Patents Examined by Darren Schwartz
  • Patent number: 7899189
    Abstract: The present invention includes one or more clients in communication with a server. The client desires to send a storage construct to the server for storage. The client negotiates a transmission key with the server. The client generates a storage key associated specifically with the storage construct. The client encrypts the storage construct using the storage key and encrypts the storage key using the transmission key. The encrypted storage construct and encrypted storage key are sent to the server. The server decrypts the storage key using the transmission key. The server stores the storage construct on a storage device separate from a storage device storing the storage key. Preferably, any changes to the storage construct location, the storage key location, or the storage construct name are tracked and proper modifications are made to an association relating the location of the storage construct and the location for the corresponding storage key.
    Type: Grant
    Filed: December 9, 2004
    Date of Patent: March 1, 2011
    Assignee: International Business Machines Corporation
    Inventors: Colin Scott Dawson, Kenneth Eugene Hannigan, Glen Hattrup, Avishai Haim Hochberg, Donald Warren, Christopher Zaremba
  • Patent number: 7895650
    Abstract: File system based risk profile transfer is disclosed. A request to access an object stored in memory is received from a requesting service, application, or other process. An object risk profile associated with the object, which profile comprises data indicating a level of risk associated with a prior service, application, or other process that previously created or modified the stored object, is accessed. The level of risk reflected in the object risk profile is factored into a process risk profile associated with the requesting service, application, or other process. A security measure to protect the requesting service, application, or other process is deployed based at least in part on the process risk profile.
    Type: Grant
    Filed: December 15, 2004
    Date of Patent: February 22, 2011
    Assignee: Symantec Corporation
    Inventor: William E. Sobel
  • Patent number: 7891008
    Abstract: Tampering with pieces of software is inhibited. Profiles are stored in a central hierarchical database and such profiles are protected from tampering. The obfuscation of a software image so as to becloud the comprehension of hackers in reverse engineering pieces of software comprising the software image is provided. A process of verifying whether the pieces of software together constitute a software package that requires protection from tampering is also provided.
    Type: Grant
    Filed: February 17, 2005
    Date of Patent: February 15, 2011
    Assignee: Microsoft Corporation
    Inventors: Erik Fortune, Wei Wu, Julie D Bennett, Mohammed El-Gammal
  • Patent number: 7877605
    Abstract: A computer-based system securely transmitting and authenticating a transaction input by a user while retaining the anonymity of the user with respect to content of the transaction, including a device encoding the content of the transaction input by the user with a key known only to another device, encoding other portions of the transaction with another key known only to a secure transaction server, and sending the encoded content of the transaction and the encoded other portions of the transaction to the secure transaction server to authenticate an identity of the user of the device, wherein the secure transaction server decodes the other portions of the transaction and sends the encoded content of the transaction to the another device to be finally decoded.
    Type: Grant
    Filed: January 25, 2005
    Date of Patent: January 25, 2011
    Assignee: Fujitsu Limited
    Inventors: Yannis Labrou, Lusheng Ji, Jonathan Russell Agre, Jesus Molina Terriza
  • Patent number: 7849514
    Abstract: A system and method for securing data on a mass storage device. A centralized device permission store contains device identifiers for the mass storage devices to be secured along with keys of a symmetric cipher that have been encrypted with public keys or pass phrases of authorized users of the devices. A list of these users also contained in the store. A helper module provides the private key or pass phrase, for imported keys, needed to decrypt the key of the symmetric cipher, which is used to encrypt and decrypt blocks of data stored on the mass storage device. When a read request is made, a protection module intercepts the request, obtains the block from the mass storage device and decrypts the block. When a write request is made, the protection module intercepts the request, encrypts the block and has it stored on the mass storage device.
    Type: Grant
    Filed: April 22, 2005
    Date of Patent: December 7, 2010
    Assignee: Lumension Security, Inc.
    Inventors: Viacheslav Usov, Andrey Kolishchak
  • Patent number: 7841012
    Abstract: A method and a system for processing multicast services, binding each user to a default profile for separately configuring the authority over programs for the user and a right suite profile which prefabricates combination of programs and authority, directly forwarding a program to the superuser; for a non-superuser, acquiring authority over the program by traversing all profiles to which the user is bound, not forwarding the program if the user does not have the authority over the program; if the user has the authority over the program, forwarding a program stream to the user in the case that the program stream has been forwarded to the multicast service processing system. By the invention, the flexibility of multicast service processing is improved, individualized services of a user are implemented. The invention also provides a mode for processing a superuser, which provides real highly efficient and convenient privilege processing to the superuser.
