Patents Examined by Andrew Steinle
  • Patent number: 10015010
    Abstract: A processor of an aspect includes a plurality of packed data registers, and a decode unit to decode an instruction. The instruction is to indicate one or more source packed data operands. The one or more source packed data operands are to have four 32-bit results of four prior SM4 cryptographic rounds, and four 32-bit values. The processor also includes an execution unit coupled with the decode unit and the plurality of the packed data registers. The execution unit, in response to the instruction, is to store four 32-bit results of four immediately subsequent and sequential SM4 cryptographic rounds in a destination storage location that is to be indicated by the instruction.
    Type: Grant
    Filed: December 1, 2016
    Date of Patent: July 3, 2018
    Assignee: Intel Corporation
    Inventors: Shay Gueron, Vlad Krasnov
  • Patent number: 9971883
    Abstract: An information processing device includes: an authentication unit configured to compare, when receiving first user information used for authentication processing of determining whether a user has authority to use the information processing device, the first user information with second user information identifying users having the authority to use the information processing device, and execute the authentication processing; a first storage unit storing first association information in which installation screen information identifying an installation screen for installation of an application is associated with each piece of the second user information; and a second display unit configured to generate, based on a command associated with an application selected by a user among an application displayed by a first display unit, an installation screen identified by installation screen information which is associated with second user information identifying the user, and display the installation screen.
    Type: Grant
    Filed: November 18, 2015
    Date of Patent: May 15, 2018
    Assignee: RICOH COMPANY, LTD.
    Inventor: Shigeo Negoro
  • Patent number: 9930035
    Abstract: A method for establishing a secure communication channel between an off-card entity and an embedded Universal Integrated Circuit Card (eUICC) is provided. The method involves establishing symmetric keys that are ephemeral in scope. Specifically, an off-card entity, and each eUICC in a set of eUICCs managed by the off-card entity, possess long-term Public Key Infrastructure (PKI) information. When a secure communication channel is to be established between the off-card entity and an eUICC, the eUICC and the off-card entity can authenticate one another in accordance with the respectively-possessed PKI information (e.g., verifying public keys). After authentication, the off-card entity and the eUICC establish a shared session-based symmetric key for implementing the secure communication channel. Specifically, the shared session-based symmetric key is generated according to whether perfect or half forward security is desired.
    Type: Grant
    Filed: June 22, 2017
    Date of Patent: March 27, 2018
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Li Li, Jerrold Von Hauck
  • Patent number: 9928386
    Abstract: A storage device of a data center may protect data stored on a storage medium of the storage device using a data security mechanism. The data security mechanism may include a signal generator configured to generate a proximity signal and one or more storage devices including a storage medium, a proximity detection component and a destruction device. The proximity detection component may be configured to detect the proximity signal and to determine whether the storage device has been removed from an assigned location. The storage destruction mechanism may be configured to destroy at least a portion of the data stored on the storage device in response to the proximity detection component detecting that the storage device has been removed from the assigned location.
    Type: Grant
    Filed: June 8, 2015
    Date of Patent: March 27, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Brock Robert Gardner, Michael Phillip Czamara
  • Patent number: 9930071
    Abstract: Policy-based client-server systems and methods for attestation in managing and securing mobile computing devices. Attestation provides the means to make efficient, secure, and reproducible use of knowledge possessed by trusted expert parties and authorities within the expression and enforcement of policies for controlling use of, and access to, onboard software and hardware, network capabilities, and remote assets and services. Aspects of secure attestation of applications that use shared and dynamically loaded libraries are presented, as well as potential business models for attestation used in such a policy-based system. The system of the present invention resolves attestation record conflicts using digital certificates and digital signatures.
    Type: Grant
    Filed: May 18, 2016
    Date of Patent: March 27, 2018
    Assignee: Sequitur Labs, Inc.
    Inventors: Philip Attfield, Paul Chenard, Simon Curry, Vincent Ting, Mark Reed, David Baar
  • Patent number: 9928359
    Abstract: Described are architectures, systems, processes and methods for security that, at their core, are adaptive and changing at determined intervals so as to present a different environment, a portion of which is a varied attack surface, to the communications world exterior to the system. In one aspect is described improved security architecture, system and methods based upon multiple processors, operating systems and communication channels, in which at least some processors each perform as an input system connectable to a network, and are dissimilar in some manner, the manner of dissimilarity being controlled by a control system that is not connected to the network. Additionally in this aspect, an execution system is included which performs execution based upon received inputs to the input system, which are passed to the execution system once validated as being safe and not compromised.
    Type: Grant
    Filed: July 15, 2015
    Date of Patent: March 27, 2018
    Assignee: SECURITY TOGETHER CORPORATION
    Inventors: Anthony Joseph Vargas, Christopher Robert Sharpe, Hollis Ann Johnson
  • Patent number: 9930048
    Abstract: An electronic device connects to a network associated with a service provider via a router at a home location. During a time interval, the electronic device provides information specifying a network address of the router to an authentication computer when the electronic device is connected to a network. The authentication computer uses the received information to determine a connection pattern of the electronic device. Moreover, the authentication computer identifies that the electronic device is at the home location based on the connection pattern. Then, the authentication computer provides, to an accounting computer associated with the service provider, a request to allow the electronic device to access a wireless network associated with the service provider at a remote location (which is other than the home location).
