Patents Examined by Gilberto Barron, Jr.
  • Patent number: 9197661
    Abstract: A method includes receiving a status update from a client device, the status update reflects at least one change associated with the client device, updating a model of the client device based on the status update, receiving data to be screened for a virus, the data is received after an updating of the model of the client device, and screening the model of the client device for the virus. Systems and articles of manufacture are also disclosed.
    Type: Grant
    Filed: September 14, 2012
    Date of Patent: November 24, 2015
    Assignee: Auctnyc 8 LLC
    Inventors: Edward J. Franczek, John Thomas Bretscher, Raymond Walden Bennett, III
  • Patent number: 9191377
    Abstract: This disclosure is directed to techniques for providing communication between devices in different networks wherein the communication must first pass through an encryption mechanism and the devices do not have the stand-alone capability to encrypt or decrypt the communication. According to these techniques, an adapter may determine certain fields in a data packet that remain unencrypted when the data packet passes through the encryption mechanism. The adapter may then process those fields in such a way that, when the data packets are received by a second adapter, the second adapter may read those fields and obtain information.
    Type: Grant
    Filed: January 27, 2014
    Date of Patent: November 17, 2015
    Assignee: Architecture Technology Corporation
    Inventors: Deborah K. Charan, Taylor Bouvin, Ranga Ramanujan, Barry A. Trent
  • Patent number: 9183386
    Abstract: A method and system is provided by which unauthorized changes to the registry may be detected and that provides the capability to verify whether registry, or other system configuration data, changes that occur on a computer system are undesirable or related to possible malware attack before the changes become effective or are saved on the system. A method for verifying changes to system configuration data in a computer system comprises generating an identifier representing an entry in the system configuration data, packaging the identifier, and sending the packaged identifier to a client for verification. The identifier may be generated by hashing the first portion of the entry and the second portion of the entry to generate the identifier, or by filtering the first portion of the entry and hashing the filtered first portion of the entry and the second portion of the entry to generate the identifier.
    Type: Grant
    Filed: September 27, 2012
    Date of Patent: November 10, 2015
    Assignee: McAfee, Inc.
    Inventors: Alessandro Faieta, Jameson Beach, Douglas Bell
  • Patent number: 9185112
    Abstract: An extensible configuration system to allow a website to authenticate users based on an authorization protocol is disclosed. In some embodiments, the extensible configuration system includes receiving an identifier for an authentication provider; and automatically configuring a website to use the authentication provider for logging into the website.
    Type: Grant
    Filed: October 10, 2012
    Date of Patent: November 10, 2015
    Assignee: Adobe Systems Incorporated
    Inventors: Ryan Wilkes, Lars Trieloff, Felix Meschberger, Tyson Norris, Pankil Doshi
  • Patent number: 9185108
    Abstract: A scalable system and method for authenticating entities such as consumers to entities with a diverse set of authentication requirements, such as merchants, banks, vendors, other consumers, and so on. An authentication credential such as a token can be shared among several resources as a way to authenticate the credential owner.
    Type: Grant
    Filed: May 5, 2006
    Date of Patent: November 10, 2015
    Assignee: Symantec Corporation
    Inventors: David M'Raihi, Siddharth Bajaj, Nicolas Popp
  • Patent number: 9183380
    Abstract: A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user's position or department), behavioral attributes, and other criteria.
    Type: Grant
    Filed: October 10, 2012
    Date of Patent: November 10, 2015
    Assignee: Citrix Systems, Inc.
    Inventors: Waheed Qureshi, Thomas H. DeBenning, Ahmed Datoo, Olivier Andre, Shafaq Abdullah
  • Patent number: 9177143
    Abstract: A disclosed method includes determining modifications have been made to a program and deriving data flow seeds that are affected by the modifications. The method includes selecting one of the data flow seeds that are affected by the modifications or data flow seeds that are not affected by the modifications but that are part of flows that are affected by the modifications and performing a security analysis on the program. The security analysis includes tracking flows emanating from the selected data flow seeds to sinks terminating the flows. The method includes outputting results of the security analysis. The results comprise one or more indications of security status for one or more of the flows emanating from the selected data flow seeds. At least the deriving, selecting, and performing are performed using a static analysis of the program. Apparatus and program products are also disclosed.
