Patents Examined by Stephen Sanders
  • Patent number: 8578486
    Abstract: A method of operating a computing device that allows inspecting data that the device attempts to transmit over a network in an encrypted form for presence of malware, viruses or confidential information. The method includes intercepting a request from an application to an encryption component of an operating system to encrypt the data and acquiring encrypted data generated by the encryption component in response to the request. SSL or TLS protocol may be used for encryption. The request may be intercepted using API hooking. The data in an unencrypted form and an identifier of the encrypted data may be provided to a data inspection facility for establishing a correspondence between the unencrypted and encrypted data, using the identifier. The data inspection facility performs inspection of the unencrypted data to determine whether to allow transmission of the encrypted data over the network.
    Type: Grant
    Filed: June 18, 2010
    Date of Patent: November 5, 2013
    Assignee: Microsoft Corporation
    Inventors: Vladimir Lifliand, Avraham Michael Ben-Menahem
  • Patent number: 8578174
    Abstract: Some embodiments provide a system that facilitates use of a computing device. During operation, the system obtains an event description of an event on the computing device. Next, the system computes a message authentication code (MAC) for the event description using a secure component associated with the computing device. Finally, the system uses the MAC to maintain the integrity of an event log containing the event description.
    Type: Grant
    Filed: June 18, 2010
    Date of Patent: November 5, 2013
    Assignee: Palo Alto Research Center Incorporated
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 8578509
    Abstract: A packaging film which contains pigment particles randomly distributed in a low surface-area density is used for the authentication of products. An imaging device is used to record a first digital image of a packaged product. The positional coordinates, and optionally the color values, of the pigment particles contained in the packaging film are determined from the digital image by means of a computer program and an identification code is calculated from the coordinate or color values and stored in a database. To authenticate the product at a later time, a second digital image is recorded and a test code is determined and compared with the recorded identification code.
    Type: Grant
    Filed: July 2, 2009
    Date of Patent: November 5, 2013
    Assignee: Kloeckner Pentaplast GmbH & Co. KG
    Inventors: Christian Kohlert, Bernd Schmidt, Walter Egenolf, Tamara Zistjakova
  • Patent number: 8565438
    Abstract: Disclosed is a method of recording and storing a broadcast content received for mobile broadcast services in a transmitting-end level. A broadcast receiving terminal includes a type of the key profile in the header of the recorded file for the particular broadcast content, the CIEK which is used in encrypting the broadcast content and encrypted with the second layer encryption key, and the acquisition information on the second layer encryption key. The acquisition information on the second layer encryption key is included in a corresponding field of the header according to the type of the used profile. As in the SRTP and IPSec, a recorded file format in the transmitting-end level recording is the PDCF. Information associated with the encryption of the encrypted broadcast content is stored in the OMA DRM common header box (ohdr box) of the PDCF recorded file.
    Type: Grant
    Filed: September 19, 2008
    Date of Patent: October 22, 2013
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Ji-Wuck Jung, Byung-Rae Lee, Young-Jip Kim, Hyun-Chul Kim, Kyung-Shin Lee
  • Patent number: 8566957
    Abstract: A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a service client a request for access to a secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving from the service client a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester. The secured resource has a common identifier by which it may be generally identified outside of the authentication system, but the request for access lacks sufficient information content for the service client to be able to determine the common identifier.
    Type: Grant
    Filed: October 23, 2011
    Date of Patent: October 22, 2013
    Inventor: Gopal Nandakumar
  • Patent number: 8566939
    Abstract: Some embodiments of the invention relate to a method and a device for scanning a plurality of computerized devices connected to a network. According to some embodiments of the invention, a plurality of computerize devices to be scanned may be provided. A plurality of threads of an agentless module may be provided for scanning the plurality of computerized devices. Each of the plurality of threads of the agentless module may be associated with at least one of the plurality of computerized devices. The plurality of threads of the agentless module may be utilized to configure a plurality of remote access processes to scan in parallel and without using agents at least two of the plurality of remote computerized devices.
    Type: Grant
    Filed: April 4, 2006
    Date of Patent: October 22, 2013
    Assignee: Promisec Ltd.
    Inventors: Ron Shay Suchowski, Hilik Kotler
  • Patent number: 8561129
    Abstract: A computer network device comprises an intrusion prevention rule set comprising a plurality of rules, each of the plurality of rules associated with two or more rule classification parameters, and an intrusion prevention module that is operable to use two or more of the classification parameters associated with the plurality of intrusion protection rules to selectively apply the rules to provide network intrusion protection of network traffic.
