Patents Examined by Richard W Cruz-Franqui
-
Patent number: 10834131Abstract: A method, system, and computer-usable medium are disclosed for (a) responsive to communication of a client handshake from a client to a server for establishing encrypted communications between the client and the server: (i) holding open, by an intermediate verification system interfaced between the server and the client, the client handshake; and (ii) opening a connection between the intermediate verification system and the server via which the intermediate verification system issues a server verification handshake to the server; (b) responsive to issuance of the server verification handshake to the server, receiving a server certificate associated with the server by the intermediate verification system; (c) responsive to receipt of the server certificate, processing, by the intermediate verification system, the server certificate to determine an identity of the server; and (d) rendering, by the intermediate verification system, a security policy decision regarding traffic between the server and client basedType: GrantFiled: November 28, 2017Date of Patent: November 10, 2020Assignee: Forcepoint LLCInventors: Tuomo Syvänne, Olli-Pekka Niemi, Valtteri Rahkonen
-
Patent number: 10833861Abstract: A processor-implemented method improves security in a blockchain network of devices by protecting security, privacy and ownership assurance of identity assets, where the blockchain network of devices supports a blockchain. An identity asset provider device establishes co-ownership of an identity asset for an identity asset provider and an entity. The identity asset provider device directs a first member of the blockchain network of devices to associate identities of the identity asset provider and the entity based on their co-ownership of the identity asset by using commitments between the identity asset provider and the entity and based on collaborative proof of ownership of the identity asset using zero knowledge proofs in the blockchain network of devices.Type: GrantFiled: November 28, 2017Date of Patent: November 10, 2020Assignee: International Business Machines CorporationInventors: Suresh Chari, Hasini Gunasinghe, Hugo M. Krawczyk, Ashish Kundu, Kapil Kumar Singh, Dong Su
-
Patent number: 10834102Abstract: A client comprising a web browser is provided. The client is configured to: run an application in the web browser, the application comprising a sensor including sensor JavaScript code, wherein running the application comprises executing the sensor JavaScript code as the first JavaScript code in the web browser to activate the sensor; and wherein the sensor is configured to: gather data with respect to the application at runtime; and check predetermined application-specific rules against the gathered data for detecting client-side attacks at runtime.Type: GrantFiled: January 5, 2018Date of Patent: November 10, 2020Assignee: SAP SEInventors: Martin Johns, Martin Haerterich, Christoph Haefner
-
Patent number: 10819522Abstract: Disclosed herein are embodiments of systems, methods, and products for authentication using entropic threshold. A server may require a user to create a series of security questions to which only the user has the answers. The answers to the security questions may satisfy an entropic threshold. Based on the answers to the security questions, the client device may generate a passphrase and encrypt the user's private key based on the passphrase. The server may also store the encrypted private key and the series of security questions into a database. When the user tries to access the private key, the server may send the user's security questions and encrypted private key. The client device may require the user to provide the answer to each security question. When the client device receives answers to all security questions, the client device may use the resulting passphrase to decrypt the user's encrypted private key.Type: GrantFiled: January 3, 2020Date of Patent: October 27, 2020Assignee: BlockGen Corp.Inventors: William Roy, Timothy McLean
-
Patent number: 10812507Abstract: System and methods are described which are useful for efficiently combining characteristic detection rules, such as may be done to efficiently and quickly assist in the dispositioning of user reported security threats.Type: GrantFiled: April 19, 2019Date of Patent: October 20, 2020Assignee: KnowBe4, Inc.Inventors: Marcio Castilho, Alin Irimie, Michael Hanley, Daniel Cormier, Raymond Skinner
-
Patent number: 10812135Abstract: A network includes a first wireless node that communicates over a wireless network connection. The first wireless node includes a first encryption engine that processes a first initialization data set and a current transmit sequence associated with a current communication to generate a next transmit sequence that is employed to communicate with a second wireless node that derives a next received sequence that corresponds to the next transmit sequence to process a subsequent communication.Type: GrantFiled: September 28, 2017Date of Patent: October 20, 2020Assignee: TEXAS INSTRUMENTS INCORPORATEDInventors: Ariton E. Xhafa, Xiaolin Lu, Jianwei Zhou, Il Han Kim
-
Patent number: 10805337Abstract: A method includes, responsive to detecting network activity indicative of a threat, selecting a threat mitigation scheme corresponding to a set of response actions. The method also include filtering the set of response actions based on a policy to generate a set of allowed response actions and executing one or more response actions of the set of allowed response actions.Type: GrantFiled: December 19, 2014Date of Patent: October 13, 2020Assignee: THE BOEING COMPANYInventors: Faye I. Francy, Gregory J. J. Small
-