    Type: Grant
    Filed: May 17, 2013
    Date of Patent: November 3, 2015
    Assignee: International Business Machines Corporation
    Inventors: Omer Tripp, Marco Pistoia, Salvatore A. Guarnieri
  • Patent number: 9177121
    Abstract: Methods for code protection are disclosed. A method includes using a security processing component to access an encrypted portion of an application program that is encrypted by an on-line server, after a license for use of the application program is authenticated by the on-line server. The security processing component is used to decrypt the encrypted portion of the application program using an encryption key that is stored in the security processing component. The decrypted portion of the application program is executed based on stored state data. Results are provided to the application program that is executing on a second processing component.
    Type: Grant
    Filed: November 30, 2012
    Date of Patent: November 3, 2015
    Assignee: NVIDIA CORPORATION
    Inventors: Andrew Edelsten, Fedor Fomichev, Jay Huang, Timothy Paul Lottes
  • Patent number: 9178705
    Abstract: A method of validating parameters of a request from a Web client to a Web application. The validation rules are sent to a Web client, together with a response to a Web client. The parameters in a response are updated by the Web client. The updated parameters are sent in a subsequent request to the Web client, along with the validation rules. The updated parameters are validated using the validation rules in the request, thus achieving stateless validation. The validation rules are preferably digitally signed.
    Type: Grant
    Filed: April 13, 2007
    Date of Patent: November 3, 2015
    Assignee: International Business Machines Corporation
    Inventors: Patrick Roy, Robert Desbiens
  • Patent number: 9171149
    Abstract: Methods and systems are disclosed for implementing a secure application execution environment using Derived User Accounts (SAE DUA) for Internet content. Content is received and a determination is made if the received content is trusted or untrusted content. The content is accessed in a protected derived user account (DUA) such as a SAE DUA if the content is untrusted otherwise the content is accessed in a regular DUA if the content is trusted.
    Type: Grant
    Filed: October 24, 2014
    Date of Patent: October 27, 2015
    Assignee: Google Inc.
    Inventor: Ăšlfar Erlingsson
  • Patent number: 9171156
    Abstract: A computer-implemented method for managing malware signatures. The method may include maintaining a set of active malware signatures and maintaining a set of dormant malware signatures. The method may also include providing the set of active malware signatures for use in malware detection more frequently than the set of dormant malware signatures and determining that a first malware signature from the set of dormant malware signatures triggers one or more positive malware detection responses. The method may further include, in response to the determination, moving the first malware signature from the set of dormant malware signatures to the set of active malware signatures. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 22, 2014
    Date of Patent: October 27, 2015
    Assignee: Symantec Corporation
    Inventors: Walter Bogorad, Vadim Antonov
  • Patent number: 9165158
    Abstract: An encryption key fragment is divided into a number of encryption key fragments. Requests to store different ones of the encryption key fragments are transmitted to different computer memory storage systems. An individual request to store an encryption key fragment includes one of the encryption key fragments and bears an access control hallmark for regulating access to the encryption key fragment.
    Type: Grant
    Filed: August 17, 2010
    Date of Patent: October 20, 2015
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Jun Li, Ram Swaminathan, Alan H. Karp
  • Patent number: 9165163
    Abstract: An apparatus may comprise a secure portion of a chip and an external memory device. The secure portion of the chip may be configured to receive an encryption key, and the memory device may be configured to receive an encrypted processing code. The secure portion of the chip may be configured to verify the encrypted processing code by decrypting the encrypted processing code using the encryption key. A non-secure portion of the chip may be configured to write the encrypted processing code on the memory device while the memory device is coupled to the chip. The encryption key may be associated with an identifier of the chip.
