Patents Examined by C. Harris
  • Patent number: 10728217
    Abstract: Techniques for assessing risk associated with firewall rules are provided. In one implementation, a method includes receiving a request for the network to apply a firewall policy rule to control traffic to a machine associated with the network, wherein the firewall policy rule comprises information that identifies a remote address from which the traffic can originate and a type of the traffic. The method further includes determining a remote address risk value representative of a first degree of security risk associated with allowing the traffic to access the machine in response to the traffic being determined to originate from the remote address; determining a traffic type risk value representative of a second degree of security risk associated with allowing the type of traffic to access the machine; and determining a total risk value based on a combination of the remote address risk value and the traffic type risk value.
    Type: Grant
    Filed: January 29, 2019
    Date of Patent: July 28, 2020
    Inventor: Ian Phillips
  • Patent number: 10726125
    Abstract: Techniques for malware detection using clustering with malware source information are disclosed. In some embodiments, malware detection using clustering with malware source information includes generating a first cluster of source information associated with a first malware sample, in which the first malware sample was determined to be malware, and the first malware sample was determined to be downloaded from a first source; and determining that a second source is associated with malware based on the first cluster.
    Type: Grant
    Filed: November 5, 2018
    Date of Patent: July 28, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Yanxin Zhang, Xinran Wang, Huagang Xie, Wei Xu
  • Patent number: 10719594
    Abstract: An example computing device includes a shares generation unit configured to generate secret shares of biometric information of a user; a storage interface configured to interface with storage nodes for storing each of the secret shares to a corresponding one of the storage nodes; and a computation engine configured to perform re-enrollment by outputting a plurality of messages to instruct each of the storage nodes to generate a respective share of a new helper data in accordance with the secret shares of the biometric information and a secure computation protocol, receive the respective share of the new helper data from two or more storage nodes, and determine the new helper data based on the respective share of the new helper data from each of the two or more storage nodes for subsequent authentication of the user, wherein the re-enrollment occurs without receiving additional/repeat biometric information, thereby resulting in faster re-enrollment.
    Type: Grant
    Filed: April 4, 2018
    Date of Patent: July 21, 2020
    Assignee: SRI International
    Inventor: Karim Eldefrawy
  • Patent number: 10705645
    Abstract: An electronic device for preemptively removing biometric information from a display is provided. The electronic device includes a display, at least one sensor disposed under a region of the display and at least one processor. The at least one processor may be configured to detect, using the at least one sensor, a touch input on the region of the display and display, using the display, a user interface which guides to remove a mark caused by the touch input, wherein the mark includes biometric information acquired based on the touch input.
    Type: Grant
    Filed: September 5, 2017
    Date of Patent: July 7, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Sandhan Tushar Balasaheb
  • Patent number: 10699003
    Abstract: An air-gapped computing system includes at least network card interface; a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: initialize a hypervisor for execution over a primitive OS; create a plurality of isolated security zones by instantiating a plurality of corresponding virtual machines using the hypervisor, wherein each of the plurality of security zones includes a plurality of applications executed over a guest OS; instantiate a networking virtual machine using the hypervisor; control, by the networking virtual machine, access of each application in each of the plurality of security zones to an external network resource; and monitor execution of the guest OS and each application in at least one activated security zone of the plurality of security zones, wherein the monitoring is performed to maintain compliance with a security policy corresponding to each activated security zone being monitored.
    Type: Grant
    Filed: November 9, 2017
    Date of Patent: June 30, 2020
    Assignee: HYSOLATE LTD.
    Inventors: Tal Zamir, Oleg Zlotnik, Boris Figovsky
  • Patent number: 10678908
    Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user; and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine if the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.
    Type: Grant
    Filed: December 21, 2013
    Date of Patent: June 9, 2020
    Assignee: McAfee, LLC
    Inventors: Steve Grobman, Carl Woodward, James D. Beaney, Jr., Jimmy Scott Raynor
  • Patent number: 10678913
    Abstract: A method of enhancing security of at least one of a host computing device and a peripheral device coupled to the host computing device through a communication interface. Data is transparently received from the peripheral device or the host computing device, and the received data is stored. The stored data is analyzed to detect a circumstance associated with a security risk. If such a circumstance is not detected, then the data is transparently forwarded to the other of the peripheral device or the host. However, if a circumstance associated with a security risk is detected, then a security process, defined by a rule, is performed. Related apparatus are provided, as well as other methods and apparatus.
    Type: Grant
    Filed: December 22, 2017
    Date of Patent: June 9, 2020
    Assignee: Gigavation, Inc.
