Management Patents (Class 726/6)
-
Patent number: 8185937Abstract: A system and method is described for controlling the password(s) of one or more programs through a universal program. The universal control program allows access to one or more other programs and allows editing of the passwords of the other programs directly through the universal access program.Type: GrantFiled: March 28, 2007Date of Patent: May 22, 2012Assignee: Worcester Technologies LLCInventor: John B. Hollingsworth
-
Patent number: 8185936Abstract: A method and medium are provided for automatically updating user profiles based on authentication failures associated with network-access requests from mobile communications devices. A mobile communications device requests access to a mobile network and the access is rejected due to an authentication failure. Upon communicating a rejection message to the mobile communications device, the authentication server communicates a network-access rejection notification to a user-profile updating server that resets network-generated authentication credentials and provides updated profiles containing reset credentials to a provisioning server. Subsequent access requests from the mobile device are handled through a dedicated profile-provisioning home agent until the device is updated, at which time network access can be granted through a more conventional home agent.Type: GrantFiled: July 13, 2009Date of Patent: May 22, 2012Assignee: Sprint Communications Company L.P.Inventors: Raymond Emilio Reeves, Ryan Alan Wick, Wen Xue
-
Patent number: 8185737Abstract: Communication across domains is described. In at least one implementation, a determination is made that an amount of data to be communicated via an Iframe exceeds a threshold amount. The data is divided into a plurality of portions that do not exceed the threshold amount. A plurality of messages is formed to communicate the divided data across domains.Type: GrantFiled: May 22, 2007Date of Patent: May 22, 2012Assignee: Microsoft CorporationInventors: Scott Isaacs, George Moore, Danny Thorpe, Vasileios Zissimopoulos
-
Publication number: 20120124653Abstract: A wireless communication device provides a method of certificate-based access control. Particularly, the device establishes a secure communications session with a device management server. Rather than use access control lists to control access to the functions and services on the device, however, the device uses the certificate that was employed to establish the secure session to control access.Type: ApplicationFiled: December 16, 2010Publication date: May 17, 2012Applicant: Sony Ericsson Mobile Communications ABInventors: Svante Alnås, Stefan Andersson
-
Publication number: 20120124655Abstract: An apparatus for connecting a human key identification to objects and content or identification, tracking, delivery, advertising, and marketing. An Independent Clearing House Agent (ICHA) server is connected to a human key server. The human key server is connected to a translation server and universal virtual world (UVW) server for the management of a plurality of methods and mechanism integrally working as one system. A virtual world airport (VWA) server is connected to a Mobile, Handheld, and Independent Device Application Development (MHIDAD) server which in turn communicates with an illumination transformer audio video manager interactive server transmitter (ITAVMIST which communicates with a Virtual Cash Virtual Currency (VCVC) server. The authentication unit also creating identification data; and sending to verification; a match combined with 9 out of 17 positive point evaluations returns, via an Internet connection to the mobile device.Type: ApplicationFiled: January 24, 2012Publication date: May 17, 2012Inventors: David Valin, Alex Socolof
-
Patent number: 8181016Abstract: An applications access re-certification system is disclosed. The system is used for approving and re-certifying a user's access rights to applications stored or existing in an institution's computer system based on reviewing in a configurable timeframe the user's functional roles by designated reviewers. The system is used to ensure security of the applications by means of a reviewing process. The system is used to automate the re-certification process by means of a computer-controlled re-certification system which automatically operates in a defined methodology under control of re-certification administrators. The system could perform a management summary of access rights to the applications, and a automated scorecard to monitor the re-certification progress. The system could carry out a control process to ensure the changes to existing permissions are effectively managed at source destinations. The system has a capability of initiating multiple approvers for re-certifying a user's access rights.Type: GrantFiled: August 11, 2006Date of Patent: May 15, 2012Assignee: JPMorgan Chase Bank, N.A.Inventors: Evelyn Borgia, Jodi Breslin
-
Patent number: 8181022Abstract: A method and apparatus for controlling access restrictions for media resource playback may include defining a user-specific content control profile authorizing one or more classes of content to be delivered to a client device, generating a media resource request identifying a first media resource associated with a first class of content and one or more attributes of the content control profile, determining whether the first class of content has been authorized for delivery to the client device based at least in part upon the one or more attributes of the content control profile, and delivering the first media resource to the client device if the first class of content has been authorized for delivery to the client device.Type: GrantFiled: June 24, 2004Date of Patent: May 15, 2012Assignee: RealNetworks, Inc.Inventor: Randy Meyerson