Patent number: 10795985Abstract: Systems and methods are described for utilizing a secure environment on a mobile computing device for applying policy-based decision management in response to access requests from untrusted areas. A policy decision processor (PDP) within the secure environment provides a policy decision in response to an access query. A decision cache within the secure environment can be used to store policy decisions for faster resolution of access requests. Policy enforcement points (PEPs) are placed between external devices that are trying to access the device and the secured environment, where the PEPs are used to enforce the policy-based decision, and can be located either inside or outside the secure environment. Decision certificates can be formulated using validity information and timestamps, and used for validation policy certificates. Memory in non-secure areas can also be marked (colored) for use in performing trusted operations in order to optimize system resource usage.Type: GrantFiled: April 24, 2015Date of Patent: October 6, 2020Assignee: Sequitur Labs Inc.Inventors: Philip Attfield, Daniel Schaffner, Michael Thomas Hendrick
-
Patent number: 10798057Abstract: A system and method for providing secure access to an organization's internal directory service from external hosted services. The system includes a remote directory service configured to accept directory service queries from an application running on hosted services. The remote directory service passes the queries to a directory service proxy server inside a firewall of the organization via a secure rendezvous service. The directory service proxy server passes the queries to the internal directory service inside said firewall. Request responses from the internal directory service pass through the directory service proxy server to the remote directory service through said firewall via the secure rendezvous service. The remote directory servicer returns the response to the requesting application.Type: GrantFiled: February 12, 2013Date of Patent: October 6, 2020Assignee: CENTRIFY CORPORATIONInventors: Paul Moore, Nathaniel Wayne Yocom
-
Patent number: 10790978Abstract: Technologies for secure collective authorization include multiple computing devices in communication over a network. A computing device may perform a join protocol with a group leader to receive a group private key that is associated with an interface implemented by the computing device. The interface may be an instance of an object model implemented by the computing device or membership of the computing device in a subsystem. The computing device receives a request for attestation to the interface, selects the group private key for the interface, and sends an attestation in response to the request. Another computing device may receive the attestation and verify the attestation with a group public key corresponding to the group private key. The group private key may be an enhanced privacy identifier (EPID) private key, and the group public key may be an EPID public key. Other embodiments are described and claimed.Type: GrantFiled: September 21, 2016Date of Patent: September 29, 2020Assignee: Intel CorporationInventors: Ned M. Smith, Omer Ben-Shalom, Alex Nayshtut
-
Patent number: 10791127Abstract: A packet transmission method and an apparatus pertain to the field of network technologies. The method includes obtaining, by a terminal device, a source IP (Internet Protocol) address in a to-be-transmitted packet and N IP addresses of the terminal device, where N is an integer, and when the source IP address in the to-be-transmitted packet is different from any one of the N IP addresses of the terminal device, determining that the source IP address in the to-be-transmitted packet is forged, and prohibiting transmitting the to-be-transmitted packet. The application can solve the problem that a virus such as Trojan in the terminal device may be prevented from forging a source IP address of another device to randomly transfer an attack packet in the network to improve network security.Type: GrantFiled: May 3, 2017Date of Patent: September 29, 2020Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Junyang Rao, Qing Gao, Jincheng Xie
-
Patent number: 10778439Abstract: The Seed Splitting and Firmware Extension for Secure Cryptocurrency Key Backup, Restore, and Transaction Signing Platform Apparatuses, Methods and Systems (“SFTSP”) transforms transaction signing request, key backup request, key recovery request inputs via SFTSP components into transaction signing response, key backup response, key recovery response outputs. A transaction signing request message for a transaction is received by a first HSM and includes an encrypted second master key share from a second HSM whose access is controlled by M-of-N authentication policy. The encrypted second master key share is decrypted. A first master key share is retrieved. A master private key is recovered from the master key shares. A transaction hash and a keychain path is determined. A signing private key for the keychain path is generated using the recovered master private key. The transaction hash is signed using the signing private key, and the generated signature is returned.Type: GrantFiled: May 18, 2018Date of Patent: September 15, 2020Assignee: FMR LLCInventors: Gang Cheng, Vladimir Tsitrin, Thomas Stephen McGuire
-
Patent number: 10762245Abstract: An input peripheral agent intercepts input commands on a host machine and enforces policy conditions and whitelist conditions before deciding whether to permit the commands to be processed by an operating system of the host or whether to ignore the commands on the host machine. In an embodiment, the policy conditions and whitelist conditions can be dynamically changed by a remote network manager without changing, stopping, and/or restarting the input peripheral agent and/or the host machine.Type: GrantFiled: December 17, 2015Date of Patent: September 1, 2020Assignee: NCR CorporationInventors: Anthony Edward Roper, Graham Flett
-
