Patents Examined by Don G Zhao
  • Patent number: 10318721
    Abstract: Managing a secure session includes detecting a login event at an electronic device using a first login method to initiate a secure session, capturing an initial image at a same time as the login event, capturing initial sensor data at the same time as the login event, monitoring for changes in the sensor data during the secure session, maintaining the secure session based on the initial sensor data and the monitored changes from the initial sensor data, and during the secure session, permitting access to the electronic device using reidentification.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: June 11, 2019
    Assignee: Apple Inc.
    Inventors: Vinay Sharma, Marco Zuliani
  • Patent number: 10313376
    Abstract: Methods and devices for creating a secure log of security events may include receiving a historical digest representing approved historical security events associated with a trusted network of devices. The methods and devices may include receiving one or more new security events. The methods and devices may include calculating, when a period of time has expired, a hash based on at least the historical digest and the one or more new security events and determining if a value of the hash is less than a value threshold. The methods and devices may include storing a new security event digest corresponding to a respective hash having a respective value less than the value threshold, wherein the new security event digest is confirmed by one or more trusted devices in the trusted network of devices.
    Type: Grant
    Filed: September 15, 2016
    Date of Patent: June 4, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Artem Zhurid, Merzin Kapadia
  • Patent number: 10284544
    Abstract: Various embodiments are disclosed that relate to security of a computer accessory device. For example, one non-limiting embodiment provides a host computing device configured to conduct an initial portion of a mutual authentication session with an accessory device, and send information regarding the host computing device and the accessory device to a remote pairing service via a computer network. The host computing device is further configured to, in response, receive a pairing certificate from the remote pairing service, the pairing certificate being encrypted via a private key of the remote pairing service, and complete the mutual authentication with the accessory device using the pairing certificate from the remote pairing service.
    Type: Grant
    Filed: April 10, 2018
    Date of Patent: May 7, 2019
    Inventors: Harish Krishnamurthy, Ming Zhu, Kurt Torben Nielsen, Matthew Morris
  • Patent number: 10263777
    Abstract: Organically Derived Synchronized Processes provide encryption parameter management in a certificate-less system. A first node generates a parameter data set containing multiple values; uses a seed value stored at the first node to select values from a random parameter data set to form a parameter subset; generates encryption parameters using the subset; encrypts user data using the encryption parameters; generates a signature based at least on the parameter data set; and transmits a start frame including the parameter data set, the encrypted user data, and the signature. A second node receives the start frame; uses a seed value stored at the second node to select values from the received parameter data set to form a parameter subset; generates decryption parameters using the subset; decrypts the user data using the decryption parameters; and verifies the received signature. The encryption and decryption parameters are then applied to further payload data.
    Type: Grant
    Filed: September 16, 2016
    Date of Patent: April 16, 2019
    Inventors: Jon Barton Shields, David Gell
  • Patent number: 10261782
    Abstract: A request to store, in first data store associated with a customer of a computing resource service provider, a software image is received, the request including a set of layers of the software image to be stored. As a result of successful authentication of the request, based at least in part on a security token included with the request, a subset of layers of the software image that have not previously been stored in the first data store are determined, based at least in part on first metadata obtained from a second data store, the subset of layers in the first data store are stored, second metadata about the subset of layers are stored in the second data store, and the software image is caused to be launched in a software container of an instance based at least in part on the subset of layers.
    Type: Grant
    Filed: December 18, 2015
    Date of Patent: April 16, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Anthony Joseph Suarez, Scott Kerns Windsor, Nare Hayrapetyan, Daniel Robert Gerdesmeier, Pooja Kalpana Prakash
  • Patent number: 10262116
    Abstract: A file validation method and system is provided. The method includes retrieving from an authoritative source system, an artifact file. Identification information identifying a requesting user of the artifact file is recorded and associated metadata and a modified artifact file comprising the metadata combined with the artifact file are generated. An encryption key including a first portion and a second portion is generated and the first portion is stored within a central key store database. An encrypted package comprising the modified artifact file and the second portion of the key is generated.
    Type: Grant
    Filed: October 31, 2017
    Date of Patent: April 16, 2019
    Assignee: International Business Machines Corporation
    Inventors: Rhonda L. Childress, Michael J. Spisak, George E. Stark
  • Patent number: 10257211
    Abstract: An apparatus, computer-readable medium, and computer-implemented method for detecting anomalous user behavior, including storing user activity data collected over an observation interval, the user activity data comprising a plurality of data objects and corresponding to a plurality of users, grouping a plurality of data objects into a plurality of clusters, calculating one or more outlier metrics corresponding to each cluster, calculating an irregularity score for each of one or more data objects in the plurality of data objects, generating one or more object postures for the one or more data objects, comparing each of at least one object posture in the one or more object postures with one or more previous object postures corresponding to a same user as the object posture to identify anomalous activity of one or more users in the plurality of users.
