Patents Examined by David Garcia Cervetti
  • Patent number: 10320571
    Abstract: Described are examples for authenticating a device including detecting an event related to communications with a trusted platform module (TPM) device, performing, in response to detecting the event, one or more security-related functions with the TPM device, such as generating and/or signing one or more digital certificates, which may be based on one or more keys on the TPM device.
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: June 11, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Artem Alekseyevich Zhurid, Merzin Kapadia
  • Patent number: 10318723
    Abstract: A Central Processing Unit (CPU) comprising an internal Network-On-Chip (NOC) core and multiple internal System-On-Chip (SOC) cores communicates with external CPUs comprising external NOC cores and external SOC cores. The internal NOC core exchanges hardware trust data with the internal SOC cores and the external NOC cores to maintain hardware trust. The internal SOC cores execute Virtual Network Functions (VNFs) and responsively exchange user data with the internal NOC core for the NFV VNFs. The internal NOC core exchanges an allowed portion of the user data for the VNFs among the internal SOC cores and the external NOC cores. The internal NOC core blocks a disallowed portion of the user data to an internal SOC core or an external NOC core when hardware trust fails between the internal NOC core and the individual SOC core or NOC core.
    Type: Grant
    Filed: November 29, 2016
    Date of Patent: June 11, 2019
    Assignee: Sprint Communications Company L.P.
    Inventors: Lyle Walter Paczkowski, Marouane Balmakhtar
  • Patent number: 10311219
    Abstract: Device, system, and method of user authentication utilizing an optical microphone or laser-based microphone. An optical microphone transmits an outgoing optical signal or laser beam towards a face of a human speaker; receives an incoming optical feedback that is reflected back from the face of the human speaker; performs self-mix interferometry that is based on the outgoing optical signal and the incoming reflected optical signal; and generates a user-specific feature or characteristic that uniquely characterizes said human speaker. A user authentication module operates to authenticate the user for performing a privileged or an access-controlled action, based on the user-specific characteristic that was generated, optionally in combination with one or more biometric features or authentication requirements.
    Type: Grant
    Filed: June 7, 2016
    Date of Patent: June 4, 2019
    Inventor: Tal Bakish
  • Patent number: 10305922
    Abstract: Disclosed is a system for detecting security threats in a local network. A security analytics system collects data about entities in the local network. The security analytics system identifies the entities in the raw data and determines a set of properties about each of the identified entities. The entity properties contain information about the entity and can be temporary or permanent properties about the entity. The security analytics system determines relationships between the identified entities and can be determined based on the entity properties for the identified properties. An entity graph is generated that describes the entity relationships, wherein the nodes of the entity graph represent entities and the edges of the entity graph represent entity relationships. The security analytics system provides a user interface to a user that contains the entity graph and the relationships described therein.
    Type: Grant
    Filed: October 21, 2016
    Date of Patent: May 28, 2019
    Assignee: VMware, Inc.
    Inventors: Ravi Kumar Devi Reddy, Srinivas Rao Doddi, Mahendra Kumar Kutare, Christophe Briguet
  • Patent number: 10305688
    Abstract: A cloud-based encryption machine key injection system includes at least one key injection sub-system including a key generation device and a quantum key distribution device connected with the key generation device, and a cloud-based encryption machine hosting sub-system including an encryption machine carrying a virtual encryption device and a quantum key distribution device connected with the encryption machine. The key injection sub-system and the encryption machine hosting sub-system are connected with each other through their respective quantum key distribution devices. The key generation device may generate a root key component of the virtual encryption device and transmit the root key component to the encryption machine. The encryption machine may receive root key components from one or more key generation devices and synthesize a root key of the virtual encryption device in accordance with the received root key components.
    Type: Grant
    Filed: April 20, 2016
    Date of Patent: May 28, 2019
    Inventors: Yingfang Fu, Shuanlin Liu
  • Patent number: 10298605
    Abstract: Methods and systems for security threat detection are disclosed. For example, a virtual machine with a network interface of a plurality of virtual machines includes a plurality of applications including first and second applications. The plurality of applications is associated with a respective plurality of application security modules, including a first and second application security modules associated with the first and second applications. A security policy engine executes on a processor in communication with a network including a network controller. The application security module detects an abnormality with a request to the first application, identifies a source and a mode of the abnormality, and reports the source and the mode to the security policy engine. The security policy engine prevents a further abnormality with the source and/or the mode from affecting the second application and commands the network controller to prevent the source from interacting with the network.
    Type: Grant
    Filed: November 16, 2016
    Date of Patent: May 21, 2019
    Assignee: Red Hat, Inc.
