Patents Examined by Amare Tabor
  • Patent number: 7873831
    Abstract: A signature system with a mechanism to identify element(s) of a signed document includes a sender having a signature module with a digest generator. The digest generator generates digests for identifying selected elements of the document. The resulting “identifying” digests are then used in generating a signature in which the sender signs the digests rather than the original elements. The receiver can then process the signature and use these digests to distinguish between elements, as needed.
    Type: Grant
    Filed: February 26, 2004
    Date of Patent: January 18, 2011
    Assignee: Microsoft Corporation
    Inventors: Vijay K. Gajjala, Giovanni M. Della-Libera, Vaithialingam B. Balayoghan, Tomasz Janczuk
  • Patent number: 7870613
    Abstract: Security components of managed computers are configured using inoculation data. Inoculation data can be retrieved from an inoculation data provider. The inoculation data provider analyzes unauthorized software applications to develop inoculation data. The inoculation data configures the security component to block execution of unauthorized software applications. Inoculation data can be embedded into a script, which is distributed via a management protocol to one or more managed computers from a management computer. Unauthorized software applications can be identified by filenames, storage paths, registry keys, digital signatures, download locations, residuals, and ActiveX controls or classes.
    Type: Grant
    Filed: March 2, 2006
    Date of Patent: January 11, 2011
    Assignee: FaceTime Communications, Inc.
    Inventors: Wayne Porter, Chris Criswell, Jan Hertsens, Robert Egan
  • Patent number: 7870612
    Abstract: The example embodiments herein relate to an antivirus protection system and method for computers based on program behavior analysis. The antivirus protection system may comprise: a Process Behavior-Evaluating Unit for identifying the programs existing in the user's computers and classifying them into normal programs and suspect programs; a Program-Monitoring Unit for monitoring and recording the actions and/or behaviors of programs; a Correlation-Analyzing Unit for creating correlative trees and analyzing the correlations of actions and/or behaviors of programs, the correlative trees comprising a process tree and a file tree; a Virus-Identifying Knowledge Base, comprising a Program-Behavior Knowledge Base and a Database of Attack-Identifying Rules; a Virus-Identifying Unit for comparing captured actions and/or behaviors to the information in the Virus-Identifying Knowledge Base to determine whether the program is a virus program.
    Type: Grant
    Filed: September 11, 2006
    Date of Patent: January 11, 2011
    Assignee: Fujian Eastern Micropoint Info-Tech Co., Ltd
    Inventor: Xu Liu
  • Patent number: 7865723
    Abstract: Method and apparatus providing program information to client devices for at least one multicast stream of digital content is described. In one embodiment, session description messages for the at least one multicast stream of digital content are generated. Each of the session description messages includes at least one content access parameter. The at least one content access parameter may include digital rights management (DRM) data, channel key identification data associated with the at least one channel of the at least one multicast stream of digital content, and/or data indicative of whether each session description message is associated with a channel, a program, or a program segment. Each of the session description messages is signed using a cryptographic key. The session description messages are then multicasted to the client devices using a predefined multicast address.
    Type: Grant
    Filed: August 11, 2005
    Date of Patent: January 4, 2011
    Assignee: General Instrument Corporation
    Inventors: Petr Peterka, Alexander Medvinsky
  • Patent number: 7865944
    Abstract: GPRS Tunneling Protocol (“GTP”) packets are intercepted by receiving a GTP tunnel packet, determining whether the GTP tunnel packet is to be intercepted, intercepting GTP tunnel packets if it is determined that the GTP tunnel packet is to be intercepted, and processing the intercepted GTP tunnel packets. Multiple tunnels may be intercepted simultaneously and GTP tunnel packets from different tunnels may be processed differently. Implementations include both inline and offline interception of GTP traffic between SGSN and GGSN.
    Type: Grant
    Filed: September 10, 2004
    Date of Patent: January 4, 2011
    Assignee: Juniper Networks, Inc.
    Inventors: Jesse C. Shu, Chaohui Zhang
  • Patent number: 7865941
    Abstract: A system for controlling an authorization procedure of a task according to a preferred embodiment is provided. The system includes: a database server for storing data about a task to be authorized; and an application server for obtaining basic information of the task to be authorized, configuring an authorization procedure for the task, designating an authorizer for each step of the authorization procedure, and controlling the whole authorization procedure.
    Type: Grant
    Filed: November 10, 2006
    Date of Patent: January 4, 2011
    Assignees: Hong Fu Jin Precision Industry (ShenZhen) Co., Ltd., Hon Hai Precision Industry Co., Ltd.