-
Patent number: 8181236Abstract: Disclosed is a computer implemented method and apparatus to retrieve authentication records required for user validation and creation of authentication credentials from an authentication server to be passed to the user. The method is comprised of the authentication server storing a first authentication record, then generating a first authentication credential based on the first authentication record. The authentication server associates the first authentication record with a first credential expiration time. The authentication server stores a second authentication record. The authentication server generates a second authentication credential based on the second authentication record, wherein the second authentication credential is associated with a second credential expiration time. Next, the authentication server associates the second authentication credential with a second credential expiration time.Type: GrantFiled: July 10, 2008Date of Patent: May 15, 2012Assignee: International Business Machines CorporationInventors: Dwip N. Banerjee, Manish Katiyar, Sandeep R. Patil, Venkat Venkatsubra
-
Patent number: 8176537Abstract: An image formation apparatus: previously stores first information allowing functions that a plurality of users are authorized to use, respectively, to be determined; receives second information input to determine a user, the second information allowing that user to be determined; determines from the previously stored first information a normal function that the determined user is authorized to use; is set to make the determined normal function available; receives third information input from a first storage medium having the third information stored therein, to determine an extended function, the third information allowing the extended function to be determined; and is set to make the determined extended function available in addition to the normal function set available.Type: GrantFiled: August 4, 2008Date of Patent: May 8, 2012Assignee: Konica Minolta Business Technologies, Inc.Inventor: Shinichi Ban
-
Patent number: 8176146Abstract: Control list management may be provided. First, it may be detected that an event has occurred on a data network. Then, it may be determined, in response to the detected event, that a device on the data network needs to be provided with an access control list. Next, the access control list may be obtained from a database central to the data network. Then, the device may be provided with the obtained access control list.Type: GrantFiled: December 14, 2007Date of Patent: May 8, 2012Assignee: AT&T Intellectual Property I, LPInventors: Vel Sembugamoorthy, Homayoun Torab
-
Patent number: 8176334Abstract: An improved system and approaches for exchanging secured files (e.g., documents) between internal users of an organization and external users are disclosed. A file security system of the organization operates to protect the files of the organization and thus prevents or limits external users from accessing internal documents. Although the external users are unaffiliated with the organization (i.e., not employees or contractors), the external users often have working relationships with internal users. These working relationships (also referred to herein as partner relationships) often present the need for file (document) exchange. According to one aspect, external users having working relationships with internal users are able to be given limited user privileges within the file security system, such that restricted file (document) exchange is permitted between such internal and external users.Type: GrantFiled: September 30, 2002Date of Patent: May 8, 2012Assignee: Guardian Data Storage, LLCInventor: Klimenty Vainstein
-
Patent number: 8176525Abstract: This invention provides a method, system and apparatus for allowing media context sensitive SIP signaling exchange (such as voice) and call establishment while denying or challenging any other session description protocol (“SDP”) extension dialogs which might not be desired (such as instant messaging, video, Web broadcasting or pushing, data and/or application sharing and the like) by a user. The method and apparatus may further include defining user client media policy preferences, the user media policy preferences establishing the parameters for evaluating a media session request received by a user client, and providing the user client media policy preferences to a policy enforcement point device, the policy enforcement point device evaluating the media session request received by the user client and applying the user client media policy preferences to the media session request.Type: GrantFiled: September 29, 2006Date of Patent: May 8, 2012Assignee: Rockstar Bidco, L.P.Inventors: Edwin Koehler, Jr., Cherif Sleiman, Timothy Mendonca
-
