Management Patents (Class 726/6)
  • Publication number: 20100180325
    Abstract: A system and method for providing a normalized security list including a first module configured to generate a first normalized security list of user identifications within a network and a second module configured to generate a second normalized security list of user identifications within the network. The system and method may also include an equalizer module configured to compare the first normalized security list with the second normalized security list, equalize the first normalized security list based on the second normalized security list, and equalize the second normalized security list based on the first security list. The system and method may also include a processing module configured to perform an audit of user identifications within the network by processing the first equalized normalized security list and the second equalized normalized security list and generating audit results based on the processing.
    Type: Application
    Filed: January 9, 2009
    Publication date: July 15, 2010
    Applicant: VERIZON BUSINESS NETWORK SERVICES INC.
    Inventor: PAUL MICHAEL GOLOBAY
  • Publication number: 20100180327
    Abstract: A method for securely authenticating a user of a portable consumer device at an access device comprising the following steps. First, a dynamic data element and a first set of transactional information is sent to the portable consumer device from the access device. Next, the portable consumer device creates an authentication code as a function of at least the dynamic data element, a subset of the first set of transactional information, and a password. The authentication code, along with other data, is then sent from the portable consumer device back to the access device. The access device then uses the authentication code to send an authentication request message to the service provider of the user. The service provider then attempts to authenticate the user by recreating the authentication code and comparing the recreated authentication code with the authentication code received from the access device.
    Type: Application
    Filed: January 16, 2009
    Publication date: July 15, 2010
    Inventors: John F. Sheets, Simon Hurry
  • Publication number: 20100180328
    Abstract: An authentication system and method axe provided, the method comprising, storing a user identification code associated with said user, generating a plurality of functions for producing a pass code based on at least one input by a user, said at least one input comprising said user identification code, storing at least one function and associating said function with a user, generating an application adapted to implement said at least one function on the user device, supplying the application to said user device, generating a transaction code associated with said transaction and supplying the transaction code to said application; and receiving a pass code for said transaction from the user device and authenticating the transaction on the basis of the received pass code, the function associated with said user, the user identification code and the transaction code associated with said transaction.
    Type: Application
    Filed: June 26, 2007
    Publication date: July 15, 2010
    Applicant: MARKS & CLERK, LLP
    Inventors: Guy Moas, Ram Gabay
  • Publication number: 20100180324
    Abstract: A method, system and computer program for protecting the password by limiting the password's validity to the user's active session. The present invention provides for password to automatically change for each session and only the user will be able to construct the valid password for the session. The user provides to the authentication system, a password pattern, embedding symbols in to a string. The embedded symbols are substituted by elements of parameters. The parameter elements and the symbols that represent them are defined by the authenticating system. The parameters contain either time driven or random string of characters and digits as elements. The user builds a password using the values of the elements in the session parameters and the user's password pattern's memory hint recalled from memory. The authenticating system generates the valid password for the session using the password pattern the user has provided.
    Type: Application
    Filed: February 24, 2005
    Publication date: July 15, 2010
    Inventor: Rangan Karur
  • Publication number: 20100180326
    Abstract: A method for securely authenticating a user of a consumer device at an access device comprising the following steps. First, a dynamic data element and a first set of transactional information is sent to the consumer device from the access device. Next, the consumer device creates an authentication code as a function of at least the dynamic data element, a subset of the first set of transactional information, and a password. The authentication code, along with other data, is then sent from the consumer device back to the access device. The access device then uses the authentication code to send an authentication request message to the service provider of the user. The service provider then attempts to authenticate the user by recreating the authentication code and comparing the recreated authentication code with the authentication code received from the access device.
    Type: Application
    Filed: January 15, 2009
    Publication date: July 15, 2010
    Inventors: John F. Sheets, Simon Hurry
  • Patent number: 7757276
    Abstract: A method and apparatus for verifying configuration changes for network devices using digital signatures are disclosed. In one approach, a method comprises the computer-implemented steps of receiving trust information defining one or more trusted signatories; receiving configuration information comprising a hostname, one or more configuration directives for a host associated with the hostname, and one or more digital signatures of the hostname and configuration directives; attempting to verify the one or more digital signatures based on the trust information; and applying the configuration directives to a network element only when the one or more digital signatures are verified successfully.
    Type: Grant
    Filed: April 12, 2004
    Date of Patent: July 13, 2010
    Assignee: Cisco Technology, Inc.
