Patents Examined by Ellen Tran
  • Patent number: 9917852
    Abstract: Techniques for Domain Generation Algorithm (DGA) behavior detection are provided. In some embodiments, a system, process, and/or computer program product for DGA behavior detection includes receiving passive Domain Name System (DNS) data that comprises a plurality of DNS responses at a security device; and applying a signature to the passive DNS data to detect DGA behavior, in which applying the signature to the passive DNS data to detect DGA behavior further comprises: parsing each of the plurality of DNS responses to determine whether one or more of the plurality of DNS responses correspond to a non-existent domain (NXDOMAIN) response.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: March 13, 2018
    Assignee: Palo Alto Networks, Inc.
    Inventors: Wei Xu, Xin Ouyang
  • Patent number: 9882891
    Abstract: A method, server processing system and computer readable medium for identity verification is disclosed. In one aspect, the server processing system is configured to: receive digitally signed data including rating data issued by a second server processing system in order for an entity to register for a service associated with the server processing system, the rating data is indicative of an identity verification rating for the entity; verify that the digitally signed data has been issued by the second server processing system; and use the identity verification rating to register the entity in the event that the rating data is successfully verified as being issued by the second server processing system.
    Type: Grant
    Filed: June 4, 2015
    Date of Patent: January 30, 2018
    Assignee: Token One Pty. Ltd.
    Inventors: Philip Anthony Frederick Cuff, Kamil Kreiser, Marek Kreiser
  • Patent number: 9871773
    Abstract: A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature.
    Type: Grant
    Filed: June 30, 2015
    Date of Patent: January 16, 2018
    Assignee: Encryptics, LLC
    Inventors: Patrick Carson Meehan, Zachary Wisenbaker Price, Raymond Joseph Zambroski, Jr., William Henry Frenchu, Shawn Patrick Hickey, Jesse Lee White, Anthony Allen Mohr, Jeremy Wayne Gomsrud
  • Patent number: 9871805
    Abstract: A method, system, server processing system and computer readable medium for authenticating a user attempting to access a secure environment is disclosed. In one aspect, the server processing system is configured to: receive an authentication request to authenticate the user attempting to access the secure environment; transfer, to the user or a user device associated with the user, an index corresponding to a selected key from a keymap; receive data indicative of a code which is based on the selected key presented by the user device and a personal identifier, and determine, using the code whether the user is authenticated. Advantageously, the server processing system never stores nor receives data directly indicative of the personal identifier such that no one else is able to determine the personal identifier, not even an employee of the secure environment which the user is attempting to access.
    Type: Grant
    Filed: April 30, 2014
    Date of Patent: January 16, 2018
    Assignee: TOKEN ONE PTY LTD
    Inventors: Philip Anthony Frederick Cuff, Sebastien John Eckersley-Maslin, Kamil Kreiser, Jeremy Wayne Paddison, David Robert Grieve
  • Patent number: 9870829
    Abstract: A flash memory apparatus having a physical unclonable function (PUF) and an embodying method of the same are provided. To elaborate, the flash memory apparatus includes a flash memory unit that comprises a main memory area and a peripheral memory area; a challenge input unit that receives input of a challenge value; a read voltage setting unit that sets a read voltage based on the input challenge value; a data reading unit that reads data by applying the read voltage to a memory cell included in a pre-set memory area in the peripheral memory area each time the challenge value is input; and a response output unit that outputs the read data as a response value corresponding to the challenge value, wherein the pre-set memory area consists of a plurality of memory cells comprising two or more memory cells having different threshold voltage values.
    Type: Grant
    Filed: August 20, 2015
    Date of Patent: January 16, 2018
    Assignee: Korea University Research and Business Foundation
    Inventors: Jong Sun Park, Sang Kyu Lee
  • Patent number: 9866370
    Abstract: Architecture for embedding a cryptographic engine in a processor is disclosed. An ASIC processor is embedded with a programmable processing core, such as an FPGA, with the key register and I/O registers remaining in fixed logic.
    Type: Grant
    Filed: December 5, 2007
    Date of Patent: January 9, 2018
    Inventors: Bryan Doi, Kevin Osugi, Nhu-Ha Yup, Richard Takahashi
  • Patent number: 9862049
    Abstract: A welding system including a processor configured to receive a first set of welding data of a live welding session corresponding to welding parameters, arc parameters, or any combination thereof, a memory configured to store the received first set of welding data, and an operator identification system coupled to the processor and to the memory. The operator identification system includes an input device configured to receive a first identifier input from a first operator that performs the welding session and a second identifier input from a second operator. The operator identification system is configured to determine an identity of the first operator based at least in part on the first identifier input, to verify the identity of the first operator based at least in part on the second identifier input, and to associate the received first set of welding data with the first identifier input.
