Patent number: 8397281
    Abstract: A method for providing a secret that is provisioned to a first device to a second device includes generating a One-Time Password at the first device using the secret and obtaining an identifier of the secret. The method also includes providing the One-Time Password and the identifier to the second device and sending the One-Time Password and the identifier to a remote provisioning service. The method also includes verifying that the One-Time Password corresponds to the secret, and sending to the second device an encrypted secret and a decryption key for decrypting the encrypted secret. The encrypted secret and the decryption key may be sent using different communications methods. The method also includes decrypting the encrypted secret using the decryption key to provide the secret and storing the secret at the second device.
    Type: Grant
    Filed: December 30, 2009
    Date of Patent: March 12, 2013
    Assignee: Symantec Corporation
    Inventors: Mingliang Pei, Slawek Ligier
  • Patent number: 8396806
    Abstract: A message that includes an end user license agreement is received at a client from a service in a distributed computing system. The client determines whether to accept the end user license agreement. The message is processed if the end user license agreement is accepted.
    Type: Grant
    Filed: October 30, 2007
    Date of Patent: March 12, 2013
    Assignee: Red Hat, Inc.
    Inventor: Mark Cameron Little
  • Patent number: 8397063
    Abstract: A system, and method related thereto, for providing a vehicular communications network public-key infrastructure. The system comprises a plurality of communications infrastructure nodes and a plurality of vehicles each having a communications component. The communications component provides vehicle to vehicle (V2V) communications, and communications via infrastructure nodes. A communications security component in each of the plurality of vehicles provides security for the communications between the plurality of vehicles using a plurality of security modules. The security modules include a certificate management module. A public key interface module may include a public key, a private key, an anonymous key and a management key. The system further includes a detection and response module for attack detection and attack mitigation. The communications security component assigns and installs at least one security key, a certificate of operation, and a current certificate revocation list.
    Type: Grant
    Filed: July 13, 2010
    Date of Patent: March 12, 2013
    Assignee: Telcordia Technologies, Inc.
    Inventor: Giovanni DiCrescenzo
  • Patent number: 8397026
    Abstract: An access control system (10) is disclosed for controlling access to data stored on at least one data storage medium (14) of a computing system. The access control system (10) comprises authentication means (25) to authenticate users permitted to access data stored in the at least one data storage medium (14) and database means (29) arranged to store data access profiles. Each data access profile is associated with a user permitted to access data stored in the at least one data storage medium (14), each data access profile includes information indicative of the degree of access permitted by a user to data stored in the at least one data storage medium (14), and each data access profile includes a master data access profile (M) and a current data access profile (C). The current data access profile (C) is modifiable within parameters defined by the master data access profile (M).
    Type: Grant
    Filed: March 4, 2005
    Date of Patent: March 12, 2013
    Assignee: Secure Systems Limited
    Inventors: Michael J. Wynne, Michael R. Geddes