Global (e.g., Single Sign On (sso), Etc.) Patents (Class 726/8)
  • Patent number: 10742748
    Abstract: Described herein are systems and methods for providing access to a database in a multi-tenant environment, including the use of a connection pool, and support for live addition of a tenant. When a pluggable database (PDB), for use by a tenant, is added to a multi-tenant database, it can generate an event to notify the connection pool. The connection pool environment consumes this PDB-add event, and dynamically configures a new tenant to access the shared pool. Since the new tenant addition is based on receipt of an event from the database, the connection pool does not require manual configuration for that tenant. Once a tenant is added, it can borrow connections from the pool in the same manner as existing tenants, and can also share existing pool properties, such as, for example a maximum pool size, or maximum number of connections per tenant.
    Type: Grant
    Filed: July 7, 2017
    Date of Patent: August 11, 2020
    Inventors: Jean De Lavarene, Saurabh Verma, Vidya Hegde, Chandra Sekhar Krishna Mahidhara, Aramvalarthanathan Namachivayam
  • Patent number: 10728113
    Abstract: A method for troubleshooting and performance analysis of a cloud based system, the method implemented by an analyzer service executed on one or more servers, and the analyzer service communicatively coupled to a network and to user devices, the method includes receiving results from execution of an analyzer application on each of the user devices, wherein the analyzer application is executed locally on user devices to perform tests comprising traceroutes and web page loads, and wherein the plurality of tests are performed both through the cloud based system to the network and directly to the network; processing the results to determine a status of the cloud based system and associated user devices communicating therewith; utilizing the status to identify bottlenecks and issues associated with the cloud based system and the network; and causing performance of remedial actions based on the identified bottlenecks and the issues.
    Type: Grant
    Filed: December 13, 2016
    Date of Patent: July 28, 2020
    Assignee: Zscaler, Inc.
    Inventors: Amit Sinha, Prem Mohan, Arshi Chadha, Preeti Arora, Ajit Singh, Purvi Desai
  • Patent number: 10728235
    Abstract: Improved methods and systems for integrating client-side single sign-on (SSO) authentication security infrastructure with a mobile authorization protocol are disclosed that provide clients with secured SSO mobile access to third-party services. Embodiments of the present invention leverage SSO authentication protocols that are utilized at many client-side systems already and integrate these SSO authentication protocols with a mobile SSO authorization protocol, thereby effectively extending the SSO framework to mobile service requests of web services at third-party service provider systems. Embodiments of the present invention provide a secure and automated solution which may be implemented in any existing client-side SSO frameworks with minimum cost and time, while providing a lightweight and secure solution that provides users using either native applications or mobile web application to access third-party web services.
    Type: Grant
    Filed: January 24, 2019
    Date of Patent: July 28, 2020
    Assignee: Globoforce Limited
    Inventors: Jonathan Hyland, Eddie Fitzpatrick
  • Patent number: 10708301
    Abstract: A method for secure electronic communication between one or more clients on one or more client computing devices. The method includes establishing a networked secure exchange server, where the networked secure exchange server comprises one or more secure electronic data exchange environments for communication between one or more clients. The method also includes providing, on one or more client computing devices, a client authentication interface operable to enable one or more authorized clients to access one or more of the secure electronic data exchange environments across a network, and enabling one or more of the authorized clients to exchange electronic communications through one or more secure electronic data exchange environments.
    Type: Grant
    Filed: March 24, 2016
    Date of Patent: July 7, 2020
    Assignee: Always Organised Ltd.
    Inventors: Andrew Brogden, Huw Parker
  • Patent number: 10708447
    Abstract: An image forming system includes a first mobile terminal and an image forming apparatus. The first mobile terminal transmits first image data by carrying out first wireless communication. The image forming apparatus receives the first image data by carrying out the first wireless communication and forms an image on the basis of the first image data. The first mobile terminal includes first storage, a first communicator, and a first setting section. The image forming apparatus includes second storage, a second communicator, a second setting section, and an image forming section. The first and second storages both hold first communication setting information and are respectively able to hold second and third communication setting information.
    Type: Grant
    Filed: October 15, 2018
    Date of Patent: July 7, 2020
    Assignee: Oki Data Corporation
    Inventor: Kenji Sawaguchi
  • Patent number: 10699023
    Abstract: Various approaches enable real-time data encryption using an encryption profile that enables a customer to specify the type of data to encrypt and the encryption keys to use when encrypting the data. A profile editor that a customer (e.g., a customer of a content provider) can use to create and manage encryption profiles that can be used to encrypt data can be provided. A profile editor or set of request parameters can allow customers to configure content distributions and associate encryption keys with a profile to encrypt user sensitive data. A customer can select, define, and/or modify the encryption options or other configuration settings for a profile. Once set, the profile can be used to securely ingest user-submitted data to customers' web servers. For example, a request can be analyzed to determine data fields of the request. Based on one or more profiles associated with the customer, the data in those fields can be encrypted with the appropriate encryption key per the profiles.
