Tokens (e.g., Smartcards Or Dongles, Etc.) Patents (Class 726/9)
  • Patent number: 10080136
    Abstract: A mobile secure agent on a wireless device executes co-resident authenticated data collection profiles provisioned by private profile producers. Each wireless device has a MAC address that is transformed into a credibility token which is included in a notification to execute or update a data collection profile. The credibility token may also include attributes of location current or stored data. Each wireless device retains location history data transformed by encryption or by hashing. Each data package can only be transmitted to a collector certificated by the same private profile producer. Update profiles are signed and provisioned through a tunnel initiated from the mobile secure agent. A Certificate Authority provides libraries, anchors, and certificates in a key management message module to each mobile secure agent which enables revocation and replacement of certificates. Data stored in this way may only be transmitted to one destination per profile.
    Type: Grant
    Filed: September 21, 2015
    Date of Patent: September 18, 2018
    Assignee: AT&T MOBILITY IP, LLC
    Inventors: Bruce Blaine Lacey, R. Travis Jones
  • Patent number: 10069813
    Abstract: The first authentication unit of an authentication apparatus decides whether first authentication data exists in a received message, and performs, if it is decided that the first authentication data exists, authentication based on the first authentication data. The second authentication unit of the authentication apparatus decides whether second authentication data exists in the received message, and performs, if it is decided that the second authentication data exists, authentication based on the second authentication data. If the second authentication unit decides that no second authentication data exists in the received message, and the first authentication unit decides that authentication has succeeded, it is decided that authentication for the received message has succeeded.
    Type: Grant
    Filed: February 24, 2017
    Date of Patent: September 4, 2018
    Assignee: Canon Kabushiki Kaisha
    Inventor: Ayumu Asano
  • Patent number: 10063662
    Abstract: A method for establishing a trust association includes receiving, by a server, a request to associate a web source with an account, the request having a link to the web source, and accessing, by the server, the web source in response to the request to associate. The method further includes locating, by the server and within the web source, a tag associated with the account, creating, by the server and in response to locating the tag within the web source, a trust association between the account and the web source, and providing, by the server, an indication of the trust association for display in a user interface of a client device.
    Type: Grant
    Filed: April 18, 2014
    Date of Patent: August 28, 2018
    Assignee: Twitter, Inc.
    Inventor: Ben Ward
  • Patent number: 10063664
    Abstract: A network system is provided with at least one terminal device, a control device that controls a machine, and a server device that receives data including at least one of image data and audio data from at least one of the control device and the terminal device that are connected via a network, and distributes the received data to a different device from the device that transmitted the data. The control device is provided with a controller that executes a control operation, and a communication unit that transmits data indicating an operational state of the machine that is controlled to the server device. The terminal device includes a display unit that displays the operational state of the machine controlled by the control device together with a state of another terminal device connected to the server device.
    Type: Grant
    Filed: November 13, 2015
    Date of Patent: August 28, 2018
    Assignee: OMRON
    Inventors: Shinsuke Kawanoue, Hiroshi Kuribayashi
  • Patent number: 10064025
    Abstract: In general, this disclosure is directed to techniques for sending notification data to computing devices that are unable to receive the notification data from a central server. A server device may receive notification data for a notification account that is associated with a computing device and determine that the computing device is currently offline. The server device may then identify a group of one or more sharing devices and send a notification package to a sharing device of the group, wherein the notification package includes the notification data, an account identifier associated with the notification account, and a device identifier associated with the computing device. The sharing device may receive the notification package and, responsive to determining that a device identifier for the computing device matches the device identifier in the notification package, forward the notification data to the computing device.
    Type: Grant
    Filed: July 14, 2016
    Date of Patent: August 28, 2018
    Assignee: Google LLC
    Inventors: Justin Lewis, Robert Durbin
  • Patent number: 10061942
    Abstract: A method for secure storage of an embedded Subscriber Identity Module (eSIM) on a wireless communication device including an embedded Universal Integrated Circuit Card (eUICC) and a memory external to the eUICC is provided. The method can include the eUICC determining that an eSIM package including an eSIM is to be stored on the memory. The method can also include the eUICC, in response to determining that the eSIM package is to be stored on the memory, maintaining a single-use session parameter associated with the eSIM package to enable installation of the eSIM on the eUICC if the eSIM package is later loaded onto the eUICC from the memory.
