Patents Examined by Hadi Armouche
  • Patent number: 10037436
    Abstract: An appliance is capable of storing and processing data related to details surrounding its ownership, behavior, and history within itself in a secure and unalterable way. The appliance may experience multiple transfers in ownership during its lifetime. Certain data stored in the appliance may be encrypted such that only qualifying parties (e.g., owners) may be able to access the data. Some data may remain private to an individual owner while other data may be made available to subsequent owners by passing a shared secret that can be utilized to decrypt the other data. Data may be stored in the appliance in chronological order and may be signed by appropriate parties such that it is not possible to alter the data without detection.
    Type: Grant
    Filed: December 11, 2015
    Date of Patent: July 31, 2018
    Assignee: Visa International Service Association
    Inventor: David White
  • Patent number: 10015010
    Abstract: A processor of an aspect includes a plurality of packed data registers, and a decode unit to decode an instruction. The instruction is to indicate one or more source packed data operands. The one or more source packed data operands are to have four 32-bit results of four prior SM4 cryptographic rounds, and four 32-bit values. The processor also includes an execution unit coupled with the decode unit and the plurality of the packed data registers. The execution unit, in response to the instruction, is to store four 32-bit results of four immediately subsequent and sequential SM4 cryptographic rounds in a destination storage location that is to be indicated by the instruction.
    Type: Grant
    Filed: December 1, 2016
    Date of Patent: July 3, 2018
    Assignee: Intel Corporation
    Inventors: Shay Gueron, Vlad Krasnov
  • Patent number: 10009379
    Abstract: A system for sterilizing data sent through electronic messages includes first computing circuitry configured to receive a first electronic communication including first data having executable code and generate optical data representative of the first data. The system further includes second computing circuitry configured to receive the optical data from the first computing circuitry, convert the optical data into second data representative of the optical data, and transmit a second electronic communication that includes the second data and omits the first data.
    Type: Grant
    Filed: December 21, 2015
    Date of Patent: June 26, 2018
    Inventor: Peter W. J. Jones
  • Patent number: 10009335
    Abstract: Techniques are disclosed for using a global unified session identifier across data centers. Upon creating an initial session in the data center for a user first accessing the data center, a session identifier is generated for the user session. Because the initial session is the first session created for that user, the initial session identifier is designated as the global unified session identifier for all sessions that may be created for the user in other data centers within the enterprise network. Data centers may then map the global unified session identifiers to locally generated session identifiers for the user. A global unified session identifier enables various user session actions to be performed globally across the data centers, including global logout, global session termination, global session updates, and/or the like. A global unified session identifier prevents the risk of collision that can occur between randomly generated numbers of different data centers.
    Type: Grant
    Filed: December 7, 2016
    Date of Patent: June 26, 2018
    Assignee: Oracle International Corporation
    Inventors: Stephen Mathew, Vipin Anaparakkal Koottayi, Ramya Kukehalli Subramanya
  • Patent number: 9998475
    Abstract: A method for authorizing a smart-home device for enrollment with a demand-response program may include receiving, at a control server of an energy management system and for the smart-home device, identifying information for a user account. The method may also include sending the identifying information from the control server to an Application Program Interface (API) with an enrollment request. The method may additionally include receiving, at the control server, a determination from the API as to whether the identifying information for the user account was matched to an existing utility account. The method may further include based on the determination from the API, determining whether the smart-home device can be enrolled with the demand-response program.
    Type: Grant
    Filed: June 17, 2015
    Date of Patent: June 12, 2018
    Assignee: Google LLC
    Inventors: Scott Ruffner, Jonathan Crimins, Scott McGaraghan, William Greene, Jared Luxenberg
  • Patent number: 9979543
    Abstract: An optimized hardware architecture and method introducing a simple arithmetic processor that allows efficient implementation of an Elliptical Curve Cryptography point doubling algorithm for Jacobian coordinates. The optimized architecture additionally reduces the required storage for intermediate values to one intermediate value.
    Type: Grant
    Filed: December 23, 2013
    Date of Patent: May 22, 2018
    Assignee: NXP B.V.
    Inventors: Miroslav Knezevic, Ventzislav Nikov
  • Patent number: 9971883
    Abstract: An information processing device includes: an authentication unit configured to compare, when receiving first user information used for authentication processing of determining whether a user has authority to use the information processing device, the first user information with second user information identifying users having the authority to use the information processing device, and execute the authentication processing; a first storage unit storing first association information in which installation screen information identifying an installation screen for installation of an application is associated with each piece of the second user information; and a second display unit configured to generate, based on a command associated with an application selected by a user among an application displayed by a first display unit, an installation screen identified by installation screen information which is associated with second user information identifying the user, and display the installation screen.