    Inventors: Gita Srivastava, Piyush B. Srivastava
  • Patent number: 10671749
    Abstract: A data processing system is disclosed for data processing, including database and file management, as well accessing one or more databases or other data structures, authenticating users, and categorizing data items for addition to the database system. In some embodiments, the system may be configured to coordinate access to user account information via user-provided authentication credentials; apply account identification rules to the accessed account information to identify a plurality of accounts of the user; and initiate updates to a database record associated with the user indicative of any accounts identified.
    Type: Grant
    Filed: June 19, 2019
    Date of Patent: June 2, 2020
    Assignee:, Inc.
    Inventors: Michelle Felice-Steele, Michele Raneri, Paul DeSaulniers, Joe Manna, Jeff Softley, Srikumar Puthupadi Kanthadai, Aga Dzhafar Hady Ogiu Dzhafarov, Pat Finneran, Donna Meryl Smith, Gregory Lennox Wright, Marizette Galvez, Ujjayan Banerjee, Ravi Devesetti, Shivakumar Ramanathan, Mukeshkumar G. Patel
  • Patent number: 10664624
    Abstract: A method and an apparatus for controlling video output, where the method includes detecting in real time, by a security controller, whether an output resolution configured in a video display controller and a high-bandwidth digital content protection (HDCP) encryption status configured in a high-definition multimedia interface (HDMI) satisfy an HDCP requirement of a video, and when the HDCP requirement of the video is not satisfied, sending, by the security controller, an instruction to the video display controller instructing the video display controller to stop outputting the video. Hence, when the HDCP requirement of the video is not satisfied the output video is insecure such that the security controller sends the instruction to the video display controller instructing the video display controller to stop outputting the video. Therefore, security of the video output is ensured.
    Type: Grant
    Filed: July 5, 2018
    Date of Patent: May 26, 2020
    Inventors: Huamin Luo, Chiranjib Chakraborty, Shangsong Chen
  • Patent number: 10652220
    Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which provides a secure data transport service (SecureX) for data packets traversing from an end user device (EUD) to a mission network over untrusted networks. The disclosed SecureX module may be software product running on the EUD and on a SecureX appliance fronting the mission network. The SecureX module on the EUD compresses the data packets by removing header fields that are constant over the same packet flow and double encrypts the data packets with different cryptographic keys. The SecureX on the EUD transmits the double compressed encrypted data packets over the untrusted network. The SecureX appliance receives the double compressed encrypted data packets, decrypts the data packets and decompresses the data packets to recreate the original data packets. The SecureX appliance transmits the original data packets to the mission network.
    Type: Grant
    Filed: May 9, 2018
    Date of Patent: May 12, 2020
    Assignee: Architecture Technology Corporation
    Inventor: Ranga S. Ramanujan
  • Patent number: 10628565
    Abstract: A method and device for user authorization is presented herein. The authorization device may be integrated in a display interface configured to receive an infrared input signal. The device may include a means for converting the infrared signal into an electric signal. The device may further include a processor configured to analyze the electrical signal. The processor may further be configured to provide an authorization of a user based on the analysis of the electrical signal.
    Type: Grant
    Filed: March 8, 2016
    Date of Patent: April 21, 2020
    Inventor: Gunnar Klinghult
  • Patent number: 10623427
    Abstract: Systems and methods for identifying and responding to anomalous data activity by a computer user on a computing device are presented. An anomalous data activity service, implemented as a machine learning service, receives notice of data activity and conducts an evaluation to determine whether the data activity is an anomalous data activity. Upon determining that the data activity is an anomalous data activity, a responsive action may be taken that may result in the anomalous data activity being blocked or allowed.
    Type: Grant
    Filed: September 8, 2017
    Date of Patent: April 14, 2020
    Inventors: Roee Oz, Yuval Eldar, Royi Ronen
  • Patent number: 10615968
    Abstract: A method includes receiving, at a key management system from one or more client devices, one or more requests for cryptographic keys stored in respective clouds of a plurality of cloud service providers in a multi-cloud environment, the cryptographic keys being distributed across different ones of the respective clouds of the plurality of cloud service providers in the multi-cloud environment. The method also includes determining a location of a given one of the requested cryptographic keys on one or more of the clouds of the cloud service providers in the multi-cloud environment, retrieving the given cryptographic key from the determined location in the multi-cloud environment, providing the given cryptographic key to a given one of the client devices, and shuffling the distribution of the cryptographic keys across the clouds of the plurality of cloud service providers in the multi-cloud environment.
    Type: Grant
    Filed: February 2, 2018
    Date of Patent: April 7, 2020
    Assignee: EMC IP Holding Company LLC
    Inventors: Andrew Byrne, Donagh A. Buckley
  • Patent number: 10609458
    Abstract: An apparatus for embedding a digital watermark includes a memory, and a processor coupled to the memory and configured to generate a watermark signal to be embedded into moving image data based on information to be added to the moving image data, determine a frame of the moving image data at which overlapping of the watermark signal is to be started based on a variation in value in a time direction of a pixel in a region, in each of a plurality of frames of the moving image data, into which the watermark signal is to be embedded and also on a feature of the watermark signal, and embed the watermark signal beginning with the determined frame.