    Inventors: Chegn-Yi Huang, Xin-Yu Huang, Zhe-Xin Liu, Wen-Hao Wu
  • Patent number: 7861301
    Abstract: An apparatus, and a computer program are provided for securing transmitted text. Once text has been produced by an application, the potential exists for an unintended third party to obtain sensitive data transmitted over computer networks. However, a parsing function can then operate either on an individual computer or on a network to scan text at an Open Systems Interconnection (OSI) Layer 1 to assist in the prevention of sensitive data transmission. By utilizing the parsing function, text can be scanned for potentially sensitive data by using a variety of techniques, such as a learning algorithm. The sensitive data can then be verified by a user, bypassed, or autostripped.
    Type: Grant
    Filed: January 12, 2009
    Date of Patent: December 28, 2010
    Assignee: International Business Machines Corporation
    Inventors: Craig William Fellenstein, Rick Allen Hamilton, James Wesley Seaman
  • Patent number: 7840003
    Abstract: A high-speed Galois Counter Mode-Advanced Encryption Standard (GCM-AES) block cipher apparatus and method is provided. The apparatus can operate at a low clock frequency of 125 MHz and provide a 2 Gbps link encryption function in an Optical Line Termination (OLT) and an Optical Network Unit (ONU) of an Ethernet Passive Optical Network (EPON). 11-round block cipher of 128- bit input data is implemented using an 8-round Counter-AES (CTR-AES) block cipher module and a 3-round CTR-AES block cipher module, so that it is possible to provide a 1 Gbps link security function for an input frequency of 62.5 MHz and a 2 Gbps link security function for an input frequency of 125 MHz.
    Type: Grant
    Filed: April 27, 2005
    Date of Patent: November 23, 2010
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Kwang Ok Kim, Kyeong Soo Han, Tae Whan Yoo, Yool Kwon
  • Patent number: 7827409
    Abstract: The present invention discloses a technique provisioning network cryptographic keys to a client when direct physical transfer is not feasible. In an embodiment of the invention, a client token generates a temporary key encrypted with a first secret key known only in a master token database and passes this on to an enterprise network token of a network to which service is requested. The enterprise network token then further encrypts the encrypted temporary key with a second secret key and passes that on to the master token database. Since the second secret key is also known by the master token database, the originally encrypted temporary key can be securely decoded only by a master token coupled to the master token database. The decrypted temporary key can then be re-encrypted with a key known only by the enterprise network token and the master token, and returned to the enterprise network token.
    Type: Grant
    Filed: December 2, 2004
    Date of Patent: November 2, 2010
    Assignee: Koolspan, Inc.
    Inventor: Anthony C. Fascenda
  • Patent number: 7827416
    Abstract: An objective is to provide a key management apparatus in a document security and editing system that controls and manages the usage rights of a document, allows a user with usage rights to read and edit freely according to user qualification, and manages the usage rights in compliance with document management rules established by an organization.
    Type: Grant
    Filed: August 12, 2005
    Date of Patent: November 2, 2010
    Assignee: Mitsubishi Denki Kabushiki Kaisha
    Inventor: Yoshihiko Hanazaki
  • Patent number: 7823196
    Abstract: A method and an apparatus to perform dynamic secure re-routing of data flows for public services are disclosed. In one embodiment, the method includes receiving at a first security appliance a public service message from a second security appliance via a public network. The public service message being associated with a session between the first and the second security appliances, being destined to a first network device coupled to the first security appliance, and including one of a public service request and a public service response. In response to the public service message, the method may further include determining whether a secure communication path exists between the first and the second security appliances.
    Type: Grant
    Filed: February 3, 2005
    Date of Patent: October 26, 2010
    Assignee: SonicWALL, Inc.
    Inventors: Jeffrey Bowman Caldwell, Akbal S. Karlcut, Aria Eslambolchizadeh
  • Patent number: 7818582
    Abstract: A mechanism eliminates the number of times a user must login to individual services after initially logging into a computer system. A user only logs once into a computer system, and subsequent login requests by multiple services are handled automatically and transparently by the system. In one implementation, a user need only present a card to a card reader and enter a PIN, and the user is logged-in after presenting the card and a valid PIN. The system generates a token that is valid for this particular login session of the user, and when the user accesses a permissioned service, the system automatically logs-in the user to the application using the token. The system can perform the automatic login the user to a variety of applications including legacy applications, web-enabled applications, and commercial, off-the-shelf applications.
    Type: Grant
    Filed: June 27, 2005
    Date of Patent: October 19, 2010
    Assignee: Accenture Global Services GmbH
    Inventors: Donald E. Marion, Andrew W. Jewell
  • Patent number: 7810141
    Abstract: Communication devices, communication systems and communication methods are disclosed, which are capable of easily changing the settings of a client and lightening the workload of a user. Even if the settings of a client device do not correspond to the settings of an access point, by changing the settings of the access point, setting information is sent to the client device to automatically change the settings of the client device to settings corresponding to the settings of the access point after change.