    Type: Grant
    Filed: May 28, 2015
    Date of Patent: August 28, 2018
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Li Li
  • Patent number: 10063543
    Abstract: The computer implemented method comprising: receiving a first server a request in the name of a user to be logged into a service of said first server and authenticating said request by verifying user identification information of said user, wherein a second server in connection with a user computing device with a dedicated program is used for: receiving a request about a status associated to said user; initializing a credential exchange in order to provide mutual authentication; verifying said associated status that has been previously set as valid or as invalid by said user; and sending said associated status to said first server wherein the latter allows the logging of said request or rejects it if said associated status is set as valid or as invalid.
    Type: Grant
    Filed: June 23, 2014
    Date of Patent: August 28, 2018
    Assignee: TELEFONICA DIGITAL ESPANA, S.L.U.
    Inventors: Jose Maria Alonso Cebrian, David Barroso Berrueta, Jose Maria Palazon Romero, Antonio Guzman Sacristan
  • Patent number: 10055556
    Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.
    Type: Grant
    Filed: September 26, 2015
    Date of Patent: August 21, 2018
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Nathan Heldt-Sheller, Micah J. Sheller, Kevin C. Wells, Hannah L. Scurfield, Nathaniel J. Goss, Sindhu Pandian, Brad H. Needham
  • Patent number: 10049005
    Abstract: A flash memory control apparatus includes a data read/write interface and a controller. The data read/write interface is arranged for coupling a first flash memory and a second flash memory, wherein the first flash memory includes a first storage plane and a first buffer, and the second flash memory includes a second storage plane and a second buffer. The controller is coupled to the data read/write interface, and is arranged for transmitting a plurality of valid data sets stored in the first storage plane to the second buffer through the data read/write interface. After an erase cycle is performed on the first storage plane, the controller further programs the plurality of valid data sets transmitted to the second buffer into the first storage plane.
    Type: Grant
    Filed: August 2, 2017
    Date of Patent: August 14, 2018
    Assignee: Silicon Motion Inc.
    Inventor: Tsung-Chieh Yang
  • Patent number: 10044698
    Abstract: A selector apparatus to select one or more shared authentication facilities for a software service executing in a virtualized shared computing environment, the software service including an interface through which a user request to access a restricted resource of the service is receivable, the request having associated a user context defining one or more characteristics of the user, and the software service further having associated a plurality of authentication rules for the service, wherein each rule is associated with one or more user contexts and identifies one or more shared authentication facilities for the computing environment, the selector apparatus comprising: a launcher, responsive to a user request received via the interface, adapted to instantiate one or more authentication facilities in accordance with an authentication rule retrieved based on a user context for the received request, so as to generate one or more challenges for the user to authenticate the user, wherein the authentication rule f
    Type: Grant
    Filed: March 17, 2015
    Date of Patent: August 7, 2018
    Assignee: British Telecommunications Public Limited Company
    Inventors: Gery Michel Ducatel, Theo Dimitrakos
  • Patent number: 10038743
    Abstract: Methods and apparatuses for management of an Internet of Things (IoT) network are herein disclosed as comprising, in an implementation, authenticating a first device associated with a first account name and a second device associated with a second account name with a server associated with the IoT network, connecting the authenticated first device and the authenticated second device over a communication system, and communicating data between the first device and the second device connected to the communication system by generating, by the first device, data representative of a data type using a component of one of the first device and the second device and transmitting, using the communication system, the data to the second device. The communicated data may be video data, image data, audio data, alert data, or location data generated using components associated with the first device.
    Type: Grant
    Filed: December 29, 2015
    Date of Patent: July 31, 2018
    Assignee: Cybrook Inc.
    Inventor: Qunshan Gu
  • Patent number: 10033461
    Abstract: Techniques are disclosed for projecting visible cues to assist with light-based communication (LCom), the visible cues referred to herein as visual hotspots. The visual hotspots can be projected, for example, using a luminaire that may be LCom-enabled. The visual hotspots may be projected onto the floor of an area including an LCom system. The visual hotspots can be used for numerous benefits, including alerting a potential user that LCom is available, educating the user about LCom technology, and assisting the user in using the LCom signals available in the area. The visual hotspots may include images, symbols, cues, characters (e.g., letters, words, numbers, etc.), indicators, logos, or any other suitable content. In some cases, the visual hotspots may be interactive, such that a user can scan the hotspot to cause an action to occur (e.g., launch an application or website).
    Type: Grant
    Filed: March 25, 2015
    Date of Patent: July 24, 2018
    Assignee: OSRAM SYLVANIA Inc.
