Patents Examined by April Y. Shan
  • Patent number: 9860274
    Abstract: In embodiments of the present invention improved capabilities are described for the operation of a threat management facility, wherein the threat management facility may provide for a plurality of computer asset protection services to a corporate computer network. The threat management facility may provide a policy management service as one of the plurality of protection services, wherein the policy management service may be adapted to provide corporate policy updates to a plurality of computer facilities associated with the corporate computer network. In addition, the corporate policy updates, and a related corporate policy, may relate to the acceptability of an operation of a computer application.
    Type: Grant
    Filed: September 13, 2007
    Date of Patent: January 2, 2018
    Assignee: Sophos Limited
    Inventor: Richard Jacobs
  • Patent number: 7991155
    Abstract: To provide a backup management device that deletes a content so as to be restorable in the future while protecting a copyright of the content, in a case where there exists a backup of the content. In an HD recorder, a first information storage unit stores a content, a second information storage unit stores a backup of the content, a secure storage unit stores a hash value of the content. If receiving an instruction to delete the content so as to be restorable, a control unit deletes the content from the first information storage unit. When the content is played back, an encryption processing unit applies a calculation to the content to generate detection information, and the control unit compares the hash value with the detection information to judge whether the content has been tampered.
    Type: Grant
    Filed: January 30, 2006
    Date of Patent: August 2, 2011
    Assignee: Panasonic Corporation
    Inventors: Soichiro Fujioka, Shunji Harada, Yoshikatsu Ito, Yuko Tsusaka, Motoji Ohmori, Toshihisa Nakano
  • Patent number: 7961878
    Abstract: This specification describes technologies relating to imparting cryptographic information in network communications.
    Type: Grant
    Filed: October 15, 2007
    Date of Patent: June 14, 2011
    Assignee: Adobe Systems Incorporated
    Inventors: Asa Whillock, Edward Chan, Srinivas Manapragada, Matthew Kaufman, Pritham Shetty, Michael Thornburgh
  • Patent number: 7953980
    Abstract: A measurement engine performs active platform observation. A program includes an integrity manifest to indicate an integrity check value for a section of the program's source code. The measurement engine computes a comparison value on the program's image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program's image is determined to be modified, and appropriate remedial action can be triggered. The integrity manifest can include a secure signature to verify the validity of the integrity manifest.
    Type: Grant
    Filed: June 30, 2005
    Date of Patent: May 31, 2011
    Assignee: Intel Corporation
    Inventors: Travis Schluessler, David Durham, George Cox, Karanvir “Ken” Grewal
  • Patent number: 7900258
    Abstract: An automated analysis system identifies the presence of malicious P-code or N-code programs in a manner that limits the possibility of the malicious code infecting a target computer. The target computer system initializes an analytical virtual P-code engine (AVPE). As initialized, the AVPE comprises software simulating the functionality of a P-code or intermediate language engine as well as machine language facilities simulating the P-code library routines that allow the execution of N-code programs. The AVPE executes a target program so that the target program does not interact with the target computer. The AVPE analyzes the behavior of the target program to identify occurrence of malicious code behavior and to indicate in a behavior pattern the occurrence of malicious code behavior. The AVPE is terminated at the end of the analysis process, thereby removing from the computer system the copy of the target program that was contained within the AVPE.
    Type: Grant
    Filed: February 25, 2008
    Date of Patent: March 1, 2011
    Assignee: International Business Machines Corporation
    Inventor: Peter A. J. van der Made
  • Patent number: 7890766
    Abstract: The present invention provides a method, apparatus, and computer instructions for warning of a presence of a person in a zone having an inadequate security clearance. Movement of the person in the zone is detected. A message is broadcast to selected data processing systems associated with the zone, wherein the data processing systems initiate actions to protect data in the selected data processing systems.
    Type: Grant
    Filed: July 12, 2007
    Date of Patent: February 15, 2011
    Assignee: International Business Machines Corporation
    Inventors: Janice Marie Girouard, Mark Joseph Hamzy, Emily Jane Ratliff
  • Patent number: 7886154
    Abstract: The present invention provides a method, apparatus, and computer instructions for warning of a presence of a person in a zone having an inadequate security clearance. Movement of the person in the zone is detected. A message is broadcast to selected data processing systems associated with the zone, wherein the data processing systems initiate actions to protect data in the selected data processing systems.
