Patents Examined by Harvey I Cohen
  • Patent number: 10291599
    Abstract: A keystroke encryption device (KED) exists between the keyboard and the host computing platform including a host PC. The KED examines keystrokes before they are transmitted to the host PC and asymmetrically encrypts the keystrokes when the KED is turned on. The KED allows the keystrokes to pass through as originally indicated by the user when the KED is turned off. The KED accepts a public key from a server, which decrypts the keystrokes using its own public and private key. The keys and an asymmetric encryption algorithm together provide the means by which each keystroke is encrypted before it enters the host PC.
    Type: Grant
    Filed: July 20, 2016
    Date of Patent: May 14, 2019
    Assignee: USCONTRACTING, INC.
    Inventors: William F. Haworth, Nicholas R. Hruch, Mark E. Fishman
  • Patent number: 10282540
    Abstract: Source devices can be secured using a display device filter. When a display device is connected to a source device, a display device filter can identify the display device and determine whether it is a trusted display device. If the display device filter determines that the display device is not trusted, it can take a number of actions to minimize the likelihood of harm to the source device. These actions may include preventing the source device from booting, shutting down the source device, locking the source device, blocking access to other devices, and/or notifying an administrator. In this way, a malicious user can be prevented from gaining access to the source device.
    Type: Grant
    Filed: April 17, 2017
    Date of Patent: May 7, 2019
    Assignee: WYSE TECHNOLOGY L.L.C.
    Inventors: Mohammed Sarfraz, Jenin JohnSimon
  • Patent number: 10230735
    Abstract: Some embodiments provide a program that receives, from an application, a role-based permission (RBP) request specifying an RBP, a first user, and a second user. The RBP specifies a set of actions, a first set of users authorized to perform the set of actions, a second set of users on which the first set of users is authorized to perform the set of actions, and a relationship condition. When the relationship condition specifies a hierarchy-based relationship, the program determines valid users in the second set of users according to a hierarchy of users. When the relationship condition specifies a non-hierarchy-based relationship, the program determines valid users in the second set of users according to a relationship not based on the hierarchy of users. The program determines whether the first user is authorized to perform the set of actions on the second user based on the determined valid users.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: March 12, 2019
    Assignee: SUCCESSFACTORS, INC.
    Inventors: Jia Feng, Yulong Yang, Lu Luo, Jessica Yang, Edward Lu
  • Patent number: 10216925
    Abstract: The present invention discloses a virus protection method and device. The virus protection method comprises: when an Android operating system needs to install an application, transmitting identification information of the application that needs to be installed from a framework layer to an application layer; at the application layer, activating a virus scanner application on the basis of the identification information of the application to allow the virus scanner application to run a virus scan on the application; acquiring a scan result of the virus scan, issuing a notification to the framework layer of whether or not to execute an installation operation for the application on the basis of the scan result; and at the framework layer, either executing the installation operation for the application or rejecting to execute the installation operation for the application on the basis of the notification.
    Type: Grant
    Filed: August 26, 2014
    Date of Patent: February 26, 2019
    Assignee: BEIJING QIHOO TECHNOLOGY COMPANY LIMITED
    Inventors: Zhong Hu, Xin Wang
  • Patent number: 10200359
    Abstract: The disclosed method for creating credential vaults that use multi-factor authentication to automatically authenticate users to online services may include (1) detecting a user account for an online service that uses multi-factor authentication comprising a token that generates a cryptographic authentication code, (2) creating a virtual representation of the token that is capable of generating the cryptographic authentication code, (3) storing the virtual representation of the token and a set of credentials for the user account in a credential vault for a user, (4) sending a message to the online service that associates the virtual representation of the token with the user account, (5) authenticating the user to the credential vault, and (6) automating the multi-factor authentication process for the online service by providing the cryptographic authentication code and the set of credentials to the online service. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 30, 2015
    Date of Patent: February 5, 2019
    Assignee: Symantec Corporation
    Inventors: Ilya Sokolov, Kevin Jiang
  • Patent number: 10142309
    Abstract: Various embodiments of the present technology enable users to sign in to an account without a password. For example, when receiving a request to register a device with an account, a user can be prompted to enter their email address. In response, two tokens are generated. A first token is sent to a client application on the device and the second token is sent to the user's email. The user can then only login to their account with the device if the device has both tokens. Thus, if someone intercepts the email, they will be unable to login from another device since they don't have the first token. If the client token and email token cannot be automatically joined on the same device, a web page showing a code can be displayed on a first device, which can be entered on the second device to finish login process.
    Type: Grant
    Filed: December 19, 2014
    Date of Patent: November 27, 2018
    Assignee: DROPBOX, INC.
    Inventors: Josh Kaplan, Adam Cook, Stephen Poletto, Thomas Wright, Luke Faraone
  • Patent number: 10116648
    Abstract: There are disclosed herein techniques for use in authentication. In one embodiment, the techniques include a method comprising several steps. The method comprises receiving a request to access an application. The method also comprises determining a level of sensitivity associated with the application. The method further comprises selecting an authentication method based on the level of sensitivity. The method still further comprises utilizing the authentication method during an authentication operation to determine whether to grant access to the application.