    Type: Grant
    Filed: June 23, 2015
    Date of Patent: January 9, 2018
    Assignee: Illinois Tool Works Inc.
    Inventor: William Joshua Becker
  • Patent number: 9860210
    Abstract: An intrusion detection system is described that is capable of applying a plurality of stacked (layered) application-layer decoders to extract encapsulated application-layer data from a tunneled packet flow produced by multiple applications operating at the application layer, or layer seven (L7), of a network stack. In this way, the IDS is capable of performing application identification and decoding even when one or more software applications utilize other software applications as for data transport to produce packet flow from a network device. The protocol decoders may be dynamically swapped, reused and stacked (layered) when applied to a given packet or packet flow.
    Type: Grant
    Filed: October 26, 2016
    Date of Patent: January 2, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Siying Yang, Krishna Narayanaswamy
  • Patent number: 9860055
    Abstract: A method of implementing large number multiplication and exponentiation is provided upon a general purpose microprocessor. These large number multiplication and exponentiation processes being common to cryptography standards such as RSA and AES that typically employ numbers with 512-bits, 1024-bits, and 2048-bits. According to the invention the method establishes the size of the large number processes according to value stored within a control register, this control register and other registers storing data are configured according to this value and accessed as N-bit registers (i.e. as 1024-bit registers for 1024-bit encryption. Additionally, the multiplication and exponentiation processes are handled according to the size of an arithmetic primitive, which is established according to the hardware configuration upon which the process is operating.
    Type: Grant
    Filed: March 22, 2007
    Date of Patent: January 2, 2018
    Assignee: Synopsys, Inc.
    Inventors: Neil F. Hamilton, Arthur J. Low
  • Patent number: 9860069
    Abstract: The invention relates to a method for signing a message (m), implemented by processing means of a user device of a member (Mi) belonging to a group of members (G), said user device having a secret signature key (ski), said method including a step of generating (E301) a group signature (?) for the message (m), enabling said member (Mi) to prove his membership in the group (G), and a step of generating (E302) a pseudonym (nymij) identifying the member (Mi) within a domain (Dj) of a service provider (SPj), said domain including a set of terminals in communication with a server of said service provider, said signature (?) being designed such that said member (Mi) can prove, by signing the message (m), his knowledge of said secret signature key without disclosing it, said group signature (?) being designed such that the membership of the member (Mi) in the group is verifiable independently from the pseudonym (nymij), said pseudonym and said signature being a function of a portion (xi) of said secret signature k
    Type: Grant
    Filed: March 25, 2014
    Date of Patent: January 2, 2018
    Assignee: MORPHO
    Inventors: Alain Patey, Herve Chabanne, Julien Bringer
  • Patent number: 9853994
    Abstract: In a log analysis cooperation system including a logger that collects a log of a communication device and stores the log in a storage device, a SIEM apparatus that detects an attack, and a log analysis apparatus that analyzes the log collected by the logger, a log analysis cooperation apparatus stores an attack scenario in a storage device, receives from the SIEM apparatus warning information including information on the detected attack, computes a predicted occurrence time of an attack predicted to occur subsequent to the detected attack based on the warning information and the attack scenario, and transmits to the log analysis apparatus a scheduled search to search the log at predicted occurrence time computed. The log analysis apparatus transmits a scheduled search to the logger to search the log at the predicted occurrence time.
    Type: Grant
    Filed: November 8, 2013
    Date of Patent: December 26, 2017
    Assignee: Mitsubishi Electric Corporation
    Inventors: Hiroyuki Sakakibara, Shoji Sakurai, Kiyoto Kawauchi
  • Patent number: 9847984
    Abstract: A method for implementing response function agnostic, challenge-response authentication on a CE device includes sharing a series of proxy responses to a series of authentication challenges with a service provider, receiving an associated actual response from an initialization phase response function for each of the authentication challenges, where at least one of the initialization phase response function and a parameter required for the initialization phase response function is withheld from the service provider, encrypting each of the proxy responses with its associated actual response, thereby generating a series of encrypted proxy responses, storing the encrypted proxy responses on the CE device, receiving one of the authentication challenges from the service provider, inputting the authentication challenge to an operation phase response generator on the CE device, where the operation phase response generator is configured with the same response function used by the initialization phase response generator
    Type: Grant
    Filed: October 23, 2013
    Date of Patent: December 19, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: David Wachtfogel, Andrew Sinton
  • Patent number: 9846858
    Abstract: A system and method for facilitating the transfer of contact information between network subscribers said system including at least one server coupled to the network; at least one database coupled to the server; a plurality of subscriber terminals coupled to the network wherein each subscriber's terminal is configured to send contact information associated with a subscriber to the server in response to a request by said subscriber; wherein the request causes the subscriber's terminal to compile the contact information into an electronic business card object having one or more textual fields and map the one or more textual fields of the electronic business card to one or more object attributes contained in an electronic business card object and transmit the electronic business card object to the server for storage in the database is disclosed.