    Inventor: Eliot Lear
  • Patent number: 7757268
    Abstract: A system and a method for policy management in a web services environment includes a policy design tool, a policy storage and a policy manager controller. The policy design tool creates (or updates) a policy for association with a web service. The policy storage stores the policy. The policy manager controller provides an interface for transmission of the policy to a policy enforcement tool and also receives messages relating to the policy from the policy enforcement tool. In addition, a system and method for policy enforcement in a web services environment includes a policy enforcement controller, a policy enforcement repository, an enforcer, a policy enforcement framework, and a policy container. The policy enforcement controller receives and commits a policy and the policy enforcement repository stores the committed policy.
    Type: Grant
    Filed: June 12, 2004
    Date of Patent: July 13, 2010
    Assignee: Oracle International Corporation
    Inventors: Rajiv Gupta, Sekhar Sarukkal
  • Publication number: 20100175117
    Abstract: A relay site associated with a wireless network can send messages between mobile devices associated with the wireless network without having to transmit the messages to a host system. The messages include PIN messages and each of the mobile devices has a PIN address. The relay site includes a relay server for controlling the operation of the relay site, and sending the PIN messages between the mobile devices. The relay site also includes a relay data store having PIN information for users associated with the mobile devices. The relay server can access the relay data store to allow users that use the mobile devices to query the relay data store for PIN information of other users.
    Type: Application
    Filed: March 16, 2010
    Publication date: July 8, 2010
    Applicant: RESEARCH IN MOTION LIMITED
    Inventor: George Baldwin Bumiller
  • Publication number: 20100175115
    Abstract: An identity management (“IdM”) system can change the credentials at certain intervals. If credentials change, there is no way for an application that uses the credentials to know that the credentials have changed because the application dependency relationships are unknown. When service account credentials change, credentials are typically manually updated for each dependent application. Some embodiments of the inventive subject matter allow IdM systems to track application dependencies for service accounts. The IdM systems can detect when service account credentials change and automatically notify dependent applications of the new service account credentials.
    Type: Application
    Filed: January 5, 2009
    Publication date: July 8, 2010
    Applicant: International Business Machines Corporation
    Inventors: Christopher Y. Choi, Christopher J. Hockings, Neil I. Readshaw
  • Publication number: 20100174758
    Abstract: Identity Management (IdM) systems prevent a user from having to memorize numerous passwords for different resources, while Single Sign-On (SSO) systems allow a user to login to several resources by providing login credentials once. Since IdM systems propagate the same password to numerous resources, a compromised password for one resource would allow unauthorized access to all resources. A system can automatically generate unique passwords for each of a plurality of resources and update login information on each resource to reflect the unique password.
    Type: Application
    Filed: January 5, 2009
    Publication date: July 8, 2010
    Applicant: International Business Machines Corporation
    Inventors: Zoran Radenkovic, Peter T. Waltenberg
  • Publication number: 20100175116
    Abstract: Securing access to a portable electronic device (PED), securing e-commerce transactions at an electronic device (ED) and dynamically adjusting system settings at a PED are disclosed. In an example, usage or mobility characteristics of the PED or ED (e.g., a location of the ED or PED, etc.) are compared with current parameters of the PED or ED. A determination as to whether to permit an operation (e.g., access, e-commerce transaction, etc.) at the ED or PED can be based at least in part upon a degree to which the current parameters conform with the usage or mobility characteristics. In another example, at least a current location of a PED can be used to determine which system settings to load at the PED.
    Type: Application
    Filed: January 6, 2009
    Publication date: July 8, 2010
    Applicant: QUALCOMM Incorporated
    Inventor: Arnold Jason Gum
  • Patent number: 7752444
    Abstract: A system and method is provided for hiding an initiator's identity (ID), e.g. a ClientID, in a shared key authentication protocol, using authentication based on a hint of the ID. The hint is a function of the ID which cannot be readily inverted to produce the initiator's identity, for example, a hash function over the ID, such as a modular N sum hash of the initiator's identity where N corresponds to N hash buckets in a shared key database; a cryptographic hash over the ID and a corresponding shared key; or a function of the ID which cannot be readily inverted to produce the initiator's identity and a pair of MAC values wherein the MAC values are compared to find a shared key. The resulting hash may be reduced to a required number of bits for identification of a hash bucket in the database.
