Patents Examined by C. Lewis
-
Patent number: 10382580Abstract: Examples relate to scaling persistent connections for cloud computing. In some examples, a data packet is used to determine connection information of the first connection. At this stage, server portion of the first connection is closed by using the connection information to send a close command to the cloud server. In response to a keepalive signal from the client computing device, the connection information is used to send a keepalive response to the client computing device to maintain a client portion of the first connection. In response to a service request from the client computing device, a service notification including the service request is sent to the client computing device, where the client computing device initiates a second connection with the cloud server to process the service request.Type: GrantFiled: August 29, 2014Date of Patent: August 13, 2019Inventors: Puneet Sharma, Wenjie Lin, David Lee, Subramoniam Iyer, Ajay Gupta, Sarbajit Chatterjee, Deepti Sharma
-
Patent number: 10382460Abstract: In one implementation, a method for providing security on externally connected controllers includes receiving, at a reporting agent that is part of a security middleware layer operating on a controller, an indication that a process has been blocked; obtaining, by the reporting agent, trace information for the blocked process; determining, by the reporting agent, a code portion in an operating system of the controller that served as an exploit for the blocked process; obtaining, by the reporting agent, a copy of malware that was to be executed by the blocked process; generating, by the reporting agent, an alert for the blocked process that includes (i) the trace information, (ii) information identifying the code portion, and (iii) the copy of the malware; and providing, by the reporting agent, the alert to a network interface on the controller for immediate transmission to a backend computer system.Type: GrantFiled: June 19, 2018Date of Patent: August 13, 2019Assignee: KARAMBA SECURITY LTD.Inventors: Tal Efraim Ben David, Assaf Harel, Amiram Dotan, David Barzilai
-
Patent number: 10374790Abstract: The subject of the invention is a countermeasure method for an electronic component implementing a public-key cryptography algorithm on an elliptic curve E defined over a field and comprising an iterative scalar multiplication operation making it possible to obtain a point [k]P on the basis of a point P of the curve E and of an integer k that must remain secret, the electrical consumption of the electronic component being dependent on the value taken by at least one so-called critical point used during said operation to iteratively determine the point [k]P.Type: GrantFiled: February 12, 2015Date of Patent: August 6, 2019Assignee: SECURE-IC SASInventors: Cédric Murdica, Sylvain Guilley
-
Patent number: 10368238Abstract: A communication device for handling data transmission/reception for dual connectivity comprises a storage unit for storing instructions of connecting to a first base station (BS) and a second BS; receiving a message from the first BS, wherein the message configures a handover to a third BS and a connection change to a fourth BS; updating a first parent key to a first updated parent key and updating a second parent key to a second updated parent key based on the first updated parent key, in response to the message; updating a first security key to a first updated security key based on the first updated parent key and updating a second security key to a second updated security key based on the second updated parent key, in response to the message.Type: GrantFiled: November 28, 2016Date of Patent: July 30, 2019Assignee: HTC CorporationInventor: Chih-Hsiang Wu
-
Patent number: 10367821Abstract: Aspects extend to methods, systems, and computer program products for controlling performance of a requested user operation. It is determined if a requested user operation can access data on behalf of a user based on an obtained user context associated with the user. The user context identifies the location of an object representing a user relative to other objects within a hierarchical data structure. The context is used to derive a role for the user. A control expression is accessed. The control expression governs access of the requested user operation for the derived role. A set of permissions is formed for the user by evaluating the control expression using the user context and a data context for the data. The user's authorization to perform the requested user operation is determined from the set of permissions. The requested user operation is performed according to the determined user's authorization.Type: GrantFiled: December 20, 2016Date of Patent: July 30, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Sergei Ivanov, John August Barrows
-
Patent number: 10362064Abstract: Aspects of the present disclosure include a system comprising a computer-readable storage medium storing at least one program and a method for managing access permissions associated with data resources. The method includes providing a user interface for registering a policy to a client device, and receiving a policy registration associated with a data resource stored in a first network database. The method further includes registering a policy associated with the data resource based on the policy registration. The registering of the policy includes creating a policy object that is linked to the data resource and storing the policy object in a second network database.Type: GrantFiled: November 8, 2017Date of Patent: July 23, 2019Assignee: Palantir Technologies Inc.Inventors: Mark Elliot, Jason Zhao, Brian Schimpf, Jacob Meacham, Marco Gelmi, Benjamin Duffield, Savino Sguera, James Baker, Neil Rickards, Javier Campanini, Qinfeng Chen, Derek Cicerone, Nathan Ziebart
-
