Patents Examined by Gregory A Lane
-
Patent number: 10305678Abstract: The invention relates to a method for securing an electronic device (SC) against attacks via covert channels when the electronic device (SC) implements a Montgomery ladder for calculating the element A?A?. . . ?A where A appears k times. A designates an element of an Abelian group with a law ?, and k is a natural number. The method comprises a modified implementation of the Montgomery ladder. The invention also relates to a device (SC), a computer program and a storage medium arranged so as to implement such a method.Type: GrantFiled: January 29, 2015Date of Patent: May 28, 2019Assignee: IDEMIA IDENTITY & SECURITYInventors: Frédéric Boulet, Victor Servant
-
Patent number: 10291616Abstract: A resource authorization system includes an authorization routing service that is executed on a computing device to authenticate a client to form a client login session, and to receive, from the client, a request to establish a connection to one or more of the resources of a distributed computing system. The authorization routing service then obtains a list of the resources associated with the client login session in which the list of resources includes those that the client is authorized to communicate with. When the requested resource is included in the list of resources, the authorization routing service authenticates the requested resources to form a resource login session, and establish the connection by communicatively coupling the client login session and the resource login session. The resource login session is established independently of the client login session.Type: GrantFiled: December 18, 2014Date of Patent: May 14, 2019Assignee: VCE IP Holding Company LLCInventors: Jonathan P. Streete, Joshua L. Bonczkowski, Nicholas A. Hansen
-
Patent number: 10275577Abstract: A digital media content management apparatus and method for securely storing a content file on a computer readable medium and playing the content file from the computer readable medium is disclosed. The content file comprises control information readable by a content player and payload information including content data. The content file is deconstructed into at least one control information portion and at least one payload information portion being undetectable to a content player of a user device. The control information portion and the payload information portion are separately stored, and at least one of the portions is associated with packing data, and the packing data associated with at least one of the portions comprises a reference to the location of the other portion.Type: GrantFiled: March 17, 2014Date of Patent: April 30, 2019Assignee: Now Technologies (IP) LimitedInventors: Christopher Simon Gorman, Nicholas Charles Geary Lycett
-
Patent number: 10264000Abstract: A malicious website access method and apparatus are provided. The method includes: determining whether a website is a malicious website; and acquiring a non-executable preview interface of a web page of the malicious website for a terminal to display, if the website is a malicious website. A user may view, through a non-executable preview interface, information about a website to be accessed by the user. Moreover, because a terminal does not access a malicious website directly, the terminal is not exposed to malicious websites, thereby enhancing security of the terminal.Type: GrantFiled: August 18, 2015Date of Patent: April 16, 2019Assignee: Tencent Technology (Shenzhen) Company LimitedInventors: Hui Zhang, Yang Li, Fudong Shao
-
Patent number: 10255446Abstract: Embodiments provide methods, devices and computer program arranged to control access to clipboards by applications. In one embodiment a user device comprises: at least one processor; and at least one memory comprising computer program code and an application that has been provisioned by an application provisioning entity, the application having access to a first clipboard of a first type, to which data can be transferred and/or from which data can be retrieved by a further, different, application on the user device, wherein the application is configured with an encryption key for the transfer of data to and/or retrieval of data from a second clipboard of a second, type, clipboard, the encryption key being associated with the application provisioning entity. The user device can control the transfer of data to and/or retrieval of data from the second clipboard by the application via the encryption key.Type: GrantFiled: July 7, 2015Date of Patent: April 9, 2019Assignee: BlackBerry LimitedInventors: Simon Brooks, Siavash James Joorabchian Hawkins, Christopher Rankin
-
Patent number: 10257699Abstract: A method for user authentication for accessing protected applications by computing devices includes receiving, by a processor of a mobile computing device, a first authentication token. The method further includes transmitting an authentication request using the first authentication token. The method further includes receiving, in response to the authentication request, a second authentication token. The method further includes transmitting a resource access token request using the second authentication token. The method further includes receiving, in response to the resource access token request, a resource access token. The method further includes transmitting a computing resource access request using the resource access token.Type: GrantFiled: June 10, 2016Date of Patent: April 9, 2019Assignee: Red Hat, Inc.Inventor: Dmitri Pal
-
Patent number: 10255421Abstract: Disclosed is a working method for a multi-seed one-time password, which falls within the field of information security. The method comprises: powering and initializing a one-time password, opening a total interrupt, initializing the state of a system, and then entering a sleep mode; when the one-time password detects the interrupt, awakening the one-time password from the sleep mode, and entering an interrupt processing flow; after the interrupt processing flow is ended, checking each awakening flag; and executing a processing flow corresponding to the set awakening flag. According to the present invention, a user can burn seed data into the one-time password by operating the one-time password, and can update the seed data in the one-time password. In addition, according to the present invention, the one-time password is capable of storing and managing a plurality of seeds.Type: GrantFiled: August 21, 2015Date of Patent: April 9, 2019Assignee: Feitian Technologies Co., Ltd.Inventors: Zhou Lu, Huazhang Yu, Mingji Li
