Patents Examined by Beemnet Dada
  • Patent number: 9847871
    Abstract: Systems and methods for a multiple value packing scheme for homomorphic encryption are described, including at a server, generating a plurality of encrypted payloads, each having a plurality of data values; and at a client, receiving each of the encrypted payloads having the plurality of data values; and multiplying one or more of the data values of one of the encrypted payloads by one or more other data values in one or more of the other encrypted payloads, to generate a product that represents the summation of data values corresponding to the multiplied one or more data values of the encrypted payloads and the one or more of the other data values in the one or more other encrypted payloads.
    Type: Grant
    Filed: December 16, 2016
    Date of Patent: December 19, 2017
    Assignee: GOOGLE LLC
    Inventors: Sarvar Patel, Marcel M. M. Yung
  • Patent number: 9847981
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for storing and retrieving encrypted data. In one aspect, a method includes receiving, at a server computer separate from a user device, a first encrypted resource encrypted by use of a public encryption key, wherein the public encryption key is paired with a private encryption key according to an asymmetric encryption key scheme; retrieving, by the server computer, a second encrypted resource encrypted by use of the public key; augmenting, by the server computer, the first encrypted resource with the second encrypted resource to form an encrypted data tuple; encrypting, by the server computer, the encrypted data tuple; and storing, by the server computer, the encrypted data tuple as the second encrypted resource.
    Type: Grant
    Filed: February 13, 2017
    Date of Patent: December 19, 2017
    Assignee: Google Inc.
    Inventor: John Millikin
  • Patent number: 9846780
    Abstract: Techniques for providing computer security vulnerability intelligence are disclosed. The techniques include obtaining distributable vulnerability data that includes, for each of a plurality of software packages and associated vulnerabilities, threat mitigation information and a threat priority parameter, where the distributable vulnerability data was derived from an intelligence graph including a plurality of fundamental instance nodes, a plurality of document nodes, and a plurality of edges.
    Type: Grant
    Filed: February 25, 2015
    Date of Patent: December 19, 2017
    Assignee: Accenture Global Solutions Limited
    Inventors: Trevor Tonn, Ray-yu Chang
  • Patent number: 9848016
    Abstract: This disclosure describes techniques for proactively identifying possible attackers based on a profile of a device. For example, a device includes one or more processors and network interface cards to receive, from a remote device, network traffic directed to one or more computing devices protected by the device, determine, based on content of the network traffic, a first set of data points for the device, send a response to the remote device to ascertain a second set of data points for the device, and receive, from the remote device, at least a portion of the second set of data points. The device also includes a security module operable by the processors to determine a maliciousness rating, and selectively manage, based on the maliciousness rating, additional network traffic directed to the one or more computing devices protected by the security device and received from the remote device.
    Type: Grant
    Filed: November 14, 2016
    Date of Patent: December 19, 2017
    Assignee: Juniper Networks, Inc.
    Inventors: Oskar Ibatullin, Kyle Adams, Daniel J. Quinlan
  • Patent number: 9846882
    Abstract: A permitting system for controlling devices in a system includes a permit issuing agent that receives a command to be sent to a device. Based upon at least one attribute of the command, the permit issuing agent identifies one or more business logic modules that is pertinent to the command. Each business logic module has a respectively different set of business rules associated with it. Each identified business logic module determines whether the command complies with the business rules associated with that module. If the command is determined to comply with the business rules of all of the identified business logic modules, the agent issues a permit for the command, and the permit is sent to the device for execution of the command.
    Type: Grant
    Filed: December 2, 2016
    Date of Patent: December 19, 2017
    Assignee: SILVER SPRING NETWORKS, INC.
    Inventors: Aditi Dubey, Benjamin N. Damm, Michael StJohns, Raj Vaswani
  • Patent number: 9847976
    Abstract: Digital data is optically broadcast through an environment by controllably switching the brightness or chrominance of LED solid state lamps, or of other illumination sources (e.g., television screens and backlit computer displays). This optical data channel is useful to convey cryptographic key data by which devices within the environment can authenticate themselves to a secure network. In some embodiments, the optical modulation is sensed by the camera of a smartphone. The row data output by the smartphone's camera sensor is processed to extract the modulated data signal. In some monochrome embodiments, data communication speeds far in excess of the camera's frame rate (e.g., 30/second), or even the camera's row rate (e.g., 14,400/second) are achieved. Still greater rates can be achieved by conveying different data in different chrominance channels. A great number of other features and arrangements are also detailed.
    Type: Grant
    Filed: April 8, 2015
    Date of Patent: December 19, 2017
    Assignee: Digimarc Corporation
    Inventors: John D. Lord, John Stach
  • Patent number: 9843591
    Abstract: Techniques to implement beacon-based access authorization to industrial assets in an industrial automation environment are disclosed herein. In at least one implementation, each industrial asset has one or more beacons that broadcast signals enabling a mobile device to measure its distance from the broadcasting beacon. Each signal also can include access level data defining access permitted for various users, depending on the user's authorization level and the calculated distance between the mobile device and the broadcasting beacon. In some implementations the mobile device can provide directions to the user to enable an otherwise disallowed operation. Access to industrial assets is thus limited by the calculated mobile device distance from the industrial asset and the user's authorization level.
