Patents Examined by Carl Colin
  • Patent number: 9998284
    Abstract: Methods and apparatus to provide isolated execution environments are disclosed. In some examples, the methods and apparatus identify a request from a host application. In some examples, the methods and apparatus, in response to identifying the request from the host application, load a microcode application into memory when excess micro operations exist in a host instruction set architecture, the microcode application being a fragment of code. In some examples, the methods and apparatus execute the microcode application. In some examples, the methods and apparatus, in response to completed execution of the microcode application, unload the microcode application from memory.
    Type: Grant
    Filed: September 24, 2015
    Date of Patent: June 12, 2018
    Assignee: Intel Corporation
    Inventors: Vincent J. Zimmer, Rajesh Poornachandran, Mingqiu Sun, Gopinatth Selvaraje
  • Patent number: 9973531
    Abstract: According to one embodiment, a threat detection system is integrated with at least a dynamic analysis engine. The dynamic analysis engine is configured to automatically determine whether one or more objects included in received network traffic contains a heap spray attack. Upon detection of a potential heap spray attack, the dynamic analysis engine may copy potential shellcode within an object included in the received network traffic, insert the copy of the potential shellcode into a second region of allocated memory and analyze the execution of the potential shellcode to determine whether characteristics associated with an exploit are present.
    Type: Grant
    Filed: June 20, 2014
    Date of Patent: May 15, 2018
    Assignee: FireEye, Inc.
    Inventor: Emmanuel Thioux
  • Patent number: 9967273
    Abstract: Aspects of an abuse detection system for a web service include an abuse detection engine executing on a server. The abuse detection engine includes a pre-processing module for aggregating a data set for processing and analysis; a suspiciousness test module for identifying suspicious content owners and suspicious users; a graphing module for finding connections between suspicious content owners and suspicious users; an analysis module for determining which groups are constituted of fraudulent or abusive accounts; and a notification generation and output module for generating a list of abusive entities and a notification for output to at least one of: the abusive entity, a digital content distribution company associated with the abusive entity, and a legal department or other entity for further investigation or action. Additionally, royalties for content consumptions associated with abusive accounts may be held.
    Type: Grant
    Filed: June 15, 2015
    Date of Patent: May 8, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.
    Inventors: Victor Cazin, Nicolas Rival
  • Patent number: 9965653
    Abstract: A trusted computing device (TCD) includes an isolated environment, host interface, secure interface, and program instructions. The environment includes an isolated environment processor (IEP), memory (secure and non-secure partition), and an auxiliary processor (AP). Memory and AP are connected for data communication with the IEP, and communicate with a host only through the IEP. The host interface and each secure interface are connected for data communication with the IEP.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: May 8, 2018
    Assignee: GOOGLE LLC
    Inventors: Dominic Rizzo, Peiter Zatko
  • Patent number: 9954844
    Abstract: A method including determining, by a processing device, whether a computer system is able to access an authentication server, in response to determining that the computer system is able to access the authentication server, requesting a first set of credentials, authenticating the first set of credentials, assigning a user a first role for performing operations on the computer system in view of the first set of credentials, and in response to determining that the computer system is unable to access the authentication server, requesting a second set of credentials different from the first set of credentials, authenticating one or more credentials provided by the user, and assigning the user a second role for performing operations on the computer system in view of the one or more credentials, wherein the first role specifies a first type of access to at least one object on the computer system, and the second role specifies a second type of access to the at least one object, wherein the first type of access is di
    Type: Grant
    Filed: January 28, 2015
    Date of Patent: April 24, 2018
    Assignee: Red Hat, Inc.
    Inventor: Dmitri V. Pal
  • Patent number: 9954899
    Abstract: Embodiments of the present technology relate to a method for applying a security policy to an application session, comprising: determining, by a security gateway, a first user identity and a second user identity from a data packet for an application session; obtaining, by the security gateway, a security policy for the application session; and applying the security policy to the application session by the security gateway. The user identity may be a network user identity or an application user identity recognized from packets of the application session. The security policy may comprise a network traffic policy mapped and/or a document access policy mapped to the user identity, where the network traffic policy is applied to the application session. The security gateway may further generate a security report concerning the application of the security policy to the application session.
    Type: Grant
    Filed: May 17, 2016
    Date of Patent: April 24, 2018
    Assignee: A10 NETWORKS, INC.
    Inventors: Lee Chen, Dennis Oshiba, John Chiong
  • Patent number: 9946880
    Abstract: The present disclosure includes: searching a code clone corresponding to a used source code from any analysis target source code; detecting a security sink and sensitive data of the security sink on the basis of patch information in the searched code clone; acquiring a source code which is from the user input point the a security sink by backwardly tracing the sensitive data detected in the analysis target source code; and verifying whether the searched code clone is a vulnerability in the analysis target source code by performing a concolic testing on the basis of a path from the input point to the security sink.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: April 17, 2018
    Assignee: Korea University Research and Business Foundation
    Inventors: Heejo Lee, Hongzhe Li, Jonghoon Kwon, Hyuck-Min Kwon
  • Patent number: 9942249
    Abstract: According to one embodiment, an apparatus is configured to communicate a first plurality of phishing emails to a first plurality of users, each phishing email of the first plurality of phishing emails is of a first type or a second type. The apparatus is configured to determine a first response rate of the first plurality of users to phishing emails of the first type and to determine a second response rate of the first plurality of users to phishing emails of the second type. The apparatus is configured to determine a second plurality of phishing emails comprising phishing emails of the first type and the second type, wherein an aggregate response rate of a second plurality of users to the second plurality of phishing emails is predicted to be closer to a target response rate than one or more of the first response rate and the second response rate.
