Patents Examined by Farid Homayounmehr
  • Patent number: 10296750
    Abstract: Users are authorized to access tagged metadata in a provider network. A revision control and binding mechanism may be applied to tagged metadata that is added or modified by the user. A recommendation pertaining to security and compliance for the computing resource may be determined based on an analysis of the computing resource, scoring criteria, and data pertaining to customer and system data.
    Type: Grant
    Filed: September 10, 2014
    Date of Patent: May 21, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Hart Matthew Rossman
  • Patent number: 10296751
    Abstract: In response to a request to transmit a message from a sender to a recipient, risk values including low and high values are assigned to a content risk rating via comparing content of the message to content risk criteria, to a sender risk rating as a function of a sender identity, to a recipient risk rating as a function of a recipient identity, and to a dissemination reach rating of the message as a function of association to a security level of a message distribution channel. A total message risk score is determined from the content disclosure risk rating, sender risk rating, recipient risk rating and dissemination reach rating values. The message is transmitted from the sender to the recipient or if the total message risk score meets a high risk threshold value; otherwise, a mitigation action is applied to the message.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: May 21, 2019
    Assignee: International Business Machines Corporation
    Inventors: Michael K. Boudreau, Joseph N. Dellatorre
  • Patent number: 10289610
    Abstract: An appliance includes a processor, a medium, a registration application, and a monitoring application. The registration application includes instructions in the medium that, when read and executed by the processor, configure the registration application to write a transaction identifier to a start message, the transaction identifier identifying the appliance, write a dataset of interest identifier to the start message, and send the start message to a database. The dataset of interest identifies a group of appliances including the appliance. The monitoring application includes instructions in the medium that, when read and executed by the processor, configure the monitoring application to monitor operations executed on the appliance, write data resulting from the operations to a data message, and send the data message anonymously to the database. The data message is signed with a member key associated with the group of appliances.
    Type: Grant
    Filed: December 23, 2015
    Date of Patent: May 14, 2019
    Assignee: McAfee, LLC
    Inventors: Geoffrey H. Cooper, Guy L. AlLee, Jr.
  • Patent number: 10289873
    Abstract: The present disclosure includes systems and techniques relating to information flow and hardware security for digital devices and microprocessor systems. In general, in one implementation, a technique includes: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving a security property specifying a restriction relating to the one or more labels for implementing a secure information flow in the hardware configuration; designating each of the one or more labels to a corresponding security level in accordance with the specified restriction; and automatically assigning a respective value to each of the one or more labels in the hardware design, wherein each respective value is determined in accordance with the corresponding security level designated for each of the one or more labels.
    Type: Grant
    Filed: April 28, 2016
    Date of Patent: May 14, 2019
    Assignee: Tortuga Logic Inc.
    Inventors: Jason K. Oberg, Jonathan Valamehr, Ryan Kastner, Timothy Sherwood
  • Patent number: 10284371
    Abstract: A system for preventing a brute force attack includes an output interface, an input interface, and a processor. An output interface is to provide a workfactor, a challenge token, and a login page to a client. An input interface is to receive a response token, a username, and a password. A processor is to determine whether the response token satisfies a condition based at least in part on the workfactor and determine whether the username and password are valid in the event that it is determined that the response token satisfies the condition based at least in part on the workfactor.
    Type: Grant
    Filed: September 5, 2017
    Date of Patent: May 7, 2019
    Assignee: Workday, Inc.
    Inventors: Brandon Sterne, Austin Munsch
  • Patent number: 10284524
    Abstract: A system comprising a gateway capable of connecting to an Internet router, and at least one Internet-connected device, said Internet-connected device comprising a digital certificate limiting its Internet access to a particular server or servers, said gateway capable of verifying the certificate and connecting the Internet-connected device to its server or servers.
    Type: Grant
    Filed: January 30, 2015
    Date of Patent: May 7, 2019
    Inventor: James Armand Baldwin
  • Patent number: 10282546
    Abstract: The disclosed computer-implemented method for detecting malware based on event dependencies may include (1) applying, to a malware detection system capable of analyzing event dependencies, an event sequence derived from the execution of an application, (2) obtaining, from the malware detection system, a malware confidence score for the event sequence which the malware detection system calculates after a certain event within the event sequence has executed based at least in part on one or more dependencies between the certain event and at least one other event within the event sequence, (3) determining that the malware confidence score exceeds a threshold, and (4) classifying the application as malicious in response to determining that the malware confidence score exceeds the threshold. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 21, 2016
    Date of Patent: May 7, 2019
    Assignee: Symatec Corporation
    Inventors: Jugal Parikh, Reuben Feinman
  • Patent number: 10284549
    Abstract: To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website, directly from the network site. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user's signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret.