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: March 27, 2018
    Assignee: Apple Inc.
    Inventors: Kapil Chhabra, Artiom Shamis, Maziar Brumand
  • Patent number: 9917688
    Abstract: Consolidating encrypted image backups without decryption. In one example embodiment, a method for consolidating encrypted image backups without decryption may include individually encrypting, using a single encryption key, each block in a first set of blocks in a source storage, storing the first set of encrypted blocks in a first encrypted image backup, individually encrypting, using the single encryption key, each block in a second set of blocks in the source storage, storing the second set of encrypted blocks in a second encrypted image backup, and creating a consolidated encrypted image backup that includes a single encrypted block for each of multiple unique block positions represented by the first and second sets of encrypted blocks without decrypting any of the encrypted blocks.
    Type: Grant
    Filed: May 25, 2017
    Date of Patent: March 13, 2018
    Assignee: STORAGECRAFT TECHNOLOGY CORPORATION
    Inventor: Nathan S. Bushman
  • Patent number: 9917860
    Abstract: Network security management technology as disclosed herein generates and dynamically updates an intuitive, interactive visualization of a computer network in live operation. The network security management technology interprets human user interactions, such as gestures, as network directives. The network directives may be implemented by the network in response to security events.
    Type: Grant
    Filed: June 8, 2015
    Date of Patent: March 13, 2018
    Assignee: SRI INTERNATIONAL
    Inventors: Rukman Senanayake, Phillip A. Porras, Patrick D. Lincoln
  • Patent number: 9860258
    Abstract: An Enhanced Ethernet Network Interface Card (EENIC) interfaces with a host and a network. The EENIC includes an internal network interface controller (NIC), a field programmable array (FPGA) in electrical communication with the internal network interface controller, and a peripheral component interconnect express (PCIe) controller, in independent electrical communication with the field programmable array or the internal network interface controller. The FPGA is configured to intercept data from either the host, or from the network, or from a combination thereof. Additionally, the configured interception is undetected by the host, or by the network, or a combination thereof.
    Type: Grant
    Filed: July 1, 2015
    Date of Patent: January 2, 2018
    Assignee: The United States of America as represented by the Secretary of the Air Force
    Inventors: James C Collins, Chet M Wall, Robert J Kaufman, III
  • Patent number: 9848007
    Abstract: A machine may be configured to detect an anomalous event based on metrics pertaining to a production system. For example, the machine analyzes a time series of values associated with a metric pertaining to a production system. The machine identifies a pattern associated with the time series based on the analysis of the time series. The pattern may describe an occurrence of particular values at particular timestamps of the time series. The machine determines a range of potential values for a next timestamp in the time series based on the pattern. The machine assigns a score value to an actual value associated with the metric and corresponding to the next timestamp. The assigning of the score value may be based on a comparison of the actual value and the range of potential values. The machine identifies the actual value as a candidate for an alert based on the score value.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: December 19, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jieying Chen, Xiao Li, Deepak Kumar, Anmol Bhasin, Bhaskaran Devaraj
  • Patent number: 9838361
    Abstract: Systems, methods, and non-transitory computer-readable medium are provided to secure data centers and cloud computing. A method receives network identifiers for functions, requests a network key for each function, allocates network interfaces, requests a virtual network interface controller allocation, requests a network key for each cloud function, receives storage identifiers for functions, requests a storage key for each cloud function, allocates virtual storage disks, requests a storage interface controller allocation, requests a storage key for each cloud function. Methods secure migration of a virtual machine from a source to a target server. A server includes multiple cores where each core is dedicated to a compute function and a unique key encrypts data of each compute function. A non-transitory computer-readable medium encodes programs that execute the above methods.
    Type: Grant
    Filed: May 11, 2017
    Date of Patent: December 5, 2017
    Inventor: Ari Birger
  • Patent number: 9838357
    Abstract: A firewall system determines whether a protocol used by an incoming data packet is a standard protocol compliant with Request For Comment (RFC) standards. In the event the protocol is RFC compliant, the firewall transmits the packet to the recipient according to firewall policies regarding the standard protocol. If the protocol is not that of an RFC standard, the firewall determines whether the protocol matches an RFC-exception protocol in a RFC-exception protocol database. If the protocol does match an RFC-exception, the firewall may transmit the packet to the recipient according to firewall policies regarding the RFC-exception protocol. If it does not match an RFC-exception, the firewall may transmit the packet or protocol to a support system where it may be quarantined until it is approved based on a decision that the protocol is safe and/or widely adopted.
    Type: Grant
    Filed: February 16, 2017
    Date of Patent: December 5, 2017
    Assignee: SONICWALL INC.