    Type: Grant
    Filed: December 21, 2005
    Date of Patent: July 6, 2010
    Inventor: Marcus Leech
  • Patent number: 7751331
    Abstract: A technique efficiently renders a policy-based decision from a plurality of options based on policy priority in a computer network. According to the novel technique, each of a plurality of policies is assigned an exclusive priority value, as well as a “variance” specifying an acceptable value range (e.g., a percentage). Beginning at the highest priority policy, values corresponding to the plurality of options are analyzed based upon the current priority policy, and a “best” option is determined according to the current policy. Thereafter, the variance for the current policy is applied to the value of the best option, defining a range of acceptable values for the current policy, and remaining options having an acceptable value for the current policy are established. If only one remaining option exists, that option is selected as the best option.
    Type: Grant
    Filed: September 29, 2005
    Date of Patent: July 6, 2010
    Assignee: Cisco Technology, Inc.
    Inventors: Dana Blair, Kerry Lynn
  • Publication number: 20100169958
    Abstract: One disclosed embodiment for creating a composite scene passcode comprises presenting a system-generated composite scene passcode to a user, allowing the user to generate a composite-scene passcode by selecting one scene element per scene dimension, or allowing the user to enter an alphanumeric password that encodes the composite scene passcode. Certain embodiments also comprise combining the passcode with an alphanumeric password. The composite scene may be two dimensional, three dimensional, or greater than three dimensions, and/or the scene may be animated. A computer system using a composite scene passcode also is disclosed. One embodiment of the system comprises a display for displaying a composite scene passcode or plural scene dimensions for generating the composite scene passcode. Authentication may comprise using scene elements arranged categorically and requiring the user to select the correct scene element from among distracter elements within the same category.
    Type: Application
    Filed: October 15, 2007
    Publication date: July 1, 2010
    Inventors: Steffen Werner, Sergio P. Caltagirone, Korey R. Johnson
  • Patent number: 7748046
    Abstract: Systems and methods directed at transforming security claims in a federated authentication system using an intermediate format. The systems and methods described herein are directed at transforming security claims in a federated authentication system using an intermediate format. The federated authentication system includes an identity provider and a resource provider. The identity provider receives a request for information from the resource provider to authenticate an account by an application associated with the resource provider. A security claim associated with the account is retrieved where the security claim is provided by an account store in a format specific to the account store. The security claim is transformed from the account store specific format to an intermediate format. The security claim is then transformed from the intermediate format to a federated format recognized by the resource provider. The transformed security claim is provided in a security token to the resource provider.
    Type: Grant
    Filed: April 29, 2005
    Date of Patent: June 29, 2010
    Assignee: Microsoft Corporation
    Inventors: Ryan D. Johnson, Donald E. Schmidt, Jeffrey F. Spelman, Kahren Tevosyan, Vijayavani Nori
  • Patent number: 7747709
    Abstract: A method and system for automatically cloning IT resource structure in stateful web services environments by employing a new approach for configuration management. The present new approach models the configurational state of each resource as a stateful web service. Configuration data are provided by this service's resource properties. Relationships between configurations of different resources are modeled as “stateful web services relationships” between web service instances. These relationships can be navigated, which allows exploring the configuration of a whole system in a standards-based way. Additionally a new web service interface is provided by the stateful web service encapsulating the resource. This interface provides two new operations: “getConfiguration” allows an exploiter to take a snapshot of a resource's and related resources' configurational state and “setConfiguration” allows for setting the configurational state of a resource to a previously saved state.
    Type: Grant
    Filed: January 5, 2007
    Date of Patent: June 29, 2010
    Assignee: International Business Machines Corporation
    Inventors: Michael M. Behrendt, Jochen Breh, Gerd Breiter, Thomas Spatzier
  • Patent number: 7747736
    Abstract: A computer implemented method, data processing system, and computer program product for nominating rules or policies for promotion through a policy hierarchy. An administrator at any level in a policy hierarchy may create a rule or policy. The administrator may then nominate the rule or policy for inclusion in a next higher level in the policy hierarchy. The rule or policy is evaluated at the next higher level. Responsive to an approval of the next higher level to include the rule or policy in the jurisdiction of the next higher level, the rule of policy is provided to all users under the jurisdiction. The nominating, evaluating, and providing steps may then be repeated for each higher level in the policy hierarchy.