    Type: Grant
    Filed: July 22, 2015
    Date of Patent: April 10, 2018
    Assignee: Bank of America Corporation
    Inventor: Benjamin L. Gatti
  • Patent number: 9942042
    Abstract: A digitally signed authentication assertion is generated in response to successful authentication of a current user of a user device by using a signing key that is uniquely assigned to the authenticator process to digitally sign a document indicating that the current user of the user device was successfully authenticated on the user device. The signing key uniquely assigned to the authenticator process is stored in a key container associated with the user device, and the key container is located on a key container server that is physically separate from the user device. The digitally signed authentication assertion is conveyed from the authenticator process to an authentication service, in order to securely indicate to the authentication service that the current user of the user device has been verified as an authentic user by the authenticator process.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: April 10, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Lawrence N. Friedman, Kayvan Alikhani
  • Patent number: 9923897
    Abstract: An enhanced services network provides enhanced privacy and/or security over public networks to client subscribers of the service. Client devices access the enhanced services network over a public communications network (e.g., the Internet, cellular network, etc.) via a client-side edge server of the enhanced services network. The enhanced services network interfaces with client-requested network resources hosted by third-party server devices via a resource-side edge server. The particular client-side edge server and/or resource-side edge server that is utilized for a particular client session may be selected by the enhanced services network according to a rule set. The rule set may seek to achieve one or more target goals, such as: (1) limit discoverability of the enhanced services network, (2) minimize or reduce geographic/network distance between an edge server and a target computing device, and/or (3) establish connections that are more secure than the connections originally requested by the client.
    Type: Grant
    Filed: March 6, 2014
    Date of Patent: March 20, 2018
    Assignee: SURFEASY, INC.
    Inventors: Chris Houston, Athir Nuaimi, Josh Gross
  • Patent number: 9924360
    Abstract: Systems and methods for transmitting AT commands indicating whether Evolved Packet System (EPS) Session Management (ESM) information should be transmitted securely are disclosed herein. A Terminal Equipment (TE) may transmit an AT command to a Mobile Termination (MT). The AT command may indicate whether protocol configuration options (PCO) should be ciphered and/or whether an access point name (APN) is provided. In some embodiments, the AT command may be a dedicated command and may only include a <securePCO> parameter and an <APNprovided> parameter. Alternatively, or in addition, the AT command may include a <securePCO> parameter, an <APN> parameter, and/or additional parameters serving additional functions. Whether the APN is provided may be determined based on whether the <APN> parameter is present and includes a non-null value. The AT command may be related to a single packet data network (PDN) connection or may relate to a plurality of PDN connections.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: March 20, 2018
    Assignee: INTEL IP CORPORATION
    Inventors: Kiran Kumar Addepalli, Robert Zaus, Vivek Gupta
  • Patent number: 9912701
    Abstract: A cloud infrastructure is enhanced to provide a context-based security assurance service to enable secure application deployment. The service inspects network and cloud topologies to identify potential security capabilities and needs. Preferably, these options are then surfaced to the user with easy-to-understand, pre-configured templates representing security assurance levels. When a template (e.g., representing a pre-configured assurance level) is selected by the user, the system then applies specific capabilities and controls to translate the user-selected generalized specification (e.g., “high security”) into granular requirements for a specific set of security resources. Preferably, the identification of these security resources is based on system configuration, administration, and information associated with the pre-configured template.
    Type: Grant
    Filed: March 25, 2016
    Date of Patent: March 6, 2018
    Assignee: International Business Machines Corporation
    Inventors: Nataraj Nagaratnam, Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Sridhar R. Muppidi
  • Patent number: 9886585
    Abstract: Data may be encrypted using a public key. From a plurality of functions executable on the data, one or more functions may be selected. The selected one or more functions may be associated with the encrypted data. The selected one or more functions may provide exclusive access to the data. A data structure specifying conditions for access to the one or more functions may be created. An exclusive interface to provide access to the one or more functions may be created. The interface, upon determining that one or more conditions from the conditions are satisfied, may grant access to the one or more functions. The encrypted data, the associated one or more functions, the data structure, and the interface may be included into an object.
