Patents Examined by Eleni Shiferaw
  • Patent number: 10127378
    Abstract: A system and methods for registering and acquiring e-credentials using personal devices and an identity registry system that combines the method for handling digital seals with a proof-of-existence method. The identity registry system is used to register and verify e-credentials. Device owners register their e-credentials when created and updated and verify acquired e-credentials to safeguard against tampering and errors. When registering an e-credential, the e-credential is hashed and digitally sealed creating an identifying thumbprint that is stored in the identity registry system. When verifying an acquired e-credential, the e-credential is hashed, the identity registry system is searched to locate the identifying thumbprint, and the digital seal of the thumbprint is verified. A requesting owner can request an issuing owner to proof, attest, and digitally seal an e-credential of the requester.
    Type: Grant
    Filed: February 18, 2018
    Date of Patent: November 13, 2018
    Inventor: Kalman Csaba Toth
  • Patent number: 10127406
    Abstract: Various embodiments are generally directed to the provision re-provision of encryption keys to access encrypted media. Encryption keys may be provisioned and re-provisioned to components, such as, processor elements, of a system based on power state transitions of the components. An encryption key may be provisioned to a component and then re-provisioned to the component before or after the component transitions from an active power state to another power state and back to the active power state.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: November 13, 2018
    Assignee: INTEL CORPORATION
    Inventors: Rajesh Poornachandran, Ned M. Smith
  • Patent number: 10122710
    Abstract: Methods and systems are described for binding a data transaction to a person's identity using biometrics. The method comprises the generation of data which includes information associated with a transaction, or an encrypted transaction, between a server and a client device associated with a user, generating authentication data providing an irrevocable binding of the information to biometric characteristics of the user, by capturing biometric input by the user of said authentication data or information associated with the transaction, wherein this information is implanted into the captured data. A predetermined minimum number of quorum portions may be generated from a portion of the data generated or processed by the method, wherein at least a predetermined minimum number of received quorum data portions are required to reconstruct the data portion.
    Type: Grant
    Filed: July 20, 2015
    Date of Patent: November 6, 2018
    Assignee: PQ SOLUTIONS LIMITED
    Inventors: Martin Tomlinson, Cen Jung Tjhai, Andersen Cheng
  • Patent number: 10122533
    Abstract: A host machine operated for a specific purpose can have restricted access to other components in a multi-tenant environment in order to provide for the security of the host machine. The access restriction can prevent the host machine from obtaining updates to critical system-level configurations, but such information can be obtained through a signed command received to an API for the host machine. The command can be signed by a quorum of operators, and the host machine can be configured to verify the signatures and the quorum before processing the command. The host machine can store the updates to ephemeral storage as well as persistent storage, such that upon a reboot or power cycle the host machine can operate with current configuration data.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: November 6, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Justin Lee Werner, Gregory Alan Rubin, Matthew John Campagna, Michael Bentkofsky
  • Patent number: 10121000
    Abstract: A computerized method for detecting premium attacks by an attack classification system is described. Based on received analytic information, the attack classification system generates logical representations for different portions of the analytic information represented as a nodal graph. The logical representations include objects, properties, and relationships between the objects and the properties. The attack classification system filters at least one relationship from the relationships and forms a first cluster further filtering the relationships. Being a logical representation of objects, properties and the remaining relationships, the first cluster is analyzed to determine features and introduce the features into the nodal graph.
    Type: Grant
    Filed: June 28, 2016
    Date of Patent: November 6, 2018
    Assignee: FireEye, Inc.
    Inventors: Alexandr Rivlin, Naveed Alam, Vinoth Duraisamy
  • Patent number: 10122695
    Abstract: In one embodiment, a first device in a network receives information regarding one or more nodes in the network. The first device determines a property of the one or more nodes based on the received information. The first device determines a degree of trustworthiness of the one or more nodes based on the received information. The first device attests to the determined property and degree of trustworthiness of the one or more nodes to a verification device. The verification device is configured to verify the attested property and degree of trustworthiness.
    Type: Grant
    Filed: October 28, 2015
    Date of Patent: November 6, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Tao Zhang, Yi Zheng, Helder F. Antunes, Marcelo Yannuzzi, Gonzalo Salgueiro, Joseph Michael Clarke
  • Patent number: 10116683
    Abstract: Computer security vulnerability assessment is performed with product binary data and product vulnerability data that correspond with product identification data. A correspondence between the product binary data and the product vulnerability data is determined, and a binaries-to-vulnerabilities database is generated. The binaries-to-vulnerabilities database is used to scan binary data from a target device to find matches with the product binary data. A known security vulnerability of the target device is determined based on the scanning and the correspondence between the product binary data and the vulnerability data. In some embodiments, the target device is powered off and used as an external storage device to receive the binary data therefrom.
    Type: Grant
    Filed: July 31, 2017
    Date of Patent: October 30, 2018
    Assignee: OPSWAT, INC.
