Patents Examined by Eric W Shepperd
-
Patent number: 9876809Abstract: A standard metadata model for analyzing events with fraud, attack or other malicious background is disclosed. Log data for two or more computing systems is stored, and mapped to standardized attributes based on metadata entities defined for each computing system. A standard metadata model is defined for the computing systems, in which one or more standardized attributes of a first set of computing systems is associated with one or more standardized attributes of a second set of computing systems to define connected metadata that connects attributes of the associated metadata entities.Type: GrantFiled: November 10, 2015Date of Patent: January 23, 2018Assignee: SAP SEInventor: Kathrin Nos
-
Patent number: 9870485Abstract: A system and method for detecting sensitive user input leakages in software applications, such as applications created for smartphone platforms. The system and method are configured to parse user interface layout files of the software application to identify input fields and obtain information concerning the input fields. Input fields that contain sensitive information are identified and a list of sensitive input fields, such as contextual IDs, is generated. The sensitive information fields are identified by reviewing the attributes, hints and/or text labels of the user interface layout file. A taint analysis is performed using the list of sensitive input fields and a sink dataset in order to detect information leaks in the sensitive input fields.Type: GrantFiled: November 12, 2015Date of Patent: January 16, 2018Assignee: NEC CorporationInventors: Zhichun Li, Xusheng Xiao, Zhenyu Wu, Jianjun Huang, Guofei Jiang
-
Patent number: 9860262Abstract: A method for encoding computer processes for malicious program detection.Type: GrantFiled: December 4, 2015Date of Patent: January 2, 2018Assignee: PERMISSIONBITInventors: Ronnie Mainieri, Curtis A. Hastings
-
Patent number: 9858438Abstract: An approach for managing photograph metadata anonymization is provided. The approach receives, by one or more processors, a photograph file, wherein the photograph file comprises a digital photograph and a first metadata. The approach receives, by one or more processors, a rule set for modifying the first metadata. The approach determines, by one or more processors, whether at least one rule of the rule set corresponds to a datum of the first metadata. Responsive to determining at least one rule corresponds to at least one datum of the first metadata, the approach modifies, by one or more processors, the first metadata based on the rule set to create a second metadata. The approach stores, by one or more processors, the first metadata in a database.Type: GrantFiled: March 26, 2015Date of Patent: January 2, 2018Assignee: International Business Machines CorporationInventors: Erik Rueger, Tim U. Scheideler, Thomas A. Snellgrove
-
Patent number: 9842062Abstract: Some embodiments provide, for a particular device in a set of related devices, a method for backing up data synchronized between the devices. The method receives a command to create a backup for a subset of data synchronized between a subset of the devices, which is a subset of all data synchronized between the devices. The method identifies the subset of synchronization data from the set of all synchronization data. The subset of synchronization data is tagged as pertaining to a particular set of criteria for synchronization between only the subset of devices. The method stores a backup of the subset of synchronization data in a backup storage encrypted in such a way that requires a recovery key associated with any one of the devices in the subset of devices to access the backup while preventing access to the backup with recovery keys of any of the other devices.Type: GrantFiled: September 30, 2015Date of Patent: December 12, 2017Assignee: APPLE INC.Inventors: Michael D. Ford, Jerrold V. Hauck, Matthew G. Watson, Mitchell D. Adler, Dallas B. De Atley, James Wilson
-
Patent number: 9830446Abstract: A method for removing credentials from a smart grid device includes: receiving, by a receiving device, a removal request, wherein the removal request includes a device identifier associated with a smart grid device and is signed by an entity associated with a set of security credentials stored in a memory of the smart grid device, the set of security credentials restricting access to one or more components or operations of the smart grid device; extracting, by a processing device, the device identifier included in the received removal request; generating, by the processing device, a permit configured to remove the set of credentials from the smart grid device, wherein the generated permit includes the extracted device identifier; and transmitting, by a transmitting device, the generated permit to the smart grid device for removal of the set of credentials from the memory of the smart grid device.Type: GrantFiled: October 16, 2014Date of Patent: November 28, 2017Assignee: SILVER SPRING NETWORKS, INC.Inventors: Aditi Dubey, Benjamin N. Damm, Michael StJohns
-
Patent number: 9832610Abstract: When individual persons or vehicles move through a transportation network, they are likely to be both actively and passively creating information that reflects their location and current behavior. In this patent, we propose a system that makes complete use of this information. First, through a broad web of sensors, our system collects and stores the full range of information generated by travelers. Next, through the use of previously-stored data and active computational analysis, our system deduces the identity of individual travelers. Finally; using advanced data-mining technology, our system selects useful information and transmits it back to the individual, as well as to third-party users; in short, it forms the backbone for a variety of useful location-related end-user applications.Type: GrantFiled: August 19, 2016Date of Patent: November 28, 2017Assignee: Apple Inc.Inventors: Frederick S. M. Herz, Pierre Lemaire, Jean H. Lemaire, Walter Paul Labys
