Patents Examined by Courtney D. Fields
  • Patent number: 10735394
    Abstract: A system provides cloud-based identity and access management. The system receives a request from a client for a resource, authenticates the request, and accesses a microservice based on the request. The system determines, by the microservice, whether the resource is cached in a near cache or in a remote cache, retrieves the resource from the near cache or from the remote cache when the resource is cached, and calls an administration microservice to obtain the resource when the resource is not cached. The system then provides the resource to the client.
    Type: Grant
    Filed: July 27, 2017
    Date of Patent: August 4, 2020
    Assignee: Oracle International Corporation
    Inventors: Lokesh Gupta, Ashutosh Pitre
  • Patent number: 10728027
    Abstract: Protecting the security of an entity by using passcodes is disclosed. A user's passcode device generates a passcode, where sometimes the device is called Alice. In an embodiment, the passcode is generated in response to receipt of user information. The passcode is received by another system (called Bob or the second party), which authenticates the passcode by at least generating a passcode from a passcode generator or nonce, and comparing the generated passcode with the received passcode. The passcode is temporary. At a later use a different passcode is generated from a different passcode generator. In these embodiments, there are asymmetric secrets stored on the passcode device (Alice's device) and by the administrator (Bob's device). This adds more security so that if the backend servers are breached, the adversary cannot generate valid passcodes. In some embodiments, the passcode depends on a nonce or the rounded time.
    Type: Grant
    Filed: January 10, 2016
    Date of Patent: July 28, 2020
    Assignee: Biogy, Inc.
    Inventor: Michael Stephen Fiske
  • Patent number: 10728038
    Abstract: Methods are described for constructing a secret key by multiple participants such that any quorum combination of participants can generate a fixed number of key components that can be combined by a recipient to generate the secret key. The methods permit an identical secret key to be generated by a different sized quorum from different participants if required. The keys may be used as private keys for encryption, decryption, digital signatures or authentication tokens and each key is generated from a key index. The circuits used by a quorum of participants for the generation of keys feature nested non-linear devices connected in series with outputs multiplied by stored secret values. Example applications are described including blinded cipher text generation, a multi-signature cryptocurrency system and an encrypted cloud storage system.
    Type: Grant
    Filed: March 23, 2017
    Date of Patent: July 28, 2020
    Assignee: PQ Solutions Limited
    Inventors: Martin Tomlinson, Cen Jung Tjhai
  • Patent number: 10708052
    Abstract: Systems and methods for monitoring data input are disclosed. A dataset entered into a non-password field is received. Based on the dataset meeting one or more criteria for a likely password, a determination as to whether the dataset is inadvertently entered into the non-password field is made. Based on determining that the dataset is inadvertently entered into the non-password field, further processing of the dataset is inhibited.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: July 7, 2020
    Assignee: BlackBerry Limited
    Inventors: Jeremy Lawson Kominar, Neil Patrick Adams, Nick Mark Waterman, Marc Anthony Lepage
  • Patent number: 10708234
    Abstract: A third party intermediary and a data protection method, system, and non-transitory computer readable medium, include a content request receiving circuit configured to receive a service request from a user, to communicate the service request to a provider, and to receive pre-approved versions of content from the provider, a content matching circuit configured to match a pre-approved version of content of the pre-approved versions of content to the user based on a condition of the user, a user data receiving circuit configured to receive user data to complete the pre-approved version of the content, and a zero-knowledge verifiable computing circuit configured to execute a program using zero-knowledge verifiable computing to remove private content from the pre-approved version of the content to ensure privacy of the condition of the user from the provider.
    Type: Grant
    Filed: March 24, 2016
    Date of Patent: July 7, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Samuel Scott Adams, Susann Marie Keohane, James R. Kraemer, Jeb R. Linton
  • Patent number: 10708296
    Abstract: A threat detection system for detecting malware can automatically decide, without manual expert-level interaction, the best set of features on which to train a classifier, which can result in the automatic creation of a signature-less malware detection engine. The system can use a combination of execution graphs, anomaly detection and automatic feature pruning. Execution graphs can provide a much richer structure of runtime execution behavior than conventional flat execution trace files, allowing the capture of interdependencies while preserving attribution (e.g., D happened because of A followed by B followed by C). Performing anomaly detection on this runtime execution behavior can provide higher order knowledge as to what behaviors are anomalous or not among the sample files. During training the system can automatically prune the features on which a classifier is trained based on this higher order knowledge without any manual intervention until a desired level of accuracy is achieved.
    Type: Grant
    Filed: March 16, 2015
    Date of Patent: July 7, 2020
    Assignee: Threattrack Security, Inc.
