Patents Examined by Carlton Johnson
  • Patent number: 10812466
    Abstract: Managed devices containing a Trusted Platform Module (TPM) to provide a trusted environment generate a device certificate at initialization of the TPM and send the device certificate to a management console for storing in a certificate database. Upon detecting a file of interest, the TPM signs the file, adding to a signature list created by previous managed devices. The signature list can be used to analyze the spread of the file across the system of managed devices, including tracking the file to the first managed device to have had a copy, without requiring real-time access to the managed devices during the spread of the file. In some embodiments, additional security measures may be taken responsive to determining the first managed device and the path the file has taken across the system of managed devices.
    Type: Grant
    Filed: May 5, 2015
    Date of Patent: October 20, 2020
    Assignee: McAfee, LLC
    Inventors: Balbir Singh, Preet Mohinder, Manish Sharma, Rahul Chandra Khali
  • Patent number: 10812481
    Abstract: The invention relates to a method for providing a wireless local network, wherein stationary communication devices and mobile communication devices are connected in the manner of a mesh as the sub-network, which is particularly connected to an infrastructure network and configured to exchange authentication messages with at least one communication device, which is particularly disposed in the infrastructure network and provides an authentication function. During an attempt to establish a first link by a first communication device connected to a communication device providing the authentication function to a second communication device connected to the communication device providing the authentication function, an authenticator role to be assigned as part of an authentication process is associated with the first and second communication devices, wherein at least one property correlating with the connection is analyzed for meeting a criterion.
    Type: Grant
    Filed: January 4, 2017
    Date of Patent: October 20, 2020
    Assignee: Unify GmbH & Co. KG
    Inventors: Rainer Falk, Florian Kohlmayer
  • Patent number: 10796307
    Abstract: An indication that a user wishes to conduct a bank transaction is received. An authentication path to be presented to the individual is pseudo-randomly determined. The authentication path comprises a combination of authentication challenges to be presented to the individual. A determination is made whether the user presented valid responses to the authentication challenges. The user is authenticated to conduct the bank transaction based on whether the user is determined to have presented valid responses to the authentication challenges.
    Type: Grant
    Filed: September 1, 2017
    Date of Patent: October 6, 2020
    Assignee: Wells Fargo Bank, N.A.
    Inventor: Alexander Zaharopoulos Hughes
  • Patent number: 10728244
    Abstract: A security system comprises an access control node broadcasting a beacon including a time stamp and user devices generating replies to the beacon that are based on credential information for the user of the user device and the time stamp. The system relies on the users' wireless-capable mobile computing devices such as smartphones, tablets, or wireless fobs. A credential management system proves a system for the authentication of users and then issues security tokens as credential information to the users' mobile computing devices. These tokens are presented wirelessly by the devices to the security system's access control nodes, for example, where the access control nodes then decide whether to grant or deny access.
    Type: Grant
    Filed: February 17, 2016
    Date of Patent: July 28, 2020
    Assignee: Sensormatic Electronics, LLC
    Inventors: James Trani, Walter A. Martin
  • Patent number: 10715494
    Abstract: Aspects of the present disclosure provide systems and methods for directly transferring tenant data hosted on a source domain to a target domain, wherein the source and target domains are associated with different server farms. Additionally, where the source domain is managed by a source management layer and the target domain is managed by target management layer, which source and target management layers are not in a trust relationship. Aspects describe establishing a secure, direct communication bus between the source and target management layers in order to accomplish a plurality of steps involved in transferring the tenant, wherein tenant data transferred thereon is encrypted. In example aspects, the direct communication bus terminates upon completion of the tenant data transfer.
    Type: Grant
    Filed: May 15, 2017
    Date of Patent: July 14, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Patrick J. Simek, Prashant Gaurav, Kalyan K. Kona, Ilker Celikyilmaz
  • Patent number: 10673878
    Abstract: Aspects provide for an automated computer security apparatus. A first sequential action data set of different actions performed sequentially in engaging a computer system to execute a data operation on the computer system is categorized as a normal or abnormal operation. Actions of the first sequential action data set and of another (second) sequential action data set of different actions having the same normal or abnormal category of the first set are randomly selected and combined to generate a random sequential action data set for the common category of the first and second sequential action data sets, to define a sequential order of actions performed sequentially in engaging the computer system to execute a random set data operation on the computer system.