Patent number: 10356049Abstract: Based on a hidden service address table stored in a memory, a virtual circuit related to a hidden service is mapped to a corresponding port-level channel based on the hidden service's address. Data associated with the hidden service is routed between the virtual circuit and the port-level channel. This enables binding of high level anonymity protocols to low level communication services of a network fabric and ensures that other nodes in the network fabric can leverage fabric-hosted hidden services without requiring updates to an existing anonymity protocol.Type: GrantFiled: May 14, 2018Date of Patent: July 16, 2019Assignee: Nant Holdings IP, LLCInventors: Thomas Wittenschlaeger, Nicholas Witchey
-
Patent number: 10348501Abstract: A method, apparatus, article of manufacture, and a memory structure for providing a security infrastructure that permits the programming of limited hardware resources that can accept newly downloaded applications and securely support a very large number of services offered by content providers each have the potential to utilize their own independent CAS/DRM system. The CE device owner can consume content from a variety of sources and enable switching among different and existing CAS/DRM security profiles as required by the content provider applications loaded in CE devices.Type: GrantFiled: July 11, 2016Date of Patent: July 9, 2019Assignee: Inside SecureInventors: Ronald P. Cocchi, Michael A. Gorman, Jacob T. Carson, Matthew A. Skubiszewski, David Ha
-
Patent number: 10341335Abstract: User authentication techniques based on geographical locations associated with a client device are provided. An example method for authentication of the client device includes receiving an authentication request from the client device. The method may include establishing current geographical location of the client device. The method may further include establishing a trusted tolerance geographical area associated with the client device. After establishing the trusted tolerance geographical area, the method may proceed with determining whether the current geographical location of the client device is within the trusted tolerance geographical area. The method may further include authenticating the client device based on the determination that the current geographical location of the client device is within the trusted tolerance geographical area.Type: GrantFiled: November 24, 2018Date of Patent: July 2, 2019Assignee: A10 Networks, Inc.Inventor: Micheal Thompson
-
Patent number: 10333699Abstract: Share values for use in a cryptographic operation may be received and the cryptographic operation may be performed based on the share values. A pseudorandom number that is to be used by the cryptographic operation may be identified and the pseudorandom number may be generated based on a portion of the share values that are used in the cryptographic operation. The cryptographic operation may then be performed based on the generated pseudorandom number.Type: GrantFiled: July 8, 2016Date of Patent: June 25, 2019Assignee: Cryptography Research, Inc.Inventors: Pankaj Rohatgi, Elke De Mulder, Michael Hutter
-
Patent number: 10326783Abstract: Service providers may operate one or more services configured to detect requests generated by automated agents. A CAPTCHA may be transmitted in response to requests generated by automated agents. The CAPTCHAs may be included in a modal pop-up box configured to be displayed by a client application displaying a webpage to a customer of the service provider. Furthermore, the CAPTCHAs included in the modal pop-up box may be rendered inactive and caused not to be displayed by client application executing the webpage. Submitted solutions to CAPTCHAs may be presented with a cookie that enables access to resources of the service provider without restriction. Cookies may be tracked and their use may be used to detect automated agent activity.Type: GrantFiled: September 1, 2017Date of Patent: June 18, 2019Assignee: Amazon Technologies, Inc.Inventors: Sevag Demirjian, John Lindsay Bates, Mark Evans Brighton, Samuel Charles Goodwin, Colin James Hawkett, Blair Livingstone Hotchkies, Forrest MacKenzie Vines
-
Patent number: 10320561Abstract: A method for providing encrypted information by an information entity to one or more operating entities, the information entity having a database for storing encrypted information and the one or more operating entities being configured to operate on the encrypted information, wherein the encrypted information is stored encrypted with an encryption key known to the one or more operating entities includes performing, by an operating entity, a request on the encrypted information, wherein plaintext information to be stored encrypted is provided in tuples, each having ID information, one or more fields with field information specifying the fields, and values, wherein at least the values are encrypted with non-deterministic order preserving encryption with at least one encryption key such that each plaintext value is encrypted into a set of encrypted values, and wherein the set of encrypted values is partitioned into a left set and a right set.Type: GrantFiled: November 4, 2014Date of Patent: June 11, 2019Assignee: NEC CORPORATIONInventors: Ghassan Karame, Felix Klaedtke
-
Patent number: 10313388Abstract: Tools, strategies, and techniques are provided for evaluating the identities of different entities to protect individual consumers, business enterprises, and other organizations from identity theft and fraud. Risks associated with various entities can be analyzed and assessed based on analysis of social network data, professional network data, or other networking connections, among other data sources. In various embodiments, the risk assessment may include calculating an authenticity score based on the collected network data.Type: GrantFiled: February 28, 2018Date of Patent: June 4, 2019Assignee: SOCURE INC.Inventors: Sunil Madhu, Giacomo Pallotti, Edward J. Romano, Alexander K. Chavez
-
