Patents Examined by Courtney D. Fields
  • Patent number: 10382456
    Abstract: A computing device may include a memory and a processor cooperating therewith to operate a plurality of virtual computing sessions for a plurality of client devices. Each of the virtual computing sessions may have access to a network. The processor may further operate at least one security agent configured to detect security threats from the virtual computing sessions, and a virtual management agent configured to, responsive to detection of a security threat from a given virtual computing session, discontinue access to the computing network by the given virtual computing session.
    Type: Grant
    Filed: September 19, 2016
    Date of Patent: August 13, 2019
    Assignee: CITRIX SYSTEMS, INC.
    Inventors: Simon Frost, Robert Dobson
  • Patent number: 10379824
    Abstract: An example system and method for securing computer code of a dynamic Domain Specific Language (DSL) that leverages a General Purpose Language (GPL). An example method includes enhancing compile-time security enforcement functionality for computer code written using the DSL, in part by using a compiler to perform static analysis on the DSL computer code. The static analysis includes referencing a security policy defining one or more unacceptable program behaviors; and indicating when execution of the computer code would result in performance of the one or more unacceptable program behaviors based on results of the static analysis.
    Type: Grant
    Filed: February 26, 2016
    Date of Patent: August 13, 2019
    Assignee: Oracle International Corporation
    Inventors: John Smiljanic, Shailesh Vinayaka
  • Patent number: 10367646
    Abstract: A method and apparatus for distributing cryptographic material are disclosed. In the method and apparatus, cryptographic material is obtained and it is determined that the cryptographic material is to be made available for use by one or more computing resources. The cryptographic material is then sent to one or more secure modules, whereby a secure module of the one or more secure modules is programmatically accessible to a computing resource of the one or more computing resources and programmatic access enables the computing resource to request performance of one or more cryptographic operations using the cryptographic material while exporting the cryptographic material to the computing resource is denied.
    Type: Grant
    Filed: October 21, 2014
    Date of Patent: July 30, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Todd Lawrence Cignetti, Andrew Jeffrey Doane, Stefan Popoveniuc, Matthew Allen Estes, Alexander Edward Schoof, Robert Eric Fitzgerald, Peter Zachary Bowen
  • Patent number: 10367643
    Abstract: The disclosed computer-implemented method for managing encryption keys for single-sign-on applications may include (1) receiving, from an identity service, notification of a request to access encrypted data on a cloud service, the notification including a session key for encrypting and decrypting a master key for decrypting cloud service keys, (2) deriving the master key, (3) decrypting, using the master key, a cloud service key for decrypting data on the cloud service, (4) storing the master key, encrypted using the session key, (5) receiving an additional notification of an additional request to access encrypted data on an additional cloud service, the notification including the session key, (6) without again obtaining the authentication element from the user, decrypting the master key, and (7) decrypting, using the master key, an additional cloud service key for decrypting data on the additional cloud service. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 28, 2016
    Date of Patent: July 30, 2019
    Assignee: Symantec Corporation
    Inventors: Ilya Sokolov, Keith Newstadt
  • Patent number: 10360396
    Abstract: Described are a method and system of authorizing software execution on a computing device having a processor, the device storing a production key associated with software authorized for end-user release and storing a pre-release key associated with software not authorized for end-user release. The method includes determining that a signed software image is not signed with the production key; determining that the device has stored in memory thereon a pre-release token, the pre-release token containing data uniquely identifying the device and identifying the pre-release key; validating the pre-release token; and authenticating the signed software image using the pre-release key and, in response, permitting execution of the software image.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: July 23, 2019
    Assignee: BlackBerry Limited
    Inventors: Daniel Jonas Major, Michael Alievsky, Robert David Turner, Adam Richard Schieman
  • Patent number: 10354067
    Abstract: An endpoint computer system can harvest data relating to a plurality of events occurring within an operating environment of the endpoint computer system and can add the harvested data to a local data store maintained on the endpoint computer system. In some examples, the local data store can be an audit log and/or can include one or more tamper resistant features. Systems, methods, and computer program products are described.
    Type: Grant
    Filed: November 18, 2016
    Date of Patent: July 16, 2019
    Assignee: Cylance Inc.
    Inventors: Ryan Permeh, Matthew Wolff, Samuel John Oswald, Xuan Zhao, Mark Culley, Steve Polson
  • Patent number: 10354066
    Abstract: An endpoint computer system can harvest data relating to a plurality of events occurring within an operating environment of the endpoint computer system and can add the harvested data to a local data store maintained on the endpoint computer system. A query response can be generated, for example by identifying and retrieving responsive data from the local data store. The responsive data are related to an artifact on the endpoint computer system and/or to an event of the plurality of events. In some examples, the local data store can be an audit log and/or can include one or more tamper resistant features. Systems, methods, and computer program products are described.
