Tokens (e.g., Smartcards Or Dongles, Etc.) Patents (Class 726/9)
-
Patent number: 10080136Abstract: A mobile secure agent on a wireless device executes co-resident authenticated data collection profiles provisioned by private profile producers. Each wireless device has a MAC address that is transformed into a credibility token which is included in a notification to execute or update a data collection profile. The credibility token may also include attributes of location current or stored data. Each wireless device retains location history data transformed by encryption or by hashing. Each data package can only be transmitted to a collector certificated by the same private profile producer. Update profiles are signed and provisioned through a tunnel initiated from the mobile secure agent. A Certificate Authority provides libraries, anchors, and certificates in a key management message module to each mobile secure agent which enables revocation and replacement of certificates. Data stored in this way may only be transmitted to one destination per profile.Type: GrantFiled: September 21, 2015Date of Patent: September 18, 2018Assignee: AT&T MOBILITY IP, LLCInventors: Bruce Blaine Lacey, R. Travis Jones
-
Patent number: 10069813Abstract: The first authentication unit of an authentication apparatus decides whether first authentication data exists in a received message, and performs, if it is decided that the first authentication data exists, authentication based on the first authentication data. The second authentication unit of the authentication apparatus decides whether second authentication data exists in the received message, and performs, if it is decided that the second authentication data exists, authentication based on the second authentication data. If the second authentication unit decides that no second authentication data exists in the received message, and the first authentication unit decides that authentication has succeeded, it is decided that authentication for the received message has succeeded.Type: GrantFiled: February 24, 2017Date of Patent: September 4, 2018Assignee: Canon Kabushiki KaishaInventor: Ayumu Asano
-
Patent number: 10063662Abstract: A method for establishing a trust association includes receiving, by a server, a request to associate a web source with an account, the request having a link to the web source, and accessing, by the server, the web source in response to the request to associate. The method further includes locating, by the server and within the web source, a tag associated with the account, creating, by the server and in response to locating the tag within the web source, a trust association between the account and the web source, and providing, by the server, an indication of the trust association for display in a user interface of a client device.Type: GrantFiled: April 18, 2014Date of Patent: August 28, 2018Assignee: Twitter, Inc.Inventor: Ben Ward
-
Patent number: 10063664Abstract: A network system is provided with at least one terminal device, a control device that controls a machine, and a server device that receives data including at least one of image data and audio data from at least one of the control device and the terminal device that are connected via a network, and distributes the received data to a different device from the device that transmitted the data. The control device is provided with a controller that executes a control operation, and a communication unit that transmits data indicating an operational state of the machine that is controlled to the server device. The terminal device includes a display unit that displays the operational state of the machine controlled by the control device together with a state of another terminal device connected to the server device.Type: GrantFiled: November 13, 2015Date of Patent: August 28, 2018Assignee: OMRONInventors: Shinsuke Kawanoue, Hiroshi Kuribayashi
-
Patent number: 10064025Abstract: In general, this disclosure is directed to techniques for sending notification data to computing devices that are unable to receive the notification data from a central server. A server device may receive notification data for a notification account that is associated with a computing device and determine that the computing device is currently offline. The server device may then identify a group of one or more sharing devices and send a notification package to a sharing device of the group, wherein the notification package includes the notification data, an account identifier associated with the notification account, and a device identifier associated with the computing device. The sharing device may receive the notification package and, responsive to determining that a device identifier for the computing device matches the device identifier in the notification package, forward the notification data to the computing device.Type: GrantFiled: July 14, 2016Date of Patent: August 28, 2018Assignee: Google LLCInventors: Justin Lewis, Robert Durbin
-
Patent number: 10061942Abstract: A method for secure storage of an embedded Subscriber Identity Module (eSIM) on a wireless communication device including an embedded Universal Integrated Circuit Card (eUICC) and a memory external to the eUICC is provided. The method can include the eUICC determining that an eSIM package including an eSIM is to be stored on the memory. The method can also include the eUICC, in response to determining that the eSIM package is to be stored on the memory, maintaining a single-use session parameter associated with the eSIM package to enable installation of the eSIM on the eUICC if the eSIM package is later loaded onto the eUICC from the memory.Type: GrantFiled: May 28, 2015Date of Patent: August 28, 2018Assignee: Apple Inc.Inventors: Xiangying Yang, Li Li
