Patents Examined by Bryan Wright
  • Patent number: 9860208
    Abstract: Techniques for bridging a honey network to a suspicious device in a network (e.g., an enterprise network) are disclosed. In some embodiments, a system for bridging a honey network to a suspicious device in an enterprise network includes a device profile data store that includes a plurality of attributes of each of a plurality of devices in the target network environment; a virtual clone manager executed on a processor that instantiates a virtual clone of one or more devices in the target network environment based on one or more attributes for a target device in the device profile data store; and a honey network policy that is configured to route an internal network communication from a suspicious device in the target network environment to the virtual clone for the target device in the honey network.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: January 2, 2018
    Assignee: Palo Alto Networks, Inc.
    Inventors: Taylor Ettema, Huagang Xie
  • Patent number: 9838421
    Abstract: A method, operated by a Software Defined Networking (SDN) controller associated with an Autonomous System (AS) with one or more peering points, each peering point with an associated router communicatively coupled to the SDN controller, the method for detecting and defending against Distributed Denial of Service (DDoS) attacks, and the method includes receiving data from the one or more peering points; detecting malicious traffic at the one or more peering points; determining a peer quality measurement for the one or more peering points; and communicating the peer quality measurement and other data associated with the malicious traffic to one or more other SDN controllers, associated with Autonomous Systems connected through the one or more peering points, to facilitate convergence of the peer quality measurement back to a nominal level.
    Type: Grant
    Filed: October 1, 2014
    Date of Patent: December 5, 2017
    Assignee: Ciena Corporation
    Inventors: Aung Htay, Roger Michael Elbaz, Sachin Subhedar, Logan Blyth
  • Patent number: 9787480
    Abstract: One feature pertains to generating a unique identifier for an electronic device by combining static random access memory (SRAM) PUFs and circuit delay based PUFs (e.g., ring oscillator (RO) PUFs, arbiter PUFs, etc.). The circuit delay based PUFs may be used to conceal either a challenge to, and/or response from, the SRAM PUFs, thereby inhibiting an attacker from being able to clone a memory device's response.
    Type: Grant
    Filed: August 23, 2013
    Date of Patent: October 10, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Xu Guo, David M. Jacobson, Yafei Yang, Adam J. Drew, Brian Marc Rosenberg
  • Patent number: 9768961
    Abstract: A method and apparatus including units configured to send a request from a first network entity to a user equipment for an identifier and receive a message indicating that a public key is required from the user equipment by the first network entity. The method and apparatus also includes units configured to send, by the first network entity, the public key to the user equipment and receive an encrypted identifier by the first network entity, wherein upon authenticating the public key, the user equipment encrypts at least part of the identifier using the public key, thereby enabling further processing between the network entity and the user equipment.
    Type: Grant
    Filed: November 20, 2012
    Date of Patent: September 19, 2017
    Assignee: Nokia Technologies Oy
    Inventors: Silke Holtmanns, Dan Forsberg
  • Patent number: 9756020
    Abstract: Techniques to provide persistent uniform resource locators (URLs) for client applications acting as web services are described herein. In one or more implementations, the techniques utilize standard protocols and libraries (e.g., standard HTTP) without relying upon custom/propriety plug-ins. An intermediary server functions as a tunnel service is configured to provide functionality for handling communications between endpoints on behalf of client applications. Additionally, the tunnel service provides a mechanism to generate and assign persistent URLs (or comparable addresses) to client applications. Entities seeking to interact with the client applications use corresponding URLs to direct requests via the tunnel service and down to the appropriate client application.
    Type: Grant
    Filed: April 27, 2015
    Date of Patent: September 5, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Matthew T. Kaufman
  • Patent number: 9756505
    Abstract: The disclosed computer-implemented method for on-demand provisioning of access-point accounts may include receiving, at an access point, a first request from an unknown guest to access a secured network. The guest may not yet have an account with the access point that allows the guest to access the secured network, and the first request may include authentication information that was generated from a credential of the unknown guest that is required by the access point to provision the account for the guest. The computer-implemented method may further include (1) receiving a second request that includes the credential from an administrator of the secured network to provision the account for the guest using the credential, (2) provisioning the account for the guest using the credential, and (3) enabling the guest to access the secured network using the account for the guest. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 8, 2015
    Date of Patent: September 5, 2017
    Assignee: Symantec Corporation
    Inventors: Kevin Jiang, Michael Shavell
  • Patent number: 9729828
    Abstract: In a data structure of a multimedia file format, a movie box and a media data box are provided. In each box, a non-encrypted size field, a non-encrypted type field and box data field are provided. In box data of the movie box, information data regarding multimedia data is stored. The multimedia data is encrypted and stored in box data of the media data box. The information data is obtained by referring to the container in the movie box. This information data is held as encryption and encoding information data. By referring to the information data, a data unit of the encrypted multimedia data in the media data box is obtained, and the unit data is decrypted.