    Type: Grant
    Filed: December 28, 2012
    Date of Patent: October 20, 2015
    Assignee: Broadcom Corporation
    Inventors: Mark Buer, Jacob Mendel
  • Patent number: 9160744
    Abstract: Methods, apparatus and articles of manufacture for increasing entropy for password and key generation on a mobile device are provided herein. A method includes establishing a pre-determined set of cryptographic information, wherein said pre-determined set of cryptographic information comprises one or more input elements and one or more interface input behavior metrics associated with the one or more input elements; generating a prompt via a computing device interface in connection with an authentication request to access a protected resource associated with the computing device; processing input cryptographic information entered via the computing device interface in response to the prompt against the pre-determined set of cryptographic information; and resolving the authentication request based on said processing.
    Type: Grant
    Filed: September 25, 2013
    Date of Patent: October 13, 2015
    Assignee: EMC Corporation
    Inventor: Salah Machani
  • Patent number: 9154459
    Abstract: A network access manager controls access to a network interface according to a set of access control instructions specifying permissible and impermissible addresses and domains on a network. The network access manager establishes a graylist of addresses based on a domain request that is associated with a whitelisted domain that is accessed via a blacklisted address. When a request to establish a connection is received directed to a graylisted address, the connection is permitted to establish and the connection is added to a session graylist. When a session data transfer packet is received, if the session corresponds to a session on the session graylist, the session data transfer packet is examined to determine if it matches a whitelisted domain, in which case the session is associated with a session whitelist and permitted access to the network. The access control instructions may be automatically updated from a trusted access control management system.
    Type: Grant
    Filed: September 25, 2013
    Date of Patent: October 6, 2015
    Assignee: Malwarebytes Corporation
    Inventors: Douglas Stuart Swanson, Daniel Young, John Moore
  • Patent number: 9147052
    Abstract: Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for tamper-resistant storage.
    Type: Grant
    Filed: February 20, 2014
    Date of Patent: September 29, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: James M. Alkove, Alexandre V. Grigorovitch, Sumedh N. Barde, Patrik Schnell
  • Patent number: 9147061
    Abstract: Aspects of the disclosure relate generally to using a primary and secondary authentication to provide a user with access to protected information or features. To do so, a computing device may generate depth data based on a plurality of images of a user. The computing device may then compare the generated depth data to pre-stored depth data that was generated based on a pre-stored plurality of images. If authentication is successful, the user may be granted access to features of the computing device. If authentication is unsuccessful, then a secondary authentication may be performed. The secondary authentication may compare facial features of a captured image of the user to facial features of a pre-stored image of the user. If authentication is successful, then the primary authentication may be performed again. This second time, the user may be granted access if authentication is successful, or denied access if authentication is unsuccessful.
    Type: Grant
    Filed: May 29, 2014
    Date of Patent: September 29, 2015
    Assignee: Google Inc.
    Inventors: Brian McClendon, Luc Vincent
  • Patent number: 9141800
    Abstract: The present invention provides a method and apparatus for detecting intrusions in a processor-based system. One embodiment of the method includes calculating a first checksum from first bits representative of instructions in a block of a program concurrently with executing the instructions. This embodiment of the method also includes issuing a security exception in response to determining that the first checksum differs from a second checksum calculated prior to execution of the block using second bits representative of instructions in the block when the second checksum is calculated.
    Type: Grant
    Filed: December 20, 2011
    Date of Patent: September 22, 2015
    Assignee: Advanced Micro Devices, Inc.
    Inventor: Reza Yazdani
  • Patent number: 9143476
    Abstract: A classification system has a classification server that receives data for an email and determines if the email message is suspicious, legitimate but failing authentication, forwarded or fully authenticated and legitimate when the domains are owned, or not owned, by the domain owner. Email messages are categorized and presented in a report that enables the email sender to identify and fix a network, malicious traffic, and legitimate messages that have failed authentication beyond control. It also highlights where everything is going well.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: September 22, 2015
    Assignee: Return Path, Inc.
    Inventors: Bryan P. Dreller, Gregory J. Colburn, George M. Bilbrey
  • Patent number: 9137262
    Abstract: A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user's position or department), behavioral attributes, and other criteria.
    Type: Grant
    Filed: October 10, 2012
    Date of Patent: September 15, 2015
    Assignee: Citrix Systems, Inc.
    Inventors: Waheed Qureshi, Olivier Andre, Shafaq Abdullah