Patents Examined by Bryan F Wright
  • Patent number: 10425398
    Abstract: A method for performing certification by a control device of a vehicle including generating a first signed certificate, which has at least one public key, and generating an associated private key; single-time introduction of the first signed certificate and of the associated private key into the control device; producing a second certificate; signing a further public key in the control device, using the private key and the second certificate; and making available the signed further public key together with the first signed certificate.
    Type: Grant
    Filed: October 11, 2016
    Date of Patent: September 24, 2019
    Assignee: Volkswagen AG
    Inventors: Alexander Tschache, Timo Winkelvos
  • Patent number: 10425429
    Abstract: An improved method for analyzing computer network security has been developed. The method first establishes multiple nodes, where each node represents an actor, an event, a condition, or an attribute related to the network security. Next, an estimate is created for each node that reflects the ease of realizing the event, condition, or attribute of the node. Attack paths are identified that represent a linkage of nodes that reach a condition of compromise of network security. Next, edge probabilities are calculated for the attack paths. The edge probabilities are based on the estimates for each node along the attack path. Next, an attack graph is generated that identifies the easiest conditions of compromise of network security and the attack paths to achieving those conditions. Finally, attacks are detected with physical sensors on the network, that predict the events and conditions. When an attack is detected, security alerts are generated in response to the attacks.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: September 24, 2019
    Inventor: Gabriel Bassett
  • Patent number: 10419930
    Abstract: A system and method are described for establishing secure communication channels. For example, one embodiment of a system includes an IoT device comprising secret/counter processing logic/circuitry to generate a master secret, the master secret to be transmitted to an IoT service. The system may include one or more IoT hubs to receive the master secret from the IoT service over a first secure communication channel. At least one of the IoT hubs can use the master secret to establish a second secure communication channel with the IoT device.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: September 17, 2019
    Assignee: Afero, Inc.
    Inventors: Shannon Holland, Robey Pointer, Stephen Sewerynek, Nickolas Heckman, Chris Auito, Lucas Finkelstein, Scott Zimmerman
  • Patent number: 10417400
    Abstract: In various embodiments, a method comprises detecting a removable media device coupled to a digital device, authenticating a password to access the removable media device, injecting redirection code into the digital device, intercepting, with the redirection code, a request for data, determining to allow the request for data based on a security policy, and providing the data based on the determination. The method may further comprise selecting the security policy from a plurality of security policies based, at least in part, on the password and/or filtering the content of the requested data. Filtering the content may comprise scanning the data for malware. Filtering the content may also comprise scanning the data for confidential information.
    Type: Grant
    Filed: July 21, 2014
    Date of Patent: September 17, 2019
    Assignee: CUPP Computing AS
    Inventors: Shlomo Touboul, Sela Ferdman, Yonathan Yusim
  • Patent number: 10404664
    Abstract: A machine implemented method for protecting at least one edge node in a network of nodes is provided. The method comprising: communicatively coupling said at least one edge node with a proxy node; providing an application for said at least one edge node in an isolated area associated with said at least one edge node at said proxy node; determining that an update for said at least one edge node is required; increasing a reboot frequency of said at least one edge node following said determination that an update is required; and increasing a reboot frequency of said proxy node following said determination that an update is required.
    Type: Grant
    Filed: October 25, 2016
    Date of Patent: September 3, 2019
    Assignee: ARM IP Limited
    Inventor: Paul Harry Gleichauf
  • Patent number: 10404698
    Abstract: Methods, non-transitory computer readable media, access policy management apparatuses, and enterprise network systems that facilitate adaptive organization of web application access points in webtops are disclosed. With this technology, access points for web applications are more effectively presented in webtops to facilitate more efficient access to web applications by clients. In particular, this technology utilizes historical application access pattern data to determine a subset of allowed web applications most likely to be accessed in a current session, and generates and provides a webtop with access points for web applications organized based on the determined subset of the allowed web applications. Thereby, this technology facilitates adaptive webtops that reduce the amount of time required to locate access points for web applications and improve user productivity.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: September 3, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Ravi Natarajan, Konstantin Bredelev
  • Patent number: 10404717
    Abstract: A method for protecting data integrity through an embedded system having a main processor core and a security hardware module. The method includes the following: the main processor core generates transmit data, the security hardware module calculates a transmit message authentication code from the transmit data, the main processor core links the transmit data and the transmit message authentication code to form a transmit message, and the main processor core transmits the transmit message to a receiver.