    Inventors: Barry Stout, Christian Breuer, Anant Aggarwal, Bernhard Siessegger
  • Patent number: 10025308
    Abstract: Example systems and methods are disclosed for associating detected attributes with an actor. An example method may include receiving point cloud data for a first actor at a first location within the environment. The method may include associating sensor data from an additional sensor with the first actor based on the sensor data being representative of the first location. The method may include identifying one or more attributes of the first actor based on the sensor data. The method may include subsequently receiving a second point cloud representative of a second actor at a second location within the environment. The method may include determining, based on additional sensor data from the additional sensor, that the second actor has the one or more attributes. The method may include providing a signal indicating that the first actor is the second actor based on the second actor having the one or more attributes.
    Type: Grant
    Filed: February 19, 2016
    Date of Patent: July 17, 2018
    Assignee: Google LLC
    Inventors: Arshan Poursohi, Greg Klein, Daniel Aden, Matthew Amacker
  • Patent number: 10027658
    Abstract: The disclosed embodiments include systems and methods for providing security tokens to cloud-based assets on demand. Operations performed in the disclosed embodiments include receiving a prompt from a cloud-based asset indicating that the cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource. Additionally, the operations include extracting information associated with the cloud-based asset by accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, where the trusted cloud platform resource is separate from the cloud-based asset, and authenticating the cloud-based asset based on the extracted information.
    Type: Grant
    Filed: June 12, 2017
    Date of Patent: July 17, 2018
    Assignee: CYBERARK SOFTWARE LTD
    Inventors: Rafi Schwarz, Eli Maccabi, Moti Cohen, Nessi Lahav, Inbal Zilberman Kubovsky, Evgeny Sakirko
  • Patent number: 10021565
    Abstract: The present disclosure describes an integrated full and partial shutdown application programming interface. Embodiments herein disclosed include receiving an indication that a mobile device of a user is compromised. Further embodiments identify one or more applications associated with the mobile device and remotely access the mobile device to perform a switch-off of the one or more applications. The switch-off may include logging the user out of the one or more applications before removing the one or more applications from the mobile device.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: July 10, 2018
    Assignee: Bank of America Corporation
    Inventors: Alicia C. Jones-McFadden, Elizabeth S. Votaw
  • Patent number: 9998281
    Abstract: A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.
    Type: Grant
    Filed: March 13, 2017
    Date of Patent: June 12, 2018
    Assignee: Network-1 Technologies, Inc.
    Inventor: John A. Nix
  • Patent number: 9985943
    Abstract: Online retailers may operate one or more services configured to detect request generated by automated agents. A security check may be generate and transmitted in response to requests generated by automated agents. The security checks may be transmitted to a second device registered with the online retailer. The second device may transmit the completed security check to the online retailer for verification before the online retailer processes the request.
    Type: Grant
    Filed: December 18, 2013
    Date of Patent: May 29, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: William Frank Reading, Rohit Patnaik
  • Patent number: 9973495
    Abstract: Disclosed are various embodiments relating to bootstrapping user authentication. A first security credential is received for a user account from a user. A first application is then authenticated with another computing device using the first security credential. After authenticating the first application, a bootstrap request is then sent to the other computing device for a second security credential to authenticate a second application without using the first security credential. The bootstrap request specifies a bootstrap session identifier. The second security credential is then received from the other computing device.
    Type: Grant
    Filed: February 3, 2017
    Date of Patent: May 15, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Harsha Ramalingam, Jesper Mikael Johansson, Bharath Kumar Bhimanaik
  • Patent number: 9973432
    Abstract: An apparatus and program product manage virtual machines in a virtualized computing environment based at least in part on limitations associated with storage fabrics through which virtual machines may access one or more storage systems in such an environment. The storage fabric limitations may be used, for example, in connection with placing virtual machines on hosts in a virtualized computing environment. As another example, storage fabric limitations may be used in connection with deploying virtual machines into a virtualized computing environment to reduce the likelihood of boot errors. As still another example, storage fabric limitations may be used in connection with load balancing across multiple fabrics in a virtualized computing environment.
    Type: Grant
    Filed: July 10, 2015
    Date of Patent: May 15, 2018
    Assignee: International Business Machines Corporation
    Inventors: Samuel D. Matzek, Jeffrey W. Tenner, Gerald F. McBrearty
  • Patent number: 9973433
    Abstract: A method manages virtual machines in a virtualized computing environment based at least in part on limitations associated with storage fabrics through which virtual machines may access one or more storage systems in such an environment. The storage fabric limitations may be used, for example, in connection with placing virtual machines on hosts in a virtualized computing environment. As another example, storage fabric limitations may be used in connection with deploying virtual machines into a virtualized computing environment to reduce the likelihood of boot errors. As still another example, storage fabric limitations may be used in connection with load balancing across multiple fabrics in a virtualized computing environment.
