Patents Examined by Christopher C. Harris
  • Patent number: 10289810
    Abstract: Disclosed is, among other things, a method for distributing content items to authorized users. The method comprising: a content owner device (190), COD, obtaining a first content item (196a); the COD (190) obtaining a first tag associated with the first content item (196a); the COD (190) obtaining a first content key, CK1, for said first content item (196a); the COD (190) encrypting the first content item (196a) using CK1, thereby producing a first encrypted content item; the COD (190) using at least the first tag and a key derivation function, KDF, to derive a first derived key, DK1; the COD (190) encrypting CK1 using the DK1, thereby producing a first encrypted content key, ECK1; and the COD (190) transmitting information to a content server (108), the information comprising: the first encrypted content item and the first tag.
    Type: Grant
    Filed: February 27, 2014
    Date of Patent: May 14, 2019
    Assignee: Telefonaktiebolaget LM Ericsson (Publ)
    Inventors: Tommy Arngren, Mats Näslund
  • Patent number: 10277619
    Abstract: The invention relates to detecting vulnerabilities in technology infrastructure environments. Data describing vulnerabilities detected in a technological environment of an enterprise is obtained. The vulnerability data is combined with data relating to servers, applications associated with the servers, and business functions associated with the applications, within the technological environment of the enterprise in order to create enriched data. The enriched data is enhanced using one or more of the following processes: deduplicating records in the enriched data; modifying of a severity assigned to vulnerabilities based on one or more enterprise-infrastructure factors; archiving and purging of records included in the enriched data; consolidating IP addresses associated with the vulnerabilities; excepting records in the enriched data for vulnerabilities undergoing active remediation; and validating the enriched data. After the enriched data is enhanced, it may be sorted in accordance with one or more filters.
    Type: Grant
    Filed: April 27, 2016
    Date of Patent: April 30, 2019
    Assignee: Nationwide Mutual Insurance Company
    Inventors: David B. Clark, II, Kevin J. Sullivan, Jane L M Kuberski, Paul J. Melko, Jr., Narayanasamy Balakrishnan, Koen Klaas Kuiken, Travis Ray Lenocker, Zachary J. Eyen, Shad Cummins, Daniel W. David
  • Patent number: 10257197
    Abstract: In an example embodiment, a request for data is received from an end-user device, the request including one or more contextual attributes of the end-user device. The request is forwarded to a data provider. Data is then received from the data provider. It is determined if the data includes tagged sensitive data. If so, then the tagged sensitive data and the one or more contextual attributes are sent to a data access platform. Then policy constraints corresponding to the data are received from the data access platform. The sensitive data is encrypted in a manner that a data privacy module on the end-user device only decrypts the sensitive data when one or more contextual attributes of the end-user device meet one or more requirements identified in the policy constraints, and then the encrypted sensitive data and the policy are sent to the data privacy module.
    Type: Grant
    Filed: July 14, 2016
    Date of Patent: April 9, 2019
    Assignee: SAP SE
    Inventors: Mark Stephen James White, Jyothi Krothapalli, David Clegg
  • Patent number: 10256982
    Abstract: Methods, systems, and devices may be used for assigning names and bootstrapping of security credentials for Smart Objects inside a Digital Home environment. Methods, systems, and devices for identification and security bootstrapping of a smart object within a digital home environment may include automated assignment of a device level ID and security credential for each smart object in the home using a resource directory.
    Type: Grant
    Filed: August 29, 2014
    Date of Patent: April 9, 2019
    Assignee: Convida Wireless, LLC
    Inventors: Shamim Akbar Rahman, Dale N. Seed, Lijun Dong, Chonggang Wang, Quang Ly
  • Patent number: 10250384
    Abstract: The present invention discloses a visible light encryption method, a decryption method, a communication device and a communication system. The method includes: receiving a visible light signal from a transmit end, where the visible light signal is encrypted at the transmit end by using a key; and obtaining the key, and decrypting the visible light signal according to the key, where the obtaining the key includes: obtaining a key corresponding to a state of a state machine of a receive end; or, obtaining indication information according to the visible light signal and obtaining the key according to the indication information, where the indication information is used to obtain the key. The present invention solves a problem of decryption failure in visible light encryption and decryption, and improves accuracy of decryption.
    Type: Grant
    Filed: January 29, 2015
    Date of Patent: April 2, 2019
    Assignee: KUANG-CHI INTELLIGENT PHOTONIC TECHNOLOGY LTD.
    Inventors: Ruopeng Liu, Lin Luan, Guangjin Xiao
  • Patent number: 10237240
    Abstract: Techniques for assessing risk associated with firewall rules are provided. In one implementation, a method includes receiving a request for the network to apply a firewall policy rule to control traffic to a machine associated with the network, wherein the firewall policy rule comprises information that identifies a remote address from which the traffic can originate and a type of the traffic. The method further includes determining a remote address risk value representative of a first degree of security risk associated with allowing the traffic to access the machine in response to the traffic being determined to originate from the remote address; determining a traffic type risk value representative of a second degree of security risk associated with allowing the type of traffic to access the machine; and determining a total risk value based on a combination of the remote address risk value and the traffic type risk value.