-
Patent number: 10063543Abstract: The computer implemented method comprising: receiving a first server a request in the name of a user to be logged into a service of said first server and authenticating said request by verifying user identification information of said user, wherein a second server in connection with a user computing device with a dedicated program is used for: receiving a request about a status associated to said user; initializing a credential exchange in order to provide mutual authentication; verifying said associated status that has been previously set as valid or as invalid by said user; and sending said associated status to said first server wherein the latter allows the logging of said request or rejects it if said associated status is set as valid or as invalid.Type: GrantFiled: June 23, 2014Date of Patent: August 28, 2018Assignee: TELEFONICA DIGITAL ESPANA, S.L.U.Inventors: Jose Maria Alonso Cebrian, David Barroso Berrueta, Jose Maria Palazon Romero, Antonio Guzman Sacristan
-
Patent number: 10055556Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.Type: GrantFiled: September 26, 2015Date of Patent: August 21, 2018Assignee: Intel CorporationInventors: Ned M. Smith, Nathan Heldt-Sheller, Micah J. Sheller, Kevin C. Wells, Hannah L. Scurfield, Nathaniel J. Goss, Sindhu Pandian, Brad H. Needham
-
Patent number: 10049005Abstract: A flash memory control apparatus includes a data read/write interface and a controller. The data read/write interface is arranged for coupling a first flash memory and a second flash memory, wherein the first flash memory includes a first storage plane and a first buffer, and the second flash memory includes a second storage plane and a second buffer. The controller is coupled to the data read/write interface, and is arranged for transmitting a plurality of valid data sets stored in the first storage plane to the second buffer through the data read/write interface. After an erase cycle is performed on the first storage plane, the controller further programs the plurality of valid data sets transmitted to the second buffer into the first storage plane.Type: GrantFiled: August 2, 2017Date of Patent: August 14, 2018Assignee: Silicon Motion Inc.Inventor: Tsung-Chieh Yang
-
Patent number: 10044698Abstract: A selector apparatus to select one or more shared authentication facilities for a software service executing in a virtualized shared computing environment, the software service including an interface through which a user request to access a restricted resource of the service is receivable, the request having associated a user context defining one or more characteristics of the user, and the software service further having associated a plurality of authentication rules for the service, wherein each rule is associated with one or more user contexts and identifies one or more shared authentication facilities for the computing environment, the selector apparatus comprising: a launcher, responsive to a user request received via the interface, adapted to instantiate one or more authentication facilities in accordance with an authentication rule retrieved based on a user context for the received request, so as to generate one or more challenges for the user to authenticate the user, wherein the authentication rule fType: GrantFiled: March 17, 2015Date of Patent: August 7, 2018Assignee: British Telecommunications Public Limited CompanyInventors: Gery Michel Ducatel, Theo Dimitrakos
-
Patent number: 10038743Abstract: Methods and apparatuses for management of an Internet of Things (IoT) network are herein disclosed as comprising, in an implementation, authenticating a first device associated with a first account name and a second device associated with a second account name with a server associated with the IoT network, connecting the authenticated first device and the authenticated second device over a communication system, and communicating data between the first device and the second device connected to the communication system by generating, by the first device, data representative of a data type using a component of one of the first device and the second device and transmitting, using the communication system, the data to the second device. The communicated data may be video data, image data, audio data, alert data, or location data generated using components associated with the first device.Type: GrantFiled: December 29, 2015Date of Patent: July 31, 2018Assignee: Cybrook Inc.Inventor: Qunshan Gu
-
Patent number: 10033461Abstract: Techniques are disclosed for projecting visible cues to assist with light-based communication (LCom), the visible cues referred to herein as visual hotspots. The visual hotspots can be projected, for example, using a luminaire that may be LCom-enabled. The visual hotspots may be projected onto the floor of an area including an LCom system. The visual hotspots can be used for numerous benefits, including alerting a potential user that LCom is available, educating the user about LCom technology, and assisting the user in using the LCom signals available in the area. The visual hotspots may include images, symbols, cues, characters (e.g., letters, words, numbers, etc.), indicators, logos, or any other suitable content. In some cases, the visual hotspots may be interactive, such that a user can scan the hotspot to cause an action to occur (e.g., launch an application or website).Type: GrantFiled: March 25, 2015Date of Patent: July 24, 2018Assignee: OSRAM SYLVANIA Inc.Inventors: Barry Stout, Christian Breuer, Anant Aggarwal, Bernhard Siessegger
-