    Type: Grant
    Filed: February 8, 2016
    Date of Patent: December 12, 2017
    Assignee: Rockwell Automation Technologies, Inc.
    Inventor: Ronald E. Bliss
  • Patent number: 9842229
    Abstract: A method for detecting instances of exfiltration by an application. The method includes performing a first set of runs on a first computation device, and performing a second set of runs on a second computation device. Each set of runs involves running the application a plurality of times; and for each run, capturing packets transmitted by the computation device. In some embodiments the packets within the first set of runs are compared to identify differences caused by environmental noise, such as run-to-run changes in the information sent to the first device by remote servers. Comparisons between (i) runs performed on the first device and (ii) runs performed on the second device, with differences caused by environmental noise removed, may then be used to assess whether the application exfiltrates personal information, such as a phone number, that has different values on the first device and on the second device.
    Type: Grant
    Filed: January 25, 2016
    Date of Patent: December 12, 2017
    Assignee: RAYTHEON BBN TECHNOLOGIES CORP.
    Inventor: Gregory Alexander Vorsanger
  • Patent number: 9838415
    Abstract: A network node includes enhanced functionality to fight through cyber-attacks. A plurality of virtual machines run at the network node. The network node receives a plurality of transaction requests and distributes a copy of each of the transaction requests to the plurality of virtual machines over a plurality of time steps. Based on the first virtual machine having executed (n) transaction requests in the plurality of transaction requests, the node detects whether any of the virtual machines has been compromised. In response to detecting the plurality of virtual machines includes a compromised virtual machine, the network node isolates the compromised virtual machine. Furthermore, after isolating the compromised virtual machine, the network node may receive a subsequent transaction request and dispatch the subsequent transaction request to the compromised virtual machine. The compromised virtual machine may execute the subsequent transaction request.
    Type: Grant
    Filed: October 17, 2016
    Date of Patent: December 5, 2017
    Assignee: Architecture Technology Corporation
    Inventors: Judson Powers, Stephen K. Brueckner, Kenneth J. Thurber
  • Patent number: 9830453
    Abstract: A system for detecting unusual code operating in a browser agent comprises a processor and a memory. The processor is to: determine that a block of code is running on a web page; parse the block of code into a parsed template; obtain indicia associated with the block of code; and determine that the parsed template is unusual based at least in part on the parsed template and the indicia. The memory is coupled with the processor and is configured to provide the processor with instructions.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: November 28, 2017
    Assignee: tCell.io, Inc.
    Inventors: Michael Feiertag, Garrett Held, Blake Livingston
  • Patent number: 9832649
    Abstract: A secure ID authentication system for authenticating over a multi-channel cellular radio network a response from a user module comprising a SIM card to a request from an application programming interface (API) to authenticate a transaction, in which; a request is sent to an identity application server (IAS) holding a database of user module ID information; the IAS transmits the request over a first channel of the cellular network as a class 2 SMS message to the SIM card; the SIM card causes the request to be displayed on the user module; when a response is entered, the user module encrypts the response and associated data and transmits the encrypted data over a second channel of the cellular network to an over-the-air (OTA) gateway to the IAS; and the IAS decrypts the data and transmits the response to the API.
    Type: Grant
    Filed: February 13, 2014
    Date of Patent: November 28, 2017
    Assignee: TECHNOLOGY BUSINESS MANAGEMENT, LIMTED
    Inventors: Keith Curran, Tarlok Nath Teji
  • Patent number: 9824235
    Abstract: Web session security techniques which protect displayed sensitive information. In one example embodiment, the method includes setting, by a processor, a timer following a last user action during use of a web application; determining, by the processor, that a threshold time period since the last user action exceeds a predetermined time period; and making, by the processor, displayed sensitive information unreadable.
    Type: Grant
    Filed: March 6, 2017
    Date of Patent: November 21, 2017
    Assignee: NCR Corporation
    Inventor: Mikel Vincent Blanchard
  • Patent number: 9825758
    Abstract: A user device and one or more server computers securely evaluate a k-nearest neighbor model, with reasonable computation speed and bandwidth utilization, using a combination of techniques. The user device encrypts input vectors using a client's public key to keep client information private. The server computer homomorphically computes a distance between the encrypted input vector and vectors stored in the k-nearest neighbor model. The server computer then engages in a minimization process which results in the user device receiving classification vectors corresponding to the k-nearest neighbors.
