Patents Examined by Alexander R Lapian
-
Patent number: 10355868Abstract: The present disclosure relates to a method of managing a controller with reliability and, more particularly, to authentication and data exchange during installation/use/removal of a vehicle controller, a gateway and a tester using an encryption algorithm. A method of authenticating a controller by a gateway in a vehicle includes: transmitting a first message including a first random number to the controller when a first condition is satisfied; receiving, from the controller, a second message including the first random number to which an electronic signature has been attached through a private key of the controller; decrypting the first random number having the electronic signature attached thereto using a public key of the controller; and transmitting, to the controller, a symmetric key encrypted using the public key of the controller when the decryption has been successfully performed.Type: GrantFiled: December 7, 2016Date of Patent: July 16, 2019Assignees: HYUNDAI MOTOR COMPANY, KIA MOTORS CORPORATION, YURA CORPORATION CO., LTD.Inventors: A Ram Cho, Ho Jin Jung, Hyun Soo Ahn, Young Hoon Kwon, Soo Mi Kim
-
Patent number: 10305911Abstract: Provided are systems and methods for managing access to web content. An example method includes receiving a request to provide a user with access to web content, determining that the user could have one or more cognitive conditions, determining that the web content is not approved for access by the user, presenting an interactive challenge, determining that the user has successfully completed the interactive challenge, sending a web content access request comprising an indication of the user and the web content, receiving an indication that the web content is approved for access by the user, and providing the user with access to the web content.Type: GrantFiled: July 6, 2015Date of Patent: May 28, 2019Assignee: Amazon Technologies, Inc.Inventors: Joshua Thomas Eyre, Ryan Pruden, Kamlesh Nanda, Camilla de Oliveira Penna Tavares, Anthony McCann, Sai Vishnu Kiran Bhyravajosyula
-
Patent number: 10291405Abstract: In response to receiving an unknown first session identifier from a client for a first communication session between the client and a server, a Man in the Middle (MitM) computer requests a second session identifier from the server for a second communication session between the server and the MitM computer. The MitM computer generates a third session identifier for a third communication session between the MitM computer and the client. The MitM computer generates a fourth communication session between the server and the client using a combination of the second communication session and the third communication session. In response to receiving an invalid session identifier from the client for a fifth communication session between the client and the server, the MitM computer transmits an instruction, to the client, to flush a session cache in the client to force a full TLS handshake between the client and the server.Type: GrantFiled: July 15, 2016Date of Patent: May 14, 2019Assignee: International Business Machines CorporationInventors: Cheng-Ta Lee, Ping Min Lin, Wei-Shiau Suen, Ming-Hsun Wu
-
Patent number: 10284595Abstract: The present disclosure is directed towards systems and methods for evaluating or mitigating a network attack. A device determines one or more client internet protocol addresses associated with the attack on the service. The device assigns a severity score to the attack based on a type of the attack. The device identifies a probability of a user account accessing the service during an attack window based on the type of attack. The device generates an impact score for the user account based on the severity score and the probability of the user account accessing the service during the attack window. The device selects a mitigation policy for the user account based on the impact score.Type: GrantFiled: May 6, 2016Date of Patent: May 7, 2019Assignee: CITRIX SYSTEMS, INC.Inventors: Anoop Reddy, Kenneth Bell, Georgios Oikonomou, Kurt Roemer
-
Patent number: 10250571Abstract: A new approach is proposed that contemplates systems and methods to support a mechanism to offload IPSec/IKE processing of virtual machines (VMs) running on a host to an embedded networking device, which serves as a hardware accelerator for the VMs that need to have secured communication with a remote device/server over a network. By utilizing a plurality of its software and hardware features, the embedded networking device is configured to perform all offloaded IPSec operations on data packets transferred between the host and the remote device over the network as required for the secured communication before the data packets can be transmitted over the network. The embedded networking device, in effect, acts as a proxy on behalf of the VMs running on the host to perform the offloaded IPSec operations as well as serving as the network interface for the secured communication between the VMs and the remote device.Type: GrantFiled: August 24, 2016Date of Patent: April 2, 2019Assignee: Cavium, LLCInventors: Ram Kumar Manapragada, Venkat Koppula, Manojkumar Panicker
-
Patent number: 10230708Abstract: A request is received from a deployer associated with an application to create an instance broker service instance. A request is received from the deployer to bind the instance broker service instance to the application. Instance broker credentials associated with the instance broker service instance are received and provided to the application. The application uses the instance broker credentials to access the instance broker service instance and determines whether to create a new service instance using the instance broker service instance.Type: GrantFiled: May 20, 2016Date of Patent: March 12, 2019Assignee: SAP SEInventor: Peter Eberlein
-