Patent number: 10025308Abstract: Example systems and methods are disclosed for associating detected attributes with an actor. An example method may include receiving point cloud data for a first actor at a first location within the environment. The method may include associating sensor data from an additional sensor with the first actor based on the sensor data being representative of the first location. The method may include identifying one or more attributes of the first actor based on the sensor data. The method may include subsequently receiving a second point cloud representative of a second actor at a second location within the environment. The method may include determining, based on additional sensor data from the additional sensor, that the second actor has the one or more attributes. The method may include providing a signal indicating that the first actor is the second actor based on the second actor having the one or more attributes.Type: GrantFiled: February 19, 2016Date of Patent: July 17, 2018Assignee: Google LLCInventors: Arshan Poursohi, Greg Klein, Daniel Aden, Matthew Amacker
-
Patent number: 10027658Abstract: The disclosed embodiments include systems and methods for providing security tokens to cloud-based assets on demand. Operations performed in the disclosed embodiments include receiving a prompt from a cloud-based asset indicating that the cloud-based asset is seeking to communicate with an access-controlled resource, wherein the cloud-based asset lacks authorization to communicate with the access-controlled resource. Additionally, the operations include extracting information associated with the cloud-based asset by accessing a trusted cloud platform resource storing data associated with verified cloud-based assets, where the trusted cloud platform resource is separate from the cloud-based asset, and authenticating the cloud-based asset based on the extracted information.Type: GrantFiled: June 12, 2017Date of Patent: July 17, 2018Assignee: CYBERARK SOFTWARE LTDInventors: Rafi Schwarz, Eli Maccabi, Moti Cohen, Nessi Lahav, Inbal Zilberman Kubovsky, Evgeny Sakirko
-
Patent number: 10021565Abstract: The present disclosure describes an integrated full and partial shutdown application programming interface. Embodiments herein disclosed include receiving an indication that a mobile device of a user is compromised. Further embodiments identify one or more applications associated with the mobile device and remotely access the mobile device to perform a switch-off of the one or more applications. The switch-off may include logging the user out of the one or more applications before removing the one or more applications from the mobile device.Type: GrantFiled: October 30, 2015Date of Patent: July 10, 2018Assignee: Bank of America CorporationInventors: Alicia C. Jones-McFadden, Elizabeth S. Votaw
-
Patent number: 9998281Abstract: A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.Type: GrantFiled: March 13, 2017Date of Patent: June 12, 2018Assignee: Network-1 Technologies, Inc.Inventor: John A. Nix
-
Patent number: 9985943Abstract: Online retailers may operate one or more services configured to detect request generated by automated agents. A security check may be generate and transmitted in response to requests generated by automated agents. The security checks may be transmitted to a second device registered with the online retailer. The second device may transmit the completed security check to the online retailer for verification before the online retailer processes the request.Type: GrantFiled: December 18, 2013Date of Patent: May 29, 2018Assignee: Amazon Technologies, Inc.Inventors: William Frank Reading, Rohit Patnaik
-
Patent number: 9973495Abstract: Disclosed are various embodiments relating to bootstrapping user authentication. A first security credential is received for a user account from a user. A first application is then authenticated with another computing device using the first security credential. After authenticating the first application, a bootstrap request is then sent to the other computing device for a second security credential to authenticate a second application without using the first security credential. The bootstrap request specifies a bootstrap session identifier. The second security credential is then received from the other computing device.Type: GrantFiled: February 3, 2017Date of Patent: May 15, 2018Assignee: Amazon Technologies, Inc.Inventors: Harsha Ramalingam, Jesper Mikael Johansson, Bharath Kumar Bhimanaik
-
Patent number: 9973432Abstract: An apparatus and program product manage virtual machines in a virtualized computing environment based at least in part on limitations associated with storage fabrics through which virtual machines may access one or more storage systems in such an environment. The storage fabric limitations may be used, for example, in connection with placing virtual machines on hosts in a virtualized computing environment. As another example, storage fabric limitations may be used in connection with deploying virtual machines into a virtualized computing environment to reduce the likelihood of boot errors. As still another example, storage fabric limitations may be used in connection with load balancing across multiple fabrics in a virtualized computing environment.Type: GrantFiled: July 10, 2015Date of Patent: May 15, 2018Assignee: International Business Machines CorporationInventors: Samuel D. Matzek, Jeffrey W. Tenner, Gerald F. McBrearty
-