    Type: Grant
    Filed: June 19, 2015
    Date of Patent: October 30, 2018
    Assignee: EMC IP Holding Company LLC
    Inventor: Nagendra Gudibande Srikanta Sharma
  • Patent number: 10097513
    Abstract: Constructs to define a Trusted Execution Environment Driver that can implement a standard communication interface in a first environment for discovering and/or exchanging messages with secure applications/services executed in a Trusted Execution Environment (TrEE). The first environment can represent an environment with a different security policy from the TrEE.
    Type: Grant
    Filed: September 14, 2014
    Date of Patent: October 9, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Youssef Barakat, Kinshuman Kinshumann, Brian Perkins, Jinsub Moon
  • Patent number: 10097527
    Abstract: A method of managing authentication during a user session comprises the steps of operating a user session for a specific user, maintaining a user authentication level for the user session, monitoring one or more factors relating to the user's activity, applying one or more rules to the monitored factors, detecting that a rule has indicated the user's current authentication level is too high, and lowering the user's authentication level, without ending the user's session.
    Type: Grant
    Filed: August 21, 2015
    Date of Patent: October 9, 2018
    Assignee: International Business Machines Corporation
    Inventors: Kevin C. Brown, Peter W. Jenkins, Stephen D. Pipes, Larissa C. Romualdo Suzuki
  • Patent number: 10073959
    Abstract: A method for securely authenticating users of a device which uses pairings of a verbal passphrase and user interactions. The user interactions may be finger position on an interface of the device, number of taps on the interface of the device, or touching of the interface in a predefined area. Alternatively, the user can provide a verbal passphrase with inflection points.
    Type: Grant
    Filed: June 19, 2015
    Date of Patent: September 11, 2018
    Assignee: International Business Machines Corporation
    Inventors: Gregory J. Boss, Diego Xirinachs Jimenez, Andrea del Pilar Macias Garcia, Stephen J. McConnell, Piotr Pierga, Stacey Ramos
  • Patent number: 10050942
    Abstract: A method for two factor authentication is described. The method comprises a server receiving an activation code for verification from a mobile device. The server generates an encrypted secret key using the activation code The secret key is encrypted and sent to the mobile device. The server receives a first token generated by the mobile device. The server generates a second token using the secret key, determines whether the first token is identical to the second token, and syncs information with the mobile device.
    Type: Grant
    Filed: March 17, 2015
    Date of Patent: August 14, 2018
    Assignee: CA, Inc.
    Inventors: Mohammed Mujeeb Kaladgi, Mahesh Malatesh Chitragar, Vishwanatha Salian
  • Patent number: 10007791
    Abstract: Systems, methods, and non-transitory computer-readable media can provide a set of security features capable of being enabled by a user associated with an online service. In some implementations, it can be determined that at least one security feature in the set has yet to be enabled by the user. A communication can be provided to the user. In some instances, the communication can indicate that a quantity of social connections associated with the user has already enabled the at least one security feature. One or more options to enable the at least one security feature can be provided to the user.
    Type: Grant
    Filed: November 18, 2014
    Date of Patent: June 26, 2018
    Assignee: Facebook, Inc.
    Inventors: Adam Kramer, Sauvik Das
  • Patent number: 9992169
    Abstract: Mapping and obscuring digital representations of a number of user accounts on a social network map includes identifying a primary user account from a number of user accounts of a social network, determining, based on metadata associated with the user accounts, a relationship for each of the user accounts relative to the primary user account, mapping, based on the relationship for each of the user accounts relative to the primary user account, a digital representation of each of the user accounts to a territory on a social network map, determining, based on the relationship for each of the user accounts relative to the primary user account, an obscurity level for each of the user accounts, and obscuring, based on the obscurity level, the territory associated with the digital representation of each of the user accounts on a social network map from the primary user account.
    Type: Grant
    Filed: October 27, 2016
    Date of Patent: June 5, 2018
    Assignee: International Business Machines Corporation
    Inventors: Cameron J. Bosnic, Jr., Vijay Francis, Jacob M. Lineberry, Scott H. Prager, Erika Varga
  • Patent number: 9986033
    Abstract: The disclosed embodiments disclose techniques for facilitating access to a remote cloud service via a cloud controller for a distributed filesystem. Two or more cloud controllers collectively manage distributed filesystem data that is stored in the cloud storage systems; the cloud controllers ensure data consistency for the stored data, and each cloud controller caches portions of the distributed filesystem. During operation, a cloud controller detects a request from a co-located client to access a network address that is in the same subnet of their local network. The cloud controller determines that the network address is associated with the remote cloud service (which executes in a cloud storage environment) and forwards the request to the remote cloud service.
    Type: Grant
    Filed: March 17, 2015
    Date of Patent: May 29, 2018
    Assignee: Panzura, Inc.
    Inventors: Greig W. Bannister, John Richard Taylor