Patents Examined by Stephen Sanders
-
Patent number: 9979764Abstract: Methods, systems, computer-readable media, and apparatuses for providing secure resources to a native operating system resource are described herein. Using one or more aspects described herein, a mobile device may determine that a native operating system service requests to access content located within a wrapped application. The mobile device may transmit, to the native operating system service, a server path to a loopback web server within the wrapped application to elicit a request from the native operating system service to the loopback web server for the content. In response to receiving a request comprising the server path to the loopback web server to retrieve the content from the loopback web server, the mobile device may instruct the loopback web server to transmit an unencrypted version of the content to the native operating system service.Type: GrantFiled: April 25, 2017Date of Patent: May 22, 2018Assignee: Citrix Systems, Inc.Inventor: Krishna Kumar
-
Patent number: 9961069Abstract: In a computer system, some resources may be protected within an SSO environment, and other resources may be protected in an alternate authentication environment. A user logged into an alternate authentication environment will again be prompted for login credentials when accessing an SSO protected resource. To avoid additional login prompts, credentials authenticated by the alternate authentication environment are used by the SSO environment to identify the user. The credentials are collected from the alternate authentication environment and provided to the SSO resource in the form of a ticket. The SSO resource forwards the ticket to an SSO provider. The SSO provider identifies the user within a user store using the credentials in the ticket. If the SSO provider identifies the user, the SSO provider generates a token and provides the token to the SSO resource. The token is authenticated by the SSO resource and access is granted to the user.Type: GrantFiled: July 22, 2015Date of Patent: May 1, 2018Assignee: CA, Inc.Inventor: Joseph Lawrence O'Donnell
-
Patent number: 9922207Abstract: Subscriber (user) data is encrypted and stored in a service provider cloud in a manner such that the service provider is unable to decrypt and, as a consequence, to view, access or copy the data. Only the user knows a user-specific secret (e.g., a password) that is the basis of the encryption. The techniques herein enable the user to share his or her data, privately or publicly, without exposing the user-specific secret with anyone or any entity (such as the service provider).Type: GrantFiled: April 18, 2016Date of Patent: March 20, 2018Assignee: LogMeln, Inc.Inventors: Krisztian Kopasz, Marton B. Anka
-
Patent number: 9887835Abstract: A method, an apparatus, and a computer program product for symmetric stream encryption are provided. An encryption chain is obtained from a real random number generator (RRNG) and stored in memory. A vector key is identified based on numbers obtained from a fast, large period pseudo-random number generator. A set of encryption keys are identified from the encryption chain using the vector key. Strings of clear text are encrypted using the encryption keys.Type: GrantFiled: August 5, 2015Date of Patent: February 6, 2018Assignee: TRANSFERSOFT, INC.Inventor: Attila Mark Szilagyi
-
Patent number: 9853946Abstract: Disclosed herein are a method, apparatus and system that authenticate a first data forwarder, of a distributed machine data acquisition and search system (MDASS), to a node that regulates traversal of a firewall that protects a protected environment within which the data forwarder operates. The authentication may be performed by using a SOCKS5 authentication process. The method further includes, only after successful completion of the SOCKS5 authentication process, establishing a first connection, through a network, between the first data forwarder and a first indexer of the distributed MDASS, where the first indexer operates outside the protected environment, and sending machine data acquired by the first data forwarder from a machine data source, to the first indexer via the first connection.Type: GrantFiled: July 22, 2015Date of Patent: December 26, 2017Assignee: Splunk Inc.Inventors: Hassan Alayli, Jagannath Kerai
-
Patent number: 9843569Abstract: A method and apparatus are provided for access credential provisioning. A method may include receiving, at a first mobile apparatus, information about a second mobile apparatus. The first mobile apparatus may be provisioned with network access credential information to be transferred from the first mobile apparatus to the second mobile apparatus. The method may further include causing the information about the second mobile apparatus to be provided to a provisioning apparatus for the network. The method may additionally include receiving authorization form the provisioning apparatus to transfer the network access credential information from the first mobile apparatus to the second mobile apparatus. The method may also include, in response to receipt of the authorization, causing the network access credential information to be provided to the second mobile apparatus. A corresponding apparatus is also provided.Type: GrantFiled: July 30, 2015Date of Patent: December 12, 2017Assignee: Nokia Technologies OyInventors: Silke Holtmanns, André Dolenc
-