Patent number: 9973433Abstract: A method manages virtual machines in a virtualized computing environment based at least in part on limitations associated with storage fabrics through which virtual machines may access one or more storage systems in such an environment. The storage fabric limitations may be used, for example, in connection with placing virtual machines on hosts in a virtualized computing environment. As another example, storage fabric limitations may be used in connection with deploying virtual machines into a virtualized computing environment to reduce the likelihood of boot errors. As still another example, storage fabric limitations may be used in connection with load balancing across multiple fabrics in a virtualized computing environment.Type: GrantFiled: August 28, 2015Date of Patent: May 15, 2018Assignee: International Business Machines CorporationInventors: Samuel D. Matzek, Jeffrey W. Tenner, Gerald F. McBrearty
-
Patent number: 9959415Abstract: Methods and apparatus for use in presenting information from a plurality of security domains. A first request for first data from a first data source and a second request for second data from a second data source are transmitted by a computing device. The first data source is associated with a first security domain, and the second data source is associated with a second security domain. A bridge computing device forwards the first request and/or the second request based on determining that the requests are authorized. The first data and the second data may be received and combined by the computing device.Type: GrantFiled: December 17, 2010Date of Patent: May 1, 2018Assignee: The Boeing CompanyInventors: Ismael Rodriguez, Ross Wilson, Ricardo Torres, Michael C. Kline, Eric Irwin
-
Patent number: 9948639Abstract: The present invention relates to a system and method for issuing an OTP application in a face-to-face confirmation manner, and the system includes at least one or more service provider devices for transmitting OTP application issuance request information, including information on recognition of a terminal device tagged on a reader provided for each service provider or entering a previously set service area, to an integrated service device; and the integrated service device for registering secure storage medium identification information as medium identification information for OTP authentication and transmitting an OTP installation guide to the terminal device if the recognition information is the secure storage medium identification information, and transmitting the OTP installation guide to the terminal device if the recognition information is terminal device identification information, in which the terminal device can be a terminal device of a user seeing a service provider face-to-face.Type: GrantFiled: December 1, 2015Date of Patent: April 17, 2018Assignee: SK PLANET CO., LTD.Inventor: Jae Sic Jeon
-
Patent number: 9947001Abstract: A method and system for transmitting multiple payment accounts for use by a payment device. The method includes allocating a cryptographic personal account number (CPAN) and producing at least one cryptographic master key set relating to this CPAN and transmitting, by a transmitting device, at least one produced cryptographic master key set for storage in a payment device. Further, the method includes receiving, by a receiving device, at least one device personal account number (DPAN), wherein each of the at least one DPAN is associated with a payment account associated with a consumer; generating, by a processing device, a repersonalization script for each of the at least one DPAN, wherein the repersonalization script includes a set of data associated with the corresponding DPAN; and transmitting, by the transmitting device, at least one repersonalization script to the payment device.Type: GrantFiled: March 15, 2013Date of Patent: April 17, 2018Assignee: MASTERCARD INTERNATIONAL INCORPORATEDInventors: Theresa Smith, David Anthony Roberts, David John Sylvester
-
Patent number: 9948610Abstract: A method, system, and apparatus for providing a client access to third-party resources by utilizing third-party access tokens via a network gateway. The method can prevent the third-party access tokens from being exposed directly to the client environment. The client receives a gateway security credential, which encapsulates the third-party access token in an encrypted form. The client provides the gateway access token to the network gateway where the third-party access token is decrypted and then used to access the third-party resource. Client requests to the network gateway are executed using a custom API. The gateway relays the client requests to the appropriate third-party resources using the third-party-specific API with the decrypted third-party access token. Gateway access tokens are short-lived and can be renewed according to the client-environment life cycle.Type: GrantFiled: August 28, 2015Date of Patent: April 17, 2018Assignee: Citrix Systems, Inc.Inventors: Robert Emer Broadbent, Tyrone F. Pike
-
Patent number: 9942268Abstract: The disclosed computer-implemented method for thwarting unauthorized attempts to disable security managers within runtime environments may include (1) monitoring a runtime environment that (A) facilitates execution of an application and (B) includes a security manager that prevents the application from performing unauthorized actions while running within the runtime environment, (2) detecting, while monitoring the runtime environment, an attempt to disable the security manager such that the security manager no longer prevents the application from performing the unauthorized actions, (3) identifying a source of the attempt to disable the security manager, (4) determining that the source of the attempt is not authorized to disable the security manager, and then (5) blocking the attempt to disable the security manager such that the security manager continues to prevent the application from performing the unauthorized actions while running within the runtime environment.Type: GrantFiled: August 11, 2015Date of Patent: April 10, 2018Assignee: Symantec CorporationInventor: Alexander Danileiko
