Patents Examined by Daniel Potratz
  • Patent number: 10084777
    Abstract: The invention discloses a secure data processing method and system, wherein the secure data processing method comprises the following steps of: a security control server receiving a data upload request from a terminal, and obtaining a file feature, an identification code of the terminal and a directory path of a file with the file feature in the terminal comprised in the data upload request; the security control server judging whether the terminal is a trustable machine and/or judging whether the directory path is a credit directory according to the identification code and/or the directory path, and if the terminal is a trustable machine and/or the directory path is a credit directory, adding the uploaded file feature into a security database, or otherwise, not adding it into the security database; the trustable machine is a terminal in which data is considered as secure data. The invention further provides a secure data processing system implementing the foregoing method.
    Type: Grant
    Filed: September 17, 2013
    Date of Patent: September 25, 2018
    Assignee: Beijing Qihoo Technology Company Limited
    Inventor: Jiazhu Zhang
  • Patent number: 10044722
    Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving a support request from a requester, and obtaining a policy for evaluating administrative privileges required for fulfilling the request where the policy is based on a history of actions of the requester. Receiving a system access request for access to digital content, where the system access request is associated with the support request, and providing an access control decision based on the policy.
    Type: Grant
    Filed: April 2, 2015
    Date of Patent: August 7, 2018
    Assignee: SAP SE
    Inventors: Paul El Khoury, Oliver Kling
  • Patent number: 10027683
    Abstract: A method for encrypting a message is described in which a public key and a private key are generated. The public key is encrypted using a shared symmetric key shared with an agent. The private key is encrypted using a private symmetric key. The encrypted public key is sent to the agent and decrypted by the agent with the shared symmetric key. A message encrypted with the shared symmetric key is received from the agent, and is decrypted using the shared symmetric key.
    Type: Grant
    Filed: July 28, 2015
    Date of Patent: July 17, 2018
    Inventors: Spencer Bruce, Boris Kozorovitzky, Doron Levi
  • Patent number: 9973477
    Abstract: A method for requesting an object by means of a client system, which is coupled to a server system operatively via a communications network is provided, wherein a server means of the server system receives via the communications network a request message from an electronic document displayed at a client system, the request message comprises at least a first parameter, which identifies a user of the client system, and a second parameter, which identifies the requested object, the server means evaluates the parameters of the received request message, wherein data for the first parameter assigned to the user and data for the second parameter assigned to the object are determined, wherein the respective data are stored in a storage means of the server system, and after a successful evaluation, the requested object is provided for transmission to the user.
    Type: Grant
    Filed: January 22, 2015
    Date of Patent: May 15, 2018
    Assignee: treefish GmbH
    Inventors: Tim-Florian Schieferstein, Patrick-Emil Zorner, Julia Wiedemann, Georg Muller
  • Patent number: 9954861
    Abstract: Novel tools and techniques might provide for implementing application, service, and/or content access control. Based at least in part on a consumer's choice of applications, services, content, and/or content providers—particular in exchange for a subsidy on content and/or network access fees provided to the consumer by chosen content providers—, a computing system may determine whether access to applications, services, and/or content not associated with the chosen content providers (“other content”) should be allowed or restricted. If restricted, the computing system might utilize various network access techniques and/or technologies to block the consumer's access to the other content, to allow access to the other content on a charge per access basis, or to allow access to the other content at reduced network access speeds. In some embodiments, an access provider (e.g., an Internet service provider, etc.) might perform both determination and implementation of content access and restriction.
    Type: Grant
    Filed: January 21, 2015
    Date of Patent: April 24, 2018
    Assignee: CenturyLink Intellectual Property LLC
    Inventors: Michael J. Fargano, Charles I. Cook, Kevin M. McBride, John T. Pugaczewski
  • Patent number: 9954878
    Abstract: A network surveillance system, including a management server within a network of resources in which users access the resources in the network based on credentials, including a deployment module planting honeytokens in resources in the network, wherein a honeytoken is an object in memory or storage of a first resource that may be used by an attacker to access a second resource using decoy credentials, and wherein the deployment module plants a first honeytoken in a first resource, R1, used to access a second resource, R2, using first decoy credentials, and plants a second honeytoken in R2, used to access a third resource, R3, using second decoy credentials, and an alert module alerting that an attacker is intruding the network only in response to both an attempt to access R2 using the first decoy credentials, and a subsequent attempt to access R3 using the second decoy credentials.
    Type: Grant
    Filed: June 7, 2016
    Date of Patent: April 24, 2018
    Inventors: Shlomo Touboul, Hanan Levin, Stephane Roubach, Assaf Mischari, Itai Ben David, Itay Avraham, Adi Ozer, Chen Kazaz, Ofer Israeli, Olga Vingurt, Liad Gareh, Israel Grimberg, Cobby Cohen, Sharon Sultan, Matan Kubovsky
  • Patent number: 9954848
    Abstract: A system implemented on a server computer for managing digital certificates includes a certificate management agent module, a digital certificate processing module and a configuration module. The certificate management agent module processes requests to create a plurality of certificate management agents. Each of the certificate management agents is configured to manage a lifecycle of a digital certificate for a client electronic device. The digital certificate processing module processes requests from the certificate management agent module for digital certificates for the plurality of certificate management agents. The configuration module receives and processes configuration parameters for the certificate management agents and for the digital certificates.
