Global (e.g., Single Sign On (sso), Etc.) Patents (Class 726/8)
  • Patent number: 10321385
    Abstract: A method and apparatus are provided for web-based real-time communication. The method includes receiving, from a user equipment (UE), a message requesting information about an Internet Protocol Multimedia Subsystem (IMS) network to which the user equipment (UE) is to access; transmitting, to the UE, address information of the IMS network to which the UE is to access, in response to the received message; and transmitting, to a network device of the IMS network, information about the UE to request establishment of a bearer for a web-based real-time data service. A signaling message for the web-based real-time data service is transmitted between the UE and the IMS network through the bearer.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: June 11, 2019
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Young-Kyo Baek, Song-Yean Cho, Sang-Soo Jeong
  • Patent number: 10291658
    Abstract: Techniques to apply and share remote policies on personal devices are described. In an embodiment, a technique includes contacting an enterprise server from an enterprise application operating on a personal device. The enterprise application may receive policies from the enterprise server. The policies may be applied to the enterprise application. When a second enterprise application on the personal device is launched, the policies may also be applied to the second enterprise application. When a policy is changed on the enterprise server, notification is pushed to the personal device and all related enterprise applications on the personal device may be updated to enforce the policy change. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 9, 2011
    Date of Patent: May 14, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jonathan Kent, Michael Hamler, Shivakumar Seetharaman, Gregory Bolles
  • Patent number: 10289861
    Abstract: Embodiments of a system and method for sharing media content are generally described herein. A method may include receiving, from a first clearing device, a first indication of approval for sharing media content from an originating device, the first indication identifying the originating device, sending an encryption key for sharing the media content to the originating device, receiving an encrypted file, the encrypted file including the media content encrypted using the encryption key from the originating device, sending the encryption key and the encrypted file to a second clearing device, receiving, from the second clearing device, a second indication of approval for viewing media content, the second indication identifying a destination device, and sending, in response to receiving the second indication of approval, the encryption key and the encrypted file to the destination device.
    Type: Grant
    Filed: July 1, 2016
    Date of Patent: May 14, 2019
    Assignee: Intel Corporation
    Inventors: Glen J. Anderson, Robert Adams, Yevgeniy Yarmosh
  • Patent number: 10291609
    Abstract: A technique for promoting network security employs a vault appliance that serves as a local security hub for users and their devices. The vault appliance securely stores user information and definitions of rights, i.e., activities that user devices may perform, and securely dispatches those rights in response to right-requests from devices and subject to verification.
    Type: Grant
    Filed: November 9, 2016
    Date of Patent: May 14, 2019
    Assignee: Reavire, Inc.
    Inventor: Jeff Gullicksen
  • Patent number: 10285056
    Abstract: Methods, systems, and computer-readable media for using derived credentials to enroll a mobile computing device with an enterprise mobile device management system are described herein. In various embodiments, a mobile computing device, responsive to a command to enroll with an enterprise mobile device management server, may launch an enrollment application; send an enrollment request message to the enterprise mobile device management server; switch to a certificate management system application on the mobile computing device; request one or more derived credentials from a certificate management system server; store the one or more derived credentials in a shared vault on the mobile computing device; switch to the enrollment application; retrieve a derived credential of the one or more derived credentials stored in the shared vault; and, provide the derived credential to the enterprise mobile device management server to enroll the mobile computing device with at least one mobile device management service.
    Type: Grant
    Filed: April 10, 2017
    Date of Patent: May 7, 2019
    Assignee: Citrix Systems, Inc.
    Inventors: Shaunak Mistry, Younus Aftab
  • Patent number: 10284642
    Abstract: A pre-configured hyper-converged computing device for supporting a virtualization infrastructure includes one or more independent server nodes each comprising a CPU, memory, and storage. The device also includes a peer-to-peer communication agent, that when executed, provides peer-to-peer communication between pre-configured hyper-converged computing devices in a wide area network, and enables a federated single sign-on to the wide area network.
    Type: Grant
    Filed: May 1, 2015
    Date of Patent: May 7, 2019
    Assignee: VMware, Inc.
