Patents Examined by Helai Salehi
  • Method for updating group temporal key, related apparatus and system
    Patent number: 9332438
    Abstract: Embodiments of the present invention disclose a method for updating a group temporal key, a related apparatus and system. A method includes: An access point AP sets an updating period of a group temporal key GTK; the access point updates the GTK whenever the updating period of the GTK arrives; the access point receives a GTK request that is sent by a mobile station STA in an association list within a preset delay time period after arrival of the updating period of the GTK, where the association list records all mobile stations communicating with the access point, and the preset delay time period is shorter than the updating period of the GTK; and when the preset delay time period after the arrival of the updating period of the GTK arrives, the access point sends the updated GTK to the mobile station in the association list according to the GTK request.
    Type: Grant
    Filed: October 25, 2013
    Date of Patent: May 3, 2016
    Assignee: HUAWEI DEVICE CO., LTD.
    Inventors: Kecheng Yu, Zhiming Ding, Ping Fang
  • Methods and systems for complying with network security requirements
    Patent number: 9319424
    Abstract: The present invention provides for methods and systems for complying with network security requirements, particularly those defined by NERC CIP. In particular, the invention provides for methods and systems for identifying a set of network security risks on a computing device, refining the set of network security risks requiring documentation as defined by the requirements, creating documentation on the necessity of the network security risks, and creating a report comprising a listing of the refined set of network security risks and documentation for auditing and compliance purposes.
    Type: Grant
    Filed: June 18, 2014
    Date of Patent: April 19, 2016
    Assignee: CCS-Inc.
    Inventors: Scott Hudson, Paul Monta Elkins, Steven Wirt, Benjamin Sandbrook, Christopher Bateson, Michael K. Trautman, Jonathan Couch
  • Secure network labeling to control inter-process communications in a multi-tenant platform-as-a-service (PaaS) system
    Patent number: 9300690
    Abstract: Implementations for secure network labeling to control inter-process communications in a multi-tenant Platform-as-a-Service (PaaS) system are disclosed. A method of the disclosure includes initializing, by a processing device of a node, a gear of an application on the node, wherein the node hosts a plurality of gears for a plurality of applications of a multi-tenant Platform-as-a-Service (PaaS) system, and wherein the plurality of applications comprising multi-tenant applications having different owners. The method further includes determining a user identifier (UID) of the gear, generating a custom network security label (NSL) of the gear, assigning the custom NSL to the gear, and applying the custom NSL to an outgoing network packet sent from the gear to another gear within the PaaS system.
    Type: Grant
    Filed: July 3, 2013
    Date of Patent: March 29, 2016
    Assignee: Red Hat, Inc.
    Inventors: Daniel Walsh, Paul Moore
  • Enhanced control-plane security for network-accessible services
    Patent number: 9270703
    Abstract: Methods and apparatus for enhancing control-plane security of a network-accessible service are described. In accordance with a security policy, one or more control servers are selected to perform administrative operations associated with configuration of a service instance at a particular instance host of a network-accessible service. The control servers may differ in security properties from the instance host. In response to a configuration request directed at the instance host, administrative operations are implemented at the selected control servers. A low-level command is issued for execution to the instance host from a control server. A result of the low-level command is obtained at the control server and is used to determine a response to the configuration request.
    Type: Grant
    Filed: October 22, 2013
    Date of Patent: February 23, 2016
    Assignee: Amazon Technologies, Inc.
    Inventors: Duncan Matthew Clough, Andries Petrus Johannes Dippenaar, Marcin Piotr Kowalski
  • Field level database encryption using a transient key
    Patent number: 9251355
    Abstract: Embodiments of the present invention disclose a method, system, and computer program product for implementing user specific encryption in a database system. A computer receives a query statement including a user specific key and data, the data including data needing encryption and non-encrypted data. The computer encrypts the data needing encryption using the user specific key. The computer inserts both the encrypted data and the non-encrypted data into a table row in a database. The computer creates a hash of the user specific key, and stores the hash of the user specific key in the table row with the data.
    Type: Grant
    Filed: July 30, 2013
    Date of Patent: February 2, 2016
    Assignee: International Business Machines Corporation
    Inventors: William C Freeman, Richard V Hom
  • Providing a second factor authorization
    Patent number: 9253174
    Abstract: A system for generating a second factor authorization for a request to access a web site includes a data store having a computer readable medium storing a program for generating the second factor authorization, and a processor. A packet receiving unit receives the request from a user device via a local network to access the web site via an external network. A trigger database stores the web site. A device database stores a rule associated with the user device for the web site, and a corresponding paired device with the user device. A second factor determination unit requests a second factor authorization from the corresponding paired device in response to the packet receiving unit receiving the request. A communication unit communicates the request to the external network in response to a valid assertion from the paired device based on the second factor authorization.
    Type: Grant
    Filed: February 28, 2013
    Date of Patent: February 2, 2016
    Assignee: Google Inc.