    Type: Grant
    Filed: January 16, 2018
    Date of Patent: June 30, 2020
    Inventors: Ronil Sudhir Mokashi, Francesco De Martino, Shreeja Kumar, Prashant Verma, Vijaya Rama Reddy Kistampalli, Sorin Manole, Andrii Galyuzin, Cristi Ursachi
  • Patent number: 10698997
    Abstract: Techniques related to login information data processing are described. In one example method, a smart contract is created based on a predetermined smart contract template. The smart contract includes login information corresponding to a user. The created smart contract is stored at a storage address in a blockchain network based on the identifier. A login information query request is received from the user, and the login information query request includes the identifier. At least one smart contract is retrieved from the blockchain network based on the identifier, and the smart contract corresponding to the user is determined from the at least one retrieved smart contract. The smart contract corresponds to the user is executed to obtain at least one login information, and sending the obtained login information to the user.
    Type: Grant
    Filed: July 12, 2018
    Date of Patent: June 30, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Hao Li
  • Patent number: 10694029
    Abstract: Verifying caller identification information is described. A query to verify a first communications connection associated with an observed caller ID is received. Using a second communications channel, a message to a device associated with the observed caller ID is transmitted. A response to the message is received. The message is evaluated to perform a security determination. The security determination is provided as output.
    Type: Grant
    Filed: November 6, 2014
    Date of Patent: June 23, 2020
    Assignee: RightQuestion, LLC
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 10686778
    Abstract: A method is provided in which a JavaScript (JS) SDK file is called by an application. A plurality of login paths for logging in to the application is encapsulated in the JS SDK file. When the application is started, a running environment of the application is detected by using the JS SDK file. A login path supported by the running environment is determined by using the JS SDK file. Further, a first login path is sent to the application by using the JS SDK file. The first login path is the login path supported by the running environment and is one of the plurality of login paths.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: June 16, 2020
    Inventor: Fucheng Long
  • Patent number: 10686888
    Abstract: In some embodiments, a client application at a client device can receive, from a browser application at the client device, a first message including a unique identifier associated with a session of the browser application at a website associated with a content management system. The client application can extract the unique identifier from the first message, and establish a connection between the client application and the content management system by sending, from the client application to the content management system, a second message including the unique identifier. The client application can then receive, from the content management system through the connection, a third message relayed by the content management system from the website, where the third message is associated with the unique identifier.
    Type: Grant
    Filed: January 10, 2018
    Date of Patent: June 16, 2020
    Assignee: Dropbox, Inc.
    Inventors: Andrew Bortz, Sang Tian, Joshua Kaplan, Devdatta Akhawe
  • Patent number: 10659331
    Abstract: A network device in a network system which includes a plurality of network devices and a management system managing information collected from the plurality of network devices, the network devices comprising, a memory storing instructions; and a processor which is capable of executing the instructions causing the network device to: receive, from the management system, token information for another network device which is managed in the management system in the same management group as the network device; try communication with the another network device by using the received token information; and send information regarding the communication to the management system, wherein the token information is sent from a management application executed by the another network device to the management system, before a detection of an abnormality in the another network device by the management system.
    Type: Grant
    Filed: August 11, 2017
    Date of Patent: May 19, 2020
    Assignee: Canon Kabushiki Kaisha
    Inventor: Masahito Numata
  • Patent number: 10642967
    Abstract: A single sign-on system using blockchain is disclosed. The single sign-on system may interconnect various organization systems over a peer-to-peer network, with each organization system having a blockchain node and an application programming interface (API). The blockchain node invokes and uses a smart contract to write registration credentials to the blockchain during a registration process. During a login process, the blockchain node invokes the smart contract to determine whether login credentials match stored login credentials in the blockchain. In response to matching login credentials, the API may generate a single sign-on token that can be used by a user device to access one or more organization systems connected over the network.