    Type: Grant
    Filed: June 5, 2006
    Date of Patent: June 29, 2010
    Assignee: International Business Machines Corporation
    Inventors: Rhonda L. Childress, Itzhack Goldberg, Lorraine M. Herger, Ziv Rafalovich, Ramakrishnan Rajamony, Eric Van Hensbergen, Martin J. Tross
  • Patent number: 7748027
    Abstract: A system, method and media for dynamically redacting data based on the evaluation of one or more policies. In one embodiment, the method comprises receiving a request to access one or more resources, receiving responses from the one or more resources and assembling a result set which includes several portions of data, determining current access policies for the requestor to the one or more resources, and redacting from the result set a portion of the data that the requestor is not permitted to receive, based on the current access policies.
    Type: Grant
    Filed: September 8, 2005
    Date of Patent: June 29, 2010
    Assignee: Bea Systems, Inc.
    Inventor: Paul B. Patrick
  • Patent number: 7747540
    Abstract: A computer system includes a security module programmed to generate a first privacy key for use with secure communications with a first web site, and a second privacy key for use with secure communications with a second web site, the first and second keys being different. The computer system also includes an identity module programmed to receive a request from the first web site for linking a first user account associated with the first web site with a second user account associated with the second web site, and the identity module being programmed to present a user with an option to link the first and second user accounts.
    Type: Grant
    Filed: February 24, 2006
    Date of Patent: June 29, 2010
    Assignee: Microsoft Corporation
    Inventors: Kim Cameron, Arun K. Nanda
  • Patent number: 7748029
    Abstract: Embodiments of the present invention encompass systems and methods for use in identity authentication. One illustrative application is in the context of authenticating the identity of a subject by verifying items of identifying information stored by, or accessible through, a plurality of data sources. In particular, a multi-item query can be presented to multiple data sources and the results of the query can be combined into an overall composite result that can be used to authenticate the subject's identity.
    Type: Grant
    Filed: February 8, 2008
    Date of Patent: June 29, 2010
    Assignee: RAF Technology, Inc.
    Inventor: David Justin Ross
  • Publication number: 20100162201
    Abstract: Various embodiments of a method, apparatus and article of manufacture provide an automated multi-platform configuration tool for master data management systems using secure shell protocol.
    Type: Application
    Filed: December 18, 2008
    Publication date: June 24, 2010
    Applicant: SAP AG
    Inventors: Tal SHNAIDERMAN, ODED GOLDSMIDT
  • Publication number: 20100162373
    Abstract: In the context of computer systems, the generation of preboot passwords at a server instead of at a client. Preferably, preboot passwords generated at the server are distributed to the client, and a process is offered whereby a user can establish his/her own proxy, not known to the server, that can be used to release the stored passwords to the client hardware. Since the passwords are generated at the server, management of the passwords is greatly facilitated since they are generated at the site where they are stored. This also makes it easy to implement management features such as a group policy, since the password generation software will be able to make logical connections between users and hardware.
    Type: Application
    Filed: December 22, 2008
    Publication date: June 24, 2010
    Applicant: Lenovo (Singapore) Pte. Ltd.
    Inventors: Randall S. Springfield, Jeffrey M. Estroff, Seiichi Kawano, Mikio Hagiwara, David C. Challener, James P. Hoff, Binqiang Ma
  • Patent number: 7743407
    Abstract: Resources to a device are granted access to an application based on privileges associated with the application. A permission list may be created by a server. The permission list may be created using information from authorities, entities, or parties and information about the device resources. The permission list indicates what device resources the application may access. During application execution when the application requests a resource, a control program executing on the device may be used to check the permission list associated with the application to determine if the application may access the resource. The control program can then grant or deny access based on the privileges defined in the permission list. Digital signatures may be used to detect modifications to the application and/or permission list. In addition, multiple permission lists may be associated with the same application.
    Type: Grant
    Filed: August 13, 2002
    Date of Patent: June 22, 2010
    Assignee: Qualcomm Incorporated
    Inventors: Stephen A. Sprigg, Laurence Lundblade
  • Publication number: 20100154041
    Abstract: Claim based identities are transformed to a set of credentials and securely stored in a secure data store using a number of encryption schemes. The credentials are then used to authenticate applications requiring specific credential types. For each call to the secure store system, a client application may provide a claims token issued by a trusted source, which is used to search for corresponding credentials in the secure data store if the credentials have been created previously for the user.