Patent number: 9843568Abstract: Various methods are provided for facilitating a reduction in the number of required search operations during account creation. One example method may comprise causing creation of a user account object configured for storage in a database, the user account object comprising user personal information, causing creation of a user linked account object configured for storage in the database, the user linked account object comprising user credential information, the user linked account object linked the user account object, generating, via processor, an identification field of the user linked account object, generation of the identification field comprising: receiving at least identification information and an account type; accessing a realm; and utilizing a hash function to generate a composite key as a function of the identification information, the account type, and the realm.Type: GrantFiled: July 22, 2015Date of Patent: December 12, 2017Assignee: HERE GLOBAL B.V.Inventors: Tomas Junnonen, Srividya Rajagopalan, Richin Jain
-
Patent number: 9838433Abstract: In an information processing apparatus that communicates with a printing control apparatus, whether the printing control apparatus is connected is determined in a case where a security policy is set for the information processing apparatus, and setting of the security policy is activated. The setting of the security policy is deactivated in a case where the printing control apparatus is connected, and the setting of the security policy is applied in a case where the printing control apparatus is not connected.Type: GrantFiled: October 12, 2015Date of Patent: December 5, 2017Assignee: CANON KABUSHIKI KAISHAInventor: Naoya Kakutani
-
Patent number: 9823843Abstract: Systems, methods, and devices of the various aspects enable identification of anomalous application behavior by monitoring memory accesses by an application running on a computing device. In various aspects, a level of memory access monitoring may be based on a risk level of an application running on the computing device. The risk level may be determined based on memory address accesses of the application monitored by an address monitoring unit of one or more selected memory hierarchy layers of the computing device. The memory hierarchy layers selected for monitoring for memory address accesses of the application may be based on the determined risk level of the application. Selected memory hierarchy layers may be monitored by enabling one or more address monitoring units (AMUs) associated with the selected one or more memory hierarchy layers. The enabling of selected AMUs may be accomplished by an AMU selection module.Type: GrantFiled: July 23, 2015Date of Patent: November 21, 2017Assignee: QUALCOMM IncorporatedInventors: Mihai Christodorescu, Satyajit Prabhakar Patne, Sumita Rao, Vikram Nair
-
Patent number: 9805214Abstract: A wearable device includes a user information obtainer configured to obtain user information, a controller configured to selectively generate, in response to a user being authenticated based on the user information, an encryption key for encryption of content of an external device; and a communicator configured to transmit the encryption key to the external device.Type: GrantFiled: July 23, 2015Date of Patent: October 31, 2017Assignee: SAMSUNG ELECTRONICS CO., LTD.Inventors: Samir Kant Sahu, Jae-sick Shin, Hun-je Yeon, Mohammad Zuberul Islam, Min-suk Choi, Nam-suk Lee, Hak-su Jeong
-
Patent number: 9801059Abstract: Methods and systems are provided for concealing identifying data that may be used to identify a beacon or device in broadcasts unless an observer device is able to directly or indirectly, via an authorized resolver device, translate an encrypted broadcast into the identifiable information. The wireless security scheme disclosed herein also pertains to resolving the concealed data messages to obtain the identifiable information.Type: GrantFiled: July 9, 2015Date of Patent: October 24, 2017Assignee: Google Inc.Inventors: Alon Ziv, Marcel M. M. Yung, Avinatan Hassidim
-
Patent number: 9798874Abstract: A device for processing data includes: an input interface receiving input data; a processing unit processing data; and an encoding unit encoding data words which are obtained as input data at the input interface data in order to obtain encoded data words, the data words being encoded in such a way that a predefined portion of measured values which characterize the encoded data words and/or their processing by the device and which are ascertainable as a function of at least one physical variable of the device has a difference from a default value, the difference being less than or equal to a predefinable threshold value. The encoding unit executes an encoding rule for encoding the data words as a function of at least one encoding parameter, and the processing unit processes the encoded data words.Type: GrantFiled: April 13, 2015Date of Patent: October 24, 2017Assignee: ROBERT BOSCH GMBHInventors: Paulius Duplys, Robert Szerwinski, Matthew Lewis
-
Patent number: 9787712Abstract: A method and apparatus for controlling a download source for an electronic file. The method includes at a server, receiving from a user device an identity of a first source from which the user device wishes to obtain the electronic file. The received identity of the first source is compared with an identity of a known reputable source associated with the electronic file. If the first source and the known reputable source do not match, a message is sent to the user device that includes the identity of the reputable source.Type: GrantFiled: June 18, 2015Date of Patent: October 10, 2017Assignee: F-Secure CorporationInventors: Christine Bejerasco, Karmina Aquino