    Type: Grant
    Filed: November 28, 2017
    Date of Patent: May 5, 2020
    Inventors: Balaji Balaraman, Andras L. Ferenczi, Dallas L. Gale, Nilesh Yashavant Jadhav, Harish R. Naik
  • Patent number: 10642646
    Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and a computer system are provided. The computer system includes an initialization component of a host. The initialization component obtains a process file for dynamically creating a processing component on a management platform on a BMC of the host, the process file defining a logic to be implemented by the processing component, the initialization component operating to load an operating system of the host. The initialization component sends the process file to the BMC. The initialization component further sends a message to the BMC, the message including data to be processed by the processing component.
    Type: Grant
    Filed: October 24, 2018
    Date of Patent: May 5, 2020
    Inventors: Chandrasekar Rathineswaran, Viswanathan Swaminathan, Joseprabu Inbaraj
  • Patent number: 10645087
    Abstract: Systems and methods for cloud based computing systems and, more particularly, techniques for providing centralized user access to network connected computing systems are disclosed. A method for handling access commands originating from at least one source application utilizing a first format, to at least one destination application utilizing a second format is disclosed. The method comprises receiving an access command from a user using at least one source application, and determining a type for the access command based on a data payload. Generating an action based on the type for the access command and the data payload, and translating the data payload into a common format, wherein the common format is determined using the first format and the second format. Lastly, responding to the access command using the translated data payload and action, wherein the response addresses the request for user access to the network connected computing systems.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: May 5, 2020
    Assignee: AMGEN INC.
    Inventor: Spencer Mott
  • Patent number: 10637850
    Abstract: A method for accessing service/data of a first network from a second network includes accessing the services and data of the first network from the second network includes registering a user device with the first network to access the services or data of the first network. The user device connects with the second network and authenticates the user device with the second network subsequent to registering the user device with the first network. The user device provides connectivity information of the first network to the second network to configure the second network to access the services or data of the first network. The first network is able to provide the services or data to the second network based on the user device being registered to access the services or data prior to being authenticated with the second network.
    Type: Grant
    Filed: November 9, 2017
    Date of Patent: April 28, 2020
    Inventors: Mischa Schmidt, Hans-Joerg Kolbe, Raihan Ul-Islam
  • Patent number: 10628244
    Abstract: A query referencing a function associated with a remote software component is received by a network-based data warehouse system. Temporary security credentials corresponding to a role at a cloud computing service platform are obtained. The role has permission to send calls to a web endpoint corresponding to the remote software component. A request comprising input data and electronically signed using the temporary security credentials is sent to a web Application Programming Interface (API) management system of the cloud computing service platform. The request, when received by the web API management system, causes the web API management system to invoke external functionality provided by the remote software component at the web endpoint with respect to the input data. A response comprising a result of invoking the external functionality is received from the web API management system, and the result data is processed according to the query.
    Type: Grant
    Filed: October 29, 2019
    Date of Patent: April 21, 2020
    Assignee: Snowflake Inc.
    Inventors: Istvan Cseri, Isaac Kunen, Igor Zinkovsky
  • Patent number: 10616003
    Abstract: According to at least some example embodiments, service interworking methods and systems are provided to identify registered users using different user identification systems performed by a first server having at least one processor and configured to identify registered users using a first user identification system, the method comprising: generating a first reference identifier of a first user in association with a first identifier identifying the first user in the first user identification system; managing the first reference identifier in association with the first identifier; receiving a second identifier identifying the first user in a second user identification system from the first user; and transmitting the first reference identifier and the second identifier to a second server configured to identify registered users using the second user identification system.
    Type: Grant
    Filed: May 2, 2017
    Date of Patent: April 7, 2020
    Assignee: Line Pay Corporation
    Inventors: Boram Kim, Kyewan Jun, Won Hyuk Choi, Bong Gun Song, Soon-Yong Lee
  • Patent number: 10595215
    Abstract: Systems and methods for coordinating security operations among members of a cooperative security fabric (CSF) are provided. According to one embodiment, a first network security appliance of a CSF receives incoming network traffic and determines if the incoming network traffic is transmitted from a second network security appliance based on the source address of the network traffic. If the incoming network traffic is from the second network security appliance, the first network security appliance determines operations that are executed by the second network security appliance and then determines local operations. The first network security appliance executes local operations to the incoming network traffic.
    Type: Grant
    Filed: September 27, 2017
    Date of Patent: March 17, 2020
    Assignee: Fortinet, Inc.