    Inventor: Simon Michael Rowe
  • Multi-factor caller identification
    Patent number: 9247427
    Abstract: A method and apparatus for authenticating directory information is described. The method includes: receiving a request to initiate a voice communication session over a signaling network that includes a data network, the request including directory information specifying origination of the voice communication session; determining verification information associated with the directory information; authenticating the directory information using the determined verification information; and selectively providing notification of the authentication for handling of the voice communication session.
    Type: Grant
    Filed: July 29, 2013
    Date of Patent: January 26, 2016
    Assignee: Verizon Patent and Licensing Inc.
    Inventor: John S. Perez
  • Method and system for in-field recovery of security when a certificate authority has been compromised
    Patent number: 9240993
    Abstract: A certificate credential is generated based on a user device's private key securely stored, or accessible, by a certificate authority. When the certificate authority has been compromised, the credential, which typically includes information encrypted with the device's private key and the corresponding unencrypted information, is sent to the device. The device receives the information in encrypted and unencrypted form and decrypts the encrypted information. If the result of the decryption matches the unencrypted information, the device trusts the signer of the credential.
    Type: Grant
    Filed: September 11, 2012
    Date of Patent: January 19, 2016
    Assignee: ARRIS Enterprises, Inc.
    Inventor: Ali Negahdar
  • Assessing risk for third-party data collectors
    Patent number: 9230066
    Abstract: An improved technique authenticates a user based on an ability to corroborate previous transaction data sent by a user device. Along these lines, the improved technique makes use of an independent information source for verifying the accuracy of previous transaction data obtained by a given collector. For example, when a collector of location data is a GPS unit of a cell phone, an independent information source may be a cell tower closest to the cell phone at the time of the transaction. While location data provided by the cell tower may not be as precise as that provided by the GPS unit, such data is useful for corroborating the location data from the GPS unit. In this scenario, if the data provided by the cell tower fails to corroborate that provided by the GPS unit, then the GPS unit adds significant risk to authenticating the user.
    Type: Grant
    Filed: June 27, 2012
    Date of Patent: January 5, 2016
    Assignee: EMC Corporation
    Inventors: Daniel V. Bailey, Lawrence N. Friedman, Yedidya Dotan
  • Hard disk drive sanitizer system and method
    Patent number: 9224014
    Abstract: A hard disk drive (HDD) sanitizer system comprises an electronic device having a basic input/output system (BIOS), the BIOS comprising a sanitizer routine executable for sanitizing a HDD.
    Type: Grant
    Filed: September 28, 2006
    Date of Patent: December 29, 2015
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Jennifer E. Rios, Lan Wang, Shab H. Madina
  • Website scanning device and method
    Patent number: 9215246
    Abstract: The invention discloses a website scanning apparatus for performing a security vulnerability scanning on a target website, which apparatus comprises: a web page obtaining component obtaining current content and/or features of a web page corresponding to a link to be processed; a link processing component including a change judgment device for judging whether the web page corresponding to the link to be processed has been changed based on stored web page content and/or features corresponding to the link to be processed as well as the current web page content and/or features of the link to be processed; and a vulnerability detecting component for performing a security vulnerability detection on a web page corresponding to a link to be processed for which the web page has been changed. The invention also discloses a website scanning method corresponding thereto.
    Type: Grant
    Filed: October 21, 2011
    Date of Patent: December 15, 2015
    Assignee: NSFOCUS INFORMATION TECHNOLOGY CO., LTD.
    Inventors: Da Zhou, Xiaoming Wang, Ming Lv, Hui Jiang, Guangxu Liu, Xiaohai Lu, Na Li, Xing Ye
  • Policy-based control layer in a communication fabric
    Patent number: 9208295
    Abstract: Presented herein are techniques for adding a secure control layer to a distributed communication fabric that supports publish-subscribe (pub-sub) and direct query (synchronization) communication. The secure control layer is configured to perform policy-based authentication techniques to securely manage the exchange of data/information within the communication fabric and enable registration/discovery of new capabilities.
    Type: Grant
    Filed: June 10, 2013
    Date of Patent: December 8, 2015
    Assignee: Cisco Technology, Inc.
    Inventors: Nancy Cam-Winget, Allan Thomson, Pok Wong, Vanaja Ravi
  • Business method including handshake protocol to control actors and functions to propagate acceptance of an IP license to securely authenticate software application program interfaces (APIs)
    Patent number: 9197910
    Abstract: A system for securely authenticating software Application Program Interfaces (APIs) includes a handshake protocol that enables promulgation of licensing rights controlling Intellectual Property (IP) to multiple Actors. The handshake is a Challenge-Response protocol that includes a Challenge issued by one Actor who controls IP rights to verify a second Actor has Licensed IP rights when the second Actor Response includes use of a function IPF1. The function e.g. IPF1 is provided through the IP licensing agreement. Other Actors who wish to use software that the first Actor provides will be encouraged to acquire rights to the IP License to obtain the function IPF1 for access. Subsequent Actors who have IP rights controlled by another function IPF2 can be pulled into the same IP Licensing system, or another IP License that becomes part of the same ecosystem with the system controlled using function IPF1.
    Type: Grant
    Filed: October 29, 2013
    Date of Patent: November 24, 2015
    Assignee: ARRIS Technology, Inc.