    Inventors: Dave Shanley, Wit Riewrangboonya
  • Patent number: 10284532
    Abstract: Methods and systems for managing access to a resource by one of a plurality of applications. The method comprises: storing, in a first storage area associated with a first application, a first credential for use in accessing the resource; receiving, at a second application, a message comprising data for determining that the first application stores a validated credential for accessing the resource; sending a request for the validated credential from the second application to the first application; receiving the first credential at the second application from the first application in response to the request sent; and storing the first credential in a second storage area associated with the second application; wherein the message received at the second application is received from a server system, remote from the plurality of applications, which maintains data indicating a subset of the plurality of applications which store respective validated credentials for accessing the resource.
    Type: Grant
    Filed: February 25, 2016
    Date of Patent: May 7, 2019
    Assignee: BlackBerry Limited
    Inventors: Sean Michael Quinlan, Haniff Somani, Alibek Jorajev, Sanjiv Maurya, Gary Gilchrist, Luis Chirinos, Kevin Charles Lohman, Nicholas Van Someren
  • Patent number: 10277572
    Abstract: Systems, methods, and software can be used to share content. In some aspect, an enterprise mobility management (EMM) server receives a command for provisioning a user for an enterprise service at an identity provider (IDP). The EMM server sends a user provisioning request to the IDP. The user provisioning request includes a user identity attribute and a user entitlement attribute, the user identity attribute identifies the user, and the user entitlement attribute indicates an access level associated with the user for the enterprise service. The EMM server receives a user provisioning response from the IDP. The user provisioning response indicates that the user is provisioned at the IDP for the enterprise service.
    Type: Grant
    Filed: April 12, 2016
    Date of Patent: April 30, 2019
    Assignee: BlackBerry Limited
    Inventors: Mendel Elliot Spencer, Kirk Douglas Smith, David Brian Seel, Robert Lorne Bowerman, Aleksandar Susnjar, Calin Marius Bozsitz
  • Patent number: 10263962
    Abstract: Methods are provided for authenticating user authentication data, associated with a user ID, at an authentication system. The authentication system comprises an authentication server connected to a network, and a secure cryptoprocessor operatively coupled to the authentication server. A first token for the user ID is provided in data storage operatively coupled to the authentication server. The first token is produced by the secure cryptoprocessor by encoding the user authentication data associated with the user ID via an encoding process dependent on a secret key of the secure cryptoprocessor. The authentication server receives an authentication request for the user ID from a remote computer via the network. The authentication request comprises a ciphertext encrypting user authentication data under a public key of a first public-private key pair, the private key of which is secret to the secure cryptoprocessor.
    Type: Grant
    Filed: May 10, 2017
    Date of Patent: April 16, 2019
    Assignee: International Business Machines Corporation
    Inventors: Mark Korondi, Daniel Kovacs, Zoltan Arnold Nagy
  • Patent number: 10241696
    Abstract: The present disclosure relates to protecting computer systems from installation of rogue shared libraries when executable files are launched. An example method generally includes detecting that a downloaded file has been written to an insecure location on the computing device. A computing device determines that the downloaded file includes at least a first executable component and, upon determining that the downloaded file includes executable components, generates a copy of the executable component in a protected repository on the computing device. The computing device overwrites the contents of the executable component with at least instructions to launch the copy of the downloaded file from the protected repository.
    Type: Grant
    Filed: February 15, 2017
    Date of Patent: March 26, 2019
    Assignee: Symantec Corporation
    Inventor: Daniel J. Kowalyshyn
  • Patent number: 10230564
    Abstract: A single sign-on system accepts master credentials from a user device and/or application, and automatically signs on to supported services using account credentials corresponding to those services. If the user has not created an account used by a particular device or application, the system can automatically interact with the account service to create the account. Similarly, if the device or application that relies on the account has not already been registered with the account, the system automatically interacts with the account to register the device or account.
    Type: Grant
    Filed: April 29, 2011
    Date of Patent: March 12, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Luhui Hu, Jonathan A. Leblang, David J. Zimmer
  • Patent number: 10230710
    Abstract: One embodiment of the invention is directed to a computer-implemented method comprising, receiving registration information for one or more application programming interfaces (APIs) at a registrar computer system associated with a federated network of computing devices. The method further comprises generating a unique address for each API included in the registration information. The method further comprises generating a token confirming the registration of the APIs where the token identifies a trust relationship within the federated network of computing devices. The method further comprises receiving a request for the token from another registrar computer system that includes a canonical address for a particular API of the one or more APIs. The method further comprises providing the token to establish a secure connection with the federated network of computing devices.