Patent number: 10754967Abstract: Systems, methods, and other embodiments associated with handling secure interrupts between security zones are described. According to one embodiment, an apparatus includes a memory divided between a secure zone and a non-secure zone and storing a plurality of applications. The secure zone provides exclusive access to secure assets of the apparatus. A processor with an interface module configured to, in response to receiving an interrupt request from a requesting application that executes on the processor in the non-secure zone, tunnel the interrupt request into the secure zone of the processor. The non-secure zone and the secure zone are configured as operating environments of the processor with separate security controls. The processor includes a monitor module configured to issue the secure interrupt to a trusted application that is one of the plurality of applications in the secure zone, wherein the trusted application is registered to handle the secure interrupt.Type: GrantFiled: December 15, 2015Date of Patent: August 25, 2020Assignee: Marvell Asia Pte, Ltd.Inventors: Gaurav Arora, Yongsen Chen, Adil Jagmag, Pontus Lidman, Haobo Yu, Yongbing Chen, Ailing Du
-
Patent number: 10740482Abstract: A way of sharing a set of data where each data item is stored at a different file path. The data items may be files or folders that reside on different remote storage servers or within the same file system. One or more data items in the set of data do not share a common root folder. Data items in the set of data that share a common root folder are stored amongst other data items in the common root folder that do not belonging to the set of data items to be shared. A single URL or link is generated to provide immediate access to the set of data to recipients of the URL or link.Type: GrantFiled: February 9, 2016Date of Patent: August 11, 2020Inventors: Raghavendra Kulkarni, Vilabh Mishra, Diganta Dutta, Gaurav Sanghavi, Ajit Sirohi, Nicholas DeVos
-
Patent number: 10726162Abstract: Systems and techniques for a System-on-a-Chip (SoC) security plugin are described herein. A component message may be received at an interconnect endpoint from an SoC component. The interconnect endpoint may pass the component message to a security component via a security interlink. The security component may secure the component message, using a cryptographic engine, to create a secured message. The secured message is delivered back to the interconnect endpoint via the security interlink and transmitted across the interconnect by the interconnect endpoint.Type: GrantFiled: December 19, 2014Date of Patent: July 28, 2020Assignee: Intel CorporationInventors: Manoj R Sastry, Alpa Narendra Trivedi, Men Long
-
Patent number: 10721267Abstract: The disclosed computer-implemented method for detecting system attacks may include (1) receiving, from a detecting system capable of detecting attacks, information that identifies an attack that originated from a compromised client system that is remote from the detecting system, (2) determining that the attack originated from the compromised client system, (3) determining that the compromised client system includes an anti-malware agent, and (4) notifying the anti-malware agent on the compromised client system that the compromised client system performed the attack. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: July 18, 2014Date of Patent: July 21, 2020Assignee: NortonLifeLock Inc.Inventor: Christopher Alexander
-
Patent number: 10715502Abstract: Systems and methods for automating client-side synchronization and discovery of public keys and certificates of external contacts include a key synchronizer at a client device. The key synchronizer obtains, from the client device, an external contact associated with an external domain outside of a local domain of the client device and then identifies, based on the external domain, a public key registry outside of the local domain. The key synchronizer obtains, from the public key registry, a registry-supplied public key or digital certificate for the external contact and then stores the registry-supplied key as a locally-stored key in the local key store such that the client device can obtain and apply the locally-stored key to secure an email targeting the external contact as a recipient of the email.Type: GrantFiled: December 31, 2015Date of Patent: July 14, 2020Assignee: VERISIGN, INC.Inventors: Stephen Daniel James, Andrew Fregly, Andrew Cathrow
-
Patent number: 10715337Abstract: A conductor on glass security layer may be located within a printed circuit board (PCB) of a crypto adapter card or within a daughter card upon the crypto adapter card. The conductor on glass security layer includes a glass dielectric layer that remains intact in the absence of point force loading and shatters when a point load punctures or otherwise contacts the glass dielectric layer. The conductor on glass security layer also includes a conductive security trace upon the glass dielectric layer. A physical access attempt shatters a majority of the glass dielectric layer, which in turn fractures the security trace. A monitoring circuit that monitors the resistance of the conductive security trace detects the resultant open circuit or change in security trace resistance and initiates a tamper signal that which may be received by one or more computer system devices to respond to the unauthorized attempt of physical access.Type: GrantFiled: November 13, 2017Date of Patent: July 14, 2020Assignee: International Business Machines CorporationInventors: Gerald K. Bartley, Darryl J. Becker, Matthew S. Doyle, Mark J. Jeanson, Mark O. Maxson
-
Patent number: 10706746Abstract: The present invention relates to methods and systems for binary scrambling, and applications for cybersecurity technology aimed at preventing cyber-attacks.Type: GrantFiled: June 1, 2018Date of Patent: July 7, 2020Assignee: Polyverse CorporationInventors: Alexander Gounares, Christopher Fraser