    Type: Grant
    Filed: April 4, 2014
    Date of Patent: April 24, 2018
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Andrei Stoica, Sumit Murarka, Michael Peter Ridilla, Samir Rameshchandra Sanghvi, Jerome Pradier
  • Patent number: 9946852
    Abstract: A portable hardware device such as a USB memory stick is used to provide parental locking functionality to a computer. When the device is coupled to the computer, the computer is unlocked and allowed to operate normally. When the device is not coupled to the computer, the computer is locked, and some or all of the computing functionality is blocked. This enables parents to lock and unlock a child's computer with a “key.” A detecting module detects the coupling and uncoupling of devices to the computer. When a device is coupled to the computer, an identifying module identifies the device by reading its unique identifier, and determining whether the coupled device is the one being used as the key. If so, the computer is unlocked, and allowed to operate. If not, a blocking module blocks at least some capabilities of the computer.
    Type: Grant
    Filed: October 20, 2009
    Date of Patent: April 17, 2018
    Assignee: Symantec Corporation
    Inventors: Shaun Cooley, Rowan Trollope
  • Patent number: 9948646
    Abstract: A method of establishing connectivity between a mobile network operator (MNO) and a machine type communications (MTC) service provider. A machine type communications interworking function (MTC-IWF) Proxy is hosted on an IPX network service. MTC-IWF Proxy is connected to a MTC-IWF of the MNO and is also connected to a Service Capacities Center (SCS) of the MTC service provider. MTC-IWF Proxy connects to the MNO and the MTC service providers via trigger-service provider (Tsp) interface. Identity mapping services are provided between a first set of subscriber identifiers used by the MNO and a second set of subscriber identities used by the MTC service provider. The MTC-IWF Proxy hides the internal topology and relays signaling protocols used over a Tsp interface, thus enabling the MTC service providers and MNOs communicate without modifying their internal signaling protocols.
    Type: Grant
    Filed: July 10, 2017
    Date of Patent: April 17, 2018
    Assignee: Syniverse Technologies, LLC
    Inventors: Danh Lai, Prashant Datar, Rob Simonelli
  • Patent number: 9946876
    Abstract: A plurality of data files is received. Thereafter, each file is represented as an entropy time series that reflects an amount of entropy across locations in code for such file. A wavelet transform is applied, for each file, to the corresponding entropy time series to generate an energy spectrum characterizing, for the file, an amount of entropic energy at multiple scales of code resolution. It can then be determined, for each file, whether or not the file is likely to be malicious based on the energy spectrum. Related apparatus, systems, techniques and articles are also described.
    Type: Grant
    Filed: August 12, 2016
    Date of Patent: April 17, 2018
    Assignee: Cylance Inc.
    Inventors: Michael Wojnowicz, Glenn Chisholm, Matthew Wolff, Derek A. Soeder, Xuan Zhao
  • Patent number: 9934373
    Abstract: In some implementations, a system may control an environment in which biometric data is entered when a user enrolls data for a user account or authenticates after having enrolled user data. Enrollment and/or authentication may be required to occur under one or more conditions. In some implementations, data from an electronic device associated with a user may be used to determine whether conditions on enrollment and/or authentication have been satisfied.
    Type: Grant
    Filed: January 23, 2015
    Date of Patent: April 3, 2018
    Inventors: Siamak Ziraknejad, Ren-Jay Huang, Elaine Li, Hector Vazquez, Peng Xiao
  • Patent number: 9928353
    Abstract: In an approach for automated vehicle authorization. A processor receives a first set of credentials from at least a first near field communication device, wherein the first set of credentials indicates information about a person. A processor receives a second set of credentials from at least a second near field communication device, wherein the second set of credentials indicates information about a vehicle. A processor compares the first set of credentials to the second set of credentials. A processor determines whether the person indicated by the first set of credentials has authority to operate the vehicle, based on, at least, the comparison of the first set of credentials to the second set of credentials.
    Type: Grant
    Filed: August 3, 2015
    Date of Patent: March 27, 2018
    Assignee: International Business Machines Corporation
    Inventors: Derek R. Brewer, Kerry M. Langford, Robert D. Wilhelm
  • Patent number: 9923909
    Abstract: A trigger event monitoring system is provided in one or more virtual assets. One or more trigger parameters, including security threat patterns, are defined and trigger data is generated. The one or more trigger monitoring systems are used to monitor extrusion and intrusion capabilities and self-monitored trigger events that may harm or otherwise leave a virtual asset in a vulnerable state. In one embodiment, trigger events and monitoring of at least a portion of message traffic sent to, or sent from, the one or more virtual assets are initiated and/or performed to detect any message including one or more of the one or more of the trigger parameters. Any message meeting the one or more trigger parameters is identified as a potential security threat and is assigned a threat score, which is provided to the virtual asset. Various corrective actions may take place.