-
Patent number: 9817957Abstract: A processing device comprises a processor coupled to a memory and is configured to predict or otherwise determine that a user will utilize a target application on a user device in involvement with a particular set of smart objects, to request cryptographic material for activating the smart objects of the set, to receive the cryptographic material responsive to the request, and to utilize the cryptographic material to activate the smart objects. Each of the activated smart objects provides a verifier with a proof of involvement with the user device. The verifier controls user access to the target application based at least in part on the proofs provided by the activated smart objects. The determining, requesting, receiving and utilizing operations in some embodiments are performed by a learning agent running on the processing device. The learning agent illustratively includes functionality for learning target application access behavior of the user over time.Type: GrantFiled: June 4, 2015Date of Patent: November 14, 2017Assignee: EMC IP Holding Company LLCInventors: Andres D. Molina-Markham, Kevin D. Bowers, Nikolaos Triandopoulos
-
Patent number: 9792421Abstract: The present disclosure relates to secure storage of a detailed set of elements relating to fingerprint features for a finger and to a method for authenticating a candidate fingerprint of a finger using said detailed set of elements, allowing for improved security and user convenience.Type: GrantFiled: March 28, 2017Date of Patent: October 17, 2017Assignee: FINGERPRINT CARDS ABInventor: Sebastian Weber
-
Patent number: 9794229Abstract: New and improved techniques for a behavior analysis based DNS tunneling detection and classification framework for network security are disclosed. In some embodiments, a platform implementing an analytics framework for DNS security is provided for facilitating DNS tunneling detection. For example, an online platform can implement an analytics framework for DNS security based on passive DNS traffic analysis.Type: GrantFiled: September 30, 2015Date of Patent: October 17, 2017Assignee: Infoblox Inc.Inventors: Bin Yu, Les Smith, Mark Threefoot
-
Patent number: 9781158Abstract: Improved techniques involve comparing paronymous addresses received in transaction data with trusted sets of paronymous data stored in a database by both a trusted client computer and a trusted server computer. Along these lines, the trusted client computer sends data packets to the trusted server computer that contain network addresses and a secure identifier. In response, the trusted server computer sends acknowledgment data packets containing encrypted network addresses and the secure identifier. Upon sending the acknowledgement data packets, the server computer communicates the network addresses to an aggregator. When the client computer receives the acknowledgement data packets, the client computer communicates the network addresses to the aggregator. Once the aggregator receives transaction data containing paronymous addresses, the aggregator compares the paronymous addresses to those communicated to it by the trusted server and client computers.Type: GrantFiled: September 30, 2015Date of Patent: October 3, 2017Assignee: EMC IP Holding Company LLCInventor: Andreas Wittenstein
-
Patent number: 9768953Abstract: A processor-based method for secret sharing in a computing system is provided. The method includes encrypting shares of a new secret, using a previous secret and distributing unencrypted shares of the new secret and the encrypted shares of the new secret, to members of the computing system. The method includes decrypting at least a subset of the encrypted shares of the new secret, using the previous secret and regenerating the new secret from at least a subset of a combination of the unencrypted shares of the new secret and the decrypted shares of the new secret.Type: GrantFiled: September 30, 2015Date of Patent: September 19, 2017Assignee: Pure Storage, Inc.Inventors: Andrew R. Bernat, Ethan L. Miller
-
Patent number: 9756056Abstract: A method includes forming, during access to a site, an association between a user and a first device. Contact information for a second device associated with the user is obtained. During a subsequent access to the site the first device is recognized. The user is prompted to authenticate without inputting identifying information. The user is authenticated at the site relying upon the association and a positively acknowledged message from the second device.Type: GrantFiled: September 4, 2013Date of Patent: September 5, 2017Inventor: Anton Nikolaevich Churyumov
-
Patent number: 9756050Abstract: Authorization decisions can be made in a resource environment using authorization functions which can be provided by customers, third parties, or other such entities. The functions can be implemented using virtual machine instances with one or more transient compute containers. This compute capacity can be preconfigured with certain software and provided using existing compute capacity assigned to a customer, or capacity invoked from a warming pool, to execute the appropriate authorization function. The authorization function can be a lambda function that takes in context and generates the appropriate security functionality inline. The utilization of ephemeral compute capacity enables the functionality to be provided on demand, without requiring explicit naming or identification, and can enable cause state information to be maintained for a customer.Type: GrantFiled: March 26, 2015Date of Patent: September 5, 2017Assignee: Amazon Technologies, Inc.Inventor: Eric Jason Brandwine
-
