Patents Examined by J. Brant Murphy
  • Patent number: 10387683
    Abstract: A request to cancel a change to a policy is received. Based at least in part on delay information for the change, determine that the change is currently delayed, where the delay information is associated with a condition precedent for the change to become effective under a policy change policy. A determination is made regarding whether cancellation is allowed by a set of conditions for the changes, and the proposed policy change is caused to be cancelled prior to a time indicated by the delay information.
    Type: Grant
    Filed: September 9, 2016
    Date of Patent: August 20, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Gregory Branchek Roth
  • Patent number: 10387689
    Abstract: A cryptographic security token having a secure microprocessor, a secure bus connected to said secure microprocessor, a bus isolation microcontroller connected to said secure bus wherein said bus isolation microcontroller comprises firmware for controlling communications through said secure bus to said secure microprocessor, a first NFC antenna connected to said bus isolation microcontroller, and a second NFC antenna connected to said secure microprocessor. The secure microprocessor and said bus isolation microprocessor are powered by energy received through said first NFC antenna and said second NFC antenna. The cryptographic security token receives data from outside said cryptographic security token only through said first NFC antenna. The token or module may further have a bi-state or bi-stable display and a secure memory, each connected to the secure microprocessor by a secure bus.
    Type: Grant
    Filed: October 12, 2017
    Date of Patent: August 20, 2019
    Inventors: Mark Stanley Krawczewicz, Richard C. Schaeffer, Kenneth Hugh Rose, Thomas J. Krawczewicz
  • Patent number: 10389519
    Abstract: A method of controlling transistors includes receiving a control signal, and controlling the top and bottom gate biases of the transistors according to the control signal to normalize or randomize power drawn as observed outside of a core. A device for controlling transistors includes a core performing computational instructions, and a bias circuit receiving a control signal, the bias circuit controlling the top and bottom gate biases of the transistors according to the control signal to normalize or randomize power drawn as observed outside of the core.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: August 20, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Kangguo Cheng, Shawn P. Fetterolf, Ali Khakifirooz
  • Patent number: 10380343
    Abstract: A system and method for performing runtime de-obfuscation of obfuscated malicious software code in a virtual machine is described. According to one embodiment, the method involves enumerating a first physical page associated with a first virtual address space of a first piece of analyzed software code. Herein, the first virtual address space is a portion of a virtual address space associated with the virtual machine. Thereafter, the first physical page is set a non-writable permission. Hence, upon detection of a write to the first physical page by the first piece of analyzed software code, a determination can be made that the first piece of analyzed software code may be categorized as malicious software code.
    Type: Grant
    Filed: October 3, 2016
    Date of Patent: August 13, 2019
    Assignee: FireEye, Inc.
    Inventors: Robert Jung, Antony Saba
  • Patent number: 10382434
    Abstract: To make a trusted web service call, a client application sends a series of messages to obtain tokens that allow service requests to pass through a service relay. The user obtains a first security token by providing the user's credentials. A second token is obtained from a trust broker that validates the first token. Both tokens are then sent with a service request to a service relay. The service relay validates the second token and then passes the first token and the service request to a connector service. The connector service validates the first token and passes the service request to a target back end service. The connector service acts as the user when communicating with the back end service. Service responses are routed back to the user through the connector service and the service relay.
    Type: Grant
    Filed: October 5, 2017
    Date of Patent: August 13, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Kyle Stapley Young, Robert Aron Drollinger, Robert O'Brien, David J. Runde, Jagruti Dushyant Pandya, Georges El Khoury
  • Patent number: 10382417
    Abstract: This application discloses a supply chain security technique that enrolls an integrated circuit with a security server and subsequently utilizes the enrollment to authenticate the integrated circuit. The integrated circuit can include security circuitry to enroll the integrated circuit with the security server by generating an enrollment message—including a fingerprint code having an encoded version of a private value generated by the security circuitry—for transmission to the security server. The security circuitry can authenticate the integrated circuit by replying to a request to verify authentication of the integrated circuit from the security server. The response can confirm to the security server that the integrated circuit includes the private value, which can authenticate the integrated circuit.
    Type: Grant
    Filed: September 11, 2015
    Date of Patent: August 13, 2019
    Assignee: Mentor Graphics Corporation
    Inventors: Michael Chen, Mario Larouche, Joseph P. Skudlarek
  • Patent number: 10372913
    Abstract: A mismatch between model-based classifications produced by a first version of a machine learning threat discernment model and a second version of a machine learning threat discernment model for a file is detected. The mismatch is analyzed to determine appropriate handling for the file, and taking an action based on the analyzing. The analyzing includes comparing a human-generated classification status for a file, a first model version status that reflects classification by the first version of the machine learning threat discernment model, and a second model version status that reflects classification by the second version of the machine learning threat discernment model. The analyzing can also include allowing the human-generated classification status to dominate when it is available.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: August 6, 2019
    Assignee: Cylance Inc.
