Patents Examined by Gary S Gracia
  • Patent number: 10467398
    Abstract: The technology described in this document can be embodied in a method that includes receiving, at one or more servers from a first computing device, (i) first identification information identifying the first computing device or an application executing on the first computing device, and (ii) second identification information identifying a second computing device, wherein the second identification information is provided to the first computing device as a mechanical signal transmitted through a human body. The method also includes determining, by the server based on the first information, identity information of a user associated with the first computing device, and transmitting, from the one or more servers to the second computing device, the identity information, such that the identity information is usable by the second computing device to verify an access attempt by the user.
    Type: Grant
    Filed: March 14, 2019
    Date of Patent: November 5, 2019
    Assignee: Alibaba Group Holding Limited
    Inventors: Reza R. Derakhshani, Spencer On
  • Patent number: 10454673
    Abstract: A master key update apparatus (400) acquires a master public key mpk including a basis B and a master secret key msk including a basis B* which is different from the basis B included in the master public key mpk. The master key update apparatus (400) updates the basis B included in the master public key mpk with updating information upk so as to generate a new master public key mpk?, and updates the basis B* included in the master secret key msk with the updating information upk so as to generate a new master secret key msk?.
    Type: Grant
    Filed: December 5, 2014
    Date of Patent: October 22, 2019
    Assignee: Mitsubishi Electric Corporation
    Inventor: Yutaka Kawai
  • Patent number: 10452832
    Abstract: When visual focus on a mobile device is limited, aural cues can be used to aid in entering a pattern based access code. The mobile device displays a plurality of positions from which an access code for accessing a mobile device can be selected. Indications of a set of positions of the plurality of positions in a sequence are received. The sequence of the set of the positions form an access code. For at least the first of the set of positions, an aural cue associated with the first position is determined, and the aural cue is emitted to indicate the first position based on the aural cue. It is determined whether the access code is correct. Access to the mobile device is allowed if the access code is correct.
    Type: Grant
    Filed: December 1, 2017
    Date of Patent: October 22, 2019
    Assignee: International Business Machines Corporation
    Inventors: Denise A. Bell, Lisa Seacat DeLuca, Jana H. Jenkins, Trevor Livingston
  • Patent number: 10445710
    Abstract: A method includes using a cryptographic infrastructure via a security processor in a device to communicate with a host, and managing, via the security processor, a cryptographic relationship with a security peripheral coupled to the security processor independent of the cryptographic infrastructure used to communicate with the host.
    Type: Grant
    Filed: August 26, 2014
    Date of Patent: October 15, 2019
    Assignee: NCR Corporation
    Inventor: Alexander William Whytock
  • Patent number: 10447486
    Abstract: A method by which a hardware security module can attest remotely to its measure of trust as determined by its security certifications and the Level of Assurance it can be relied on to support without the human witnessing elements that are currently used to validate this trust. In a further embodiment the Level of Assurance can be transported to a second hardware security module.
    Type: Grant
    Filed: July 19, 2018
    Date of Patent: October 15, 2019
    Assignee: SPYRUS, Inc.
    Inventors: Daniel Elvio Turissini, William Reid Carlisle, Burton George Tregub
  • Patent number: 10440034
    Abstract: Methods and apparatus for detecting fraudulent device operation. In one exemplary embodiment of the present disclosure, a device is issued a user access control client that is uniquely associated with a shared secret that is securely stored within the network and the access control client. Subsequent efforts to activate or deactivate the access control client require verification of the shared secret. Each change in state includes a change to the shared secret. Consequently, requests for a change to state which do not have the proper shared secret will be disregarded, and/or flagged as fraudulent.
    Type: Grant
    Filed: February 7, 2013
    Date of Patent: October 8, 2019
    Assignee: Apple Inc.
    Inventors: Jerrold Von Hauck, Li Li, Stephan V. Schell
  • Patent number: 10439993
    Abstract: Presented herein is a system to set up a secure connection between nodes on two enterprise networks across a public network. The system includes a network element associated with each enterprise network. The first network element transmits a map request to a mapping server. The map request includes a destination address on the second enterprise network and a peer introduction request. The first network element includes a first key generation material in the peer introduction request. The second network element is configured to receive the map request forwarded from the mapping server, generate a map reply corresponding to the map request, and transmit the map reply to the first network element. The map reply includes a peer introduction reply with a second key generation material. The first network generates a secure key by inserting the second key generation material into a first key derivation function.
    Type: Grant
    Filed: April 11, 2016
    Date of Patent: October 8, 2019
    Assignee: Cisco Technology, Inc.
