Patents Examined by Brandon Hoffman
  • Patent number: 10129029
    Abstract: Systems and methods are provided for proving plaintext knowledge of a message m, encrypted in a ciphertext, to a verifier computer. The method includes, at a user computer, encrypting the message m via a predetermined encryption scheme to produce a ciphertext u, and generating a plurality l of challenges ci, i=1 to l, dependent on the ciphertext u. For each challenge ci, the user computer generates a cryptographic proof ?2i comprising that challenge ci and a zero-knowledge proof of plaintext knowledge of the message m encrypted in the ciphertext u. The user computer sends the ciphertext u and the l proofs ?2i to the verifier computer. Each challenge ci is constrained to a predetermined challenge space C permitting identification, by searching the challenge space C, of an element ci? such that the message m can be obtained via a decryption operation using the ciphertext u, the element ci?, and a decryption key of said encryption scheme.
    Type: Grant
    Filed: June 16, 2016
    Date of Patent: November 13, 2018
    Assignee: International Business Machines Corporation
    Inventors: Vadim Lyubashevsky, Gregory Neven
  • Patent number: 10122537
    Abstract: Provided is an apparatus for generating digital values to provide a random digital value. The apparatus may generate the digital value based on a semiconductor process variation. The apparatus may include a generating unit to generate a plurality of digital values, based on the semiconductor process variation, and a processing unit to process the digital values and to provide a first digital value. The generating unit may include a plurality of physically unclonable functions (PUFs). A parameter may be differently applied to the PUFs, and the PUFs may generate the digital values.
    Type: Grant
    Filed: December 30, 2014
    Date of Patent: November 6, 2018
    Assignee: ICTK HOLDINGS CO., LTD.
    Inventors: Dong Kyue Kim, Byong Deok Choi
  • Patent number: 10116439
    Abstract: According to one embodiment, an encryption device encrypts each of numerical values based on an encryption key, and generates encrypted data. On the basis of each of the encrypted data, a computation device generates a primary computation result corresponding to data in which a computation result of an expression that has added and subtracted each of the numerical values is encrypted. On the basis of the primary computation result, a secondary computation key and random numbers, a computation assist device generates a secondary computation result. The computation device generates a tertiary computation result based on the secondary computation result and a tertiary computation key, and decides the magnitude relation between a minuend and a subtrahend in the expression based on the tertiary computation result.
    Type: Grant
    Filed: September 11, 2015
    Date of Patent: October 30, 2018
    Assignees: KABUSHIKI KAISHA TOSHIBA, TOSHIBA SOLUTIONS CORPORATION
    Inventors: Masanobu Koike, Ryotaro Hayashi, Tatsuyuki Matsushita
  • Patent number: 10114962
    Abstract: Protecting data files is disclosed, including: in response to an indication that a data file has been generated by a client device, determining a security classification associated with the data file; determining that the security classification associated with the data file comprises a classified file; storing the data file in a designated virtual storage area; and generating a stub file at an original storage location of the data file, wherein the stub file includes a viewing permission associated with the data file and a storage location of the data file in the designated virtual storage area.
    Type: Grant
    Filed: May 18, 2016
    Date of Patent: October 30, 2018
    Assignee: Alibaba Group Holding Limited
    Inventor: Changxiong Lin
  • Patent number: 10116668
    Abstract: A security method that includes assigning a sensitivity value for a communication with a sensitivity determining module including at least one hardware processor. Following assignment of the sensitivity value to the communication, the communication is formatted for display. When sensitivity value exceeds a security threshold, the communication is parsed into a sequence of fragments. The communication is transmitted as the sequence of fragments when said sensitivity value exceeds the security threshold.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: October 30, 2018
    Assignee: International Business Machines Corporation
    Inventors: Rhonda L. Childress, Itzhack Goldberg, James R. Kozloski, Clifford A. Pickover, Neil Sondhi, Maja Vukovic
  • Patent number: 10108919
    Abstract: Multi-variable assessment systems and methods that evaluate and predict entrepreneurial behavior are provided herein. Methods include obtaining entrepreneur data related to personal skills data, business history data, and social network data for the entrepreneur across a plurality of network modalities, the plurality of network modalities including social networks, phone records, and message records, determining business event information for business events identified between the entrepreneur and contacts of the entrepreneur found in the entrepreneur data, and performing a dynamic measurement of engagement between the entrepreneur and the contacts by looking for contacts between the entrepreneur and the contacts that cross the plurality of network modalities, wherein the dynamic measurement includes an entrepreneur score for the entrepreneur.