    Type: Grant
    Filed: July 21, 2016
    Date of Patent: March 19, 2019
    Assignee: AT&T Global Network Services (U.K.) B.V.
    Inventor: Ian Phillips
  • Patent number: 10237289
    Abstract: The present disclosure provides a method and a device for detecting network intrusion. The method includes: obtaining a feature vector of a network flow to be detected; and detecting the feature vector using a deep neural network, and determining a network intrusion category of the network flow to be detected, in which the deep neural network is generated by training with training data, the training data includes feature vectors of normal samples and feature vectors of attack samples, the attack samples include original attack samples and generated attack samples by adding noise to the original attack samples. The method can improve an ability to identify unknown attacks and a normalization ability of known attacks.
    Type: Grant
    Filed: September 7, 2017
    Date of Patent: March 19, 2019
    Assignee: Neusoft Corporation
    Inventor: Qiang Du
  • Patent number: 10237303
    Abstract: In an example, there is disclosed a method and system for calculating an object's trust level for security purposes based on prevalence in a context-aware network. In an embodiment, as objects are accessed, a client queries a domain master such as a reputation server to evaluate the object's reputation. The domain master may maintain a prevalence-based reputation database, which may be updated as new clients report object prevalences.
    Type: Grant
    Filed: December 20, 2013
    Date of Patent: March 19, 2019
    Assignee: McAfee, LLC
    Inventors: Kenneth D. Simone, Jr., Paul A. Whitehurst, Mark Joseph Boudreaux
  • Patent number: 10235521
    Abstract: Techniques for malware detection using clustering with malware source information are disclosed. In some embodiments, malware detection using clustering with malware source information includes generating a first cluster of source information associated with a first malware sample, in which the first malware sample was determined to be malware, and the first malware sample was determined to be downloaded from a first source; and determining that a second source is associated with malware based on the first cluster.
    Type: Grant
    Filed: June 5, 2017
    Date of Patent: March 19, 2019
    Assignee: Palo Alto Networks, Inc.
    Inventors: Yanxin Zhang, Xinran Wang, Huagang Xie, Wei Xu
  • Patent number: 10237283
    Abstract: Techniques for malware domain detection using passive Domain Name Service (DNS) are disclosed. In some embodiments, malware domain detection using passive DNS includes generating a malware association graph that associates a plurality of malware samples with malware source information, in which the malware source information includes a first domain; generating a reputation score for the first domain using the malware association graph and passive DNS information; and determining whether the first domain is a malware domain based on the reputation score for the first domain.
    Type: Grant
    Filed: July 18, 2017
    Date of Patent: March 19, 2019
    Assignee: Palo Alto Networks, Inc.
    Inventors: Yanxin Zhang, Xinran Wang, Huagang Xie, Wei Xu
  • Patent number: 10230757
    Abstract: Systems, methods, and software products prevent malware attacks on networks, which include endpoint devices, by providing an environment to the endpoint device which simulates an environment, for example, a security environment, where malware is known to refrain from executing.
    Type: Grant
    Filed: August 27, 2014
    Date of Patent: March 12, 2019
    Assignee: Minerva Labs Ltd.
    Inventor: Eduard Bobritsky
  • Patent number: 10229290
    Abstract: Systems and methods are disclosed for securing an information handling system. A method for securing an information handling system may include securing the information handling system in an enclosure with a locking mechanism of a bezel; receiving a request to unlock the bezel at a baseboard management controller (BMC), the BMC communicatively coupled to the bezel; retrieving a first artifact stored in a trusted platform module (TPM) in response to the request; attempting to authorize the request using the first artifact; and unlocking the locking mechanism if the request is authorized.
    Type: Grant
    Filed: April 27, 2016
    Date of Patent: March 12, 2019
    Assignee: Dell Products L.P.
    Inventors: Johan Rahardjo, Gobind Vijayakumar, Salvador D. Jimenez, III
  • Patent number: 10229291
    Abstract: A method for locking out a remote terminal unit includes: receiving a lockout request, wherein the lockout request includes at least a public key associated with a user, a user identifier, and a terminal identifier; identifying a user profile associated with the user based on the user identifier included in the received lockout request; verifying the public key included in the received lockout request and permission for the user to lockout a remote terminal unit associated with the terminal identifier included in the received lockout request based on data included in the identified user profile; generating a lockout permit, wherein the lockout permit includes at least the public key included in the received lockout request; and transmitting at least a lockout request and the generated lockout permit, wherein the lockout request includes an instruction to place a lockout on the remote terminal unit.
    Type: Grant
    Filed: June 12, 2017
    Date of Patent: March 12, 2019
    Assignee: ITRON NETWORKED SOLUTIONS, INC.
