Global (e.g., Single Sign On (sso), Etc.) Patents (Class 726/8)
  • Patent number: 11070540
    Abstract: A controller may be used to create and process an assertion, in some cases, to implement single-sign on (SSO) in a computer network. In some examples, the controller includes processing circuitry coupled to a storage device. The processing circuitry is configured to create the assertion, where the assertion includes information indicative of a set of attributes and parse the assertion to determine the set of attributes. Additionally, the processing circuitry is configured to determine if each attribute of the set of attributes maps to a plurality of primary user groups stored in the storage device. Based on determining that an attribute of the set of attributes does not map to at least one primary user group of the plurality of primary user groups, the processing circuitry is configured to create a set of secondary user groups and a set of secondary user group names corresponding to the attribute.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: July 20, 2021
    Assignee: Juniper Networks, Inc.
    Inventors: Gurminder Singh, Pei-Yu Yang, Mamata Devabhaktuni
  • Patent number: 11063948
    Abstract: A method, system and computer program product for handling potential service load interruptions. The utilization of resources, such as servers in a service infrastructure of a SaaS provider, are monitored. If the utilization of a resource exceeds a threshold, then the resource is identified as having an excessive service load leading to a potential service load interruption. When a request is received from a user requesting to access such a resource, one or more action items to be completed by the user are generated and presented to the user. “Action items” refer to any activity that is required by the user to be performed thereby providing the SaaS provider additional time to address the potential service load interruption in an appropriate manner. Additional action item(s) will be presented to the user until the SaaS provider addresses the potential service load interruption, at which point, the request will be serviced.
    Type: Grant
    Filed: July 16, 2019
    Date of Patent: July 13, 2021
    Assignee: International Business Machines Corporation
    Inventors: Paul R. Bastide, Lisa Seacat DeLuca, Aaron J. Quirk
  • Patent number: 11057367
    Abstract: The technology disclosed relates to non-intrusively enforcing security during federated single sign-on (SSO) authentication without modifying a trust relationship between a service provider (SP) and an identity provider (IDP). In particular, it relates to configuring the IDP to use a proxy-URL for forwarding an assertion generated when a user logs into the SP, in place of an assertion consumer service (ACS)-URL of the SP. It also relates to configuring an assertion proxy, at the proxy-URL, to use the SP's ACS-URL for forwarding the assertion to the SP. It further relates to inserting the assertion proxy in between the user's client and an ACS of the SP by forwarding the assertion to the SP's ACS-URL to establish a federated SSO authenticated session through the inserted assertion proxy.
    Type: Grant
    Filed: February 4, 2020
    Date of Patent: July 6, 2021
    Assignee: Netskope, Inc.
    Inventors: Kartik Kumar Chatnalli Deshpande Sridhar, Lebin Cheng, Krishna Narayanaswamy
  • Patent number: 11057365
    Abstract: A method for creating a virtual SIP user agent by use of a webRTC enabled web browser comprises a user logging in to a web application server via a webRTC enabled web browser. The web application server uses the logged on user identity to lookup an associated SIP user identity along with a registrar server address and the web application server initiates a SIP registration procedure using its IP address as the registered contact.
    Type: Grant
    Filed: October 17, 2018
    Date of Patent: July 6, 2021
    Assignee: RINGCENTRAL, INC.
    Inventors: Eleni Saridaki, Elias Balafoutis
  • Patent number: 11050731
    Abstract: Techniques described herein may be used to centralize authentication and authorization for accessing cloud services provided by different cloud platform deployments. A user equipment (UE) may provide user information to a cloud admin device. The cloud admin device may authenticate and authorize the UE locally and then initiate a sign on procedure with each cloud platform deployment. The sign on procedure may include obtaining user group information for the user and providing the user group information to the cloud platform deployments so that the cloud platform deployments may return permission information without having to each perform an authentication and authorization procedure. The cloud admin device may relay the permission information to the UE, and the UE may use the permission information to access any/all of the cloud services.
    Type: Grant
    Filed: June 4, 2019
    Date of Patent: June 29, 2021
    Assignee: Verizon Patent and Licensing Inc.
    Inventor: Minbao Li
  • Patent number: 11051168
    Abstract: A default pre-shared key is provided from a first device to a second device. The first device is configured to control network access to a network. A first authentication request is obtained at the first device from a third device. The first authentication request includes data indicative of the second device. A first response to the first authentication request is provided from the first device to the third device. The first response includes the default pre-shared key. A second authentication request containing a private pre-shared key and the data indicative of the second device is obtained at the first device from the third device. Stored data at the first device is updated in response to the second authentication request with the private pre-shared key and the data indicative of the second device to provision the first device to provide network access to the network to the second device.
