Patents Examined by Christopher A. Revak
  • Patent number: 10263993
    Abstract: A multi-tenant logging system that allows a user to have an individual profile that controls the user's access to tenant logs is provided. The system includes a plugin that adds features of an access control list (ACL) to indexes of a logging stack based on a user's access role. The stack is an aggregate of logs for nodes that are stored globally in the system. When a user requests a particular index to logs in the logging stack, an authorization token associated with the user is provided. Before the user request is allowed to proceed, the access guard plugin performs access control on the stack by referencing the ACL using the authorization token to determine which tenants a user can access in view of the user's current access role. The plugin uses the token and the user identifier to construct the ACL to enable each user's access to the stack.
    Type: Grant
    Filed: January 19, 2018
    Date of Patent: April 16, 2019
    Assignee: Red Hat, Inc.
    Inventors: Jeffrey Jon Cantrill, Eric M. Wolinetz, Luke R. Meyer
  • Patent number: 10250563
    Abstract: Secure device and proxy operation include generating, using a processor, a first proxy and a first proxy companion paired with the first proxy and providing the first proxy to a host data processing system for installation therein. The first proxy in the host data processing system and the first proxy companion communicate. A proxy change event for the host data processing system is detected. Responsive to the detecting, a second proxy and a second proxy companion paired with the second proxy are generated. The second proxy is provided to the host data processing system for installation therein.
    Type: Grant
    Filed: October 12, 2017
    Date of Patent: April 2, 2019
    Assignee: ZANGULI LLC
    Inventor: Behrooz Mobini
  • Patent number: 10251062
    Abstract: The invention is a method for managing access to a service wherein the method comprises the following steps: a client application sends to an application server a request to access the service by using credentials and a first anti-clone code, the application server performs a verification of the credentials and said first anti-clone code, the application server sends a second anti-clone code to the client application and deactivates said first anti-clone code only in case of successful verification, said second anti-clone code being required for the next attempt to access the service.
    Type: Grant
    Filed: April 25, 2016
    Date of Patent: April 2, 2019
    Assignee: GEMALTO SA
    Inventors: HongQian Karen Lu, Jean-Yves Fine, Benoît Gonzalvo, Aline Gouget
  • Patent number: 10237731
    Abstract: A PKI key pair comprising a private key and a public key is arranged for the end device. The public key is stored at the communication partner. The communication partner is arranged to provide a session key, encrypt data using the session key, encrypt the session key using the public key and convey the encrypted data to the end device. The communication system is further characterized in that it comprises a server system, remote from the mobile end device, in which the private key is stored in a secure environment. For this, the communication partner is furthermore arranged to transmit the encrypted session key to the server system. Moreover, the server system is arranged to decrypt the session key for the end device with the private key and to transmit it in decrypted form to the end device for decrypting the data.
    Type: Grant
    Filed: July 28, 2015
    Date of Patent: March 19, 2019
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Frank Schäfer, Ullrich Martini
  • Patent number: 10225246
    Abstract: The embodiments of the present invention disclose a certificate acquiring method and device. A virtualized network function manager (VNFM) receives a certificate application proxy message sent by a virtualized network function (VNF) instance. The VNFM uses the authentication information to authenticate the VNF instance, and when the authentication succeeds, sends a certificate application message to a certificate authority (CA). Then the VNFM receives a certificate issued by the CA, and sends the certificate to the VNF instance. In this way, through a trusted link between the VNFM and the certificate authority, the instantiated VNF instance applies for a certificate issued by the certificate authority, thereby effectively ensuring security of a management channel between the VNF instance and the VNFM.
    Type: Grant
    Filed: November 8, 2016
    Date of Patent: March 5, 2019
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Ying Xiong, Jiangsheng Wang, Chengyan Feng
  • Patent number: 10218695
    Abstract: A system includes one or more memory devices storing instructions, and one or more processors configured to execute the instructions to perform the steps of a method for providing a credentialless login for a user. The system may receive a request for credentialless login from a user of a mobile computing device. The system may then receive an authentication of a user accessing a software application running on a mobile computing device. Responsive to the receipt of the authentication, the system may generate a random one-time passcode associated with an account of the authenticated user and transmit the passcode to the mobile computing device for display to the user. The system may then receive the passcode from a second computing device and responsive to verifying the validity of the access code, grant the second computing device access to the account of the user.
    Type: Grant
    Filed: March 27, 2018
    Date of Patent: February 26, 2019
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventor: Chintan Jain
  • Patent number: 10218718
    Abstract: Rapidly detecting network threats with targeted detectors includes, at a computing device having connectivity to a network, determining features of background network traffic. Features are also extracted from a particular type of network threat. A characteristic of the particular type of network threat that best differentiates the features of the particular type of network threat from the features of the background network traffic is determined. A targeted detector for the particular type of network threat is created based on the characteristic and an action is applied to particular incoming network traffic identified by the targeted detector as being associated with the particular type of network threat.
