Patents Examined by Jeffrey Nickerson
-
Patent number: 11165567Abstract: A user terminal generates a first key pair and a second key pair, transmits a permission request including a public encryption key of the second key pair after electronically signing the permission request with a secret encryption key, and acquires, from permission information transmitted from a right-holder terminal, a content decryption key by using a secret decryption key of the second key pair and uses the content. The right-holder terminal stores a third key pair and the content decryption key, verifies the permission request received, and encrypts the content decryption key by using the public encryption key of the second key pair included in the permission request and transmits the permission information including the encrypted content decryption key after electronically signing the permission information with a secret encryption key of the third key pair. The permission request and the permission information are transmitted and received via a blockchain.Type: GrantFiled: August 19, 2016Date of Patent: November 2, 2021Assignee: Nippon Telegraph and Telephone CorporationInventors: Shigeru Fujimura, Akihito Akutsu, Tomokazu Yamada, Atsushi Nakadaira, Junichi Kishigami
-
Patent number: 11163877Abstract: The present disclosure discloses an information processing method, including the steps of acquiring at least one executable file of a specified type; extracting a first operation instruction from the at least one executable file of the specified type; determining the first operation instruction as a feature instruction if a preset policy is met; extracting a feature value of the feature instruction; constructing a virus classification model based on the feature value of the feature instruction for obtaining a virus structural feature parameter; extracting a second operation instruction from at least one to-be-analyzed file when the at least one to-be-analyzed file is identified according to the virus classification model; and identifying the to-be-analyzed file as a virus file if the feature value of the second operation instruction corresponds to the virus structural feature parameter.Type: GrantFiled: September 11, 2017Date of Patent: November 2, 2021Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITEDInventors: Shujie Lin, Yi Yang, Luxin Li, Tao Yu
-
Patent number: 11151267Abstract: A single architected instruction to perform multiple functions is executed. The executing includes performing a first function of the multiple functions and a second function of the multiple functions. The first function includes moving a block of data from one location to another location, and the second function includes setting one portion of a storage key using one selected key and another portion of the storage key using another selected key. The storage key is associated with the block of data and controls access to the block of data. The first function and the second function are performed as part of the single architected instruction.Type: GrantFiled: February 25, 2019Date of Patent: October 19, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Timothy Siegel, Elpida Tzortzatos
-
Patent number: 11122047Abstract: A method and system for providing invitation links with enhanced protection are presented. The method includes sending, to at least one invitee, at least one invitation link for accessing the protected resource, wherein the at least one invitation link includes a secret invitation code encoded therein, wherein the secret invitation code is unique to each invitee, the invitation link is sent to the at least one invitee through a primary communication channel; upon detecting an attempt to access the at least one invitation link, determining whether the encoded secret invitation code matches a known secret invitation code; upon determining that the secret invitation code matches the known secret invitation code, performing a verification process to authenticate the invitee via a secondary channel of communication; and upon determining that the verification process has been passed, granting access to the protected resource.Type: GrantFiled: March 31, 2015Date of Patent: September 14, 2021Assignee: CTERA Networks, Ltd.Inventor: Aron Brand
-
Patent number: 11082849Abstract: A device obtains proof of its authority to use a first set of selectively activated features (first proof). An authorization server signs the first proof with its private key. The device sends a request to use a network service to a network node. The device sends the first proof to the network node. The network node validates the first proof using a public key of the authorization server. The network node grants the request to use the network service. The device sends a request for proof of authority for the network node to provide the network service (second proof). The device obtains the second proof, signed by another authorization server, and validates the second proof before using the network service. The first proof and the second proof each include a list of selectively activated features, where the selectively activated features are needed to use or provide the network service.Type: GrantFiled: March 28, 2016Date of Patent: August 3, 2021Assignee: QUALCOMM IncorporatedInventors: Soo Bum Lee, Gavin Bernard Horn, John Smee, Rajesh Pankaj, Thomas Rouse
-
Patent number: 11075768Abstract: A RFID tag (501), reader (502) and protocol allow a protected read operation in a two-step tag authentication with cipher-block cryptography. A challenge-response mechanism using a shared secret symmetric key (638) for tag authentication includes a challenge and information to read data from a tag's memory (637). Tag's response to the challenge-response mechanism includes the response to the reader's challenge and data from the tag's memory. A method embeds a protected write operation in a four-step reader authentication with cipher-block cryptography. The protocol allows a challenge-response mechanism using the shared secret symmetric key for reader authentication including a challenge and information to write data to the tag's memory. Reader's response to the challenge-response mechanism includes a response to the tag's challenge and data for writing to the tag's memory.Type: GrantFiled: March 23, 2016Date of Patent: July 27, 2021Assignee: CENTRO DE PESQUISAS AVANCADAS WERNHER VON BRAUNInventors: Alexander Peter Sieh, Henrique Uemura Okada
-
Patent number: 11003789Abstract: The invention relates to a data isolation system for targeted services. The system includes separate ID management systems used by data holders, service providers and additional parties. The ID management systems reconcile IDs between the systems without sending restricted information from a data holder or other party. In some embodiments, the system may reconcile separate third party IDs to determine common people or entities represented by the IDs.Type: GrantFiled: May 15, 2020Date of Patent: May 11, 2021Assignee: Epsilon Data Management, LLCInventors: Neeraj Aggarwal, Dax Michael Bays, Edgar Denny, Ilya G. Ehrlich, Michael Henry Hurley
-
Patent number: 10992703Abstract: A security server receives a full hash and a set of subhashes from a client. The security server determines that the full hash is whitelisted. The security server updates, for each subhash in the set of subhashes, an associated clean count. The security server adds a subhash to a subhash whitelist responsive to an associated clean count exceeding a threshold. The security server receives a second set of subhashes. The security server determines whether at least one of the subhashes in the second set of subhashes is included in the subhash whitelist. The security server reports to the client based on the determination.Type: GrantFiled: March 4, 2019Date of Patent: April 27, 2021Assignee: Malwarebytes Inc.Inventors: Douglas Stuart Swanson, Mina Yousseif, Jon-Paul Lussier, Jr.
