Abstract: A method of performing a cryptographic operation using a cryptographic implementation in a cryptographic system, including: receiving, by the cryptographic system, an identifying string value; receiving, by the cryptographic system, an input message; performing, by the cryptographic system, a keyed cryptographic operation mapping the input message into an output message wherein the output message is the correct result when the identifying string value equals a binding string value.
Abstract: Digital fingerprint generation logic executed by a client device includes quirk-exposing logic configured to expose behavioral differences between various system configurations of client devices. The digital fingerprint generation logic queries a remote client device for system configuration, and generates a digital fingerprint of the client device that includes a system configuration characteristic reported by the client device in response to the query. Results of execution of the quirk-exposing logic are compared to expected results that are specific to the reported system configuration. If the results of execution do not match the expected results, the digital fingerprint is determined to have been spoofed.
Abstract: Aspects of the present invention include an NPG system that can stop the CNA from requesting a login if the system has reached the ACL login limit. In embodiments of the present invention, the number of available logins can be dynamically calculated and sent to the CNA.
Abstract: A method of determining a fingerprint identification of a cryptographic implementation in a cryptographic system, including: receiving, by the cryptographic system, an input message that is a fingerprint identification message; performing, by the cryptographic system, a keyed cryptographic operation mapping the fingerprint identification message into an output message that includes a fingerprint identification; and outputting the output message.
Abstract: Current approaches to managing security intelligence data often address both threat and malicious behavior at the individual computer level, tracked by the Internet Protocol (IP) address. For example, important facts, observed behavior, and other indications that are tracked by security organizations are only tracked with respect to individual IP addresses. Bilateral network inheritance generally refers to inheriting a variety of attributes from parents to children and from children to parents in a computer network hierarchy. The computer network hierarchy may comprise various entities such as, for example, top level entities, autonomous systems, address ranges, and individual IP addresses.
Type:
Grant
Filed:
February 10, 2014
Date of Patent:
September 27, 2016
Assignee:
Lookingglass Cyber Solutions, Inc.
Inventors:
Jason A. Lewis, Kenneth B. Hoxworth, Christopher D. Coleman, Derek M. Gabbard
Abstract: An information processing system includes a receiving unit and a determining unit. The receiving unit receives an application request to request an application for a service. The application request includes first information identifying a type of the service. When the receiving unit receives the application request, the determining unit determines third information indicating an authority to use the service by combining the first information included in the application request and second information used for identifying a user to whom the service is to be provided.
Abstract: A method and apparatus for controlling access to documents retained by a document management and collaboration system is disclosed. The document management and collaboration system may generate one or more suggested privileges associated with one or more users. An access control policy may specify whether system-generated user privileges may be enforced. If they are enforced, access to one or more document may be made subject to the generated privileges.
Type:
Grant
Filed:
February 7, 2014
Date of Patent:
September 20, 2016
Assignee:
Amazon Technologies, Inc.
Inventors:
Wei Lien Stephen Dang, Cynthia Zhang Taylor, Arun Ponniah Sethuramalingam, Catherine Emily Harrell, Sharad Kala, Liangliang Wang, Kevin Gillett, Nandhini Nandiwada Santhanam, Nagesh Pradhan Cadabam, Noah Anthony Eisner, Stephen Joseph Oakley, Himanshu Khurana
Abstract: Technologies are generally described to provide a fail-safe licensing system. An example system may include a quorum detection module of an instance of a software program configured to query a licensing queue corresponding to the software program for messages to determine a number of active instances of the software program. Based on a comparison of the determined number of active instances and a maximum number of allowed instances of the software program, the quorum detection module may be configured to determine whether the instance of the software program is authorized. In response to a determination that the instance of the software program is authorized, the quorum detection module may generate a unique instance identification tag and post a message to the licensing queue, where the message includes an indication that the instance of the software program is active and an indication of the generated unique instance identification tag.
Abstract: An electronic system 100 for generating a cryptographic key, the system comprising a memory 110 used as a physically unclonable function, the memory being writable, volatile and configured such that upon each powering-up of the memory the memory settles into a memory content which depends upon at least partially random physical characteristics of the memory, the memory being accessible through a memory interface, and a key derivation unit 150 configured to derive the cryptographic key from the memory content into which the memory settled, wherein the electronic system for generating a cryptographic key further comprises, a memory read-out unit connected to the memory through the memory interface and to the key derivation unit, the memory read-out unit comprising an address scrambler 140 for retrieving the memory content over the memory interface in a scrambled order.
Abstract: System and methods for a membership-based service or network to enable access to membership-related services are provided. A portal application for members, which is accessible via a mobile device of a member, transforms the mobile device of the member into a membership card, an instrument to provide information employable to access membership services, and an apparatus to access the membership-related services. A membership management server supports the portal application and facilitates provision of services to members by a membership provider.
