Patents Examined by Ellen Tran
  • Patent number: 10637665
    Abstract: A method, software, and system for an Digital Identity Management (DIM) system is discussed. The system facilitates the creation of a Public Key/Private Key pair based user credentials using the Trusted Execution Environment in mobile phones, and is protected by DIM app with the user's biometrics and/or a PIN code. Identity tokens representing identity attributes of the user are issued by Issuing Parties using Hardware Security Modules and stored in the DIM app on the mobile device.
    Type: Grant
    Filed: July 28, 2017
    Date of Patent: April 28, 2020
    Assignee: Workday, Inc.
    Inventor: Prakash Sundaresan
  • Patent number: 10628606
    Abstract: A method of providing private information on a display of an electronic device, includes identifying private information for display on the display of the electronic device, identifying attributes for display of the private information, displaying the private information utilizing the attributes identified, and during displaying the private information utilizing the attributes identified, displaying additional information utilizing alternate attributes that differ from the attributes identified for the private information.
    Type: Grant
    Filed: September 12, 2017
    Date of Patent: April 21, 2020
    Assignee: BlackBerry Limited
    Inventors: Neil Patrick Adams, Kristof Takacs
  • Patent number: 10630644
    Abstract: In a computer-implemented method for managing firewall flow records, firewall flow records of a virtual infrastructure including a distributed firewall are received, wherein the firewall flow records are captured according to firewall rules of the distributed firewall, and wherein the firewall flow records each include tuples and at least one field of network traffic data. Responsive to detecting a number of received firewall flow records exceeding a threshold value, it is determined whether the tuples are identical for any of the firewall flow records. Provided the tuples are not identical for any of the firewall flow records, the tuples for the firewall flow records are modified to generate modified firewall flow records. It is determined whether the tuples are identical for any of the modified firewall flow records.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: April 21, 2020
    Assignee: Nicira, Inc.
    Inventors: Shadab Shah, Kaushal Bansal, Uday Masurekar, Jerry Pereira, Sunitha Krishna
  • Patent number: 10615990
    Abstract: Duplicate processing of events registered at a root server is avoided. An electronic subscriber identity module (eSIM) server pushes, to a root server, data in the form of notification data portions indicating that commands or events need to be processed by a device. The device includes an embedded universal integrated circuit card (eUICC). The device pulls a notification list from the root server. The notification list includes one or more notification data portions. The device checks a given notification data portion to see if it represents a duplicate before communicating with the eSIM server to perform further processing related to the event. The device bases the check for duplication on an event history and/or on a hash value where the hash value is based on one or more eSIMs installed in the eUICC. The device is able to prioritize notification data portions before processing them.
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: April 7, 2020
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Li Li, Avinash Narasimhan, Jean-Marc Padova
  • Patent number: 10608997
    Abstract: The current document describes systems and methods that provide access controls in a system of interconnected services such as an online service platform. In various implementations, the system maintains contextual information associated with tokenized data. In additional implementations, data brokers authorize access to detokenized data by comparing the context of the data to the context of the service requesting the data. In yet additional implementations, the system maintains contextual information associated with requests that are processed within the system. When a request is made to a particular service, the particular service can use the identity of the requester, the context of the request, and the context of the data to determine whether the request is authorized. In some implementations, the integrity of contextual information is protected using a digital signature.
    Type: Grant
    Filed: June 25, 2015
    Date of Patent: March 31, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Tushaar Sethi, Jon Arron McClintock
  • Patent number: 10609065
    Abstract: Embodiments of the present invention provide techniques, systems, and methods for remote, agent-less enterprise computer threat data collection, malicious threat analysis, and identification and reporting of potential and real threats present on an enterprise computer system. Specifically, embodiments are directed to a system that securely identifies and maps sensitive information from computers across the enterprise. Secure and sensitive information may be internally encrypted and analyzed for indicators of compromise, threatening behavior, and known vulnerabilities. The remote, agent-less collection, analysis, and identification process can be repeated periodically to detect and map additional sensitive information over time, and may delete itself after completion to avoid detection.
    Type: Grant
    Filed: August 23, 2017
    Date of Patent: March 31, 2020
    Assignee: KIVU CONSULTING, INC.
    Inventors: Elgan David Jones, Thomas Langer, Winston Krone
  • Patent number: 10601866
    Abstract: A method, computer system, and a computer program product for identifying a phishing attack is provided. The present invention may include receiving an alert of a suspicious URL. The present invention may include making an HTTP request to the suspicious URL. The present invention may include downloading and rendering the suspicious URL content. The present invention may include producing a screenshot of the rendered suspicious URL content. The present invention may include making an HTTP request to a domain landing page. The present invention may include downloading and rendering the domain landing page URL content. The present invention may include producing a screenshot of the rendered domain landing page URL content. The present invention may include generating a score based on comparing the produced first screenshot and the produced second screenshot.