    Inventor: Huamin Chen
  • Patent number: 10298555
    Abstract: A computer system and methods for securing files in a file system with storage resources accessible to an authenticable user using an untrusted client device in a semi-trusted client threat model. Each file is secured in the file system in one or more ciphertext blocks along with the file metadata. Each file is assigned a unique file key FK to encrypt the file. A wrapping key WK assigned to the file is used for encrypting the file key FK to produce a wrapped file key WFK. The file is encrypted block by block to produce corresponding ciphertext blocks and corresponding authentication tags. The authentication tags are stored in the file metadata, along with an ID of the wrapping key WK, wrapped file key WFK, last key rotation time, an Access Control List (ACL), etc. The integrity of ciphertext blocks is ensured by authentication tags and the integrity of the metadata is ensured by a message authentication code (MAC).
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: May 21, 2019
    Assignee: ZETTASET, INC.
    Inventor: Eric A. Murray
  • Patent number: 10296507
    Abstract: A method for enhancing rapid data analysis includes receiving a set of data; storing the set of data in a first set of data shards sharded by a first field; and identifying anomalous data from the set of data by monitoring a range of shard indices associated with a first shard of the first set of data shards, detecting that the range of shard indices is smaller than an expected range by a threshold value, and identifying data of the first shard as anomalous data.
    Type: Grant
    Filed: February 12, 2016
    Date of Patent: May 21, 2019
    Assignee: Interana, Inc.
    Inventors: Robert Johnson, Oleksandr Barykin, Alex Suhan, Lior Abraham, Don Fossgreen
  • Patent number: 10282564
    Abstract: A data segment is encrypted to produce an encrypted data segment. The encrypted data segment is dispersed storage error encoded to produce a set of encoded data slices. Auxiliary data is dispersed storage error encoded to produce a set of encoded auxiliary data slices. A sequence of output slices is generated to obscure the set of encoded data slices by interspersing the set of encoded auxiliary data slices within the set of encoded data slices.
    Type: Grant
    Filed: August 5, 2014
    Date of Patent: May 7, 2019
    Assignee: International Business Machines Corporation
    Inventors: S. Christopher Gladwin, Chuck Wilson Templeton, Jason K. Resch, Gary W. Grube
  • Patent number: 10275596
    Abstract: A method and system for activating malicious actions within electronic documents is described. In one embodiment, the method may include receiving, by a processor of a computing device, the electronic document; identifying, by the processor, an object embedded within the electronic document; identifying, by the processor, an action associated with execution of the object; executing, by the processor, the action within a context of rules associated with the object; identifying, by the processor, at least one behavior that results from execution of the action; and determining, by the processor, an existence of at least one malicious element from the identified behavior.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: April 30, 2019
    Assignee: Symantec Corporation
    Inventor: Prashant Gupta
  • Patent number: 10268819
    Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to determine a valid target address for a branch instruction from information stored in a relocation table, a linkage table, or both, the relocation table and the linkage table associated with a binary file and store the valid target address in a table in memory, the valid target address to validate a target address for a translated portion of a routine of the binary file.
    Type: Grant
    Filed: February 13, 2017
    Date of Patent: April 23, 2019
    Inventors: Koichi Yamada, Palanivelrajan Shanmugavelayutham, Sravani Konda
  • Patent number: 10262163
    Abstract: A cryptographic ASIC and method for autonomously storing a unique internal identifier into a one-time programmable memory in isolation by a foundry. The identifier may be determined by calculating a transformed hash of a predetermined input, and may serve as a cryptographically defined and verifiable CpuID for a particular ASIC instance. The CpuID may be derived from an input based on a manufacture date, a wafer lot number, a wafer number, row and column coordinates for a die on a wafer, or other foundry-defined data. The CpuID enables a given ASIC instance to be securely and remotely identified across an untrusted network, and to serve as a specified processor that originates an information stream or a message. The ASIC need not always perform high-speed calculations and so may be relatively simple and inexpensive, and in one embodiment serves as a secure data administrator that manages subscriptions and software updates.
    Type: Grant
    Filed: May 31, 2018
    Date of Patent: April 16, 2019
    Assignee: Blockchain ASICs LLC
    Inventor: Edward L. Rodriguez De Castro
  • Patent number: 10257205
    Abstract: Techniques are disclosed to modify the authentication level of a session providing access to resources. In some embodiments, an access management system is configurable to enable voluntary (e.g., request by a user) or involuntary (e.g., by the access management system) reduce, or “step-down” the authentication level for a session if a lower authentication level exists. For example, an access management system may be configured to enable a user to request a step-down of the authentication level of a session to prevent access to resources at a higher authentication level. By reducing the authentication level to a lower authentication level, a user may be prompted to provide credentials for authentication according to the authentication schemes defined for higher authentication levels. These techniques can reduce, if not prevent, unauthorized access to protected resources by challenging a user for credentials to authenticate to higher authentication levels.