    Type: Grant
    Filed: August 28, 2015
    Date of Patent: May 15, 2018
    Assignee: International Business Machines Corporation
    Inventors: Samuel D. Matzek, Jeffrey W. Tenner, Gerald F. McBrearty
  • Patent number: 9959415
    Abstract: Methods and apparatus for use in presenting information from a plurality of security domains. A first request for first data from a first data source and a second request for second data from a second data source are transmitted by a computing device. The first data source is associated with a first security domain, and the second data source is associated with a second security domain. A bridge computing device forwards the first request and/or the second request based on determining that the requests are authorized. The first data and the second data may be received and combined by the computing device.
    Type: Grant
    Filed: December 17, 2010
    Date of Patent: May 1, 2018
    Assignee: The Boeing Company
    Inventors: Ismael Rodriguez, Ross Wilson, Ricardo Torres, Michael C. Kline, Eric Irwin
  • Patent number: 9948639
    Abstract: The present invention relates to a system and method for issuing an OTP application in a face-to-face confirmation manner, and the system includes at least one or more service provider devices for transmitting OTP application issuance request information, including information on recognition of a terminal device tagged on a reader provided for each service provider or entering a previously set service area, to an integrated service device; and the integrated service device for registering secure storage medium identification information as medium identification information for OTP authentication and transmitting an OTP installation guide to the terminal device if the recognition information is the secure storage medium identification information, and transmitting the OTP installation guide to the terminal device if the recognition information is terminal device identification information, in which the terminal device can be a terminal device of a user seeing a service provider face-to-face.
    Type: Grant
    Filed: December 1, 2015
    Date of Patent: April 17, 2018
    Assignee: SK PLANET CO., LTD.
    Inventor: Jae Sic Jeon
  • Patent number: 9947001
    Abstract: A method and system for transmitting multiple payment accounts for use by a payment device. The method includes allocating a cryptographic personal account number (CPAN) and producing at least one cryptographic master key set relating to this CPAN and transmitting, by a transmitting device, at least one produced cryptographic master key set for storage in a payment device. Further, the method includes receiving, by a receiving device, at least one device personal account number (DPAN), wherein each of the at least one DPAN is associated with a payment account associated with a consumer; generating, by a processing device, a repersonalization script for each of the at least one DPAN, wherein the repersonalization script includes a set of data associated with the corresponding DPAN; and transmitting, by the transmitting device, at least one repersonalization script to the payment device.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: April 17, 2018
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Theresa Smith, David Anthony Roberts, David John Sylvester
  • Patent number: 9948610
    Abstract: A method, system, and apparatus for providing a client access to third-party resources by utilizing third-party access tokens via a network gateway. The method can prevent the third-party access tokens from being exposed directly to the client environment. The client receives a gateway security credential, which encapsulates the third-party access token in an encrypted form. The client provides the gateway access token to the network gateway where the third-party access token is decrypted and then used to access the third-party resource. Client requests to the network gateway are executed using a custom API. The gateway relays the client requests to the appropriate third-party resources using the third-party-specific API with the decrypted third-party access token. Gateway access tokens are short-lived and can be renewed according to the client-environment life cycle.
    Type: Grant
    Filed: August 28, 2015
    Date of Patent: April 17, 2018
    Assignee: Citrix Systems, Inc.
    Inventors: Robert Emer Broadbent, Tyrone F. Pike
  • Patent number: 9942268
    Abstract: The disclosed computer-implemented method for thwarting unauthorized attempts to disable security managers within runtime environments may include (1) monitoring a runtime environment that (A) facilitates execution of an application and (B) includes a security manager that prevents the application from performing unauthorized actions while running within the runtime environment, (2) detecting, while monitoring the runtime environment, an attempt to disable the security manager such that the security manager no longer prevents the application from performing the unauthorized actions, (3) identifying a source of the attempt to disable the security manager, (4) determining that the source of the attempt is not authorized to disable the security manager, and then (5) blocking the attempt to disable the security manager such that the security manager continues to prevent the application from performing the unauthorized actions while running within the runtime environment.
