Patents Examined by Bryan Wright
  • Patent number: 10230689
    Abstract: Techniques for bridging a honey network to a suspicious device in a network (e.g., an enterprise network) are disclosed. In some embodiments, a system for bridging a honey network to a suspicious device in an enterprise network includes a device profile data store that includes a plurality of attributes of each of a plurality of devices in the target network environment; a virtual clone manager executed on a processor that instantiates a virtual clone of one or more devices in the target network environment based on one or more attributes for a target device in the device profile data store; and a honey network policy that is configured to route an internal network communication from a suspicious device in the target network environment to the virtual clone for the target device in the honey network.
    Type: Grant
    Filed: November 2, 2017
    Date of Patent: March 12, 2019
    Assignee: Palo Alto Networks, Inc.
    Inventors: Taylor Ettema, Huagang Xie
  • Patent number: 10171483
    Abstract: An intrusion device identifies network data to be sent to a destination endpoint and determines a sensitivity level of the destination endpoint based on asset valuation. The intrusion device identifies a subset of signatures that corresponds to the sensitivity level of the destination endpoint and determines whether the network data includes an intrusion based on the subset of signatures.
    Type: Grant
    Filed: August 23, 2013
    Date of Patent: January 1, 2019
    Assignee: Symantec Corporation
    Inventor: Deb Banerjee
  • Patent number: 10127378
    Abstract: A system and methods for registering and acquiring e-credentials using personal devices and an identity registry system that combines the method for handling digital seals with a proof-of-existence method. The identity registry system is used to register and verify e-credentials. Device owners register their e-credentials when created and updated and verify acquired e-credentials to safeguard against tampering and errors. When registering an e-credential, the e-credential is hashed and digitally sealed creating an identifying thumbprint that is stored in the identity registry system. When verifying an acquired e-credential, the e-credential is hashed, the identity registry system is searched to locate the identifying thumbprint, and the digital seal of the thumbprint is verified. A requesting owner can request an issuing owner to proof, attest, and digitally seal an e-credential of the requester.
    Type: Grant
    Filed: February 18, 2018
    Date of Patent: November 13, 2018
    Inventor: Kalman Csaba Toth
  • Patent number: 10079840
    Abstract: A protection method, which releases an attack of a malware to a network interface controller (NIC) system, includes processing a microbatching operation in a plurality of session channels at at least an operational period according to at least one input information, to generate a plurality of session-specific NIC patterns of the plurality of session channels; and merging the plurality of session-specific NIC patterns to generate an application-specific NIC pattern at an application layer, so as to dispose a script information corresponding to the application-specific NIC pattern in the NICs for releasing the attack of the malware, wherein the microbatching operation is processed to generate a plurality of independent subset-specific NIC pattern in each session channel, so as to generate the session-specific NIC pattern corresponding to each session channel.
    Type: Grant
    Filed: August 20, 2015
    Date of Patent: September 18, 2018
    Assignee: Wistron Corporation
    Inventor: Chih-Ming Chen
  • Patent number: 10027693
    Abstract: A method, a device, and a system for alerting against unknown malicious codes includes judging whether any suspicious code exists in the packet, recording a source path of the suspicious code and sending alert information that carries the source path to a monitoring device. The embodiments of the present disclosure report the source paths of suspicious codes proactively at the earliest possible time, which lays a foundation for shortening the time required for overcoming virus threats, and avoids the trouble of installing software on the terminal.
    Type: Grant
    Filed: March 25, 2016
    Date of Patent: July 17, 2018
    Assignee: Huawei Digital Technologies (Cheng Du) Co., Limited
    Inventor: Wu Jiang
  • Patent number: 10015015
    Abstract: The techniques presented herein provide for verifying the integrity of an encryption key log file generated on a data storage system. Encryption key activity events associated with a storage system's back-end storage drives are identified. A unique signature is generated for each encryption key activity event. Each encryption key activity event and its corresponding signature are stored in an audit log file. An audit log hash file is generated using the contents of the audit log file. At an external location, the audit log file and the audit log hash file are retrieved from the storage system. The integrity of the retrieved audit log file is verified by generating a local audit log hash file and comparing the local audit log hash file to the retrieved audit log hash file and determining if the local audit log hash file matches the retrieved audit log hash file.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: July 3, 2018
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Gregory W. Lazar, Peter Puhov, Millard C. Taylor, III, Naizhong Chiu
  • Patent number: 10015188
    Abstract: Disclosed is a system and method for detecting anomalous behavior in Industrial Control Networks. The system first operates in a learning phase to learn various behaviors, and then in a protection phase to analyze packets to identify anomalous network events, and, for example, raise an alert.
