Patents Examined by Ellen Tran
  • Patent number: 10110385
    Abstract: A system and method for generating a signature for a document using credentials indicating an unsanctioned signing event. The system and method includes receiving a request to generate a signature of a signatory for a document, wherein the request includes a received set of credential data for a signatory, obtaining a token identifier for at least one computing device, and determining if the received set of credential data matches credentials indicating the unsanctioned signing event. The system and method further includes receiving the signature of the signatory, the document identifier, and the token identifier, and determining based at least in part on the signature, document identifier, and the token identifier, whether the received signature is associated with the unsanctioned signing event.
    Type: Grant
    Filed: December 22, 2014
    Date of Patent: October 23, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Dylan Harris Rush, Darren Ernest Canavor, Daniel Wade Hitchcock, Jesper Mikael Johansson, Jon Arron McClintock
  • Patent number: 10104132
    Abstract: Systems and methods for joining a device to a fabric using an assisting device include an indication to add a joining device to a fabric. If the joining device supports network-assisted fabric pairing, a first connection is established between a commissioning device and the assisting device. The assisting device also connects to a joining device. Through the assisting device, the commissioning device and the joining device establish a communication channel over which fabric credentials may be sent.
    Type: Grant
    Filed: December 30, 2014
    Date of Patent: October 16, 2018
    Assignee: Google LLC
    Inventors: Jay D. Logue, Andrew William Stebbins, Roger Loren Tinkoff
  • Patent number: 10091648
    Abstract: A novel key management approach is provided for securing communication handoffs between an access terminal and two access points. As an access terminal moves from a current access point to a new access point, the access terminal sends a short handoff request to the new access point. The short handoff request may include the access terminal ID; it does not include the access point ID. The new access point may then send its identifier and the access terminal's identifier to the authenticator. Using a previously generated master transient key, the access point identifier and the access terminal identifier, an authenticator may generate a master session key. The master session key may then be sent to the access point by the authenticator. The access terminal independently generates the same new security key with which it can securely communicate with the new access point.
    Type: Grant
    Filed: April 24, 2008
    Date of Patent: October 2, 2018
    Assignee: QUALCOMM Incorporated
    Inventor: Michaela Vanderveen
  • Patent number: 10085148
    Abstract: A novel key management approach is provided for securing communication handoffs between an access terminal and two access points. An access terminal establishes a secure communication session with a first access point based on a first master session key based on a master transient key. The access terminal obtains a second access point identifier associated with a second access point and sends a message associated with a handoff to either the first access point or the second access point. The access terminal generates a second master session key based on at least the master transient key and the second access point identifier. The second master session key is used for secure communications with the second access point in connection with an intra-authenticator handoff from the first access point to the second access point. The access terminal then moves the secure communication session to the second access point.
    Type: Grant
    Filed: August 9, 2017
    Date of Patent: September 25, 2018
    Assignee: QUALCOMM Incorporate
    Inventor: Michaela Vanderveen
  • Patent number: 10075464
    Abstract: A security system detects anomalous activity in a network. The system logs user activity, which can include ports used, compares users to find similar users, sorts similar users into cohorts, and compares new user activity to logged behavior of the cohort. The comparison can include a divergence calculation. Origins of user activity can also be used to determine anomalous network activity. The hostname, username, IP address, and timestamp can be used to calculate aggregate scores and convoluted scores.
    Type: Grant
    Filed: March 17, 2017
    Date of Patent: September 11, 2018
    Inventors: Maxim Kesin, Samuel Jones
  • Patent number: 10063532
    Abstract: Provided is an authentication apparatus that performs user authentication, using a wearable terminal worn by a user, whereby allowing a high security to be achieved. It includes a storage part that stores a piece of authentication information in which a piece of terminal information that identifies the wearable terminal worn by the user is registered, a communication part that makes communication with the wearable terminal worn by the user to acquire a piece of terminal information, and an authenticating part that performs user authentication in the case where the same piece of terminal information as that registered in the authentication information has been acquired by the communication part.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: August 28, 2018
    Assignee: KYOCERA Document Solutions Inc.
    Inventor: Takanori Shiraishi
  • Patent number: 10049232
    Abstract: A rewrite detection system, a rewrite detection device and an information processing device can detect unauthorized rewrite to a program or data stored in a storage unit of the information processing device. A rewrite detection device generates a random seed and transmits it to an ECU and a server device. The ECU calculates a hash value using a predetermined hash function on the basis of the received random seed and the storage content of the storage unit, and transmits the hash value to the rewrite detection device. The server device transmits an expectation in response to an inquiry from the rewrite detection device. The rewrite detection device determines whether unauthorized rewrite to a program or data in the ECU has been performed or not in accordance with whether the expectation received from the server device and the hash value received from the ECU coincide with each other or not.