    Type: Grant
    Filed: July 15, 2013
    Date of Patent: August 8, 2017
    Assignee: KABUSHIKI KAISHA TOSHIBA
    Inventors: Jun Sato, Toru Terauchi
  • Patent number: 9716587
    Abstract: A halting key derivation function is provided. A setup process scrambles a user-supplied password and a random string in a loop. When the loop is halted by user input, the setup process may generate verification information and a cryptographic key. The key may be used to encrypt data. During a subsequent password verification and key recovery process, the verification information is retrieved, a user-supplied trial password obtained, and both are used together to recover the key using a loop computation. During the loop, the verification process repeatedly tests the results produced by the looping scrambling function against the verification information. In case of match, the trial password is correct and a cryptographic key matching the key produced by the setup process may be generated and used for data decryption. As long as there is no match, the loop may continue indefinitely until interrupted exogenously, such as by user input.
    Type: Grant
    Filed: August 8, 2012
    Date of Patent: July 25, 2017
    Assignee: ENTIT SOFTWARE LLC
    Inventor: Xavier Boyen
  • Patent number: 9690927
    Abstract: Embodiments of the present invention provide an authenticating service of a chip having an intrinsic identifier (ID). In a typical embodiment, an authenticating device is provided that includes an identification (ID) engine, a self-test engine, and an intrinsic component. The intrinsic component is associated with a chip and includes an intrinsic feature. The self-test engine retrieves the intrinsic feature and communicates it to the identification engine. The identification engine receives the intrinsic feature, generates a first authentication value using the intrinsic feature, and stores the authentication value in memory. The self-test engine generates a second authentication value using an authentication challenge. The identification engine includes a compare circuitry that compares the first authentication value and the second authentication value and generates an authentication output value based on the results of the compare of the two values.
    Type: Grant
    Filed: March 16, 2015
    Date of Patent: June 27, 2017
    Assignee: International Business Machines Corporation
    Inventors: Srivatsan Chellappa, Subramanian S. Iyer, Toshiaki Kirihata, Sami Rosenblatt
  • Patent number: 9680654
    Abstract: Methods, systems, and techniques for securing access to stored data are provided. Example embodiments provide a Storage Management System (“SMS”) that is configured to facilitate protected information sharing. The SMS may restrict access to shared information based on one or more criteria that validate an entity's right to access the information. For example, the SMS may restrict access to entities that are located in a particular geographic region, that are using a particular type of hardware or software, that hold particular credentials, or the like. In some cases, the SMS may require that an entity's claim to meet on or more required criteria be validated by a trusted third party.
    Type: Grant
    Filed: June 8, 2015
    Date of Patent: June 13, 2017
    Assignee: Lockbox LLC
    Inventor: Kevin Lam
  • Patent number: 9673984
    Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.
    Type: Grant
    Filed: October 31, 2013
    Date of Patent: June 6, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Wei Jiang, Adam Back, John D. Whited, Yordan I. Rouskov, Ismail Cem Paya, Wei-QUiang Michael Guo
  • Patent number: 9661080
    Abstract: A system for smart device networking includes an endpoint that enables communication with a connected device, a bridge that communicates with the endpoint over a PAN and relays PAN communications to a WAN, and a router that connects to the bridge through the WAN and routes communication to and from the endpoint.
    Type: Grant
    Filed: October 21, 2015
    Date of Patent: May 23, 2017
    Assignee: Helium Systems, Inc.
    Inventors: Amir Haleem, Andrew Thompson, Eric Gnoske, Blake Leverett, Mike Vidales, Sean Carey, Theo Wilson
  • Patent number: 9647985
    Abstract: A network component has a set of one or more rules, each of which has a match component and an action component. If an incoming packet maps to the match component of a rule, then the packet is handled according to the rule's action component. If the rule also includes a limit component, then if the packet maps to the rule's match component, a family history of the rule is updated, and the packet is handled according to the rule's action component only if the rule's family history satisfies the rule's limit component.