-
Patent number: 9935943Abstract: A non-transitory computer-readable storage medium stores instructions for execution by a first client device, including instructions for transmitting an indication of availability of a first media presentation system and for transmitting to a second device a first authentication token for allowing the second device to access the first media presentation system, in response to a request from the second client device. The instructions also include instructions for requesting access to a second media presentation system that a third client device has indicated as being available and for sending to a server system a media control request directed to the second media presentation system. The media control request includes a second authentication token received from the third client device to allow the first client device to access the second media presentation system.Type: GrantFiled: August 29, 2016Date of Patent: April 3, 2018Assignee: SPOTIFY ABInventors: Oskar Werkelin Ahlin, Karl Sigfrids, Per Eckerdal, Richard Titmuss, Evan Shrubsole, Jamie Kirkpatrick
-
Patent number: 9930093Abstract: A “sign-off” cookie is generated and stored upon initiation of a web session between a client and a web application executing on a server. The sign-off cookie preferably comprises both an identifier for the session (a “session ID”) together with an identifier (such as a URL) for a sign-off resource (associated with a sign-off mechanism) that can be used to clean-up the web session following its termination. The sign-off cookie may be returned to the client and/or retained within a proxy. Upon termination of the web session, the URL in the sign-off cookie is used to initiate a request to the sign-off mechanism to clean-up the web session. This approach provides for dynamic web session clean-up without requiring any pre-configuration of the sign-off mechanism.Type: GrantFiled: March 14, 2012Date of Patent: March 27, 2018Assignee: International Business Machines CorporationInventors: Scott Anthony Exton, Keiran Robinson, John Sedgmen, Ben Lyle Straubinger
-
Patent number: 9923890Abstract: The embodiments described herein describe technologies for pre-computed data (PCD) asset generation and secure deployment of the PCD asset to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to generate a unique PCD asset for a target device. In response, the RA device generates the PCD asset and packages the PCD asset for secure deployment of the PCD asset to the target device and to be used exclusively by the target device. The RA device deploys the packaged PCD asset in a CM system for identification and tracking of the target device.Type: GrantFiled: November 6, 2014Date of Patent: March 20, 2018Assignee: Cryptography Research, Inc.Inventors: Michael Hamburg, Benjamin Che-Ming Jun, Paul C. Kocher, Daniel O'Loughlin, Denis Alexandrovich Pochuev
-
Patent number: 9906370Abstract: A first management node of a first rack can be registered to a shared file storage system by establishing a mutual trust relationship between the first management node and the shared file storage system. The first management node can access a plurality of respective public keys and a plurality of respective certificates of authority that are stored in the shared file storage system and associated with a plurality of respective registered management nodes. The first management node can store a public key and a certificate of authority in the shared file storage system. The first management node can form mutual trust relationships with other registered management nodes. The first management node can validate authenticity of messages received from registered management nodes of the plurality of registered management nodes using a respective public key and a respective certificate of authority associated with a respective registered management node sending a message.Type: GrantFiled: November 16, 2015Date of Patent: February 27, 2018Assignee: International Business Machines CorporationInventors: Ajay A. Apte, John Yow-Chun Chang, Ching-Yun Chao, Patrick L. Davis, Rohan Gandhi, Hugh E. Hockett, Yuhsuke Kaneyasu, Lewis Lo, Matthew D. McClintock, Scott C. Moonen, Ki H. Park, Ankit Patel, Kin Ueng, Iqbal M. Umair, Leonardo A. Uzcategui, Barbara J. Vander Weele
-
Patent number: 9892574Abstract: A method of monitoring access authorizations by an access monitoring system by a first method, the data carriers or the mobile electronic devices, on which a valid access authorization or an ID is assigned, are detected and the carriers/devices current positions are determined by trilateration or multilateration. A second imaging method is executed, parallel to the first method, and the current position of all persons presented in the entry area is detected by cameras. All persons, with and without valid access authorization, in the entry area are detected so that an ID map and a people map are created. The ID map corresponds to people who have valid access authorization and the people map corresponds everybody in the entry area. An overlay map is created by matching the ID map with the people map, to identify persons with valid access authorization or ID and the people without valid access authorization.Type: GrantFiled: December 28, 2016Date of Patent: February 13, 2018Assignee: SKIDATA AGInventors: Thomas Schlechter, Reinhard Surkau, Michael Heider, Christian Lang, Jorge Juan Clemente Diaz
-