Patent number: 8176534Abstract: A method and apparatus are provided for enabling a Universal Plug and Play (UPnP) device to be automatically provisioned to access services without the need for manual interaction. In accordance with the invention, when a UPnP device needs to be provisioned, it automatically obtains pre-provisioning information from a provisioning device on the home network, and uses the pre-provisioning information to interact with the provisioning device to cause the UPnP device to be provisioned. The provisioning enables the UPnP device to access services, including digital rights management (DRM) services, over a network.Type: GrantFiled: December 30, 2005Date of Patent: May 8, 2012Assignee: General Instrument CorporationInventors: Geetha Mangalore, Petr Peterka
-
Patent number: 8175863Abstract: Intelligent monitoring systems and methods for virtual environments are disclosed that understand various components of a virtual infrastructure and how the components interact to provide improved performance analysis to users. In certain examples, a monitoring system assesses the performance of virtual machine(s) in the context of the overall performance of the physical server(s) and the environment in which the virtual machine(s) are running. For instance, the monitoring system can track performance metrics over a determined period of time to view changes to the allocation of resources to virtual machines and their location(s) on physical platforms. Moreover, monitoring systems can utilize past performance information from separate virtual environments to project a performance impact resulting from the migration of a virtual machine from one physical platform to another.Type: GrantFiled: February 12, 2009Date of Patent: May 8, 2012Assignee: Quest Software, Inc.Inventors: John Andrew Ostermeyer, James Michael Hofer, Mark Steven Childers, Michael Hugh Condy
-
Patent number: 8176249Abstract: Method for embedding a session secret, within an application instance, comprising the steps of generating an ephemeral session secret by a master application. Embedding, by master application, secret bytes, within application bytes of a slave application. Calculating said ephemeral session secret, by slave application, from said embedded secret bytes, when slave application is executed.Type: GrantFiled: April 28, 2007Date of Patent: May 8, 2012Inventor: Amiram Grynberg
-
Patent number: 8176540Abstract: A security method and system. The method includes retrieving configuration data associated with a non interactive entity (NIE) software application. The configuration data comprises refresh counts, refresh periods, and session IDs. A master refresh period is calculated from the refresh periods. Credentials data associated with a requestor are retrieved. The credentials data are transmitted to a resource server. A session key generated by the resource server is received by the NIE software application. The NIE software application calculates a stale time associated with the session key. The NIE software application generates a first updated refresh count. The NIE software application stores the session key, the first updated refresh count, the first refresh period, and the first specified stale time.Type: GrantFiled: March 11, 2008Date of Patent: May 8, 2012Assignee: International Business Machines CorporationInventor: Alexander Brantley Sheehan
-
Patent number: 8176019Abstract: A method and system enable a user to develop domain-specific policy workbench. Domains may include, but are not limited to security, autonomic computing, workload management and systems management. The method and system in one aspect determines syntax of a policy in a selected domain and creates an instance of policy workbench specific to the selected domain. In one aspect, the instance of policy workbench includes at least machine-readable encodings of the selected policy and associated mapping. The instance of policy workbench also includes a compliance auditing tool enabled to check events logged at a target system against the selected policy and associated mapping to determine if one or more policy rules have been complied with. In another aspect, domain-specific policy workbench creation machine is provided that automatically creates an instance of domain-specific policy workbench.Type: GrantFiled: April 3, 2008Date of Patent: May 8, 2012Assignee: International Business Machines CorporationInventors: Carolyn A. Brodie, Clare-Marie Karat, John Karat, Peter K. Malkin
-
Patent number: 8176535Abstract: An information processing system includes: an organization information storage that stores organization information which defines an organization including users and groups of the users; a usage control information storage that stores usage control information which is for controlling use of control target information by each user in the organization defined by the organization information and defining a user or a group of users who or which is permitted to use the control target information and a usage range of the control target information in which the user or the group of the users is permitted to use the control target information; a judgment unit that judges whether or not an inconvenience resulting from a change of the organization occurs in the usage control information stored in the usage control information storage based on the organization information stored in the organization information storage; and a countermeasure unit that performs a countermeasure against the inconvenience in a case where thType: GrantFiled: May 29, 2009Date of Patent: May 8, 2012Assignee: Fuji Xerox Co., Ltd.Inventor: Kazuo Saito
-
