Patents Examined by Daniel Hoang
  • Patent number: 8739255
    Abstract: A domain controller hierarchy includes one or more hub domain controllers in communication with one or more local domain controllers, such as local domain controllers at a branch office. The hub domain controller(s) is writable, while the local domain controller(s) is typically read-only. Non-secure and secure information is partitioned to specific local domain controllers at the one or more hub domain controllers. The non-secure and secure information is then passed from the hub domain controller only to the local domain controller associated with the given partition at the hub domain controller on request. For example, a user requests a logon at a client computer system at a local branch office, and the logon is passed from the local domain controller to the hub domain controller. If authenticated, the user logon account is passed to the local domain controller, where it can be cached to authenticate subsequent requests.
    Type: Grant
    Filed: September 14, 2012
    Date of Patent: May 27, 2014
    Assignee: Microsoft Corporation
    Inventors: Gregory C. Johnson, William Birkin Lees, William S. Jack, III, Nathan Daniel Muggli
  • Patent number: 8707030
    Abstract: Providing path validation information for a system includes determining paths between a subset of certificate of the system and at least one trust root, storing each of the paths in a table prior to a request for path validation information, and fetching the validation information stored in the table in response to a request for path validation information. Providing path validation information may also include digitally signing the validation information. Providing path validation information may also include applying constraints to the validation information and only providing validation information that is consistent with the constraints. Determining paths may include constructing a directed graph of trusted roots and the subset of certificates and performing a depth-first acyclic search of the graph.
    Type: Grant
    Filed: November 19, 2004
    Date of Patent: April 22, 2014
    Assignee: CoreStreet, Ltd.
    Inventor: David Engberg
  • Patent number: 8707419
    Abstract: The present invention provides a system, method and apparatus for protecting against high volume attacks. The present invention receives a packet, determines a source of the received packet, and updates a tree-based data structure based on the source of the received packet. The received packet is accepted or passed on whenever one or more statistics stored within the tree-based data structure do not exceed a threshold. The received packet is dropped whenever the one or more statistics exceed the threshold. The present invention can be implemented in hardware, software or a combination thereof. The software will implement the steps as one or more code segments of a computer program embodied on a computer readable medium.
    Type: Grant
    Filed: June 27, 2007
    Date of Patent: April 22, 2014
    Assignee: Avaya Inc.
    Inventors: Srikrishna Kurapati, Sachin Purushottam Joglekar, Krishna Sobhan Bhaskar Kokkiligadda, Mukesh Kumar Singh, Samrat Saha
  • Patent number: 8695098
    Abstract: Method to detect security vulnerabilities includes: interacting with a web application during its execution to identify a web page exposed by the web application; statically analyzing the web page to identify a parameter within the web page that is constrained by a client-side validation measure and that is to be sent to the web application; determining a server-side validation measure to be applied to the parameter in view of the constraint placed upon the parameter by the client-side validation measure; statically analyzing the web application to identify a location within the web application where the parameter is input into the web application; determining whether the parameter is constrained by the server-side validation measure prior to the parameter being used in a security-sensitive operation; and identifying the parameter as a security vulnerability.
    Type: Grant
    Filed: June 30, 2011
    Date of Patent: April 8, 2014
    Assignee: International Business Machines Corporation
    Inventors: Marco Pistoia, Ori Segal, Omer Tripp
  • Patent number: 8675865
    Abstract: A method and apparatus for a high-bandwidth stream cipher. In one embodiment of the invention, the stream cipher has an output function that receives secret state bits from a block cipher and generates an encryption mask. In one embodiment of the invention, the encryption mask has a lesser or smaller number of bits than the secret state bits. The stream cipher uses the encryption mask to encrypt a video data stream to generate an encrypted video data stream.
    Type: Grant
    Filed: September 24, 2010
    Date of Patent: March 18, 2014
    Assignee: Intel Corporation
    Inventor: Gary L. Graunke
  • Patent number: 8661518
    Abstract: Embodiments of an N-Port ID virtualization (NPIV) proxy module, NPIV proxy switching system, and methods are generally described herein. Other embodiments may be described and claimed. In some embodiments, login requests are distributed over a plurality of available N-ports to allow servers to be functionally coupled to F-ports of a plurality of fiber-channel (FC) switches. Fiber-channel identifiers (FCIDs) are assigned to the servers in response to the logon requests to provide single end-host operations for each of the servers.
    Type: Grant
    Filed: June 13, 2007
    Date of Patent: February 25, 2014
    Assignee: Cisco Technology, Inc.
    Inventors: Krishna Doddapaneni, Chaitanya Kodeboyina, J.R. Rivers, Pauline Shuen
  • Patent number: 8656503
    Abstract: Security language constructs may be translated into logic language constructs and vise versa. Logic resolution may be effected using, for example, the logic language constructs. In an example implementation, translation of a security language assertion into at least one logic language rule is described. In another example implementation, translation of a proof graph reflecting a logic language into a proof graph reflecting a security language is described. In yet another example implementation, evaluation of a logic language program using a deterministic algorithm is described.