    Inventor: Brian Eliot Weis
  • Patent number: 10423774
    Abstract: Disclosed are systems and methods for establishing secure communication between virtual machines, and, more particularly, to a system and method for establishing secure communication channels between two or more homogenous virtual machines. An exemplary method includes generating, by a first virtual machine, an encryption key compatible with a symmetric encryption algorithm and storing the encryption key in a memory of the first virtual machine; generating a second virtual machine by performing a virtual machine forking operation on the first virtual machine, wherein a memory of the generated second virtual machine contains the encryption key; receiving, by one of the at least two virtual machines, a communication transmitted by another of the at least two virtual machines, wherein the communication comprises data encrypted using the encryption key; and decrypting the data, by the recipient virtual machine, using the encryption key.
    Type: Grant
    Filed: August 22, 2017
    Date of Patent: September 24, 2019
    Inventors: Anton Zelenov, Nikolay Dobrovolskiy, Serguei M. Beloussov
  • Patent number: 10419460
    Abstract: The present teaching generally relates to detecting abnormal user activity associated with an entity. In a non-limiting embodiment, baseline distribution data representing a baseline distribution characterizing normal user activities for an entity may be obtained. Information related to online user activities with respect to the entity may be received, distribution data representation a dynamic distribution may be determined based, at least in part, on the information. One or more measures characterizing a difference between the baseline distribution and the dynamic distribution may be computed, and in real-time it may be assessed whether the information indicates abnormal user activity. If the first information indicates abnormal user activity, then output data including the distribution data and the one or more measures may be generated.
    Type: Grant
    Filed: July 21, 2017
    Date of Patent: September 17, 2019
    Assignee: Oath, Inc.
    Inventors: Liang Wang, Angus Xianen Qiu, Chun Han, Liang Peng
  • Patent number: 10419488
    Abstract: A system may delegate authority to manage aspects of a security policy developed by administrative personnel to standard users (e.g. non-administrative personnel) corresponding to managed accounts within an administrative hierarchy. An exemplary security policy may include application management settings that allow or deny individual applications with access to various enterprise resources. The system may expose one or more user interfaces to standard users of an enterprise network to enable these standard users to modify the security policy being deployed for their managed account and/or to at least temporarily exempt a particular application from the enterprise's security policy. For example, upon a standard user attempting to access enterprise data with a particular application that is not permitted such access, the system may enable this standard user to change the security policy as applied to her device or to simply exempt the particular application from the security policy.
    Type: Grant
    Filed: March 3, 2017
    Date of Patent: September 17, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Preston Derek Adam, Violet Anna Barhudarian, Narendra S. Acharya, Richard June, Shayak Lahiri, Qiongzhi Wu
  • Patent number: 10412055
    Abstract: It is presented a method performed in a proxy. The method comprises the steps of: establishing a first secure connection between the proxy and a content server; forwarding messages between a client and the content server to establish a second secure connection between the client and the content server; receiving security parameters from the content server over the first secure connection, the security parameters being associated with the second secure connection; obtaining the content; and transmitting the content to the client using an encryption key derived from the security parameters.
    Type: Grant
    Filed: March 9, 2015
    Date of Patent: September 10, 2019
    Inventor: Anders Thomson
  • Patent number: 10404701
    Abstract: Systems, software, techniques and apparatuses are disclosed herein for facilitating context-based possession-less access to secure information. More specifically, the systems, software, techniques and apparatuses described herein eliminate the need for enterprises to provide employees with direct access to confidential or sensitive enterprise information. Instead, the confidential or sensitive enterprise information can be indirectly provided to and hidden by an access systems used by the employees to request the information prior to being provided to a corresponding resource. For example, in some embodiments, the confidential or sensitive enterprise information is provided to an access system with formatting instructions for hiding the confidential or sensitive enterprise information in a browser session.
    Type: Grant
    Filed: January 21, 2016
    Date of Patent: September 3, 2019
    Assignee: Onion ID Inc.
    Inventor: Anirban Banerjee
  • Patent number: 10402566
    Abstract: A High Assurance Configuration Security Processor (HACSP) for a computing device may perform real-time integrity measurements of an actual bitstream run-time performance against what is expected. The HACSP may be self-contained and have a relatively small footprint. The HACSP may be vendor-agnostic, and may be a trusted system application for the computing device. The HACSP may ensure the security of user application bitstream load and update during device configuration, and may implement security mechanisms for independent secure trusted attestation and integrity measurement mechanisms to report and provide reliable evidence about the “trustworthiness” of the system during user bitstream execution.
    Type: Grant
    Filed: August 1, 2016
    Date of Patent: September 3, 2019
    Assignee: The Aerospace Corporation
    Inventors: Thomas Kibalo, Ronald Scrofano, Andrew Deeds
  • Patent number: 10397197
    Abstract: Methods and apparatuses for mitigating coexistence interference in a wireless device between a WLAN interface and a WPAN interface during a WLAN authentication process. The wireless device associates with a WLAN access point (AP), and after receiving a WLAN association response from the WLAN AP, the wireless device alternates between WLAN time periods, during which WLAN transmission is enabled and WPAN transmission is disabled, and WPAN time periods, during which WPAN transmission is enabled and WLAN transmission is disabled, during the WLAN authentication process. Durations of the WPAN time periods are based at least in part on a WPAN profile, e.g., a Bluetooth profile, in use by the wireless device. Durations of the WLAN time periods are based at least in part on receipt of WLAN authentication messages from the WLAN AP during the authentication process or expiration of WLAN authentication process timers.
