Patents Examined by Baotran N. To
  • Patent number: 10298621
    Abstract: A method includes acts for establishing a subscription for an entity. The method includes receiving, at a cloud service provider, a request from an entity to establish a subscription. The request includes credentials for the entity that are not proper credentials for an organization associated with the entity that the entity should use to access services for the organization. The method further includes performing a corrective action based on detecting one or more factors to determine that the entity is associated with the organization. The method further includes providing services based on the corrective action.
    Type: Grant
    Filed: April 30, 2018
    Date of Patent: May 21, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ranganathan Srikanth, David James Armour, Ashvinkumar J. Sanghvi, Jeremy Winter, John David Ballard, Dwayne Richard Need, Srivatsan Parthasarathy
  • Patent number: 10298385
    Abstract: Fully homomorphic encryption integrated circuit (IC) chips, systems and associated methods are disclosed. In one embodiment, an integrated circuit (IC) homomorphic processor chip is disclosed. The IC homomorphic processor chip includes at least one processor slice. Each processor slice includes local control circuitry, a numeric theoretic transform (NTT) butterfly unit, and on-chip memory. The NTT butterfly unit is responsive to the local control circuitry to operate in multiple modes for performing operations on encrypted data using homomorphic encryption. Each mode is associated with a different configuration of the NTT butterfly unit.
    Type: Grant
    Filed: August 11, 2017
    Date of Patent: May 21, 2019
    Assignee: THE GOVERNING COUNCIL OF THE UNIVERSITY OF TORONTO
    Inventors: Alhassan Khedr, Glenn Gulak
  • Patent number: 10289812
    Abstract: The present invention includes: an electronic document receiving unit receiving an original electronic document; a text information extracting unit extracting text and text location information by analyzing content of the original electronic document; an image information extracting unit extracting an image and image location information by analyzing the content; a verification data generating unit generating original forgery falsification verification data by using at least one of the text and the text location information, the image and the image location information; and a secure electronic document generating unit generating a secure original electronic document after encrypting and inserting the original forgery falsification verification data in a preset position of the original electronic document.
    Type: Grant
    Filed: September 7, 2017
    Date of Patent: May 14, 2019
    Assignee: MARKANY INC.
    Inventors: Dong-Hwa Kim, Yong-Chan Ahn, Ki-Soo Park
  • Patent number: 10270793
    Abstract: A network sensor, inserted into a mirror port of a network switch or router, may be configured to monitor the network traffic originating from an embedded device. Metadata in the network traffic may be passively extracted by the network sensor and transmitted to a server in order to monitor and analyze the behavior of the embedded device. The server may employ machine learning to distinguish typical behavior of the embedded device from atypical behavior. Further, code may be injected into the firmware of the embedded device, and the code may be programmed to broadcast a performance beacon whenever certain firmware functions are executed. A collection of the performance beacons may be analyzed at the server to reconstruct an execution path of the embedded device, and machine learning may be applied to determine whether the execution path is typical or atypical.
    Type: Grant
    Filed: May 8, 2017
    Date of Patent: April 23, 2019
    Assignee: SENRIO INC.
    Inventor: Stephen A. Ridley
  • Patent number: 10264026
    Abstract: The disclosed embodiments include systems and methods for dynamically managing privileged access for non-privileged accounts. Operations may include receiving a request from a computer device associated with a network account to access a privileged resource, wherein the network account lacks any privileged account membership enabling the network account to access the privileged resource. Operations may include authenticating the network account, and assigning, based on the authentication, privileged on-demand membership for the network account, wherein the privileged on-demand membership enables the network account to access the privileged resource. Operations may also include identifying that the network account should no longer have access to the privileged resource, and removing, based on the identification, the privileged on-demand membership for the network account.
    Type: Grant
    Filed: July 24, 2017
    Date of Patent: April 16, 2019
    Assignee: CyberArk Software Ltd.
    Inventors: Dima Barboi, Boris Spivak, Yair Sade
  • Patent number: 10255427
    Abstract: The authorization of unique computer peripheral specimens to connect to a host computer employs a computer connected device storing both a unique identifier matched by a digital fingerprint authenticating the unique identifier, a device driver on a host computer for communicating with the computer peripheral device, and a policy module that communicates with the host to determine the security policy for the computer peripheral device. The host computer decides whether to allow the computer peripheral device be used by the host, according to the security policy set by the policy module.
    Type: Grant
    Filed: March 16, 2016
    Date of Patent: April 9, 2019
    Inventor: Brandon Kaines
  • Patent number: 10256983
    Abstract: Described herein are various technologies pertaining to authentication of integrated circuits by using external factors to affect or modify an output of a physically unclonable function (PUF) circuit. In an example, the output of the PUF circuit in response to a challenge signal can be sensitive to changes in environmental factors. In another example, the output of the PUF circuit can be sensitive to user-selectable configuration parameters of the PUF circuit. In yet another example, the output of the PUF circuit can be modified by additional circuitry external to the PUF circuit based upon one or more selectable or configurable inputs. A PUF-based device authentication system that uses external factors as authentication inputs to affect a challenge response of the device authentication system can enhance authentication capabilities by permitting multi-factor authentication.