    Type: Grant
    Filed: September 22, 2020
    Date of Patent: June 29, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Suja Thangaveluchamy, Niranjan Mallapura Mallikarjunaiah, Aries Kuttiyan, Sudhir Kumar Jain, Vijay Kumar Kothamasu, Ramachandra Murthy S
  • Patent number: 11039318
    Abstract: Disclosed is a secure element used in a host terminal, including several communication interfaces for communication with the outside, several applications and a runtime environment. At least two applications are issuer security domains instantiating two GlobalPlatform configurations, typically GP configurations UICC and eSE. The runtime environment is configured to receive a command over a communication interface, to determine a target application for executing that command according to that communication interface and to send, over that same interface, a response to the command. This ensures the independence of the two configurations by providing that the runtime environment only authorizes access to an application resource of the secure element for executing the command by the target application if that application resource is associated with the communication interface for receiving the command.
    Type: Grant
    Filed: October 30, 2019
    Date of Patent: June 15, 2021
    Assignee: IDEMIA FRANCE
    Inventors: Vincent Guerin, Matthieu Boisde
  • Patent number: 11025624
    Abstract: Disclosed is a system for delegating authentication of an untrusted application executing on a client device. For delegated authentication, an untrusted application relies on a trusted application executing in the same environment for authentication purposes. The delegated authentication process avoids requiring the user of the untrusted application to provide authentication credentials. The disclosed system for delegating authentication enables any trusted application executing in the same computing environment to authenticate the untrusted application.
    Type: Grant
    Filed: January 6, 2020
    Date of Patent: June 1, 2021
    Assignee: Twitter, Inc.
    Inventors: Jeffrey Seibert, Jr., Michael Ducker
  • Patent number: 11019056
    Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may determine whether the device is manageable. When the device is unrecognized and unmanageable, a portal may provide support to a user of the device by listing the device on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: May 25, 2021
    Assignee: Sophos Limited
    Inventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
  • Patent number: 10997005
    Abstract: A query referencing a function associated with a remote software component is received by a network-based data warehouse system. Temporary security credentials corresponding to a role at a cloud computing service platform are obtained. The role has permission to send calls to a web endpoint corresponding to the remote software component. A request comprising input data and electronically signed using the temporary security credentials is sent to a web Application Programming Interface (API) management system of the cloud computing service platform. The request, when received by the web API management system, causes the web API management system to invoke external functionality provided by the remote software component at the web endpoint with respect to the input data. A response comprising a result of invoking the external functionality is received from the web API management system, and the result data is processed according to the query.
    Type: Grant
    Filed: September 22, 2020
    Date of Patent: May 4, 2021
    Assignee: Snowflake Inc.
    Inventors: Istvan Cseri, Isaac Kunen, Igor Zinkovsky
  • Patent number: 10983845
    Abstract: An application control system (ACS) in a computer device intercepts a request to launch a requested application by a calling process, and determines, based on the requested application, that user interaction is required before launch. In response, the ACS establishes whether or not the calling process is associated with a controlling terminal and, if so, performs the user interactions using that controlling terminal. Where the user interactions are successful then the intended application is permitted to launch or, conversely, the intended application may be denied. Other solutions are provided in the event that the calling process is not associated with the controlling terminal.
    Type: Grant
    Filed: September 10, 2019
    Date of Patent: April 20, 2021
    Assignee: AVECTO LIMITED
    Inventors: Paul Thexton, Steven Joruk, Simon Fradkin
  • Patent number: 10984078
    Abstract: When a user attempts to access a first application installed on a user device, it can send an authentication request to an authentication server. The authentication server can assign a unique request token to the request and load a script to a component of the operating system executing on the user device that displays content within the first application. The script can cause a portal application to launch on the user device. The portal application can send a request to the authentication server on behalf of the user, including the unique request token and an access token stored by, or accessible to, the portal application. The authentication server can receive the request from the portal application and validate the request based on the unique request token and the access token. Upon validating the request, the authentication server can authenticate the user at the first application.
    Type: Grant
    Filed: July 16, 2018
    Date of Patent: April 20, 2021
    Assignee: VMware, Inc.