    Type: Grant
    Filed: August 20, 2015
    Date of Patent: July 3, 2018
    Assignee: CYBERX ISRAEL LTD.
    Inventors: Omer Schneider, Nir Giller
  • Patent number: 9979543
    Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values to one intermediate value.
    Type: Grant
    Filed: December 23, 2013
    Date of Patent: May 22, 2018
    Assignee: NXP B.V.
    Inventors: Miroslav Knezevic, Ventzislav Nikov
  • Patent number: 9948470
    Abstract: An authentication device is provided that authenticates an electronic device based on the responses from distinct types of physically unclonable functions. The authentication device receives a device identifier associated with the electronic device. It then sends one or more challenges to the electronic device. In response, the authentication device receives one or more responses from the electronic device, the one or more responses including characteristic information generated from two or more distinct types of physically unclonable functions in the electronic device.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: April 17, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Xu Guo, David M. Jacobson, Yafei Yang, Adam J. Drew, Brian Marc Rosenberg
  • Patent number: 9948614
    Abstract: The present disclosure is directed to a system and method for remotely initializing at least one device in communication with a local host device utilizing an asymmetric cryptographic authorization scheme. According to various embodiments, at least one remote device sends an authorization request including a random value to the local host device. The local host device returns an approval response to the remote device, where the approval response includes the random value encoded utilizing a private key. The remote device is then initialized (e.g. powered on or placed in an active state) upon verification of the encoded random value utilizing a public key that is paired with the private key.
    Type: Grant
    Filed: May 23, 2013
    Date of Patent: April 17, 2018
    Assignee: Rockwell Collins, Inc.
    Inventors: Sean D. Howard, Brandon J. Provolt, Luke E. Ryon, James K. Jezek, Jeremy K. Sands
  • Patent number: 9929862
    Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values.
    Type: Grant
    Filed: December 23, 2013
    Date of Patent: March 27, 2018
    Assignee: NXP B.V.
    Inventors: Miroslav Knezevic, Ventzislav Nikov
  • Patent number: 9916468
    Abstract: A system and method are provided for detecting fraud and/or misuse of data in a computer environment through generating a rule for monitoring at least one of transactions and activities that are associated with the data. The rule can be generated based on one or more criteria related to the at least one of the transactions and the activities that is indicative of fraud or misuse of the data. The rule can be applied to the at least one of the transactions and the activities to determine if an event has occurred, where the event occurs if the at least one criteria has been met. A hit is stored if the event has occurred and a notification can be provided if the event has occurred. A compilation of hits related to the rule can be provided.
    Type: Grant
    Filed: November 30, 2015
    Date of Patent: March 13, 2018
    Assignee: FAIRWARNING IP, LLC
    Inventor: Kurt James Long
  • Patent number: 9912644
    Abstract: A system and method to communicate secure information between computing machines using an untrusted intermediate with resilience to disconnected network topology. The system and method utilize agnostic endpoints that are generalized to be interoperable among various systems, with their functionality based on their location in a network. The system and method enable horizontal scaling on the network. One or more clusters may be set up in a location within a network or series of networks in electronic communication, e.g., in a cloud or a sub-network, residing between a secure area of the network(s) and an unsecure area such as of an external network or portion of a network. The horizontal scaling allows the system to take advantage of a capacity of a local network. As long as an agent has connectivity to at least one locale of the network, the agent is advantageously operable to move data across the system.
    Type: Grant
    Filed: August 5, 2014
    Date of Patent: March 6, 2018
    Assignee: FireEye, Inc.
    Inventor: Sean Cunningham
  • Patent number: 9910659
    Abstract: Methods, systems, computer-readable media, and apparatuses for providing anti-rollback protection in a device which has no internal non-volatile memory are presented. One embodiment is a device for providing anti-rollback protection. The device may obtain a firmware version number associated with a first firmware installation for the device, wherein the device is implemented on a substrate that includes no non-volatile memory. The device may obtain a lowest acceptable firmware version number, wherein the lowest acceptable firmware version number is stored in a secure element environment, wherein the secure element environment utilizes memory separated from the substrate. The device may compare the firmware version number and the lowest acceptable firmware version number, wherein if the firmware version number is less than the lowest acceptable firmware version number, then disallow the first firmware installation.