-
Patent number: 9785801Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.Type: GrantFiled: June 27, 2014Date of Patent: October 10, 2017Assignee: Intel CorporationInventors: Vincent J. Zimmer, Nicholas J. Adams, Giri P. Mudusuru, Lee G. Rosenbaum, Michael A. Rothman
-
Patent number: 9785771Abstract: Approaches for protecting a computing device against malicious code using an attack vector involving a USB device. A computing device prevents a USB device from communicating operational input to the computing device using a USB port residing on or coupled to the computing device unless consent data is stored on the computing device. Consent data is data that affirms consent provided by a user of the computing device to allow the USB device to communicate with the computing device using the USB port. Note that the lack of consent data stored on the computing device does not prohibit the USB device from identifying itself to the computing device. In this way, if the USB device comprises malicious code or has been designed in a malicious manner, the USB device will be unable to submit operational input to the computing device without the consent of the user.Type: GrantFiled: July 13, 2015Date of Patent: October 10, 2017Assignee: Bromium, Inc.Inventor: Ian Pratt
-
Patent number: 9785782Abstract: In accordance with embodiments, there are provided mechanisms and methods for performing one or more actions based on determined access permissions for a plurality of users. These mechanisms and methods for performing one or more actions based on determined access permissions for a plurality of users can enable improved data collection and analysis, enhanced client knowledge of system access, etc.Type: GrantFiled: December 29, 2014Date of Patent: October 10, 2017Assignee: salesforce.com, inc.Inventors: Irandi Bulumulla, Bulent Cinarkaya, Yurika Sebata-Dempster, Tripti Sheth, Alex Warshavsky, Brian Zotter
-
Patent number: 9781139Abstract: Techniques are presented to identify malware communication with domain generation algorithm (DGA) generated domains. Sample domain names are obtained and labeled as DGA domains, non-DGA domains or suspicious domains. A classifier is trained in a first stage based on the sample domain names. Sample proxy logs including proxy logs of DGA domains and proxy logs of non-DGA domains are obtained to train the classifier in a second stage based on the plurality of sample domain names and the plurality of sample proxy logs. Live traffic proxy logs are obtained and the classifier is tested by classifying the live traffic proxy logs as DGA proxy logs, and the classifier is forwarded to a second computing device to identify network communication of a third computing device as malware network communication with DGA domains via a network interface unit of the third computing device based on the trained and tested classifier.Type: GrantFiled: July 22, 2015Date of Patent: October 3, 2017Assignee: Cisco Technology, Inc.Inventors: Michal Sofka, Lukas Machlica, Karel Bartos, David McGrew
-
Patent number: 9780953Abstract: A method for requesting a credential associated with token in a multiple token layer environment is disclosed. A tokenization certificate serves to validate the identity of a credential requestor and provide information about the requestor's authorization for de-tokenizing a token. Also, a public key in the tokenization certificate is used to encrypt the credential for secure transmission to the requestor.Type: GrantFiled: July 22, 2015Date of Patent: October 3, 2017Assignee: VISA INTERNATIONAL SERVICE ASSOCIATIONInventors: Ajit Gaddam, Selim Aissi
-
Patent number: 9774588Abstract: In one implementation, a network device provides a single signoff service to one or more endpoints in software as a service (SaaS) sessions. The network device is configured to monitor a session between a software as a service (SaaS) provider and an endpoint device and to identify a network event trigger associated with the session. In response to the network event trigger, a signoff message is generated to the SaaS provider by the network device. The SaaS provider is configured to purge the session in response to the signoff message.Type: GrantFiled: October 6, 2014Date of Patent: September 26, 2017Assignee: Cisco Technology, Inc.Inventors: Ramesh Nethi, Srinivas Chivukula
-
Patent number: 9774583Abstract: In an embodiment, a system includes at least one processor having at least one core including a reservation control logic to receive a request from a user device for access at a future time to an enterprise device. The reservation control logic may grant a reservation to the user device to enable the access and schedule delivery of an authentication message to the user device including a credential to enable the user device to set up an ad hoc wireless connection with the enterprise device at the future time, without involvement of a user of the user device. Other embodiments are described and claimed.Type: GrantFiled: June 27, 2014Date of Patent: September 26, 2017Assignee: Intel IP CorporationInventors: Ganesh Venkatesan, Carlos Cordeiro, Emily H. Qi