Patent number: 10313334Abstract: Implementations of a system and method of generating and using bilaterally generated variable instant passwords are disclosed. The system is used to secure electronic transactions (e.g., an auction in which one or more bidders are unknown to the auctioneer). In this system an Internet Service Provider (ISP), on request from a USER (e.g., a bidder), facilitates an authentication process with a SERVICE PROVIDER (e.g., an auctioneer). The SERVICE PROVIDER may send a sub-folder, containing a USER name, a temporary sub variable character set, and a CALL, to the USER through the ISP. The password used to access the sub-folder is transmitted directly to the USER by the SERVICE PROVIDER. The USER gets authenticated to the SERVICE PROVIDER by using the USER name, the temporary sub variable character set, and the CALL retrieved from the sub-folder. After USER's authentication, further transactions (e.g., bids) are performed using a password for each transaction.Type: GrantFiled: September 23, 2017Date of Patent: June 4, 2019Inventor: Abdul Rahman Syed Ibrahim Abdul Hameed Khan
-
Patent number: 10298602Abstract: The present invention relates to methods, network devices, and machine-readable media for an integrated environment for automated processing of reports of suspicious messages, and furthermore, to a network for distributing information about detected phishing attacks.Type: GrantFiled: February 26, 2018Date of Patent: May 21, 2019Assignee: Cofense Inc.Inventors: Aaron Higbee, Rohyt Belani, Scott Greaux, William Galway, Douglas Hagen
-
Patent number: 10298399Abstract: An example method is provided in according with one implementation of the present disclosure. The method includes receiving location-locked data (LLD), receiving at least location information related to a permitted region, and deterministically generating at least one location-specific encryption key (LSK) based at least on the location information related to the permitted region. The method further includes encrypting the LLD such that the encrypted LLD can be decrypted using one of the at least on LSK.Type: GrantFiled: July 28, 2014Date of Patent: May 21, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventor: Evan R. Kirshenbaum
-
Patent number: 10289854Abstract: An apparatus, computer program, and method are provided for generating an intermediate entitlement specification that specifies one or more access rights in connection with a service or content. A plurality of entitlement policies is stored that are configured for being used to determine one or more entitlements to be sent to a device. In operation, an offer specification is received, and at least one of the plurality of entitlement policies is identified based on the offer specification. An intermediate entitlement specification is generated that specifies one or more access rights in connection with a service or content, based on at least one entitlement policy. In use, a run-time entitlement specification may be generated, in response to a request for the service or content during a run-time. Further, in one embodiment, the run-time entitlement specification may be generated utilizing at least one intermediate entitlement specification.Type: GrantFiled: September 23, 2016Date of Patent: May 14, 2019Assignee: AMDOCS DEVELOPMENT LIMITEDInventors: David Franklyn Jacobs, Sarit Shani Natanson
-
Patent number: 10289830Abstract: An interception-proof authentication and encryption system and method is provided that utilizes passcodes with individual pins that are made up of symbols from a set of symbols, and tokens that contain at least two symbols from the set of symbols used for the passcode. Multiple tokens (a “token set”) are presented to a user, with some or all of a user's pre-selected pins (symbols) randomly inserted into some or all of the tokens. The user selects a token from the token set for each pin position in the passcode. The user is authenticated based on the selected tokens. Because each selected token may or may not contain one of the pre-selected pins in the user's passcode, and also contains other randomly generated symbols that are not one of the pre-selected pins in the user's passcode, someone that observes which tokens the user has chosen cannot determine what the user's actual passcode is.Type: GrantFiled: August 27, 2016Date of Patent: May 14, 2019Inventor: Min Ni
-
Patent number: 10284596Abstract: A cloaking authority system that securely and anonymously identifies a misbehaving device based on its digital certificate. The system may include a cloaking authority server or device that is communicatively connected to a misbehavior authority server, and may also include a pseudonym certificate authority device, and a registration authority device. The cloaking authority device receives, from the misbehavior authority server, a request for a cloak index, wherein the request for the cloak index includes the linkage value from a PC of a misbehaving computerized device. The cloaking authority device processes the linkage value to produce a cloak index, which identifies the misbehaving computerized device and which is unique and anonymous, and transmits it to the requesting misbehavior authority server. The misbehavior authority server uses the cloak index to identify the specific computerized device that has misbehaved, usually repeatedly.Type: GrantFiled: October 31, 2018Date of Patent: May 7, 2019Assignee: INTEGRITY SECURITY SERVICES LLCInventor: Erik S. Schetina
-
Patent number: 10268821Abstract: Disclosed herein is a method for detection of a cyber-threat to a computer system. The method is arranged to be performed by a processing apparatus. The method comprises receiving input data associated with a first entity associated with the computer system, deriving metrics from the input data, the metrics representative of characteristics of the received input data, analyzing the metrics using one or more models, and determining, in accordance with the analyzed metrics and a model of normal behavior of the first entity, a cyber-threat risk parameter indicative of a likelihood of a cyber-threat. A computer readable medium, a computer program and a threat detection system are also disclosed.Type: GrantFiled: August 3, 2015Date of Patent: April 23, 2019Assignee: Darktrace LimitedInventors: Jack Stockdale, Alex Markham