Patent number: 10218734Abstract: The disclosure is directed to a system for improving security of SSL communications. The system can include an device intermediary between one or more servers, one or more clients, a plurality of agents, and a web service. The servers can be configured to receive SSL connections and issue SSL certificates. The device can include a virtual server associated with a respective one of the servers, such that the SSL certificate of the respective server is transmitted through the device. The device can generate service fingerprints for the one or more servers. Each service fingerprint can include information corresponding to an SSL certificate of the virtual server, one or more DNS aliases for a virtual IP address of the respective virtual server, one or more port numbers serving the SSL certificate, and an IP address serviced by the device. The device also can transmit the service fingerprints to a web service.Type: GrantFiled: May 6, 2016Date of Patent: February 26, 2019Assignee: Citrix Systems, Inc.Inventors: Anoop Reddy, Kenneth Bell, Georgios Oikonomou, Kurt Roemer
-
Patent number: 10200350Abstract: Methods and apparatuses for located-based content access control have been disclosed. A method may comprise: receiving, at a mobile device, from a short distance communication node, an identifier of the node; generating a device key for the mobile device based on the identifier of the node and an identifier of the mobile device; sending to the node the device key and the identifier of the mobile device, at least based on which the mobile device may be authenticated; and receiving, at the mobile device, from the node, one or more content keys, either encrypted or unencrypted, for decrypting content that has been or is to be saved in the mobile device.Type: GrantFiled: September 4, 2012Date of Patent: February 5, 2019Assignee: NOKIA TECHNOLOGIES OYInventors: Wei Liu, Wenwei Xue
-
Patent number: 10187358Abstract: Data transfer between a first computer system and a second computer system utilize parallel servers of the second computer system. A plurality of data chunks collectively comprise a data object. The data chunks may be encrypted and sent over parallel channels to the second computer system, which may be a data storage service of a computing resource service provider. The data object, or a portion thereof, may be downloaded from the data storage system in parallel.Type: GrantFiled: December 3, 2013Date of Patent: January 22, 2019Assignee: Amazon Technologies, Inc.Inventors: Sean Anthony Fahey, Brent James Hill
-
Patent number: 10169695Abstract: A method and system for transacting with a removable marking element is disclosed. A removable marking element including credentials can be associated with an account. A user can activate and manage the account via a mobile device. The mobile device can access the account by providing a product identifier. A product identifier may be provided in removable marking element packaging. For example, the product identifier may be encoded in a machine readable code on the packaging.Type: GrantFiled: June 24, 2016Date of Patent: January 1, 2019Assignee: VISA INTERNATIONAL SERVICE ASSOCIATIONInventors: Jillian Friant, Angela Moore
-
Patent number: 10158657Abstract: Techniques are provided for determining a reputation of a source address based on analytics of interaction history. In an embodiment, computers store interaction data that indicates a plurality of interactions between users and an online entity. For each interaction of the plurality of interactions, the interaction data indicates a source address of a user. For each source address of a plurality of source addresses indicated in the interaction data, the computers determine an aggregate measurement indicating aggregate behavior of users associated with an aggregate subset of interactions of the plurality of interactions. Each interaction of the aggregate subset is associated with said source address. The computers determine a negative measurement indicating negative behavior of users that are associated with a negative subset of interactions of the aggregate subset. The computers generate, based on the negative and aggregate measurements, a score that indicates a reputation of said each source address.Type: GrantFiled: August 6, 2015Date of Patent: December 18, 2018Assignee: Microsoft Technology Licensing LLCInventors: Jenelle Bray, Grace Tang
-
Patent number: 10148629Abstract: An application executing on a user device can receive a request to access a remote computer system. The application can automatically obtain an authentication code that is generated based at least in part on a seed value, which can be stored in the user device. The application can automatically generate an authentication request based at least in part on the access information and the authentication code, and transmit the authentication request to remote computer system.Type: GrantFiled: September 23, 2013Date of Patent: December 4, 2018Assignee: Amazon Technologies, Inc.Inventors: Gregory Branchek Roth, Ian Nicholas Wesley-Smith, Cristian M. Ilac, Patrick James Ward
-
Patent number: 10129239Abstract: The present disclosure is directed towards systems and methods for scanning of a target range of IP addresses to verify security certificates associated with the target range of IP addresses. Network traffic may be monitored between a plurality of clients and a plurality of servers over an IP address space. Traffic monitors positioned intermediary to the plurality of client and the plurality of servers can identify a target range of IP addresses in the address space for targeted scanning. The target range of IP address may be grouped into a priority queue and a scan can be performed of the target range of IP addresses to verify a security certificate associated with each IP address in the target range of IP addresses. In some embodiments, a rogue security certificate is detected that is associated with at least one IP address in the target range of IP addresses.Type: GrantFiled: May 6, 2016Date of Patent: November 13, 2018Assignee: Citrix Systems, Inc.Inventors: Kenneth Bell, Anoop Reddy