    Type: Grant
    Filed: August 4, 2016
    Date of Patent: March 12, 2019
    Assignee: Visa International Service Association
    Inventor: Quan Wang
  • Patent number: 10229262
    Abstract: An approach is described for securely and automatically handling credentials when used for accessing endpoints, and/or applications and resources on the endpoints, and more particularly accessing web endpoints and/or web applications and resources on the web endpoints. The approach involves selecting and injecting credentials at an endpoint by an accessor and/or protocol agent to log into the endpoint, running applications, or gaining access to resources on the endpoint, without full credential information traversing the accessor's machine.
    Type: Grant
    Filed: June 27, 2017
    Date of Patent: March 12, 2019
    Assignee: Bomgar Corporation
    Inventors: Rajesh Cherukuri, John Burns Smith, III, Nicholas Shawn Twerdochlib, Ricardo Fabiano De Andrade
  • Patent number: 10225244
    Abstract: Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.
    Type: Grant
    Filed: September 22, 2014
    Date of Patent: March 5, 2019
    Assignee: Oracle International Corporation
    Inventors: Marc B. Manza, Mrudul Uchil, Smith William Cornwell, Siva Sundeep Kuppala
  • Patent number: 10218707
    Abstract: A computer account server receives a nominee identity from an account owner associated with owner access credentials. The nominee identity is stored in a data structure of a computer account that is selected based on the owner access credentials. Electronic access to information stored in the data structure is then restricted to access requests from computer terminals that provide the owner access credentials. In response to determining that an account handoff event has become satisfied for the computer account, the computer account server sends a nominee handoff message using the nominee identity retrieved from the data structure. A nominee access request message is received from a nominee computer terminal. In response to validating content of the nominee access request message, the computer account server modifies the restriction of electronic access to grant the nominee computer terminal electronic access to the information stored in the data structure of the computer account.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: February 26, 2019
    Assignee: CA, Inc.
    Inventors: Rajendra Kumar Pachouri, Chinmay Namjoshi, Lal Mohan Kumar, Hitesh Jain
  • Patent number: 10216789
    Abstract: Different data-sets for functionality to be synchronized across users can be identified by many variable including social networks the user is participating in, by identified interests of the user, by the physical location of the device being synchronized, by one or more applications being used on the device, by the season, by a social event being attended by a user, and by a wireless network being accessed at that time.
    Type: Grant
    Filed: November 26, 2014
    Date of Patent: February 26, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Judith H Bank, Liam Harpur, Ruthie D Lyle, Patrick J O'Sullivan, Lin Sun
  • Patent number: 10212152
    Abstract: Embodiments of the invention provide a method, system and computer program product for advanced application authentication utilizing an application key. In a method of the invention, an end user provides in a single user interface screen for authenticating into an application, each of a user identification, password and an application key. Thereafter, the application key is validated in connection with the user identification. If the application key validates in connection with the user identification, one or more application parameters for the application necessary to complete a log-in process are retrieved and the end user is authenticated into the application utilizing each of the user identification, password and application parameters so as to complete the log in process for the end user and the application and the end user is granted the ability to utilize the application.
    Type: Grant
    Filed: May 19, 2016
    Date of Patent: February 19, 2019
    Assignee: SUGARCRM INC.
    Inventor: Anirban Maiti
  • Patent number: 10171467
    Abstract: Example embodiments of the present disclosure provide methods, devices, and computer programs for authorization detection. The first system receives, from the second system unauthorized by the first system, a request for operating a resource of the first system. The first system causes a detection of an authorization chain to be detected based on the first record that at least indicates one or more systems that are authorized by the first system. The authorization chain includes at least a third system that authorizes the second system and is authorized by the first system. If the authorization chain is detected, the first system authorizes the operation of the resource of the first system.