    Type: Grant
    Filed: August 23, 2017
    Date of Patent: March 24, 2020
    Assignee: International Business Machines Corporation
    Inventors: Avishay Bartik, Alon Freund, Aviv Ron, Shahaf Stein
  • Patent number: 10592675
    Abstract: In one aspect, a computerized method for assessing and managing information security risks in a computer system includes the step of receiving a customer security assessment. The method includes the step of obtaining a set of already-answered security assessment questions. The method includes the step of applying one or more machine learning methods to generate a strength of one or more similarities scores. The method includes the step of automatically populating one or more direct mappings between the set of already-answered security assessment questions with the other set of questions in a customer security assessment. The method includes the step of setting a baseline score for the one or more direct mappings to already-answered security assessment questions to a set of answered questions in the customer security assessment by using the strength of one or more similarities scores.
    Type: Grant
    Filed: July 27, 2017
    Date of Patent: March 17, 2020
    Inventors: Jeff Dotson, Andrew Watanabe, Joshua Mortensen, Juan Rodriguez
  • Patent number: 10572670
    Abstract: Current security tools in the marketplace fall into different categories: Security Enforcement Tools which identify and block malicious activity, and Security Vulnerability Testing Tools which scan and identify security threats within an organisation. The disclosure describes Silently (invisible to the user) but as if it is the user, within the User's Context, Executing applications to test whether third party security products and security settings exhibit the correct behaviour. The application can continuously perform a test(s) and expects a security product to behave in a certain way, records the result of the test(s) and reports those results.
    Type: Grant
    Filed: September 12, 2017
    Date of Patent: February 25, 2020
    Assignee: INTROSPECTUS PTY LTD
    Inventor: Eugene Sean Nolan
  • Patent number: 10567445
    Abstract: Systems and methods for joining a device to a fabric using an assisting device include an indication to add a joining device to a fabric. If the joining device supports network-assisted fabric pairing, a first connection is established between a commissioning device and the assisting device. The assisting device also connects to a joining device. Through the assisting device, the commissioning device and the joining device establish a communication channel over which fabric credentials may be sent.
    Type: Grant
    Filed: October 12, 2018
    Date of Patent: February 18, 2020
    Assignee: Google LLC
    Inventors: Jay D. Logue, Andrew William Stebbins, Roger Loren Tinkoff
  • Patent number: 10505897
    Abstract: An automated firewall-compliant customer support resolution provisioning system includes a customer support system coupled to a customer device. The customer support system receives a first secure request from the customer device that identifies an event in the customer device and, in response, sends a first secure response through a firewall subsystem to the customer device within a first timeout period enforced by the firewall subsystem. The customer support system then determines event resolution information for the event. Subsequent to the first timeout period and based on the first secure response, the customer device sends a second secure request to the customer support system requesting the event resolution and the customer support system sends the event resolution information through the firewall subsystem to the customer device within a second timeout period enforced by the firewall subsystem. The customer device then utilizes the event resolution information to address the event.
    Type: Grant
    Filed: July 26, 2017
    Date of Patent: December 10, 2019
    Assignee: Dell Products L.P.
    Inventors: Sundar Dasar, Divya Vijayvargiya, Sanjay Rao, Yogesh Prabhakar Kulkarni
  • Patent number: 10491580
    Abstract: This disclosure provides a method, performed in a client terminal (50), for enabling an establishment of a second secure session over a communication network. The second secure session is additional to a first secure session. The first secure session is established using a session establishment protocol and a transport security protocol. The method performed in the client terminal (50) comprises obtaining a session identifier of the first secure session; and obtaining a credential identifier, the credential identifier identifying a server terminal (60) of the first secure session. The method performed in the client terminal (50) comprises associating the credential identifier to the session identifier of the first secure session; and storing the session identifier and the credential identifier associated with the session identifier of the first secure session.
    Type: Grant
    Filed: June 23, 2014
    Date of Patent: November 26, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventor: Oscar Ohlsson
  • Patent number: 10482284
    Abstract: Sensitive information displayed on a screen is protected against leakage and loss. A section of a bitmap containing sensitive information is defined as a protection region. A protection marker identifying the protection region is embedded into the bitmap. The defined protection region is divided into multiple sub-regions, and a separate sub-region protection marker is embedded in each sub-region of the original protection region. The defining, embedding and dividing are performed before the bitmap is copied to the screen buffer. When content that was displayed on the screen has been captured, for example by screen capturing software, the captured content is parsed. All sub-region protection markers embedded in the captured content are detected, and a real protection region in the captured content is calculated, based on information in the detected sub-region protection markers. The sensitive information in the captured content is erased.
    Type: Grant
    Filed: July 25, 2017
    Date of Patent: November 19, 2019
    Assignee: Symantec Corporation
    Inventor: Xiaoli Tang
  • Patent number: 10476860
    Abstract: An API provides a frontend interface to one or more backend services. Access to an API is controlled by a set of frontend credentials, and access to the one or more backend services is controlled by a set of backend credentials. A credential-translation table maintained within the API links each backend credential to one or more frontend credentials. Links between frontend and backend credentials may be managed by an administrator of the API. The API uses the translation table to translate frontend credentials provided with an API call into backend credentials used to access backend services. The API provides users with the ability to update the backend credentials in the credential-translation table based at least in part on the frontend credentials provided by the user. The API may limit the ability to extract backend credentials to administrative users.