    Inventors: Ramanandan Nambannor Kunnath, Sruthi Surendran, Rakesh Muraleedharan Nair
  • Patent number: 10986092
    Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may determine whether the device is manageable. When the device is unrecognized and unmanageable, a portal may provide support to a user of the device by listing the device on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: April 20, 2021
    Assignee: Sophos Limited
    Inventors: John Edward Tyrone Shaw, Ross McKerchar, Moritz Daniel Grimm, Jan Karl Heinrich Weber, Shail R. Talati, Kenneth D. Ray, Andrew J. Thomas
  • Patent number: 10979411
    Abstract: A client apparatus converts second input authentication information having a data content compliant with a second authentication method different from a first authentication method into authentication target information in a data format compliant with the first authentication method and transmits information corresponding to the authentication target information to a communication server apparatus. A server apparatus is capable of carrying out both a first process of providing a first authentication server apparatus that carries out an authentication process compliant with the first authentication method with first information corresponding to the authentication target information and a second process of providing a second authentication server apparatus that carries out an authentication process compliant with the second authentication method with second information corresponding to the authentication target information.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: April 13, 2021
    Assignees: NIPPON TELEGRAPH AND TELEPHONE CORPORATION, NTT Innovation Institute, Inc.
    Inventors: Tetsutaro Kobayashi, Hitoshi Fuji, Akira Nagai, Go Yamamoto
  • Patent number: 10965810
    Abstract: Methods and systems for multiple channel authentication are described. In one embodiment, a request for an interaction is initiated from within a mobile application. The request may include authentication information and contextual information relating to a current exchange between the mobile application and an organization. The user may be authenticated with the authentication information and the request may be routed to a representative based on the contextual information to continue the exchange.
    Type: Grant
    Filed: July 2, 2019
    Date of Patent: March 30, 2021
    Assignee: UNITED SERVICES AUTOMOBILE ASSOCIATION (USAA)
    Inventors: Anthony Scott Farnsworth, Zakery Layne Johnson, Joshua S. Kerr, Eric Smith, Charles Lee Oakes, III, Thomas Bret Buckingham, Maland Keith Mortensen, John Raymond Harris, Joshua Samuel Leonard, Vijay Jayapalan, Minya Liang, Justin Dax Haslam, Robert Barner, Ross Andrew Thiele
  • Patent number: 10964196
    Abstract: A method for security and/or automation systems is described. In one embodiment, the method may include detecting a proximity of a user at a home automation device. The method may further include projecting an external display of home automation system information from the home automation device onto a surface. In some embodiments, the external display may be projected based, at least in part, on the detected proximity of the user at the home automation device.
    Type: Grant
    Filed: February 19, 2018
    Date of Patent: March 30, 2021
    Assignee: Vivint, Inc.
    Inventor: Jeffrey G. Thomas
  • Patent number: 10956559
    Abstract: An approach is described for securely and automatically handling credentials when used for accessing endpoints, and/or applications and resources on the endpoints, and more particularly accessing web endpoints and/or web applications and resources on the web endpoints. The approach involves selecting and injecting credentials at an endpoint by an accessor and/or protocol agent to log into the endpoint, running applications, or gaining access to resources on the endpoint, without full credential information traversing the accessor's machine.
    Type: Grant
    Filed: March 5, 2019
    Date of Patent: March 23, 2021
    Assignee: BEYONDTRUST CORPORATION
    Inventors: Rajesh Cherukuri, John Burns Smith, III, Nicholas Shawn Twerdochlib, Ricardo Fabiano De Andrade
  • Patent number: 10936607
    Abstract: A method and associated systems improve access time of a federated repository that represents a set of individual data repositories as a virtualized aggregated repository. An analyzer module counts the number of entries in each individual repository that are associated with each possible value of a selected concordance parameter. The analyzer stores these counts in a Concordance Frequency Table. When the federated-repository manager receives a data-access request, the analyzer associates the requested data element with a corresponding value of the concordance parameter. The analyzer then uses information stored in the Table to select an optimal sequence in which the federated-repository manager should search the repositories for the requested data. This optimal sequence orders the repositories such that the first repositories to be searched will be those that contain the greatest number of entries associated with the concordance-parameter value of the requested data.