    Type: Grant
    Filed: September 12, 2014
    Date of Patent: August 14, 2018
    Inventors: Hiroaki Takada, Hiroki Takakura, Yukihiro Miyashita, Satoshi Horihata, Hiroshi Okada, Naoki Adachi
  • Patent number: 10019577
    Abstract: Systems and methods for hardware hardened advanced threat protection are described. In some embodiments, an Information Handling System (IHS) may include a processor; and a Basic Input/Output System (BIOS) coupled to the processor, the BIOS having BIOS instructions stored thereon that, upon execution, cause the IHS to: launch an Extensible Firmware Interface (EFI) gateway module; and determine, using the EFI gateway module, whether the BIOS instructions include malware.
    Type: Grant
    Filed: April 14, 2016
    Date of Patent: July 10, 2018
    Assignee: Dell Products, L.P.
    Inventors: Charles D. Robison, Chad R. Skipper, Daniel L. Hamlin
  • Patent number: 10019595
    Abstract: A system and method enabling information access control of the sensitive information, based on a trust computing platform is provided. The trustworthiness of the information seekers is computed and accordingly the information owner is capacitated to decide upon sharing the information completely or sharing with some perturbation. The objective is to provide the information owner with the ability to decide on sharing its private data with respect to a parameter so that the decision is less subjective. This invention allows minimum leakage of sensitive data and makes information owner aware of the risk of privacy breach when private data is shared.
    Type: Grant
    Filed: December 26, 2013
    Date of Patent: July 10, 2018
    Inventors: Arijit Ukil, Joel Joseph, Vijayanand Banahatti, Sachin Lodha
  • Patent number: 10003598
    Abstract: Systems, computer program products, and methods are described herein for a model framework and system for cyber security services. The present invention is configured to determine one or more access paths to the internal computing device from an external computing device; determine one or more controls associated with each access path; determine one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device; determine whether the one or more controls associated with the at least one of the one or more access paths is capable of detecting the access; determine one or more tools configured to regulate the one or more controls; and incorporate the one or more tools within the network to regulate the one or more controls to detect and monitor the access.
    Type: Grant
    Filed: April 15, 2016
    Date of Patent: June 19, 2018
    Assignee: Bank of America Corporation
    Inventors: John Howard Kling, Mark Earl Brubaker, Cora Yan Quon, Rachel Yun Kim Bierner, Armen Moloian, Ronald James Kuhlmeier
  • Patent number: 9996683
    Abstract: Methods and systems are provided for facilitating the secure entry of a user's PIN for electronic transactions such as merchant checkout, payment authorization, or access authorization. A physiological response of the user can indicate which one of a random sequence of numbers is a number of the user's PIN. For example, the user can blink, wink, or make a subtle facial movement to provide the indication.
    Type: Grant
    Filed: June 8, 2015
    Date of Patent: June 12, 2018
    Assignee: PAYPAL, INC.
    Inventors: William Joseph Leddy, Bjorn Markus Jakobsson
  • Patent number: 9979747
    Abstract: Techniques for detecting device type spoofing. The techniques include: receiving a communication from a client device different from the at least one computer; identifying from the communication an asserted type of the client device; and verifying the asserted type of the client device at least in part by: interacting with the client device to obtain additional information about the client device, and determining whether the additional information about the client device is consistent with the asserted type of the client device.
    Type: Grant
    Filed: September 4, 2016
    Date of Patent: May 22, 2018
    Assignee: Mastercard Technologies Canada ULC
    Inventors: Christopher Everett Bailey, Randy Lukashuk, Gary Wayne Richardson
  • Patent number: 9973498
    Abstract: Virtual smart card system includes a virtual smart card server (VSS) which controls access to content respectively associated with a plurality of virtual smart cards. A remote client computer system includes a system level agent which establishes the client computer machine to the VSS as a trusted computer system. A user level agent at the client computer system responds to a request for a virtual smart card operation by causing the client computer system to obtain user authentication information, negotiate with the system level agent to obtain a cookie, and initiate a request to the VSS for the virtual smart card operation. The VSS will perform the virtual smart card operation provided that a security policy is satisfied and will communicate the results to the user level agent.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: May 15, 2018
    Assignee: Citrix Systems, Inc.