    Inventors: Aditi Hilbert, Michael St. Johns
  • Patent number: 10230711
    Abstract: A system, method, and computer readable medium enhance authentication procedures in an anti-fraud environment when an access control server (ACS) is unavailable to generate a full authentication for unique identifying information received in a current communication from a website. An availability detector verifies that the access control server remains unavailable. A successful authentication identifier requests previous authentication information for a previous communication occurring during a predefined authentication period and corresponding to the unique identifying information. A full authentication generator upgrades the unique identifying information to the full authentication based upon the previous authentication information when the access control server is verified as remaining unavailable. The upgrade to full authentication prevents the current communication from being flagged as fraudulent.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: March 12, 2019
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventor: Manoneet Kohli
  • Patent number: 10228929
    Abstract: A computer system having a system memory and being arranged to permit a target program (90) installed on the system to be modified in a trusted manner. The system comprises a White-list Management Agent, WMA, module (10) for receiving, at a notification receiver (12), a notification that the target program (90) which is loaded into the system memory of the computer system has performed an update operation on the target program resulting in the generation and storage of a modified version of the target program on a storage device associated with the computer system. The WMA module is operable, upon receipt of a target program update notification, to determine if the program (90) as loaded into the system memory is in a trusted state by measuring the program (90) using a program measurer module (14) and comparing this, using a comparator (16), with a pre-stored value contained in a program whitelist (30), the pre-stored value being obtained from the program whitelist (30) using a whitelist reader/writer (18).
    Type: Grant
    Filed: August 15, 2014
    Date of Patent: March 12, 2019
    Assignee: BRITISH TELECOMMUNICATIONS public limited company
    Inventors: Fadi Ali El-Moussa, Andrew Paverd
  • Patent number: 10231141
    Abstract: Collaborative computing and electronic records are disclosed. An entity that may be able to help achieve an objective is discovered and a connection to the entity established. A meta-language is used to exchange with the entity a description of the objective and a description of the entity. The meta-language is used to negotiate with the entity a contract to help achieve the objective. In the event a contract to help achieve the objective is reached, performing a self-configuration in accordance with the contract.
    Type: Grant
    Filed: September 1, 2017
    Date of Patent: March 12, 2019
    Inventor: Mark Cummings
  • Patent number: 10230709
    Abstract: The disclosed apparatus may include (1) providing a framework that enables a customer entity of a service provider to configure, via a customer portal, a network device of the service provider that directs network traffic of the customer entity, (2) creating, for the customer entity by way of the framework, a virtual network that includes at least a portion of the network device of the service provider, (3) detecting an attempt by the customer entity to configure at least a portion of the virtual network via the customer portal, and then in response to detecting the attempt by the customer entity, (4) performing a configuration operation that configures the portion of the virtual network as directed by the customer entity via the customer portal. Various other apparatuses, systems, and methods are also disclosed.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: March 12, 2019
    Assignee: Juniper Networks, Inc.
    Inventor: Ravindranath C. Kanakarajan
  • Patent number: 10198573
    Abstract: A method for controlling the running of an application includes loading an application to be monitored; running the application loaded herein in a constructed running environment; and, according to a preset running configuration, executing a corresponding operation in the running environment, and processing a system call triggered by the application according to the operation herein. Furthermore, a device for controlling the running of an application includes a loading module configured to load an application to be monitored; a running module configured to run the application loaded herein in a constructed running environment; and a controlling module configured to execute a corresponding operation in the running environment according to a preset running configuration, and process a system call triggered by the application according to the operation herein. The present disclosure can thus ensure that data and applications are controlled and improve security.
    Type: Grant
    Filed: April 16, 2015
    Date of Patent: February 5, 2019
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Shuhua Chen
  • Patent number: 10148686
    Abstract: Systems, methods, and apparatus, including computer programs encoded on computer storage media, for analyzing telemetry data from physical process sensors to detect anomalies within the physical process. A telemetry analytics system is disclosed as a process level anomaly detection system based on operational telemetrics and domain-specific knowledge that protects cyber physical system (CPS) devices against zero-day exploits not detectable through traditional system log or network packet inspection. The telemetry analytics system operates as a security component comparable to intrusion detection or anti-virus/anti-malware that generates alerts upon detecting anomalies in the sensor and/or activity data ingested from system or network data sources.
    Type: Grant
    Filed: February 10, 2017
    Date of Patent: December 4, 2018
    Assignee: Accenture Global Solutions Limited
    Inventors: Amin Hassanzadeh, Shaan Mulchandani, Malek Ben Salem, Chien An Chen
  • Patent number: 10127379
    Abstract: Technologies for securing an electronic device may include determining a plurality of rules, monitoring execution of the electronic device, generating a notification that one of the operations has occurred based upon the rules, and, based on the notification and the pattern of the operations, determining whether the operations are indicative of malware. The rules may include an identification of a plurality of entities of the electronic device to be monitored, an identification of one or more operations between the entities to be monitored, and an identification of a pattern of the operations to be monitored.
    Type: Grant
    Filed: March 13, 2013
    Date of Patent: November 13, 2018
    Assignee: McAfee, LLC
    Inventor: Igor Muttik