    Type: Application
    Filed: December 16, 2008
    Publication date: June 17, 2010
    Applicant: Microsoft Corporation
    Inventors: Javier Dalzell, Saji Varkey, Kaushik Raj
  • Publication number: 20100153270
    Abstract: A user receives a message via a network service platform at their mobile handset. The user is required to input a PIN, password or other authentication data, before the received message is displayed. The service platform generates a partial encryption key and embeds this within a message which is subsequently encrypted and transmitted to the receiving device. The receiving device or handset receives the message and decrypts it using a previously stored pseudo-random seed, combined with a user entered PIN. The receiving device or handset extracts the partial key delivered with the message and uses this key data to generate a new pseudo-random seed which, in turn, is used to generate a sequence of characters in apparently random order. This sequence of characters or numbers is presented in a text-only form with a cursor or other highlighting method selecting the first character in the pseudo-random sequence. The user is then able enter their PIN by using cursor control keys, such as the right/left keys.
    Type: Application
    Filed: November 26, 2007
    Publication date: June 17, 2010
    Applicant: BROCA COMMUNICATIONS LIMITED
    Inventor: Michael Ian Hawkes
  • Patent number: 7739507
    Abstract: A hardware multimedia endpoint is located on an adapter card of a personal computer system and comprises an interface for interfacing to the computer system and a processor for receiving cryptographic information from the computer, for processing the cryptographic information and for outputting cryptographic information to the computer. This exchange of cryptographic information is performed such that an authentication procedure with a third party, which is different from the computer, is established for the purpose of decrypting encrypted media content.
    Type: Grant
    Filed: April 7, 2006
    Date of Patent: June 15, 2010
    Assignee: Nero AG
    Inventors: Andreas Eckleder, Richard Lesser
  • Publication number: 20100146602
    Abstract: A password protected machine where a primary alternative password and a secondary alternative password are assigned, but the secondary alternative password cannot be used to gain access unless and until the primary alternative password has been deactivated. Also, a password protected machine where a user is assigned at least two alternative passwords, and where the use of one alternative password will automatically deactivate the other password. Preferably, there is a primary password and a secondary password such that: (i) the use of the primary password does not deactivate the secondary password, but (ii) the use of the secondary password does deactivate the primary password.
    Type: Application
    Filed: December 10, 2008
    Publication date: June 10, 2010
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Wayne M. Delia, Edward E. Kelley, Franco Motika
  • Publication number: 20100146604
    Abstract: A system and method for providing a password to a user on a network, the network having provider computer and a user computer, the provider computer comprising a password system configured to issue a password to a user of the user computer for use in accessing age-restricted content once a determination has been made that the user is age appropriate.
    Type: Application
    Filed: February 8, 2010
    Publication date: June 10, 2010
    Inventor: Gregory Alexander Piccionelli
  • Publication number: 20100146603
    Abstract: An anonymous authentication-based private information management (PIM) system and method are provided. The PIM method includes receiving an anonymous certificate not including user information from an anonymous certification authority; generating an anonymous document including the anonymous certificate and some of the user information; and providing the anonymous document to a web service provider so as to be authenticated and thus provided with a web service by the web service provider. Thus, only a minimum of user information may be provided to the web service provider. In addition, it is possible to strengthen a user's right to self-determination and control over the exposure and use of his or her personal information by allowing a user to manage his or her own personal information or entrusting the PIM server to manage user information. Moreover, it is possible to protect the privacy of a user by preventing the exposure of user information.
    Type: Application
    Filed: May 14, 2009
    Publication date: June 10, 2010
    Applicant: Electronics and Telecommunications Research Institute
    Inventors: Yun Kyung LEE, Seung Wan HAN, Sok Joon LEE, Byung Ho CHUNG, Jeong Nyeo KIM
  • Publication number: 20100146601
    Abstract: A system and method for accessing digital content purchased by a rights owner for a first computing device. The method receives a proxy from the rights owner that includes rights to the digital content granted to the rights owner, stores the proxy on a second computing device, and determines whether the rights owner is present at the second computing device. When the rights owner is present at the second computing device, the method enables the proxy, and accesses the digital content on the second computing device through the proxy.
    Type: Application
    Filed: December 9, 2008
    Publication date: June 10, 2010
    Applicant: MOTOROLA, INC.
    Inventors: Steve R. Bunch, James M. Connor, Ezzat A. Dabbish, John Richard Kane, Aroon V. Tungare
  • Patent number: 7735123
    Abstract: A system and method for associating message addresses with certificates, in which one or more secondary message addresses are identified and associated with a user-selected certificate. The secondary message addresses are saved in a data structure that resides in a secure data store on a computing device, such as a mobile device. When a message is to be encrypted and sent to an individual using a particular certificate, an address mismatch would not be detected so long as the address to which the message is to be sent matches any of the message addresses associated with the certificate. The message addresses associated with the certificate include any message addresses contained within the certificate itself (“primary message addresses”) as well as any secondary message addresses that have been subsequently associated with the certificate.