    Type: Grant
    Filed: November 17, 2016
    Date of Patent: July 16, 2019
    Assignee: Cylance Inc.
    Inventors: Ryan Permeh, Matthew Wolff, Samuel John Oswald, Xuan Zhao, Mark Culley, Steve Polson
  • Patent number: 10348725
    Abstract: Techniques are disclosed herein for establishing a file transfer connection via wearable devices (e.g., head-mounted wearable devices). A service executing on a cloud platform receives a connection authentication request including authentication data from wearable devices, each associated with a mobile device. Upon validating the connection authentication request, a file transfer connection between the wearable devices is established. The service receives a request from one of the wearable devices to transfer a file maintained by an associated mobile device to another mobile device. Upon validating this request, the service sends an authorization to transfer the file.
    Type: Grant
    Filed: January 10, 2017
    Date of Patent: July 9, 2019
    Assignee: International Business Machines Corporatino
    Inventors: Su Liu, Jun Su, John D. Wilson, Yin Xia
  • Patent number: 10333899
    Abstract: Systems and methods for protecting private data behind a privacy firewall are disclosed. A system for implementing a privacy firewall to determine and provide non-private information from private electronic data includes a data storage repository, a processing device, and a non-transitory, processor-readable storage medium. The storage medium includes programming instructions that, when executed, cause the processing device to analyze a corpus of private electronic data to identify a first one or more portions of the data having non-private information and a second one or more portions of the data having private information, tag the first one or more portions of the data as allowed for use, determine whether the second one or more portions of the data includes non-private elements, and if the second one or more portions of the data comprises non-private elements, extract the non-private elements and tag the non-private elements as information allowed for use.
    Type: Grant
    Filed: October 7, 2015
    Date of Patent: June 25, 2019
    Assignee: LexisNexis, a division of Reed Elsevier Inc.
    Inventor: William Kilgallon
  • Patent number: 10325114
    Abstract: A computing system includes: a control unit configured to: obtain an information release setting for a raw user information, the raw user information including an information attribute; determine an information format for the information attribute of the raw user information; determine a privacy notion based on the information release setting; generate perturbed user information from the information attribute based on the privacy notion, wherein the information format for the raw user information is preserved in the perturbed user information; and a communication unit, coupled to the control unit, configured to transmit the perturbed user information.
    Type: Grant
    Filed: October 23, 2015
    Date of Patent: June 18, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Yilin Shen, Hongxia Jin
  • Patent number: 10326781
    Abstract: Some embodiments of cloud-based gateway security scanning have been presented. In one embodiment, some data packets are received sequentially at a gateway device. The data packets constitute at least a part of a file being addressed to a client machine coupled to the gateway device. The gateway device forwards an identification of the file to a remote datacenter in parallel with forwarding the data packets to the client machine. The datacenter performs signature matching on the identification and returns a result of the signature matching to the gateway device. The gateway device determining whether to block the file from the client machine based on the result of the signature matching from the datacenter.
    Type: Grant
    Filed: January 26, 2017
    Date of Patent: June 18, 2019
    Assignee: SONICWALL INC.
    Inventors: Aleksandr Dubrovsky, Senthilkumar G. Cheetancheri, Boris Yanovsky
  • Patent number: 10313136
    Abstract: A method for verifying the authenticity of a certificate in a web browser using an SSL/TLS protocol in an encrypted Internet connection to an HTTPS website includes establishing an encrypted connection to the HTTPS website using the web browser on a user's terminal device. A certificate including a public key of the HTTPS website and signed by a trusted certificate authority is sent to the user's web browser from the web server using the Internet connection. The certificate authority that signed the certificate is compared against the list of trusted certificate authorities. The certificate authority is verified as being included in the list. The thumbprint of the certificate is sent as an additional security check key using a second messaging channel, external to the Internet connection between HTTPS website and web browser of the user's terminal device, and the contact data in the customer register. The additional security check key is compared with the thumbprint received by the web.
    Type: Grant
    Filed: October 26, 2016
    Date of Patent: June 4, 2019
    Assignee: ONLINE SOLUTIONS OY
    Inventor: Jyrki Salmi
  • Patent number: 10313304
    Abstract: A system for regulating dynamic implementation of exceptions in an onboard network firewall includes a client application interface receptive to a data link request from a client device. An onboard connectivity manager includes a firewall interface connected to the onboard network firewall to request the exceptions in response to a connection authorization, a client presence manager receptive to the data link request relayed by the client application interface from the client device, and a network load manager in communication with the firewall interface and the client presence manager. A remote connectivity manager is connected to a remote application service and is in communication with the onboard connectivity manager. The network load manager generates the connection authorization to the firewall interface in response to the connection authorization request and an evaluation of one or more access grant conditions.