    Inventors: Hongwei Li, Yixin Pan, Xiaodong Xu
  • Patent number: 10581825
    Abstract: Certain aspects involve facilitating the integration of sensitive data from a data provider into an instance of a web-based, third-party application. For example, a data provider service can receive an authentication API call from a third-party system. The authentication API call can include a user identifier and a request for an access token usable by a web-based interface of the third-party system. The data provider service can generate an access token for the third-party system from which the authentication API call is received. The data provider service can subsequently receive, from the user device, a feature API call including the access token and a feature request for sensitive data. The data provider service can generate output data specific to the user identified by the access token included in the feature API call. The data provider service can provide the output to the user device via the web-based interface.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: March 3, 2020
    Assignee: EQUIFAX INC.
    Inventors: Timothy G. Poschel, Ryan Petersen, Josh Hanson
  • Patent number: 10581889
    Abstract: Systems and methods for detecting abnormal user activity comprising: tracking, by the server, during a first time period, user activity associated with an application service, determining, by the server, that the user activity associated with the application service exceeds a respective first predetermined threshold of user activity during the first time period, in response to determining that the user activity exceeds the first predetermined threshold, tracking, during a second time period user activity associated with the application service, the tracking comprising tracking a content of the user interactions with the application service, determining that the user activity exceeds a second predetermined threshold of user activity during the second time period and in response to determining that the user activity exceeds the second predetermined threshold, triggering a user challenge procedure on a client device.
    Type: Grant
    Filed: January 8, 2018
    Date of Patent: March 3, 2020
    Assignee: YANDEX EUROPE AG
    Inventors: Dmitriy Nikolaevich Kovega, Ekaterina Aleksandrovna Kovega
  • Patent number: 10574646
    Abstract: Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc.
    Type: Grant
    Filed: March 15, 2018
    Date of Patent: February 25, 2020
    Assignee: Amazon Technologies, Inc.
    Inventor: Peter Sirota
  • Patent number: 10547643
    Abstract: Methods and systems for distributed data verification between a relying party server and a client device using data attested by at least one attestation server. Entities are loosely coupled, while still allowing for authentication data and transaction data to be tightly coupled in any given interaction. There need not be any prior relationships between relying parties and attestation servers, or between relying parties and users. A common syntax enables a relying party to define what types of attested data items will be accepted for a particular transaction, without having to predetermine all possible sources of identification a user may wish to provide. The relying party may not know the source of the attested data items a priori, but can nevertheless determine if they are satisfactory once they are received.
    Type: Grant
    Filed: February 27, 2017
    Date of Patent: January 28, 2020
    Assignee: SecureKey Technologies Inc.
    Inventors: Michael Varley, Troy Jacob Ronda, Dmitry Barinov, Gregory Howard Wolfond, Pierre Antoine Roberge
  • Patent number: 10530834
    Abstract: Technologies related to resending hypertext transfer protocol (HTTP) requests are disclosed. One or more operations performed on a first web page is monitored. One or more HTTP requests that include the monitored one or more operations are sent to a server. Information associated with the one or more HTTP requests are recorded. Upon determining that an HTTP request of the one or more HTTP requests has failed to be sent, the HTTP request is recorded to a list of HTTP requests that failed to be sent. The HTTP request recorded to the list is deleted after receiving a normal response message from the server, and whether the list of HTTP requests that failed to be sent is empty is determined when redirecting from the first web page to a second web page.
    Type: Grant
    Filed: December 14, 2017
    Date of Patent: January 7, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Liang Tian
  • Patent number: 10530769
    Abstract: A method comprises a portable device obtaining a graphical encoded information item which is displayed on a display of a computing apparatus, decoding the encoded information from the encoded information item, and transmitting a first message to first server apparatus, the first message including the decoded information and a first identifier identifying the device or a user of the device, wherein the decoded information includes an apparatus identification information item for allowing identification of the computing apparatus, and the first server apparatus receiving the first message from the device, establishing the identity of the user of the device, wherein establishing the identity of the user comprises using the first identifier to determine if the user is registered with the first server apparatus in response to establishing the identity of the user, authorising the user to access a service, and providing the service to the user via the computing apparatus using the apparatus identification informati
    Type: Grant
    Filed: March 6, 2017
    Date of Patent: January 7, 2020
    Assignee: Ensygnia IP LTD (EIPL)
    Inventor: Richard H. Harris
  • Patent number: 10528541
    Abstract: In offline access of data in mobile devices, a request to access a document is received at a mobile server. The document is fetched from a BI platform to the mobile server. Plurality of requests is sent from the mobile server to the BI platform to retrieve data packages from the BI platform. The data packages is converted to a plurality relational database management tables at the mobile server. The plurality of relational database management tables is compressed to a compressed database. The compressed database is sent to the mobile device and stored. A new request is received at the mobile device for operations on the document. Based on the new request, operations are performed on the document based on the compressed database stored in the mobile device, when the mobile device is not connected to the mobile server.