    Type: Grant
    Filed: October 14, 2016
    Date of Patent: April 9, 2019
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Ramya Subramanya, Aarathi Balakrishnan, Vipin Anaparakkal Koottayi, Madhu Martin
  • Patent number: 10257243
    Abstract: A system and method for sharing electronic content. A sending user can specify one or more criteria that a recipient memory device must have to store the content. The sending user can also specify a digital rights management control that can be associated with the content. The content can be transferred to the recipient if the recipient memory device has the specified properties. Software at the recipient can ensure that the content is handled in accordance with the digital rights management controls specified by the sender.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: April 9, 2019
    Inventors: Damian Franken Manning, Jon Walter Lowy
  • Patent number: 10248806
    Abstract: An information processing apparatus manages a plurality of content items, keywords associated with the plurality of content items respectively, and authorities set to associations between the keywords and the content items, obtains a keyword and identification information of a user, input by an operation of the user, searches for a content item associated with the input keyword among the managed plurality of content items, and decides whether the searched content item should be provided to the user or whether provision should be restricted, based on identification information of the user and an authority set for an association between the input keyword and the searched content item.
    Type: Grant
    Filed: September 8, 2016
    Date of Patent: April 2, 2019
    Inventor: Tomoyuki Kobayashi
  • Patent number: 10241930
    Abstract: For storing data in a data-storage structure of a server computer, an infrastructure is deployed to a server computer. The infrastructure has a forwarder module to receive data from an application and to identify a data portion, a crypto module to encrypt the data portion with a key and key control module adapted to generate and to store the key. The infrastructure is also able to process data in the opposite direction. The key is provided into the key control module upon receiving a key trigger from the client computer.
    Type: Grant
    Filed: March 22, 2018
    Date of Patent: March 26, 2019
    Assignee: eperi GmbH
    Inventor: Elmar Eperiesi-Beck
  • Patent number: 10235532
    Abstract: Examples are provided for device access control. In one example, a computing device to which access is controlled includes a display device for presenting a user interface, a processor, and a storage device storing instructions executable by the processor to, for each of a threshold number of rounds, display a plurality of candidate regions, each candidate region including a plurality of candidate authentication objects, and receive input indicating a device access control response. After performing the threshold number of rounds, the device may selectively allow access based on a number of rounds that included a successful input (e.g., selecting a candidate region that includes an object from an access code).
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: March 19, 2019
    Assignee: Harman International Industries, Incorporated
    Inventor: Jens Scholz
  • Patent number: 10235176
    Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: March 19, 2019
    Assignees: The Charles Stark Draper Laboratory, Inc., The National Institute for Research in Data Processing and Automation
    Inventors: Andre′ DeHon, Eli Boling, Catalin Hritcu
  • Patent number: 10230700
    Abstract: Apparatuses, systems, methods, and program products are disclosed for transaction based networks security. A data module determines a set of data that is common between a first device and a second device. A key module generates, on a first device, a communication key based on a set of data. A message module secures a message sent to a second device from a first device with a communication key. A second device accepts a message in response to a communication key matching a corresponding communication key generated on the second device.
    Type: Grant
    Filed: August 9, 2016
    Date of Patent: March 12, 2019
    Assignee: Lenovo (Singapore) PTE. LTD.
    Inventors: Rod D. Waltermann, Rodrigo Felix de Almeida, Brian Alan Burdette, Timothy Winthrop Kingsbury, Bradley Park Strazisar
  • Patent number: 10231123
    Abstract: A system and a method for communicating over a Bluetooth Low Energy (BLE) connection in a vehicle. The method includes the steps of: establishing a Bluetooth Low Energy (BLE) connection between a mobile device and a BLE system in the vehicle, wherein the establishing step includes receiving first credentials of the mobile device at the BLE system; providing second credentials to the mobile device from the vehicle, wherein the second credentials are different than the first credentials; and receiving a message from the mobile device that is encrypted using the first and second credentials.
    Type: Grant
    Filed: December 7, 2015
    Date of Patent: March 12, 2019
    Assignee: GM Global Technology Operations LLC
    Inventors: Jennifer J. Schussmann, Lynn Saxton, Alessandro Testa, David K. Sayre, Karl B. Leboeuf