Patents Examined by James J Wilcox
  • Patent number: 10419931
    Abstract: Systems, methods, and articles of manufacture comprising processor-readable storage media are provided for implementing security for a network environment using a centralized smart security system. For example, a method includes implementing a network comprising a plurality of network devices which collectively generate data that is utilized by a computing system to execute an application, and implementing a centralized security system as a computing node within the network to manage security operations within the network and to establish secured and trusted communications between the network devices and the computing system. The network devices may comprise wireless sensor devices operating in a wireless sensor network, wherein computing system executes an IoT (Internet of Things) application which processes the data that is generated by the wireless sensor devices.
    Type: Grant
    Filed: August 25, 2016
    Date of Patent: September 17, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Mohamed Sohail, Stephen Todd, Said Tabet, Khaled Ahmed
  • Patent number: 10356073
    Abstract: In one embodiment, a system including a processor to run a web browser application and a CAPTCHA challenge application, wherein the web browser application is operative when run to retrieve and present a web page of a website, obtain a request from the website requesting performance of a CAPTCHA challenge process, and request the CAPTCHA challenge application to perform the CAPTCHA challenge process, the CAPTCHA challenge application is operative when run to request a CAPTCHA challenge test from an authentication server, obtain the CAPTCHA challenge test, render a CAPTCHA window including the CAPTCHA challenge test, obtain a user response to the CAPTCHA challenge test, send a value based on the user response to the authentication server, and obtain a response from the authentication server authenticating the user response, and the CAPTCHA challenge application and the web browser application are run as different processes by the processor.
    Type: Grant
    Filed: August 29, 2016
    Date of Patent: July 16, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Gil Gonen, Ronen Haber, Arie Haenel
  • Patent number: 10354173
    Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one memory. The operations may include: extracting, from an icon associated with a file, one or more features; assigning, based at least on the one or more features, the icon to one of a plurality of clusters; and generating, based at least on the cluster to which the icon is assigned, a classification for the file associated with the icon. Related methods and articles of manufacture, including computer program products, are also provided.
    Type: Grant
    Filed: November 21, 2016
    Date of Patent: July 16, 2019
    Assignee: Cylance Inc.
    Inventors: Matthew Wolff, Pedro Silva do Nascimento Neto, Xuan Zhao, John Brock, Jian Luan
  • Patent number: 10341311
    Abstract: The present disclosure pertains to systems and methods for selectively encrypting data flows within a software defined network (SDN). In one embodiment, a communication device may be configured to receive a plurality of unencrypted data packets. The communication device may receive from an SDN controller a criterion used to identify at least one of the unencrypted data flows to be encrypted. Based on the criterion, an encryption subsystem may generate an encrypted data flow the unencrypted data packets based on an encryption key. In some embodiments, the encryption system may parse the packets and encrypt the data payloads without encrypting the routing information associated with the packet. In other embodiments, the encryption subsystem may be configured to encapsulate and encrypt the entire unencrypted data packet. In some embodiments, the encryption subsystem may further be configured to authenticate a sending device and/or to verify the integrity of a message.
    Type: Grant
    Filed: July 20, 2015
    Date of Patent: July 2, 2019
    Assignee: Schweitzer Engineering Laboratories, Inc.
    Inventors: Rhett Smith, Barry Jakob Grussling
  • Patent number: 10341384
    Abstract: A network function virtualization security and trust system includes a network device that operates as a virtualized network device with virtualized services provided on the network device by network nodes included in the system. Security and trust within the system can include hardware authentication of the network nodes and the network device to obtain a level of security of the hardware provisioning the operation of the virtualized services. Security and trust can also include authentication of the services being used on the virtualized network device. Services authentication can be based on monitoring and analysis of the cooperative operation of the services in the virtualized network device. The virtualized services can be dynamically changed, added or stopped. Hardware authentication and dynamic services authentication in accordance with changes in the virtualized services can dynamically maintain a level of security across the devices and the virtualized services.
    Type: Grant
    Filed: August 4, 2015
    Date of Patent: July 2, 2019
    Assignee: Avago Technologies International Sales Pte. Limited
    Inventors: Nicholas Ilyadis, Xuemin Chen, Philippe Klein, Ariel Hendel, Kumaran David Siva
  • Patent number: 10334434
    Abstract: Systems and techniques are described for authenticating a user. A described technique includes receiving, by an identity management application running on a user computer, a request to authenticate a user to access a user application using the user computer. The technique includes determining, by the identity management application, that a mobile device associated with the user is connected to the user computer using a short distance wireless connection. The technique includes requesting, by the identity management application running on the user computer, authentication information for the user from the mobile device over the short distance wireless connection. The technique includes receiving, by the identity management application running on the user computer, the authentication information for the user from the mobile device over the short distance wireless connection.
    Type: Grant
    Filed: September 8, 2016
    Date of Patent: June 25, 2019
    Assignee: VMware, Inc.