    Inventors: Benjamin Czarny, Jianpeng Mo, Ali Rezafard, David Matthew Patt
  • Patent number: 10114934
    Abstract: Methods and systems for determining consecutive matches are provided. According to one embodiment, a class definition and a data stream are received by a network security device. The data stream is partitioned into multiple data blocks each containing N data segments. Each data block is processed in parallel to compute: (i) a value (F) indicating whether every data segment value meets the class definition; (ii) a value (L) indicating a number of consecutive data segment values meeting the class definition starting from the left; (iii) a value (M) indicating a maximum number of consecutive data segment values meeting the class definition; and (iv) a value (R) indicating a number of consecutive data segment values meeting the class definition starting from the right. Corresponding values for each data block are then aggregated to determine a maximum number of consecutive data segment values meeting the class definition for the entire data stream.
    Type: Grant
    Filed: November 19, 2017
    Date of Patent: October 30, 2018
    Assignee: Fortinet, Inc.
    Inventor: Juneng Zheng
  • Patent number: 10117096
    Abstract: Systems and methods to generate safe zones and safe routes associated with a device are disclosed. These safe zones and safe routes can be used to map complicated location behavior into location behavior scores that can be applied systematically to tracking and authentication applications.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: October 30, 2018
    Assignee: Athentek Innovations, Inc.
    Inventors: David S. De Lorenzo, Huanchun Ye, Yi-Hsiu Wang, Ivy H. Tseng
  • Patent number: 10110636
    Abstract: Systems for providing scanning within distributed services are provided herein. In some embodiments, a system includes a plurality of segmented environments that each includes an enforcement point that has an active probe device, and a plurality of workloads that each implements at least one service. The system also has a data center server coupled with the plurality of segmented environments over a network. The data center server has a security controller configured to provide a security policy to each of the plurality of segmented environments and an active probe controller configured to cause the active probe device of the plurality of segmented environments to execute a scan.
    Type: Grant
    Filed: February 23, 2017
    Date of Patent: October 23, 2018
    Assignee: vArmour Networks, Inc.
    Inventors: Colin Ross, Choung-Yaw Shieh, Jia-Jyi Lian, Meng Xu, Yi Sun
  • Patent number: 10110596
    Abstract: An information processing system comprising: an acceptance unit configured to receive an issuance request of an electronic certificate that is available in an electronic apparatus used by one or more users; an issuance unit configured to issue the electronic certificate based on the issuance request received by the acceptance unit; a management unit configured to store information indicating the electronic certificate issued by the issuance unit associated with information indicating one or more services that can be used with the electronic certificate, the one or more services being provided respectively by one or more servers; and a reporting unit configured to transmit authentication information for determining validity of the electronic certificate to at least one server among the one or more servers based on the information stored in the management unit.
    Type: Grant
    Filed: May 23, 2016
    Date of Patent: October 23, 2018
    Assignee: Ricoh Company, Ltd.
    Inventor: Jun Satoh
  • Patent number: 10104096
    Abstract: An Enhanced Ethernet Network Interface Card (EENIC) interfaces with a host and a network. The EENIC includes an internal network interface controller (NIC), a field programmable array (FPGA) in electrical communication with the internal network interface controller, and a peripheral component interconnect express (PCIe) controller, in independent electrical communication with the field programmable array or the internal network interface controller. The FPGA is configured to intercept data from either the host, or from the network, or from a combination thereof. Additionally, the configured interception is undetected by the host, or by the network, or a combination thereof.
    Type: Grant
    Filed: June 2, 2017
    Date of Patent: October 16, 2018
    Assignee: The United States of America as represented by the Secretary of the Air Force
    Inventors: James C Collins, Chet M Wall, Robert J Kaufman, III
  • Patent number: 10102153
    Abstract: An information handling system and method performs Unified Extensible Firmware Interface (UEFI) interception and pre-processing of data associated with block input/output (I/O) commands targeting encrypted storage devices. A UEFI interceptor block (IB) I/O driver intercepts each block I/O command targeting block addresses on a storage device and identifies whether any of the target block addresses is encrypted. In response to identifying an encrypted block address among the target block addresses, the UEFI IB I/O driver forwards data associated with the encrypted block address to an encryption-decryption module to perform one of an encryption and a decryption of the data. Final handling of the block I/O command is performed using a block I/O driver chained to the UEFI IB I/O driver. Data associated with I/O commands targeting encrypted block addresses is first processed by the encryption-decryption module before final handling of the I/O command is performed by the block I/O driver.
    Type: Grant
    Filed: January 25, 2017
    Date of Patent: October 16, 2018
    Assignee: Dell Products, L.P.
    Inventors: Anand Prakash Joshi, Richard M. Tonry
  • Patent number: 10104542
    Abstract: A method for updating a group encryption key association, the method includes receiving an encrypted group key from a second device, where the group key has been encrypted using a device key of a first device. The method further includes, in the first device, using the group key to encrypt an input vector, transmitting the encrypted input vector, encrypting privacy-sensitive information using a device key, an encryption algorithm, and the input vector, and transmitting the encrypted privacy-sensitive information to the second device.