    Type: Grant
    Filed: December 13, 2016
    Date of Patent: January 7, 2020
    Assignee: SAP SE
    Inventors: Jagadish Radhakrishnan, Dharmesh Rana, Swati Krishna Setty, Arjun Krishnakumar
  • Patent number: 10516759
    Abstract: Software services are managed from a single machine performing a service. Service providers offering SaaS applications solicit the single machine. Each service provider provides roles and device requirements for performing the corresponding SaaS. The single machine maintains a database that logs the software services offered by the service providers. Whenever a software service is needed, the single machine inventories its client devices for their resource capabilities and compares to the device requirements in the database. The database reveals the client machine(s) that best performs the role for the corresponding SaaS. Software services are thus integrated and managed from the single machine, thus allowing software services to be efficiently and quickly selected as network resources emerge.
    Type: Grant
    Filed: November 14, 2016
    Date of Patent: December 24, 2019
    Assignee: Dell Products, LP
    Inventors: Carlton A. Andrews, Joseph Kozlowski, Girish S. Dhoble
  • Patent number: 10516530
    Abstract: Apparatuses, methods, systems, and program products are disclosed for secure data handling and storage. A method includes receiving a plurality of keys for unlocking an encryption engine. Each key may be associated with a key holder. At least a subset of the plurality of keys are combined to generate a master key. An encryption engine is unlocked using the master key. Encrypted data is received at the encryption engine on a continuous basis. The encrypted data is encrypted using a first encryption key, and includes sensitive information for one or more users. The encrypted data is decrypted using the first encryption key. The decrypted data is re-encrypted using a second encryption key that is newer than the first encryption key.
    Type: Grant
    Filed: January 30, 2017
    Date of Patent: December 24, 2019
    Inventors: Brandon Dewitt, Matt Hillary, Devin Christensen, John Atkinson, George Lambson
  • Patent number: 10506429
    Abstract: This specification presents methods and apparatus in a device and a network node implementing a Bootstrapping Server Function, BSF, for enabling multiple service functions/clients in the device sharing a common public identity and each performing its own registration to one or more (IMS) core network, to use a common bootstrapping of application security based on the Generic Bootstrapping Architecture, GBA/Generic Authentication Architecture, GAA, infrastructure. Therefore, when using Extensible Markup Language, XML, Configuration Access Protocol, XCAP, or the likes, the multiple service functions in the device use the same authentication method for all XCAP traffic or the likes, such as GBA/GAA but enabling it to use the same key sets (e.g., same B-TID).
    Type: Grant
    Filed: February 22, 2017
    Date of Patent: December 10, 2019
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Cristina Badulescu, Sorin Surdila, Ralf Keller
  • Patent number: 10489183
    Abstract: A virtual machine migration method and apparatus are provided, which pertain to the field of computer technologies. The method includes: obtaining a first mapping relationship, pre-stored on a source cloud platform, between a source VM and a specified user when data in the source VM is migrated to a destination VM (201); configuring the destination VM and the specified user to form a second mapping relationship according to the obtained first mapping relationship (202); and storing the second mapping relationship on a destination cloud platform (203). Therefore, a user that has registered on the source VM can log in to a virtual desktop corresponding to the destination VM and does not need to register on the destination VM again.
    Type: Grant
    Filed: March 3, 2017
    Date of Patent: November 26, 2019
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Qingxiang Peng
  • Patent number: 10482518
    Abstract: According to one aspect, embodiments of the invention provide a router having a first I/O terminal and a second I/O terminal, wherein the first I/O terminal is configured to be in communication with at least one client via a first network, wherein the second I/O terminal is configured to be in communication with a plurality of remote servers via a second network, and wherein the router is configured to receive, at the first I/O terminal via the first network, a web services request from the at least one client, identify, based on the web services request from the at least one client, a group of the plurality of remote servers that are capable of fulfilling the web services request, and transmit, in parallel via the second I/O terminal and the second network, the received web services request to each one of the plurality of remote servers within the group.
    Type: Grant
    Filed: October 18, 2017
    Date of Patent: November 19, 2019
    Assignee: Walmart Apollo, LLC
    Inventor: John R. Frerking
  • Patent number: 10454761
    Abstract: Disclosed are various examples for client device migration to utilize management platform features. In one example, the client device is enrolled with a management service. Enterprise status data is requested and received from a client device. The status data indicates that the client device is compatible with a management platform. An indication that migration is accepted is received from the client device. A previous management profile is uninstalled on the client device. A device record that is compatible with the management platform is created. A management profile that is compatible with the management platform is installed on the client device.