Publication number: 20120110643Abstract: Network access for a secure network is transparently provided to a wireless device using a social networking type of framework. An operator of a secure wireless network may register the network and access credentials for the network with a network access management system. The operator also may configure network access settings, such as designating a sharing level, that permits wireless devices meeting access criteria for the sharing level to use the network. Electronic devices belonging to social media contacts, such as family members and friends, may be associated with the registered network. When the associated devices or other qualifying devices are within communication range of the network, a client function in the device may coordinate with the network access management system to provide network access to the devices. The coordination may take place through a network different than the secure network, such as a cellular network to which the electronic device has subscription access.Type: ApplicationFiled: November 1, 2010Publication date: May 3, 2012Inventors: Jeffrey C. Schmidt, Peter Stanforth, Donald L. Joslyn, Manish Shukla, Mario A. Camchong, Sekhar V. Uppalapati, Hrishikesh Gossain
-
Publication number: 20120110634Abstract: A PIN is automatically generated based on at least one rule when the user enters a password through a user device. In one example, the PIN is a truncated version of the password where each character in the truncated version is mapped onto a number. The mapping can be a truncation at the beginning or end of the password, or the mapping can be with any pattern or sequence of characters in the password. This PIN generation may be transparent to the user, such that the user may not even know the PIN was generated when the password was entered. When the user attempts to access restricted content, the user may enter the PIN instead of the password, where the user may be notified of the rule used to generate the PIN so that the user will know the PIN by knowing the password.Type: ApplicationFiled: October 25, 2011Publication date: May 3, 2012Applicant: EBAY, INC.Inventor: Bjorn Markus Jakobsson
-
Patent number: 8171302Abstract: There is provided a system and method for creating a pre-shared key. More specifically, in one embodiment, there is provided a method comprising accessing an identifier associated with a computer system, and performing at least one mathematical function on the identifier to create a pre-shared key for the computer system.Type: GrantFiled: February 23, 2011Date of Patent: May 1, 2012Assignee: Hewlett-Packard Development Company, L.P.Inventor: Paul J. Broyles
-
Patent number: 8171303Abstract: Techniques for authenticating a login that avoid the imposition of memorization burdens on users of a computer system. The present techniques include determining whether an appropriate token is stored on a client system that originates the login, authenticating a login by communicating with a user via a secondary communication channel, and authenticating a login by engaging in a private question/private answer dialogue with a user.Type: GrantFiled: November 3, 2004Date of Patent: May 1, 2012Assignee: Astav, Inc.Inventors: Alexandre Bronstein, Alon Waksman
-
Patent number: 8171531Abstract: A universal authentication token is configured to securely acquire security credentials from other authentication tokens and/or devices. In this manner, a single universal authentication token can store the authentication credentials required to access a variety of resources, services and applications for a user. The universal authentication token includes a user interface, memory for storing a plurality of authentication records for a user, and a secure processor. The secure processor provides the required cryptographic operations to encrypt, decrypt, and/or authenticate data that is sent or received by universal token. For example, secure processor may be used to generate authentication data from seed information stored in memory.Type: GrantFiled: November 15, 2006Date of Patent: May 1, 2012Assignee: Broadcom CorporationInventor: Mark Buer
-
Patent number: 8170185Abstract: A method of authorising a user of a first packet-based communication network to access a second packet-based communication network. The method comprises: receiving an authorization request from a user terminal of the user at a first network element of the first packet-based communication network, the authorization request comprising a first user identity; responsive to the authorization request, transmitting a request to create a second user identity from the first network element to a second network element of the second packet-based communication network; the second network element creating the second user identity for use in the second packet-based communication network, the second user identity being derivable from the first user identity according to a predetermined rule; and storing the second user identity in the second packet-based communication network for use with subsequent communication events over the second packet-based communication network.Type: GrantFiled: December 21, 2007Date of Patent: May 1, 2012Assignee: Skype LimitedInventor: Andres Kütt
-
Patent number: 8171530Abstract: A method is provided for improved computer access security, the method including protecting an access record to prevent password access to a computer via the access record, creating an alternate access record corresponding to the protected record, enabling password access to the computer via the alternate record, providing the alternate record with the access level of the protected record, and configuring the alternate record to indicate a supplemental security program to be executed once a correct password for the alternate record is provided.Type: GrantFiled: June 28, 2010Date of Patent: May 1, 2012Assignee: International Business Machines CorporationInventor: Itzhack Goldberg