    Type: Grant
    Filed: November 17, 2005
    Date of Patent: June 8, 2010
    Assignee: Research In Motion Limited
    Inventors: Neil P. Adams, Michael S. Brown, Herbert A. Little
  • Patent number: 7735121
    Abstract: A system and method for communicating information over an insecure communications network include one or more computing devices that may access a first server via the communication network. In operation the first server displays an authentication Web page having a virtual pad with a plurality of characters that may be selected directly from a display of the computing device.
    Type: Grant
    Filed: January 7, 2003
    Date of Patent: June 8, 2010
    Inventor: Masih Madani
  • Patent number: 7734930
    Abstract: Methods, systems, devices and/or storage media for passwords. An exemplary method tiles an image, associates an index with each tile and optionally determines offsets for select tiles. Further, the tiling optionally relies on probability and/or entropy. An exemplary password system includes an image; a grid associated with the image, the grid composed of polygons; an index associated with each polygon; and an offset associated with each polygon wherein password identification relies on one or more indices and one or more offsets.
    Type: Grant
    Filed: July 9, 2007
    Date of Patent: June 8, 2010
    Assignee: Microsoft Corporation
    Inventors: Darko Kirovski, Nebojsa Jojic, Paul Roberts
  • Patent number: 7735122
    Abstract: Methods, systems, and data structures map credentials. A master credential is established for a user or an application. The master credential is mapped to one or more service credentials associated with one or more services. When a request for a service is received from a requestor, the request is authenticated using the master credential. If the master credential is authenticated, then an appropriate service credential associated with the appropriate requested service is acquired and sent directly (via proxy) to the service on behalf of the requestor.
    Type: Grant
    Filed: August 29, 2003
    Date of Patent: June 8, 2010
    Assignee: Novell, Inc.
    Inventors: David Nephi Johnson, Dustin Lance Nielson, Jerry E. Griffis, Jr., David Kent Beus, Nathan Blaine Jensen, William Street, Paul Erik Sherman, Michael William Cook, Stephen R Carter
  • Publication number: 20100138903
    Abstract: The present invention is a method and system for accessing digital content stored on a computing device. An agreement between a subscriber and a content provider allows the subscriber to lease the digital content from the content provider, and download the digital content from a content server operated by the content provider. The method retrieves a service ticket for the computing device, and retrieves content rights for the digital content. The service ticket includes authorization data, and a session key, where the authorization data include authorized subscription services for the computing device. The content rights include required subscription services for the digital content and are delivered authenticated with the session key. The method allows access to the digital content when the authorized subscription services included with the authorization data match the required subscription services included with the content rights.
    Type: Application
    Filed: December 3, 2008
    Publication date: June 3, 2010
    Applicant: General Instrument Corporation
    Inventor: Alexander Medvinsky
  • Patent number: 7730191
    Abstract: A system includes an information processing apparatus and a peripheral which are connected to each other. Initially, the information processing apparatus transmits, to the peripheral, a request to use a service provided by the peripheral. The peripheral determines whether to grant use permission to the received request, and notifies the information processing apparatus which has transmitted the request of the determination result. The peripheral stores information associated with the information processing apparatus to which use permission is granted in response to the request. The information processing apparatus then receives, from the peripheral, a response to the request.
    Type: Grant
    Filed: February 14, 2007
    Date of Patent: June 1, 2010
    Assignee: Canon Kabushiki Kaisha
    Inventors: Kuniaki Otsuka, Taketoshi Kusakabe
  • Patent number: 7730525
    Abstract: The present invention provides a method, system, and computer program product for limiting authorization of an executable action to an application session. A method in accordance with an embodiment of the present invention comprises: generating an alert in response to an execution of an action in an application; and allowing a user to temporarily authorize the execution of the action for a current session of the application. The authorization for the execution of the action is removed when the current session of the application ends.