    Type: Grant
    Filed: August 11, 2015
    Date of Patent: April 10, 2018
    Assignee: Symantec Corporation
    Inventor: Alexander Danileiko
  • Patent number: 9935943
    Abstract: A non-transitory computer-readable storage medium stores instructions for execution by a first client device, including instructions for transmitting an indication of availability of a first media presentation system and for transmitting to a second device a first authentication token for allowing the second device to access the first media presentation system, in response to a request from the second client device. The instructions also include instructions for requesting access to a second media presentation system that a third client device has indicated as being available and for sending to a server system a media control request directed to the second media presentation system. The media control request includes a second authentication token received from the third client device to allow the first client device to access the second media presentation system.
    Type: Grant
    Filed: August 29, 2016
    Date of Patent: April 3, 2018
    Assignee: SPOTIFY AB
    Inventors: Oskar Werkelin Ahlin, Karl Sigfrids, Per Eckerdal, Richard Titmuss, Evan Shrubsole, Jamie Kirkpatrick
  • Patent number: 9930093
    Abstract: A “sign-off” cookie is generated and stored upon initiation of a web session between a client and a web application executing on a server. The sign-off cookie preferably comprises both an identifier for the session (a “session ID”) together with an identifier (such as a URL) for a sign-off resource (associated with a sign-off mechanism) that can be used to clean-up the web session following its termination. The sign-off cookie may be returned to the client and/or retained within a proxy. Upon termination of the web session, the URL in the sign-off cookie is used to initiate a request to the sign-off mechanism to clean-up the web session. This approach provides for dynamic web session clean-up without requiring any pre-configuration of the sign-off mechanism.
    Type: Grant
    Filed: March 14, 2012
    Date of Patent: March 27, 2018
    Assignee: International Business Machines Corporation
    Inventors: Scott Anthony Exton, Keiran Robinson, John Sedgmen, Ben Lyle Straubinger
  • Patent number: 9923890
    Abstract: The embodiments described herein describe technologies for pre-computed data (PCD) asset generation and secure deployment of the PCD asset to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to generate a unique PCD asset for a target device. In response, the RA device generates the PCD asset and packages the PCD asset for secure deployment of the PCD asset to the target device and to be used exclusively by the target device. The RA device deploys the packaged PCD asset in a CM system for identification and tracking of the target device.
    Type: Grant
    Filed: November 6, 2014
    Date of Patent: March 20, 2018
    Assignee: Cryptography Research, Inc.
    Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
  • Patent number: 9906370
    Abstract: A first management node of a first rack can be registered to a shared file storage system by establishing a mutual trust relationship between the first management node and the shared file storage system. The first management node can access a plurality of respective public keys and a plurality of respective certificates of authority that are stored in the shared file storage system and associated with a plurality of respective registered management nodes. The first management node can store a public key and a certificate of authority in the shared file storage system. The first management node can form mutual trust relationships with other registered management nodes. The first management node can validate authenticity of messages received from registered management nodes of the plurality of registered management nodes using a respective public key and a respective certificate of authority associated with a respective registered management node sending a message.
    Type: Grant
    Filed: November 16, 2015
    Date of Patent: February 27, 2018
    Assignee: International Business Machines Corporation
    Inventors: Ajay A. Apte, John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Hugh E. Hockett, Yuhsuke Kaneyasu, Lewis Lo, Matthew D. McClintock, Scott C. Moonen, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
  • Patent number: 9892574
    Abstract: A method of monitoring access authorizations by an access monitoring system by a first method, the data carriers or the mobile electronic devices, on which a valid access authorization or an ID is assigned, are detected and the carriers/devices current positions are determined by trilateration or multilateration. A second imaging method is executed, parallel to the first method, and the current position of all persons presented in the entry area is detected by cameras. All persons, with and without valid access authorization, in the entry area are detected so that an ID map and a people map are created. The ID map corresponds to people who have valid access authorization and the people map corresponds everybody in the entry area. An overlay map is created by matching the ID map with the people map, to identify persons with valid access authorization or ID and the people without valid access authorization.
    Type: Grant
    Filed: December 28, 2016
    Date of Patent: February 13, 2018
    Assignee: SKIDATA AG
    Inventors: Thomas Schlechter, Reinhard Surkau, Michael Heider, Christian Lang, Jorge Juan Clemente Diaz
  • Patent number: 9888144
    Abstract: A printing apparatus provided with an authentication function to request user information for an external apparatus has a direct wireless communication function, and does not request user information for the external apparatus under a condition that a user is logged into the printing apparatus and the external apparatus connects to the printing apparatus with the wireless communication using the direct wireless communication function.