-
Patent number: 10977361Abstract: Systems and methods for controlling privileged operations. The system and method may comprise the steps of: providing a kernel module having a kernel authorization subsystem, the kernel module being loadable to a client computer system and configured to intercept file operations, wherein the kernel authorization subsystem may manage authorization of the one or more file operations; registering a listener for the kernel authorization subsystem; monitoring the file operations for a file access, and calling the registered listener by the kernel authorization subsystem when the kernel authorization subsystem detects the file access; calling a privileged daemon by the kernel module, when identifying the file access; and checking a policy, by the privileged daemon, and determining, based on the policy, whether at least one applied rule is applicable. If the at least one applied rule is applicable, the privileged daemon may initialize a launcher module, which may launch the target application.Type: GrantFiled: May 16, 2017Date of Patent: April 13, 2021Inventor: Andrey Kolishchak
-
Patent number: 10924274Abstract: A network device may determine that network traffic for a communication session between a first peer device and a second peer device is to be protected using a security protocol suite. The network device may establish, using one or more tunnels, multiple security associations that are to be used to securely provide the network traffic of the communication session over an unsecured medium. The network device may determine a rekey scheduling time for each security association, of the multiple security associations, based on a combination of configuration information and dynamic network device information. The network device may perform, at each rekey scheduling time, a rekeying procedure to rekey each security association of the multiple security associations.Type: GrantFiled: February 13, 2018Date of Patent: February 16, 2021Assignee: Junioer Networks, Inc.Inventors: Shibu Piriyath, Vinay Gudur
-
Patent number: 10897462Abstract: Systems and methods for operating a computing system. The methods comprise: obtaining, by a first computing device, an original Security Identifier (“SID”); transforming, by the first computing device, the original SID into a composite SID by modifying the original SID to include at least (a) an SID format value indicating a structural format of an SID and (b) a pointer specifying a memory location at which non-SID authentication information is stored or a customer number indicating an entity to which a user is associated; and using the composite SID by the first computing device during SID based operation.Type: GrantFiled: May 16, 2017Date of Patent: January 19, 2021Assignee: CITRIX SYSTEMS, INC.Inventor: Andrew Ogle
-
Patent number: 10867059Abstract: In an exemplary process, while a device is in a locked state, a lock screen interface including a camera icon is displayed on a touch-sensitive display. A gesture is detected on the touch-sensitive display. In response to a determination that the gesture is on the camera icon and meets predetermined activation criteria, the lock screen interface ceases to be displayed and an interface for a camera application displayed. In response to a determination that the gesture starts at a location on the touch-sensitive display other than the camera icon and includes movement in a first direction, the lock screen interface ceases to be displayed and an unlocked user interface with access to a plurality of applications is displayed.Type: GrantFiled: May 31, 2018Date of Patent: December 15, 2020Assignee: Apple Inc.Inventors: Richard R. Dellinger, Imran Chaudhri, Gregory Christie, Scott Forstall
-
Patent number: 10853505Abstract: An online service may maintain or create data for a user, and a user may be allowed to exert control over how the data are used. In one example, there may be several categories of data, and the user may be able to specify who may use the data, and the purpose for which the data may be used. Additionally, a user may be able to see how many of his “friends” (or other contacts) have extended trust to a particular entity, which may aid the user in making a decision about whether to extend trust to that entity. User interfaces may be provided to allow users to specify how their data are to be used.Type: GrantFiled: December 30, 2011Date of Patent: December 1, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Arie Friedman, Hadas Bitran, Uri Barash, Marc Davis, Oded Nahir
-
Patent number: 10756902Abstract: A content distribution system includes content receivers that provide a plurality of blockchain databases that store transaction records associated with subscriber requests for content, and a computer system that processes those transaction records and enables authorized content receivers to output requested content.Type: GrantFiled: December 28, 2017Date of Patent: August 25, 2020Assignee: DISH Network L.L.C.Inventors: Christofer Hardy, David Abraham
-