    Type: Grant
    Filed: July 19, 2007
    Date of Patent: November 23, 2010
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Xiaofeng Huang
  • Patent number: 7836299
    Abstract: A virtual PCR (VPCR) construct is provided that can be cryptographically tagged as optionally resettable or as enduring for the life of a client (process, virtual machine, and the like) and that can be loaded into a resettable hardware PCR to make use of the functionality of a Trusted Platform Module (TPM). The VPCRs may cryptographically reflect their characteristics (resettable or not) in their stored values. Also, since the PCRs are virtualized, they are (effectively) unlimited in number and may be given general names (UUIDs) that are less likely to collide. The VPCRs can be loaded into a physical PCR as needed, but in a way that stops one piece of software from impersonating another piece of software. The VPCRs thus enable all software using the TPM to be given access to TPM functionality (sealing, quoting, etc.) without security concerns.
    Type: Grant
    Filed: March 15, 2005
    Date of Patent: November 16, 2010
    Assignee: Microsoft Corporation
    Inventors: Paul England, Matthew C. Setzer
  • Patent number: 7836305
    Abstract: A temporary-identity-storage method for user equipment includes receiving authentication challenge information and at least one temporary identity, processing the authentication challenge information, and determining whether the processing step results in successful authentication. The user equipment includes mobile equipment and a subscriber identity module. Responsive to a determination that the authentication was successful, the received at least one temporary identity is considered to be valid. If the received at least one temporary identity is at least one pseudonym and an appropriate data file to the store the at least one pseudonym is available in the subscriber identity module, the at least one pseudonym is stored and any previously-stored pseudonym is over-written in the subscriber identity module.
    Type: Grant
    Filed: March 15, 2005
    Date of Patent: November 16, 2010
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventor: Christian Herrero VerĂ³n
  • Patent number: 7831823
    Abstract: The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node.
    Type: Grant
    Filed: July 12, 2007
    Date of Patent: November 9, 2010
    Assignee: Intertrust Technologies Corp.
    Inventors: Karl L. Ginter, Victor H. Shear, Francis J. Spahn, David M. Van Wie
  • Patent number: 7831840
    Abstract: A system and method are provided for codifying security concerns into a user interface. An application launching a window may be determined, and the security attributes associated with the application may be ascertained. If the security attributes indicate that the application is insecure, the window may be visually and/or behaviorally modified to reflect the level of security of the application.
    Type: Grant
    Filed: January 28, 2005
    Date of Patent: November 9, 2010
    Assignee: Novell, Inc.
    Inventors: Robert Love, Nat Friedman
  • Patent number: 7826610
    Abstract: The invention concerns a method to secure an electronic assembly implementing any algorithm against attacks by error introduction. The method according to the invention consists in performing an additional calculation using a verification function on at least one intermediate result in order to obtain a calculation signature and in performing a least once more all or part of the calculation in order to recalculate said signature and compare them in order to detect a possible error.
    Type: Grant
    Filed: July 7, 2003
    Date of Patent: November 2, 2010
    Assignee: Gemalto SA
    Inventors: Mehdi-Laurent Akkar, Louis Goubin
  • Patent number: 7827414
    Abstract: A library of a PC is easily synchronized with recorded contents of a disc loaded into a recording and reproducing apparatus (PD). The PC has a dynamic group and a database. Contents of the dynamic group are, dynamically changed. The dynamic group is correlated with the ID of the disc on which the contents of the dynamic group have been recorded. When the CP and the PD are connected, the ID of the disc loaded into the PD is read. The database is referenced for the ID of the disc. When there is a corresponding dynamic group, the dynamic group is compared with the recorded contents of the disc. Contents that exist in the dynamic group and that do not exist on the disc are checked out to the disc. In contrast, contents that exist on the disc and that do not exist in the dynamic group are checked in to the PC. In addition, the reproduction order of contents of the dynamic group is reflected to contents of the disc.
    Type: Grant
    Filed: June 8, 2004
    Date of Patent: November 2, 2010
    Assignee: Sony Corporation
    Inventor: Takashi Kawakami
  • Patent number: 7822205
    Abstract: The aim of this invention is to pair a security module with one or more host apparatuses in an environment in which the host module has no connection with the management centre.
    Type: Grant
    Filed: September 19, 2003
    Date of Patent: October 26, 2010
    Assignee: Nagravision S.A.
    Inventors: Rached Ksontini, Marco Sasselli
  • Patent number: 7818568
    Abstract: A console-based multi-user authentication process allows multiple users of a game console to be authenticated together in a single request/reply exchange with an authentication entity. The results of which is the possession of a single ticket that can be used to prove authenticity of multiple authentication principals to one or more online services. Also described is a handshake process that can be used to initially establish an authentication account for each game console, in which the account creation server can trust that a genuine game console is making the request.