    Type: Grant
    Filed: September 11, 2006
    Date of Patent: February 18, 2014
    Assignee: Microsoft Corporation
    Inventors: Moritz Y. Becker, Blair B. Dillaway, Cedric Fournet, Andrew D. Gordon, Jason F. Mackay
  • Patent number: 8650625
    Abstract: A method and system for securely logging onto a banking system authentication server so that a user credential never appears in the clear during interaction with the system in which a user's credential is DES encrypted, and the DES key is PKI encrypted with the public key of an application server by an encryption applet before being transmitted to the application server. Within the HSM of the application server, the HSM decrypts and re-encrypts the credential under a new DES key known to the authentication server, the re-encrypted credential is forwarded to the authentication server, decrypted with the new DES key known to the authentication server, and verified by the authentication server.
    Type: Grant
    Filed: September 21, 2012
    Date of Patent: February 11, 2014
    Assignee: Citibank Development Center, Inc.
    Inventors: Michael Grandcolas, Marc Guzman, Thomas Yee, Dilip Parekh, Yongqiang Chen
  • Patent number: 8650405
    Abstract: An improved PIN-based authentication technique for authenticating the user of a client machine to a server automatically generates a personal identification number (PIN) for the user based on user-specific authentication information, such as encrypted cookie information. The server provides user-specific authentication information to a client machine. When the user submits an authentication request, user-specific authentication information is collected and uploaded to the server. The user-specific authentication information is processed to form a PIN, and authentication of the user proceeds based on the PIN and any other authentication factors provided. Since the disclosed techniques compute PINs automatically based on information exchanged between a client machine and a server, the user is relieved of any burden associated with registering and remembering a PIN.
    Type: Grant
    Filed: June 30, 2011
    Date of Patent: February 11, 2014
    Assignee: EMC Corporation
    Inventors: Yedidya Dotan, Lawrence N. Friedman, Oleg Freylafert, Robert S. Philpott, Daniel Schiappa
  • Patent number: 8627084
    Abstract: A system is provided that uses cryptographic techniques to support secure messaging between senders and recipients. A sender may encrypt a message for a recipient using the recipient's public key. The sender may send the encrypted message to the message address of a given recipient. A server may be used to decrypt the encrypted message for the recipient, so that the recipient need not install a decryption engine on the recipient's equipment.
    Type: Grant
    Filed: October 23, 2012
    Date of Patent: January 7, 2014
    Assignee: Voltage Security, Inc.
    Inventors: Matthew J. Pauker, Terence Spies, Rishi Kacker, Guido Appenzeller
  • Patent number: 8607310
    Abstract: An association between a system's in-band identification credentials with out-of-band identification credentials may arise by making a universal serial bus device emulation in the form of either a virtual mass storage device or a virtual network adaptor. In the case of the former, a machine readable name is decoded to determine which KVM port a target device is connected to. Such can be used to associate a system's known in-band identification credentials with decoded out-of-band identification credentials from the virtual mass storage device. In the case of the latter, the target may be searched and queried through an out-of-band path to ascertain in-band identification credentials.
    Type: Grant
    Filed: April 17, 2006
    Date of Patent: December 10, 2013
    Assignee: Raritan Americas, Inc.
    Inventors: Jayson T. Holovacs, Neil S. Weinstock, Siva Somasundaram
  • Patent number: 8589679
    Abstract: Identifier-based signcryption methods and apparatus are disclosed both for signing and encrypting data, and for decrypting and verifying data. The signcryption methods use computable bilinear mappings and can be based, for example, on Weil or Tate pairings. A message sender associated with a first trusted authority carries out integrated signing/encryption processes to send a signed, encrypted message to an intended recipient associated with a second trusted authority. The recipient then carries out integrated decryption/verification processes to recover the original message and verify its origin.
    Type: Grant
    Filed: July 14, 2005
    Date of Patent: November 19, 2013
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Liqun Chen, Keith Alexander Harrison, John Malone-Lee
  • Patent number: 8582769
    Abstract: Systems and methods to communicate securely includes communicating quantum encryption data on a first wavelength-division multiplexing passive optical network (WDM-PON); and communicating data over separate classical channels of a second WDM-PON, wherein the second WDM-PON synchronizes with the first WDM-PON while providing data communication over the classical channels.
    Type: Grant
    Filed: July 30, 2010
    Date of Patent: November 12, 2013
    Assignee: NEC Laboratories America, Inc.
    Inventors: Yi Zhao, Martin Roetteler, Lei Xu, Ting Wang
  • Patent number: 8578449
    Abstract: A domain controller hierarchy includes one or more hub domain controllers in communication with one or more local domain controllers, such as local domain controllers at a branch office. The hub domain controller(s) is writable, while the local domain controller(s) is typically read-only. Non-secure and secure information is partitioned to specific local domain controllers at the one or more hub domain controllers. The non-secure and secure information is then passed from the hub domain controller only to the local domain controller associated with the given partition at the hub domain controller on request. For example, a user requests a logon at a client computer system at a local branch office, and the logon is passed from the local domain controller to the hub domain controller. If authenticated, the user logon account is passed to the local domain controller, where it can be cached to authenticate subsequent requests.
