Patents Examined by Helai Salehi
  • Patent number: 10419486
    Abstract: Systems and methods for managing and implementing secure runtime software hooking on devices are provided. The system and method disclosed includes components and features that enable enterprises and organizations to securely manage mobile devices that have access to the organization's data and network resources. Various embodiments provide for secure systems and methods to modify a behavior of an operating system or one or more applications, without having to flash or modify the Read-only Memory (ROM).
    Type: Grant
    Filed: October 11, 2016
    Date of Patent: September 17, 2019
    Assignee: The MITRE Corporation
    Inventors: Joseph Portner, Colin Courtney, David Bryson, Sarah Ford, Collin McRae
  • Patent number: 10413165
    Abstract: A system and methods for providing and reclaiming a single use imaging device for sterile environments is disclosed and described. The system may include a single use high definition camera used for general purpose surgical procedures including, but not limited to: arthroscopic, laparoscopic, gynecologic, and urologic procedures, may comprise an imaging device that is a sterile and designed to ensure single use. The imaging device may have a single imaging sensor, either CCD or CMOS, encased in a housing.
    Type: Grant
    Filed: March 2, 2015
    Date of Patent: September 17, 2019
    Assignee: DePuy Synthes Products, Inc.
    Inventors: Joshua D. Talbert, Jeremiah D. Henley, Donald M. Wichern, Curtis L. Wichern
  • Patent number: 10396989
    Abstract: A method and a server for providing transaction keys for a transaction system includes transaction units which use pre-delivered transaction keys, and are provided by a key provisioning server and wherein the transaction key usage is checked by a transaction checking server. A transaction key is derived from a master key of a transaction unit, wherein a varying derivation parameter is used in the step of deriving. The step of deriving comprises a first sub step of deriving a key from the master key and a second sub step of deriving the transaction key from the derived key. The first sub step or the second sub step of deriving is performed dependent on a security level of the transaction unit.
    Type: Grant
    Filed: November 9, 2015
    Date of Patent: August 27, 2019
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Lauri Pesonen, Ulrich Weinert, Jarmo Mikael Kaikkonen, Jay Graver
  • Patent number: 10397007
    Abstract: An industrial automation gateway providing an extended web of trust is provided. The industrial automation gateway includes a cloud communication interface coupled with a cloud automation facility, a hardware memory, and a processor coupled with the cloud communication interface and the hardware memory. The cloud automation facility includes a cloud hardware memory storing a cloud root certificate from a first root certificate authority and a subordinate certificate. The hardware memory stores a gateway root certificate from a second root certificate authority and the subordinate certificate. The processor is configured to determine if the subordinate certificate has been certified by the first root certificate authority and the second root certificate authority.
    Type: Grant
    Filed: October 27, 2017
    Date of Patent: August 27, 2019
    Assignee: Rockwell Automation Technologies, Inc.
    Inventors: Paul D. Schmirler, Timothy S. Biernat
  • Patent number: 10382953
    Abstract: The disclosure discloses a security configuration method for Device to Device (D2D) communication, a Proximity-based Service (ProSe) key management function, User Equipment (UE) and a system. The method includes that: first information indicating security capability of a UE is acquired; and whether to feed back a security configuration response message or a content of the security configuration response message to the UE is determined according to the first information. The disclosure further discloses a computer storage medium.
    Type: Grant
    Filed: July 14, 2014
    Date of Patent: August 13, 2019
    Assignee: ZTE Corporation
    Inventors: Jin Peng, Shilin You, Zhaoji Lin, Zaifeng Zong, Li Zhu
  • Patent number: 10375094
    Abstract: In some examples, a computing device may receive sensed data of a first sensor sent in a first transmission. The computing device may associate a first timestamp with the sensed data. Further, the computing device may receive, from other sensors, first signal strength information including first signal strength data and a first signal property related to the first transmission, and a second timestamp corresponding to detection of the first transmission. The computing device may receive, from other sensors, second signal strength information including second signal strength data and a second signal property related to a second transmission, and a third timestamp corresponding to detection of the second transmission. When the third timestamp is later than the first timestamp and the first signal property matches the second signal property, the computing device may indicate that a sensor that sent the second transmission is associated with an anomaly.
    Type: Grant
    Filed: October 4, 2016
    Date of Patent: August 6, 2019
    Assignee: Hitachi, Ltd.
    Inventors: Takeshi Shibata, Sudhanshu Gaur
  • Patent number: 10346410
    Abstract: Various systems and methods are provided that retrieve raw data from issuers, reorganize the raw data, analyze the reorganized data to determine whether the risky or malicious activity is occurring, and generate alerts to notify users of possible malicious activity. For example, the raw data is included in a plurality of tables. The system joins one or more tables to reorganize the data using several filtering techniques to reduce the processor load required to perform the join operation. Once the data is reorganized, the system executes one or more rules to analyze the reorganized data. Each rule is associated with a malicious activity. If any of the rules indicate that malicious activity is occurring, the system generates an alert for display to a user in an interactive user interface.