    Type: Grant
    Filed: August 24, 2017
    Date of Patent: March 2, 2021
    Assignee: International Business Machines Corporation
    Inventors: Balaji S. Kumar, John Kurian, Vishal G. Palliyathu, Rohan S. Zunzarrao
  • Patent number: 10931665
    Abstract: Techniques are disclosed to leverage third party “cookie stitchers” for cross-device user identification, which may be used by a network server to selectively provide content to a user. The techniques include a cookie stitcher associating a user with multiple computing devices, which in turn notifies the network server when the same user requests access to provided content on separate occasions from different computing devices. The cookie stitcher may also have access to a user record regarding the identified user, and may provide this record data to the network server to identify other characteristics about the user. Based upon the particular type of information that is identified, the network server may provide varying degrees of access to content and/or allow the user to interact with one or more applications supported by the network server in different ways.
    Type: Grant
    Filed: July 12, 2019
    Date of Patent: February 23, 2021
    Assignee: WALGREEN CO.
    Inventors: Peter Manwiller, Adam Crouch
  • Patent number: 10931641
    Abstract: The present invention discloses a hardware control logic based data forwarding control method and a corresponding data forwarding control system. The method includes: externally connecting a terminal protection device to a protected host, and taking over all the data interfaces of the protected host; and controlling by a hardware control logic in the terminal protection device the connection and/or disconnection of a physical circuit corresponding to data forwarding when an external device interacts data with the protected host via the terminal protection device, so as to control the data interaction between the external device and the protected host.
    Type: Grant
    Filed: January 16, 2019
    Date of Patent: February 23, 2021
    Assignee: Beijing Beyondinfo Technology Co., Ltd.
    Inventors: Hua Du, Wei Ai, Zhenhe Cai, Hao Zhang
  • Patent number: 10924519
    Abstract: Provided is a method and system for interworking between applications of devices. An inter-device application interworking method may provide a function capable of processing an action associated with a single communication session through interworking between applications installed on a plurality of electronic devices, respectively, in response to a presence of the plurality of electronic devices of a user identified in association with a single account of the user.
    Type: Grant
    Filed: April 6, 2017
    Date of Patent: February 16, 2021
    Assignee: LINE CORPORATION
    Inventor: Wonjoon Choi
  • Patent number: 10911351
    Abstract: The techniques describe a network device comprising one or more processors configured to: receive configuration data configuring a plurality of virtual network nodes, wherein the configuration data configures a virtual client node including a corresponding line card having a port connected to a first customer network device, and configures a virtual core node including a corresponding line card having a port connected to a core network; provision a layer-2 (L2) circuit that includes, as an access interface, an interface logically connecting the virtual client node and virtual core node, wherein the L2 circuit provides connectivity between the virtual client node and a remote virtual client node; and forward, via the L2 circuit, packets between the virtual client node and the remote virtual client node to realize a logical network between the first customer network device and a second customer network device connected to the remote virtual PE node.
    Type: Grant
    Filed: September 25, 2018
    Date of Patent: February 2, 2021
    Assignee: Juniper Networks, Inc.
    Inventors: Babu Singarayan, Nitin Kumar, Javier Antich, Srikanth Subramanian
  • Patent number: 10908896
    Abstract: Methods and systems for developing, modifying, and distributing software applications for enterprise systems are described herein. A software component, such as a native mobile application or a template application, may be modified into a managed mobile application, and metadata associated with the managed mobile application may be generated. The managed application and associated metadata may be provided to one or more application stores, such as public application stores and/or enterprise application stores. Managed applications and/or associated metadata may be retrieved by computing devices from public application stores and/or enterprise application stores, and may be executed as managed applications in an enterprise system.
    Type: Grant
    Filed: October 7, 2015
    Date of Patent: February 2, 2021
    Assignee: Citrix Systems, Inc.
    Inventors: Zhongmin Lang, Gary Barton, James Robert Walker, Vipin Aravindakshan
  • Patent number: 10902205
    Abstract: Techniques are provided for training, by a system operatively coupled to a processor, an attention weighted recurrent neural network encoder-decoder (AWRNNED) using an iterative process based on one or more paragraphs of agent sentences from respective transcripts of one or more conversations between one or more agents and one or more customers, and based on one or more customer response sentences from the respective transcripts, and generating, by the system, one or more groups respectively comprising one or more agent sentences and one or more customer response sentences selected based on attention weights of the AWRNNED.