    Inventor: Hugo Vazquez Carames
  • Patent number: 9836618
    Abstract: A method and system for authenticating a service to access data respective of a user on a low-end mobile device. The method includes sending, from a telephone-to-web adapter, a first authentication token over a first communication path to the low-end mobile device, wherein the telephone-to-web adapter is a separate entity from the low-end mobile device; receiving, at the telephone-to-web adapter, a second authentication token over a second communication path, wherein the second authentication token is received from a host server hosting the service, wherein the first communication path is performed with a first method of communication and the second communication path is performed with a second method of communication; comparing, at the telephone-to-web adapter, the first authentication token to the second authentication token; and allowing access to data upon determining that the first authentication token matches the second authentication token.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: December 5, 2017
    Assignee: VascoDe Technologies Ltd.
    Inventors: Dorron Mottes, Gil Zaidman, Arnon Yaar, Ophir Marko
  • Patent number: 9832217
    Abstract: A method includes collecting system calls and call parameters invoked by monitored applications for target computer systems. The system calls and call parameters are received from operating system kernels on the plurality of target computer systems. Sequences of systems calls and call parameters of the monitored applications are correlated among different target computer systems to deduce malicious activities. Remedial action(s) are performed in response to malicious activities being deduced as being malicious by the correlating. Another method includes determining that network activity at a specific time is deemed to be suspicious. Using IP addresses involved in the suspicious network activity, computer system(s) are determined that are sources of the suspicious network activity. Based on the specific time and the determined computer system(s), application(s) are determined that are executing on the determined computer system(s) that are causing the suspicious network activity.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: November 28, 2017
    Assignee: International Business Machines Corporation
    Inventors: Stefan Berger, Yangyi Chen, Xin Hu, Dimitrios Pendarakis, Josyula Rao, Reiner Sailer, Douglas Lee Schales, Marc Stoecklin
  • Patent number: 9830459
    Abstract: Described systems and methods allow a mobile device, such as a smartphone or a tablet computer, to protect a user of the respective device from fraud and/or loss of privacy. In some embodiments, the mobile device receives from a server a risk indicator indicative of whether executing a target application causes a privacy risk. Determining the risk indicator includes automatically supplying a test input to a data field used by the target application, the data field configured to hold a private item such as a password or a geolocation indicator. Determining the risk indicator further comprises determining whether a test device executing an instance of the target application transmits an indicator of the test input, such as the test input itself or a hash of the test input, to another party on the network.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: November 28, 2017
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Vlad Valceanu, Elena Burceanu, Dragos T. Gavrilut, Tiberius Axinte, Vlad Bordianu, Razvan M. Benchea
  • Patent number: 9824195
    Abstract: Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting the class definition starting from the left; (iii) a value (M) indicating a maximum number of consecutive data segment values meeting the class definition; and (iv) a value (R) indicating a number of consecutive data segment values meeting the class definition starting from the right. Corresponding values for each data block are then aggregated to determine a maximum number of consecutive data segment values meeting the class definition for the entire data stream.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: November 21, 2017
    Assignee: Fortinet, Inc.
    Inventor: Juneng Zheng
  • Patent number: 9818000
    Abstract: An integrated circuit has a first scan cell segment, a second scan cell segment connected to one or more hidden content, and a scan cell circuit connected to the first scan cell segment and the second scan cell segment. The scan cell circuit alternatively provides access to the first scan cell segment and the second scan cell segment based on a state of the scan cell circuit.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: November 14, 2017
    Assignee: Southern Methodist University
    Inventor: Jennifer L. Dworak
  • Patent number: 9819676
    Abstract: A computing device may determine to capture biometric information in response to the occurrence of one or more trigger conditions. The trigger condition may be receipt of one or more instructions from one or more other computing devices, detection of potential unauthorized use by the computing device, normal operation of the computing device, and so on. The computing device may obtain biometric information and may store such biometric information. Such biometric information may be one or more fingerprints, one or more images of a current user of the computing device, video of the current user, audio of the environment of the computing device, forensic interface use information, and so on. The computing device may then provide the stored biometric information for identification of one or more unauthorized users.
    Type: Grant
    Filed: April 29, 2016
    Date of Patent: November 14, 2017
    Assignee: Apple Inc.
    Inventors: Byron B. Han, Craig A. Marciniak, John A. Wright
  • Patent number: 9811690
    Abstract: Various integrated circuits protect hidden content e.g., embedded instruments, keys, data, etc.) using scan cell circuit(s). For example, a first scan cell circuit is connected to the hidden content, and a second scan cell circuit is connected to the first scan cell circuit forming all or part of a serial data path. The first scan cell circuit provides access to the hidden content whenever the first scan cell circuit is in a first specified state and prevents access whenever the first scan cell circuit is in a different state. The first scan cell circuit does not interrupt the serial data path when the first scan cell circuit is in the different state. The second scan cell circuit changes an operational characteristic of the first scan cell circuit whenever the second scan cell circuit is in a second specified state. In some cases, the second scan cell circuit can be eliminated.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: November 7, 2017
    Assignee: Southern Methodist University
    Inventors: Jennifer L. Dworak, Alfred L. Crouch, Adam Zygmontowicz, John C. Potter