Patents Examined by Darren Schwartz
-
Patent number: 7899189Abstract: The present invention includes one or more clients in communication with a server. The client desires to send a storage construct to the server for storage. The client negotiates a transmission key with the server. The client generates a storage key associated specifically with the storage construct. The client encrypts the storage construct using the storage key and encrypts the storage key using the transmission key. The encrypted storage construct and encrypted storage key are sent to the server. The server decrypts the storage key using the transmission key. The server stores the storage construct on a storage device separate from a storage device storing the storage key. Preferably, any changes to the storage construct location, the storage key location, or the storage construct name are tracked and proper modifications are made to an association relating the location of the storage construct and the location for the corresponding storage key.Type: GrantFiled: December 9, 2004Date of Patent: March 1, 2011Assignee: International Business Machines CorporationInventors: Colin Scott Dawson, Kenneth Eugene Hannigan, Glen Hattrup, Avishai Haim Hochberg, Donald Warren, Christopher Zaremba
-
Patent number: 7895650Abstract: File system based risk profile transfer is disclosed. A request to access an object stored in memory is received from a requesting service, application, or other process. An object risk profile associated with the object, which profile comprises data indicating a level of risk associated with a prior service, application, or other process that previously created or modified the stored object, is accessed. The level of risk reflected in the object risk profile is factored into a process risk profile associated with the requesting service, application, or other process. A security measure to protect the requesting service, application, or other process is deployed based at least in part on the process risk profile.Type: GrantFiled: December 15, 2004Date of Patent: February 22, 2011Assignee: Symantec CorporationInventor: William E. Sobel
-
Patent number: 7891008Abstract: Tampering with pieces of software is inhibited. Profiles are stored in a central hierarchical database and such profiles are protected from tampering. The obfuscation of a software image so as to becloud the comprehension of hackers in reverse engineering pieces of software comprising the software image is provided. A process of verifying whether the pieces of software together constitute a software package that requires protection from tampering is also provided.Type: GrantFiled: February 17, 2005Date of Patent: February 15, 2011Assignee: Microsoft CorporationInventors: Erik Fortune, Wei Wu, Julie D Bennett, Mohammed El-Gammal
-
Patent number: 7877605Abstract: A computer-based system securely transmitting and authenticating a transaction input by a user while retaining the anonymity of the user with respect to content of the transaction, including a device encoding the content of the transaction input by the user with a key known only to another device, encoding other portions of the transaction with another key known only to a secure transaction server, and sending the encoded content of the transaction and the encoded other portions of the transaction to the secure transaction server to authenticate an identity of the user of the device, wherein the secure transaction server decodes the other portions of the transaction and sends the encoded content of the transaction to the another device to be finally decoded.Type: GrantFiled: January 25, 2005Date of Patent: January 25, 2011Assignee: Fujitsu LimitedInventors: Yannis Labrou, Lusheng Ji, Jonathan Russell Agre, Jesus Molina Terriza
-
Patent number: 7849514Abstract: A system and method for securing data on a mass storage device. A centralized device permission store contains device identifiers for the mass storage devices to be secured along with keys of a symmetric cipher that have been encrypted with public keys or pass phrases of authorized users of the devices. A list of these users also contained in the store. A helper module provides the private key or pass phrase, for imported keys, needed to decrypt the key of the symmetric cipher, which is used to encrypt and decrypt blocks of data stored on the mass storage device. When a read request is made, a protection module intercepts the request, obtains the block from the mass storage device and decrypts the block. When a write request is made, the protection module intercepts the request, encrypts the block and has it stored on the mass storage device.Type: GrantFiled: April 22, 2005Date of Patent: December 7, 2010Assignee: Lumension Security, Inc.Inventors: Viacheslav Usov, Andrey Kolishchak
-
Patent number: 7841012Abstract: A method and a system for processing multicast services, binding each user to a default profile for separately configuring the authority over programs for the user and a right suite profile which prefabricates combination of programs and authority, directly forwarding a program to the superuser; for a non-superuser, acquiring authority over the program by traversing all profiles to which the user is bound, not forwarding the program if the user does not have the authority over the program; if the user has the authority over the program, forwarding a program stream to the user in the case that the program stream has been forwarded to the multicast service processing system. By the invention, the flexibility of multicast service processing is improved, individualized services of a user are implemented. The invention also provides a mode for processing a superuser, which provides real highly efficient and convenient privilege processing to the superuser.Type: GrantFiled: July 19, 2007Date of Patent: November 23, 2010Assignee: Huawei Technologies Co., Ltd.Inventor: Xiaofeng Huang