Patent number: 9888144Abstract: A printing apparatus provided with an authentication function to request user information for an external apparatus has a direct wireless communication function, and does not request user information for the external apparatus under a condition that a user is logged into the printing apparatus and the external apparatus connects to the printing apparatus with the wireless communication using the direct wireless communication function.Type: GrantFiled: June 1, 2016Date of Patent: February 6, 2018Assignee: Canon Kabushiki KaishaInventor: Morikazu Ito
-
Patent number: 9876645Abstract: A manufacturer of computing equipment may generate a signature for computing equipment by measuring various attributes of the computing equipment, such as the impedance across circuits included in the computing equipment. Verification equipment may be provided to a recipient of the computing equipment. The verification equipment may be configured to generate a signature of the computing equipment over a physical connection between the verification equipment and the computing equipment. A determination may be made whether the computing equipment has been tamper with based at least in part on the signature generated by the manufacturer and the signature generated by the recipient.Type: GrantFiled: February 17, 2015Date of Patent: January 23, 2018Assignee: Amazon Technologies, Inc.Inventors: Harsha Ramalingam, Jesper Mikael Johansson, Jon Arron McClintock
-
Patent number: 9870454Abstract: Examples of techniques for determining security access based on user behavioral measurements are disclosed. In accordance with aspects of the present disclosure, a computer-implemented method is provided. The method may comprise performing a trust evaluation to calculate a trust penalty value for a user based on a plurality of measured user attributes. The method may further comprise determining, by a processing device, a security access level based on a predefined trust threshold and the trust penalty value for the user. The method may also comprise applying the security access level to the user.Type: GrantFiled: December 16, 2015Date of Patent: January 16, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Derek W. Botti, Ramamohan Chennamsetty, C. Steven Lingafelt, William H. Tworek
-
Patent number: 9865107Abstract: A method and an apparatus for performing authentication are provided. The method includes performing, by a first authentication unit in a first electronic device, authentication with respect to a second electronic device that requests authentication through a first communication mode and when the second electronic device is authenticated, transmitting first information used for controlling the first electronic device to the second electronic device through the first communication mode and transferring second information indicating that the second electronic device is authenticated to a second authentication unit in the first electronic device.Type: GrantFiled: May 20, 2016Date of Patent: January 9, 2018Assignee: Samsung Electronics Co., Ltd.Inventors: Moon-Su Chang, Yang-Soo Lee, Joo-Yeon Lee, Dong-Hyun Yeom
-
Patent number: 9858110Abstract: Managing credential for use with virtual machines includes storing a first virtual credential adapter within a hypervisor executing within a host data processing system. The first virtual credential adapter maintains a credential for a computing resource. Using a processor of the host data processing system, associating the first virtual credential adapter with a first virtual machine. The first virtual credential adapter is associated, at most, with a single virtual machine at any time. Responsive to associating the first virtual credential adapter with the first virtual machine, the first virtual machine accesses the computing resource using the credential maintained by the first virtual credential adapter.Type: GrantFiled: August 18, 2016Date of Patent: January 2, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Christine L. Eisenmann, Louis T. Fuka, James W. Moody, Washington E. Munive
-
Patent number: 9853971Abstract: Techniques for securing communications between fixed devices and mobile devices. A mobile device management server mediates communications between the fixed device and mobile device. The mobile device management server enrolls mobile devices and then assists with pairing the mobile devices to fixed devices in an out-of-band manner. This enrollment, coupled with out-of-band pairing, improves the speed and security of authenticating communication between fixed and mobile devices. If the mobile device has appropriate capabilities, the mobile device management server may request that the mobile device obtain and verify biometric data from a user prior to enrollment and performing authentication procedures.Type: GrantFiled: March 30, 2015Date of Patent: December 26, 2017Assignee: VMware, Inc.Inventor: Moses George
-
Patent number: 9838398Abstract: A method of managing access to enterprise resources is provided. An access manager may operate at a mobile device to validate a mobile application installed at that mobile device. If the access manager does not successfully validate the mobile application, the access manager may prevent the mobile application from accessing computing resource. If the access manager does successfully validate the mobile application, then the access manager may identify the mobile application as a trusted mobile application. The access manager may thus permit the trusted mobile application to access the computing resource.Type: GrantFiled: January 26, 2016Date of Patent: December 5, 2017Assignee: Citrix Systems, Inc.Inventors: Gary Barton, Zhongmin Lang, James Robert Walker
-