-
Patent number: 8171532Abstract: A management apparatus which includes: a receiving unit that receives first authorization information for a first document that is already issued and contains document identification information identifying at least one document for which it is possible to issue authorization information and an issuance request requesting that second authorization information for a second document be issued; a verifying unit that verifies authenticity of the first authorization information that is received by the receiving unit; a checking unit that, in a case where the authenticity of the first authorization information is verified, checks whether or not document identification information identifying the second document is included in the first authorization information; and an issuing unit that, in a case where the document identification information identifying the second document is included in the first authorization information, issues the second authorization information.Type: GrantFiled: May 21, 2008Date of Patent: May 1, 2012Assignee: Fuji Xerox Co., LtdInventors: Rumiko Kakehi, Toshikatsu Suzuki
-
Patent number: 8171288Abstract: A rule based biometric user authentication method and system in a computer network environment is provided. Multiple authentication rules can exist in the computer network. For example, there may be a default system-wide rule, and a rule associated with a particular user trying to log in. There may be other rules such as one associated with a remote computer from which the user is logging in, one associated with a group to which the user belongs, or one associated with a system resource to which the user requires access such as an application program or a database of confidential information. An order of precedence among the rules is then established which is used to authenticate the user.Type: GrantFiled: August 8, 2005Date of Patent: May 1, 2012Assignee: Imprivata, Inc.Inventors: Timothy J. Brown, Gregory C. Jensen, Rodney Rivers, Dan Nelson
-
Patent number: 8171562Abstract: A system and methods utilizing the network layer to provide security in distributed computing systems in order to thwart denial of service attacks. The system and methods of the present invention utilize puzzles placed at the network layer level to protect against denial of service attacks. The system and methods of the present invention advantageously provide a robust and flexible solution to support puzzle issuance at arbitrary points in the network, including end hosts, firewalls, and routers and thereby a defense against denial of service attacks.Type: GrantFiled: August 26, 2004Date of Patent: May 1, 2012Assignee: Oregon Health & Science UniversityInventor: Wu-chang Feng
-
Publication number: 20120102555Abstract: A system and method of enabling access to remote information handling systems is disclosed. In one form, a method of enabling an initialization of an information handling system is disclosed. The method can include receiving a request to initialize a remote information handling system, and determining an access information operable to enable an initialization sequence of the remote information handling system. The access information can be configured to enable an initialization of the remote information handling system. The method can also include communicating the access information via a network to the remote information system.Type: ApplicationFiled: December 23, 2011Publication date: April 26, 2012Applicant: DELL PRODUCTS, LPInventors: Sridhar Kunchipudi, Deepak Panambur
-
Publication number: 20120102553Abstract: Techniques for mixed-mode authentication are described. In one or more embodiments, an authentication service may be implemented to selectively configure and issue authentication tokens based upon an optional secure mode that enables enhanced security. Clients may be provided with an option to choose between an insecure mode and a secure mode for authentications. Based on this choice, tokens may be configured to include an indication of whether the secure mode is disabled or enabled. When secure mode is disabled, an insecure token valid for both secure sites and other sites is issued to a client when the client is authenticated. When the optional secure mode is enabled, both secure and insecure tokens are provided to the client. The authentication services and/or other services may be configured to reject an insecure token when secure mode is enabled to prevent unauthorized use of a stolen token to access secure resources.Type: ApplicationFiled: October 22, 2010Publication date: April 26, 2012Applicant: MICROSOFT CORPORATIONInventors: Walter C. Hsueh, Yordan I. Rouskov, Spencer Wong Low, Daniel W. Crevier
-
Publication number: 20120102554Abstract: A method of authenticating communications includes receiving, by a computer, a first set of credentials, verifying the first set of credentials by comparing the first set of credentials to a plurality of sets of credentials stored in a database, subsequent to verifying the first set of credentials, deriving a second set of credentials, and transmitting notification of the second set of credentials to a remote computer.Type: ApplicationFiled: October 25, 2010Publication date: April 26, 2012Applicant: American Power Conversion Corporat'onInventors: Gregory M. Emerick, Paul J. Gifford