-
Patent number: 7836299Abstract: A virtual PCR (VPCR) construct is provided that can be cryptographically tagged as optionally resettable or as enduring for the life of a client (process, virtual machine, and the like) and that can be loaded into a resettable hardware PCR to make use of the functionality of a Trusted Platform Module (TPM). The VPCRs may cryptographically reflect their characteristics (resettable or not) in their stored values. Also, since the PCRs are virtualized, they are (effectively) unlimited in number and may be given general names (UUIDs) that are less likely to collide. The VPCRs can be loaded into a physical PCR as needed, but in a way that stops one piece of software from impersonating another piece of software. The VPCRs thus enable all software using the TPM to be given access to TPM functionality (sealing, quoting, etc.) without security concerns.Type: GrantFiled: March 15, 2005Date of Patent: November 16, 2010Assignee: Microsoft CorporationInventors: Paul England, Matthew C. Setzer
-
Patent number: 7836305Abstract: A temporary-identity-storage method for user equipment includes receiving authentication challenge information and at least one temporary identity, processing the authentication challenge information, and determining whether the processing step results in successful authentication. The user equipment includes mobile equipment and a subscriber identity module. Responsive to a determination that the authentication was successful, the received at least one temporary identity is considered to be valid. If the received at least one temporary identity is at least one pseudonym and an appropriate data file to the store the at least one pseudonym is available in the subscriber identity module, the at least one pseudonym is stored and any previously-stored pseudonym is over-written in the subscriber identity module.Type: GrantFiled: March 15, 2005Date of Patent: November 16, 2010Assignee: Telefonaktiebolaget L M Ericsson (Publ)Inventor: Christian Herrero VerĂ³n
-
Patent number: 7831823Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.Type: GrantFiled: July 12, 2007Date of Patent: November 9, 2010Assignee: Intertrust Technologies Corp.Inventors: Karl L. Ginter, Victor H. Shear, Francis J. Spahn, David M. Van Wie
-
Patent number: 7831840Abstract: A system and method are provided for codifying security concerns into a user interface. An application launching a window may be determined, and the security attributes associated with the application may be ascertained. If the security attributes indicate that the application is insecure, the window may be visually and/or behaviorally modified to reflect the level of security of the application.Type: GrantFiled: January 28, 2005Date of Patent: November 9, 2010Assignee: Novell, Inc.Inventors: Robert Love, Nat Friedman
-
Patent number: 7826610Abstract: The invention concerns a method to secure an electronic assembly implementing any algorithm against attacks by error introduction. The method according to the invention consists in performing an additional calculation using a verification function on at least one intermediate result in order to obtain a calculation signature and in performing a least once more all or part of the calculation in order to recalculate said signature and compare them in order to detect a possible error.Type: GrantFiled: July 7, 2003Date of Patent: November 2, 2010Assignee: Gemalto SAInventors: Mehdi-Laurent Akkar, Louis Goubin
-
Patent number: 7827414Abstract: A library of a PC is easily synchronized with recorded contents of a disc loaded into a recording and reproducing apparatus (PD). The PC has a dynamic group and a database. Contents of the dynamic group are, dynamically changed. The dynamic group is correlated with the ID of the disc on which the contents of the dynamic group have been recorded. When the CP and the PD are connected, the ID of the disc loaded into the PD is read. The database is referenced for the ID of the disc. When there is a corresponding dynamic group, the dynamic group is compared with the recorded contents of the disc. Contents that exist in the dynamic group and that do not exist on the disc are checked out to the disc. In contrast, contents that exist on the disc and that do not exist in the dynamic group are checked in to the PC. In addition, the reproduction order of contents of the dynamic group is reflected to contents of the disc.Type: GrantFiled: June 8, 2004Date of Patent: November 2, 2010Assignee: Sony CorporationInventor: Takashi Kawakami
-
Patent number: 7822205Abstract: The aim of this invention is to pair a security module with one or more host apparatuses in an environment in which the host module has no connection with the management centre.Type: GrantFiled: September 19, 2003Date of Patent: October 26, 2010Assignee: Nagravision S.A.Inventors: Rached Ksontini, Marco Sasselli
-
Patent number: 7818568Abstract: A console-based multi-user authentication process allows multiple users of a game console to be authenticated together in a single request/reply exchange with an authentication entity. The results of which is the possession of a single ticket that can be used to prove authenticity of multiple authentication principals to one or more online services. Also described is a handshake process that can be used to initially establish an authentication account for each game console, in which the account creation server can trust that a genuine game console is making the request.Type: GrantFiled: November 30, 2005Date of Patent: October 19, 2010Assignee: Microsoft CorporationInventors: Boyd C. Multerer, Ling Tony Chen, Darren L. Anderson