    Type: Grant
    Filed: March 16, 2016
    Date of Patent: June 4, 2019
    Assignee: PANASONIC AVIONICS CORPORATION
    Inventors: James A. Haak, Kwok Liang Poo
  • Patent number: 10291401
    Abstract: Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).
    Type: Grant
    Filed: September 26, 2016
    Date of Patent: May 14, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventor: Steven Preston Lightner Norum
  • Patent number: 10277406
    Abstract: Embodiments presented herein provide techniques for managing a digital certificate enrollment process. In particular, embodiments presented herein provide techniques for a certificate authority to issue short-lived SSL certificates and an authentication method for validating certificate signing requests (CSR) for short-lived certificates.
    Type: Grant
    Filed: September 5, 2014
    Date of Patent: April 30, 2019
    Assignee: DigiCert, Inc.
    Inventors: Hari Veladanda, Hoa Ly, Gaurav Khanna
  • Patent number: 10205711
    Abstract: A strong authentication token supporting multiple instances associated with different users and protected by a user identity verification mechanism is disclosed. A multi-instance strong authentication token may be adapted to generate dynamic credentials using cryptographic secrets that are specific to a particular instance stored in the token. A method and a system to secure remotely accessible applications using strong authentication tokens supporting multiple instances are disclosed. A method for loading additional tokens into a multi-instance authentication token is disclosed.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: February 12, 2019
    Assignee: ONESPAN NORTH AMERICA INC.
    Inventors: Frederik Mennes, Guy Couck, Bert Fierens, Sebastien Lavigne, Harm Braams, Tom De Wasch, Guillaume Teixeron
  • Patent number: 10176341
    Abstract: Computerized embodiments are disclosed for keeping personally identifying information within a protected domain environment when interacting with a computerized service environment. In one embodiment, user interface commands are received from a remote computerized system of the protected domain environment at the computerized service environment via computerized network communications. A data residency protection component is generated within the computerized service environment in response to the user interface commands. The data residency protection component is configured to act as a proxy for the computerized service environment, when executed in the protected domain environment by the remote computerized system, to isolate personally identifying information from visibility or storage outside of the protected domain environment.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: January 8, 2019
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Kent Arthur Spaulding, Kenneth Joseph Meltsner, Reza B′Far
  • Patent number: 10158491
    Abstract: A Qualified Electronic Signature (QES) system configured to exchange data with first processing means of the requester configured to allow a requester to generate requests requesting a qualified electronic signature through said system to a recipient. The system comprises second processing means of the recipient configured to allow the recipient of the request to sign with his qualified electronic signature.
    Type: Grant
    Filed: April 8, 2013
    Date of Patent: December 18, 2018
    Inventor: Antonio Salvatore Piero Vittorio Bonsignore
  • Patent number: 8307447
    Abstract: A method and a terminal device for making multi-system constraint of a specified permission in a digital rights. A rights object related to content object is obtained by an executing device. The specific permission descriptions of the rights object include system constraint descriptions of a plurality of systems of the same type. The executing device obtains a corresponding system information in the device according to the system constraint descriptions and compares the system information in the device with the system information in the system constraint descriptions, so as to judge whether there is any system permitted in system constraint descriptions. If yes, it determines to permit executing the specific permission for the content object; otherwise, it determines not to permit executing said specific permission for the content object.
    Type: Grant
    Filed: August 15, 2006
    Date of Patent: November 6, 2012
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Yimin Li, Pei Dang
  • Patent number: 8291226
    Abstract: Techniques to securely boot up an electronics device (e.g., a cellular phone) from an external storage device are described. Secure data (e.g., a hash digest, a signature, a cryptographic key, and so on) is initially retrieved from a non-writable area of an external memory device (e.g., an one-time programmable (OTP) area of a NAND Flash device). A first program (e.g., a boot program) is retrieved from a writable or main area of the external memory device and authenticated based on the secure data. The first program is enabled for execution if authenticated. A second program may be retrieved from the main area of the external memory device and authenticated based on the secure data. The second program is enabled for execution if authenticated. Additional programs may be retrieved and authenticated. Each program may be authenticated using a secure hash function, a digital signature, and/or some other cryptographic technique.
    Type: Grant
    Filed: February 10, 2006
    Date of Patent: October 16, 2012
    Assignee: QUALCOMM Incorporated
    Inventors: Dexter Tamio Chun, Ajit B. Patil, Cuneyt Fitoz, Dwight Gordon, Yu-Hsiang Huang, Oliver Michaelis