-
Patent number: 8166525Abstract: Apparatus are provided, including a document management system and a private certificate authority. The private certificate authority is private to the document management system, and includes a certificate authority public key, a certificate authority private key, a key pair generator, and a digital certificate issuer. The key pair generator generates key pairs for respective authorized users of the document management system. The digital certificate issuer issues digital certificates regarding the respective authorized users of the document management system. The private certificate authority includes software instantiated by or with the document management system.Type: GrantFiled: September 8, 2005Date of Patent: April 24, 2012Assignee: Xerox CorporationInventors: Dale Ellen Gaucas, Paul Ronald Austin
-
Patent number: 8166528Abstract: The present invention provides a technology of effectively avoiding tracing on a terminal performed with an identification number being a target and DoS attack without making any significant changes to a communication system. In the wireless communication system of the present invention, under a control of a control communication processing portion 113 of an access point, a hash function arithmetic operation processing portion 112 generates a third identification number to be updated using a current identification number, hash key and random number for any wireless communication terminal, a control communication processing portion 113 sends an update instruction signal containing the random number to the wireless communication terminal and updates the current identification number stored in the identification number storage portion 121 to a second identification number.Type: GrantFiled: September 15, 2006Date of Patent: April 24, 2012Assignee: National Institute of Information and Communications TechnologyInventors: Daisuke Inoue, Masahiro Kuroda, Kentaro Ishizu
-
Patent number: 8166524Abstract: A method of authenticating a user's data processing terminal for granting the data processing terminal access to selected services provided by a data processing system. The method includes performing a first, SIM-based authentication of the user's data processing terminal at an authentication data processing server in the data processing system, by operatively associating with the user's data processing terminal a first subscriber identity module issued to the data processing terminal user, for example, of a type adopted in mobile communication networks for authenticating mobile communication terminals. The authentication of the user's data processing terminal in the data processing system is conditioned to a second authentication, based on identification information provided to the user at a mobile communication terminal through a mobile communication network to which the mobile communication terminal is connected, e.g. in the form of an SMS message.Type: GrantFiled: November 7, 2003Date of Patent: April 24, 2012Assignee: Telecom Italia S.p.A.Inventor: Mauro Sentinelli
-
Patent number: 8166527Abstract: Techniques for security association management on a home and foreign agent are described. In one embodiment, in response to a first mobile network registration request from a mobile node, a remote authentication facility is accessed to retrieve a security association for the mobile node for authenticating and providing a first network connectivity to the mobile node, wherein the security association is associated with a lifespan. The security association is inserted in a local security association database (SADB) to create a security association entry, wherein the security association entry includes the lifespan. A second mobile network registration request from the mobile node after the first connectivity is terminated is received and the security association entry in the local SADB that corresponds to the mobile node is used to provide authentication of the mobile node without having to access the remote authentication facility again if the lifespan associated with the security association entry is valid.Type: GrantFiled: November 16, 2007Date of Patent: April 24, 2012Assignee: Ericsson ABInventors: Renhua Wen, Alfred C. Lindem, III, Anand K. Oswal
-
Patent number: 8166309Abstract: A method, system, and computer program product for network management, including masking a true service set identifier (SSID) in beacon frame; and broadcasting the beacon frame with the masked true SSID, whereby an authorized device retrieve the true SSID from the broadcast beacon frame.Type: GrantFiled: May 1, 2007Date of Patent: April 24, 2012Assignee: Infosys Technologies, Ltd.Inventors: Kartik Muralidharan, Puneet Gupta
-
Publication number: 20120096279Abstract: A method to provide problem-based access to a computing device is disclosed herein. In one embodiment of the invention, such a method includes detecting a problem on a computing device. The method automatically generates a user account on the computing device in response to detecting the problem. The problem is then tied to the user account. A support provider is then notified of the problem and the user account associated with the problem. This user account may be assigned to a service technician to enable access to the computing device. The service technician may then log into the computing device using the user account and address the problem. A corresponding apparatus and computer program product are also disclosed herein.Type: ApplicationFiled: October 13, 2010Publication date: April 19, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Robin D. Roberts, Benjamin S. Terris, Richard A. Welp