    Type: Grant
    Filed: March 22, 2016
    Date of Patent: April 9, 2019
    Assignee: National Technology & Engineering Solutions of Sandia, LLC
    Inventors: Todd Bauer, Jason Hamlet, Ryan Michael Birmingham, Lyndon G. Pierson
  • Patent number: 10248579
    Abstract: Embodiments of an invention for method, apparatus, and instructions for safely storing secrets in system memory are disclosed. In one embodiment, a processor includes a hardware key, an instruction unit, and an encryption unit. The instruction unit is to receive an encryption instruction and a compare instruction. The encryption instruction is to have a first plaintext input value. The compare instruction is to have a second plaintext input value. The encryption unit is to, in response to the encryption instruction, encrypt the first plaintext input value using the hardware key to generate a ciphertext value, and, in response to the compare instruction, decrypt the ciphertext value using the hardware key to generate a plaintext output value and compare the plaintext output value to the second plaintext input value.
    Type: Grant
    Filed: December 20, 2016
    Date of Patent: April 2, 2019
    Assignee: Intel Corporation
    Inventor: Shay Gueron
  • Patent number: 10244002
    Abstract: A cloud infrastructure security assurance service is enhanced to facilitate bursting of cloud applications into other cloud infrastructures. The security assurance service provides a mechanism to enable creation and management of secure application zones within a cloud infrastructure. When the security assurance service receives an indication that a workload associated with a cloud application triggers a cloud burst, the service is extended into a new cloud infrastructure. Once the security assurance service is instantiated in the new cloud infrastructure, it identifies the broad security requirements of the application, as well as the security capabilities of the new environment. Using this information, the security assurance service computes a minimal security environment needed by the cloud application for the burst operation.
    Type: Grant
    Filed: December 25, 2017
    Date of Patent: March 26, 2019
    Assignee: International Business Machines Corporaion
    Inventors: Jeffrey Robert Hoy, Nataraj Nagaratnam, Kaushal Kiran Kapadia, Ravi Krishnan Muthukrishnan, Sreekanth Ramakrishna Iyer
  • Patent number: 10225083
    Abstract: An information processing system includes circuitry that stores at least one secret key that corresponds to a public key. The circuitry also causes display, on a screen, of information corresponding to the public key and information corresponding to the secret key.
    Type: Grant
    Filed: July 28, 2014
    Date of Patent: March 5, 2019
    Assignee: SONY CORPORATION
    Inventor: Koichi Sakumoto
  • Patent number: 10187395
    Abstract: Autocompleting into an invite box for purposes of sharing an executable computing resource such as an application or portion thereof. However, the autocomplete is populated with potential sharees of multiple tenants or with identities that are not registered with the tenant directory of the user. Thus, potentially any potentially sharee worldwide may be populated within the list of potential sharees. As the desired potential sharee comes into view, that potential sharee may be selected, and added to a list of one or more selected sharees. At some point, a control may be selected to allow the executable computing resource to be shared with the selected sharees within the list.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: January 22, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Anjli Chaudhry, William Hong Vong, Ryan A. Jansen, Samuel Lenz Banina, Jose Miguel Arreola Gutierrez
  • Patent number: 10185578
    Abstract: Methods and systems for generating and using a BIOS security display include determining whether a change in a BIOS user setting is associated with security of an information handling system. When the BIOS user setting is associated with security, a security level for the BIOS may be calculated based on weighted security values for BIOS user settings. Security levels for boot phases may also be individually calculated. The security levels may be displayed in the BIOS to the user when the BIOS user setting is changed.
    Type: Grant
    Filed: November 3, 2016
    Date of Patent: January 22, 2019
    Assignee: Dell Products L.P.
    Inventors: Ricardo L. Martinez, Richard M. Tonry, Christopher W. Ramirez
  • Patent number: 10169551
    Abstract: A method is provided that includes receiving a command for reading out content from a non-transitory recording medium, and identifying first version information indicating a version of a content copyright protection method. The method includes identifying second version information indicating a version of a protocol used in authentication of the host apparatus, and determining whether the authentication is to be approved or not. The method also includes authenticating the host apparatus according to a result of the determination, reading out medium-specific information, and sending the medium-specific information to the authenticated host apparatus. The method further includes reading out the encrypted content and sending the encrypted content to the authenticated host apparatus, wherein the first version information is identified based on disk information that is meta data stored at a beginning of the recording medium formed in a disk shape in the identifying first version information.