    Type: Grant
    Filed: May 19, 2016
    Date of Patent: June 2, 2020
    Assignee: International Business Machines Corporation
    Inventor: Guruvishnuvardan Mounaguruswamy
  • Patent number: 10609012
    Abstract: There is provided a method of operating a security token, said security token comprising a secure element and a microcontroller unit being coupled to said secure element, wherein: the secure element receives an authentication command from a host device while the microcontroller unit is in a first sleep state; the secure element decodes the authentication command, sends a corresponding authentication request to the microcontroller unit and subsequently enters into a second sleep state; the microcontroller unit wakes up upon receiving the authentication request and subsequently determines an amount of available power; the microcontroller unit processes the authentication request only if the amount of available power exceeds a threshold. Furthermore, a corresponding computer program product and a corresponding security token are provided.
    Type: Grant
    Filed: October 29, 2014
    Date of Patent: March 31, 2020
    Assignee: NXP B.V.
    Inventors: Thomas Suwald, Arne Burghardt
  • Patent number: 10552614
    Abstract: An example method includes receiving an indication of a first level of authentication for an electronic device, the first authentication being associated with a first authentication device associated with the user; receiving an indication of a second level of authentication for the electronic device, the second authentication being associated with a second authentication device associated with the user, the second authentication device being different from the first authentication device; and upon receiving the indication of at least the first level of authentication and the second level of authentication, allow access to the electronic device.
    Type: Grant
    Filed: January 31, 2014
    Date of Patent: February 4, 2020
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Nam H Nguyen, Chi So, Shaheen Saroor
  • Patent number: 10536483
    Abstract: One example provides a collaborative policy refinement service to aggregate policy inputs from organizational layers and to generate security policies that are consistent across the organizational layers. This includes an interactive policy component to facilitate collaborative interaction between the organizational layers and to facilitate determination of the security policies.
    Type: Grant
    Filed: June 16, 2011
    Date of Patent: January 14, 2020
    Inventors: Marco Casassa Mont, Siani Pearson, Pete Bramhall
  • Patent number: 10521498
    Abstract: A document editor may manage suggested edits in a collaborative document. The document editor may instantiate a document model associated with the collaborative document. When a first editing suggestion is received for the collaborative document, a first suggestion command is associated with the first editing suggestion based on a type of the first editing suggestion and a type of the document model. The document editor may apply the first suggestion command on the document model to present the first editing suggestion within the collaborative document. When an acceptance indication for the first editing suggestion is received, the document model can be updated with the first suggestion command in response to the received acceptance indication.
    Type: Grant
    Filed: June 24, 2015
    Date of Patent: December 31, 2019
    Assignee: GOOGLE LLC
    Inventors: Luiz Do Amaral De Franca Pereira Filho, Steven Joseph Saviano, Kevin Markman, Thomas John Schirripa, Isaac Quinn Shum, Kevin Winter, Ian Gunn, Stephen Alexander Garcia-Wright, Olga Sergeyevna Saviano, Venkat Ganesan, Augustin O. Venezuela, III
  • Patent number: 10503890
    Abstract: An authentication system for a computing environment uses physically unclonable functions (PUFs) to authenticate requests to perform an action in the environment. The system receives, from an imaging device, an image of a physically unclonable object associated with the electronic request. The system then obtains from a computer server operating within the system via an encrypted communication channel, a challenge associated with the object. The system uses extraction parameters encoded within the challenge to transform a portion of the image and produce authentication data representing a response to the challenge. The system extracts, using the extraction parameters, the authentication data from the image and determines whether the challenge and response match and the request is authenticated.
    Type: Grant
    Filed: February 16, 2017
    Date of Patent: December 10, 2019
    Inventors: Bertrand Cambou, Abolfazl Razi
  • Patent number: 10489576
    Abstract: Generating verification codes includes selecting at least two verification code generators from a verification code generator set comprising a plurality of verification code generators to compose a current use set, executing each verification code generator in the current use set to obtain corresponding partial verification codes, composing a current verification code from the partial verification codes, outputting the current verification code to a user, receiving a user response that is made in response to the current verification code, and comparing the current verification code and the user response to determine whether the user is verified.
    Type: Grant
    Filed: May 5, 2015
    Date of Patent: November 26, 2019
    Assignee: Alibaba Group Holding Limited
    Inventors: Jiajia Li, Xinlin Yu
  • Patent number: 10445516
    Abstract: A computer-implemented method for preventing vulnerable files from being opened may include (1) registering a security application as a universal file opener, (2) receiving, at the security application, a request to open a file, (3) identifying at least one other application on the computing device that is capable of opening the file, (4) determining, based on a security analysis, that there is a security risk in opening the file with the other application that is capable of opening the file, and (5) preventing the other application that is capable of opening the file from opening the file. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 3, 2015
    Date of Patent: October 15, 2019
    Assignee: Symantec Corporation
    Inventor: Jun Mao
  • Patent number: 10419487
    Abstract: Techniques are provided for processing authorization requests. In some embodiments, an authorization request specifying a non-hierarchical resource can be processed without having to sequentially process the various security policies configured for a collection of resources.