    Type: Grant
    Filed: December 15, 2010
    Date of Patent: December 19, 2017
    Inventors: Alex D. Ibasco, Eduardo Ramon G. Joson, Valenice G. Balace, Jose Lorenzo L. Losantas
  • Patent number: 9838364
    Abstract: A content distribution system is disclosed that supports verification of transmission. In some embodiments, a remote probe device captures content and sends the content to a decrypting device so that decryption may be performed. The decrypting device may archive the content and may subsequently send the content to the probe device or to a playback device so that the content may be displayed. Consequently, the content distribution system can verify that specified content (e.g., an advertisement) was correctly distributed according to scheduled information.
    Type: Grant
    Filed: July 6, 2016
    Date of Patent: December 5, 2017
    Assignee: Comcast Cable Communications, LLC
    Inventor: Maurice Garcia
  • Patent number: 9826335
    Abstract: A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.
    Type: Grant
    Filed: January 21, 2009
    Date of Patent: November 21, 2017
    Assignee: InterDigital Patent Holdings, Inc.
    Inventors: Inhyok Cha, Yogendra C. Shah, Andreas U. Schmidt, Michael V. Meyerstein
  • Patent number: 9813382
    Abstract: In some embodiments, a method includes establishing a secured connection between a client device and a subordinate web service of a single sign-on service for a user, using a shared cryptographic key in a cookie stored on the client device that was transmitted over a different secured connection by a master web service of the single sign-on service, as part of authentication of the user for the single sign-on service.
    Type: Grant
    Filed: March 7, 2007
    Date of Patent: November 7, 2017
    Inventors: Sunil Agrawal, Andrei Sheretov
  • Patent number: 9811643
    Abstract: According to an embodiment of the present invention, a server divides data into multiple data segments, directly stores some of the data segments without encryption, and encrypts and stores the other data segments; the server receives, from the terminal, a download request of downloading the data, and sends the unencrypted data segments to the terminal; and the server receives an identity authentication request sent by the terminal, performs identity authentication on the terminal, and sends the encrypted data segments to the terminal after the identity authentication succeeds.
    Type: Grant
    Filed: May 28, 2015
    Date of Patent: November 7, 2017
    Assignee: Tencent Technology (Shenzhen) Company Limited
    Inventor: Yuancan Lin
  • Patent number: 9813446
    Abstract: Systems and methods for matching and scoring sameness. In some embodiments, a computer-implemented method is provided, comprising acts of: identifying a plurality of first-degree anchor values from the first digital interaction, wherein the plurality of first-degree anchor values comprise first-degree anchor values X and Y; accessing a profile of the first-degree anchor value X, wherein: the profile of the first-degree anchor value X comprises a plurality of sets of second-degree anchor values; and each set of the plurality of sets of second-degree anchor values corresponds to a respective anchor type and comprises one or more second-degree anchor values of that anchor type; determining how closely the first-degree anchor values X and Y are associated; and generating an association score indicative of how closely the plurality of first-degree anchors are associated, based at least in part on how closely the first-degree anchor values X and Y are associated.
    Type: Grant
    Filed: September 4, 2016
    Date of Patent: November 7, 2017
    Assignee: NuData Security Inc.
    Inventors: Christopher Everett Bailey, Randy Lukashuk, Gary Wayne Richardson
  • Patent number: 9806883
    Abstract: The embodiments relate to a method and a digital circuit area for securely providing a key using a request unit and a provision unit. In this case, a key is derived from parameters, at least one of which is used for the key derivation in a non-predefinable manner by the request unit. In this case, the key derivation is carried out in a digital circuit area in which the request unit and the provision unit are implemented.
    Type: Grant
    Filed: December 19, 2014
    Date of Patent: October 31, 2017
    Assignee: Siemens Aktiengesellschaft
    Inventor: Rainer Falk
  • Patent number: 9794237
    Abstract: A method of managing secure communications states in an endpoint within a secure network is disclosed. The method includes, in a disconnected state, transmitting from a first endpoint to a second endpoint a first message including an authorization token. The method further includes, in the pending state, receiving from the second endpoint a second message including a second authorization token at the first endpoint. The method includes, based on the receipt of the second message, entering an open state and initializing a tunnel between the first and second endpoints using an IPsec-based secured connection. The method also includes, upon termination of the tunnel due to a termination or timeout message issued by at least one of the first and second endpoints, entering a closed state.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: October 17, 2017
    Assignee: Unisys Corporation
    Inventors: Robert A Johnson, Sarah K Inforzato