    Type: Grant
    Filed: June 1, 2016
    Date of Patent: February 6, 2018
    Assignee: Canon Kabushiki Kaisha
    Inventor: Morikazu Ito
  • Patent number: 9876645
    Abstract: A manufacturer of computing equipment may generate a signature for computing equipment by measuring various attributes of the computing equipment, such as the impedance across circuits included in the computing equipment. Verification equipment may be provided to a recipient of the computing equipment. The verification equipment may be configured to generate a signature of the computing equipment over a physical connection between the verification equipment and the computing equipment. A determination may be made whether the computing equipment has been tamper with based at least in part on the signature generated by the manufacturer and the signature generated by the recipient.
    Type: Grant
    Filed: February 17, 2015
    Date of Patent: January 23, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Harsha Ramalingam, Jesper Mikael Johansson, Jon Arron McClintock
  • Patent number: 9870454
    Abstract: Examples of techniques for determining security access based on user behavioral measurements are disclosed. In accordance with aspects of the present disclosure, a computer-implemented method is provided. The method may comprise performing a trust evaluation to calculate a trust penalty value for a user based on a plurality of measured user attributes. The method may further comprise determining, by a processing device, a security access level based on a predefined trust threshold and the trust penalty value for the user. The method may also comprise applying the security access level to the user.
    Type: Grant
    Filed: December 16, 2015
    Date of Patent: January 16, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Derek W. Botti, Ramamohan Chennamsetty, C. Steven Lingafelt, William H. Tworek
  • Patent number: 9865107
    Abstract: A method and an apparatus for performing authentication are provided. The method includes performing, by a first authentication unit in a first electronic device, authentication with respect to a second electronic device that requests authentication through a first communication mode and when the second electronic device is authenticated, transmitting first information used for controlling the first electronic device to the second electronic device through the first communication mode and transferring second information indicating that the second electronic device is authenticated to a second authentication unit in the first electronic device.
    Type: Grant
    Filed: May 20, 2016
    Date of Patent: January 9, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Moon-Su Chang, Yang-Soo Lee, Joo-Yeon Lee, Dong-Hyun Yeom
  • Patent number: 9858110
    Abstract: Managing credential for use with virtual machines includes storing a first virtual credential adapter within a hypervisor executing within a host data processing system. The first virtual credential adapter maintains a credential for a computing resource. Using a processor of the host data processing system, associating the first virtual credential adapter with a first virtual machine. The first virtual credential adapter is associated, at most, with a single virtual machine at any time. Responsive to associating the first virtual credential adapter with the first virtual machine, the first virtual machine accesses the computing resource using the credential maintained by the first virtual credential adapter.
    Type: Grant
    Filed: August 18, 2016
    Date of Patent: January 2, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Christine L. Eisenmann, Louis T. Fuka, James W. Moody, Washington E. Munive
  • Patent number: 9853971
    Abstract: Techniques for securing communications between fixed devices and mobile devices. A mobile device management server mediates communications between the fixed device and mobile device. The mobile device management server enrolls mobile devices and then assists with pairing the mobile devices to fixed devices in an out-of-band manner. This enrollment, coupled with out-of-band pairing, improves the speed and security of authenticating communication between fixed and mobile devices. If the mobile device has appropriate capabilities, the mobile device management server may request that the mobile device obtain and verify biometric data from a user prior to enrollment and performing authentication procedures.
    Type: Grant
    Filed: March 30, 2015
    Date of Patent: December 26, 2017
    Assignee: VMware, Inc.
    Inventor: Moses George
  • Patent number: 9838398
    Abstract: A method of managing access to enterprise resources is provided. An access manager may operate at a mobile device to validate a mobile application installed at that mobile device. If the access manager does not successfully validate the mobile application, the access manager may prevent the mobile application from accessing computing resource. If the access manager does successfully validate the mobile application, then the access manager may identify the mobile application as a trusted mobile application. The access manager may thus permit the trusted mobile application to access the computing resource.
    Type: Grant
    Filed: January 26, 2016
    Date of Patent: December 5, 2017
    Assignee: Citrix Systems, Inc.