    Type: Grant
    Filed: January 9, 2018
    Date of Patent: July 9, 2019
    Assignee: Palantir Technologies Inc.
    Inventors: Craig Saperstein, Eric Schwartz, Hongjai Cho
  • Patent number: 10325121
    Abstract: To provide for a physical security mechanism that forms a complete envelope of protection around the cryptographic module to detect and respond to an unauthorized attempt at physical access, a tamper sensing encapsulant generally encapsulates the cryptographic module. The tamper sensing encapsulant includes a first shape actuation layer associated with an electrically conductive first trace element and a second shape actuation layer associated with an electrically conductive second trace element. The first shape actuation layer is positioned against the second shape actuation layer such that the first trace element and the second trace element do not physically touch at an operating temperature of the cryptographic module and do physically touch when the first shape actuation layer and the second shape actuation layer are thermally loaded. Upon first trace element and the second trace element touching, a circuit is formed that disables the cryptographic module.
    Type: Grant
    Filed: November 13, 2017
    Date of Patent: June 18, 2019
    Assignee: International Business Machines Corporation
    Inventors: Sarah K. Czaplewski, Joseph Kuczynski, Jason T. Wertz, Jing Zhang
  • Patent number: 10326801
    Abstract: Systems and methods for configuring security policies based on security parameters stored in a public or private cloud infrastructure are provided. According to one embodiment, security parameters associated with a first network appliance of an enterprise, physically located at a first site, are shared by the first network appliance with multiple network appliances of the enterprise by logging into an shared enterprise cloud account. The shared parameters are retrieved by a second network appliance of the enterprise, physically located at a second site, by logging into the shared enterprise cloud account. A VPN client configuration is automatically created by the second network appliance that controls a VPN connection between the first and second network appliances based on the shared parameters. The VPN connection is dynamically established based on the shared parameters when the VPN client configuration permits network traffic to be exchanged between the first and second network appliances.
    Type: Grant
    Filed: November 19, 2017
    Date of Patent: June 18, 2019
    Assignee: Fortinet, Inc.
    Inventor: Qing Xu
  • Patent number: 10313375
    Abstract: A malicious attack detection method includes: receiving, by a controller, a Packet-in message sent by a switch, where the Packet-in message includes a source host identifier and a destination host identifier of a data packet for which the switch does not find a flow entry; when determining that a host indicated by the destination host identifier does not exist in an SDN network, sending, by the controller, an abnormal flow entry to the switch; receiving, by the controller, a triggering count sent by the switch, where the triggering count is a quantity of times that the abnormal flow entry is triggered; and determining, according to the triggering count, whether a malicious attack is initiated. According to the method, a malicious attack from a host can be detected, a data processing volume of a controller can be reduced, and performance of the controller can be improved.
    Type: Grant
    Filed: May 20, 2016
    Date of Patent: June 4, 2019
    Assignee: HUAWEI TECHNOLOGIES CO., LTD
    Inventors: Ke Lin, Yongcan Wang, Yingjun Tian
  • Patent number: 10313126
    Abstract: A barcode security authentication method. The method comprises: when a barcode acquisition request from an application server is received by an authentication server, same generates barcode information and returns the barcode information to the application server, where the barcode information is used for displaying a barcode image; a mobile terminal token end acquires the barcode information on the basis of the barcode image, generates a user mobile terminal token response value on the basis of the barcode information and of user mobile terminal token information of self, and directly transmits the user mobile terminal token response value to the authentication server for authentication. The present invention implements the technical effects in which the degree of security of identity authentication is increased while identity authentication is made more convenient and easier to operate.
    Type: Grant
    Filed: June 8, 2016
    Date of Patent: June 4, 2019
    Assignee: Feitian Technologies Co., Ltd.
    Inventors: Zhou Lu, Huazhang Yu
  • Patent number: 10305686
    Abstract: Secure data transfers between communication nodes is performed using a group encryption key supplied by a remote management system. A first node transmits a request for secure communications with a second node to the remote management system using a control channel. The remote management system generates and encrypts a group encryption key usable by the first and second nodes and forwards the encrypted group encryption key to the first and second nodes using one or more control channels. The first and second communication nodes decrypt the group encryption key and use it to encrypt data transmitted between the nodes using a data transport network. In some implementations the securely communicating nodes may use encryption keys and/or techniques that prevent the remote management system from eavesdropping on the nodes' communications.