-
Patent number: 7810151Abstract: A correlation database stores profiling data that describes packet flows within a network. A network device presents a user interface by which a user defines a database trigger to detect database operations that change to the profiling data stored within the correlation database. The network device may maintain a log to record the detected database operations. The database trigger may specify a combination of low-level network elements associated with the packet flows and application-layer elements extracted from application-layer communications reassembled from the packet flows.Type: GrantFiled: January 27, 2005Date of Patent: October 5, 2010Assignee: Juniper Networks, Inc.Inventor: Kowsik Guruswamy
-
Patent number: 7805760Abstract: The branch origin address and branch destination address of a branch instruction (jmp instruction) are stored, a judgment is made as to whether or not a call instruction for calling an instruction code group for executing an external command is associated with the branch destination address, a judgment is made as to whether or not the call destination address is between the branch origin address and the branch destination address if the call instruction is associated with the branch destination address, and information indicating that malicious code was detected is generated if the call destination of the call instruction is between the branch origin address and the branch destination address.Type: GrantFiled: August 4, 2003Date of Patent: September 28, 2010Assignee: Secure Ware Inc.Inventor: Kazunori Saito
-
Patent number: 7805614Abstract: A method for secure identity processing using biometrics is provided. A public key and a unique serial number are received from a BIOTOKEN. A random number is generated. The random number and the unique serial number are transmitted to the BIOTOKEN. A serial number received from the BIOTOKEN is compared with the unique serial number and if there is a match, an encrypted symmetric key, transmitted by the BIOTOKEN, is decrypted using the public key. An encrypted random number and encrypted biometric data associated with a user are decrypted using the decrypted symmetric key. The decrypted random number is compared with the transmitted random number, if there is a match, the decrypted biometric data is validated and the received serial number and the public key are transmitted to a certification authority if the biometric data is validated. An authentication certificate associated with the BIOTOKEN is issued by the certification authority.Type: GrantFiled: March 31, 2005Date of Patent: September 28, 2010Assignee: Northrop Grumman CorporationInventors: Kenneth W. Aull, William Gravell, James B. Rekas
-
Patent number: 7805611Abstract: A method and system is provided to secure a data transmission from a chip card to an off-card entity. A transport key is generated at the off-card entity. The transport key is transmitted in a secure manner from the off-card entity to the chip card. At the chip card, the transport key is used to encrypt data to be sent from the chip card to the off-card entity. The data having been encrypted at the chip card using the transport key is then transmitted from the chip card to the off-card entity. The off-card entity is capable of decrypting the data received from the chip card through use of the transport key previously generated at the off-card entity.Type: GrantFiled: December 3, 2004Date of Patent: September 28, 2010Assignee: Oracle America, Inc.Inventors: Oscar Montemayor, Joe T. Wei, Ellen H. Siegel
-
Patent number: 7788504Abstract: Subversive DSV (SDSV) sequences of data symbols having a large absolute value of DSV are extremely valuable in the copy protection of optical discs as they can induce uncorrectable read errors. However, very few SDSV sequences of data symbols can be found in multimodal codes such as Eight-to-Sixteen Modulation (ESM) utilised in DVDs. It is required to select data symbols, for encoding using a multimodal code, which are capable of forcing an encoder to produce at least one subversive sequence of code words. A possible code word for a data symbol is selected if the code word has a large absolute value of DSV and there are no alternative code words, or all alternative code words are equivalent, or all alternatives except one are ruled out by RLL rules.Type: GrantFiled: May 19, 2005Date of Patent: August 31, 2010Assignee: Rovi Solutions CorporationInventor: Carmen Laura Basile
-
Patent number: 7774849Abstract: Methods, systems, and computer program products for detecting and mitigating a denial of service attack in a telecommunications signaling network are provided. According to one method, traffic rate information is monitored on at least two of a plurality of signaling links. If the traffic rate on one of the signaling links exceeds the rate on at least another of the signaling links by a predetermined threshold, a denial of service attack is indicated. In response to indicating a denial of service attack, a user may take mitigating action, such as updating a firewall function to block packets associated with the offending source.Type: GrantFiled: April 15, 2005Date of Patent: August 10, 2010Assignee: TekelecInventors: Travis E. Russell, Peter J. Marsico