    Type: Grant
    Filed: May 20, 2016
    Date of Patent: April 9, 2019
    Assignee: Informatica LLC
    Inventor: Igor Balabine
  • Patent number: 10257223
    Abstract: Malware detection logic executed by a secured device residing in a home network may receive a message from an unsecured device of a first unsecured network and intended for a destination device of the home network, the destination device comprising a security client. The malware detection logic may establish a secure communication channel between the malware detection logic of the secured device and the security client of the destination device. The malware detection logic may execute a validation test on the message to determine that the message includes malware. The malware detection logic may report an alarm to the security client of the destination device. The malware detection logic may transmit information related to the malware to a cloud computing server. The malware detection logic may prevent an application associated with the destination device from processing the message.
    Type: Grant
    Filed: December 21, 2015
    Date of Patent: April 9, 2019
    Assignee: NAGRAVISION S.A.
    Inventor: Philippe Stransky-Heilkron
  • Patent number: 10242182
    Abstract: A method is provided for protecting a computer system, comprising creating an isolated process, then assigning a first process group to the process; creating an additional group process within the first process group; performing a first determination by an application programming interface (API) that the additional group process is within the first process group, and as a result of the first determination, causing the additional group process to inherit and duplicate a handle of the process. Process communications and control within isolated groups is permitted freely, whereas process control by an isolated process for non-isolated processes or isolated processes in different groups is constrained or prohibited.
    Type: Grant
    Filed: June 27, 2017
    Date of Patent: March 26, 2019
    Assignee: SECURE VECTOR, LLC
    Inventors: James B. Kargman, Peter Scott, Jeffrey Bromberger
  • Patent number: 10242218
    Abstract: A system and method for scheduling data transfers between systems. One or more data requesting systems may request access to particular data. The request for access to the particular data may correspond to a request that a task to be performed. The task may be to exchange the particular data between a data accessing system having access to the particular data and a data requesting system requesting access to the particular data. The communication exchange may be scheduled for processing. In some embodiments, the communication exchange may be initiated based on a parameter included in the request that the task be performed.
    Type: Grant
    Filed: October 23, 2017
    Date of Patent: March 26, 2019
    Assignee: Live Nation Entertainment, Inc.
    Inventors: John Raymond Werneke, Samuel Levin, David Scarborough
  • Patent number: 10243926
    Abstract: In one embodiment, a virtual firewall is installed on a port of a device that communicates across a zone boundary within an industrial network. The virtual firewall is then configured based on operation of the industrial network, such that the port may then communicate via the firewall to a remote virtual firewall of a remote port of a remote device across the zone boundary.
    Type: Grant
    Filed: April 8, 2016
    Date of Patent: March 26, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Pascal Thubert, Xuechen Yang, Rudolph B. Klecka, III, Patrick Wetterwald, Eric Levy-Abegnoli
  • Patent number: 10237275
    Abstract: A system and machine-implemented method of wireless network access are provided. An authentication request comprising credentials for a user account of a cloud-based service is received from a wireless client device. The authentication request is forwarded to a server associated with the cloud-based service for authentication of the user account credentials. A list of one or more network identifiers corresponding to networks for which access by the user account of the cloud-based service is authorized is received from the server. The received list of one or more network identifiers is sent to the wireless client device, wherein the received list of one or more network identifiers is sent to the wireless client device prior to the wireless client device being associated with the wireless local area network.
    Type: Grant
    Filed: July 18, 2017
    Date of Patent: March 19, 2019
    Assignee: Google LLC
    Inventors: Jonathan Huang, David Bird
  • Patent number: 10230754
    Abstract: A system, method, and computer program product for implementing a phishing assessment that includes a phishing server that implements one or more phishing assessments; the phishing server: identifies legitimate target domain names to be used in the phishing assessment, generates one or more pseudo domain names and pseudo web pages, where the pseudo domain name are visually similar to an identified target domain name and the pseudo web page includes one or more characteristics and attributes of a legitimate web page.
    Type: Grant
    Filed: February 20, 2018
    Date of Patent: March 12, 2019
    Assignee: Duo Security, Inc.
    Inventor: Jon Oberheide
  • Patent number: 10216404
    Abstract: An electronic device and method is disclosed herein. The electronic device may include a memory configured to store image data including at least one object, user identification information, and a specific object mapped to the user identification information, and a processor. The processor may execute the method, including extracting an object from the image data, determining whether the extracted object matches the specific object, if the extracted object matches the specific object, encrypting the image data using the user identification information mapped to the specific object as an encryption key, and storing the encrypted image data in the memory.
