Lloyd Leon Burch - Payson UT, US Srinivas Vedula - Orem UT, US
Assignee:
Oracle International Corporation - Redwood City CA
International Classification:
G06F 7/04
US Classification:
726 9, 713173
Abstract:
Before a relying party grants a client access to a resource, the last use of the security token by the client to access the resource of the relying party can be verified. Verification can be accomplished by comparing the last time the client sent the security token to the relying party with the last time the relying party received the security token from the client. If the last use of the security token is not verified, the possibility exists that the security token has been fraudulently used by a third party.
Techniques For Recognizing Multiple Patterns Within A String
Cameron Craig Morris - Saratoga Springs UT, US Lloyd Leon Burch - Payson UT, US Srinivas Vedula - Orem UT, US
Assignee:
Novell, Inc. - Provo UT
International Classification:
G06F 7/00
US Classification:
707778
Abstract:
Techniques for recognizing multiple patterns within a string of characters are presented. A dictionary is hierarchically organized, such that leaf nodes within the dictionary represents words defined in the dictionary. A string of characters are received. Each character within the string is traversed by attempting to match it with a character defined in the dictionary. As long as a match continues with the dictionary the characters within the string are traversed. Once a longest possible match to a word within the dictionary is found, the next character following the last matched character for the string is processed.
In various embodiments, techniques for flexible resource authentication are provided. A principal attempts to login to a target resource using first credentials. The target resource does not recognize the first credentials and in response thereto forwards the first credentials to an identity service. The identity service authenticates the principal via the first credentials and supplies second credentials to the target resource. The target resource recognizes and authenticates the second credentials and grants access to the principal.
Techniques For Dynamic Generation And Management Of Password Dictionaries
Srinivas Vedula - Orem UT, US Cameron Craig Morris - Saratoga Springs UT, US
Assignee:
Novell, Inc. - Provo UT
International Classification:
H04L 29/06
US Classification:
713183, 726 6, 726 18
Abstract:
Techniques for dynamic generation and management of password dictionaries are presented. Passwords are parsed for recognizable terms. The terms are housed in dictionaries or databases. Statistics associated with the terms are maintained and managed. The statistics are used to provide strength values to the passwords and determine when passwords are acceptable and unacceptable.
Ginger M. Myles - San Jose CA, US Srinivas Vedula - Santa Clara CA, US Gianpaolo Fasoli - Palo Alto CA, US Julien Lerouge - Santa Clara CA, US Tanya Michelle Lattner - San Jose CA, US Augustin J. Farrugia - Cupertino CA, US
Assignee:
Apple Inc. - Cupertino CA
International Classification:
G06F 21/00
US Classification:
726 30, 726 26, 380 44, 711163, 719331
Abstract:
Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for call path enforcement. The method includes tracking, during run-time, a run-time call order for a series of function calls in a software program, and when executing a protected function call during run-time, allowing or causing proper execution of a protected function call only if the run-time call order matches a predetermined order. The predetermined order can be an expected run-time call order based on a programmed order of function calls in the software program. The method can include maintaining an evolving value associated with the run-time call order and calling the protected function by passing the evolving value and function parameters corrupted based on the evolving value. The protected function uncorrupts the corrupted parameters based on the passed evolving value and an expected predetermined call order. A buffer containing the uncorrupted parameters can replace the corrupted parameters.
Techniques For Real-Time Adaptive Password Policies
Srinivas Vedula - Orem UT, US Cameron Craig Morris - Saratoga Springs UT, US Larry Hal Henderson - Orem UT, US
Assignee:
Novell, Inc. - Provo UT
International Classification:
H04L 29/06
US Classification:
726 6, 726 1, 726 7, 713182
Abstract:
Techniques real-time adaptive password policies are presented. Patterns for passwords are regularly analyzed along with other factors associated with the patterns to dynamically determine password strength values. The strength values can change over time based on usage statistics. When a strength value falls below an acceptable threshold, passwords associated with that particular pattern can be downgraded or rejected in real-time and existing policy can be adapted to reflect the undesirability of that pattern.
Techniques For Credential Strength Analysis Via Failed Intruder Access Attempts
Srinivas Vedula - Orem UT, US Cameron Craig Morris - Saratoga Springs UT, US
Assignee:
Apple Inc. - Cupertino CA
International Classification:
G06F 21/00
US Classification:
713161
Abstract:
Techniques for credential strength analysis via failed intruder access attempts are presented. Intruders attempting to access a secure network with failed credentials are monitored. The failed credentials are retained and evaluated in view of previously recorded failed credentials. Credential policy is updated in response to the evaluation and intruder trends and sophistication levels are also predicted in response to the evaluation.
System And Method For Key Space Division And Sub-Key Derivation For Mixed Media Digital Rights Management Content
Gianpaolo Fasoli - Palo Alto CA, US Augustin J. Farrugia - Cupertino CA, US Bertrand Mollinier Toublet - Santa Clara CA, US Gelareh Taban - Sunnyvale CA, US Nicholas T. Sullivan - Sunnyvale CA, US Srinivas Vedula - Santa Clara CA, US
Disclosed herein are systems, methods, and non-transitory computer-readable storage media for key space division and sub-key derivation for mixed media digital rights management content and secure digital asset distribution. A system practicing the exemplary method derives a set of family keys from a master key associated with an encrypted media asset using a one-way function, wherein each family key is uniquely associated with a respective client platform type, wherein the master key is received from a server account database, and identifies a client platform type for a client device and a corresponding family key from the set of family keys. The system encrypts an encrypted media asset with the corresponding family key to yield a platform-specific encrypted media asset, and transmits the platform-specific encrypted media asset to the client device. Thus, different client devices receive device-specific encrypted assets which can be all derived based on the same master key.