    Type: Grant
    Filed: December 14, 2007
    Date of Patent: February 8, 2011
    Assignee: International Business Machines Corporation
    Inventors: Janice Marie Girouard, Mark Joseph Hamzy, Emily Jane Ratliff
  • Patent number: 7869592
    Abstract: A calculation apparatus capable of executing any of a first calculating process operation including a first matrix calculation, and a second calculating process operation including a second matrix calculation, includes: a first calculation unit for executing the second matrix calculation; at least one calculation unit other than the first calculation unit, for executing a matrix calculation in parallel to the first calculation unit so as to execute the first matrix calculation; and a logic circuit for performing a logic calculation with respect to a calculation result of the first calculation unit and a calculation result of the other calculation unit. Then, when a calculation result of the first matrix calculation is requested, the calculation apparatus acquires the calculation result from the logic circuit.
    Type: Grant
    Filed: September 29, 2008
    Date of Patent: January 11, 2011
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Koichi Fujisaki, Atsushi Shimbo
  • Patent number: 7865718
    Abstract: A computer-readable recording medium which records a remote control program for allowing data on a network protected by a gateway device to be transferred to an external device by external remote-control operations; a portable terminal device; and a gateway device. The terminal device transmits to the gateway device an access ticket issue request. The gateway device generates key information and transmits to the terminal device an access ticket including the key information. The terminal device transfers to a data acquisition device a data acquisition instruction including the acquired access ticket. The acquisition device transmits to the gateway device a data request including the key information. When the key information added to the access ticket and the key information included in the data request are the same, the gateway device transfers the data request to a data server device. The server device transfers the data to the acquisition device.
    Type: Grant
    Filed: August 20, 2007
    Date of Patent: January 4, 2011
    Assignee: Fujitsu Limited
    Inventors: Shigeki Fukuta, Takao Mohri, Hideki Mitsunobu, Nami Nagata
  • Patent number: 7865958
    Abstract: A flexible, efficient and easy-to-use computer security management system effectively evaluates and responds to informational risks on a wide variety of computing platforms and in a rapidly changing network environment. An individual computer system dynamically monitors its end user, without regard to network connectivity, in order to calculate a risk score and to ensure that the end user's behavior does not put corporate information or other assets at risk. Data regarding such risks and responses are analyzed and stored in real-time.
    Type: Grant
    Filed: February 5, 2009
    Date of Patent: January 4, 2011
    Assignee: Citrix Systems, Inc.
    Inventors: Jason Lieblich, Dustin Norman
  • Patent number: 7856663
    Abstract: A method, system, and program for security screening of electronic devices by device identifier are provided. A security scanning system detects an identifier from an electronic device. The identifier may be a radio frequency identifier or other type of identifier which is preferably detectable by the security scanning system regardless of the operating status of the electronic device. The security scanning system queries a database with the identifier for information about the electronic device. Responsive to receiving the information about the electronic device from the central database, at least one real-time scanned characteristic of the electronic device is compared with this information. The information includes characteristics of the components of the electronic device and an x-ray overlay of the electronic device. If the real-time scanned characteristics and the information match, then electronic device is designated as secure.
    Type: Grant
    Filed: September 12, 2007
    Date of Patent: December 21, 2010
    Assignee: International Business Machines Corporation
    Inventors: Herman Rodriguez, Newton James Smith, Jr., Clifford Jay Spinac
  • Patent number: 7849324
    Abstract: A permission level associated with a user's access to a Web server is identified. A relationship ticket is obtained from an authentication server and a request is generated to set or modify the identified permission level. The request and the relationship ticket are sent to the Web server and a success code is received from the Web server if the requested permission level is established.
    Type: Grant
    Filed: September 9, 2008
    Date of Patent: December 7, 2010
    Assignee: Microsoft Corporation
    Inventors: Baskaran Dharmarajan, Ismail Cem Paya, Ashvin J Mathew
  • Patent number: 7844826
    Abstract: A permission level associated with an entity's access to a Web server is identified. A relationship ticket is obtained from an authentication server and a request is generated to set the identified permission level. The request and the relationship ticket are sent to the Web server and a success code is received from the Web server if the requested permission level is established.
    Type: Grant
    Filed: September 8, 2008
    Date of Patent: November 30, 2010
    Assignee: Microsoft Corporation
    Inventors: Baskaran Dharmarajan, Ismail Cem Paya, Ashvin J Mathew
  • Patent number: 7845011
    Abstract: A transfer source gives a challenge key, own public key, an ID for identifying the target data, and an encryption key type to a transfer destination that is authenticated by a certificate. In accordance with the given key type, the transfer destination generates a first session key (and a second session key), encrypts the first session key and own public key (or second session key) with the transfer source's public key, encrypts the resulting encrypted data with the challenge key, and transmits the data encrypted with the challenge key to the transfer source. The transfer source encrypts the target data with the second session key (or the transfer destination's public key) that is derived from the received data, encrypts the resulting encrypted data with the first session key, and transmits the data encrypted with the first session key to the transfer destination.