    Inventors: Paul Apostolescu, Melvin Antony, Aboubacar Toure, Jeff Markey, Prathap Adusumilli
  • Patent number: 10706136
    Abstract: A portable device is provided. The portable device may include a display; an input device; a camera; a processor coupled to the display, the input device, and the camera; and a computer readable medium coupled to the processor, the computer readable medium comprising code, executable by the processor, to implement a method comprising: receiving authentication data from the input device, determining whether the received authentication data matches authentication data associated with an authorized user, and displaying, on the display, a credential, an item, and data associated with the item.
    Type: Grant
    Filed: July 19, 2018
    Date of Patent: July 7, 2020
    Assignee: Visa International Service Association
    Inventor: Duane Cash
  • Patent number: 10691618
    Abstract: Various embodiments are generally directed to techniques to load and run secure enclaves for use by kernel mode applications. An apparatus to provide kernel mode access to a secure enclave includes a kernel mode secure enclave driver to provide user mode support for a kernel mode application and to initialize a secure enclave on behalf of the kernel mode application and a user mode secure enclave manager to process an instruction from the kernel mode application to the secure enclave.
    Type: Grant
    Filed: December 17, 2013
    Date of Patent: June 23, 2020
    Assignee: INTEL CORPORATION
    Inventors: Bin Cedric Xing, Reshma Lal
  • Patent number: 10691817
    Abstract: Provided is a process of securing data in a distributed storage and processing application, the process including: obtaining a cluster of computing nodes, wherein: the cluster stores a plurality of ciphertexts; accessing a transformation key with a first computing node; transforming the ciphertext with the first computing node based on the transformation key into a transformed ciphertext configured to be decrypted with a temporary access key; decrypting the transformed ciphertext with the second computing node based on the temporary access key to obtain plaintext data.
    Type: Grant
    Filed: May 6, 2017
    Date of Patent: June 23, 2020
    Assignee: ZeroDB, Inc.
    Inventors: Mikhail Egorov, MacLane Scott Wilkison, David Nu{grave over (n)}ez, Isaac Agudo
  • Patent number: 10673820
    Abstract: Method and system for routing communications traffic between a machine to machine, M2M, device connected to a telecommunications network and having an International Mobile Subscriber Identity, IMSI, and a server, the method comprising assigning an access point name, APN, from a plurality of APNs based on the IMSI of the M2M device. Routing, via the assigned APN, communications traffic between the M2M device and the server, wherein the server is determined based on one or more of: the IMSI, the APN and a characteristic of a communication traffic between the M2M device and the server.
    Type: Grant
    Filed: September 12, 2014
    Date of Patent: June 2, 2020
    Assignee: VODAFONE IP LICENSING LIMITED
    Inventors: Nick Bone, Tim Snape
  • Patent number: 10652173
    Abstract: A method, server, device and computer readable medium for facilitating communication between users permitted to access a messaging server is provided. The messaging server comprises a user database, a processor and memory. The user database is configured to store user information for the users and at least one name directory. The name directory includes a list of users permitted to communicate with each other. The memory has stored thereon instructions which, when executed by the processor, cause the messaging server to transmit the name directory to the users listed therein at predefined times.
    Type: Grant
    Filed: April 1, 2013
    Date of Patent: May 12, 2020
    Assignee: CANAMEX CORPORATION
    Inventors: Jorge Fernandez, Michael Berkeley Paul
  • Patent number: 10650159
    Abstract: An electronic device. The electronic device comprises a memory comprising a confidential information region and a non-confidential information region, a processor, and an application stored in the memory. When executed by the processor, the application determines if a reboot has occurred after a most recent power-off boot, where a reboot takes place without removing power from the processor and memory and, in response to determining that the reboot occurred after the most recent power-off boot, prevents access of applications to the confidential information region in the memory.
    Type: Grant
    Filed: April 25, 2018
    Date of Patent: May 12, 2020
    Assignee: Sprint Communications Company L.P.
    Inventors: Lyle W. Paczkowski, William M. Parsel, Carl J. Persson, Matthew C. Schlesener
  • Patent number: 10637878
    Abstract: In some examples, a plurality of multi-dimensional data samples representing respective behaviors of entities in a computing environment are sorted, where the sorting is based on values of dimensions of each respective multi-dimensional data sample. For a given multi-dimensional data sample, a subset of the plurality of multi-dimensional data samples is selected based on the sorting. An anomaly indication is computed for the given multi-dimensional data sample based on applying a function on the multi-dimensional data samples in the subset. It is determined whether the given multi-dimensional data sample represents an anomalous entity in the computing environment based on the computed anomaly indication.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: April 28, 2020
    Assignee: MICRO FOCUS LLC
    Inventors: Renato Keshet, Yaniv Sabo
  • Patent number: 10630662
    Abstract: A material set, such as an asymmetric keypair, is processed using an associated workflow to prepare the material set for activation and/or use. In one embodiment, a material set is generated and information about the material set is communicated to a workflow manager. Based at least on the information, the workflow manager generates a workflow that when accomplished will allow the material set to be activated and/or used. In another embodiment, a service provider provides a key manager, workflow manager and destination for the key, such as a load balancer that terminates SSL connections. A key can be generated by the key manager, sent through the workflow manager for processing (potentially communicated to third parties such as a certificate authority, if needed) and installed at a destination.