    Type: Grant
    Filed: November 18, 2015
    Date of Patent: May 15, 2018
    Assignee: RICOH COMPANY, LTD.
    Inventor: Shigeo Negoro
  • Patent number: 9948652
    Abstract: Systems, computer program products, and methods are described herein for identifying threat vectors and implementing controls for securing resources within a network. The present invention is configured to determine one or more threat vectors associated with the resource; determine one or more controls associated with each of the one or more threat vectors associated with the resource; determine whether the one or more controls associated with the at least one of the one or more threat vectors is capable of detecting the access by an external computing device via at least one of the one or more types of access; and dynamically generate a graphical representation of the resource and the one or more threat vectors based on at least the received analysis request.
    Type: Grant
    Filed: May 16, 2016
    Date of Patent: April 17, 2018
    Assignee: Bank of America Corporation
    Inventors: Sounil Yu, Brandon Matthew Sloane
  • Patent number: 9948470
    Abstract: An authentication device is provided that authenticates an electronic device based on the responses from distinct types of physically unclonable functions. The authentication device receives a device identifier associated with the electronic device. It then sends one or more challenges to the electronic device. In response, the authentication device receives one or more responses from the electronic device, the one or more responses including characteristic information generated from two or more distinct types of physically unclonable functions in the electronic device.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: April 17, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Xu Guo, David M. Jacobson, Yafei Yang, Adam J. Drew, Brian Marc Rosenberg
  • Patent number: 9946984
    Abstract: A system and method manages workflows exchanges a document between a first server associated with a first service provider and a second server associated with a second service provider over a network. A first workflow engine associated with the first service provider is configured to apply the document to a first workflow based on a first set of rules. A second workflow engine associated with the second service provider is configured to apply the document to a second workflow based a second set of rules. The first and second workflow engines run the first workflow at first service provider asynchronous to the second workflow at the second service provider. The system and method transports a document between the first service provider and second service provider. A first server encrypts the document to create an encrypted document and append an unencrypted header to the encrypted document. The header has a pairwise relationship identifier.
    Type: Grant
    Filed: March 18, 2015
    Date of Patent: April 17, 2018
    Inventors: Mehdi Ahari, Klaas W. Scheppink
  • Patent number: 9948615
    Abstract: A method for storage unit communication is provided. The method includes detecting an event associated with a loss of trust for the data stored within a storage unit and encrypting, at the storage unit, data that is being transmitted along an outbound path from the storage unit to a requestor, wherein the encrypting is responsive to detecting the event.
    Type: Grant
    Filed: March 16, 2015
    Date of Patent: April 17, 2018
    Assignee: Pure Storage, Inc.
    Inventor: John D. Davis
  • Patent number: 9948614
    Abstract: The present disclosure is directed to a system and method for remotely initializing at least one device in communication with a local host device utilizing an asymmetric cryptographic authorization scheme. According to various embodiments, at least one remote device sends an authorization request including a random value to the local host device. The local host device returns an approval response to the remote device, where the approval response includes the random value encoded utilizing a private key. The remote device is then initialized (e.g. powered on or placed in an active state) upon verification of the encoded random value utilizing a public key that is paired with the private key.
    Type: Grant
    Filed: May 23, 2013
    Date of Patent: April 17, 2018
    Assignee: Rockwell Collins, Inc.
    Inventors: Sean D. Howard, Brandon J. Provolt, Luke E. Ryon, James K. Jezek, Jeremy K. Sands
  • Patent number: 9942234
    Abstract: An aspect includes a cognitive password entry system. A processor detects a login attempt targeting a website for a user identifier having a previously stored instance of a password associated with the user identifier. A number of login attempts is monitored since the password was manually entered at the website. The processor determines whether a prompting period has been reached based on the number of login attempts meeting a prompting period threshold. The stored instance of the password is used as an entered password for the login attempt based on determining that the prompting period has not been reached. A cognitive aid prompt is output based on determining that the prompting period has been reached.
    Type: Grant
    Filed: November 30, 2015
    Date of Patent: April 10, 2018
    Inventors: Lisa Seacat DeLuca, James R. Kozloski, Boaz Mizrachi, Clifford A. Pickover
  • Patent number: 9939908
    Abstract: A system and method uses multiple devices in concert as security for accessing an account. The system and method may use one or more security measures based on unique gestures, coordinated gestures between two devices, presence of multiple devices, sequence of actions, and other measures to prevent fraud. Additionally, these security measures may be rearranged or changed such that the devices may collaborate to provide access to multiple different accounts.
    Type: Grant
    Filed: September 28, 2015
    Date of Patent: April 10, 2018
    Assignee: PAYPAL, INC.