    Type: Grant
    Filed: October 3, 2016
    Date of Patent: May 28, 2019
    Assignee: Orion Labs
    Inventors: Greg Albrecht, Andy Isaacson, Nelson Carpentier, Dan Phung, Schuyler Erle
  • Patent number: 10262155
    Abstract: Examples are generally directed towards disabling features using a feature toggle associated with an application programming interface (API). A server receives an API request including one or more elements. An element is associated with a set of features. If a feature state of every feature within the set of features is an enabled feature state, the element state is an enabled element state and the request is validated. The validated request is executed and a response to the request is returned to the client. If at least one feature state of at least one feature within the set of features is a disabled feature state or a hidden feature state, the element state is a disabled element state and the request is invalided. The invalidated request is rejected and an error message is returned to the client.
    Type: Grant
    Filed: June 30, 2015
    Date of Patent: April 16, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Hao Sun, Jim Pendergraft, Jichao Zhang, Link Yu, Wei Wang, Nicholas Wei
  • Patent number: 10237246
    Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: March 19, 2019
    Assignee: SYMPHONY COMMUNICATION SERVICES HOLDINGS LLC
    Inventors: Serkan Mulayin, David M'Raihi, Tim Casey, Michael Harmon, Jon McLachlan
  • Patent number: 10225082
    Abstract: A random value generator is provided that comprises a carbon nanotube structure that generates a random output current in response to a voltage input. The random value generator includes a random value output circuit coupled to the carbon nanotube structure that receives the random output current from the carbon nanotube structure and generates a random output value based on the received random output current from the carbon nanotube structure.
    Type: Grant
    Filed: July 26, 2016
    Date of Patent: March 5, 2019
    Assignee: International Business Machines Corporation
    Inventors: Pau-Chen Cheng, Shu-Jen Han, Jianshi Tang
  • Patent number: 10216942
    Abstract: When data is stored for a significant amount of time or is transmitted through a noisy environment, it is not uncommon for pieces of that data to be lost or degraded. The disclosed method provides users with a new way of generating and then storing data to provide for easy recovery of said data when pieces of data are lost during storage or during transmission. Unlike the present art, which requires users to store or transmit redundant data, this method does not require redundancy. By removing that redundancy, space-costs of storing data can be reduced.
    Type: Grant
    Filed: May 19, 2016
    Date of Patent: February 26, 2019
    Assignee: University of Louisiana at Lafayette
    Inventor: Louis M. Houston
  • Patent number: 10210347
    Abstract: Techniques for managing privacy of a network communication may be realized as a computer-implemented system, including one or more processors that store instructions, and one or more computer processors that execute the instructions to receive a first network communication, extract information from the first network communication, identify a privacy rule based on the information, generate a second network communication based on the first network communication and the privacy rule, and cause the second network communication to be sent.
    Type: Grant
    Filed: June 22, 2015
    Date of Patent: February 19, 2019
    Assignee: SYMANTEC CORPORATION
    Inventors: Bruce E. McCorkendale, William E. Sobel
  • Patent number: 10200365
    Abstract: A biometric authentication system is disclosed that provides authentication capability using biometric data in connection with a challenge for parties engaging in digital communications such as digital text-oriented, interactive digital communications. End-user systems may be coupled to devices that include biometric data capture devices such as retina scanners, fingerprint recorders, cameras, microphones, ear scanners, DNA profilers, etc., so that biometric data of a communicating party may be captured and used for authentication purposes.
    Type: Grant
    Filed: August 11, 2016
    Date of Patent: February 5, 2019
    Assignee: AT&T INTELLECTUAL PROPERTY II, L.P.
    Inventors: Pradeep K. Bansal, Lee Begeja, Carroll W. Creswell, Jeffrey Farah, Benjamin J. Stern, Jay Wilpon
  • Patent number: 10192067
    Abstract: Various embodiments provide techniques and devices for implementing a self-described security model for sharing secure resources between secure applications. In some examples, a trustlet can include a self-described policy defining capabilities of the trustlet and/or membership in a scenario group managed by a signing authority. Further, the trustlet can include a code signature signed by the signing authority. Additionally, a proxy kernel can allow the trustlet to share application data with other trustlets in the scenario group based on the policy and the code signature without exposing the application data to compromised system software and/or unauthorized applications.
    Type: Grant
    Filed: May 26, 2016
    Date of Patent: January 29, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Alain F. Gefflaut, Andrew W. Harper
  • Patent number: 10187388
    Abstract: Aspects of the subject disclosure may include, for example, a process that includes receiving first input defining a relationship between first and second entities, generating a first rule based on the first input, wherein the first rule determines accessibility of a networked service, and associating the first rule with the relationship. The first rule modifies settings of a service management infrastructure to effectuate the first rule in accordance with the relationship, wherein the service management infrastructure provides access to the networked service based on the accessibility. Other embodiments are disclosed.
    Type: Grant
    Filed: March 12, 2015
    Date of Patent: January 22, 2019
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Robert M. Higgins, Julio Cartaya, Steven A. Siegel