Patent application number | Description | Published |
20100293600 | Social Authentication for Account Recovery - A backup account recovery authentication of last resort using social authentication is described. The account holder requests trustees who have been previously identified to obtain an account recovery code. The account recovery system sends a communication to the trustee for information to verify the trustee as one of the previously identified trustees. The account recovery system then may transmit a link and code with instructions for the trustee to return the link. The account recovery system then transmits a situational query to the trustee to provide additional security. Finally, if all the communications have been completed for the required level of security, the account recovery code is transmitted to the trustee. The trustee sends the account recovery code to the account holder for access to an account. | 11-18-2010 |
20100293608 | EVIDENCE-BASED DYNAMIC SCORING TO LIMIT GUESSES IN KNOWLEDGE-BASED AUTHENTICATION - Techniques to provide evidence-based dynamic scoring to limit guesses in knowledge based authentication are disclosed herein. In some aspects, an authenticator may receive an input from a user in response to a presentation of a personal question that enables user access to a restricted resource. The authenticator may determine that the input is not equivalent to a stored value, and thus is an incorrect input. The authenticator may then determine whether the input is similar to a previous input received from the user. A score may be assigned to the input. When the input is determined to be similar to the previous input, the score may be reduced. Another request for an input may be transmitted by the authenticator when a sum of the score and any previous scores of the session is less than a threshold. | 11-18-2010 |
20110154244 | Creating Awareness of Accesses to Privacy-Sensitive Devices - Techniques for providing intuitive feedback to a user regarding which applications have access to a data stream captured by a privacy-sensitive device, such as a camera, a microphone, a location sensor, an accelerometer or the like. These techniques apprise the user of when an application is receiving potentially privacy-sensitive data and the identity of the application receiving the data. In some instances, this feedback comprises a graphical icon that visually represents the data stream being received and that dynamically alters with the received data stream. For instance, if an application receives a data stream from a camera of a computing device of the user, the described techniques may display an image of the video feed captured by the camera and being received by the application. This graphical icon intuitively alerts the user of the data stream that the application receives. | 06-23-2011 |
20110258483 | Data Layout for Recovery and Durability - A Metadata server described herein is configured to generate a metadata table optimized for data durability and recovery. In generating the metadata table, the metadata server associates each possible combination of servers with one of the indices of the table, thereby ensuring that each server participates in recovery in the event of a server failure. In addition, the metadata server may also associate one or more additional servers with each index to provide added data durability. Upon generating the metadata table, the metadata server provides the metadata table to clients or servers. Alternatively, the metadata server may provide rules and parameters to clients to enable those clients to identify servers storing data items. The clients may use these parameters and an index as inputs to the rules to determine the identities of servers storing or designated to store data items corresponding to the index. | 10-20-2011 |
20110296258 | ERROR CORRECTING POINTERS FOR NON-VOLATILE STORAGE - Architecture that implements error correcting pointers (ECPs) with a memory row, which point to the address of failed memory cells, each of which is paired with a replacement cell to be substituted for the failed cell. If two error correcting pointers in the array point to the same cell, a precedence rule dictates the array entry with the higher index (the entry created later) takes precedence. To count the number of error correcting pointers in use, a null pointer address can be employed to indicate that a pointer is inactive, an activation bit can be added, and/or a counter, that represents the number of error correcting pointers that are active. Mechanisms are provided for wear-leveling within the error correction structure, or for pairing this scheme with single-error correcting bits for instances where transient failures may occur. The architecture also employs pointers to correct errors in volatile and non-volatile memories. | 12-01-2011 |
20130160110 | Device Locking with Hierarchical Activity Preservation - Techniques are described for device locking with activity preservation at a specified level within a multi-level hierarchy of device states. Such locking enables a user to share a device with another user while specifying a particular level of access to the device, such as access to a particular class of applications, a specific application, or a specific task within an application. Determination of the authorized activity may be based on a currently active application, or on the particular user gesture. The level of functionality made available may be based on the number of times a user gesture is repeated. Gestures may include a selection of a hardware or software control on the device, issuance of a voice command, and the like. | 06-20-2013 |
20130247224 | OWNER PRIVACY IN A SHARED MOBILE DEVICE - Systems and methods that regulate range of access to personal information of a mobile unit's owner. The access control component can designate granularity for access levels and/or a spectrum of access modes—(as opposed to a binary choice of full access or no access at all). Such access can be based on a spectrum and/or discrete trust relationship between the owner and user of the mobile unit. A profile definition component can exploit an owner's trust relationships to designate levels of security. The profile definition component can further define a profile based on a set of applications, such as entertainment mode, browser mode, and the like. | 09-19-2013 |
20140115701 | DEFENDING AGAINST CLICKJACKING ATTACKS - Described is a technology directed towards protecting against clickjacking attacks against interactive user interface elements in code that are described by the code author as sensitive to clickjacking attacks. Various defenses are described, including defenses to ensure target display integrity, pointer integrity, and temporal integrity. For example, a browser click on an element/web page may be determined to be invalid if target display integrity is compromised. Also described are defenses that act to increase the user's attention to what is actually being clicked, and defenses that disable or disallow functions and features used by attackers, such as when a sensitive element is being hovered over. | 04-24-2014 |
20140324722 | Social Authentication for Account Recovery - A backup account recovery authentication of last resort using social authentication is described. The account holder requests trustees who have been previously identified to obtain an account recovery code. The account recovery system sends a communication to the trustee for information to verify the trustee as one of the previously identified trustees. The account recovery system then may transmit a link and code with instructions for the trustee to return the link. The account recovery system then transmits a situational query to the trustee to provide additional security. Finally, if all the communications have been completed for the required level of security, the account recovery code is transmitted to the trustee. The trustee sends the account recovery code to the account holder for access to an account. | 10-30-2014 |