    Type: Grant
    Filed: February 24, 2016
    Date of Patent: April 21, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Graeme D. Baer, David M. Hulme, Benjamin E. Seidenberg
  • Patent number: 10594492
    Abstract: A computing module is described herein, wherein the computing module is configured to perform acts including generating a digital signature for a printed circuit board (PCB), wherein the digital signature is based upon a sensor signal generated by a sensor that is electrically coupled to at least one of a trace of the PCB or an electrical component of the PCB. The acts further include determining that the PCB is authentic and is free of tampering based upon the digital signature. The acts additionally include outputting an indication that the PCB is authentic and is free of tampering responsive to determining that the PCB is authentic and is free of tampering.
    Type: Grant
    Filed: June 16, 2017
    Date of Patent: March 17, 2020
    Assignee: National Technology & Engineering Solutions of Sandia, LLC
    Inventors: Nathan J. Edwards, Jason Hamlet, Mitchell Tyler Martin
  • Patent number: 10581603
    Abstract: Provided is a process including: encrypting each of a plurality of data encryption keys with a first public cryptographic key to form encrypted data encryption keys; obtaining a second public cryptographic key; generating a transformation key based on the first public-private cryptographic key pair and the second public cryptographic key; and transforming the encrypted data encryption keys with proxy re-encryption based on the transformation key; and obtaining the second private cryptographic key and the transformed encrypted data encryption keys.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: March 3, 2020
    Assignee: ZeroDB, Inc.
    Inventors: Mikhail Egorov, MacLane Scott Wilkison, David Nu{grave over (n)}ez, Isaac Agudo
  • Patent number: 10574440
    Abstract: Provided is a computer system and method that enables delegated access to encrypted information for distributed messaging and queuing frameworks, or in general, to publish/subscribe architectures. In said frameworks and architectures, data is published by data producers and organized in channels or queues, which consumer applications can subscribe to, and that are managed by one or multiple broker entities.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: February 25, 2020
    Assignee: ZeroDB, Inc.
    Inventors: Mikhail Egorov, MacLane Scott Wilkison, David Nu{grave over (n)}ez, Isaac Agudo
  • Patent number: 10574644
    Abstract: Computer processors are configured to verify a unique user identification credential for a requesting user of a first client in response to receiving request for access to a microservice process from the user via the first client; create a client identification token in response to verifying a unique user identification credential for the user, and a session identification token for the request; pass the session identification token to the requesting client mapped to the client identification token; enable requested access by the first client to the requested microservice process in association with the session identification token in a session that is persisted to a session repository identified by the session identification token; and cause the requesting client to replicate the persisted session in association with the session identification token.
    Type: Grant
    Filed: May 3, 2017
    Date of Patent: February 25, 2020
    Assignee: International Business Machines Corporation
    Inventors: Vijay Kumar Ananthapur Bache, Vijay Ekambaram, Saravanan Sadacharam
  • Patent number: 10567171
    Abstract: Techniques are provided for client-side security key generation. An initial request is received from an application executing on a client device. The application includes a security component includes security code. In response to the initial request, a key component is generated. The key component includes one or more parameters from which a valid security key can be generated at the client device by executing the security code. The key component is provided to the client device. A security key associated with a request from the client device to an application server is received. The security key is checked for validity. In response to determining that the security key is valid, processing of the request by the application server is caused.
    Type: Grant
    Filed: June 30, 2017
    Date of Patent: February 18, 2020
    Assignee: Shape Security, Inc.
    Inventors: Carl Schroeder, Ariya Hidayat, Chandrasekhar Rentachintala, Ricky Y. Chiu
  • Patent number: 10564951
    Abstract: A system, method, and computer-readable medium for performing a secure userless device software deployment operation. The secure userless device software deployment operation enables a client information handing system and a server information handling system to independently and deterministically construct a host reference (such as a host universal resource locator (URL)). In certain embodiments, the host reference is used for the SaaS connection based on a fixed portion plus a unique portion created using a client's public key as an identifier. In certain embodiments, the secure userless device software deployment operation leverages a management system to broker a SaaS service deployment. In certain embodiments, the secure userless device software deployment operation securely attaches a managed userless device to a tenant based SaaS offering by leveraging a connection plug-in and temporary/ephemeral URL architecture with a one-time use construct.
    Type: Grant
    Filed: February 26, 2016
    Date of Patent: February 18, 2020
    Assignee: Dell Products L.P.
    Inventors: Carlton A. Andrews, Warren W. Robbins