    Inventors: Gary Barton, Zhongmin Lang, James Robert Walker
  • Patent number: 9825949
    Abstract: Authentication of cloud agents that collect and/or process industrial data facilitates secure communications with a cloud platform. An authentication component receives an authentication request from a cloud agent device residing at an industrial facility. The authentication component also authenticate the cloud agent device in response to the authentication request for a defined period of time based on an access key that uniquely identifies the cloud agent device residing at the industrial facility. A cloud data processing component receives, at a cloud platform, one or more data packets from the cloud agent device during the defined period of time and processes industrial data contained in the one or more data packets according processing instructions associated with the cloud platform.
    Type: Grant
    Filed: February 27, 2015
    Date of Patent: November 21, 2017
    Assignee: ROCKWELL AUTOMATION TECHNOLOGIES, INC.
    Inventors: Juan L. Asenjo, Francisco Maturana
  • Patent number: 9805106
    Abstract: Content maintained in a first repository of a first installation (which can optionally be an on-premise installation) of a content management system, as well as metadata associated with the content, can be shared via an approach in which content items maintained in the first repository are synchronized with a copy of the content items maintained in a second repository of a second installation (which can optionally be a cloud-based installation). The first installation can be optionally firewall protected. The copy of the content items can be accessed by collaborative users both within and external to a firewall. Related systems, methods, products, etc. are described.
    Type: Grant
    Filed: January 31, 2014
    Date of Patent: October 31, 2017
    Assignee: Alfresco Software, Inc.
    Inventors: Neil McErlean, Tuna Aksoy, Nick Burch, Michael Farman, Paul Holmes-Higgin, John Newton, Brian Remmington, Mark Rogers, Jan Vonka, David Webster
  • Patent number: 9800412
    Abstract: An approach is provided for securing data in a technical environment. In one embodiment, a processor obtains a first file, which when executed installs a first portion of a second file and an assembly key to assemble the second file. The processor executes this first file and then obtains the second portion of the second file. The processor assembles the second file using the first portion, the second portion, and the assembly key.
    Type: Grant
    Filed: November 23, 2015
    Date of Patent: October 24, 2017
    Assignee: Hand Held Products, Inc.
    Inventors: Erik Todeschini, Stephen Patrick Deloge, Donald Anderson
  • Patent number: 9801064
    Abstract: Some implementations may provide a method to have a user authenticated at a point of service. The method includes: accessing, by a target system, a multi-dimensional symbol rendered on a display of a mobile computing device of the user, the multi-dimensional symbol encoding endpoints and actions for the target system to perform in order to request and authenticate an identity of a user; decoding data in the multi-dimensional symbol to retrieve an identity token plus information about the authentication actions and the user's identity system; requesting the corresponding authentication actions of the user's identity system to include specific authentication measures for the user to perform as well as data for the user to release; and performing the authentication actions as requested and encoded in the multi-dimensional symbol such that the physical identity of the user of the mobile computing device is verified and the user consents to release the requested identity information at the point of service.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: October 24, 2017
    Assignee: MorphoTrust USA, LLC
    Inventors: A. David Kelts, Timothy J. Brown
  • Patent number: 9800714
    Abstract: A control method executed by an information processing device having a function of wirelessly communicating with a wearable device and locking function of restricting operation of the information processing device, the control method includes acquiring acceleration information by an acceleration sensor; receiving information that is transmitted from the wearable device and relates to acceleration applied to the wearable device; and releasing the lock when the acceleration information acquired by the acceleration sensor matches the information relating to the acceleration.
    Type: Grant
    Filed: December 29, 2015
    Date of Patent: October 24, 2017
    Assignee: FUJITSU LIMITED
    Inventor: Masahiro Yamamoto
  • Patent number: 9800593
    Abstract: A controller for software defined networking includes a processor. The processor is configured to receive a first request including a first packet from a first communication partner. The processor is configured to generate an inspection message on basis of the first packet. The processor is configured to send the inspection message to the first communication partner. The processor is configured to monitor whether a first phenomenon occurs with respect to the first communication partner after the inspection message is sent. The first phenomenon is expected to occur when an authorized switch performs a process on basis of the inspection message. The processor is configured to determine, when the first phenomenon does not occur, that the first communication partner is not the authorized switch but an attacker.
    Type: Grant
    Filed: July 13, 2015
    Date of Patent: October 24, 2017
    Assignee: FUJITSU LIMITED
    Inventor: Sho Shimizu
  • Patent number: 9781092
    Abstract: In one embodiment, a method includes receiving an authentication key from an online social network in response to a request from a media-player device. The media-device player broadcasts the authentication key, which is received by a client system of a user of the online social network that is within range of the broadcast. The user is logged into the online social network via an application running on the client system. The application verifies the authentication key with the online social network. Location information of the client system and social-networking information of the user are sent by the application to the media-player device in response to the authentication key being verified. The first user is registered as an owner of the media-player device based on the location information, which indicates that the client system is within a threshold distance of the media-player device, and the social-networking information.