    Type: Grant
    Filed: November 30, 2005
    Date of Patent: October 19, 2010
    Assignee: Microsoft Corporation
    Inventors: Boyd C. Multerer, Ling Tony Chen, Darren L. Anderson
  • Patent number: 7810151
    Abstract: A correlation database stores profiling data that describes packet flows within a network. A network device presents a user interface by which a user defines a database trigger to detect database operations that change to the profiling data stored within the correlation database. The network device may maintain a log to record the detected database operations. The database trigger may specify a combination of low-level network elements associated with the packet flows and application-layer elements extracted from application-layer communications reassembled from the packet flows.
    Type: Grant
    Filed: January 27, 2005
    Date of Patent: October 5, 2010
    Assignee: Juniper Networks, Inc.
    Inventor: Kowsik Guruswamy
  • Patent number: 7805760
    Abstract: The branch origin address and branch destination address of a branch instruction (jmp instruction) are stored, a judgment is made as to whether or not a call instruction for calling an instruction code group for executing an external command is associated with the branch destination address, a judgment is made as to whether or not the call destination address is between the branch origin address and the branch destination address if the call instruction is associated with the branch destination address, and information indicating that malicious code was detected is generated if the call destination of the call instruction is between the branch origin address and the branch destination address.
    Type: Grant
    Filed: August 4, 2003
    Date of Patent: September 28, 2010
    Assignee: Secure Ware Inc.
    Inventor: Kazunori Saito
  • Patent number: 7805614
    Abstract: A method for secure identity processing using biometrics is provided. A public key and a unique serial number are received from a BIOTOKEN. A random number is generated. The random number and the unique serial number are transmitted to the BIOTOKEN. A serial number received from the BIOTOKEN is compared with the unique serial number and if there is a match, an encrypted symmetric key, transmitted by the BIOTOKEN, is decrypted using the public key. An encrypted random number and encrypted biometric data associated with a user are decrypted using the decrypted symmetric key. The decrypted random number is compared with the transmitted random number, if there is a match, the decrypted biometric data is validated and the received serial number and the public key are transmitted to a certification authority if the biometric data is validated. An authentication certificate associated with the BIOTOKEN is issued by the certification authority.
    Type: Grant
    Filed: March 31, 2005
    Date of Patent: September 28, 2010
    Assignee: Northrop Grumman Corporation
    Inventors: Kenneth W. Aull, William Gravell, James B. Rekas
  • Patent number: 7805611
    Abstract: A method and system is provided to secure a data transmission from a chip card to an off-card entity. A transport key is generated at the off-card entity. The transport key is transmitted in a secure manner from the off-card entity to the chip card. At the chip card, the transport key is used to encrypt data to be sent from the chip card to the off-card entity. The data having been encrypted at the chip card using the transport key is then transmitted from the chip card to the off-card entity. The off-card entity is capable of decrypting the data received from the chip card through use of the transport key previously generated at the off-card entity.
    Type: Grant
    Filed: December 3, 2004
    Date of Patent: September 28, 2010
    Assignee: Oracle America, Inc.
    Inventors: Oscar Montemayor, Joe T. Wei, Ellen H. Siegel
  • Patent number: 7788504
    Abstract: Subversive DSV (SDSV) sequences of data symbols having a large absolute value of DSV are extremely valuable in the copy protection of optical discs as they can induce uncorrectable read errors. However, very few SDSV sequences of data symbols can be found in multimodal codes such as Eight-to-Sixteen Modulation (ESM) utilised in DVDs. It is required to select data symbols, for encoding using a multimodal code, which are capable of forcing an encoder to produce at least one subversive sequence of code words. A possible code word for a data symbol is selected if the code word has a large absolute value of DSV and there are no alternative code words, or all alternative code words are equivalent, or all alternatives except one are ruled out by RLL rules.
    Type: Grant
    Filed: May 19, 2005
    Date of Patent: August 31, 2010
    Assignee: Rovi Solutions Corporation
    Inventor: Carmen Laura Basile
  • Patent number: 7774849
    Abstract: Methods, systems, and computer program products for detecting and mitigating a denial of service attack in a telecommunications signaling network are provided. According to one method, traffic rate information is monitored on at least two of a plurality of signaling links. If the traffic rate on one of the signaling links exceeds the rate on at least another of the signaling links by a predetermined threshold, a denial of service attack is indicated. In response to indicating a denial of service attack, a user may take mitigating action, such as updating a firewall function to block packets associated with the offending source.
    Type: Grant
    Filed: April 15, 2005
    Date of Patent: August 10, 2010
    Assignee: Tekelec
    Inventors: Travis E. Russell, Peter J. Marsico