    Inventors: David Lloyd, Andrew Innes
  • Patent number: 9965915
    Abstract: A system for authentication of paper sheet and other articles includes an optical sensor configured to generate an image of a first side of an article and a processor operatively connected to the optical sensor. The processor is configured to generate an image of the article with the optical sensor, the image including features that are illuminated by an external illumination source through the article, and generate an output indicating if the article is authentic in response to the features corresponding to a predetermined plurality of features that are generated from another image of the article corresponding to features in the generated image and in response to a cryptographic signature corresponding to feature data that are extracted from the other image corresponding to a valid cryptographic signature of a predetermined party.
    Type: Grant
    Filed: September 23, 2014
    Date of Patent: May 8, 2018
    Assignee: Robert Bosch GmbH
    Inventors: Jorge Guajardo Merchan, Charu Hans
  • Patent number: 9967624
    Abstract: A method and system utilizing proximity information in managing digital rights is provided. An example method includes receiving a request to access a content item at an electronic device, determining proximity information using at least one processor, the proximity information indicating proximity of the electronic device to a designated base electronic device and using the proximity information for granting or denying access to the content item.
    Type: Grant
    Filed: March 2, 2012
    Date of Patent: May 8, 2018
    Inventor: Eric Ha
  • Patent number: 9967284
    Abstract: A processing device (10) includes a policy evaluation module (131) for evaluating policies associated with an item of data or an application and a dynamic context determination module (133) for determining contextual information associated with the current context of operation of the device and for providing the thus determined contextual information to the policy evaluation module. The device (10) further includes a policy enforcement module (135) for enforcing the evaluation specified by the policy evaluation module (131), wherein the device is operable to cause the policy evaluation module to evaluate a policy associated with an item of data or an application whenever the associated item of data or application is invoked and, additionally, whilst the associated item of data or application is active on the device and a notification of a change in the determined contextual information is received by the policy evaluation module.
    Type: Grant
    Filed: December 31, 2013
    Date of Patent: May 8, 2018
    Assignee: BRITISH TELECOMMUNICATIONS public limited company
    Inventors: Yair Diaz-Tellez, Fadi El-Moussa, Theo Dimitrakos, Abdullahi Arabo
  • Patent number: 9954866
    Abstract: A delegation request is submitted to a session-based authentication service, fulfilment of which involves granting an entity an access privilege to a computing resource. A session key is received from the session-based authentication service. The session key having been generated based at least in part on a restriction and a secret credential shared with the session-based authentication service and usable at least in part to prove possession of the access privilege to the computing resource. The session key is provided to the entity without providing the shared secret credential.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: April 24, 2018
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine, Nathan R. Fitch, Cristian M. Ilac, Eric D. Crahen
  • Patent number: 9948730
    Abstract: A method of operation of a social network system includes: receiving a service request for accessing a peripheral device revealed through a social graph of a social platform; determining a request type for matching the service request to a device service provided by the peripheral device; authorizing the device service through the social graph for accessing the peripheral device; and generating a service command based on the request type of the device service authorized for executing the device service for the peripheral device.
    Type: Grant
    Filed: June 1, 2011
    Date of Patent: April 17, 2018
    Inventor: Ramon Rubio
  • Patent number: 9935925
    Abstract: Some embodiments are directed to a cryptographic method for providing an electronic first device, an electronic second device and an electronic intermediary device, the cryptographic method establishing a cryptographically protected communication channel between the first device and the second device. The method comprises establishing a session identifier (SID) between the first device and the intermediary device. The first device sends the session identifier and a first key element to the second device over an out-of-band channel. The second device sends a registration message comprising the session identifier to the intermediary device. The first and derived at the first and second device.
    Type: Grant
    Filed: September 24, 2015
    Date of Patent: April 3, 2018
    Assignee: INTRINSIC ID B.V.
    Inventors: Derk Jan Meuleman, Roel Maes, Geert Jan Schrijen
  • Patent number: 9928384
    Abstract: A method (and system) for detecting intrusions to stored data includes creating a point-time-copy of a logical unit, and comparing at least a portion of the point-time-copy with a previous copy of the logical unit. The method (and system) monitors access to a data storage system and detects an intrusion or any other intentional or unintentional, unwanted modification to data stored in the data storage system. The method (and system) also recovers data once an intrusion or other unwanted modification is detected.
    Type: Grant
    Filed: April 4, 2008
    Date of Patent: March 27, 2018
    Inventors: Bulent Abali, Mohammad Banikazemi, Dan Edward Poff