    Type: Grant
    Filed: June 22, 2005
    Date of Patent: June 1, 2010
    Assignee: International Business Machines Corporation
    Inventor: Shiu Fun Poon
  • Publication number: 20100132019
    Abstract: A redundant multifactor identity authentication system provides users with a secure mechanism for providing identity information through the use of redundant independent identity providers in concert with each other so that resources are accessed only through a combination of providers. By eliminating reliance on a single provider, security is increased as is reliability. Similarly, redundant credentials can be provided to relying parties to ensure that the relying party receives proof of a credential without requiring a specific credential.
    Type: Application
    Filed: April 4, 2008
    Publication date: May 27, 2010
    Applicant: SXIP IDENTITY CORP.
    Inventor: Dick Clarence Hardt
  • Patent number: 7725925
    Abstract: Systems, apparatus, methods, and computer program products for multicast access control are provided to analyze incoming data based on a source zone and a destination zone of the incoming data. Appropriate access control rules are applied to incoming data based on the results of the analysis. Additional implementations of a multicast access control include using a proxy rendezvous point operable to function as a rendezvous point in place of a physical rendezvous point.
    Type: Grant
    Filed: October 29, 2004
    Date of Patent: May 25, 2010
    Assignee: Juniper Networks, Inc.
    Inventors: Changming Liu, Gregory M. Lebovitz, Purvi Desai
  • Patent number: 7725578
    Abstract: A method for providing status information to a device on a computer network is disclosed. Data initiated by a communication initiation device within a computer network are monitored by a device. A determination is made by a device monitoring application within the device whether or not the data includes a message signature. In response to the data includes a message signature, a status message is generated and sent to a system administrator for the computer network.
    Type: Grant
    Filed: October 28, 2008
    Date of Patent: May 25, 2010
    Assignee: International Business Machines Corporation
    Inventors: Steven Lingafelt, Gerald Marko
  • Patent number: 7725929
    Abstract: Key-limited use applications are maintained at a central service where the central service can receive requests from a remote computing device for access to the key-limited use applications. The key-limited use applications include publicly available portions and a locked portions accessible with a key. The central service can provide a key to the remote computing device associated with a key-limited use application for complete access. The key can be stored in a memory device associated with the remote computing device. A digital signature can be assigned to the key to prevent operation of the key in a second computing device. Unauthorized or unlicensed computing devices are prevented from using the applications.
    Type: Grant
    Filed: February 22, 2005
    Date of Patent: May 25, 2010
    Assignee: Microsoft Corporation
    Inventors: Brian H. Ostergren, Eric D. Heutchy
  • Patent number: 7725934
    Abstract: A method is disclosed for protecting a network against a denial-of-service attack by inspecting application layer messages at a network element. According to one aspect, when a network element intercepts data packets that contain an application layer message, the network element constructs the message from the payload portions of the packets. The network element determines whether the message satisfies specified criteria. The criteria may indicate characteristics of messages that are suspected to be involved in a denial-of-service attack, for example. If the message satisfies the specified criteria, then the network element prevents the data packets that contain the message from being received by the application for which the message was intended. The network element may accomplish this by dropping the packets, for example. As a result, the application's host does not waste processing resources on messages whose only purpose might be to deluge and overwhelm the application.
    Type: Grant
    Filed: December 7, 2004
    Date of Patent: May 25, 2010
    Assignee: Cisco Technology, Inc.
    Inventors: Sandeep Kumar, Yi Jin, Sunil Potti, Christopher R. Wiborg
  • Patent number: 7721094
    Abstract: Access to an authentication image may be protected so that only authenticated processes have access to the image. The image can be displayed to authenticate a User Interface (UI) to a computer user. The image indicates the UI can be trusted. If the image is not displayed, it may be that an application UI is “spoofed” to trick a user into providing sensitive information. Additionally, a large variety of different images can be used as authentication images, so spoofing one image be recognized by most users. A set of original images may be provided, along with image modification processes which can generate a large number of variations. Techniques for authenticating UIs in a virtual machine context are provided. A secure attention sequence is also provided, which allows users to test whether processes running on a computer are authenticated.
    Type: Grant
    Filed: May 6, 2005
    Date of Patent: May 18, 2010
    Assignee: Microsoft Corporation
    Inventors: Paul Cador Roberts, Laura Posey Benofsky, William Gifford Holt, Leslie Helena Johnson, Bryan Mark Willman, Madeline Jinx Bryant
  • Patent number: 7721336
    Abstract: The present invention provides systems and methods for dynamic detection and prevention of electronic fraud and network intrusion using an integrated set of intelligent technologies. The intelligent technologies include neural networks, multi-agents, data mining, case-based reasoning, rule-based reasoning, fuzzy logic, constraint programming, and genetic algorithms. The systems and methods of the present invention involve a fraud detection and prevention model that successfully detects and prevents electronic fraud and network intrusion in real-time. The model is not sensitive to known or unknown different types of fraud or network intrusion attacks, and can be used to detect and prevent fraud and network intrusion across multiple networks and industries.