    Type: Grant
    Filed: October 18, 2017
    Date of Patent: October 23, 2018
    Assignee: Kountable, Inc.
    Inventors: Christopher Hale, Craig M. Allen, Catherine Nomura
  • Patent number: 10089461
    Abstract: Techniques for malicious content detection using code injection are described herein. In one embodiment a first code section of a target program is loaded into a first memory page of a virtual machine (VM) hosted by a virtual machine monitor (VMM). The target program to receive code injection. The VMM injects a second code section into the target program by replacing the first code section with a second code section loaded in a second memory page. Determining a behavior of a content specimen using the injected second code section instead of the first code section, and the second code section is injected after the target program.
    Type: Grant
    Filed: September 30, 2013
    Date of Patent: October 2, 2018
    Assignee: FireEye, Inc.
    Inventors: Phung-Te Ha, Seva Tonkonoh, Osman Abdoul Ismael
  • Patent number: 10089500
    Abstract: A processor of an aspect includes a decode unit to decode a modular exponentiation with obfuscated input information instruction. The modular exponentiation with obfuscated input information instruction is to indicate a plurality of source operands that are to store input information for a modular exponentiation operation. At least some of the input information that is to be stored in the plurality of source operands is to be obfuscated. An execution unit is coupled with the decode unit. The execution unit, in response to the modular exponentiation with obfuscated input information instruction, is to store a modular exponentiation result in a destination storage location that is to be indicated by the modular exponentiation with obfuscated input information instruction. Other processors, methods, systems, and instructions are disclosed.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: October 2, 2018
    Assignee: Intel Corporation
    Inventors: Vinodh Gopal, Gilbert M. Wolrich
  • Patent number: 10084781
    Abstract: A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.
    Type: Grant
    Filed: April 26, 2016
    Date of Patent: September 25, 2018
    Assignee: International Business Machines Corporation
    Inventors: Emanuel Bronshtein, Roee Hay, Sagi Kedmi
  • Patent number: 10083415
    Abstract: Multi-variable assessment systems and methods that evaluate and predict entrepreneurial behavior are provided herein. Methods include obtaining entrepreneur data related to personal skills data, business history data, and social network data for the entrepreneur across a plurality of network modalities, the plurality of network modalities including social networks, phone records, and message records, determining business event information for business events identified between the entrepreneur and contacts of the entrepreneur found in the entrepreneur data, and performing a dynamic measurement of engagement between the entrepreneur and the contacts by looking for contacts between the entrepreneur and the contacts that cross the plurality of network modalities, wherein the dynamic measurement includes an entrepreneur score for the entrepreneur.
    Type: Grant
    Filed: March 27, 2015
    Date of Patent: September 25, 2018
    Assignee: Kountable, Inc.
    Inventors: Christopher Hale, Craig M. Allen, Catherine Nomura
  • Patent number: 10083056
    Abstract: Systems and method for providing for suspension and transfer of remote access sessions. In accordance with the methods, a request to suspend a session may be received at a server tier. The server tier prepares a URL that may be used at a later time by a client to resume the session. The URL is communicated to a client tier from which the request was received and, thereafter, a connection between the client tier and the server tier is closed. At a subsequent time, a request may be received to resume the session at the URL. After receipt of the request to resume the session, a connection with the requesting client tier is established by the server tier, and the session is resumed.
    Type: Grant
    Filed: February 26, 2016
    Date of Patent: September 25, 2018
    Assignee: Calgary Scientific Inc.
    Inventors: Monroe M. Thomas, David Christopher Claydon
  • Patent number: 10075428
    Abstract: A time check method and a base station are provided. The base station receives an authentication interaction message sent by an authentication interaction device; extracts time information in the authentication interaction message; and uses the time information to check local time. Before an Internet Key Exchange (IKE) connection is set up between the base station and a security gateway, relatively accurate time is obtained from an external authentication interaction device and is used for aligning the local time. Therefore, the cost of installing a clock component and a battery is saved, the time on the base station is trustworthy, and the security gateway is authenticated securely.