    Type: Grant
    Filed: February 4, 2016
    Date of Patent: May 7, 2019
    Assignee: Early Warning Services, LLC
    Inventor: Ravi Ganesan
  • Patent number: 10277572
    Abstract: Systems, methods, and software can be used to share content. In some aspect, an enterprise mobility management (EMM) server receives a command for provisioning a user for an enterprise service at an identity provider (IDP). The EMM server sends a user provisioning request to the IDP. The user provisioning request includes a user identity attribute and a user entitlement attribute, the user identity attribute identifies the user, and the user entitlement attribute indicates an access level associated with the user for the enterprise service. The EMM server receives a user provisioning response from the IDP. The user provisioning response indicates that the user is provisioned at the IDP for the enterprise service.
    Type: Grant
    Filed: April 12, 2016
    Date of Patent: April 30, 2019
    Assignee: BlackBerry Limited
    Inventors: Mendel Elliot Spencer, Kirk Douglas Smith, David Brian Seel, Robert Lorne Bowerman, Aleksandar Susnjar, Calin Marius Bozsitz
  • Patent number: 10277399
    Abstract: A replaceable item for a host device includes a non-volatile memory and logic. The non-volatile memory stores passwords or authentication values, and/or a cryptographic key. The logic permits retrieval of a predetermined maximum number of the passwords from the non-volatile memory to authenticate the replaceable item within the host device. The predetermined maximum number of the passwords is less than the total number of the passwords.
    Type: Grant
    Filed: December 14, 2017
    Date of Patent: April 30, 2019
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Erik D. Ness, Stephen D. Panshin, Jefferson P. Ward
  • Patent number: 10277559
    Abstract: Methods, systems and programming for data traffic control and encryption. In one example, data traffic is received from a first node to be sent to a second node. The health of an encryption pathway between the first node and the second node is determined. The data traffic is sent to the second node over the network without going through the encryption pathway when the encryption pathway is not healthy.
    Type: Grant
    Filed: May 21, 2014
    Date of Patent: April 30, 2019
    Assignee: EXCALIBUR IP, LLC
    Inventors: Matthew Nicholas Petach, Nitin Batta, Brian LaCroix, Igor Gashinsky
  • Patent number: 10277616
    Abstract: A network monitoring “sensor” is built on initial startup by checking the integrity of the bootstrap system and, if it passes, downloading information from which it builds the full system including an encrypted and an unencrypted portion. Later, the sensor sends hashes of files, configurations, and other local information to a data center, which compares the hashes to hashes of known-good versions. If they match, the data center returns information (e.g., a key) that the sensor can use to access the encrypted storage. If they don't, the data center returns information to help remediate the problem, a command to restore some or all of the sensor's programming and data, or a command to wipe the encrypted storage. The encrypted storage stores algorithms and other data for processing information captured from a network, plus the captured/processed data itself.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: April 30, 2019
    Assignee: Vigilant IP Holdings LLC
    Inventors: Christopher D. Nyhuis, Michael Pananen
  • Patent number: 10277624
    Abstract: The disclosed computer-implemented method for reducing infection risk of computing systems may include (i) determining a distance between a computing system that is connected to a local network and an additional computing system that is not connected to the local network but is connected to the computing system via a series of connected devices, (ii) detecting that the additional computing system is infected with malware, (iii) calculating an infection probability for the computing system that is based at least in part on the distance between the computing system and the additional computing system that is infected, and (iv) performing a security action on the computing system that reduces a risk of infection of the computing system in response to the infection probability for the computing system meeting a predetermined threshold for infection probability. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: April 30, 2019
    Assignee: Symantec Corporation
    Inventor: Sujit Magar
  • Patent number: 10270600
    Abstract: Methods and systems for providing secure recording of revisions made to electronic documents, using secure methods to validate the recorded changes, are disclosed. An electronic device making a change to an electronic document can transmit the change to the network. An audit log chain is residing on the network and shared among all the nodes on the network. A node on the network can verify a change of document made by other nodes and add a new block to the chain using one-way hashes, making the chain resistant to tampering. If an invalid block is detected, the system can send an auditing alert to the network. The audit log can be strongly resistant to tampering, providing reliable evidence for use in audit compliance, investigations, and business or court record keeping.