    Type: Grant
    Filed: August 23, 2016
    Date of Patent: February 26, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Martin Kopp, Tomas Pevny
  • Patent number: 10205748
    Abstract: A computing system may be protected from revoked system updates. A computing system receives an object and scans it for revocation updates to a security structure of the computing system. The security structure is a monotonically nondecreasing collection of segments containing data on whether a system update is revoked, and a system update's status as revoked signifies the revoked system update can no longer be used by the computing system. Based upon scanning the object, the computing system identifies and validates a revocation update. The computing system resolves the revocation update by applying the revocation update to the security structure, by adding or changing one or more segments of the security structure identified by the revocation update, in response to determining that the revocation update is valid, or by denying application of the revocation update to the security structure in response to determining that the revocation update is invalid.
    Type: Grant
    Filed: May 11, 2018
    Date of Patent: February 12, 2019
    Assignee: International Business Machines Corporation
    Inventors: Michael D. Hocker, Brandon S. Johnson
  • Patent number: 10205747
    Abstract: A computing system may be protected from revoked system updates. A computing system receives an object and scans it for revocation updates to a security structure of the computing system. The security structure is a monotonically nondecreasing collection of segments containing data on whether a system update is revoked, and a system update's status as revoked signifies the revoked system update can no longer be used by the computing system. Based upon scanning the object, the computing system identifies and validates a revocation update. The computing system resolves the revocation update by applying the revocation update to the security structure, by adding or changing one or more segments of the security structure identified by the revocation update, in response to determining that the revocation update is valid, or by denying application of the revocation update to the security structure in response to determining that the revocation update is invalid.
    Type: Grant
    Filed: May 11, 2018
    Date of Patent: February 12, 2019
    Assignee: International Business Machines Corporation
    Inventors: Michael D. Hocker, Brandon S. Johnson
  • Patent number: 10204226
    Abstract: According to some embodiments, a threat detection model creation computer may receive a series of normal monitoring node values (representing normal operation of the industrial asset control system) and generate a set of normal feature vectors. The threat detection model creation computer may also receive a series of threatened monitoring node values (representing a threatened operation of the industrial asset control system) and generate a set of threatened feature vectors. At least one potential decision boundary for a threat detection model may be calculated based on the set of normal feature vectors, the set of threatened feature vectors, and an initial algorithm parameter. A performance of the at least one potential decision boundary may be evaluated based on a performance metric. The initial algorithm parameter may then be tuned based on a result of the evaluation, and the at least one potential decision boundary may be re-calculated.
    Type: Grant
    Filed: December 7, 2016
    Date of Patent: February 12, 2019
    Assignee: GENERAL ELECTRIC COMPANY
    Inventors: Cody Joe Bushey, Lalit Keshav Mestha, Justin Varkey John, Daniel Francis Holzhauer
  • Patent number: 10198563
    Abstract: A method for controlling a screen of a terminal, includes: determining a real-time state of the screen as a first state; generating a first electromagnetic signal corresponding to the first state, and sending the first electromagnetic signal to a metal structure on a surface of the terminal through a first human body communication component, such that the first electromagnetic signal is transmitted via a skin of a user; receiving, by the first human body communication component via the metal structure, a second electromagnetic signal sent by a wearable device associated with the terminal, the second electromagnetic signal being generated by the wearable device according to the first electromagnetic signal; and if the second electromagnetic signal includes state switching information regarding the screen, switching the real-time state of the screen from the first state to a second state.
    Type: Grant
    Filed: March 15, 2016
    Date of Patent: February 5, 2019
    Assignee: Xiaomi Inc.
    Inventors: Yanteng Wang, Zhijie Li, Jie Fan
  • Patent number: 10187357
    Abstract: A device of a public communication network initiates an action at a destination UE device of a private communication network by transmitting an action request message to a translating device that has a network/logical connection to both networks. The action request message contains security credentials of the initiating device, but does not contain a network address of the destination UE device. The translating device uses the security credentials of the initiating device contained in the action request message to determine a network address of the private network corresponding to the desired destination UE device. The security credentials may also be used to establish a secure connection from the initiating device. The translating device forwards the action request message to the desired destination device at the address associated with the initiator-device security credentials that it received in the action request message. The translating device may be a publish-subscribe broker.
    Type: Grant
    Filed: April 7, 2016
    Date of Patent: January 22, 2019
    Assignee: M2MD TECHNOLOGIES, INC.
    Inventor: Charles M. Link, II
  • Patent number: 10178119
    Abstract: Customers of a computing resource service provider may operate one or more computing resource provided by the computing resource service provider. In addition, the customers may implement security applications and/or devices using the one or more computing resources provided by the computing resource service provider. Operational information from customer operated computing resources may be correlated with operational information from computing resources operated by the computing resource service provider or other entities and correlated threat information may be generated. Anomalous activity may be detected based at least in part on the correlated threat information.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: January 8, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Eric Jason Brandwine, Robert Eric Fitzgerald, Alexander Robin Gordon Lucas
  • Patent number: 10171438
    Abstract: User input is received from a user for identifying a particular account from among multiple accounts. A set of questions specific for the particular account is selected. Further user input comprising one or more responses to each question of the set of questions is received. A password is generated based on the one or more received responses.