    Type: Grant
    Filed: October 25, 2017
    Date of Patent: January 26, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Ke Ke Cai, Jing Ding, Zhong Su, Chang Hua Sun, Li Zhang, Shi Wan Zhao
  • Patent number: 10896263
    Abstract: A computer-implemented method of securely controlling access to data, the method including a consolidation server creating and securely storing a consolidated file labelled by a user device ID, including a first record including a first app ID and a first account ID, and a second record including a second app ID and a second account ID, transmitting encrypted data, including the consolidated file, to the user device, receiving encrypted data indicating a request to modify the first record from the user device, and responsive thereto, modifying the first record according to the request to modify the first record and securely storing a resulting modified first record, and transmitting to the first issuer server encrypted data, including the first app ID and the first account ID, indicating an instruction to modify the first app's access rights to data relating to the first account according to the request.
    Type: Grant
    Filed: October 23, 2018
    Date of Patent: January 19, 2021
    Assignee: Mastercard International Incorporated
    Inventors: Advait Sinha, Syed Aamir Ahmad, Raghav Malik
  • Patent number: 10893078
    Abstract: In one embodiment, the method of processing telephony sessions includes: communicating with an application server using an application layer protocol; processing telephony instructions with a call router; and creating call router resources accessible through a call router Application Programming Interface (API). In another embodiment, the system for processing telephony sessions includes: a call router, a URI for an application server, a telephony instruction executed by the call router, and a call router API resource.
    Type: Grant
    Filed: July 23, 2019
    Date of Patent: January 12, 2021
    Assignee: Twilio Inc.
    Inventors: Jeff Lawson, John Wolthuis, Evan Cooke
  • Patent number: 10893079
    Abstract: In one embodiment, the method of processing telephony sessions includes: communicating with an application server using an application layer protocol; processing telephony instructions with a call router; and creating call router resources accessible through a call router Application Programming Interface (API). In another embodiment, the system for processing telephony sessions includes: a call router, a URI for an application server, a telephony instruction executed by the call router, and a call router API resource.
    Type: Grant
    Filed: July 23, 2019
    Date of Patent: January 12, 2021
    Assignee: Twilio Inc.
    Inventors: Jeff Lawson, John Wolthuis, Evan Cooke
  • Patent number: 10887275
    Abstract: One embodiment of the invention is directed to a computer-implemented method comprising, receiving registration information for one or more application programming interfaces (APIs) at a registrar computer system associated with a federated network of computing devices. The method further comprises generating a unique address for each API included in the registration information. The method further comprises generating a token confirming the registration of the APIs where the token identifies a trust relationship within the federated network of computing devices. The method further comprises receiving a request for the token from another registrar computer system that includes a canonical address for a particular API of the one or more APIs. The method further comprises providing the token to establish a secure connection with the federated network of computing devices.
    Type: Grant
    Filed: January 24, 2019
    Date of Patent: January 5, 2021
    Assignee: Visa International Service Association
    Inventor: Quan Wang
  • Patent number: 10887313
    Abstract: The described technology provides a single sign-on capability so that a user who is already signed on to a web application from a client application may not be required to sign-on again when he/she later needs access to the web application from the same or another client application. The technology also provides a multiple login prevention capability to detect multiple sign-on events using the same credentials and disable one or more of the associated multiple sessions.
    Type: Grant
    Filed: July 30, 2019
    Date of Patent: January 5, 2021
    Assignee: Nasdaq, Inc.
    Inventor: Vladimir Mitevski
  • Patent number: 10887103
    Abstract: An operating method for a push authentication system and device, belonging to the field of information security.
    Type: Grant
    Filed: February 24, 2016
    Date of Patent: January 5, 2021
    Assignee: Feitian Technologies Co., Ltd.
    Inventors: Zhou Lu, Huazhang Yu
  • Patent number: 10880291
    Abstract: Single sign-on (SSO) techniques of the present disclosure provide for enterprise application user identities that are bound to a mobile identity (e.g. IMSI) associated with a user equipment (UE) for authentication, using general bootstrapping architecture (GBA)/general authentication architecture (GAA) functionality in combination with identity provider (IDP) functionality (e.g. OpenID Connect), all of which may be provided in an enterprise network. The present techniques need not rely on GBA/GAA infrastructure of a mobile network operator (MNO), and have little or no impact or effect on the mobile network.
    Type: Grant
    Filed: February 9, 2018
    Date of Patent: December 29, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Konstantin Livanos, Bart Brinckman, Ian McDowell Campbell
  • Patent number: 10880729
    Abstract: A technique to deliver Personally Identifiable Information (PIT) of a first subscriber from the plurality of subscribers that reside in a private network toward a first server from the plurality of IP servers that reside in a public network wherein the first server is involved in at least one transaction with the first subscriber is disclosed. In addition a Network-Address Translator (NAT) is used in order to allocate to the first subscriber a public IP address. Further, the communication between the first subscriber and the first IP server is encrypted. An example embodiment of the disclosed technique may impersonate the first subscriber and send the PII over an impersonated packet.