    Type: Grant
    Filed: July 21, 2016
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: Lei Nie, Chun Lei Xu
  • Patent number: 10171451
    Abstract: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1?n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2?t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T?t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
    Type: Grant
    Filed: June 13, 2018
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: Jan Camenisch, Yossi Gilad, Anja Lehmann, Zoltan A. Nagy, Gregory Neven
  • Patent number: 10164965
    Abstract: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1?n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2?t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T?t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
    Type: Grant
    Filed: June 13, 2018
    Date of Patent: December 25, 2018
    Assignee: International Business Machines Corporation
    Inventors: Jan Camenisch, Yossi Gilad, Anja Lehmann, Zoltan A. Nagy, Gregory Neven
  • Patent number: 10164964
    Abstract: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1?n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2?t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T?t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
    Type: Grant
    Filed: June 13, 2018
    Date of Patent: December 25, 2018
    Assignee: International Business Machines Corporation
    Inventors: Jan Camenisch, Yossi Gilad, Anja Lehmann, Zoltan A. Nagy, Gregory Neven
  • Patent number: 10158622
    Abstract: A system and method are presented for providing generic single sign-on in an electronic device. Information is received that identifies one or more applications and associated identity authenticators and a whitelist of the identified applications and authenticators is created. A request for an access token is received from a requesting application. If the requesting application is listed in the whitelist, an authenticator associated with the requesting application is determined and a request for an access token is sent to the associated authenticator. In response to the request, an access token is received from the authenticator and the access token is sent to the requesting application. If the requesting application is not listed in the whitelist, a predefined response message is sent to the requesting application.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: December 18, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Haiqing Jiang, Varun Shimoga Prakash, Xiao Liu, Pavan Kumar Emani, Xiao Zhang, Xinwen Zhang
  • Patent number: 10148640
    Abstract: This disclosure describes a method for accessing network resources which includes receiving by a first application in a mobile computing device sign-in information from a user and enabling the user to sign in to a second application with the first application to access network resources from a resource server based on (a) a first application identification (ID) of the second application, (b) the user authorizing the second application to the resource server, and (c) receiving an authorization grant from the resource server to enable the second application to access the network resources, the mobile computing device coupled with the resource server via a network.
    Type: Grant
    Filed: September 12, 2016
    Date of Patent: December 4, 2018
    Assignee: salesforce.com, inc.
    Inventors: Sachin Desai, Qingqing Liu, Ronald Fischer
  • Patent number: 10142378
    Abstract: A virtual identity and context module may generate a virtual identity for a user. Virtual identities for different categories of users may be sourced from disparate identity services. For example, a first authentication of the user provided by a first identity service may be identified. A first virtual attribute field of the virtual identity may be populated or filled based on a first attribute field associated with the first identity service. A second identity service associated with the user may also be identified. A second virtual attribute field of the virtual identity may be populated or filled based on a second attribute field associated with the second identity service. Access to an application may be provided to a user based on the virtual attribute fields of the virtual identity that has been generated for the user.
    Type: Grant
    Filed: January 30, 2014
    Date of Patent: November 27, 2018
    Assignee: SYMANTEC CORPORATION
    Inventors: Robert Koeten, Jeff L. Lowe
  • Patent number: 10142331
    Abstract: The present disclosure provides a method, terminal, and system for authentication with respect to an application. The present techniques may be applicable at a terminal with near-field communication function. When a particular operation of the application is triggered, a near-field device within a certain distance of a terminal is detected. An identification of the near-field device is obtained. The identification is sent to a server to request the server to determine whether the near-field device is a particular near-field device corresponding to the particular operation. A result of authentication performed by the server according to the identification is obtained. A following processing is applied to the particular operation according to the result of authentication. The present techniques ensure safety of operations of the application operated at the terminal.
    Type: Grant
    Filed: December 2, 2016
    Date of Patent: November 27, 2018
    Assignee: Alibaba Group Holding Limited
    Inventor: Dong Ye
  • Patent number: 10135806
    Abstract: A method for creating a virtual SIP user agent by use of a webRTC enabled web browser (200) comprises a user logging in to a web application server (400) via a webRTC enabled web browser (200). The web application server (400) uses the logged on user identity to lookup an associated SIP user identity along with a registrar server address and the web application server (400) initiates a SIP registration procedure using its IP address as the registered contact.