    Type: Grant
    Filed: December 2, 2014
    Date of Patent: November 21, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tony Feng, David J. Wu, Michael Naehrig, Kristin Lauter
  • Patent number: 9817985
    Abstract: A content management system including a content management server and a client terminal connected to the content management server via a communication network, wherein the content management server transmits, to the client terminal, a management server ID identifying the content management server and a content deletion request, the client terminal receives the management server ID and the content deletion request from the content management server, determines whether or not the received management server ID matches a management server ID saved on the client terminal side, and if they match, deletes the content saved on the client terminal side, in a removable media, the content corresponding to the deletion request. A content, that is saved in various forms on the client terminal side is disabled for playback at an appropriate timing; accordingly, it is possible to reduce risks such as information leakage to ensure security, and also ensure content integrity.
    Type: Grant
    Filed: May 13, 2015
    Date of Patent: November 14, 2017
    Inventors: Tatsuo Manago, Hideki Mizukami
  • Patent number: 9819652
    Abstract: An information interaction method and device are provided. In the method, the device establishes a connection with a wearable device. The device sends information to be interacted corresponding to a logged-in ID to the wearable device via the connection. The device receives a first encrypted result returned by the wearable device. The device generates a first verifying factor corresponding to the first encrypted result with a predetermined algorithm. The device sends the information to be interacted and the first verifying factor in an associated manner to a server. The device receives a message indicating that an interaction is finished, where the message is sent if the server determines that a second verifying factor generated with the predetermined algorithm and corresponding to a second encrypted result matches the first verifying factor. The second encrypted result is obtained by encrypting the information by the server with the pre-stored encryption key.
    Type: Grant
    Filed: September 8, 2015
    Date of Patent: November 14, 2017
    Assignee: Xiaomi Inc.
    Inventors: Junqi Lin, Yang Zhang, Chenlei Wang
  • Patent number: 9817975
    Abstract: A violation of a firmware access rule is detected, and an entry is generated at a log file stored at a baseboard management controller, the entry identifying the violation. In an embodiment, detecting the violation is in response to receiving a system management interrupt at an information handling system.
    Type: Grant
    Filed: January 26, 2015
    Date of Patent: November 14, 2017
    Assignee: DELL PRODUCTS, LP
    Inventors: Wei Liu, Juan F. Diaz
  • Patent number: 9813441
    Abstract: A security device may receive a request from a client device and intended for a server device. The security device may identify the request as being associated with a malicious activity. The malicious activity may include one or more undesirable tasks directed to the server device. The security device may generate a challenge-response test based on identifying the request as being associated with the malicious activity. The challenge-response test may be generated using one or more construction techniques. The security device may provide the challenge-response test to the client device. The security device may receive, from the client device, a proposed solution to the challenge-response test. The security device may identify the proposed solution as being generated using an optical character recognition (OCR) program. The security device may protect the server device from the client device based on identifying the solution as being generated using an OCR program.
    Type: Grant
    Filed: December 17, 2015
    Date of Patent: November 7, 2017
    Assignee: Juniper Networks, Inc.
    Inventor: Kyle Adams
  • Patent number: 9806884
    Abstract: A system includes a MEMS device and a key generating device formed over the substrate. The key generating device is configured to generate a cryptographic key based on a property of the MEMS device and the MEMS device is configured to output a signal indicative of a sensed parameter. The generated cryptographic key is based on the influenced output signal of the MEMS device.
    Type: Grant
    Filed: January 9, 2015
    Date of Patent: October 31, 2017
    Assignee: Robert Bosch GmbH
    Inventors: Matthew Lewis, Jorge Guajardo Merchan
  • Patent number: 9794247
    Abstract: An electronic component includes a processor and a memory. The electronic component has a secure platform capable of storing at least one dual key pair and a corresponding digital signature. There is also a system including a host machine and an electronic component capable of being operated by the host machine. The electronic component has a processor, a memory, and a secure platform capable of storing at least one dual key pair and a corresponding digital signature. Another aspect describes a method, which includes reading a public key from an electronic component by a host machine, verifying the public key against a stored key in the host machine, digitally signing data using a private key from the electronic component, verifying the signed data against the stored key, and using the electronic component by the host machine only if the signed data and the public key are verified.
    Type: Grant
    Filed: August 22, 2006
    Date of Patent: October 17, 2017
    Assignee: STMICROELECTRONICS, INC.
    Inventors: Sean Newton, John Tran, David Tamagno
  • Patent number: 9794299
    Abstract: Embodiments of the invention are directed to a system, method, or computer program product for a passive based security escalation to shut off of applications on a mobile device based on rules. As such, the system may identify, via extraction of data, time periods correlating to events that the user may be offline or inactive with respect to his/her mobile device. Once the time periods are identified, rules are created for the level of security escalation required based on the event. Subsequently, a trigger is identified at a time leading up to the event, where the system integrates with the mobile device and requires additional authentication to access one or more applications. Once the offline event starts, the system initiates a shutdown of the functions of one or more applications on the user's mobile device. The system then reinstates the application functionality after the offline event has ended.
    Type: Grant
    Filed: March 16, 2017
    Date of Patent: October 17, 2017
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Elizabeth S. Votaw, Alicia C. Jones-McFadden