    Type: Grant
    Filed: May 1, 2017
    Date of Patent: October 22, 2019
    Assignee: VMWARE, INC.
    Inventors: Gaurav Verma, Suchit Shivashankar
  • Patent number: 10437439
    Abstract: A method for providing one or more dynamic modifications relating to an electronic device are described. In some embodiments, methods may include receiving a workspace framework, receiving one or more applications relating to the workspace framework, receiving user input, and modifying at least one of the workspace framework and the one or more applications based at least in part on receiving the user input.
    Type: Grant
    Filed: March 12, 2015
    Date of Patent: October 8, 2019
    Assignee: Symantec Corporation
    Inventor: Ankit Kurani
  • Patent number: 10440009
    Abstract: Techniques are disclosed to leverage third party “cookie stitchers” for cross-device user identification, which may be used by a network server to selectively provide content to a user. The techniques include a cookie stitcher associating a user with multiple computing devices, which in turn notifies the network server when the same user requests access to provided content on separate occasions from different computing devices. The cookie stitcher may also have access to a user record regarding the identified user, and may provide this record data to the network server to identify other characteristics about the user. Based upon the particular type of information that is identified, the network server may provide varying degrees of access to content and/or allow the user to interact with one or more applications supported by the network server in different ways.
    Type: Grant
    Filed: July 18, 2017
    Date of Patent: October 8, 2019
    Assignee: WALGREEN CO.
    Inventors: Peter Manwiller, Adam Crouch
  • Patent number: 10432592
    Abstract: Methods, systems, computer-readable media, and apparatuses may provide password encryption for hybrid cloud services. A workspace cloud connector internally residing with an entity may intercept user credentials associated with an internal application being transmitted to an external cloud service. The workspace cloud connector may generate an encryption key and encrypt the user credentials via a reversible encryption methodology. The workspace cloud connector may encrypt the encryption key using an irreversible encryption methodology (e.g., use a hashing function to produce a first hash). The workspace cloud connector may transmit the encrypted user credentials and the first hash to a virtual delivery agent via a first path (e.g., via the external cloud service). In response, the workspace cloud connector may receive an address of the virtual delivery agent and, using the address, may send the encryption key to the virtual delivery agent via a second path different from the first path.
    Type: Grant
    Filed: May 9, 2016
    Date of Patent: October 1, 2019
    Assignee: Citrix Systems, Inc.
    Inventors: Leo C Singleton, IV, Andy Cooper
  • Patent number: 10423796
    Abstract: According to an example, to authenticate a user of a computing device, a user login request with at least one primary credential is received from a computing device. At least one primary credential is validated to authenticate the user, and a first device token is created and transmitted to the computing device. A secondary credential is received from the computing device, and a server token and a reference to the server token is created. The server token is encrypted and stored and the server token reference is sent to computing device for use in a subsequent authentication with the secondary credential.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: September 24, 2019
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Michael B Beiter, Matthew Messinger
  • Patent number: 10423776
    Abstract: Systems and methods for password-based authentication are described. A password hardening method may include a step of receiving input provided by a user, wherein the user-provided input includes a password provided by the user for an application, and wherein at least a portion of the application is protected by a password-based authentication service. The method may also include a step of obtaining a hardened password for the user for the application, wherein the hardened password is based, at least in part, on the user-provided password, identification data associated with the application, and at least a portion of an entropy datastore associated with the user. The method may also include a step of providing the hardened password to the password-based authentication service, wherein the authentication service grants the user access to the password-protected portion of the application based, at least in part, on the provided hardened password.
    Type: Grant
    Filed: June 14, 2016
    Date of Patent: September 24, 2019
    Inventor: Zhiwei Li
  • Patent number: 10419488
    Abstract: A system may delegate authority to manage aspects of a security policy developed by administrative personnel to standard users (e.g. non-administrative personnel) corresponding to managed accounts within an administrative hierarchy. An exemplary security policy may include application management settings that allow or deny individual applications with access to various enterprise resources. The system may expose one or more user interfaces to standard users of an enterprise network to enable these standard users to modify the security policy being deployed for their managed account and/or to at least temporarily exempt a particular application from the enterprise's security policy. For example, upon a standard user attempting to access enterprise data with a particular application that is not permitted such access, the system may enable this standard user to change the security policy as applied to her device or to simply exempt the particular application from the security policy.