    Type: Grant
    Filed: September 26, 2017
    Date of Patent: November 20, 2018
    Assignee: Unify GmbH & Co. KG
    Inventors: Eleni Saridaki, Elias Balafoutis
  • Patent number: 10120896
    Abstract: Different data-sets for functionality to be synchronized across users can be identified by many variable including social networks the user is participating in, by identified interests of the user, by the physical location of the device being synchronized, by one or more applications being used on the device, by the season, by a social event being attended by a user, and by a wireless network being accessed at that time.
    Type: Grant
    Filed: February 18, 2014
    Date of Patent: November 6, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Judith H Bank, Liam Harpur, Ruthie D Lyle, Patrick J O'Sullivan, Lin Sun
  • Patent number: 10097533
    Abstract: An identity management system provides single sign-on (SSO) services to clients, logging the clients into a variety of third-party services for which the clients have accounts. An SSO integration is stored for each of the third-party services, the SSO integration including information that allows the identity management system to automate the login for the corresponding third-party service, such as locations of the login pages, and/or identities of username and password fields. The identity management system uses different techniques in different embodiments to detect that a given SSO integration is broken (i.e., no longer permits login for its corresponding third-party service) and/or to repair the SSO integration.
    Type: Grant
    Filed: September 4, 2015
    Date of Patent: October 9, 2018
    Assignee: OKTA, INC.
    Inventors: Reman P. Child, Hassen Karaa, Xin Gu, Hector Aguilar-Macias, Andrew P. Drozdov
  • Patent number: 10095834
    Abstract: Various embodiments implement a multiplatform system architected to provide secure messaging between a plurality of disparate systems (e.g., mobile devices, secure cloud systems, remote locations, health monitoring devices, fitness centers, etc.), co-ordinate resources associated with each of the disparate systems, manage communication between proprietary applications via customized application programming interfaces (APIs) and manage reservation of resources of the disparate systems via the APIs. Further embodiments enable an extensible system architecture to incorporate additional systems. In some embodiments, the system includes a multi-layered database architecture to mediate information and access control (e.g., based on inheritable privileges, specific user classes are allowed or denied access to data in the database). In further embodiments, the data architecture is architected with access layers that ensure compliance with regulatory systems governing health data.
    Type: Grant
    Filed: May 6, 2016
    Date of Patent: October 9, 2018
    Assignee: YC Wellness, Inc.
    Inventors: Joseph Howley, Jonathan Ervin Creekmore
  • Patent number: 10089098
    Abstract: Systems and methods for providing an application marketplace configured to install applications outside of an application store provided by the entity providing the operating system of a computing device in accordance with embodiments of the invention are illustrated.
    Type: Grant
    Filed: February 7, 2017
    Date of Patent: October 2, 2018
    Assignee: SweetLabs, Inc.
    Inventor: Adrian Bourke
  • Patent number: 10085150
    Abstract: Examples of techniques for authenticating mobile applications are described herein. A method can include receiving, by a processor, a key pair and a policy file associated with a mobile service. The processor can receive a service request from a mobile application at a security gateway. The processor can detect that the service request includes an invalid or missing access token. The processor can redirect the mobile application to request a grant token from an authorization end point on a server. The processor can receive a grant token request from the mobile application and forward the grant token request to the server based on a policy file, the policy file including a list of: a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication.
    Type: Grant
    Filed: May 11, 2017
    Date of Patent: September 25, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Ishai Borovoy, Iddo Levin, Haim Schneider, Gal Shachor, Artem Spector
  • Patent number: 10063547
    Abstract: A third-party application client performs authorization authentication with a user client and a platform server. The third party application obtains an access token and an open ID. The third-party application client interacts with the platform server for information related to the user ID by using the token, calls the user client or is called by the user client according to the open ID. The third-party application client may interact with the platform server for the information related to the user ID by using the token, so that other resources or information of the user accumulated for the platform server can be used by the third-party application client continuously.