-
Publication number: 20120096526Abstract: A method for managing video authentication and sharing includes storing a playlist of video clips in a storage device, allowing a manager to define a degree of privacy for the playlist by the computer system, defining roles for a plurality of users in relation to the video clips, creating user tokens for the plurality of users according to the respective roles of the users, receiving a user token over a computer network, authenticating the user token and the role of a user associated with the user token, deciding on whether the user has the right to access the playlist of video clips based on the role of the user and the degree of privacy defined for the playlist, and if it is determined that the user has the right to access the playlist, allowing the user to access the playlist of video clips over the computer network.Type: ApplicationFiled: October 11, 2011Publication date: April 19, 2012Inventors: Syed Saleem Javid Brahmanapalli, Christopher M. Denend
-
Publication number: 20120096525Abstract: Gathering auditable data concerning actions in a cloud computing environment is automated by determining that one or more auditable data items are available associated with a requester and with at least one application program; responsive to determining that data items are available, transmitting a list of the available auditable data items to a requesting cloud client computer; subsequent to transmitting the list, receiving a data request from the cloud client computer for one or more particular auditable data items from the list; preparing the requested particular auditable data items for transmission according to a predetermined format; and transmitting the prepared requested particular auditable data items to the cloud client computer. Optionally, in some embodiments, the requesting cloud client computer may negotiate a data exchange format with the cloud service provider for receipt of the requested auditable information.Type: ApplicationFiled: October 15, 2010Publication date: April 19, 2012Inventors: Anne Louise Bolgert, Richard Jay Cohen, Randolph Michael Forlenza, Raghuraman Kalyanaraman
-
Publication number: 20120096267Abstract: Systems and methods are described for establishing credentials at a device and at a device management server for the purpose of exchanging secure credentials in order to mutually authenticate the device and the server. A credential generation algorithm is described which uses a plurality of seeds, including the hardware identity of the device, the server identity, and a shared private key, to generate two sets of credentials, one to be used by the device and the other to be used by the device management server. The credentials are exchanged between the device and the server during any session, thereby assuring mutual authentication.Type: ApplicationFiled: August 15, 2011Publication date: April 19, 2012Applicant: MFORMATION TECHNOLOGIES, INC.Inventors: Vasilios DASKALOPOULOS, Badri NATH, Rakesh KUSHWAHA
-
Patent number: 8161533Abstract: A network has network nodes and a software system distributed over the network nodes within which, on first access to an access-protected object of the system, an authentication of the user is provided. The authentication is valid at least for a further access to an access-protected object. The duration of the validity of the authentication is dependent on the duration of access to the access-protected object and/or on the context of the use of the system.Type: GrantFiled: April 25, 2002Date of Patent: April 17, 2012Assignee: Koninklijke Philips Electronics N.V.Inventors: Markus Baumeister, Steffen Hauptmann, Karin Klabunde
-
Patent number: 8161535Abstract: A control system includes a user management server or server group, a Service Policy Decision Function (SPDF) server, an Access-Resource and Admission Control Function (A-RACF) server, and a control interface location between the user management server or server group and the SPDF n server for transmitting the information. In addition, a control method using the control system above and a control device are provided. By the technical solutions above, when there are many access network operators connecting to the uniform network operation operator, the problem that the SPDF server searches the A-RACF server is solved, and the user information is acquired by setting the interface between the SPDF server and the user management server or server group.Type: GrantFiled: February 20, 2009Date of Patent: April 17, 2012Assignee: Huawei Technologies Co., Ltd.Inventor: Yong Huang
-
Patent number: 8161534Abstract: One embodiment provides a system that verifies a user's identity. The system generates a list including a plurality of items and formulates a substantially large set of security questions base on the plurality of items. The number of questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly. During account creation, the system presents to the user the subset of questions, and receives and stores a response from the user. At least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user. Subsequently, the system receives a request to reset the user's password and presents the subset of questions to the requester. The system determines whether the requester is the user by comparing the requester's response with the stored user response.Type: GrantFiled: November 13, 2008Date of Patent: April 17, 2012Assignee: Palo Alto Research Center IncorporatedInventors: Philippe J. P. Golle, Bjorn Markus Jakobsson, Richard Chow