    Type: Grant
    Filed: October 14, 2005
    Date of Patent: November 30, 2010
    Assignee: Hitachi Global Storage Technologies Netherlands B.V.
    Inventor: Tatsuya Hirai
  • Patent number: 7835525
    Abstract: A cryptographic method using dual encryption keys and a wireless local area network (LAN) system therefor includes (a) generating a first group key in N wireless terminals forming an ad-hoc group, where N is equal to or greater than two, (b) generating a second group key in a main wireless terminal to perform a key distribution center function among the N wireless terminals, and transmitting the second group key to (N?1) sub wireless terminal, and (c) encoding data using the second group key, and transmitting the encoded data between the N wireless terminals. Data security in a wireless LAN system of an ad-hoc network is increased by creating a first group key having a low frequency of use using a group password, and using a random key generation algorithm to create, distribute, and modify a second group key in a wireless terminal functioning as a key distribution center.
    Type: Grant
    Filed: July 7, 2003
    Date of Patent: November 16, 2010
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Kyung-hun Jang, Jong-ae Park, In-sun Lee
  • Patent number: 7831838
    Abstract: Dynamic run-time verification of a module which is loaded in memory (in whole or in part) for execution is enabled by storing hashes of smaller portions of the module (e.g. page-level hashes) as they should look when loaded into memory for execution. After an initial authentication is completed, hashes of smaller portions of the module are stored. These hashes consist of the portion of memory as modified by changes which would be made by the operating system loader operating normally. Thus, the hashes can be used to verify that the portion as loaded into memory for execution is 1) a correct copy of the portion of the software module, 2) correctly modified for execution by the processor, and 3) not tampered with since loading.
    Type: Grant
    Filed: March 5, 2004
    Date of Patent: November 9, 2010
    Assignee: Microsoft Corporation
    Inventors: Michael David Marr, Scott A. Brender
  • Patent number: 7831050
    Abstract: A key distribution scheme comprising a generation and reception system and a specific operation protocol is described. This system allows fast and secure key distribution in optical channels by two stations A and B. One or two true-random physical sources are used to generate random bits and a random sequence received provides the cipher to the following one to be sent. A starting shared secret key is used and the method can be described as a one-time-pad unlimited extender. The minimum probability of error in signal determination by an eavesdropper can be set arbitrarily close to the pure guessing level of one-half and the security of the method comes from the quantum noise of light as well as from the starting secret key. This system allows for optical amplification without security degradation within its operational boundaries.
    Type: Grant
    Filed: December 1, 2004
    Date of Patent: November 9, 2010
    Inventor: Geraldo Alexandre Barbosa
  • Patent number: 7822201
    Abstract: A novel method and apparatus for protection of streamed media content is disclosed. In one aspect, the apparatus includes control means for governance of content streams or content objects, decryption means for decrypting content streams or content objects under control of the control means, and feedback means for tracking actual use of content streams or content objects. The control means may operate in accordance with rules received as part of the streamed content, or through a side-band channel. The rules may specify allowed uses of the content, including whether or not the content can be copied or transferred, and whether and under what circumstances received content may be “checked out” of one device and used in a second device. The rules may also include or specify budgets, and a requirement that audit information be collected and/or transmitted to an external server. In a different aspect, the apparatus may include a media player designed to call plugins to assist in rendering content.
    Type: Grant
    Filed: May 11, 2007
    Date of Patent: October 26, 2010
    Assignee: Intertrust Technologies Corporation
    Inventors: Talal G. Shamoon, Ralph D. Hill, Chris D. Radcliffe, John P. Hwa
  • Patent number: 7818565
    Abstract: A protocol management system is capable of detecting certain message protocols and applying policy rules to the detected message protocols that prevent intrusion, or abuse, of a network's resources. In one aspect, a protocol message gateway is configured to apply policy rules to high level message protocols, such as those that reside at layer 7 of the ISO protocol stack.
    Type: Grant
    Filed: June 10, 2003
    Date of Patent: October 19, 2010
    Assignee: Quest Software, Inc.
    Inventors: Randy Miller, Robert Poling, Richard S. Pugh, Dmitry Shapiro
  • Patent number: 7814312
    Abstract: An improved network architecture employs a super authority having an identity catalog to direct login authentication tasks to appropriate authorities. Authentication tasks may be performed by authorities across namespace boundaries if so directed by the super authority, such that a principal account may be moved without alteration of the account ID. In an embodiment of the invention, the identity catalog comprises a listing associating account IDs with appropriate authenticating authorities.
    Type: Grant
    Filed: March 31, 2008
    Date of Patent: October 12, 2010
    Assignee: Microsoft Corporation
    Inventors: Jeffrey B. Parham, Brendan Dixon, Murli Satagopan, Richard Bruce Ward