    Type: Grant
    Filed: September 5, 2017
    Date of Patent: March 31, 2020
    Inventor: Shohei Nakagata
  • Patent number: 10599826
    Abstract: Systems and methods for performing decoupled authorization, whereby authorizing access permissions of a user to a resource is performed separate and independent from authorizing intent of the user to access the resource. Once both authorizations are successfully completed within a specified timeout interval, the access state of the resource is changed, thereby granting the user access to the resource. The decoupled authorizations are independently performed over different networks, in response to different triggers, or by leveraging different hardware. Access to the resource can therefore be provided prior to the user arriving before the resource, with little to no action by the user, and without comprising security as the resources will remain restricted or locked if the either of the user's intent or access permissions cannot be verified.
    Type: Grant
    Filed: September 5, 2017
    Date of Patent: March 24, 2020
    Inventors: Alexander A. Kazerani, Robert J. Peters, Samy Kamkar
  • Patent number: 10601808
    Abstract: Single sign-in for accessing protected content across all providers and access channels is provided. When a user selects to view an additional content item, a determination may be made whether access authentication from the requesting user is required. If access authentication is required, a federated login credential may be received from the requesting user. The federated login credential may be used for granting access by the requesting user to the selected additional content item across different content channels, and the federated login credential may be used for granting access by the requesting user to other protected content items without requiring additional access authentication from the requesting user.
    Type: Grant
    Filed: June 30, 2014
    Date of Patent: March 24, 2020
    Inventors: Yousef Wasef Nijim, James Alan Strothmann, Jay Paul Langa
  • Patent number: 10594668
    Abstract: In one embodiment, a crypto cloudlet is provided that includes a security wrapper to a virtual machine to guarantee secure Input/Output exchange between a client and one or more cryptographic adaptive services powered by a set of virtual CPUs through a single well defined channel, an adaptive service running in the virtual machine that identifies hardware resources necessary to satisfy a cryptographic demand or request, and an Ethernet interface communicatively coupled to the security wrapper providing network channel services for exchange of cryptographic data and commands. The security wrapper presents to the adaptive services the hardware accelerators exposed by the virtual machine. Other embodiments are disclosed.
    Type: Grant
    Filed: February 10, 2017
    Date of Patent: March 17, 2020
    Assignee: Thales eSecurity, Inc.
    Inventors: Enrique Sanchez, Bernardo Arainty, John Perret, Tomas Arredondo, Pedro Valladares, Guillermo Cordon, Sergio Barcala, Marc Boillot
  • Patent number: 10586025
    Abstract: A method and system for allowing an independent software vendor (ISV) access to proprietary software code for software of an organization has been developed. An ISV generates a login request that masquerades as a user of the software. A license management system that controls access to the software, is accessed and determines if two session IDs are present. The presence of two separate session IDs identifies the ISV and if detected, the ISV is allowed access to the proprietary software code. Finally, the organization is notified about the ISV's access to the proprietary software code.
    Type: Grant
    Filed: September 7, 2017
    Date of Patent: March 10, 2020
    Assignee:, inc.
    Inventors: Nicholas Chun Yuan Chen, Nathan Edward Lipke, David Ross Baker, Winston Chow, Jonathan Widjaja
  • Patent number: 10586038
    Abstract: Systems and methods are disclosed for providing stack overflow protection on a system on chip via a hardware write-once register. An exemplary embodiment of an system on chip comprises a hardware write-once register, a boot processor, and one or more processor subsystems. The boot processor is configured to execute a read only memory (ROM) image which initializes the hardware write-once register with a first numeric value in response to the system on chip being powered on. The one or more processor subsystems have an associated software image configured to use the first numeric value in the hardware write-once register as a stack canary value to combat stack overflow attacks.
    Type: Grant
    Filed: September 8, 2017
    Date of Patent: March 10, 2020
    Assignee: Qualcomm Incorporated
    Inventors: Mamta Desai, Ashutosh Shrivastava, Dhamim Packer Ali
  • Patent number: 10572658
    Abstract: Configuration discrepancies, such as server drift among different servers or malicious code installed on one or more servers, can be identified using system attribute information regarding processes, CPU usage, memory usage, etc. The system attribute information can be used to generate an image, which can be compared to other images to determine if a configuration discrepancy exists. Image recognition algorithms can be used to facilitate image comparison for different systems. By identifying configuration discrepancies, downtime and other issues can be mitigated and system performance can be improved.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: February 25, 2020
    Assignee: PAYPAL, INC.
    Inventor: Shlomi Boutnaru