-
Patent number: 10244022Abstract: Described is a technology by which code, such as an untrusted web application hosted in a browser, provides content through an interface for playback by an application environment, such as an application environment running in a browser plug-in. Content may be in the form of elementary video, audio and/or script streams. The content is in a container that is unpackaged by the application code, whereby the content may be packaged in any format that the application understands, and/or or come from any source from which the application can download the container. An application environment component such as a platform-level media element receives information from an application that informs the application environment that the application is to provide media stream data for playback. The application environment requests media stream data (e.g., samples) from the application, receives them as processed by the application, and provides the requested media stream data for playback.Type: GrantFiled: July 22, 2014Date of Patent: March 26, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Sam J George, Gilles Khouzam, Michael R Harsh, Gurpratap Virdi, John Gossman, Michael John Hillberg, Greg D Schechler, Donald D Karlov, Eldar A Musayev, Wenbo Zhang, Serge Smimov, Federico Schliemann, Lawrence Wayne Olson, Akshay Johar
-
Patent number: 10230750Abstract: Methods and systems for providing secure computing environments. Features of the present invention use a plurality of integrated security controls to ensure security of a computing environment. More specifically, features of the present invention detect discrepancies between a node's behavior and a defined policy to identify and remedy malicious behavior.Type: GrantFiled: June 8, 2016Date of Patent: March 12, 2019Assignee: Securboration, Inc.Inventors: Lee Krause, Steve Hamby, Jacob Staples, Attila Ondi
-
Patent number: 10216915Abstract: A method and an authentication apparatus are provided by the embodiments of the present disclosure. In the embodiments of the present disclosure, data to be processed is obtained, a character sequence is generated based on the data, physiological feature information sequentially inputted by a user is received to obtain a feature information sequence and it is determined whether every piece of physiological feature information in the feature information sequence matches with the corresponding character in the character sequence.Type: GrantFiled: July 20, 2016Date of Patent: February 26, 2019Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITEDInventors: Ziyi Cui, Weijie Shen, Yi Luo, Yuhan Huang, Dekang Zeng, Siqi Zhao, Jingyang Qin
-
Patent number: 10187409Abstract: Detection of abnormalities in multi-dimensional data is performed by processing the multi-dimensional data to obtain a reduced dimension embedding matrix, using the reduced dimension embedding matrix to form a lower dimension (of at least 2D) embedded space, applying an out-of-sample extension procedure in the embedded space to compute coordinates of a newly arrived data point and using the computed coordinates of the newly arrived data point and Euclidean distances to determine whether the newly arrived data point is normal or abnormal.Type: GrantFiled: November 6, 2017Date of Patent: January 22, 2019Assignee: ThetaRay Ltd.Inventors: Amir Averbuch, Ronald R. Coifman, Gil David
-
Patent number: 10178077Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations.Type: GrantFiled: June 6, 2017Date of Patent: January 8, 2019Assignee: Amazon Technologies, Inc.Inventors: Todd Lawrence Cignetti, Eric Jason Brandwine, Robert Eric Fitzgerald, Andrew J. Doane
-
Patent number: 10055590Abstract: A method includes reading by a computing system a rule file including one or more rules having specified paths to methods, each method corresponding to one of a sink, source, or sanitizer. The method includes matching by the computing system the methods to corresponding ones of sinks, sources, or sanitizers determined through a static analysis of an application. The static analysis determines at least flows from sources of information to sinks that use the information. The method includes performing by the computing system, using the sinks, sources, and sanitizers found by the matching, a taint analysis to determine at least tainted flows from sources to sinks, wherein the tainted flows are flows passing information to sinks without the information being endorsed by a sanitizer. Apparatus and program products are also disclosed.Type: GrantFiled: September 13, 2013Date of Patent: August 21, 2018Assignee: International Business Machines CorporationInventors: Salvatore Angelo Guarnieri, Marco Pistoia, Stephen Darwin Teilhet, Omer Tripp
-
Patent number: 10050961Abstract: A method, performed by an authentication processor of a first network device, includes receiving a first message through a network interface circuit from a second network device. The first message contains a first data unit to be operated upon by the first network device. A second message is received through the network interface circuit from the second network device. The second message contains a reported authentication token for the second network device and a second data unit to be operated upon by the first network device. The first message is received before receipt of the second message. A check authentication token is generated based on hashing the first data unit. A command that controls operation of the first network device is selectively performed on the second data unit based on whether the check authentication token matches the reported authentication token.Type: GrantFiled: January 21, 2016Date of Patent: August 14, 2018Assignee: CA, INC.Inventors: Jameel Ahmed Kaladgi, Praveen Kumar Thakur, Kiran Kumar B. S.