    Type: Grant
    Filed: October 29, 2018
    Date of Patent: December 29, 2020
    Assignee: Flash Networks, LTD
    Inventor: Dror Shlomo
  • Patent number: 10873572
    Abstract: This document describes techniques and apparatuses for securely transferring a single sign-on session between a browser session and a client application. Responsive to a launch request from the browser session, a server sends a launch command to launch the application on the client to transfer the single sign-on session from the browser session to the application. The launch command includes a first security credential and a second security credential. The application then initiates a registration process by sending to the server the first security credential and a client identification unique to the client. The server passes the client identification to the browser session which confirms to the server that the client identification matches the client identification unique to the client. The server then sends the application a third security credential, and the application returns the client identification and an encrypted version of the second security credential relative to the third security credential.
    Type: Grant
    Filed: May 14, 2020
    Date of Patent: December 22, 2020
    Assignee: MICRO FOCUS LLC
    Inventor: Vamsi Krishna
  • Patent number: 10873721
    Abstract: An online system customizes video conversations between users of the online system. During a video conversation, the online system presents a composite view to the participating users. The composite view may include visual representations of the users, a background graphic, or other types of graphics such as masks and props that the users can wear or interact with in the environment of the video conversation. The visual representations may be generated based on a live video feed of the users or include avatars of the users. The online system can determine the graphics based on information about the users. For instance, the online system determines a background graphic showing a location that the users have each visited. Upon viewing the background graphic, the users may be encouraged to interact with the background graphic or other graphics included in the composite view, which can promote an engaging video conversation experience.
    Type: Grant
    Filed: August 28, 2019
    Date of Patent: December 22, 2020
    Assignee: Facebook, Inc.
    Inventors: Jason Duane Clark, Brendan Benjamin Aronoff, Stephane Taine
  • Patent number: 10868737
    Abstract: Embodiments are disclosed that relate generally to software defined networking (SDN), and more particularly, but not by way of limitation, to devices, systems, and methods for a security policy analysis framework for distributed SDN-based cloud computing environments. The ease of programmability in SDN makes it a great platform implementation of various initiatives that involve application deployment, dynamic topology changes, and decentralized network management in a multi-tenant data center environment. However, implementing security solutions in such an environment is fraught with policy conflicts and consistency issues with the hardness of this problem being affected by the distribution scheme for the SDN controllers.
    Type: Grant
    Filed: October 26, 2017
    Date of Patent: December 15, 2020
    Assignee: ARIZONA BOARD OF REGENTS ON BEHALF OF ARIZONA STATE UNIVERSITY
    Inventors: Dijiang Huang, Ankur Chowdhary, Sandeep Pisharody
  • Patent number: 10868812
    Abstract: A system and a method for authenticating a device of a user is provided. A set of parameters of the device or the user are captured from the device. The set of parameters are categorized into first and second categories including first and second parameters, respectively. One of the first and second categories is selected based on a trust score of the device. The first challenge is generated based on the first parameters, when the first category is selected. The second challenge is generated based on the second parameters, when the second category is selected. The first or the second challenge is transmitted to the device, and a response message is received in response to the first or second challenge. The response message is validated to authenticate the device of the user.
    Type: Grant
    Filed: March 19, 2018
    Date of Patent: December 15, 2020
    Assignee: ANI Technologies Private Limited
    Inventors: Shadab Siddiqui, Jebu Ittiachen
  • Patent number: 10855469
    Abstract: Provided is novel technology for secure security data transmission and more particularly for registering network-enabled security devices such as IP cameras to a security server over a public network such as to a cloud-based security service. An enrolment server is provided that is logged into using a computing device to request and receive an activation code for the security device. The activation code is then provided to the security device, e.g. directly by the computing device. The Security device authenticates itself based on the activation code and in one example provides a public key that will be used to verify its registration. Data transmissions by the device are secured in part on the basis of its registration.
    Type: Grant
    Filed: August 2, 2016
    Date of Patent: December 1, 2020
    Assignee: GENETEC INC.