    Type: Grant
    Filed: January 3, 2007
    Date of Patent: October 5, 2010
    Assignee: Alpine Electronics, Inc.
    Inventor: Hideki Takahashi
  • Patent number: 7801297
    Abstract: A communication device comprises a receiver configured to receive a notification of a cipher parameter used for encryption of data and a requested start time at which the encryption starts; and a correction unit configured to determine whether the cipher parameter needs to be corrected in response to the notification having been retransmitted based on the requested start time and an actual start time at which the encryption actually starts, and correct the cipher parameter.
    Type: Grant
    Filed: November 15, 2004
    Date of Patent: September 21, 2010
    Assignee: NTT DoCoMo, Inc.
    Inventors: Takehiro Ida, Mitsuo Iwanaga, Yasushi Sakamoto
  • Patent number: 7802111
    Abstract: A cryptographic module for limiting exposure of cryptographic keys protected by a trusted platform module (TPM) is provided. The cryptographic module includes logic for establishing a session with the TPM on behalf of a cryptographic client and logic for sending a request from the cryptographic client to the TPM to retrieve in plaintext a cryptographic key of the cryptographic client. Logic for receiving the cryptographic key in plaintext from the TPM are also included in cryptographic module. Further, cryptographic module includes logic for performing a cryptographic operation requested by the cryptographic client using the cryptographic key, and logic for sending the results of the cryptographic operation to the cryptographic client. A hardware-based method and system for limiting exposure of cryptographic keys also are described.
    Type: Grant
    Filed: April 27, 2005
    Date of Patent: September 21, 2010
    Assignee: Oracle America, Inc.
    Inventor: Thomas Tahan
  • Patent number: 7797727
    Abstract: An original identifier of an application in a computer system is changed to a new identifier. An attempt is made, using the original identifier, to run the application. In response to the attempt, the application is then launched in a restricted user account on the computer system using the new identifier.
    Type: Grant
    Filed: January 31, 2005
    Date of Patent: September 14, 2010
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Mark S. Miller, Marc D. Stiegler
  • Patent number: 7797749
    Abstract: A combination of more frequent and less frequent security monitoring may be used to defeat worm or virus attacks. At periodic intervals, a risk assessment scan may be implemented to determine whether or not a worm attack has occurred. Prior thereto, an intermediate detection by an anomaly detection agent may determine whether or not a worm attack may have occurred. If a potential worm attack may have occurred, intermediate action, such as throttling of traffic, may occur. Then, at the next risk assessment scan, a determination may be made as to whether the attack is actually occurring and, if so, more effective and performance altering techniques may be utilized to counter the attack.
    Type: Grant
    Filed: November 3, 2004
    Date of Patent: September 14, 2010
    Assignee: Intel Corporation
    Inventors: Priya Rajagopal, Ravi Sahita, David Durham
  • Patent number: 7797725
    Abstract: Techniques for providing privacy protection are provided. A query is received. Privacy policy information, extracted knowledge and optional information about available public information are determined. Information about the knowledge extraction transformations applied to create the extracted knowledge and the source data is determined. Privacy protecting transformations are determined and applied to transform the extracted knowledge based on the selected privacy policy, optional information about available public information, the characteristics of the applied knowledge extractions transformations, the source data and optional previous user queries.
    Type: Grant
    Filed: December 2, 2004
    Date of Patent: September 14, 2010
    Assignee: Palo Alto Research Center Incorporated
    Inventors: Teresa F Lunt, Daniel H Greene, Philippe J Golle, Richard H Bruce
  • Patent number: 7779254
    Abstract: The present invention is a system and a method for extending multiple independent levels of security to a plurality of input/output buses and components connected to the buses. In an exemplary embodiment, the system may include a processing unit suitable for operation in a plurality of security level. A bus controller including security control logic may be coupled to the processing unit for restricting access and flow of information between the physical memory and the plurality of buses. The bus controller may employ base address registers to allocate and map the physical memory to control which partitions of the physical memory are accessible to each of the plurality of buses and thus, a device connected to at least one of the plurality of buses.
    Type: Grant
    Filed: December 21, 2005
    Date of Patent: August 17, 2010
    Assignee: Rockwell Collins, Inc.
    Inventors: Julianne R. Crosmer, John G. Bendickson
  • Patent number: 7779263
    Abstract: In a computer to support security of information, a user authentication request is received as a request of remote operation call through a network, a user using an external application program is authenticated based on the user authentication request. An authentication result capable of detecting a falsification is generated, and the authentication result is returned as a response of the remote operation call to a request originator through the network.
    Type: Grant
    Filed: November 12, 2004
    Date of Patent: August 17, 2010
    Assignee: Ricoh Company, Ltd.
    Inventor: Yoichi Kanai