    Type: Grant
    Filed: October 5, 2018
    Date of Patent: April 23, 2019
    Assignee: Xerox Corporation
    Inventor: David R. Vandervort
  • Patent number: 10270594
    Abstract: A system for generating an enhanced polymorphic quantum enabled firewall in real-time typically includes a classical computer apparatus and a quantum optimizer in communication with the classical computer apparatus. The classical computer apparatus is configured to identify an unauthorized attempt to access information by an unidentified source, collect a first set of data about the unauthorized attempt, determine a type of the unauthorized attempt by analyzing the first set of data, and transmit the first set of data and the type of the unauthorized attempt to the quantum optimizer. The quantum optimizer upon receiving the first set of data and the type of the unauthorized attempt, generates a second key and a second level of encryption using the second key, generates a new protocol for transferring the second level of encryption over a network, and transfers the second level of encryption and the new protocol to the classical computer apparatus.
    Type: Grant
    Filed: March 6, 2017
    Date of Patent: April 23, 2019
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Joseph Benjamin Castinado, Jeffery B. Schroeder, William August Stahlhut
  • Patent number: 10270595
    Abstract: A method of establishing a key related to at least two network instances is disclosed performed in a network node. The network instances are used in serving a communication device. The method comprises obtaining a first key relating to at least a first network instance; obtaining a second key relating to an additional network instance; determining, based on the first key and the second key, a joint key for use in protecting communication with the communication device on the at least first network instance and on the additional network instance. A method in a communication device, network node, communication device, computer programs and computer program products are also disclosed.
    Type: Grant
    Filed: January 14, 2016
    Date of Patent: April 23, 2019
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Paul Schliwa-Bertling, Karl Norrman, Alexander Pantus, Jari Vikberg, Oscar Zee
  • Patent number: 10270782
    Abstract: A virtual desktop access control is disclosed. A gateway apparatus receives a virtual desktop access request from a client, obtains a virtual desktop access policy according to a source address of the virtual desktop access request, and determines a virtual switch according to a destination address of the virtual desktop access request, wherein the destination address is an address of a virtual desktop that is connected to the virtual switch. The gateway apparatus sends the virtual desktop access policy to the virtual switch, such that the virtual switch is allowed to control a level of access which the virtual desktop has to access network resources. The gateway apparatus forwards the virtual desktop access request to the virtual desktop, receives a response to the virtual desktop access request from the virtual desktop, and forwards the response to the client.
    Type: Grant
    Filed: March 4, 2015
    Date of Patent: April 23, 2019
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: Xiongkai Zheng
  • Patent number: 10270802
    Abstract: Methods, systems, and computer program products for online content referral are provided. A computer-implemented method may include receiving a request from an application, issuing a challenge to the application to determine a capability of the application, analyzing a result of the challenge to associate the application with an application type, determining whether the activity performed by the application is scripted, and classifying the activity as automated or semi-automated when it is determined that the activity is scripted.
    Type: Grant
    Filed: January 8, 2018
    Date of Patent: April 23, 2019
    Assignee: PayPal, Inc.
    Inventors: Brad Wardman, Ryan A. Carrico, Nathan Robert Pratt
  • Patent number: 10270591
    Abstract: A method is performed at a client device distinct from an application server. In the method, a first key is stored in a secure store of the client device. A wrapped second key is received from the application server. The first key is retrieved from the secure store and used to unwrap the second key. Encrypted media content is received from the application server, decrypted using the unwrapped second key, and decoded for playback.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: April 23, 2019
    Assignee: ActiveVideo Networks, Inc.
    Inventors: Ronald Brockmann, Gerrit Hiddink
  • Patent number: 10263977
    Abstract: An example method for migrating communication data from a source server to a target server includes obtaining, using a computing device, a set of credentials to access the source server, and accessing the source server using the set of credentials. The method also includes requesting, automatically by the computing device, a directory structure associated with communication data from the source server, populating, by the computing device, the target server using the directory structure, requesting the communication data from the source server, and populating the target server with the communication data.
    Type: Grant
    Filed: September 18, 2017
    Date of Patent: April 16, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Kutlay Topatan, Maxim Ivanov, Victor Boctor, Palash Biswas, Bernard Luke Gallagher