    Inventors: Jonathan Doyon, Simon Le Bourdais-Cabana, Sébastien Nadeau, Siaka Baro, Martin Tardif
  • Patent number: 10841084
    Abstract: Techniques are described that provide a session management authorization token by receiving a session request message to establish a protocol data unit (PDU) session for a logical data network associated with a user equipment (UE), the session request message may include one or more session parameters; verifying that the UE is authorized to establish the PDU session for the logical data network; receiving a key associated with the PDU session; generating an authorization token based on the received key and the session parameters; and transmitting a session response message including the generated authorization token to the UE.
    Type: Grant
    Filed: October 13, 2017
    Date of Patent: November 17, 2020
    Assignee: QUALCOMM Incorporated
    Inventors: Soo Bum Lee, Adrian Edward Escott, Anand Palanigounder
  • Patent number: 10834069
    Abstract: A computer readable medium having instructions embodied therewith, the instructions executable by a processor or programmable circuitry of a federation server to cause the processor or programmable circuitry to perform operations including configuring a plurality of identification (ID) federations between the federation server and a plurality of applications such that each of the plurality of ID federations is between the federation server and one of the plurality of applications, receiving a first authentication request for authenticating a user who has been authenticated on a first application of the plurality of applications using an ID federation between the first application and the federation server from among the plurality of ID federations, and sending a second authentication request to a second application of the plurality of applications for authenticating the user using an ID federation between the federation server and the second application from among the plurality of ID federations.
    Type: Grant
    Filed: August 30, 2016
    Date of Patent: November 10, 2020
    Assignee: International Business Machines Corporation
    Inventors: Miki Enoki, Yuji Watanabe
  • Patent number: 10812536
    Abstract: Disclosed is a method for web-based real-time communication by a user equipment (UE), including transmitting, to a web server, a message requesting information about an Internet protocol multimedia subsystem (IMS) network to which the UE is to access, receiving, from the web server, address information of the IMS network to which the UE is to access, in response to the transmitted message, when receiving, from the web server, an instruction to hold establishment of a bearer for a web-based real-time data service, restricting transmission of a signaling message for the web-based real-time data service until the bearer is established, and when sensing establishment of the bearer, transmitting, to an access point of the IMS network, at least one subsequent signaling message for the web-based real-time data service through the bearer.
    Type: Grant
    Filed: April 30, 2019
    Date of Patent: October 20, 2020
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Young-Kyo Baek, Song-Yean Cho, Sang-Soo Jeong
  • Patent number: 10812483
    Abstract: A server, primary client device, and secondary device may be provided. The server may be configured to receive a login request sent by a secondary client device, the login request including a secondary account identifier and an encoded image, the secondary account identifier associated with a secondary account. The server may decode the encoded image to identify a primary account identifier and an expiration time indicator encoded in the encoded image. The server may determine that the secondary account is linked with a primary account. The server may compare the expiration time indicator with the request time to determine that the encoded image has not expired. The server may authorize privileged communication with the secondary client device in response to the secondary account being linked with the primary account and determination that the encoded image has not expired.
    Type: Grant
    Filed: March 27, 2018
    Date of Patent: October 20, 2020
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Yuhui Hu, Huankui Chen, Jingbin Hu, Yuefeng Zeng
  • Patent number: 10812478
    Abstract: Methods and systems are described for verifying an identity of a user through contextual knowledge-based authentication. The system described uses contextual knowledge-based authentication. By verifying an identity of a user through contextual knowledge-based authentication, the verification is both more secure and more intuitive to the user. For example, by relying on confidential and/or proprietary information, the system may generate verification questions, the answers to which are known only by the user.
    Type: Grant
    Filed: April 10, 2020
    Date of Patent: October 20, 2020
    Assignee: Capital One Services, LLC
    Inventors: Matt Davis, Pranav Khanna, Paul Melby
  • Patent number: 10798096
    Abstract: Methods are provided to authorize a secondary user device for a network service provided over a network. Responsive to receiving a request from a primary user device, a voucher may be transmitted over the network to the primary user device. A request for an authorization waiver may be received from the secondary user device over the network, wherein the request for the authorization waiver includes the voucher that was transmitted to the primary user device. Responsive to receiving the request from the secondary user device including the voucher, an authorization waiver may be transmitted to the secondary user device. Related methods of operating primary and secondary user devices are also discussed.
    Type: Grant
    Filed: September 9, 2016
    Date of Patent: October 6, 2020
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Samy Touati, Paolo Fiorini
  • Patent number: 10798084
    Abstract: Systems and methods for embodiments of artificial intelligence systems for identity management are disclosed. Specifically, embodiments of an identity management system may provide identity management in association with cloud services used by an enterprise and, in particular, may provide identity management in association with cloud based services that may be accessed through federated access providers.