    Type: Grant
    Filed: October 9, 2017
    Date of Patent: October 16, 2018
    Assignee: SMARTRAC TECHNOLOGY FLETCHER, INC.
    Inventors: Thomas Tahan, Jun Liu
  • Patent number: 10097588
    Abstract: A method of configuring a simple kernel access control policy for an Android-based mobile terminal includes: creating an entire list in a file system of a plurality of mobile terminals through a web user interface of a management server; creating a system policy set and an application policy set by recognizing in advance subjects and objects in the entire list by means of the management server; creating a group policy for each user group on the basis of the system policy set and the application policy set by means of the management server; distributing the group policies to the mobile terminals by means of the management server; and executing the group policies by means of the mobile terminals.
    Type: Grant
    Filed: December 6, 2016
    Date of Patent: October 9, 2018
    Assignee: AGENCY FOR DEFENSE DEVELOPMENT
    Inventors: Sang-Hoon Lee, Hoon-Kyu Kim, Mi-Young Kwon, Tae-In Kang, Seong-Kee Lee, Seung-Ho Han
  • Patent number: 10097516
    Abstract: A method may include obtaining a match vector that indicates one or more filter rules that are potentially applicable to a packet. The method may include partitioning the match vector into a plurality of segments. The method may include generating a summary vector that identifies one or more portions of the match vector that include one or more match bits. A match bit may indicate one of the one or more filter rules that is potentially applicable to the packet. The method may include obtaining a relevant segment of the match vector. The relevant segment may include at least one of the portions of the match vector identified by the summary vector. The method may include determining a filter rule to apply based on the match vector and based on the one or more match bits. The method may include applying the filter rule to the packet.
    Type: Grant
    Filed: March 13, 2017
    Date of Patent: October 9, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Deepak Goel, Patrick Kerharo, Jigar K. Savla
  • Patent number: 10079840
    Abstract: A protection method, which releases an attack of a malware to a network interface controller (NIC) system, includes processing a microbatching operation in a plurality of session channels at at least an operational period according to at least one input information, to generate a plurality of session-specific NIC patterns of the plurality of session channels; and merging the plurality of session-specific NIC patterns to generate an application-specific NIC pattern at an application layer, so as to dispose a script information corresponding to the application-specific NIC pattern in the NICs for releasing the attack of the malware, wherein the microbatching operation is processed to generate a plurality of independent subset-specific NIC pattern in each session channel, so as to generate the session-specific NIC pattern corresponding to each session channel.
    Type: Grant
    Filed: August 20, 2015
    Date of Patent: September 18, 2018
    Assignee: Wistron Corporation
    Inventor: Chih-Ming Chen
  • Patent number: 10073974
    Abstract: A method includes analyzing a given application to determine one or more packages utilized by the given application, the one or more packages comprising a plurality of libraries, identifying a subset of the plurality of libraries utilized by the given application, determining one or more dependent libraries for each of the identified libraries in the subset, generating a given container for the given application, the given container comprising the identified libraries in the subset and the dependent libraries for each of the identified libraries, performing risk analysis for the given container including comparing a risk value calculated for the given container to a designated risk threshold, simulating one or more actions in the given container responsive to the risk value calculated for the given container exceeding the designated risk threshold, and determining whether to accept or reject the given container responsive to the risk analysis and simulated actions.
    Type: Grant
    Filed: July 21, 2016
    Date of Patent: September 11, 2018
    Assignee: International Business Machines Corporation
    Inventors: Jinho Hwang, Clifford A. Pickover, Maja Vukovic
  • Patent number: 10069798
    Abstract: A method, and associated system and computer program product, for modifying rules in a firewall infrastructure are described. A unit of deployment including application code and a signed passport is received at a requestor module on a server. The passport includes a heart-beat time-out interval, a firewall rule, and a first application hash value. A trigger signal within the heart-beat time-out interval is generated. The application code is hashed, resulting in a second application hash value. In response to authenticating the passport and determining the first and second application hash values as being equal, the signed passport and trigger signal are transmitted to a border control agent of the firewall; the firewall rule is continuously confirmed within a time interval shorter than the heart-beat time-out interval; and the firewall is modified according to the firewall rule.
    Type: Grant
    Filed: December 26, 2017
    Date of Patent: September 4, 2018
    Assignee: International Business Machines Corporation
    Inventors: Joachim H. Frank, Holger Karn
  • Patent number: 10069848
    Abstract: A method for data security is provided. The method may include obtaining a first object which is set as a sensitive object. The method may also include obtaining a second object, whereby there is a first relationship between the second object and the first object. The method may further include setting the second object as a sensitive object, in response to determining that the first relationship represents that there is strict correlation between the second object and the first object.
    Type: Grant
    Filed: June 17, 2015
    Date of Patent: September 4, 2018
    Assignee: International Business Machines Corporation
    Inventors: Hao Feng, Hui Hui Jiang, Shuo Li, Shengyan Sun