Patent number: 9825949Abstract: Authentication of cloud agents that collect and/or process industrial data facilitates secure communications with a cloud platform. An authentication component receives an authentication request from a cloud agent device residing at an industrial facility. The authentication component also authenticate the cloud agent device in response to the authentication request for a defined period of time based on an access key that uniquely identifies the cloud agent device residing at the industrial facility. A cloud data processing component receives, at a cloud platform, one or more data packets from the cloud agent device during the defined period of time and processes industrial data contained in the one or more data packets according processing instructions associated with the cloud platform.Type: GrantFiled: February 27, 2015Date of Patent: November 21, 2017Assignee: ROCKWELL AUTOMATION TECHNOLOGIES, INC.Inventors: Juan L. Asenjo, Francisco Maturana
-
Patent number: 9805106Abstract: Content maintained in a first repository of a first installation (which can optionally be an on-premise installation) of a content management system, as well as metadata associated with the content, can be shared via an approach in which content items maintained in the first repository are synchronized with a copy of the content items maintained in a second repository of a second installation (which can optionally be a cloud-based installation). The first installation can be optionally firewall protected. The copy of the content items can be accessed by collaborative users both within and external to a firewall. Related systems, methods, products, etc. are described.Type: GrantFiled: January 31, 2014Date of Patent: October 31, 2017Assignee: Alfresco Software, Inc.Inventors: Neil McErlean, Tuna Aksoy, Nick Burch, Michael Farman, Paul Holmes-Higgin, John Newton, Brian Remmington, Mark Rogers, Jan Vonka, David Webster
-
Patent number: 9800412Abstract: An approach is provided for securing data in a technical environment. In one embodiment, a processor obtains a first file, which when executed installs a first portion of a second file and an assembly key to assemble the second file. The processor executes this first file and then obtains the second portion of the second file. The processor assembles the second file using the first portion, the second portion, and the assembly key.Type: GrantFiled: November 23, 2015Date of Patent: October 24, 2017Assignee: Hand Held Products, Inc.Inventors: Erik Todeschini, Stephen Patrick Deloge, Donald Anderson
-
Patent number: 9801064Abstract: Some implementations may provide a method to have a user authenticated at a point of service. The method includes: accessing, by a target system, a multi-dimensional symbol rendered on a display of a mobile computing device of the user, the multi-dimensional symbol encoding endpoints and actions for the target system to perform in order to request and authenticate an identity of a user; decoding data in the multi-dimensional symbol to retrieve an identity token plus information about the authentication actions and the user's identity system; requesting the corresponding authentication actions of the user's identity system to include specific authentication measures for the user to perform as well as data for the user to release; and performing the authentication actions as requested and encoded in the multi-dimensional symbol such that the physical identity of the user of the mobile computing device is verified and the user consents to release the requested identity information at the point of service.Type: GrantFiled: September 29, 2016Date of Patent: October 24, 2017Assignee: MorphoTrust USA, LLCInventors: A. David Kelts, Timothy J. Brown
-
Patent number: 9800714Abstract: A control method executed by an information processing device having a function of wirelessly communicating with a wearable device and locking function of restricting operation of the information processing device, the control method includes acquiring acceleration information by an acceleration sensor; receiving information that is transmitted from the wearable device and relates to acceleration applied to the wearable device; and releasing the lock when the acceleration information acquired by the acceleration sensor matches the information relating to the acceleration.Type: GrantFiled: December 29, 2015Date of Patent: October 24, 2017Assignee: FUJITSU LIMITEDInventor: Masahiro Yamamoto
-
Patent number: 9800593Abstract: A controller for software defined networking includes a processor. The processor is configured to receive a first request including a first packet from a first communication partner. The processor is configured to generate an inspection message on basis of the first packet. The processor is configured to send the inspection message to the first communication partner. The processor is configured to monitor whether a first phenomenon occurs with respect to the first communication partner after the inspection message is sent. The first phenomenon is expected to occur when an authorized switch performs a process on basis of the inspection message. The processor is configured to determine, when the first phenomenon does not occur, that the first communication partner is not the authorized switch but an attacker.Type: GrantFiled: July 13, 2015Date of Patent: October 24, 2017Assignee: FUJITSU LIMITEDInventor: Sho Shimizu
-