    Type: Grant
    Filed: April 24, 2020
    Date of Patent: October 6, 2020
    Assignee: SAILPOINT TECHNOLOGIES, INC.
    Inventors: Brian Eric Rose, Nicholas Ryan Wellinghoff
  • Patent number: 10789348
    Abstract: Techniques related to login information data processing are described. In one example method, a smart contract is created based on a predetermined smart contract template. The smart contract includes login information corresponding to a user. The created smart contract is stored at a storage address in a blockchain network based on the identifier. A login information query request is received from the user, and the login information query request includes the identifier. At least one smart contract is retrieved from the blockchain network based on the identifier, and the smart contract corresponding to the user is determined from the at least one retrieved smart contract. The smart contract corresponds to the user is executed to obtain at least one login information, and sending the obtained login information to the user.
    Type: Grant
    Filed: December 20, 2019
    Date of Patent: September 29, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Hao Li
  • Patent number: 10791506
    Abstract: Methods, systems, and computer program products for cloud-based adaptive configuration and control of a network device include, detecting an access by a user through the network device to a cloud-based service; and responsive to the detected access, configuring the network device to be controlled by the user via a cloud-based configuration controller. Further implementations include, receiving a configuration request from the network device, wherein the configuration request includes access information pertaining to an access made by a user to a cloud-based service; determining a cloud-based identity of the user based upon the received access information; associating the cloud-based identity with an ownership identifier; forming one or more instructions to configure the network device with the ownership identifier as an owner of the network device; and transmitting the one or more instructions to the network device.
    Type: Grant
    Filed: January 28, 2019
    Date of Patent: September 29, 2020
    Assignee: Google LLC
    Inventors: James Roskind, Wan-Teh Chang
  • Patent number: 10785262
    Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate end-user defined policy management. An example apparatus includes an edge node interface to detect addition of a networked user device to a service gateway, and to extract publish information from the networked user device. The example apparatus also includes a device context manager to identify tag parameters based on the publish information from the networked user device, and a tag manager to prohibit unauthorized disclosure of the networked user device by setting values of the tag parameters based on a user profile associated with a type of the networked user device.
    Type: Grant
    Filed: April 28, 2017
    Date of Patent: September 22, 2020
    Assignee: INTEL CORPORATION
    Inventors: Keith A. Ellis, Ronan O'Malley, Connor Upton, David M. Boundy, Hugh Martin Carr
  • Patent number: 10785303
    Abstract: The invention relates to an industrial testing device communicating with a data center located in a remote computer network, such as the cloud. Disclosed is a method of registering the device to the cloud and specifying the geographical location of the data center. The method includes selecting a data center from a list of available data centers based on regulations specific to a device type of the industrial testing device. Features are configured for communication between the device and the selected data center.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: September 22, 2020
    Assignee: OLYMPUS AMERICA INC.
    Inventor: Ehab Ghabour
  • Patent number: 10776850
    Abstract: Some embodiments relate to systems and methods for selection of auto parts with automatic part selection and dynamic pricing. A system may automatically connect to a plurality of auto parts electronic stores over a wide area network and receive user input specifying parts that the user desires to purchase. The user input may include vehicle information terms that may be mapped to an auto parts vocabulary particular to each respective auto parts electronic store. Required vehicle information and specific conditions for each auto parts electronic store may be automatically completed using the auto parts vocabulary particular to each auto parts electronic store and part/pricing information may be received from at least two of the auto parts electronic stores in response. At least a subset of the part/pricing information from the at least two auto parts electronic stores may be displayed.
    Type: Grant
    Filed: May 12, 2017
    Date of Patent: September 15, 2020
    Inventor: Glenn E. Staats
  • Patent number: 10747874
    Abstract: The disclosed computer-implemented method for controlling an application launch based on a security policy may include (1) loading an application launcher into a sandbox, (2) monitoring one or more functions associated with launching an application from the application launcher, (3) determining that the functions associated with launching the application have been invoked by the application launcher, (4) querying a policy manager comprising a security policy to determine whether the application is potentially harmful, and (5) performing, based on the security policy, a security action preventing the application launcher from launching the application from the sandbox upon determining that the application is potentially harmful. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: May 22, 2018
    Date of Patent: August 18, 2020
    Assignee: NortonLifeLock, Inc.
    Inventors: Jonathon Salehpour, Somard Kruayatidee, Rad Stanev