    Type: Grant
    Filed: October 25, 2016
    Date of Patent: September 3, 2019
    Assignee: Robert Bosch GmbH
    Inventors: Benjamin Glas, Carsten Gebauer
  • Patent number: 10404462
    Abstract: Embodiments described herein combine both glyph technologies and cryptography technologies by encrypting data with a private key of an entity tasked with issuing controlled documents, and then converting the resulting encryption as a visual glyph, such as a QR code. This permits validation of the printed document by scanning the QR code using a smartphone and decrypting using the issuing entity's public key. In some embodiments, a purpose-built software application executed by the smartphone may automatically recognize QR codes on a document presented for review and then automatically decrypt the QR code using the public key of the issuing entity. A user performing the validation may then compare the document's content with the decrypted data on the smartphone.
    Type: Grant
    Filed: June 8, 2015
    Date of Patent: September 3, 2019
    Assignee: Unisys Corporation
    Inventor: Paul L Carter
  • Patent number: 10404695
    Abstract: A portable biometric authentication device communicates with a terminal device using near field communication (NFC). The portable biometric authentication device includes; a NFC antenna, a power supply circuit that generates at least one power voltage in response to an electromagnetic field generated by the terminal device and received via the NFC antenna, a sensor subsystem that operates in response to the at least one power voltage and includes a biometric sensor that acquires biometric information from a user, and a control subsystem that operates in response to the at least one power voltage and includes a NFC controller that controls the communication of the biometric information to the terminal device using the NFC antenna.
    Type: Grant
    Filed: October 25, 2016
    Date of Patent: September 3, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Won-Churl Jang
  • Patent number: 10395043
    Abstract: A method for execution by a dispersed storage and task (DST) processing unit includes: generating an encoded data slice from a dispersed storage encoding of a data object and determining when the encoded data slice will not be stored in local dispersed storage. When the encoded data slice will not be stored in the local dispersed storage, the encoded data slice is stored via at least one elastic slice in an elastic dispersed storage, cryptographic material and an elastic storage pointer indicating a location of the elastic slice in the elastic dispersed storage are generated, and the cryptographic material and the elastic storage pointer are stored in the local dispersed storage.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: August 27, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Wesley B. Leggette, Manish Motwani, Brian F. Ober, Jason K. Resch
  • Patent number: 10397244
    Abstract: Disclosed is a system for detecting an attack, which includes a server and a plurality of vehicles capable of wirelessly communicating with each other. Each of the vehicles has a sensor, a sensor information acquisition unit, a traffic information reception unit, and a transmission unit that transmits the sensor information and the traffic information to the server. The server has a reception unit that receives the sensor information and the traffic information from the vehicles, a verification unit that verifies whether the sensor information and the traffic information are inconsistent with each other, and a notification unit that notifies, when the sensor information and the traffic information are inconsistent with each other, the vehicles of the inconsistency.
    Type: Grant
    Filed: July 14, 2016
    Date of Patent: August 27, 2019
    Assignees: TOYOTA JIDOSHA KABUSHIKI KAISHA, NATIONAL UNIVERSITY CORPORATION YOKOHAMA NATIONAL UNIVERSITY
    Inventors: Tsuyoshi Toyama, Hisashi Oguma, Tsutomu Matsumoto, Hideki Gotoh, Tomokazu Moriya
  • Patent number: 10389526
    Abstract: A method for distributing a quantum digital key is described. The method comprises the use of an optical broadband source to generate an optical broadband signal. The optical broadband signal may be transmitted from a first party to a second party through an optical communication channel. The optical broadband signal may be transmitted with a low brightness, such as less than one photon/(sec-Hz), so as to be immune from passive attacks. Furthermore, a method for detecting the presence of active attackers is described. The method may comprise a coincidence measurement configured to measure the level of entanglement between an optical detection signal and an optical idler signal.
    Type: Grant
    Filed: April 21, 2016
    Date of Patent: August 20, 2019
    Assignee: Massachusetts Institute of Technology
    Inventors: Zheshen Zhang, Franco N. C. Wong, Jeffrey H. Shapiro, Quntao Zhuang
  • Patent number: 10389581
    Abstract: In order to configure an access point, the access point requests information specifying an associated cloud-based controller when the access point is first turned on at a user location. In particular, the access point may provide, to a configuration device, a controller query requesting information specifying a unique network address of a cloud-based controller associated with the access point. This controller query may include an identifier of the access point (such as a serial number). Then, the access point receives, from the configuration device, the information specifying the unique network address of the cloud-based controller, such as a fully qualified domain name of the cloud-based controller. Note that the cloud-based controller may be one of multiple cloud-based controllers from different providers, and the access point may be associated with the cloud-based controller based on the received information specifying unique network address.