    Type: Grant
    Filed: March 3, 2017
    Date of Patent: September 17, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Preston Derek Adam, Violet Anna Barhudarian, Narendra S. Acharya, Richard June, Shayak Lahiri, Qiongzhi Wu
  • Patent number: 10412091
    Abstract: The described technology provides a single sign-on capability so that a user who is already signed on to a web application from a client application may not be required to sign-on again when he/she later needs access to the web application from the same or another client application. The technology also provides a multiple login prevention capability to detect multiple sign-on events using the same credentials and disable one or more of the associated multiple sessions.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: September 10, 2019
    Assignee: Nasdaq, Inc.
    Inventor: Vladimir Mitevski
  • Patent number: 10412573
    Abstract: Embodiments of this application provide a near-field wireless communication service processing method performed at a first computing device. While running a social networking application, the first computing device listens to a near-field wireless communication signal broadcasted by a second computing device. After detecting the near-field wireless communication signal broadcasted by the second computing device, first computing device processes the near-field wireless communication signal to obtain identification information associated with the second computing device. The first computing device sends the identification information associated with the second computing device to a remote server supporting the social networking application and obtains a preset service page corresponding to the identification information associated with the second computing device from the server, and displays the preset service page within the social networking application on the first computing device.
    Type: Grant
    Filed: August 6, 2018
    Date of Patent: September 10, 2019
    Inventors: Kai Ma, Maohua Chen, Mo Zhao, Zhenxi Qiu, Xiaoming Wu, Nan Cheng, Xiaohui Zheng, Junxiong Chen, Jinheng Xie, Zhe Cheng, Le Yu, Shuhui Mei, Chi Zhang, Huiqin Yang, Yao Qin, Shunfu Ye, Tao Zhang, Wenrong Tang, Yangbin Huang, Ming He, Chaoxiong Diao, Pengbo Zhang, Guanqiao Su, Hongmin Zheng, Xiaojuan Zhang, Zhejin Huang, Xiaoyang Qian, Zhongming Guo, Xiaoyi Fang, Yang Zuo, Yan Dai
  • Patent number: 10397213
    Abstract: An access control service to provide access control for operations between resources and/or between resources and users in a cloud computing environment. The access control service receives a request to perform an operation. The requested operation could be initiated by a resource with respect to another resource. The requested operation could also be initiated by a user with respect to a resource. The access control service determines whether the requested operation is permitted. If the requested operation is permitted, the access control service provides the credentials required to perform the requested operation.
    Type: Grant
    Filed: May 26, 2015
    Date of Patent: August 27, 2019
    Assignee: CONJUR, INC.
    Inventors: Kevin Gilpin, Elizabeth Lawler
  • Patent number: 10382402
    Abstract: The invention relates to a telecommunications assembly (10) and a method for traversing an application layer gateway firewall (40) during the establishment of an RTC communication connection between an RTC client (20) and an RTC server (30) using a proprietary RTC signalling protocol, wherein the firewall (40) has no specific knowledge of the proprietary RTC signalling protocol.
    Type: Grant
    Filed: October 15, 2015
    Date of Patent: August 13, 2019
    Assignee: Unify GmbH & Co. KG
    Inventors: Karl Klaghofer, Thomas Stach, Jürgen Totzke
  • Patent number: 10366388
    Abstract: Disclosed are techniques that use devices with corresponding identity wallet applications that execute on an electronic processor device of the devices, and which identity wallets store identity information and encrypt the stored identity information. A distributed ledger system, and a broker system that interfaces to the wallet and the distributed ledger are used for various information exchange scenarios in which a requesting system and user devices, the distributed ledger system, the broker system and the requesting system are interconnected via an electronic network through respective network interface devices.
    Type: Grant
    Filed: April 13, 2016
    Date of Patent: July 30, 2019
    Assignee: Tyco Fire & Security GmbH
    Inventors: Richard Campero, Graeme Jarvis, Jason Ouellette
  • Patent number: 10361856
    Abstract: Embodiments of the invention are directed to systems and methods for validating transactions using a cryptogram. One embodiment of the invention is directed to a method of processing a remote transaction initiated by a communication device provisioned with a token. The method comprises receiving, by a service provider computer, from an application on the communication device, a request for a token authentication cryptogram, wherein the token authentication cryptogram includes encrypted user exclusive data. The service provider computer may generate the token authentication cryptogram to include the user exclusive data. The service provider computer may send the token authentication cryptogram to the application, where the token authentication cryptogram can be used to validate the transaction, and the user exclusive data is extracted from the token authentication cryptogram during validation.