    Type: Grant
    Filed: June 16, 2006
    Date of Patent: May 18, 2010
    Assignee: Brighterion, Inc.
    Inventor: Akli Adjaoute
  • Patent number: 7721328
    Abstract: Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.
    Type: Grant
    Filed: December 14, 2004
    Date of Patent: May 18, 2010
    Assignee: Salesforce.com Inc.
    Inventors: Thomas Nabiel Boulos, Prasanta Kumar Behera
  • Publication number: 20100122330
    Abstract: A method and apparatus for verifying that a user is the owner of a public listing is provided. The user selects an option to claim ownership of the public listing offered by an online service provider. The online service provider uses information regarding the user and the public listing to generate a verification code. The online service provider delivers the verification code to the owner of the public listing via the contact information provided by the public listing. If the user owns the public listing, the user receives the verification code via contact information associated with the public listing. The user verifies ownership by inputting a code to the online service provider. If the inputted code matches the verification code, then the online service provider identifies the user as the owner of the listing. Once verified, the user modifies the listing.
    Type: Application
    Filed: November 13, 2008
    Publication date: May 13, 2010
    Inventors: OWEN McMILLAN, Ambles Kwok
  • Publication number: 20100122332
    Abstract: A file server including: a first interface coupled to a client computer which manages a client side user identifier used by the client computer to identify a client computer user; a second interface coupled to a first storage storing first file system data and a first file system side user identifier used by the first file system to identify the client computer user, and a second storage storing second file system data and a second file system side user identifier used by the second file system to identify the client computer user; a processor which receives a client computer's first access request to the first file system, obtains a first file system identifier which identifies the first file system and the first file system side user identifier, and translates the first file system side user identifier to a first client side user identifier using the first file system identifier.
    Type: Application
    Filed: January 25, 2010
    Publication date: May 13, 2010
    Inventors: Hitoshi KAMEI, Masaaki Iwasaki, Takahiro Nakano, Yoji Nakatani
  • Publication number: 20100122327
    Abstract: Methods, systems, and apparatus, including computer program products, for secure authentication for accessing remote resources are disclosed. In some implementations, a user is authenticated for a first time on an interface using a first communications channel; the user is authenticated a second time on the interface using a second communications channel; access privileges are determined based on authenticating the user for the second time; and a random Uniform Resource Locator (URL) is generated based on the access privileges, where the random URL is single-use and indirectly associated with a requested resource.
    Type: Application
    Filed: November 10, 2008
    Publication date: May 13, 2010
    Applicant: APPLE INC.
    Inventors: Anton Franz Linecker, Yuval Kossovsky, Martin Libich
  • Publication number: 20100122328
    Abstract: Security is optimized in the context of a credential transformation service (CTS) by utilizing a web services client runtime to gather information for determining whether or not a target web service is hosted in a security domain used by a client application and for determining whether or not the target web service uses an authentication mechanism substantially identical to that used by the client application. The gathered information is carried in an endpoint reference (EPR) of the target web service. In response to the client receiving the EPR, the client applies an optimization process to eliminate a possible unnecessary invocation of the CTS, wherein the target web service is an authoritative manageable resource having minimal or no responsibility for providing its identity, and having minimal or no responsibility for advertising any creation and destruction lifecycle related events.
    Type: Application
    Filed: November 12, 2008
    Publication date: May 13, 2010
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Boas Betzler, Ramamohan Chennamsetty, Jeffrey A. Frey, Michael D. Williams
  • Publication number: 20100122329
    Abstract: One embodiment of the present invention provides a system for authenticating a user. During operation, the system records user behavior history at one or more devices associated with the user. The system then extracts user information associated with a place and/or an activity from the recorded user behavior history. The system further generates one or more challenges based on the extracted user information, thereby facilitating the verification of the user's identity.
    Type: Application
    Filed: November 13, 2008
    Publication date: May 13, 2010
    Applicant: PALO ALTO RESEARCH CENTER INCORPORATED
    Inventors: Bjorn Markus Jakobsson, Jessica N. Staddon, Philippe J.P. Golle, Richard Chow