    Type: Grant
    Filed: November 7, 2012
    Date of Patent: March 6, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Srilekha Krishnamurthy, Jeremy R. O'Donoghue, Neeraj Bhatia
  • Patent number: 9900309
    Abstract: The described method is analogous to handling credentials in the physical world where agents and notary publics affix their attestations using their notary seals. The described method enables a person having a personal identity device and an electronic credential (e-credential) to create a digital seal to affix the owner's identity and attestation to an electronic artifact such as a transaction, document, or e-credential. The e-credential owner cannot repudiate having affixed the attestation to the electronic artifact. This enables other parties, including the e-credential owner, to inspect the digital seal affixed to the electronic artifact to identify the owner and the electronic artifact, verify the digital seal, and thereby obtain objective evidence that the attestation is truthful.
    Type: Grant
    Filed: April 26, 2017
    Date of Patent: February 20, 2018
    Inventor: Kalman Csaba Toth
  • Patent number: 9900154
    Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptic Curve Cryptography point addition algorithm for mixed Affine-Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values.
    Type: Grant
    Filed: December 23, 2013
    Date of Patent: February 20, 2018
    Assignee: NXP B.V.
    Inventors: Miroslav Knezevic, Ventzislav Nikov
  • Patent number: 9882874
    Abstract: This disclosure provides example details for apparatuses and methods that manage virtual firewalls in a wireless communication network that includes a Core Network, CN, and an associated Radio Access Network, RAN. The virtual firewalls process traffic for respective wireless devices supported by the network. For example, the virtual firewall associated with a given wireless device is maintained in the RAN at the RAN node supporting the device, and is migrated from that RAN node in response to detecting a handover event involving the device. Advantageously, migration may be “horizontal,” where the associated virtual firewall is moved between nodes in the RAN, or may be “vertical,” where the associated virtual firewall is moved from the RAN to the CN.
    Type: Grant
    Filed: August 23, 2013
    Date of Patent: January 30, 2018
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Makan Pourzandi, Zhongwen Zhu
  • Patent number: 9882929
    Abstract: Techniques for dynamic selection and generation of detonation location of suspicious content with a honey network are disclosed. In some embodiments, a system for dynamic selection and generation of detonation location of suspicious content with a honey network includes a virtual machine (VM) instance manager that manages a plurality of virtual clones executed in an instrumented VM environment, in which the plurality of virtual clones executed in the instrumented VM environment correspond to the honey network that emulates a plurality of devices in an enterprise network; and an intelligent malware detonator that detonates a malware sample in at least one of the plurality of virtual clones executed in the instrumented VM environment.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: January 30, 2018
    Assignee: Palo Alto Networks, Inc.
    Inventors: Taylor Ettema, Huagang Xie
  • Patent number: 9870481
    Abstract: The techniques presented herein provide for associating a data encryption lockbox backup with a data storage system. A first set of software system stable values (SSV) is derived from data storage system component values unique to the data storage system. A lockbox storing the first set of SSV and a set of encryption keys associated with a corresponding respective set of data storage system drives is created. Access to the lockbox requires providing a first minimum number of SSV that match corresponding SSV in the first set of SSV. A backup copy of the lockbox is created, wherein access to the backup copy requires providing a second minimum number of SSV that match corresponding SSV in the first set of SSV, wherein the minimum number of SSV is equal to a second match value. The backup copy of the lockbox is stored at a remote location.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: January 16, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Gregory W. Lazar, Peter Puhov, Millard C. Taylor, III, Naizhong Chiu Qui, Thomas N. Dibb
  • Patent number: 9866554
    Abstract: A method for a Mobile Mobility Entity (MME) to carry out mutual authentication with a group of Machine Type Communication (MTC) devices includes receiving group-related authentication data from a leader, transmitting the received information and an identification number of the MME, to a HSS, receiving from the HSS a random value, an Authentication Vector and information of group members, broadcasting the random value and the first authentication token to the MTC device group based on information received from the HSS, receiving from the leader a leader authentication response that the leader generates by using a local master key value calculated by using the first secret key value, authenticating the leader by comparing the leader authentication response with a leader authentication value received from the HSS, and authenticating members within the MTC device group according to the leader authentication result.
    Type: Grant
    Filed: August 19, 2015
    Date of Patent: January 9, 2018
    Assignee: Research & Business Foundation Sungkyunkwan University
    Inventors: Hyoung Kee Choi, Dae Sung Choi, Young Jo Kim, Ji Young Park, Dong Hyuk Shin, Joon Woo Yu