-
Patent number: 10033743Abstract: The embodiments provide for binding files to an external drive, a secured external drive, or portable data locker. The files are bound in order to help restrict or to prevent access and modification by certain computers or users. Computers or users that are authorized or within the authorized domain are permitted full access. The files stored on the external drive may be bound in various ways. The files may be encapsulated in a wrapper that restricts the use and access to these files. The bound files may require execution of a specific application, plug-in, or extension. A computer may thus be required to execute program code that limits the use of the secured files. In one embodiment, the external drive provides the required program code to the computer. In other embodiments, the required program code may be downloaded from a network or provided by an external authority.Type: GrantFiled: September 2, 2015Date of Patent: July 24, 2018Assignee: Western Digital Technologies, Inc.Inventors: Lambertus Hesselink, Rajesh K. Batra
-
Patent number: 10025937Abstract: Techniques are disclosed for dynamically managing hardening policies in a client computer (e.g., of an enterprise network). A hardening management application monitors activity on the client computer that is associated with a first hardening policy. The monitored activity is evaluated based on one or more metrics. Upon determining that at least one of the metrics is outside of a tolerance specified in the first hardening policy, the client computer is associated with a second hardening policy. The client computer is reconfigured based on the second hardening policy.Type: GrantFiled: June 26, 2015Date of Patent: July 17, 2018Assignee: Symantec CorporationInventors: Anand Kashyap, Kevin A. Roundy, Sandeep Bhatkar, Aleatha Parker-Wood, Christopher Gates, Yin Liu, Leylya Yumer
-
Patent number: 10019605Abstract: An interface device includes a communication interface and a secure element. The communication interface receives input data and a selection of one of a plurality of secure modes to secure the input data for transmission to a secure external computing device, such as a banking web server. The secure element secures the input data based on the secure mode that was selected. The secured input data is then transmitted to the secure external computing device.Type: GrantFiled: June 26, 2015Date of Patent: July 10, 2018Assignee: Square, Inc.Inventors: Andre Boysen, Dmitry Barinov, Eli Erlikhman
-
Patent number: 10007793Abstract: A method and structure for a secure object, as tangibly embodied in a computer-readable storage medium. The secure object includes a cryptographically protected region containing at least one of code and data, an initial integrity tree that protects an integrity of contents of the cryptographically protected region; and an unprotected region that includes a loader, an esm (enter secure mode) instruction, and one or more communication buffers.Type: GrantFiled: April 20, 2017Date of Patent: June 26, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Richard Harold Boivie, Peter T. Williams
-
Patent number: 9990500Abstract: Disclosed herein are techniques for determining vulnerabilities in applications under testing. It is determined whether a first database instruction of an application enters information into a database and whether a second database instruction thereof obtains said information from the database. If the first database instruction enters the information in the database and the second database instruction obtains the information therefrom, it is determined whether the application is vulnerable to entry of malicious code via the database.Type: GrantFiled: July 25, 2012Date of Patent: June 5, 2018Assignee: ENTIT SOFTWARE LLCInventors: Sasi Siddharth Muthurajan, Prajakta Subhash Jagdale, Leonid Promyshlyansky Bensman, Iftach Ragoler, Philip Edward Hamer
-
Patent number: 9977886Abstract: An identity of an entity (120) is authenticated at an authentication device (110) using at least one authentication process. The result of the authentication is indicated. The authentication result identifies at least the identity of the entity (120) and the at least one authentication process used to authenticate the identity of the entity (120).Type: GrantFiled: August 20, 2015Date of Patent: May 22, 2018Inventor: Paul Simmonds