    Inventors: Abhishek Soni, Lakshman Rao Abburi
  • Patent number: 10326789
    Abstract: Web Bot detection methods and systems are provided that receive a request, in connection with a network session. The methods and systems determine whether the request is associated with potential Bot activity, and based thereon assign a Bot confidence designation. The Bot confidence designation indicates a likelihood that the request represents an agent-based request. The methods and systems analyze a session trait of the network session relative to predetermined session traits indicative of human-based requests, and assign a human confidence designation based on the analysis. The human confidence designation indicates a likelihood that the request represents a human-based request. The request is then classified to represent an agent-based request or human-based request based on the Bot and human confidence designations.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: June 18, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Forrest MacKenzie Vines, Sevag Demirjian, Nathan David Scott, Jui Te Tseng
  • Patent number: 10313332
    Abstract: A method of performing one-time password (OTP) authentication using a color code is provided. The method includes generating, by an OTP terminal and an authentication server, an OTP using a reference time, generating, by the OTP terminal, a color code corresponding to a binary code representing the OTP, displaying, by a display device, the color code, obtaining, by a camera, the displayed color code, decoding, by the authentication server, the obtained color code into the color code and generating a password which refers to the decoded binary code, and performing, by the authentication server, authentication by comparing the generated OTP and the password.
    Type: Grant
    Filed: August 30, 2016
    Date of Patent: June 4, 2019
    Assignee: Research & Business Foundation Sungkyunkwan University
    Inventors: Kwang-Seok Hong, Sang Min Park
  • Patent number: 10311254
    Abstract: An electronic apparatus and an information access control method thereof are provided. The information access control method includes receiving a user input for a first application on a touch screen, and limiting execution of at least some of remaining applications except for the first application of the electronic apparatus when the user input is a preset first information access control mode input.
    Type: Grant
    Filed: January 19, 2016
    Date of Patent: June 4, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: A. K. M. Fazla Mehrab, Kazy Fayeen Shariar, Sadik Noman
  • Patent number: 10152596
    Abstract: Runtime verification of software execution events against a behavioral model. For each event, it is verified whether there is a short range correlation of a sequence of the event and preceding event(s) with the behavioral model, and whether there is a long range correlation of a group of the sequences and of an arrangement of groups of the sequences with the behavioral model. After verifying each long range correlation, the arrangement of groups in the behavioral model event is substituted with an intersection of an arrangement of groups of the sequences with an arrangement of groups of the sequences in the behavioral model. If an event is not covered by a short range correlation or a long range correlation of a group or a long range correlation of an arrangement of groups, the event is indicated as anomalous.
    Type: Grant
    Filed: January 19, 2016
    Date of Patent: December 11, 2018
    Assignee: International Business Machines Corporation
    Inventor: Olgierd S. Pieczul
  • Patent number: 10146931
    Abstract: A computer system includes a management computer for automatically changing a password used to authenticate a user to a service application. A user device includes a password vault managed by a password management application. The management computer monitors for an event signifying that the password is to be changed, e.g., a predetermined number of uses, etc. A new password is assigned, and a first message is generated and sent to the service application including the new password and an indication that it is to be used for subsequent user authentication. A second message is also generated and sent to the password management application, also including the new password and an indication that it replaces a current password in the vault for user authentication. The new password is automatically used by both the service application and the user device during subsequent authentications until expiration.
    Type: Grant
    Filed: March 13, 2015
    Date of Patent: December 4, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Boris Kronrod, Lawrence N. Friedman
  • Patent number: 10148673
    Abstract: Techniques of operating intrusion detection systems provide a recommendation of an intrusion detection rule to an administrator of an intrusion detection system based on the experience of another administrator that has used the rule in another intrusion detection system. For example, suppose that electronic circuitry receives a numerical rating from a first intrusion detection system that indicates whether an intrusion detection rule was effective in identifying malicious activity when used in the first intrusion detection system. Based on the received rating and attributes of the first intrusion detection system, the electronic circuitry generates a predicted numerical rating that indicates whether the intrusion detection rule is likely to be effective in identifying malicious communications when used in a second intrusion detection system.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: December 4, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Zohar Duchin, Alon Kaufman, Oleg Freylafert, Lior Asher, Alex Zaslavsky
  • Patent number: 10146950
    Abstract: Systems herein allow a content manager to share portions of a document with different groups of users. The system can parse the document into screen shots of each page along with an information bundle that describes how to format content on each page. When a user accesses a document, the system can send the user a permitted portion rather than the entire document. The permitted portion can include one or more screen bundle. The user device can execute an application that reads the information bundle and formats content for display on the user device.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: December 4, 2018
    Assignee: AIRWATCH LLC
    Inventors: Arjun Kochhar, Lakshmikanth Raju, Manjunath Bhat, Marcos Mendez
  • Patent number: 10121015
    Abstract: A method to provide negotiation control to data such that a person or entity can negotiate the use of data gathered beyond what is needed for a particular use by a third party transaction.