    Type: Grant
    Filed: February 5, 2015
    Date of Patent: September 11, 2018
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Weiwei Zhang, Guoliang Nie, Zhongyu Qin
  • Patent number: 10068069
    Abstract: Engineers at a software maker can insert software markers, making a compiler provide object code markers that appear to invoke activities from the protection library, but actually have the effect of providing information to a protection process. The engineers can build a protected object file, from which a software protection tool can provide an executable file. The software protection tool can include any tool that can use a pointer to a program statement, including creating DLL's. Alternatively, the system can identify object code markers by their referencing known functions from CALL instructions.
    Type: Grant
    Filed: May 22, 2015
    Date of Patent: September 4, 2018
    Assignee: Whitehawk Software LLC
    Inventor: Christian Peter Jacobi
  • Patent number: 10069625
    Abstract: Embodiments generally relate to data security in a computing system. The present technology discloses techniques that can enable an automatic generation of encryption keys using a service controller in communication with a key management server. By enabling an automatic mechanism for encryption key generation, the present technology can achieve data encryption efficiency for a large number of servers.
    Type: Grant
    Filed: September 22, 2015
    Date of Patent: September 4, 2018
    Assignee: QUANTA COMPUTER INC.
    Inventor: Lien-Hsun Chen
  • Patent number: 10061934
    Abstract: Embodiments disclosed herein provide systems, methods, and computer-readable media for accessing a wearable computing system using randomized input origins for user login. In a particular embodiment, a method provides presenting a user with a first origin on which user login information is based, wherein the first origin is randomly selected from a plurality of possible origins. The method further provides, receiving first motion information from the user indicating a first position relative to the first origin that corresponds to a first element of the user login information. Upon receiving the user login information, the method provides determining whether the user login information authorizes the user to access the wearable computing system.
    Type: Grant
    Filed: October 12, 2015
    Date of Patent: August 28, 2018
    Assignee: Avaya, Inc.
    Inventors: Anjur Sundaresan Krishnakumar, Shalini Yajnik
  • Patent number: 10057252
    Abstract: A system and method provides security features for inter-computer communications. After a user has proved an association with one of several firms, a user identifier of the user that cannot be used to log the user in to a data consolidating system is received by a matching system from the data consolidating system. The validity of the user and the firm is checked at the matching system and, in response to the checking, the user identifier is converted to a different user identifier and the different user identifier is provided to a data providing system by the matching system. The data providing system provides the data of the user in response, and the matching system forwards the data to the data consolidating system.
    Type: Grant
    Filed: May 1, 2017
    Date of Patent: August 21, 2018
    Assignee: Charles Schwab & Co., Inc.
    Inventor: William Page
  • Patent number: 10033694
    Abstract: The invention discloses a method and device for recognizing an IP address of a specified category, a defense method and system, wherein the method for recognizing an IP address of a specified category comprises the following steps: collecting behavior record data of several IP addresses (S101); extracting preprocessing data from the collected behavior record data, the extracted preprocessing data comprising at least address information of an IP address and time information of a behavior (S102); analyzing the extracted preprocessing data to obtain behavior-time distribution data of a user using the IP address (S103); and recognizing an IP address of a specified category at least according to the behavior-time distribution data of a user using the IP address (S104). By employing the invention, an IP address of a certain category can be located more accurately locate and the accuracy for recognizing an IP address is improved.
    Type: Grant
    Filed: August 18, 2014
    Date of Patent: July 24, 2018
    Assignee: BEIJING QIHOO TECHNOLOGY COMPANY LIMITED
    Inventors: Yanhui Wang, Sumei Wang
  • Patent number: 10027627
    Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.
    Type: Grant
    Filed: October 7, 2015
    Date of Patent: July 17, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Vincent E. Parla, Hari Shankar, Constantinos Kleopa, Venkatesh N. Gautam, Gerald N. A. Selvam
  • Patent number: 10020942
    Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, An expiration time may be assigned to sensitive data, and expired data and associated tokens may be deleted.
    Type: Grant
    Filed: August 3, 2017
    Date of Patent: July 10, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams
  • Patent number: 10002144
    Abstract: A big data processing system includes a features permutations testing function that separates out from among a set of identified compound features, those compound feature permutations that have better capabilities for distinguishing between anomalies observed in respective multi-dimensional feature spaces having as their axes the features of the identified compound features.
    Type: Grant
    Filed: March 25, 2016
    Date of Patent: June 19, 2018
    Assignee: CA, INC.
    Inventors: Ye Chen, Yue Xiao, Chi Zhang