    Type: Grant
    Filed: January 12, 2017
    Date of Patent: September 17, 2019
    Inventors: Kamalendu Biswas, Andrei Kapishnikov, Sastry Hari
  • Patent number: 10412068
    Abstract: Techniques are disclosed relating to signing and authentication of network messages such as API calls. A server system and a client system may collaboratively establish a shared secret key, which is then usable to sign such messages. These techniques may be useful in various situations, such as for integrations between different systems.
    Type: Grant
    Filed: December 7, 2015
    Date of Patent: September 10, 2019
    Assignee:, inc.
    Inventor: Prasad Peddada
  • Patent number: 10375046
    Abstract: Methods, devices, and systems for determining whether a received user generated response key matches the generated first unique key, thereby providing an autonomous authentication system to verify the user. The validation computing system may use a unique key to associate with each request for authentication from a client and further validate that unique key. Additionally, the authentication may be validated as an added security measure by a webhost.
    Type: Grant
    Filed: January 19, 2016
    Date of Patent: August 6, 2019
    Inventor: Arsen Samvelian
  • Patent number: 10372914
    Abstract: For validating computing device firmware, systems, apparatus, and methods are disclosed. The apparatus includes a processor, and a memory that stores code executable by the processor, the code including code that acquires a firmware manifest for locally stored firmware, authenticates a digital signature of the firmware manifest, and validates contents of the locally stored firmware using the firmware manifest. The apparatus may also include code that generates a local firmware manifest from the firmware, wherein validating the contents of the firmware includes comparing the local firmware manifest to the firmware manifest. In certain embodiments, the apparatus may indicate, to a user, one of success and failure of the firmware validation. The firmware manifest may be a location-specific firmware manifest corresponding to a geographical location of the apparatus and/or computing device including the locally stored firmware.
    Type: Grant
    Filed: June 24, 2015
    Date of Patent: August 6, 2019
    Inventors: Steven D. Goodman, Mikio Hagiwara, William Laurence Jaeger, Jr., Eitaroh Kasamatsu, Kohsuke Ohtani, Randall Scott Springfield, David Burke Stone, Christopher Aaron Whitesock
  • Patent number: 10320796
    Abstract: The claimed subject matter provides a method for securing a partner service. The method can include receiving a request, wherein the request comprises a unique value, to access the partner service, wherein the request is received from a browser client for a partner application and determining that a user is authorized to access the partner application, the partner application generating a token that associates the user with the partner application. The method can also include generating a signature for the token, the signature to enable the partner service to independently regenerate the signature, the token comprising an identifier for the partner application enabling the partner service to detect which partner application generates the token and sending the token with the signature to the browser client.
    Type: Grant
    Filed: May 28, 2015
    Date of Patent: June 11, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Eric Wai Ho Lau, Zhaowei Charlie Jiang, Ronald H. Jones, Jr., Derrick Isaacson, Ralph E. Lemke, Peter Wu
  • Patent number: 10181049
    Abstract: Described is a process for secure and privacy-preserving data retrieval operations in a network having a plurality of nodes. The process includes receiving a query at a querying node. The query is encrypted to generate an encrypted metadata query record. The encrypted metadata query record is transmitted to each queried node that is to be searched for data. A secure pattern matching protocol is used to search a database of metadata records to match a query answer to the metadata query record. The query answer is then encrypted. A query policy is verified for the querying node, with the encrypted answer being further encrypted based on the query policy. The further encrypted answer is transmitted to the querying node, which removes the outer layer of encryption, resulting in the original encrypted answer. The original encrypted answer is then decrypted to recover the query answer.
    Type: Grant
    Filed: November 19, 2013
    Date of Patent: January 15, 2019
    Assignee: HRL Laboratories, LLC
    Inventors: Karim El Defrawy, Gavin D. Holland
  • Patent number: 10084492
    Abstract: An data channel system and method provide a composite signal having an overt, persistent signal channel and a non-persistent channel encoded onto a signal in the persistent channel by timing variation of the persistent channel signal.
    Type: Grant
    Filed: May 5, 2015
    Date of Patent: September 25, 2018
    Assignee: Raytheon Company
    Inventors: Gary M. Graceffo, Andrew M. Kowalevicz, Bradley A. Whittington