    Type: Grant
    Filed: May 23, 2013
    Date of Patent: May 9, 2017
    Assignee: CHECK POINT SOFTWARE TECHNOLOGIES LTD
    Inventors: Tamir Zegman, Ofer Barkai
  • Patent number: 9646150
    Abstract: Described is an electronic credentialing system that allows personal identity devices to interact; each interacting device has an installed identity engine that acquires, holds, issues and uses electronic credentials (e-credentials), these electronic credentials can be installed on personal identity devices, such as: smart phones, tablets, laptops, embedded systems, and/or personal computers.
    Type: Grant
    Filed: October 1, 2014
    Date of Patent: May 9, 2017
    Inventor: Kalman Csaba Toth
  • Patent number: 9626490
    Abstract: Systems and methods for accessing digital content using electronic tickets and ticket tokens are disclosed. In one system, a user device includes a processor, a network interface, and memory configured to store an electronic ticket, and a ticket token, and the processor is configured by an application to send a request for digital content, receive a ticket token from a merchant server, wherein the ticket token is generated by a DRM server and associated with an electronic ticket that enables playback of the requested digital content, send the ticket token to a DRM server, receive an electronic ticket that enables playback of requested digital content, request the digital content associated with the electronic ticket, and play back the requested digital content using the electronic ticket.
    Type: Grant
    Filed: December 11, 2014
    Date of Patent: April 18, 2017
    Assignee: Sonic IP, Inc.
    Inventors: Ben Ziskind, David Smith, Ramon Davila
  • Patent number: 9602485
    Abstract: A device implemented, carrier independent packet delivery universal addressing networking protocol for communication over a network between network nodes utilizing a packet. The protocol has an IP stack having layers. At least some of the layers have privacy preserving source node attribution and network admission control. The packet is admitted to the network only if a source node of the network nodes admits the packet.
    Type: Grant
    Filed: August 27, 2014
    Date of Patent: March 21, 2017
    Assignee: ARCHITECTURE TECHNOLOGY, INC.
    Inventor: Ranga Sri Ramanujan
  • Patent number: 9600687
    Abstract: An approach is provided in which a cognitive digital security assistant intercepts a personal data request from a client that is requesting personal data from a user. The cognitive digital security assistant analyzes the personal data request against the user's security statements to determine whether to provide the user's personal data to the client. During the analysis, the cognitive digital security assistant determines whether the personal data request includes benefits that meet the user's benefit thresholds included in the user's security statements. When the benefits meet the user's benefit thresholds, the cognitive digital security assistant provides the requested personal data to the client in exchange for the benefit from the client.
    Type: Grant
    Filed: October 1, 2014
    Date of Patent: March 21, 2017
    Assignee: International Business Machines Corporation
    Inventors: Corville O. Allen, Andrew R. Freed
  • Patent number: 9596215
    Abstract: A method may include obtaining a match vector that indicates one or more filter rules that are potentially applicable to a packet. The method may include partitioning the match vector into a plurality of segments. The method may include generating a summary vector that identifies one or more portions of the match vector that include one or more match bits. A match bit may indicate one of the one or more filter rules that is potentially applicable to the packet. The method may include obtaining a relevant segment of the match vector. The relevant segment may include at least one of the portions of the match vector identified by the summary vector. The method may include determining a filter rule to apply based on the match vector and based on the one or more match bits. The method may include applying the filter rule to the packet.
    Type: Grant
    Filed: April 27, 2015
    Date of Patent: March 14, 2017
    Assignee: Juniper Networks, Inc.
    Inventors: Deepak Goel, Patrick Kerharo, Jigar K. Savla
  • Patent number: 9576153
    Abstract: An exemplary system that includes a computing device that stores an abstraction and unification module, the abstraction and unification module being executable by a processor of the computing device to receive from a frontend component a request for information located within a backend component of the computing device and validate that the frontend component is authorized to receive the information specified in the request. The abstraction and unification module may further pass the request to an abstraction engine that extracts the information from the backend component and provides the information extracted from the backend component to frontend component.
    Type: Grant
    Filed: August 23, 2013
    Date of Patent: February 21, 2017
    Assignee: Cellco Partnership
    Inventor: Brian M. White
  • Patent number: 9558363
    Abstract: In some implementations, encrypted data (e.g., application data, keychain data, stored passwords, etc.) stored on a mobile device can be accessed (e.g., decrypted, made available) based on the context of the mobile device. The context can include the current device state (e.g., locked, unlocked, after first unlock, etc.). The context can include the current device settings (e.g., passcode enabled/disabled). The context can include data that has been received by the mobile device (e.g., fingerprint scan, passcode entered, location information, encryption key received, time information).
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: January 31, 2017
    Assignee: Apple Inc.
    Inventors: Andrew Roger Whalley, Wade Benson, Conrad Sauerwald