    Type: Grant
    Filed: April 4, 2017
    Date of Patent: January 1, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Alessandro Dinia, Riccardo Rossi, Antonio Secomandi, Viviana Tripodi
  • Patent number: 10158651
    Abstract: An example client device includes a processor configured construct a key to be used to encrypt or decrypt data of a communication session between the client device and a server device, partition the key into a plurality of key partitions, send data representative of the key and a location of the client device to the server device, send data representative of each of the plurality of key partitions to a respective key verification server device of a plurality of key verification server devices, and after receiving an indication from the server device that the key has been verified using data representative of the key, the location of the client device, and the plurality of key partitions, encrypt or decrypt data exchanged with the server device using the key.
    Type: Grant
    Filed: April 20, 2016
    Date of Patent: December 18, 2018
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Basil F. Nimry, Nicholas Gillis
  • Patent number: 10153899
    Abstract: An email request is received from a client device, where the email request is intended for an email server and includes a request for an email recipient's certificate. The compliance status of the client device is obtained. If the client device is in compliance, the email request is modified, and the modified email request is sent to the email server while a certificate retrieval request in the email request is redirected to a certificate repository implemented in a server separate from a certificate repository maintained by the email server. The email certificate is retrieved from the certificate repository and combined with information received from the email server to generate a response, which is sent to the client device.
    Type: Grant
    Filed: November 18, 2016
    Date of Patent: December 11, 2018
    Assignee: AirWatch, LLC
    Inventors: Christopher Henretty, William Pinner, Emil Novakov, Anand Patel, David Shaw, Marshall Brown
  • Patent number: 10154065
    Abstract: A system for managing computer security policies includes a policy management system that provides computer security policies to container host machines. The policy management system retrieves images of software containers from an image registry and generates computer security policies that are specific for each image. A container host machine informs the policy management system when an image is pulled from the image registry into the container host machine. The policy management system identifies a computer security policy that is applicable to the image and provides the computer security policy to the container host machine. The container host machine can also locally identify the applicable computer security policy from among computer security policies that are received from the policy management system. The container host machine enforces the computer security policy and other currently existing computer security policies.
    Type: Grant
    Filed: September 22, 2016
    Date of Patent: December 11, 2018
    Assignee: Trend Micro Incorporated
    Inventors: Marek Buchler, Kevin Boyce
  • Patent number: 10148444
    Abstract: A method may include storing a first set of secrets associated with an information handling system in a credential vault of a management controller configured to be coupled to a processor of a host system of the information handling system in order to provide management of the information handling system via management traffic communicated between the management controller and an external management network such that the first set of secrets are accessible responsive to a verified boot of the management controller and storing a second set of secrets associated with the information handling system in a storage of a cryptoprocessor owned by the management controller such that access to the second set of secrets may be granted in response to an administrator's provision of authorization to the cryptoprocessor, and such that access to the second set of secrets is prevented during runtime of the host system in absence of authorization.
    Type: Grant
    Filed: August 4, 2016
    Date of Patent: December 4, 2018
    Assignee: Dell Products L.P.
    Inventors: Johan Rahardjo, Mukund P. Khatri, Theodore S. Webb
  • Patent number: 10148648
    Abstract: A portable data or information carrier in the form of a smart card with partially or fully virtualized components. To maximize the confidentiality of information stored in the carrier, and more specifically to limit the amount of information available to a potential defrauder, electronic components such as circuits, I/O, cryptographic, memory and dummy objects are built, modified or influenced on demand from physical characteristics of an eligible person or device. Digitized unique biometric or hardware identifiers are read upon start-up and runtime of the device and, in case of an eligible person or device, subsequently supply all values necessary for determination of the characteristics of the user specific virtual smart cards objects, their placement and connections. By multi-factor authentication, the end-user or device will retain sole control of its keys and use them for authentication, signature or encryption purposes as if he had a physical smart card in his hand.
    Type: Grant
    Filed: November 28, 2017
    Date of Patent: December 4, 2018
    Assignee: Open Invention Network LLC
    Inventor: Martin Wieland
  • Patent number: 10148683
    Abstract: An Account Takeover (ATO) threat detection system is configured to detect that a group of IP addresses is a suspected group of IP addresses (in that there is an indication that same potentially malicious entity is using a group of IP addresses to attempt logins) and automatically select a lower value that limits how many login attempts from the same IP address are permitted during a predetermined period of time before a login request from the suspected group of IP address is no longer accepted for processing. The limit that is used to restrict login attempts from a single IP address is set to be lower than a solo threshold value.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: December 4, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ziliang Lin, Xiaosu Huang, Sakshi Ratneshchand Jain, Theodore Hwa