-
Patent number: 8156564Abstract: A method includes sending a request for network services to plural devices, where the request identifies the network services using a self-describing data structure, and receiving a response to the request from at least one device, where the response identifies which of the network services are supported by the at least one device.Type: GrantFiled: October 13, 2006Date of Patent: April 10, 2012Assignee: Whaleback Systems CorporationInventors: Julian Wray West, Eric J. Martin, Rajesh K. Mishra
-
Patent number: 8156543Abstract: One embodiment of the invention is directed to a method including receiving an alias identifier associated with an account associated with a presenter, determining an associated trusted party using the alias identifier, sending a verification request message to the trusted party after determining the associated trusted party, and receiving a verification response message.Type: GrantFiled: April 16, 2008Date of Patent: April 10, 2012Assignee: Visa U.S.A.Inventors: David Wentker, Michael Lindelsee, Olivier Brand, James Dimmick, Tribhuwan A. Singh Grewal
-
Patent number: 8156542Abstract: In one embodiment a method comprises enrolling a mobile device in a local area network by setting a variable to a mobile device identifier and authenticating the mobile device using a network gateway and the mobile device identifier. A request for data is received from the mobile device and the data is delivered from a service provider to the mobile device.Type: GrantFiled: April 4, 2008Date of Patent: April 10, 2012Assignee: Cisco Technology, Inc.Inventors: Allen J. Huotari, Kendra S. Harrington
-
Patent number: 8156545Abstract: A method and system for authorizing a communication interface between a first and second module comprises detecting a coupling between a first module and a second module, certifying a first pairing certificate is valid between the first module and the second module, and issuing a first operating certificate and storing the first operating certificate on at least one of the first module and the second module.Type: GrantFiled: February 9, 2007Date of Patent: April 10, 2012Assignees: Sony Corporation, Sony Electronics Inc.Inventors: Peter R. Shintani, David C. Boyden
-
Publication number: 20120084565Abstract: Binding a security artifact to a service provider. A method includes generating a pseudonym for a security artifact. The pseudonym is an identifier of the security artifact to the service provider that is unique to the service provider in that the pseudonym is not used to identify the security artifact to other service providers. Further, the pseudonym uniquely identifies the particular security artifact to the service provider even when a user has available a number of different security artifacts to authenticate to the same service provider to access a user account for the user. The method further includes providing the pseudonym for the security artifact to the service provider. The pseudonym for the security artifact is bound with a user account at the service provider for a user associated with the security artifact.Type: ApplicationFiled: September 30, 2010Publication date: April 5, 2012Applicant: Microsoft CorporationInventors: Craig Henry Wittenberg, Christian Paquin, Rushmi U. Malaviarachchi
-
Publication number: 20120084131Abstract: The present invention relates to systems for communicating data. In particular, systems for communicating data to and from mobile devices are described. One system involves the use of a server to store the association between a shortcode and the data. A user device can be used to transmit the shortcode to a second user device. The second user device can then access the association at the server to access the data. The shortcode is transmitted via an audibly unique signal between the two devices. Further devices, systems, and methods for redeeming vouchers, transferring money, unlocking content on a device, and authenticating transactions all using audio are also disclosed. A method for managing data communication on a mobile device is further disclosed. In addition, a system for asynchronous transmission of the data is disclosed by use of reserving a shortcode at a server before the shortcode is associated with data.Type: ApplicationFiled: November 19, 2010Publication date: April 5, 2012Applicant: UCL BUSINESS PLCInventors: Patrick Bergel, Anthony James Steed
-
Publication number: 20120084846Abstract: This disclosure is directed for improved techniques for configuring a device to generate a secondary password based at least in part on a secure authentication key. The techniques of this disclosure may, in some examples, provide for capturing, by a computing device, an image of a display of another computing device. The captured image includes at least one encoded graphical image, such as a barcode, that includes an indication of the content of a secure authentication key. The computing device may use the secure authentication key to generate a secondary password to be used in conjunction with a primary password to gain access to a password-protected web service.Type: ApplicationFiled: September 30, 2011Publication date: April 5, 2012Applicant: GOOGLE INC.Inventors: Stephen A. Weis, Travis E. McCoy, Andrew D. Hintz, Iain P. Wade