Patent number: 10681018Abstract: One embodiment provides a system that facilitates efficient and transparent encryption of packets between a client computing device and a content producing device. During operation, the system receives, by a content producing device, an interest packet that includes a masked name which corresponds to an original name, wherein the original name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level. The system obtains the original name based on the masked name. The system computes a symmetric key based on the original name and a generated nonce. The system generates a content object packet that corresponds to the original name and includes the masked name, the nonce, and a payload encrypted based on the symmetric key, wherein the content object packet is received by a client computing device.Type: GrantFiled: August 27, 2018Date of Patent: June 9, 2020Assignee: Cisco Technology, Inc.Inventor: Christopher A. Wood
-
Patent number: 10671708Abstract: The improved detection of malicious processes executing on a networked computing device is provided. An agent running on the networked computing device monitors the communications transmitted to devices outside of the network to determine whether the process is likely using a periodic beacon signal to communicate with an external control center associated with a potentially malicious party. The agent maintains a dictionary data structure of objects, identifiable by the process identifier and the remote device's address, to track a given process/destination group's communication history. The communication history is updated when new messages are identified for periodic patterns to be identified for the messages, which may be used to identify a process as potentially malicious.Type: GrantFiled: February 11, 2019Date of Patent: June 2, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Kyle Allan Reed, Matthew Michael Swann, Edward Chris Thayer
-
Patent number: 10671743Abstract: Protecting a fragment of a document includes automatically detecting the fragment without user intervention based on the content of the fragment and/or the context of the fragment within a set of documents, selectively encrypting the fragment to prevent unauthorized access, and providing an alternative view of the fragment that prevents viewing and access of content corresponding to the fragment unless a decryption password is provided. Automatically detecting the fragment may include detecting numbers and alphanumeric sequences of sufficient length that do not represent commonly known abbreviations, detecting generic terms, detecting proper names, detecting terms signifying a type of content, detecting mutual location of terms and sensitive content, and/or detecting user defined terms. The generic terms may correspond to password, passcode, credentials, user name, account, ID, login, confidential, and/or sensitive. The proper names may be names of financial organizations and security organizations.Type: GrantFiled: April 16, 2019Date of Patent: June 2, 2020Assignee: EVERNOTE CORPORATIONInventor: Phil Libin
-
Patent number: 10637877Abstract: At an electronic computing device, a first memory footprint is obtained for a protected computer. The protected computer is monitored with the electronic computing device. At the electronic computing device, a second memory footprint is obtained for the protected computer. The first memory footprint is compared with the second memory footprint. When the first memory footprint does not match the second memory footprint, a security alert is initiated for the protected computer.Type: GrantFiled: March 8, 2016Date of Patent: April 28, 2020Assignee: Wells Fargo Bank, N.A.Inventors: Ramanathan Ramanathan, Rama Rao Yadlapalli, Ajay Kumar Rentala, Vamsi Krishna Geda
-
Patent number: 10628607Abstract: The disclosure provides a method for protecting PIN code on Android platform, including: introducing, by Java layer, start event to C layer after invoked by upper layer; invoking, by C layer, Java layer via JNI to generate a password-storage-class-instance after receiving start event, and invoking Java layer after receiving a handle returned by Java layer to monitor input from user; storing, by Java layer, PIN code data into a instance memory when Java layer monitors PIN code data from user, updating storage location identification, and introducing encrypting event to C layer; introducing, by Java layer, confirming event to C layer when Java layer monitors confirmation information from user; accessing, by C layer, the instance via handle to encrypt the PIN code data when receiving encrypting event; and accessing, by C layer, the instance via handle to decrypt the encrypted data in instance memory to obtain PIN code.Type: GrantFiled: September 20, 2017Date of Patent: April 21, 2020Assignee: FEITIAN TECHNOLOGIES CO., LTD.Inventors: Zhou Lu, Huazhang Yu
-
Patent number: 10594485Abstract: An authentication system includes first and second terminals, and an authentication subsystem. The authentication subsystem: generates a first token based on reception of a code image authentication start request, generates and stores a code image key in association with the first token, generates and stores a code image including the code image key at a URL of the storage unit, transmits the first token and the URL to the first terminal, registers the received first token as a key in an information transmitting and receiving unit, checks whether a received ID of the second terminal is a unique ID, when the received unique ID of the second terminal is the unique ID, checks whether the received code image key is stored in the storage unit, and transmits a first response code to the information transmitting and receiving unit using, as a key.Type: GrantFiled: March 25, 2019Date of Patent: March 17, 2020Assignee: ISAO CORPORATIONInventors: Toshiki Maezawa, Takahiro Nishida, Hiroyuki Kikuchi, Hiroyuki Torii