    Type: Grant
    Filed: June 14, 2013
    Date of Patent: February 6, 2018
    Assignee: SAP SE
    Inventors: Marek Piotr Zielinski, Jan Harm Petrus Eloff
  • Patent number: 9876822
    Abstract: A cloud infrastructure is enhanced to provide a context-based security assurance service to enable secure application deployment. The service inspects network and cloud topologies to identify potential security capabilities and needs. Preferably, these options are then surfaced to the user with easy-to-understand, pre-configured templates representing security assurance levels. When a template (e.g., representing a pre-configured assurance level) is selected by the user, the system then applies specific capabilities and controls to translate the user-selected generalized specification (e.g., “high security”) into granular requirements for a specific set of security resources. Preferably, the identification of these security resources is based on system configuration, administration, and information associated with the pre-configured template.
    Type: Grant
    Filed: November 28, 2014
    Date of Patent: January 23, 2018
    Assignee: International Business Machines Corporation
    Inventors: Nataraj Nagaratnam, Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Sridhar R. Muppidi
  • Patent number: 9871765
    Abstract: Various exemplary embodiments relate to a method performed by a DIAMETER network node, the method including: receiving a first DIAMETER message; determining that the first DIAMETER message is not trusted; and rejecting the first DIAMETER message.
    Type: Grant
    Filed: September 4, 2012
    Date of Patent: January 16, 2018
    Assignee: Alcatel Lucent
    Inventors: Robert A. Mann, Eric Colaviti
  • Patent number: 9871822
    Abstract: A cloud infrastructure is enhanced to provide a context-based security assurance service to enable secure application deployment. The service inspects network and cloud topologies to identify potential security capabilities and needs. Preferably, these options are then surfaced to the user with easy-to-understand, pre-configured templates representing security assurance levels. When a template (e.g., representing a pre-configured assurance level) is selected by the user, the system then applies specific capabilities and controls to translate the user-selected generalized specification (e.g., “high security”) into granular requirements for a specific set of security resources. Preferably, the identification of these security resources is based on system configuration, administration, and information associated with the pre-configured template.
    Type: Grant
    Filed: November 28, 2014
    Date of Patent: January 16, 2018
    Assignee: International Business Machines Corporation
    Inventors: Nataraj Nagaratnam, Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Sridhar R. Muppidi
  • Patent number: 9866551
    Abstract: Disclosed are a one time password generation device and an authentication method. The one time password generation device includes: a reference information generator that generates reference information; a virtual input means generator that generates a virtual input means in which a blank is provided; and a password generator that generates a one time password using an initial value, reference information and a blank.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: January 9, 2018
    Inventors: Young Man Hwang, Sung Min Joo
  • Patent number: 9842210
    Abstract: The present disclosure provides a network architecture and verification platform for analyzing the various modules of a Unified Extensible Firmware Interface (UEFI) firmware image. In one embodiment, the disclosed network architecture and verification platform obtains various UEFI firmware images, such as UEFI firmware image residing on a client device or a UEFI firmware image hosted by a hardware manufacturer. The network architecture and verification platform may then segregate the various UEFI firmware modules that make up the UEFI firmware image, and subject the modules to different types of analysis. By analyzing the UEFI firmware modules individually, the network architecture and verification platform builds a repository of Globally Unique Identifiers (GUIDs) referenced by a given UEFI firmware module, which may then be referenced in future analyses to determine whether any changes, and the extent of such changes, have been made to an updated version of the given UEFI firmware module.
    Type: Grant
    Filed: January 16, 2015
    Date of Patent: December 12, 2017
    Assignee: Raytheon Company
    Inventor: Robert Allen Rose
  • Patent number: 9838431
    Abstract: A cloud infrastructure is enhanced to provide a context-based security assurance service to enable secure application deployment. The service inspects network and cloud topologies to identify potential security capabilities and needs. Preferably, these options are then surfaced to the user with easy-to-understand, pre-configured templates representing security assurance levels. When a template (e.g., representing a pre-configured assurance level) is selected by the user, the system then applies specific capabilities and controls to translate the user-selected generalized specification (e.g., “high security”) into granular requirements for a specific set of security resources. Preferably, the identification of these security resources is based on system configuration, administration, and information associated with the pre-configured template.
    Type: Grant
    Filed: November 28, 2014
    Date of Patent: December 5, 2017
    Assignee: International Business Machines Corporation
    Inventors: Nataraj Nagaratnam, Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Sridhar R. Muppidi
  • Patent number: 9830478
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for receiving an encrypted version of an obfuscated stack trace representing an error generated by error handling code of obfuscated code executed by a user device, the obfuscated stack trace having obfuscated code element names corresponding to deobfuscated code element names in a deobfuscated version of the code; decrypting the encrypted stack trace to generate an obfuscated stack trace; receiving an encrypted obfuscation log that maps obfuscated code element names of the obfuscated code executed by the user device to deobfuscated code element names in the deobfuscated version of the code; decrypting the encrypted obfuscation log to generate a decrypted obfuscation log; and generating a deobfuscated stack trace using the decrypted obfuscation log, the deobfuscated stack trace having deobfuscated code element names.
    Type: Grant
    Filed: July 20, 2015
    Date of Patent: November 28, 2017
    Assignee: Semmle Limited
    Inventor: Joshua George Hale