    Type: Grant
    Filed: September 23, 2017
    Date of Patent: August 20, 2019
    Assignee: ARRIS Enterprises LLC
    Inventors: David Sheldon Stephenson, William S. Kish
  • Patent number: 10380336
    Abstract: An information processing device (1) includes: a Syscall instruction monitoring part (313) configured to monitor at least an instruction to pass processing to a kernel (35) of an OS among instructions issued to a CPU (11); and an exclusive loader (201) configured to load a monitoring software (31) functioning as the Syscall instruction monitoring part (313) at region A in a RAM (30), the monitoring software set at ring 0 that is higher than ring (2) set for the kernel (35) of the OS. Even when an access is tried to a resource by executing a malicious program, the access can be detected and intrusion of the malicious program to the kernel can be blocked.
    Type: Grant
    Filed: May 15, 2015
    Date of Patent: August 13, 2019
    Inventor: Junko Suginaka
  • Patent number: 10382446
    Abstract: A computerized method of managing a computer remote session operation, comprising providing a server for hosting application execution; configuring a number of predefined user accounts with low security permissions on said server, where said user accounts are not tied to any specific real user; Whenever a remote user requests to start a remote session, finding an available user account not currently in use on said computer, allocating it for the remote session and marking it as unavailable for subsequent session requests; Generating a one-time password for said user account; Communicating the assigned user account identifier and temporary password to client component on the user's side, either directly or through an intermediate broker, causing the client component to connect to the server using said user account identifier and temporary password; and, upon termination of the remote session, deleting the assigned user account's data and marking it as available again.
    Type: Grant
    Filed: May 23, 2016
    Date of Patent: August 13, 2019
    Assignee: Cameyo Inc.
    Inventor: Eyal Dotan
  • Patent number: 10375079
    Abstract: Technologies for a distributed Internet of Things (IoT) system are disclosed. Several IoT devices may form a peer-to-peer network without requiring a central server. Information may be stored in a distributed manner in the distributed IoT system, allowing for storing information without transmitting it to a remote server, which may be costly and introduce security or privacy risks. Each IoT device of the distributed IoT system includes a machine learning algorithm that is capable of uncovering patterns in the input of the distributed IoT system, such as a pattern of user inputs in certain situations, and the distributed IoT system may adaptively anticipate a user's intentions.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: August 6, 2019
    Assignee: McAfee, LLC
    Inventors: Gabriel G. Infante-Lopez, Robert J. Firby
  • Patent number: 10375073
    Abstract: Techniques for generic authentication with arbitrary services are provided. A request to authorize with a first service, of a plurality of services, using the OAuth protocol, is received by a generic client library, from a first application. A set of parameters specific to an implementation of the OAuth protocol provided by the first service are identified in a configuration file. An HTTP request is generated based on the set of parameters identified in the data structure, and the first application is authorized with the first service via the OAuth protocol using the generated HTTP request.
    Type: Grant
    Filed: August 29, 2016
    Date of Patent: August 6, 2019
    Assignee: International Business Machines Corporation
    Inventors: Manjunatha D, Subramanian Krishnan, Harini Murugan
  • Patent number: 10375024
    Abstract: A virtual private access method implemented by a cloud system, includes receiving a request to access resources from a user device, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; forwarding the request to a central authority for a policy look up and for a determination of connection information to make an associated secure connection through the cloud system to the resources; receiving the connection information from the central authority responsive to an authorized policy look up; and creating secure tunnels between the user device and the resources based on the connection information.
    Type: Grant
    Filed: May 18, 2016
    Date of Patent: August 6, 2019
    Assignee: Zscaler, Inc.
    Inventors: Patrick Foxhoven, John A. Chanak, William Fehring, Denzil Wessels, Purvi Desai, Manoj Apte, Sudhindra P. Herle
  • Patent number: 10367785
    Abstract: A network traffic system includes a network traffic mangling application for modifying a signature of packets that are transmitted in the network traffic system. The network traffic mangling application includes a user module control agent and a kernel module for executing the network traffic mangling application. The user control module agent modifies and mangles the behavior of the kernel module and communicates with the kernel module.
    Type: Grant
    Filed: October 1, 2014
    Date of Patent: July 30, 2019
    Assignee: PERFECTA FEDERAL LLC
    Inventors: George Zoulias, Joshua Madden
  • Patent number: 10366244
    Abstract: A method and system for performing an operation on protected sensitive data. A processor of a data processing system receives, from a computing system: (i) the protected sensitive data, (ii) an identification of an operation that accesses and utilizes the protected sensitive data during performance of the operation, and (iii) a request to perform the operation, wherein the computing system is external to the data processing system. The processor de-protects the received protected sensitive data, which generates unprotected sensitive data from the protected sensitive data. The processor performs the operation, which includes accessing and utilizing the unprotected sensitive data and generating a result. After the operation is performed, the processor re-protects the unprotected sensitive data, which restores the protected sensitive data. The processor sends the result to the computing system.
    Type: Grant
    Filed: June 9, 2015
    Date of Patent: July 30, 2019
    Assignee: International Business Machines Corporation
    Inventor: Holger Karn