    Type: Grant
    Filed: August 26, 2015
    Date of Patent: October 3, 2017
    Assignee: Facebook, Inc.
    Inventors: Mateusz Marek Niewczas, Francislav Penov
  • Patent number: 9774581
    Abstract: A user equipment (UE) may perform functions locally, such as on a trusted module that resides within the UE. For example, a UE may perform functions associated with a single sign-on protocol, such as OpenID Connect for example, via a local identity provider function. For example, a UE may generate identity tokens and access tokens that can be used by a service provider to retrieve user information, such as identity information and/or user attributes. User attributes may be retrieved via a user information endpoint that may reside locally on the UE or on a network entity. A service provider may grant a user access to a service based on the information that it retrieves using the tokens.
    Type: Grant
    Filed: January 18, 2013
    Date of Patent: September 26, 2017
    Assignee: InterDigital Patent Holdings, Inc.
    Inventors: Andreas Leicher, Yogendra C. Shah, Vinod K. Choyi
  • Patent number: 9767275
    Abstract: A method of enforcing control of access by a hosting device to a secure element, and a secure element are described. The method includes steps performed by the secure element: receiving a request for retrieving at least one access rule controlling access to at least one application of the secure element, from access rules stored in the secure element; outputting at least one access rule retrieved from the stored access rules, wherein an access rule controlling access to an application of the secure element is retrieved by searching only in access rules stored in a security domain to which the application belongs in the secure element, or an access rule controlling access to an application of the secure element is stored only in a security domain to which the application belongs in the secure element.
    Type: Grant
    Filed: July 15, 2014
    Date of Patent: September 19, 2017
    Assignee: PT OBERTHUR TECHNOLOGIES INDONESIA LTD.
    Inventors: Balamurali Krisna, Dewi Lestari, Eric Setiawan
  • Patent number: 9762576
    Abstract: In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.
    Type: Grant
    Filed: February 26, 2009
    Date of Patent: September 12, 2017
    Assignee: Phonefactor, Inc.
    Inventor: Steve Dispensa
  • Patent number: 9763173
    Abstract: Approaches are described for configuring a wireless network device, such as an access point, with appropriate configurations such that the device is operable in one or more country and/or regulatory domains. At least some embodiments enable the configuration process to operate in an automatic configuration mode, wherein at least one of a plurality of access points can be configured to automatically obtain and apply regulatory domain and country configurations to operate in a particular regulatory domain. Other approaches provide for configuring an access point based on a manual configuration approach, wherein a portable computing device can be used to configured the access point to operate in a particular regulatory domain.
    Type: Grant
    Filed: January 15, 2014
    Date of Patent: September 12, 2017
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Vishal Desai, Jim Nicholson, David Case, Sangita Mahishi
  • Patent number: 9760433
    Abstract: A flash memory controlling apparatus includes a data read/write interface and a controller. The data read/write interface is arranged to couple a first flash memory and a second flash memory, wherein the first flash memory includes a first storage plane and a first buffer, and the second flash memory includes a second storage plane and a second buffer. When the read/write interface couples the first flash memory and the second flash memory, the controller is arranged to temporary store a plurality of valid data stored in the first storage plane into the second buffer. After an erase cycle is performed on the first storage plane, the controller further programs the plurality of valid data temporarily stored in the second buffer into the first storage plane.
    Type: Grant
    Filed: March 24, 2015
    Date of Patent: September 12, 2017
    Assignee: Silicon Motion Inc.
    Inventor: Tsung-Chieh Yang
  • Patent number: 9749322
    Abstract: An information sharing system according to an embodiment includes an information processing system and a terminal and display device connected to the information processing system via a network. The information processing system is composed of one or more information processing apparatuses. The display device is equipped with a display unit on which an image is displayed. The display device includes a first identification-information acquiring unit that acquires identification information for identifying the display device on the network. The terminal acquires the identification information from the display device, and accesses a storage service and acquires access information, and transmits the acquired identification information and access information to the information processing system.
    Type: Grant
    Filed: November 20, 2014
    Date of Patent: August 29, 2017
    Assignee: RICOH COMPANY, LIMITED
    Inventors: Ken Takehara, Kunio Ozawa