    Inventors: Kristopher William Harms, Renee Song, Raj Rajamani, Braden Rusell, Yoojin Sohn, Kiefer Ipsen
  • Patent number: 10375082
    Abstract: Provided herein are embodiments directed to facilitating an authentication process before allowing an action. An example apparatus may be configured to receive a request, via an authentication session established during a log-in process, to cause the action, send alert to a first device associated with an account associated with the requested action, cause the first device to communicate, via the short range wireless communication protocol, with a second device to verify a proximity, receive verification of the proximity, receive a first identifying data originating in a browser having been used to start the authentication session, receive a second identifying data string originating from a trusted agent, configured as software or hardware, residing on the second device, and upon confirmation of a match of the first identifying data string and the second identifying data string, authorize the action.
    Type: Grant
    Filed: August 22, 2016
    Date of Patent: August 6, 2019
    Assignee: AVERON US, INC.
    Inventors: Wendell Brown, Edward Mehr
  • Patent number: 10372949
    Abstract: A control device includes a prohibition unit that prohibits use of an electronic apparatus in a case where a sum of a cumulative amount of use of the electronic apparatus for a predetermined period of time and a new amount of use which is newly instructed by an user exceeds a permitted amount in the period of time which is permitted for the user, and a permission unit that permits use of the electronic apparatus by an amount based on an unused amount which is a difference between the permitted amount and the cumulative amount of use in an unreaching period when the unreaching period is present before the period of time in an accounting period including the period of time, in a case where the use of the electronic apparatus is prohibited by the prohibition unit.
    Type: Grant
    Filed: August 22, 2016
    Date of Patent: August 6, 2019
    Assignee: FUJI XEROX CO., LTD.
    Inventors: Satoshi Watanabe, Yusaku Kurihara, Tsubasa Kitai, Noriaki Tanaka
  • Patent number: 10354055
    Abstract: A portable electronic device includes a biometric information obtaining unit and an authentication information generating unit. The biometric information obtaining unit obtains biometric information that represents a physical feature of a user of the portable electronic device. The authentication information generating unit generates authentication information that is numerical information for authentication of the user having a predetermined number of digits, based on the biometric information that has been obtained by the biometric information obtaining unit.
    Type: Grant
    Filed: February 4, 2016
    Date of Patent: July 16, 2019
    Assignee: Kabushiki Kaisha Toshiba
    Inventor: Keita Taniguchi
  • Patent number: 10356070
    Abstract: A method of transferring a profile by an electronic device and an electronic device supporting the same are provided. The electronic device includes a secure memory that installs and deletes at least one profile, a profile manager module that performs an authentication procedure about a target electronic device based on device information of the target electronic device and profile information of a target profile, when a profile transfer event about a target profile of the at least one profile installed on the secure memory occurs, and a communication interface that transfers the target profile based on an authentication result about the target electronic device.
    Type: Grant
    Filed: February 17, 2016
    Date of Patent: July 16, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Soon Hyun Cha, Sun Min Hwang, Sang Soo Lee, Tae Sun Yeoum
  • Patent number: 10346603
    Abstract: A method, system, token and scanning device for gesture-based security are provided. The token includes an information storage module such as an RFID system or a microchip system of a contactless smart card, and a fiducial marker of the token, such as a unique optically recognizable pattern. The token scanning device includes a detection module configured for retrieving details from the information storage module, a motion tracking module for tracking a trajectory of the fiducial marker relative to the scanning device, and an authentication module for authenticating the token if the tracked trajectory matches sufficiently to a reference trajectory associated with the token. A user can authenticate a usage of the token such as a financial transaction by gesture-based motion of the token to match the reference trajectory.
    Type: Grant
    Filed: December 3, 2014
    Date of Patent: July 9, 2019
    Assignee: SIERRA WIRELESS, INC.