    Type: Grant
    Filed: April 4, 2017
    Date of Patent: August 27, 2019
    Assignee: Apple Inc.
    Inventors: Ye Sun, Camille Chen, Guangquan Zhou, Hsin-Yao Chen, Siegfried Lehmann
  • Patent number: 10397248
    Abstract: A disclosed network monitoring method includes: specifying a feature value for each of plural packet groups that were transferred between a first terminal and a second terminal on a connection between the first terminal and the second terminal; calculating a value representing variation in specified feature values; and determining whether the calculated value is equal to or greater than a predetermined threshold value.
    Type: Grant
    Filed: September 12, 2016
    Date of Patent: August 27, 2019
    Inventors: Masahiro Yamada, Masanobu Morinaga
  • Patent number: 10389524
    Abstract: A method of communicating over a network between first and second endpoints, one being and the other being a server. The method comprises: establishing a first secure transport layer channel between the first and second endpoints, establishing a second secure transport layer channel between the first endpoint and a middlebox to which the first endpoint is to delegate processing of the traffic sent over the first secure transport layer channel; the first endpoint validating the middlebox via the respective second secure transport layer channel, and on condition of said validation sharing the encryption key of the first channel with the middlebox via the second secure transport layer channel; and causing the traffic sent over the channel to be routed via the middlebox. The method thereby enables the middlebox to process, in the clear, content of the traffic sent over the first channel.
    Type: Grant
    Filed: June 30, 2017
    Date of Patent: August 20, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Thomas Karagiannis, Christos Gkantsidis, David Naylor, Richard Li
  • Patent number: 10389706
    Abstract: A method and system for authenticating a user is provided. In some embodiments, a security system determines whether the time since the last authentication was successful is less than a recycle telephone number period (e.g., the minimum time before which a telephone number might be assigned to a new user). If the time is less than the recycle telephone number period, the security system performs a primary authentication of the user based on a telephone number received from the user. When the primary authentication is successful, the security system indicates that the user has been authenticated. When the time is not less than a recycle telephone number period, the security system performs a secondary authentication of the user. When the secondary authentication is successful, the security system indicates that the user has been authenticated.
    Type: Grant
    Filed: August 1, 2016
    Date of Patent: August 20, 2019
    Inventors: Benjamin Richard Vincent, Li Qing Xia
  • Patent number: 10382425
    Abstract: Technologies for token-based access authorization to an application program interface (API) include an access management server to receive a service request message from an application executed by a remote computing device. The service request message includes a digitally signed license token previously generated by the access management server and distributed to the remote computing device. The service request message also includes a request from the executed application to access data or a service of the resource server via an exposed API. The access management server verifies the digital signature of the digitally signed license token and generates a digitally signed Security Assertion Markup Language (SAML) token. The digitally signed SAML token is transmitted to the resource server for verification and local caching. The resource server receives the service request message and determines whether access to the requested data or service is authorized based on the locally-cached SAML token.
    Type: Grant
    Filed: June 18, 2018
    Date of Patent: August 13, 2019
    Assignee: Worldpay, LLC
    Inventor: Scott Edward Blasi
  • Patent number: 10380341
    Abstract: Various features pertain to defending a smartphone processor or other device from a transient fault attack. In one example, the processor is equipped to detect transient faults using a fault detection system and to adaptively adjust a control parameter in response to the transient faults, where the control parameter controls a physical operation of the processor (such as by gating its clock signal) or a functional operation of the fault detection system (such as a particular Software Fault Sensor (SFS) employed to detect transient faults). In some examples, in response to each newly detected fault, the detection system is controlled to consume more processor time to become more aggressive in detecting additional faults. This serves to quickly escalate fault detection in response to an on-going attack to promptly detect the attack so that the device can be disabled to prevent loss of sensitive information, such as security keys or passcodes.
    Type: Grant
    Filed: April 1, 2016
    Date of Patent: August 13, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Olivier Jean Benoit, David Tamagno
  • Patent number: 10375210
    Abstract: The present disclosure provides method for accessing digital web content. It provides for selective access rights for users, to a web content. When the user tries to retrieve the data, the system checks for the rights available to the user, and accordingly implements the access before providing the content.
    Type: Grant
    Filed: March 19, 2015
    Date of Patent: August 6, 2019
    Assignee: Infosys Limited
    Inventors: Shikha Gupta, Ravi Sankar Veerubhotla, Ashutosh Saxena, Harigopal K. B. Ponnapalli