    Inventors: Tiano Freixas Lopez Lecube, Josh Miller, Thomas Jaeger, Sam Oh, Wenhan Zhao, Eric Min
  • Patent number: 9942315
    Abstract: Techniques are described for anonymous peer storage. In one example, techniques include invoking an action of backing up one or more files utilizing distributed storage for a node Ni in a multi-node network; encrypting the one or more files into a combined encrypted file with a private key required to decrypt the combined encrypted file; splitting the combined encrypted file into Pi portions (P1, P2 . . . Pn) and associating a file identifier Fi to each Pi; anonymously distributing the Pi portions and associated identifier Fi to other nodes Nj and Nk wherein each of j and k is different from i; retaining a look up file containing for the each Pi, the (Nj, Nk) pairs, the Fi, and the private key for future retrieval and decryption; and responsive to receiving an anonymous request containing the Fi by one of the Nj and the Nk, returning the Pi.
    Type: Grant
    Filed: October 27, 2015
    Date of Patent: April 10, 2018
    Assignee: International Business Machines Corporation
    Inventor: Timothy R Simek
  • Patent number: 9935789
    Abstract: In particular embodiments, a first computing device may receive a request from a second computing device to access a first entity of an infrastructure, the second computing device being coupled to the first computing device, then determining an eligibility of the second computing device to access as least the first entity of the infrastructure, and if the second computing device is determined to be eligible to access the first entity, then assigning a second ticket to the second computing device responsive to the received request.
    Type: Grant
    Filed: June 17, 2015
    Date of Patent: April 3, 2018
    Assignee: Dell Products L.P.
    Inventors: Andrew T. Fausak, Oleg Rombakh
  • Patent number: 9935788
    Abstract: In particular embodiments, a client device may established a first connection to a ticket server of a gateway, wherein the gateway couples the client device to a first computing device, retrieve a permission vector from the ticket server though the first connection, wherein the retrieved permission vector contains at least one or more tickets to authenticate and authorize the client device access to at least the gateway and the first computing device, and establish a second connection to the first computing device based at least on the retrieved tickets
    Type: Grant
    Filed: June 17, 2015
    Date of Patent: April 3, 2018
    Assignee: Dell Products L.P.
    Inventors: Andrew T. Fausak, Oleg Rombakh
  • Patent number: 9930035
    Abstract: A method for establishing a secure communication channel between an off-card entity and an embedded Universal Integrated Circuit Card (eUICC) is provided. The method involves establishing symmetric keys that are ephemeral in scope. Specifically, an off-card entity, and each eUICC in a set of eUICCs managed by the off-card entity, possess long-term Public Key Infrastructure (PKI) information. When a secure communication channel is to be established between the off-card entity and an eUICC, the eUICC and the off-card entity can authenticate one another in accordance with the respectively-possessed PKI information (e.g., verifying public keys). After authentication, the off-card entity and the eUICC establish a shared session-based symmetric key for implementing the secure communication channel. Specifically, the shared session-based symmetric key is generated according to whether perfect or half forward security is desired.
    Type: Grant
    Filed: June 22, 2017
    Date of Patent: March 27, 2018
    Assignee: Apple Inc.
    Inventors: Xiangying Yang, Li Li, Jerrold Von Hauck
  • Patent number: 9928359
    Abstract: Described are architectures, systems, processes and methods for security that, at their core, are adaptive and changing at determined intervals so as to present a different environment, a portion of which is a varied attack surface, to the communications world exterior to the system. In one aspect is described improved security architecture, system and methods based upon multiple processors, operating systems and communication channels, in which at least some processors each perform as an input system connectable to a network, and are dissimilar in some manner, the manner of dissimilarity being controlled by a control system that is not connected to the network. Additionally in this aspect, an execution system is included which performs execution based upon received inputs to the input system, which are passed to the execution system once validated as being safe and not compromised.
    Type: Grant
    Filed: July 15, 2015
    Date of Patent: March 27, 2018
    Inventors: Anthony Joseph Vargas, Christopher Robert Sharpe, Hollis Ann Johnson
  • Patent number: 9928386
    Abstract: A storage device of a data center may protect data stored on a storage medium of the storage device using a data security mechanism. The data security mechanism may include a signal generator configured to generate a proximity signal and one or more storage devices including a storage medium, a proximity detection component and a destruction device. The proximity detection component may be configured to detect the proximity signal and to determine whether the storage device has been removed from an assigned location. The storage destruction mechanism may be configured to destroy at least a portion of the data stored on the storage device in response to the proximity detection component detecting that the storage device has been removed from the assigned location.
    Type: Grant
    Filed: June 8, 2015
    Date of Patent: March 27, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Brock Robert Gardner, Michael Phillip Czamara