-
Patent number: 10122726Abstract: Methods, network nodes, and user equipment nodes are disclosed that control the operation of applications on user equipment nodes. A method includes receiving user information that identifies a user of the user equipment node (120) and application information that identifies an application that the user has selected for installation on the user equipment node. A user profile is retrieved from a user profile repository (106) using the user information, and an application profile is retrieved from an application profile repository (104) using the application information. Settings configuration information is generated responsive to the user profile and the application profile, and indicates what permissions are to be granted to the application while operating on the user equipment node.Type: GrantFiled: August 30, 2012Date of Patent: November 6, 2018Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Joerg Niemoeller, Stefan Avesand, Leonid Mokrushin, Farjola Peco
-
Patent number: 10116654Abstract: The invention proposes a method for cloning a first secure element from a backup secure element of a user, said backup secure element comprising at least credentials of said user. The method comprises a preliminary phase of checking the authenticity of the first secure element using a second secure element, said second secure element being able to be paired with a third secure element.Type: GrantFiled: September 3, 2013Date of Patent: October 30, 2018Assignee: GEMALTO SAInventor: Alain Rhelimi
-
Patent number: 10110585Abstract: A zero-trust network and methods of using same are disclosed. The network includes a plurality of nodes, some of which are user devices, such as mobile phones, some of which are computer servers. One or more of the nodes includes a directory system. When a server receives an access request by a user device or other node, the directory system is notified of the request. The directory system will contact a number of randomly selected nodes, and if any one of the nodes does not recognize the requesting device, the requesting device will be denied access. If every queried node is able to authenticate the requesting device, the directory system creates a session for the first device to access the server. The directory system can grant access by providing the server and device reciprocating keys. After the session ends, the accessed node is assigned a new identifier.Type: GrantFiled: December 31, 2016Date of Patent: October 23, 2018Assignee: Entefy Inc.Inventors: Alston Ghafourifar, Joseph Kye Monroe
-
Patent number: 10110378Abstract: Disclosed is a method for stabilizing a quantum cryptography system, which includes: determining whether the quantum cryptography system operates in a stabilized state, on the basis of a bit error rate or a key rate of the quantum cryptography system; and readjusting an arrival time of a gate pulse or a laser operation time so that an arrival time of a single photon for a photon detector is aligned with the arrival time of the gate pulse, when the quantum cryptography system does not operate in a stabilized state. Here, the quantum cryptography system may be a two-way quantum cryptography system.Type: GrantFiled: June 8, 2016Date of Patent: October 23, 2018Assignee: Korea Institute of Science and TechnologyInventors: Sang Wook Han, Sung Wook Moon, Yong-Su Kim, Il Young Kim, Byungkwon Park
-
Patent number: 10097562Abstract: A system includes reception, at a server and in a first browser session, of a request from a client for a token to access a first software service, determination of a token stored in a server memory of the server and associated with the first service and the client, determination, at the server, of whether a validity period of the token is within a predetermined period of expiration, and, if it is determined that the validity period of the token is within a predetermined period of expiration, transmission of a request for a new token to access the first software service from a token provider associated with the first service, reception of the new token from the token provider, and provision of the new token to the client in the first browser session.Type: GrantFiled: May 6, 2016Date of Patent: October 9, 2018Assignee: SAP SEInventors: Apoorv Bhargava, Aswin Kumar Jayaraman, Raghavendra Rao M G, Naveed Mohammed, Markus Schmidt-Karaca
-
Patent number: 10068088Abstract: A computer-implemented method, computer program product, and system for determining whether a user exhibits machine behavior, or does not exhibit human-like behavior, thereby to authenticate the user for access to a software service.Type: GrantFiled: February 19, 2016Date of Patent: September 4, 2018Assignee: BehavioSecInventors: Neil Costigan, Ingo Deutschmann, Tony Libell, Johanna Skarpman Munter, Peder Nordström
-
Patent number: 10061922Abstract: Systems and methods for malware detection techniques, which detect malware by identifying the C&C communication between the malware and the remote host. In particular, the disclosed techniques distinguish between request-response transactions that carry C&C communication and request-response transactions of innocent traffic. Individual request-response transactions may be analyzed rather than entire flows, and fine-granularity features examined within the transactions. As such, these methods and systems are highly effective in distinguishing between malware C&C communication and innocent traffic, i.e., in detecting malware with high detection probability and few false alarms.Type: GrantFiled: April 30, 2013Date of Patent: August 28, 2018Assignee: Verint Systems Ltd.Inventors: Yuval Altman, Assaf Yosef Kere, Ido Krupkin, Pinhas Rozenblum