    Type: Grant
    Filed: March 10, 2015
    Date of Patent: August 28, 2018
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Xiaolong Zhang, Bin Zhang, Yuetong Mai, Runda Cai, Jisheng Huang, Kunfeng Rong, Sixin Gu, Yi Duan, Linping Tang, Wa Ye, Xixi Wang, Hongyang Wang
  • Patent number: 10061917
    Abstract: System and method of a single machine or cluster of machines acting as a single machine that simplifies and consolidates the hosting of appliances using virtualization, containers, and or any type of sandboxing to host virtual appliances, however, interconnecting these appliance nodes in a manner of having one centralized node acting as the security center, firewall appliance, and information distributer for not only the local virtual network(s), machines, appliances, but physical and foreign virtual networks which includes but is not limited to wireless connectivity and or whatever the current ubiquitous connectivity, as well as multiple sub-networks via single or multiple networking adapters; using these methods allows for a completely secure customized network environment with all the needed appliances for the intended use case.
    Type: Grant
    Filed: May 4, 2015
    Date of Patent: August 28, 2018
    Inventor: Benjamin Robert Gardner
  • Patent number: 10063568
    Abstract: A method, system and computer-usable medium are disclosed for generating a cyber behavior profile, comprising: monitoring user interactions between a user and an information handling system; converting the user interactions and the information about the user into electronic information representing the user interactions; generating a unique cyber behavior profile based upon the electronic information representing the user interactions and the information about the user; and, storing information relating to the unique cyber behavior profile in a behavior blockchain.
    Type: Grant
    Filed: January 24, 2018
    Date of Patent: August 28, 2018
    Assignee: Forcepoint LLC
    Inventors: Richard Anthony Ford, Brandon L. Swafford, Christopher Brian Shirey, Matthew P. Moynahan, Richard Heath Thompson
  • Patent number: 10063552
    Abstract: Application-manager software authenticates a user of a client device over a channel. The authentication operation is performed using a directory service. The application-manager software presents a plurality of applications in a GUI displayed by the client device. The plurality of applications depends on the authentication, the client device, and the channel. And the plurality of applications includes a thin application and a software-as-a-service (SaaS) application. The application-manager software receives a selection as to an application from the user. If the selection is for the SaaS application, the application-manager software provisions the SaaS application. The provision includes automatically logging the user onto an account with a provider of the SaaS application using a single sign-on and connecting the user to the account so that the user can interact with the SaaS application. If the selection is for the thin application, the application manager software launches the thin application.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: August 28, 2018
    Assignee: VMware, Inc.
    Inventors: William Pugh, Michael Eakes, Ojvind Bernander, Pradyumna Gundavaram
  • Patent number: 10057238
    Abstract: Devices, systems, and methods for generating a secure token specific to an online service provider are provided. User account information of a user is transmitted to a token processor from an online service provider requesting a secure token generation. The token processor also receives, from the online service provider, exchange information for an exchange between the user and the online service provider. The token processor generates, based on the exchange information and the user account information, a secure token to be used for the exchange. The generated secure token is mapped to the online service provider and transmitted to the online service provider. The exchange information is deleted from the online service provider. The stored secure token is usable only at the mapped online service provider.
    Type: Grant
    Filed: February 28, 2018
    Date of Patent: August 21, 2018
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventor: Michael Gulledge
  • Patent number: 10049224
    Abstract: Some aspects of the disclosure generally relate to providing single sign on features in mobile applications in a secure environment using a shared vault. An application may prompt a user to provide user entropy such as a passcode (e.g. a password and/or PIN). The application may use the user entropy to decrypt a user-entropy-encrypted vault key. Once the vault key is decrypted, the application may decrypt a vault database of the shared vault. The shared vault may store shared secrets, such as server credentials, and an unlock key. The application may store the unlock key, generate an unlock-key-encrypted vault key, and cause the shared vault to store the unlock-key-encrypted vault key, thereby “unlocking” the vault. The application may then use the unlock key to decrypt the vault database without prompting the user to provide user entropy again.
    Type: Grant
    Filed: March 10, 2017
    Date of Patent: August 14, 2018
    Assignee: Citrix Systems, Inc.
    Inventors: Georgy Momchilov, Ola Nordstrom
  • Patent number: 10033763
    Abstract: An application launcher is disclosed for retrieving and permitting launch of multiple mobile applications through a single, secure authentication process, and a method of use. The method includes receiving a request to launch one or more applications through a single authentication process. The method further includes authenticating a user through an application launcher. The method further includes appending a security token to one or more applications upon authentication of the user to enable the user to launch the one or more applications through the single authentication process provided by the application launcher.