    Inventors: Eric J. Sprunk, Mark G. Depietro
  • System and method for email fraud risk assessment
    Patent number: 9197649
    Abstract: Email address Fraud Risk Assessment using a system of data element collection and computation. Data elements for each potion of an email address's local and domain portion is acquired from internal and external data sources, captured, evaluated, and then assigned a value. Data acquisition may include use of domain information, databases, Email Service Providers, Simple Mail Transfer Protocol, corporate and social media services, and search engine services. Using the assigned values, a Fraud Risk Score is computed and then displayed to a user along with additional information, explanations and recommendations.
    Type: Grant
    Filed: October 31, 2013
    Date of Patent: November 24, 2015
    Inventor: Reinaldo Carvalho
  • Apparatus, method, and system for digital content and access protection
    Patent number: 9179190
    Abstract: There is described a method for providing a video signal to a user, comprising: sampling said video signal at a user specific sampling rate, thereby obtaining temporally organized sample amplitudes; removing a time interrelation between said temporally organized sample amplitudes, thereby obtaining sample amplitudes having no time interrelation; transmitting said sample amplitudes having no time interrelation to said user; and reconstructing said video signal by inserting a user-specific sampling interval between successive ones of said sample amplitudes, said user-specific sampling interval corresponding to said user-specific sampling rate.
    Type: Grant
    Filed: January 15, 2015
    Date of Patent: November 3, 2015
    Inventors: Colin Gavrilenco, Mathieu Therien
  • Method and system for tracking access to application data and preventing data exploitation by malicious programs
    Patent number: 9171157
    Abstract: Provided are a method and system for tracking access to application data and preventing data exploitation by malicious programs. In one example, the method includes shimming into a running process of the system to create at least one monitoring hook to monitor a program, building an execution path of the monitored program, and monitoring a behavior of the execution path for malicious behavior using the monitoring hook.
    Type: Grant
    Filed: March 28, 2006
    Date of Patent: October 27, 2015
    Assignee: Blue Coat Systems, Inc.
    Inventors: Jose Flores, Wei Lu, Ronnie Blewer, Yariv Kaplan
  • Service manifests
    Patent number: 9165120
    Abstract: Generally described, aspects of the present disclosure relate to for managing the configuration and security policies of hosted virtual machine networks. Hosted virtual machine networks are configured in a manner such that a virtual machine manager component can establish service manifests that correspond to information required by the virtual machine network from a user/customer. The virtual machine manager component can also publish in the service manifests contractual information, such as security risk assessments, that are deemed to have been provided and accepted by the user/customer in instantiating virtual machine networks. If the processed service manifest information remains valid, a substrate network process requests or independently instantiate services or components in accordance with the configuration information and security risk information included in the processed service manifest.
    Type: Grant
    Filed: March 29, 2011
    Date of Patent: October 20, 2015
    Assignee: Amazon Technologies, Inc.
    Inventors: Eric Jason Brandwine, Don Johnson, Marvin M. Theimer
  • Application execution system, computer, application execution device, and control method and program for an application execution system
    Patent number: 9167030
    Abstract: An application execution system enables stable system operation without being affected by server performance or line quality, and without quitting the application. The application execution system 1 has an application server 2 and an application execution device 4 connected by a first network 6, and has the application execution device 4 and a client terminal 5 connected by a second network 7. The application execution device 4 detects the status of the acquired application 11a, runs the application 11a if the application is normal and has the application server 2 run the application if an error or problem is detected. Based on the execution request from the application execution device 4, the application server 2 runs a substitute application 11b.
    Type: Grant
    Filed: February 11, 2014
    Date of Patent: October 20, 2015
    Assignee: Seiko Epson Corporation
    Inventors: Hideo Nakamura, Takanori Yamada, Hirotada Yokosawa
  • Establishing secure, mutually authenticated communication credentials
    Patent number: 9160740
    Abstract: Establishing secure, mutually authenticated communication between a trusted network and a perimeter network. Servers on the perimeter network may be securely and automatically configured to communicate with the trusted network. Servers not functioning properly may be stopped from communicating with the other servers. Credential information relating to a perimeter server may be automatically, and regularly, updated without intervention.
    Type: Grant
    Filed: September 4, 2013
    Date of Patent: October 13, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Hao Zhang, Jeffrey B. Kay, Malcolm E. Pearson, Eric D. Tribble
  • Providing credential information
    Patent number: 9160727
    Abstract: A server system maintains data indicative of credentials held by multiple different users. Each of the credentials has been issued by a credential granting authority that is separate from an entity that operates the server system. The server system receives selection data that indicates how credential data of a first user is to be made available to other users. Based on the selection data, the server system stores availability data that indicates how credential data of the first user is to be made available to the other users. The server system also maintains a location of a mobile computing device associated with the first user and, based on the availability data and the location, provides, to at least a second user, information about at least one credential held by the first user in association with an indication of the location.
    Type: Grant
    Filed: July 11, 2013
    Date of Patent: October 13, 2015
    Assignee: MicroStrategy Incorporated
    Inventors: Michael J. Saylor, Hector Vazquez, Gang Chen