    Type: Grant
    Filed: April 28, 2017
    Date of Patent: March 20, 2018
    Assignee: Intuit Inc.
    Inventors: M. Shannon Lietz, Luis Felipe Cabrera
  • Patent number: 9894118
    Abstract: Access to a user profile of a user device at a location may be provided to a destination device upon detecting that the location is within a proximity of a destination location. An expiring token may be generated, associated with the user profile, and communicated to the second device. Access to the user profile provided to the destination device may be terminated upon an expiration of the expiring token.
    Type: Grant
    Filed: January 17, 2014
    Date of Patent: February 13, 2018
    Assignee: International Business Machines Corporation
    Inventors: Lisa Seacat DeLuca, Lydia M. Do, Geetika T. Lakshmanan
  • Patent number: 9894046
    Abstract: A method of operating a server comprises receiving an authorization request comprising a password, accessing an expiry date for the password, transmitting a response comprising the expiry date, ascertaining whether the password has expired, and receiving a new password, if the password has expired. Optionally, the transmitted response further comprises a date representing the last use of the password and/or an integer value representing a retry parameter.
    Type: Grant
    Filed: April 4, 2017
    Date of Patent: February 13, 2018
    Inventor: Peter E. Havercan
  • Patent number: 9893895
    Abstract: Techniques for electronic signature processes are described. Some embodiments provide an electronic signature service (“ESS”) configured to facilitate the creation, storage, and management of electronic signature documents. In one embodiment, an electronic signature document may be associated with custody transfer rules that facilitate transfers of custody of an electronic signature document from one user or party to another. A custody transfer may results in a transfer of rights or capabilities to operate upon (e.g., modify, view, send, delete) an electronic signature document and/or its associated data. A custody transfer rule may be trigged by the occurrence of a particular event, such as the receipt of an electronic signature.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: February 13, 2018
    Assignee: DocuSign, Inc.
    Inventors: Donald G. Peterson, Douglas P. Rybacki, Duane E. Wald
  • Patent number: 9871655
    Abstract: A method for deriving a verification token from a credential may be provided. The credential may be a set of attributes certified by an issuer to a user using a public key of the issuer. The method may comprise generating the verification token out of the credential and binding the verification token to a context string, wherein the verification token may comprise at least one commitment. A commitment may be a blinded version of an attribute. The method may also comprise generating an opening key for the verification token enabling a generation of a confirmation for a validity of the attribute.
    Type: Grant
    Filed: January 10, 2017
    Date of Patent: January 16, 2018
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Anja Lehmann, Gregory Neven
  • Patent number: 9866389
    Abstract: Disclosed herein are techniques and systems for transmitting a multi-broadcast signal from a wireless broadcasting device (or beacon) as part of a beacon recognition process. Specifically, the multi-broadcast signal may be in the form of multiple packets that are broadcast from the beacon within a recognition time period. A process may include creating a first packet having a first identifier (ID) and a randomly generated value, broadcasting the first packet from the beacon, generating a second ID based at least in part on the randomly generated value included in the first packet, and broadcasting, within a period of time from the broadcast of the first packet, a second packet having the second ID and a device ID that uniquely identifies the beacon. A mobile device in proximity to the beacon may include logic to detect and interpret a multi-broadcast signal from the beacon.
    Type: Grant
    Filed: January 22, 2015
    Date of Patent: January 9, 2018
    Assignee: FOOTMARKS, INC.
    Inventors: Ryan Preston Reed, Casey Roger Graika
  • Patent number: 9853997
    Abstract: A malware detection system and method detects changes in host behavior indicative of malware execution. The system uses linear discriminant analysis (LDA) for feature extraction, multi-channel change-point detection algorithms to infer malware execution, and a data fusion center (DFC) to combine local decisions into a host-wide diagnosis. The malware detection system includes sensors that monitor the status of a host computer being monitored for malware, a feature extractor that extracts data from the sensors corresponding to predetermined features, local detectors that perform malware detection on each stream of feature data from the feature extractor independently, and a data fusion center that uses the decisions from the local detectors to infer whether the host computer is infected by malware.
    Type: Grant
    Filed: April 14, 2015
    Date of Patent: December 26, 2017
    Assignee: Drexel University
    Inventors: Raymond Joseph Canzanese, Jr., Spiros Mancoridis, Moshe Kam
  • Patent number: 9843933
    Abstract: A method of accessing, in a mobile communication device, an application issued by a Service Provider from a trusted application, also known as a wallet. A secure element, such as a SmartMX device, comprises a service manager that manages the application and a link between the application and an application-codec issued by the Service Provider, wherein the application-codec is designed for interfacing between the service manager and the application, for processing an access request requesting access to the application received from the service manager and, triggered by the wallet, accessing the application via the service manager by means of the link between the application and the application-codec, such that the application-codec linked with the respective application performs accessing the application under control of the service manager.
    Type: Grant
    Filed: January 8, 2015
    Date of Patent: December 12, 2017
    Assignee: NXP B.V.
    Inventors: Alexandre Corda, Dominique Brule, Mathew Smith