    Type: Grant
    Filed: June 23, 2017
    Date of Patent: July 23, 2019
    Assignee: Visa International Service Association
    Inventors: Michael Cassin, Christian Flurscheim, Christopher Jones
  • Patent number: 10348720
    Abstract: A cloud authentication system is disclosed. A request for an authentication setup for a first user of a first service provider is received. Additional information, such as authentication criteria, can further be received, such as from the first service provider. A set of stimuli to associate with a first user profile of the first user of the first service provider is stored.
    Type: Grant
    Filed: June 10, 2015
    Date of Patent: July 9, 2019
    Assignee: RavenWhite Inc.
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 10339123
    Abstract: Examples of data management for tenants are described herein. In an example, a storage system includes a management tree for each of a plurality of tenants associated with the storage system. The management tree includes data management policies defined by the tenant. Further, the management tree includes a storage tree, which is mapped to a storage domain. The storage domain may hold data pertaining to the tenant. The data may be managed based on the data management policies defined by one of the management tree and the storage tree.
    Type: Grant
    Filed: January 15, 2015
    Date of Patent: July 2, 2019
    Inventors: Dinesh Venkatesh, Kishore Kumar M
  • Patent number: 10334040
    Abstract: In a non-transitory computer-readable storage medium having instructions embodied therein that when executed cause a computer system to perform a method of sharing information between pre-configured hyper-converged computing devices over a wide area network via a distributed peer-to-peer protocol. The method includes automatically discovering pre-configured hyper-converged computing devices in a local area network, and sharing information between pre-configured hyper-converged computing devices over a wide area network via a distributed peer-to-peer protocol such that there is no single point of failure for the sharing information between the pre-configured hyper-converged computing devices over the wide area network.
    Type: Grant
    Filed: May 1, 2015
    Date of Patent: June 25, 2019
    Assignee: VMware, Inc.
    Inventors: Dave Shanley, Wit Riewrangboonya
  • Patent number: 10321385
    Abstract: A method and apparatus are provided for web-based real-time communication. The method includes receiving, from a user equipment (UE), a message requesting information about an Internet Protocol Multimedia Subsystem (IMS) network to which the user equipment (UE) is to access; transmitting, to the UE, address information of the IMS network to which the UE is to access, in response to the received message; and transmitting, to a network device of the IMS network, information about the UE to request establishment of a bearer for a web-based real-time data service. A signaling message for the web-based real-time data service is transmitted between the UE and the IMS network through the bearer.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: June 11, 2019
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Young-Kyo Baek, Song-Yean Cho, Sang-Soo Jeong
  • Patent number: 10289861
    Abstract: Embodiments of a system and method for sharing media content are generally described herein. A method may include receiving, from a first clearing device, a first indication of approval for sharing media content from an originating device, the first indication identifying the originating device, sending an encryption key for sharing the media content to the originating device, receiving an encrypted file, the encrypted file including the media content encrypted using the encryption key from the originating device, sending the encryption key and the encrypted file to a second clearing device, receiving, from the second clearing device, a second indication of approval for viewing media content, the second indication identifying a destination device, and sending, in response to receiving the second indication of approval, the encryption key and the encrypted file to the destination device.
    Type: Grant
    Filed: July 1, 2016
    Date of Patent: May 14, 2019
    Assignee: Intel Corporation
    Inventors: Glen J. Anderson, Robert Adams, Yevgeniy Yarmosh
  • Patent number: 10291609
    Abstract: A technique for promoting network security employs a vault appliance that serves as a local security hub for users and their devices. The vault appliance securely stores user information and definitions of rights, i.e., activities that user devices may perform, and securely dispatches those rights in response to right-requests from devices and subject to verification.
    Type: Grant
    Filed: November 9, 2016
    Date of Patent: May 14, 2019
    Assignee: Reavire, Inc.
    Inventor: Jeff Gullicksen
  • Patent number: 10291658
    Abstract: Techniques to apply and share remote policies on personal devices are described. In an embodiment, a technique includes contacting an enterprise server from an enterprise application operating on a personal device. The enterprise application may receive policies from the enterprise server. The policies may be applied to the enterprise application. When a second enterprise application on the personal device is launched, the policies may also be applied to the second enterprise application. When a policy is changed on the enterprise server, notification is pushed to the personal device and all related enterprise applications on the personal device may be updated to enforce the policy change. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 9, 2011
    Date of Patent: May 14, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jonathan Kent, Michael Hamler, Shivakumar Seetharaman, Gregory Bolles