    Type: Grant
    Filed: May 3, 2013
    Date of Patent: July 24, 2018
    Assignee: Kony INC.
    Inventors: Raj Kumar Koneru, Pattabhi Rama Rao Dasari, Prajakt Deshpande, Rajendra Komandur, Sriram Ramanathan, Matthew Terry, Matthew Trevathan, Sathyanarayana Vennapusala
  • Patent number: 10019247
    Abstract: Systems and methods for providing an application marketplace configured to install applications outside of an application store provided by the entity providing the operating system of a computing device in accordance with embodiments of the invention are illustrated. In one embodiment, a computing device includes a processor and a memory connected to the processor and storing an application installation application, wherein the application installation application directs the processor to obtain target information including data descriptive of the computing device, transmit a request for a set of recommended applications, where the request includes the target information, obtain recommended application data identifying at least one installation package targeted to the computing device based on the target information, and install the recommended application data on the computing device. In an additional embodiment, the recommended application data is signed using an OEM key.
    Type: Grant
    Filed: May 15, 2015
    Date of Patent: July 10, 2018
    Assignee: SweetLabs, Inc.
    Inventor: Adrian Bourke
  • Patent number: 9992194
    Abstract: A method including registering an authority device for an account on an auth platform; receiving transaction request from an initiator to the auth platform; messaging the authority device with the transaction request; receiving an authority agent response from the authority device to the auth platform; if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator; and if the authority agent response denies the transaction, communicating a denied transaction to the initiator.
    Type: Grant
    Filed: November 29, 2016
    Date of Patent: June 5, 2018
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Douglas Song, Adam Goodman
  • Patent number: 9985972
    Abstract: The described technology provides a single sign-on capability so that a user who is already signed on to a web application from a client application may not be required to sign-on again when he/she later needs access to the web application from the same or another client application. The technology also provides a multiple login prevention capability to detect multiple sign-on events using the same credentials and disable one or more of the associated multiple sessions.
    Type: Grant
    Filed: November 3, 2016
    Date of Patent: May 29, 2018
    Assignee: Nasdaq, Inc.
    Inventor: Vladimir Mitevski
  • Patent number: 9967344
    Abstract: An image processing apparatus includes: a communication interface configured to communicate with at least one server and a relay device; a processor configured to execute functions; and a controller. The controller causes the image processing apparatus to: send the relay device identification information identifying the image processing apparatus; receive, from the relay device, setting information indicating which service is usable by the image processing apparatus identified by the transmitted identification information, among services provided by the at least one server; display at least one service image respectively identifying at least one usable service of the services based on the setting information; and limit selection of at least one of the functions, based on the setting information.
    Type: Grant
    Filed: March 27, 2015
    Date of Patent: May 8, 2018
    Assignee: Brother Kogyo Kabushiki Kaisha
    Inventor: Toyoshi Adachi
  • Patent number: 9954679
    Abstract: Disclosed are methods and systems for authenticating a key exchange between a first peer device and a second peer device. In an aspect, the first peer device sends federated login credentials of a user and a first identifier to a first federated login provider, receives a first authentication response from the first federated login provider, receives a second authentication response from the second peer device, authenticates the second authentication response with a second federated login provider, sends the first authentication response to the second peer device, receives an acknowledgment from the second peer device indicating that the second peer device has authenticated the first authentication response with the federated login provider, sends an acknowledgment to the second peer device indicating that the first peer device has authenticated the second authentication response, and authenticates the key exchange based on the acknowledgment from the second peer device.
    Type: Grant
    Filed: March 4, 2015
    Date of Patent: April 24, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Phil Tien Nguyen, Cameron Allen George McDonald, Gregory Burns
  • Patent number: 9953150
    Abstract: A processing method and system for identity authentication with a mobile terminal based on iris recognition is provided. The iris characteristic data of the user is encapsulated as iris identification data, which is further established as a unique identifier of the user for identity authentication. The mobile terminal compares the scanned iris characteristic data of the current user against the prestored iris identification data. When the iris characteristic data of the current user is in match with the prestored iris identification data, the mobile terminal is unlocked. Iris recognition is employed to verify the identity of the user, so as to control unlock the mobile terminal and log into the application.