    Type: Grant
    Filed: February 23, 2015
    Date of Patent: November 6, 2018
    Assignee: LENS VENTURES, LLC
    Inventors: Tara Lemmey, Stanislav Vonog
  • Patent number: 10104123
    Abstract: A mobile device fetches a policy definition library from a policy server responsive to occurrence of a defined event associated with an application package. The policy definition library contains policies defining resources of the mobile device that the application package is permitted to access. The mobile device executes the wrapped application package containing application executable code and application wrapper executable code that is called by each execution of an agnostic wrapper function residing at each of a plurality of locations in the application executable code. Responsive to execution of the agnostic wrapper function at any of the plurality of locations in the application executable code, the mobile device executes the application wrapper executable code to control whether access by the application executable code is granted to resources of the mobile device based on the policies contained in the policy definition library.
    Type: Grant
    Filed: September 23, 2015
    Date of Patent: October 16, 2018
    Assignee: CA, INC.
    Inventors: Madhusudhan Ganda, Vikrant Nandakumar, Vardhineedi Satyanarayana Murthy, Hemanth Kumar Pinninti
  • Patent number: 10084597
    Abstract: A cryptographically-enabled RFID tag stores a primary secret key and derives secondary keys from the primary key. A secondary key may be derived by combining the primary key with one or more other parameters using one or more algorithms. The tag uses a derived secondary key to encrypt or electronically sign a tag response sent to a verifying entity. The verifying entity does not know the derived secondary key, but knows the tag primary key and the parameters and algorithms used to derive the secondary key and can derive all of the potential secondary keys. The verifying entity can then attempt to authenticate the tag or tag response by trying potential secondary keys.
    Type: Grant
    Filed: January 12, 2018
    Date of Patent: September 25, 2018
    Assignee: Impinj, Inc.
    Inventors: Matthew Robshaw, Alberto Pesavento, Christopher Diorio
  • Patent number: 10084751
    Abstract: A method for balancing load among firewall security devices (FSDs) is provided. According to one embodiment, a switching device performs adaptive load balancing among cluster units of an HA cluster of firewall security devices. A load balancing (LB) function implemented by the switching device is configured based on information received from a network administrator. A LB table is maintained that forms associations between hash values output by the LB function and corresponding ports of the switching device to which the cluster units are coupled. Network traffic received by the switching device is directed to appropriate cluster units based on the LB function and the LB table. A traffic load on each of the cluster units is monitored. Responsive to a deviation from a predefined ideal traffic distribution, an attempt is made to improve performance of the HA cluster by dynamically adjusting the LB balancing table to address the deviation.
    Type: Grant
    Filed: November 19, 2017
    Date of Patent: September 25, 2018
    Assignee: Fortinet, Inc.
    Inventors: Edward Lopez, Joe Mihelich, Matthew F. Hepburn
  • Patent number: 10025932
    Abstract: A portable security device for a computing system includes a housing, an interface at least partially disposed within the housing, a trusted platform module within the housing that is coupled to the interface, and a controller within the housing that is coupled to the trusted platform module and the interface. The interface is configured to engage a plurality of different devices and provide communication between the portable security device and an individual device when engaged with the individual device. In some examples, the trusted platform module can receive power from the individual device via the interface when the portable security device is engaged with the individual device. The controller includes logic to detect when the portable security device is coupled to the individual device via the interface.
    Type: Grant
    Filed: January 30, 2015
    Date of Patent: July 17, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Ronald Aigner
  • Patent number: 10003592
    Abstract: A user authentication system enables control of access to historian data through a historian application. The user authentication system creates a user authentication directory for storing user authentication information. The system populates the directory with user authentication information. The system links the directory to a historian application and receives credential data from a user. The system grants access to the historian application when it determines that the credential data from the user matches a portion of the user authentication information on the directory.
    Type: Grant
    Filed: March 5, 2015
    Date of Patent: June 19, 2018
    Assignee: Schneider Electric Software, LLC
    Inventors: Ravi Kumar Herunde Prakash, Sudhir Gonugunta, John Madden, Elliot Middleton, Olivier Vaillancourt, Vinay T. Kamath
  • Patent number: 9992024
    Abstract: According to an aspect of an embodiment, a method of establishing a chain of trust into a virtual machine on a hardware system is described. The method may include measuring an immutable portion of a virtual machine image configured to instantiate as the virtual machine to generate a trust anchor measurement. The method may also include storing the trust anchor measurement in a sealed memory.
    Type: Grant
    Filed: January 25, 2012
    Date of Patent: June 5, 2018
    Inventors: Zhexuan Song, Maarten H. Wiggers, Ryusuke Masuoka