    Type: Grant
    Filed: February 28, 2008
    Date of Patent: October 15, 2013
    Assignee: McAfee, Inc
    Inventors: David Diehl, Ramnath Venugopalan, Stevan Markovic, Michael W. Green
  • Patent number: 8561051
    Abstract: System and method for solidifying (or “freezing”) the set of software and configuration data available for execution on a computer. Any additional software installed on the computer after the solidification process will not execute, regardless of whether the installation is initiated or otherwise performed by a person with administrative privilege. The ability to allow new or modified software to execute on the computer rests with an integrity server separate from and outside of the solidified computer. The solidification of software and configuration data proceeds on a level of granularity selectable by the integrity server and any operators thereof.
    Type: Grant
    Filed: December 22, 2010
    Date of Patent: October 15, 2013
    Assignee: McAfee, Inc.
    Inventor: E. John Sebes
  • Patent number: 8555084
    Abstract: A data encryption device performs high-speed access to an arbitrary page when encrypting data and writing it to a storage device that can be accessed in a page unit or reading data therefrom and decrypting it. The device: encrypts data and writes it to the storage device or reads data from the storage device and decrypts it by a stream cipher; uses a counter mode of a block cipher to generate pseudorandom number series; specifies a data position in the storage device based on a page number and a page block number, by dividing one page into plural page blocks having a block length of the block cipher; and uses a value determined by a function of the page number, the page block number, and an arbitrary offset value, as an initial value of a pseudorandom number to be used in the counter mode.
    Type: Grant
    Filed: October 31, 2011
    Date of Patent: October 8, 2013
    Assignee: Sharp Kabushiki Kaisha
    Inventor: Shigeo Ohyama
  • Patent number: 8549631
    Abstract: The present invention discloses an internet site security system and method thereof. That is, the present invention comprises a browser execution module which executes the browser for providing a work-performing environment on the internet site according to the selection of a user; a memory protection module which, according to the execution of the browser, prevents an external module from accessing a memory area allocated to the browser and detects whether the memory area is tampered or not and whether the executing code is tampered or not; and a browser protection module which prevents another process or module from debugging the browser execution module according to the execution of the browser, and distinguishing several modules loaded to the memory area into acceptable modules and unacceptable modules, and thereby is able to provide a secure electronic transaction based environment against a malicious attack.
    Type: Grant
    Filed: February 12, 2009
    Date of Patent: October 1, 2013
    Assignee: Ahnlab, Inc.
    Inventors: Ho-Woong Lee, Sung Jin Yang, Sang Min Chung
  • Patent number: 8543821
    Abstract: Common content is generated and provided to client computer systems. The common content includes encrypted portions, corresponding unencrypted portions, and decryption key identifiers that identify decryption keys for decrypting the encrypted portions. Decryption keys are provided to the client computer systems separately from the common content for decrypting portions of the common content that an associated user is authorized to view or otherwise utilize. In order to use or display the common content, the client computer systems determine for each encrypted portion in the common content whether an associated decryption key has been received. Each encrypted portion for which a decryption key is available is decrypted and displayed or otherwise utilized. For each encrypted portion for which a decryption key is not available, the unencrypted portion corresponding to the encrypted portion may be displayed or otherwise utilized.
    Type: Grant
    Filed: October 28, 2011
    Date of Patent: September 24, 2013
    Assignee: Amazon Technologies, Inc.
    Inventor: Jacob Gabrielson
  • Patent number: 8542828
    Abstract: The present invention relates to cryptographic secret key distribution, wherein a value for a number of iterations can be individually set, so that the number of messages to be exchanged during generating a cryptographic secret key can be varied based on the set value of the iteration number.
    Type: Grant
    Filed: August 6, 2009
    Date of Patent: September 24, 2013
    Assignee: Koninklijke Philips N.V.
    Inventors: Philip Andrew Rudland, Bas Driesen, Philip Anthony Jamieson
  • Patent number: 8539546
    Abstract: A management server monitors even the occurrence of items, which are not targets of security policies, evaluates a change of the monitoring result, and implements specific output when necessary. Particularly, also regarding items which are considered to be non-targets of the security policies in management based on the security policies, the occurrence of such items is also monitored and the monitoring result is appropriately reported to an administrator so that the administrator can recognize a threat and takes necessary countermeasure at appropriate timing.
    Type: Grant
    Filed: November 19, 2010
    Date of Patent: September 17, 2013
    Assignee: Hitachi, Ltd.