Patent number: 9736187Abstract: A data processing method and system, providing a data transmitting interface to a parallel computing system, are provided. The parallel computing system includes a mapper, a reducer, and an operation device. The data transmitting interface intercepts a parallel computing input command transmitted from the mapper and an output result transmitted from the operation device. The data transmitting interface transmits the parallel computing input command to the operation device after receiving the parallel computing input command and when the parallel computing input command is not abnormal based on a security policy is determined. The data transmitting interface transmits the output result to the reducer after receiving the output result and when the output result is not abnormal based on the security policy is determined.Type: GrantFiled: November 11, 2015Date of Patent: August 15, 2017Assignee: Wistron CorporationInventor: Chih-Ming Chen
-
Patent number: 9735962Abstract: Securing encryption keys in a data storage system using three layer key wrapping that encrypts a data encryption key using a key encryption key, encrypts the key encryption key using a controller encryption key, and encrypts the controller encryption key using a public key of an asymmetric key pair. The private key is stored on a removable storage device. A separate encryption accelerator component decrypts the encryption keys in order to encrypt and/or decrypt host data from a memory of a storage processor. The removable storage drive must be inserted into a receptacle of the encryption accelerator for encryption and/or decryption to be performed, since the encryption accelerator accesses the private key from the removable storage device in order to decrypt the encrypted controller key. The encryption accelerator generates key handles for the storage processor to use when requesting encryption and/or decryption operations.Type: GrantFiled: September 30, 2015Date of Patent: August 15, 2017Assignee: EMC IP Holding Company LLCInventors: Lifeng Yang, Jian Gao, Xinlei Xu, Ruiyong Jia, Lili Chen
-
Patent number: 9734330Abstract: An inspection and recovery method and apparatus for handling virtual machine vulnerability, which inspect the security status of a virtual machine in a hypervisor domain, and recover a main system file or limit the use of a virtual machine suspected of being damaged due to hacking depending on the results of inspection, thus providing a secure virtual machine use environment for cloud computing. In the presented method, collection target information and inspection criteria including vulnerability inspection criteria, recovery criteria, and hacking damage criteria are updated. Then, the collection target information is collected from the virtual disk and virtual memory of each virtual machine. Vulnerability is inspected in conformity with the inspection criteria, based on the collected information. A damaged main system file depending on inspection results is recovered based on recovery criteria.Type: GrantFiled: July 6, 2015Date of Patent: August 15, 2017Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Sung-Jin Kim, ByungJoon Kim, ChulWoo Lee, HyoungChun Kim
-
Patent number: 9730063Abstract: A method includes receiving, by a computing system of a first wireless network from a first device, a request to access a second wireless network secured with a network encryption key. The method includes determining that a user account associated with the first device permits access to the second wireless network. The method includes sending, to a registration device, a token that is usable by a second device to access the network encryption key. The method includes sending, via the first wireless network, the token to the first device for transmission of the token to the second device. The transmission of the token from the first device to the second device enables the second device to send a hash value based on the token to the registration device. The hash value enables the registration device to provide access to the network encryption key to the second device.Type: GrantFiled: September 1, 2015Date of Patent: August 8, 2017Assignee: AT&T Intellectual Property I, L.P.Inventor: Mostafa Tofighbakhsh
-
Patent number: 9727743Abstract: A database access system may protect a field by storing the field as one or more underlying fields within a database. The database engine may not have access to keys used to protect the underlying fields within the database, such as by encryption, while the database access system may have access to the keys. Underlying fields may be used to store protected data and aid in the querying of protected data. The database access system may modify queries to use the underlying fields, which may include encrypting query terms and/or modifying query terms to fit the use of the underlying fields. The database access system may modify query results to match the format of the original query, which may include decrypting protected results and/or removing underlying fields.Type: GrantFiled: February 1, 2016Date of Patent: August 8, 2017Assignee: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Nathan R. Fitch, Bradley Jeffery Behm, Patrick J. Ward, Graeme D. Baer, Eric Jason Brandwine
-
Patent number: 9727721Abstract: Disclosed is a method for unlocking an electronic equipment, and the method includes: the electronic equipment detects periodically whether there is an unlocking key in its surrounding environment, and when there is an unlocking key in the surrounding environment, transmits an unlocking request to the unlocking key; the unlocking key receives the unlocking request, determines in accordance with the unlocking request whether the electronic equipment matches the unlocking key, and when it is determined that the electronic equipment matches the unlocking key, transmits an unlocking signal to the electronic equipment so as to unlock the electronic equipment. Further disclosed are a device for unlocking an electronic equipment and an unlocking key for unlocking an electronic equipment. By means of the present disclosure, the unlocking key is enabled to automatically unlock an electronic equipment when it is disposed near the electronic equipment.Type: GrantFiled: July 24, 2013Date of Patent: August 8, 2017Assignee: ZTE CORPORATIONInventors: Weiping Wang, Xiaobo Zhang, Yajun Gou