    Type: Grant
    Filed: March 1, 2018
    Date of Patent: January 1, 2019
    Assignee: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA
    Inventors: Masaya Yamamoto, Kaoru Murase
  • Patent number: 10169603
    Abstract: Aspects include detecting that an extract transform load (ETL) job in an ETL system has been submitted for execution. The ETL job can include an input data storage location and an output data storage location. The ETL job is analyzed to predict whether execution of the ETL job will result in sensitive information being made accessible to an unauthorized user. The analyzing can be based on a sensitivity status of contents of the input data storage location and a data lineage of contents of the output data storage location. The ETL job is prevented from executing based on predicting that execution of the ETL job will result in sensitive information being made accessible to an unauthorized user. Execution of the ETL job is initiated based on predicting that execution of the ETL job will not result in sensitive information being made accessible to an unauthorized user.
    Type: Grant
    Filed: March 16, 2016
    Date of Patent: January 1, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Shlomit Becker, Boris Melamed, Alexander Pyasik, Shani Turgeman, Gidi Weber, Yifat Yulevich
  • Patent number: 10171498
    Abstract: A security matrix layer between a first and second conductive shorting layers are located within a printed circuit board (PCB) that carries out cryptographic data handling functions. The security matrix layer includes at least two microcapsules each containing one or more reactants. When the security matrix layer is accessed, drilled, or otherwise damaged, the microcapsules rupture and the reactants react to form at least an electrically conductive material. The electrically conductive material contacts and shorts the first and second conductive shorting layers. A monitoring device that monitors whether the first and second conductive shorting layers have shorted detects the short and passes a tamper signal that is received by one or more computer system devices to respond to the unauthorized physical access attempt.
    Type: Grant
    Filed: February 19, 2016
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: Gerald K. Bartley, Darryl J. Becker, Matthew S. Doyle, Joseph Kuczynski, Timothy J. Tofil
  • Patent number: 10146928
    Abstract: The present disclosure generally relates to visually varying an image using parallax image layers, and more specifically, relates to visually varying presentation of an access right displayed on a mobile device to enhance verification of access to resources. The variation of multiple layers of an image may be based on sensor data detected at the mobile device.
    Type: Grant
    Filed: February 12, 2018
    Date of Patent: December 4, 2018
    Assignee: Live Nation Entertainment, Inc.
    Inventors: Adit Shukla, Duncan Lewis, Patrick Jackson
  • Patent number: 10148701
    Abstract: Techniques include identifying permission polices corresponding to a plurality of identities in a network environment, the permission polices specifying what types of actions the plurality of identities are permitted to take with respect to particular network resources; analyzing information describing activity associated with a first identity from the plurality of identities in the network environment; and automatically developing, based on the analysis of the information, a least-privilege profile for the first identity, the least-privilege profile including permissions corresponding to the particular actions with respect to the particular network resources and excluding permissions that do not correspond to the particular actions with respect to the particular network resources.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: December 4, 2018
    Assignee: CyberArk Software Ltd.
    Inventors: Asaf Hecht, Tal Kandel
  • Patent number: 10142106
    Abstract: An approach is provided for securing data in a technical environment. In one embodiment, a processor obtains a first file, which when executed installs a first portion of a second file and an assembly key to assemble the second file. The processor executes this first file and then obtains the second portion of the second file. The processor assembles the second file using the first portion, the second portion, and the assembly key.
    Type: Grant
    Filed: October 20, 2017
    Date of Patent: November 27, 2018
    Assignee: Hand Held Products, Inc.
    Inventors: Erik Todeschini, Stephen Patrick Deloge, Donald Anderson
  • Patent number: 10135802
    Abstract: Some implementations may provide a machine-assisted method for determining a trustworthiness of a requested transaction, the method including: receiving, from a relying party, a request to determine a trustworthiness of a particular transaction request, the transaction request initially submitted by a user to access data managed by the relying party; based on the transaction request, summarizing the particular transaction request into transactional characteristics, the transactional characteristics devoid of source assets of the transaction, the source assets including credential information of the user, the credential information of the relying party, or information content of the requested transaction; generating first machine-readable data encoding transactional characteristics of the underlying transaction as requested, the transactional characteristics unique to the particular transaction request; submitting a first inquiry at a first engine to determine an access eligibility of the user submitting the t
    Type: Grant
    Filed: July 19, 2016
    Date of Patent: November 20, 2018
    Assignee: MorphoTrust USA, LLC
    Inventor: Stephen Miu
  • Patent number: 10135877
    Abstract: This disclosure relates to enforcing restrictions on data collected from a first set of systems and disseminated to a second set of systems. For example, enforcing a set of restrictions includes receiving a first trait and a second trait that include data describing a user that has interacted with an online service. The first trait is labelled with a first usage restriction and the second trait is labelled with a second usage restriction different from the first usage restriction. The first trait and the second trait are combined into a segment. The segment preserves labelling of the first trait with the first usage restriction and the second trait with the second usage restriction. Use of the segment is controlled based on the first usage restriction and the second usage restriction.
    Type: Grant
    Filed: February 13, 2018
    Date of Patent: November 20, 2018
    Assignee: Adobe Systems Incorporated
    Inventors: David Weinstein, Harleen Sahni, Matthew Donofrio, Edward Schuchardt, Vinay Goel, Rafaat Hossain