Patent application number | Description | Published |
20090288150 | ACCESS CONTROL BY TESTING FOR SHARED KNOWLEDGE - Access to resource(s) intended to be shared with specific groups of individuals is controlled using concise tests of shared knowledge instead of (or in addition) to accounts and access control lists. Users can readily learn the concept and choose questions that will control the access by the desired group with little effort. Such questions can be relatively secure to guesses by those not intended to have access, particularly if the number of allowed guesses is relatively limited. Users can generally predict the security of their questions, but sometimes underestimate the ability of attackers to use Web searching or enumeration to discover answers. In such cases, the system can automatically discover weak questions and then suggest alternatives. By lowering the threshold to access control, shared knowledge tests can enable more types of information to acquire collaborative value on the Internet and on other types of networks. | 11-19-2009 |
20090323972 | PRIVACY-PRESERVING LOCATION TRACKING FOR DEVICES - A privacy-preserving device-tracking system and method to assist in the recovery of lost or stolen Internet-connected mobile devices. The function of such a system seem contradictory, since it is desirable to hide a device's legitimately-visited locations from third-party services and other parties to achieve location privacy, while still enabling recovery of the device's location(s) after it goes missing by tracking the device to determine its location. An exemplary embodiment uses a DHT for storing encrypted location information and other forensic information in connection with indices that are successively determined based on initial pseudorandom seed information (i.e., state) that is retained by the owner of the device. Using the seed information, the software can determine indices mapped to location information stored after the device went missing, enabling the device to be located. Numerous extensions are discussed for the basic exemplary design that increase its suitability for particular deployment environments. | 12-31-2009 |
20130117840 | USER-DRIVEN ACCESS CONTROL - An access system is described herein which allows an application module to access a user-owned resource based on an indication of a user's intent to interact with the user-owned resource. For example, the application module can provide an application user interface which embeds a gadget associated with a particular user-owned resource. The access system can interpret the user's interaction with the gadget as conferring implicit permission to the application module to access the user-owned resource associated with the gadget. In addition, or alternatively, the user may make a telltale gesture in the course of interacting with the application module. The access system can interpret this gesture as conferring implicit permission to the application module to access a user-owned resource that is associated with the gesture. | 05-09-2013 |
20130198522 | SYSTEMS AND METHODS FOR FILE ACCESS AUDITING - Systems and methods for providing an auditing file system for theft-prone devices are disclosed. The auditing file system supports fine-grained file auditing: a user may obtain reliable, explicit evidence that no files have been accessed after a device's loss. A user may also disable future file access after a device's loss, even in the absence of device network connectivity. In one embodiment, files are encrypted locally but the encryption keys are stored remotely, so that an audit server is queried for encryption keys to access protected files. By configuring the audit server to refuse to return a particular file's key, the user can prevent new accesses after the device is lost. | 08-01-2013 |
20130205385 | PROVIDING INTENT-BASED ACCESS TO USER-OWNED RESOURCES - An access system is described herein which allows an application to access a system-level and/or application-specific user-owned resource based on a user's interaction with an intent-based access mechanism. For example, the intent-based access mechanism may correspond to a gadget that is embedded in an application user interface provided by the application, and/or logic for detecting a permission-granting input sequence. The access system accommodates different types of intent-based access mechanisms. One type is a scheduled intent-based access mechanism. Another type provides access to two or more user-owned resources. Further, the access system includes a mechanism for determining whether the application is permitted to use an intent-based access mechanism. | 08-08-2013 |
20150071555 | Managing Access by Applications to Perceptual Information - Functionality is described herein by which plural environment-sensing applications capture information from an environment in a fine-grained and least-privileged manner. By doing so, the functionality reduces the risk that private information that appears within the environment will be released to unauthorized parties. Among other aspects, the functionality provides an error correction mechanism for reducing the incidence of false positives in the detection of objects, an offloading technique for delegating computationally intensive recognition tasks to a remote computing framework, and a visualization module by which a user may inspect the access rights to be granted (or already granted) to each application. | 03-12-2015 |
20150074506 | Managing Shared State Information Produced by Applications - A shared renderer maintains shared state information to which two or more augmented reality application contribute. The shared renderer then provides a single output presentation based on the shared state information. Among other aspects, the shared renderer includes a permission mechanism by which applications can share information regarding object properties. The shared renderer may also include: a physics engine for simulating movement of at least one object that is represented by the shared state information; an annotation engine for managing a presentation of annotations produced by plural applications; and/or an occlusion engine for managing the behavior of the output presentation when two or more objects, produced by two or more applications, overlap within the output presentation. | 03-12-2015 |
20150074742 | World-Driven Access Control - Functionality is described herein for managing the behavior of one or more applications, such as augmented reality applications and/or other environment-sensing applications. The functionality defines permission information in a world-driven manner, which means that the functionality uses a trusted mechanism to identify cues in the sensed environment, and then maps those cues to permission information. The functionality then uses the permission information to govern the operation of one or more applications. | 03-12-2015 |
20150074746 | World-Driven Access Control Using Trusted Certificates - Functionality is described herein for receiving events which characterize features in an environment, and for identifying at least one policy based on the events. The functionality consults a certificate, associated with the policy, to determine whether the policy is valid. If valid, the functionality uses the policy to govern the behavior of at least one application, such as by controlling the application's consumption of events. A trusted passport authority may be employed to generate the certificates. Each certificate may: (1) identify that it originated from the trusted passport authority; (2) contain context information which describes a context in which the policy is intended to be applied within an environment; and/or (3) contain machine-readable content that, when executed, carries out at least one aspect of the policy. | 03-12-2015 |