    Type: Grant
    Filed: September 5, 2014
    Date of Patent: April 24, 2018
    Assignee: HUIZHOU TCL MOBILE COMMUNICATION CO., LTD.
    Inventor: Zhen Shi
  • Patent number: 9942217
    Abstract: Devices, systems, and methods for generating a secure token specific to an online service provider are provided. User account information of a user is transmitted to a token processor from an online service provider requesting a secure token generation. The token processor also receives exchange information for an exchange between the user and the online service provider. The token processor generates, based on the exchange information and the user account information, a secure token to be used for the exchange. The generated secure token is mapped to the online service provider and transmitted to the online service provider. The stored secure token is usable only at the mapped online service provider.
    Type: Grant
    Filed: June 3, 2015
    Date of Patent: April 10, 2018
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventor: Michael Gulledge
  • Patent number: 9936528
    Abstract: A device is disclosed which is programmed with an application or “app” to share bandwidth to and from multiple sources. In one embodiment, this uses a mobile device with a computer running a controlling program for operating functions of the mobile device, and an app that controls sharing of bandwidth from the mobile device, and obtaining shared bandwidth from another mobile device. Usage data is accumulated which indicates an amount of data received and shared from the one client.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: April 3, 2018
    Assignee: Tetherball Technology, LLC
    Inventors: Mohammad Adib, Akshat Bhat, Adam Syed, Benjamin Kwitek
  • Patent number: 9923875
    Abstract: A system and method for enabling access of content in a home network are provided. The method includes receiving a content on a source device. Further, the method includes setting content sharing preferences by the source device. The content sharing preferences indicate whether a device is authorized to access the content. The method includes encrypting the content on the source device. Further, the method includes storing the encrypted content in a shared storage device. The method includes receiving a request from a device for decryption of the encrypted content. Further, the method includes decrypting the content by the source device based on the content sharing preferences. Furthermore, the method includes providing the decrypted content to the device, thereby enabling access of the content to the device.
    Type: Grant
    Filed: December 2, 2015
    Date of Patent: March 20, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Bhaskar Dutta, Ashish Kumar Srivastava
  • Patent number: 9895613
    Abstract: A system and method for facilitating multigame currencies in multiple online games and security therewith is disclosed. The multigame currencies may be “spent” and/or “earned” by the players in the individual ones of the multiple online games. A request to use the multigame currencies in a given player account in a given online game may be authenticated through a third party identity that has been associated with the given player for the given online game. In situations where such an association does not exist, a third party identity associated with the given player for any other online game may be used to authenticate the request. In situations where no third party identity is associated with the given player for any one of the online games, an association of a third party identity and the given player for the given online game may be facilitated for subsequent authentication of requests.
    Type: Grant
    Filed: October 30, 2014
    Date of Patent: February 20, 2018
    Assignee: Aftershock Services, Inc.
    Inventors: Brian Holtz, Deniz Ipek, Dale Cook, Miikka Skaffari, Katherine Wiemelt
  • Patent number: 9892251
    Abstract: A mobile terminal includes: a display; and a controller. The controller puts at least one screen corresponding to the current display screen and having the same execution depth into standby, and when a predetermined trigger operation is performed, further displays on the display a screen chosen from the at least one screen by the trigger operation.
    Type: Grant
    Filed: March 7, 2014
    Date of Patent: February 13, 2018
    Assignee: LG ELECTRONICS INC.
    Inventor: Hyungbin Park
  • Patent number: 9887990
    Abstract: A computer-implemented method, computer program product, and system for tagging and replacing tagged credentials with target credentials unknown to a client. The method includes; receiving an access request from a client to access a protected resource on a target server, injecting credential field tags into a credential form used to access the protected resource, auto-submitting the credential form on the client computer, replace tagged credentials with target credentials, submitting the target credentials to the target server, and updating the target credentials if the target credentials are invalid or expired without intervention by the client.
    Type: Grant
    Filed: April 25, 2016
    Date of Patent: February 6, 2018
    Assignee: International Business Machines Corporation
    Inventors: Codur S. Pranam, Vivek Shankar