    Inventors: Emiko Kobayashi, Kiminori Sugauchi
  • Patent number: 8533788
    Abstract: A method for associating handheld calculators with a network host system of a classroom network that includes receiving a service set identifier (SSID) of the classroom network by a handheld calculator, wherein the SSID includes a network mode indicator, and operating the handheld calculator according to the network mode indicator. The method may also include operating the handheld calculator in a configuration mode in which the handheld calculator sends a request for association to the network host system, wherein the request includes a unique identifier of the first handheld calculator, and acceptance of the request by the network host system, wherein authentication information for the handheld calculator is stored by the network host system to indicate that the first handheld calculator is associated with the classroom network.
    Type: Grant
    Filed: October 21, 2011
    Date of Patent: September 10, 2013
    Assignee: Texas Instruments Incorporated
    Inventors: David M. Newman, Harshal S. Chhaya, Jamie Lane Graves, Robert Allen Lorentzen, Todd Michael Wostrel
  • Patent number: 8533802
    Abstract: A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for generating and communicating to the purported authorized user a key string adapted to provide a basis for authenticating the identity of the requester; a means for receiving an authentication credential associated with the request for access; and a means for evaluating the authentication credential to authenticate the identity of the requester.
    Type: Grant
    Filed: October 23, 2011
    Date of Patent: September 10, 2013
    Inventor: Gopal Nandakumar
  • Patent number: 8510823
    Abstract: Described are computer-based methods and apparatuses, including computer program products, for testing functionality of a firewall. The testing the functionality of the firewall can include a method. The method can include selecting a plurality of valid message types, generating a percentage of valid and invalid messages from the plurality of valid message types, transmitting the plurality of valid and invalid messages to the firewall, receiving an indication of the firewall's handling of valid and invalid messages based on the transmitted message, and determining the functionality of the firewall from the received indication.
    Type: Grant
    Filed: June 18, 2010
    Date of Patent: August 13, 2013
    Assignee: Raytheon Company
    Inventors: Mark J. Kuckelman, Quang Dao, Jeffery Jay Logan, Michael Alexander
  • Patent number: 8505079
    Abstract: A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for determining a key string adapted to provide a basis for authenticating the identity of the requester; a means for receiving an authentication credential associated with the request for access; and a means for evaluating the authentication credential to authenticate the identity of the requester.
    Type: Grant
    Filed: October 23, 2011
    Date of Patent: August 6, 2013
    Inventor: Gopal Nandakumar
  • Patent number: 8495758
    Abstract: A scan chain security capability is provided herein. The scan chain security capability enables secure control over normal use of a scan chain of a system, e.g., for purposes such as testing prior to deployment or sale of the system, in-field testing after deployment or sale of the system, in-field modification of the system, and the like. The scan chain security capability enables secure control over normal use of a scan chain by enabling control over interruption of a scan chain and re-establishment of an interrupted scan chain. A scan chain security component is configured for removing an open-circuit condition from the scan chain in response to a control signal. The control signal may be generated in response to validation of a security key, in response to successful completion of a challenge-based authentication process, or in response to any other suitable validation or authentication.
    Type: Grant
    Filed: June 18, 2010
    Date of Patent: July 23, 2013
    Assignee: Alcatel Lucent
    Inventors: Suresh Goyal, Michele Portolan, Bradford Van Treuren
  • Patent number: 8495387
    Abstract: An apparatus and associated method for writing encryption data to memory in a plurality of partially overlapping data segments and subsequently retrieving the encryption data by combining a selected one of either a first set of the overlapping data segments that define the encrypted data or a different second set of the overlapping data segments that define the encrypted data.
    Type: Grant
    Filed: October 31, 2011
    Date of Patent: July 23, 2013
    Assignee: Spectra Logic Corporation
    Inventor: Matthew Thomas Starr
  • Patent number: 8479273
    Abstract: An information processor is disclosed that includes an authentication part configured to authenticate a user based on predetermined information; an information obtaining part configured to obtain first information to be used to authenticate the user from an external device; and an authentication control part configured to cause the authentication part to authenticate the user by inputting information based on the first information to the authentication part as the predetermined information. The information obtaining part is configured to obtain the first information using a program module whose correlation with the information obtaining part is recorded in a recording medium.
    Type: Grant
    Filed: April 26, 2012
    Date of Patent: July 2, 2013
    Assignee: Ricoh Company, Ltd.
    Inventors: Yuuki Ohtaka, Satoru Nishio, Seijiro Hori