    Inventors: Markus Myers, Philippe Frederic Joel Rene Guillemette
  • Patent number: 10348506
    Abstract: An instruction to be used to produce a message digest for a message is executed. In execution, a padding state control of the instruction is checked to determine whether padding has been performed for the message. If the checking indicates padding has been performed, a first action is performed; and if the checking indicates padding has not been performed, a second action, different from the first action, is performed.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: July 9, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Dan F. Greiner, Timothy J. Slegel, Christian Zoellin
  • Patent number: 10348689
    Abstract: A method includes obtaining, by one or more processor, data from a virtual network of a tenant and an identifier of the tenant, where the virtual network of the tenant is one of at least two virtual networks in a shared computing environment where the at least two virtual networks overlay a physical network. Based on obtaining the identifier of the tenant, the method includes setting, by one or more processor, the identifier in metadata of the data and based on the identifier in the metadata, identifying, by the one or more processor, a network connection associated with the tenant. The method also includes identifying, by the one or more processor, a policy of the network connection and processing the data with the policy to create processed data and transmitting, by the one or more processor, the processed data through the network connection.
    Type: Grant
    Filed: November 27, 2017
    Date of Patent: July 9, 2019
    Assignee: International Business Machines Corporation
    Inventors: Guo Chun Bian, Jin Jing Lin, Liang Rong, Gang Tang, Ming Shuang Xian
  • Patent number: 10349245
    Abstract: An information processing apparatus includes a sender and a receiver. The sender sends a character in a virtual space to a robot device. The receiver receives authorization to operate the robot device in return for the character sent to the robot device.
    Type: Grant
    Filed: October 12, 2017
    Date of Patent: July 9, 2019
    Assignee: FUJI XEROX CO., LTD.
    Inventor: Kengo Tokuchi
  • Patent number: 10331895
    Abstract: Logical data containers of a data storage system are associated with policies that require data transformation of data to be stored in the logical data containers. When a data object is received to be stored in a logical data container, the data object is transformed in accordance with a policy on the logical data container. Transformation of the data object may include encryption. The logical data container may also be associated with a cryptographic key used to perform a required transformation.
    Type: Grant
    Filed: January 7, 2014
    Date of Patent: June 25, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine
  • Patent number: 10331870
    Abstract: Methods and systems for receiving a detection of a physical presence of a user and, in response, initiating a start-up process on an enterprise device according to a profile associated with the user are described. Thereafter, the system receives authentication credentials at the enterprise device and the user is granted access to the enterprise device after the authentication credentials are verified.
    Type: Grant
    Filed: March 12, 2018
    Date of Patent: June 25, 2019
    Assignee: United Services Automobile Association (USAA)
    Inventors: Zakery Layne Johnson, John Shelton, Debra Randall Casillas, Thomas Bret Buckingham, Gabriel Carlos Fernandez, Sudarshan Rangarajan, Maland Keith Mortensen
  • Patent number: 10333948
    Abstract: Techniques for alerting and tagging using a malware analysis platform for threat intelligence made actionable are disclosed. In some embodiments, a system, process, and/or computer program product for alerting and tagging using a malware analysis platform for threat intelligence made actionable includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; processing the log files to extract artifacts associated with the log files; determining whether a tag matches any of the plurality of samples based on the artifacts; and performing an action based on whether the tag matches any of the plurality of samples.
    Type: Grant
    Filed: February 29, 2016
    Date of Patent: June 25, 2019
    Assignee: Palo Alto Networks, Inc.
    Inventors: Farshad Rostamabadi, Shadi Rostami-Hesarsorkh, Sudarshan Vasudevan, Bilal Malik
  • Patent number: 10325085
    Abstract: The technology described herein detects a first device associated with a user that is within a detectable range of a second device. The system requests authentication information. In response to receiving the authentication information, a token generator associated with the user can generate a secure token. The secure token can be sent to the server. Once the secure token is verified, the user is granted access to one or more services.
    Type: Grant
    Filed: May 30, 2018
    Date of Patent: June 18, 2019
    Assignee: United Services Automobile Association (USAA)
    Inventors: Maland Keith Mortensen, Thomas Bret Buckingham, Gabriel Carlos Fernandez, Debra Randall Casillas
  • Patent number: 10325097
    Abstract: A method for statically analyzing a web application program may include obtaining a control flow graph for the web application program. Each control flow graph node may correspond to a statement in the web application program. The method may further include obtaining a sanitizer sequence including one or more sanitizers followed by an output statement, obtaining a placeholder corresponding to the sanitizer sequence, and generating control flow paths including an output node that corresponds to the output statement. The method may further include generating documents for each control flow path. Each document may include a sanitized value corresponding to the output statement. The method may further include inserting the placeholder into each document at a location of the sanitized value, and reporting a potential cross-site scripting flaw when the sanitizer sequence is insufficient for the output context sequence of the sanitized value.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: June 18, 2019
    Assignee: Oracle International Corporation
    Inventors: Francois Gauthier, Antonin Steinhauser