Abstract: There is disclosed a method and system for use in authenticating an entity. An entity location history is stored comprising a historical record of locations visited by the entity. An authentication request is received from the entity. A pattern of recent locations visited by the entity indicative of irregular behavior is detected. An analysis is performed between the pattern of recent locations indicative of irregular behavior and the entity location history for establishing the riskiness of the authentication request. An authentication result is generated based on the analysis between the pattern of recent locations indicative of irregular behavior and the entity location history.
Type:
Grant
Filed:
June 29, 2012
Date of Patent:
August 2, 2016
Assignee:
EMC Corporation
Inventors:
Daniel V. Bailey, Lawrence N. Friedman, Yedidya Dotan, Samuel Curry
Abstract: Context captured with sensors of an information handling system is applied to selectively lock access to currently unlocked information, with conditions for locking access based upon the context. Nervous states enforce locking of selected information based upon the confidence of the security of the information under sensed external conditions. Increased sensitivity for locking access includes reduced timeouts to a lock command, increased response to sensed conditions, and more rapid response where unlocked access is to sensitive information.
Type:
Grant
Filed:
November 8, 2013
Date of Patent:
July 26, 2016
Assignee:
Dell Products L.P.
Inventors:
Charles D. Robison, Liam B. Quinn, Rocco Ancona
Abstract: A particular method includes initiating, at an analyzer, execution of a software component at a first computing device. The first computing device includes hardware components and sensors. The sensors are external to the hardware components. A first hardware component of the hardware components is coupled to a second hardware component of the hardware components. A first sensor of the sensors is configured to monitor communications between the first hardware component and the second hardware component. The method also includes receiving monitoring data, from the first sensor, regarding a communication between the first hardware component and the second hardware component. The method further includes analyzing first effects of executing the software component on the first computing device based at least partially on the monitoring data.
Type:
Grant
Filed:
April 30, 2014
Date of Patent:
July 19, 2016
Assignee:
The Boeing Company
Inventors:
Shaun S. Kospiah, Brian C. Grubel, Brett W. Snare
Abstract: Systems, methods, and apparatus are provided for generating verification data that may be used for validation of a wireless transmit-receive unit (WTRU). The verification data may be generated using a tree structure having protected registers, represented as root nodes, and component measurements, represented as leaf nodes. The verification data may be used to validate the WTRU. The validation may be performed using split-validation, which is a form of validation described that distributes validation tasks between two or more network entities. Subtree certification is also described, wherein a subtree of the tree structure may be certified by a third party.
Type:
Grant
Filed:
February 2, 2015
Date of Patent:
June 28, 2016
Assignee:
InterDigital Patent Holdings, Inc.
Inventors:
Andreas Schmidt, Andreas Leicher, Inhyok Cha, Sudhir B Pattar, Yogendra C Shah
Abstract: A method of enforcing security settings in a cryptographic system, including: receiving, by the cryptographic system, a first input message associated with a first security setting of a plurality of security settings; performing, by the cryptographic system, a keyed cryptographic operation mapping the first input message into a first output message, wherein the keyed cryptographic operation produces a correct output message when the cryptographic system is authorized for the first security setting, wherein each of the plurality of security settings has an associated set of input messages wherein the sets of input messages do not overlap.
Abstract: Context captured with sensors of an information handling system is applied to selectively lock access to currently unlocked information, with conditions for locking access based upon the context. Nervous states enforce locking of selected information based upon the confidence of the security of the information under sensed external conditions. Increased sensitivity for locking access includes reduced timeouts to a lock command, increased response to sensed conditions, and more rapid response where unlocked access is to sensitive information.
Type:
Grant
Filed:
November 8, 2013
Date of Patent:
June 28, 2016
Assignee:
Dell Products L.P.
Inventors:
Charles D. Robison, Liam B. Quinn, Rocco Ancona
Abstract: The present disclosure discloses method and device for prompting program uninstallation and belongs to the field of the Internet. The method comprises: performing a security assessment of an application program installed on a mobile terminal, thereby obtaining a security assessment result; obtaining security identification information corresponding to the security assessment result based on pre-stored correlations between security assessment results and security identification information; establishing a correlation between the obtained security identification information and the application program, and displaying the correlation to a user.
Type:
Grant
Filed:
October 29, 2013
Date of Patent:
June 28, 2016
Assignee:
TENCENT TECHNOLOGY (SHENZHEN) CO., LTD
Inventors:
Qing Wang, Hao Ran Guo, Yi Xia Yuan, Xun Chang Zhan, Chun You Lin, Peng Tao Li, Jia Shun Song
Abstract: A system for transmitting data by using a USB interface is provided. The system includes: a terminal equipment; a data transmission line, having a first terminal configured as a first USB interface and a second terminal configured as an interface adapted for connecting with the terminal equipment, and configured to transmit information from the terminal equipment directly; and an electronic signature token, including a second USB interface configured to be connected with the first USB interface to receive the information from the terminal equipment, a selecting module connected with the second USB interface and configured to detect the information received by the second USB interface and to determine a data transmission protocol type according to the information, and a modulating and demodulating module connected with the selecting module and configured to demodulate the information in a demodulation mode matched with the data transmission protocol type and to obtain demodulated data.