    Type: Grant
    Filed: September 18, 2015
    Date of Patent: February 26, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Jaehwan Kwon
  • Patent number: 10212761
    Abstract: Systems and methods that efficiently combine multiple wireless networks or devices resulting in faster, more reliable, and more secure mobile Internet. A Virtual Private Network (VPN) service application is operated to route outgoing and incoming data packets of a mobile device. The mobile device is (i) either coupled to a remote server through the VPN service application for data packets transfer between the remote server and the mobile device or (ii) performs cross-layer translation for data packets transfer between the mobile device and direct target hosts on the Internet. Concurrently using multiple channels secures data packets transfer by sending encrypted data packets over multiple channels and receiving the encrypted data packets by a single apparatus. Data packets are designated to be transferred via a Wi-Fi channel or a cellular channel, and then transferred using both the Wi-Fi channel and the cellular channel.
    Type: Grant
    Filed: July 12, 2017
    Date of Patent: February 19, 2019
    Inventors: Minh Thoai Anh Le, James A. Mains
  • Patent number: 10204384
    Abstract: In an example, there is disclosed a computing apparatus, comprising: a psychological state data interface to receive psychological state data; one or more logic elements, including at least one hardware element, comprising a verification engine to: receive a requested user action; receive a psychological state input via the psychological state data interface; analyze the psychological state input; and bar the requested user action at least partly responsive to the analyzing.
    Type: Grant
    Filed: December 21, 2015
    Date of Patent: February 12, 2019
    Assignee: McAfee, LLC
    Inventors: Kunal Mehta, Carl D. Woodward, Steven Grobman, Ryan Durand, Simon Hunt
  • Patent number: 10205596
    Abstract: Authenticating a consumable product based on a remaining life value includes determining whether an identifier stored in memory of a consumable product is listed in a device history and concluding that the consumable product is not authentic if the device is determined to have used the consumable product previously based on the device history and a current remaining life value associated with the consumable product indicates less use than a recorded remaining life value for the consumable product associated with the identifier in the device history.
    Type: Grant
    Filed: July 31, 2013
    Date of Patent: February 12, 2019
    Assignee: Hewlett-Pachard Development Company, L.P.
    Inventors: Paul L. Jeran, Shell S. Simpson, Stephen D. Panshin, Jefferson P. Ward
  • Patent number: 10178114
    Abstract: A client device accesses content and performs actions at a remote application server via a user-agent application. The application server directs the user-agent application to a security verification system to retrieve and perform security tests. The security verification system receives information from the user-agent application describing characteristics of the user-agent application, and the security verification system selects a set of security tests to be performed by a security module executing in the user-agent application to verify that the user-agent application is accessing the application server consistent with the described user-agent application. The security verification system compares a set of test results with other user-agent applications and provides a token to the user-agent application to access the application server. The security module may also monitor and actions on the user-agent application to permit the security verification system to revise or revoke the token.
    Type: Grant
    Filed: September 15, 2015
    Date of Patent: January 8, 2019
    Assignee: PERIMETERX, INC.
    Inventors: Ido Safruti, Omri Iluz
  • Patent number: 10164997
    Abstract: A first computer is selected for testing. Information sent from a second computer system to the first computer is intercepted. The information is modified to be noncompliant with a communication protocol, thereby producing noncompliant information. A determination is made whether the first computer device has failed to provide a particular response to receipt of the noncompliant information, and an operation is performed based at least in part on the determination.
    Type: Grant
    Filed: February 1, 2017
    Date of Patent: December 25, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Nima Sharifi Mehr, Christopher Dunn, Alexis Floyd, David James Kane-Parry, Volker Helmut Mosthaf, Christopher Gordon Williams
  • Patent number: 10154039
    Abstract: Access control for shared computing resources in a hierarchical system is provided herein. An as-needed, “lazy evaluation” approach to access control is described in which an effective access control list for a computing resource is determined after a request is received from a user to access the resource. When resources are shared, access control policies are created and stored in association with the shared resource but are not stored in association with hierarchically related lower-level resources. When an access request for a resource is received, access control policies are collected for levels of a computing resource hierarchy that are higher than the hierarchy level of the resource. An effective access control list is determined based on permissions specified in the collected access control policies. The effective access control list represents an effective propagation of access control policies of higher hierarchy levels to the computing resource.
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: December 11, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Borislav Andruschuk, Kevin Fowler