    Type: Grant
    Filed: August 29, 2016
    Date of Patent: November 12, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Andrew James Lusk, Eric Jason Brandwine
  • Patent number: 10469509
    Abstract: The subject matter of this specification generally relates to computer security. In some implementations, a method includes receiving indicators of compromise from multiple security data providers. Each indicator of compromise can include data specifying one or more characteristics of one or more computer security threats. Each indicator of compromise can be configured to, when processed by a computer, cause the computer to detect the presence of the specified one or more characteristics of the one or more computer security threats. Telemetry data for computing systems of users can be received. The telemetry data can include data describing at least one event detected at the computing system. A determination is made that the telemetry data for a given user includes the one or more characteristics specified by a given indicator of compromise.
    Type: Grant
    Filed: December 29, 2016
    Date of Patent: November 5, 2019
    Assignee: Chronicle LLC
    Inventors: Carey Stover Nachenberg, Maxime Lamothe-Brassard, Shapor Naghibzadeh
  • Patent number: 10467389
    Abstract: A method of providing a distributed scheme for executing a RAM program, without revealing any information regarding the program, the data and the results, according to which the instructions of the program are simulated using SUBLEQ instructions and the execution of the program is divided among a plurality of participating computational resources such as one or more clouds, which do not communicate with each other, while secret sharing all the program's SUBLEQ instructions, to hide their nature of operation and the sequence of operations. Private string matching is secretly performed by comparing strings represented in secret shares, for ensuring the execution of the right instruction sequence. Then arithmetic operations are performed over secret shared bits and branch operations are performed according to the secret shared sign bit of the result.
    Type: Grant
    Filed: January 14, 2016
    Date of Patent: November 5, 2019
    Assignee: SECRETSKYDBLTD
    Inventors: Shlomo Dolev, Yin Li
  • Patent number: 10425390
    Abstract: A content distribution system is disclosed that supports verification of transmission. In some embodiments, a remote probe device captures content and sends the content to a decrypting device so that decryption may be performed. The decrypting device may archive the content and may subsequently send the content to the probe device or to a playback device so that the content may be displayed. Consequently, the content distribution system can verify that specified content (e.g., an advertisement) was correctly distributed according to scheduled information.
    Type: Grant
    Filed: October 27, 2017
    Date of Patent: September 24, 2019
    Assignee: Comcast Cable Communications, LLC
    Inventor: Maurice Garcia
  • Patent number: 10412583
    Abstract: A novel key management approach is provided for securing communication handoffs between a UE and two base stations. A UE establishes a secure communication session with a first base station based on a first master session key based on a master transient key. The UE obtains a second base station identifier associated with a second base station and sends a message associated with a handoff to either the first base station or the second base station. The UE generates a second master session key based on at least the master transient key and the second base station identifier. The second master session key is used for secure communications with the second base station in connection with an intra-authenticator handoff from the first base station to the second base station. The UE then moves the secure communication session to the second base station.
    Type: Grant
    Filed: September 21, 2018
    Date of Patent: September 10, 2019
    Assignee: QUALCOMM Incorporated
    Inventor: Michaela Vanderveen
  • Patent number: 10397784
    Abstract: Some embodiments relate to a method of authorizing the establishment of a peer-to-peer stream between two user terminals of a mobile telecommunications network. The method is implemented in a platform of the mobile telecommunications network and comprises receiving, from a server of a peer-to-peer service provider, a request to establish a peer-to-peer stream between a first user terminal and a second user terminal, the establishment request including a stream identifier, the stream identifier including at least an identifier of the first user terminal and an identifier of the second user terminal. The method also comprises deciding whether to authorize the establishment of the peer-to-peer stream between the first user terminal and the second user terminal and sending an authorization or rejection message for the peer-to-peer stream to a network gateway in charge of controlling the streams transiting on the mobile telecommunications network, the message including the stream identifier.
    Type: Grant
    Filed: June 24, 2015
    Date of Patent: August 27, 2019
    Assignee: ORANGE
    Inventors: Xavier Marjou, Gaƫl Fromentoux
  • Patent number: 10397232
    Abstract: Techniques are described for providing users with access to perform commands on network-accessible computing resources. In some situations, permissions are established for user(s) to execute command(s) on computing node(s) provided by an online service, such as by maintaining various permission information externally to those provided computing nodes for use in controlling users' ability to access, use, and/or modify the provided computing nodes. An interface component may use such external permissions information to determine if a particular user is authorized to execute one or more particular commands on one or more particular computing nodes, and to initiate simultaneous and independent execution of the command(s) on the computing node(s) when authorized. The interface component may further aggregate results from each computing node that executed the command(s), prior to providing the results to the user.
    Type: Grant
    Filed: June 25, 2015
    Date of Patent: August 27, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Omer Hashmi, Katherine Yichen Chung