Patent number: 9781092Abstract: In one embodiment, a method includes receiving an authentication key from an online social network in response to a request from a media-player device. The media-device player broadcasts the authentication key, which is received by a client system of a user of the online social network that is within range of the broadcast. The user is logged into the online social network via an application running on the client system. The application verifies the authentication key with the online social network. Location information of the client system and social-networking information of the user are sent by the application to the media-player device in response to the authentication key being verified. The first user is registered as an owner of the media-player device based on the location information, which indicates that the client system is within a threshold distance of the media-player device, and the social-networking information.Type: GrantFiled: August 26, 2015Date of Patent: October 3, 2017Assignee: Facebook, Inc.Inventors: Mateusz Marek Niewczas, Francislav Penov
-
Patent number: 9774581Abstract: A user equipment (UE) may perform functions locally, such as on a trusted module that resides within the UE. For example, a UE may perform functions associated with a single sign-on protocol, such as OpenID Connect for example, via a local identity provider function. For example, a UE may generate identity tokens and access tokens that can be used by a service provider to retrieve user information, such as identity information and/or user attributes. User attributes may be retrieved via a user information endpoint that may reside locally on the UE or on a network entity. A service provider may grant a user access to a service based on the information that it retrieves using the tokens.Type: GrantFiled: January 18, 2013Date of Patent: September 26, 2017Assignee: InterDigital Patent Holdings, Inc.Inventors: Andreas Leicher, Yogendra C. Shah, Vinod K. Choyi
-
Patent number: 9767275Abstract: A method of enforcing control of access by a hosting device to a secure element, and a secure element are described. The method includes steps performed by the secure element: receiving a request for retrieving at least one access rule controlling access to at least one application of the secure element, from access rules stored in the secure element; outputting at least one access rule retrieved from the stored access rules, wherein an access rule controlling access to an application of the secure element is retrieved by searching only in access rules stored in a security domain to which the application belongs in the secure element, or an access rule controlling access to an application of the secure element is stored only in a security domain to which the application belongs in the secure element.Type: GrantFiled: July 15, 2014Date of Patent: September 19, 2017Assignee: PT OBERTHUR TECHNOLOGIES INDONESIA LTD.Inventors: Balamurali Krisna, Dewi Lestari, Eric Setiawan
-
Patent number: 9762576Abstract: In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.Type: GrantFiled: February 26, 2009Date of Patent: September 12, 2017Assignee: Phonefactor, Inc.Inventor: Steve Dispensa
-
Patent number: 9763173Abstract: Approaches are described for configuring a wireless network device, such as an access point, with appropriate configurations such that the device is operable in one or more country and/or regulatory domains. At least some embodiments enable the configuration process to operate in an automatic configuration mode, wherein at least one of a plurality of access points can be configured to automatically obtain and apply regulatory domain and country configurations to operate in a particular regulatory domain. Other approaches provide for configuring an access point based on a manual configuration approach, wherein a portable computing device can be used to configured the access point to operate in a particular regulatory domain.Type: GrantFiled: January 15, 2014Date of Patent: September 12, 2017Assignee: CISCO TECHNOLOGY, INC.Inventors: Vishal Desai, Jim Nicholson, David Case, Sangita Mahishi
-
Patent number: 9760433Abstract: A flash memory controlling apparatus includes a data read/write interface and a controller. The data read/write interface is arranged to couple a first flash memory and a second flash memory, wherein the first flash memory includes a first storage plane and a first buffer, and the second flash memory includes a second storage plane and a second buffer. When the read/write interface couples the first flash memory and the second flash memory, the controller is arranged to temporary store a plurality of valid data stored in the first storage plane into the second buffer. After an erase cycle is performed on the first storage plane, the controller further programs the plurality of valid data temporarily stored in the second buffer into the first storage plane.Type: GrantFiled: March 24, 2015Date of Patent: September 12, 2017Assignee: Silicon Motion Inc.Inventor: Tsung-Chieh Yang
-
Patent number: 9749322Abstract: An information sharing system according to an embodiment includes an information processing system and a terminal and display device connected to the information processing system via a network. The information processing system is composed of one or more information processing apparatuses. The display device is equipped with a display unit on which an image is displayed. The display device includes a first identification-information acquiring unit that acquires identification information for identifying the display device on the network. The terminal acquires the identification information from the display device, and accesses a storage service and acquires access information, and transmits the acquired identification information and access information to the information processing system.Type: GrantFiled: November 20, 2014Date of Patent: August 29, 2017Assignee: RICOH COMPANY, LIMITEDInventors: Ken Takehara, Kunio Ozawa