    Type: Grant
    Filed: September 30, 2005
    Date of Patent: November 5, 2013
    Assignee: Microsoft Corporation
    Inventors: Gregory C. Johnson, Nathan Daniel Muggli, William Birkin Lees, William S. Jack, III
  • Patent number: 8561168
    Abstract: Configuration tasks needed to form a wireless LAN are performed using a simple method while increasing security during configuration. In a wireless network configuration system GH1 including an encryption key setting system LH1, where an access point 20 determines after the power thereto is turned ON that configuration for connection to a wireless LAN has not yet be carried out, the access point 20 activates a restricted receiving mode in which only an initial configuration packet is accepted. A terminal 50 that has sent an initial configuration packet and the access point 20 that has received such initial configuration packet while the restricted receiving mode is active each create an identical WEP key with reference to the data on a CD-ROM 51 or the data in a ROM 12, respectively, and set and register the created WEP key in itself.
    Type: Grant
    Filed: November 22, 2011
    Date of Patent: October 15, 2013
    Assignee: Buffalo Inc.
    Inventor: Takashi Ishidoshiro
  • Patent number: 8539554
    Abstract: Disclosed is a technique capable of proper execution of access control based on various security policies set by a home user with regards to a packet sent from a visitor node. According to the technique, a MR (Mobile Router) 10 which manages a mobile PAN 30 determines whether a sender of a packet from a communication terminal connected to the mobile PAN is a home user's node which is allowed direct access into a home network or a visitor node (VN 31), and forwards the packet from the home user's node to an HA 20 while forwarding the packet from the visitor node to a policy server 36 located in a DMZ 35. This allows the policy server to perform access control on every packet from a visitor node which attempts to gain access into the home network based on a security policy 36a.
    Type: Grant
    Filed: December 26, 2006
    Date of Patent: September 17, 2013
    Assignee: Panasonic Corporation
    Inventors: Jun Hirano, Keigo Aso, Chun Keong Benjamin Lim, Chan Wah Ng, Tien Ming Benjamin Koh, Pek Yew Tan
  • Patent number: 8528094
    Abstract: A system, method and apparatus for associating data is presented. An association system generally includes a vulnerability information system, user identification system and association tool. The vulnerability information system performs a scan of client devices to identify vulnerable devices. The vulnerability information is transmitted to the association tool where it is cross referenced with user identification information received from the user identification system. The association tool identifies the user associated with the vulnerable devices and this information may be stored to generate historical trend information. In addition, the information may be displayed graphically or may be used to generate reports and identify metrics that can be monitored in order to improve reliability, efficiency and the like.
    Type: Grant
    Filed: December 14, 2007
    Date of Patent: September 3, 2013
    Assignee: Bank of America Corporation
    Inventors: Jimmy La Grenade, Ajay Barve, Casey A. Harris
  • Patent number: 8490163
    Abstract: A system, method, and computer program product enforce a universal security policy across several systems. In one embodiment, the system comprises a translation module that translates the universal security policy into local security rules enforceable by the security components of the several systems. The system also comprises a policy pushing module that transmits the translated local security rules to each of the several systems. Further, the system can include an analysis module for detecting local security rules in the several systems that are inconsistent with the universal security policy.
    Type: Grant
    Filed: September 8, 2006
    Date of Patent: July 16, 2013
    Assignee: IntApp, Inc.
    Inventors: Dan Harsell, Jeff Armbrecht
  • Patent number: 8477940
    Abstract: A device uses a user authentication factor to generate a symmetric key for use in symmetric cryptography. The user authentication factor is encrypted and stored for authentication during decryption.
    Type: Grant
    Filed: July 15, 2005
    Date of Patent: July 2, 2013
    Assignee: Tyfone, Inc.
    Inventors: Siva G. Narendra, Prabhakar Tadepalli, Thomas N. Spitzer
  • Patent number: 8479262
    Abstract: Various embodiments pertain to managing electronic devices using an electronic device as a root of trust. According to one embodiment, registration information for an electronic device 150 is received 220. The registration information identifies the electronic device 150 and an environment 130 that the electronic device 150 is trusted in. The electronic device150 is specified 230 as a root of trust device 150 for the trusted environment 130 based on the registration information. The root of trust device 150 is specified 240 as the root of trust for a new electronic device 170 based on new information that identifies the root of trust device 150 and identifies the new electronic device 170. The new electronic device 170 is managed 250 using the root of trust device 150 without requiring the user of the root of trust device 150 and the new electronic device 170 to configure any electronic devices.
    Type: Grant
    Filed: October 31, 2008
    Date of Patent: July 2, 2013
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Osvaldo Diaz, Mamoun Abu-Samaha