Patents Examined by James Turchen
  • Patent number: 10116663
    Abstract: Techniques to provide secure access to a cloud-based service are disclosed. In various embodiments, a request is received from a client app on a device to connect to a security proxy associated with the cloud-based service. A secure tunnel connection between the device and a node with which the security proxy is associated is used to establish the requested connection to the security proxy. Information associated with the secure tunnel is used to determine that the requesting client app is authorized to access the cloud-based service from the device and to obtain from an identity provider associated with the cloud-based service a security token to be used by the client app to authenticate to the cloud-based service.
    Type: Grant
    Filed: April 25, 2018
    Date of Patent: October 30, 2018
    Assignee: MOBILE IRON, INC.
    Inventors: Kumara Das Karunakaran, Vijay Pawar, Jian Liu
  • Patent number: 10038705
    Abstract: A method and information handling system (IHS) for identifying communication threats in an IHS. The method includes triggering a board management controller (BMC) to transmit a plurality of memory addresses identifying where a plurality of network packets received by the IHS are stored. A field programmable gate array (FPGA) within a processor receives the memory addresses of the network packets and retrieves the network packets. The network packets are analyzed by comparing at least one threat signature that is associated with undesired network behavior with the contents of the network packets. In response to the at least one threat signature matching the contents of at least one of the network packets, an intrusion alert is transmitted to the BMC.
    Type: Grant
    Filed: October 12, 2015
    Date of Patent: July 31, 2018
    Assignee: Dell Products, L.P.
    Inventors: Elie Antoun Jreij, Chitrak Gupta, Wade Andrew Butcher, Sushma Basavarajaiah, Rama Rao Bisa
  • Patent number: 10003600
    Abstract: Techniques to provide secure access to a cloud-based service are disclosed. In various embodiments, a request is received from a client app on a device to connect to a security proxy associated with the cloud-based service. A secure tunnel connection between the device and a node with which the security proxy is associated is used to establish the requested connection to the security proxy. Information associated with the secure tunnel is used to determine that the requesting client app is authorized to access the cloud-based service from the device and to obtain from an identity provider associated with the cloud-based service a security token to be used by the client app to authenticate to the cloud-based service.
    Type: Grant
    Filed: January 26, 2016
    Date of Patent: June 19, 2018
    Assignee: MOBILE IRON, INC.
    Inventors: Kumara Das Karunakaran, Vijay Pawar, Jian Liu
  • Patent number: 9996693
    Abstract: Automated malware signature generation is disclosed. Automated malware signature generation includes monitoring incoming unknown files for the presence of malware and analyzing the incoming unknown files based on both a plurality of classifiers of file behavior and a plurality of classifiers of file content. An incoming file is classified as having a particular malware classification based on the analyzing of incoming unknown files and a malware signature is generated for the incoming unknown file based on the particular malware classification. Access is provided to the malware signature.
    Type: Grant
    Filed: June 1, 2012
    Date of Patent: June 12, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ning Sun, Patrick Winkler, Chengyun Chu, Hong Jia, Jason Geffner, Tony Lee, Jigar Mody, Frank Swiderski
  • Patent number: 9998456
    Abstract: Disclosed are a system and a method for one-time password (OTP)-based authentication. The system for OTP-based authentication includes a transceiver module configured to receive an authentication request from a client and transmit a result of the authentication according to the authentication request to the client, an authentication accumulation management module configured to provide statistical information about authentication success of the client for each time interval within a predetermined effective range of time, an OTP generation module configured to generate a server-side OTP using previously stored authentication information and time information that is acquired from the statistical information about authentication success, and an authentication module configured to authenticate the client by comparing a client-side OTP included in the authentication request with the server-side OTP.
    Type: Grant
    Filed: October 13, 2015
    Date of Patent: June 12, 2018
    Assignee: SAMSUNG SDS CO., LTD.
    Inventors: Hyun-Woo Noh, Sung-Duck Kim, Hak-Hyun Nam, Geun-Young Choi
  • Patent number: 9967265
    Abstract: Techniques of detecting malicious events involve generating a relational graph of event data describing events that occur within a specified, limited time window. Along these lines, a malicious event detection computer receives event data describing interactions between entities such as users, devices, and network domains from various servers that occur within a specified time window. In response, the malicious event detection computer generates a relational graph that has graph structures (e.g., nodes and edges) representing these interactions. Analysis of patterns within the resulting relational graph indicates whether there is a malicious event occurring.
    Type: Grant
    Filed: September 29, 2015
    Date of Patent: May 8, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Oded Peer, Oleg Freylafert, Anton Khitrenovich, Yana Vaisman
  • Patent number: 9923914
    Abstract: Technology for improving and monitoring data communication security is presented herein. The technology monitors a plurality of sources of risky activities, crawls on computer networks to scan the risky activities, visualizes the risky activities, and detects and prevents risky activities.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: March 20, 2018
    Assignee: NORSE NETWORKS, INC.
    Inventor: Tommy Stiansen
  • Patent number: 9910996
    Abstract: Mass storage devices and methods for securely storing data are disclosed. The mass storage device includes a communication interface for communicating with a connected host computer, a mass-memory storage component for storing data, a secure key storage component adapted to securely store at least one master secret, and an encryption-decryption component different from the secure key storage component and connected to the secure key storage component and the mass-memory storage component. The encryption-decryption component may be adapted to encrypt data received from the host computer using an encryption algorithm and at least one encryption key and to write the encrypted data into the mass-memory storage component.
    Type: Grant
    Filed: June 16, 2011
    Date of Patent: March 6, 2018
    Assignee: Vasco Data Security, Inc.
    Inventor: Harm Braams
  • Patent number: 9900303
    Abstract: Carrier-side security services for fielded devices is disclosed. In contrast to conventional authentication systems for fielded devices, wherein an end-to-end communications pathway is typically established for authentication of a fielded device by a back-end service provider, authentication and security services can be moved into devices associated with a carrier network. A device associated with the carrier network can authenticate field components to service components without first establishing a communications pathway to a back-end service provider. Further, the device can provide for secured communications with an authenticated field component and are not readable by carrier devices. In an aspect, this can allow for centralization of security elements from the periphery of back-end service providers into a device associated with the carrier network. In a further aspect, the device can host a security services platform for back-end service providers.
    Type: Grant
    Filed: February 9, 2017
    Date of Patent: February 20, 2018
    Assignee: AT&T Mobility II LLC
    Inventor: Arturo Maria
  • Patent number: 9876811
    Abstract: A response to a cyber attack on a carrier network is provided. The response can be based on inspection of traffic flowing through a carrier network. The response can automatically adapt the traffic flow in response to a perceived threat. Traffic can be adapted by dynamically updating permission variables related to allowing access for user equipment (UE) to a carrier network, withdrawing or denying access to the carrier network for selected UEs. In other embodiments, signaling can be initiated at the carrier network to cause selected UEs to disable transmission of traffic contributing to the traffic flow. Determining a cyber attack condition can be based on predetermined rules associated with the traffic flow. Further, the determination can be performed at a front end of the carrier network to limit exposure of the carrier network to a detected cyber attack.
    Type: Grant
    Filed: May 11, 2016
    Date of Patent: January 23, 2018
    Assignee: AT&T MOBILITY II LLC
    Inventor: Arturo Maria
  • Patent number: 9875351
    Abstract: Methods, apparatuses, and computer program products are herein provided for hiding access to information in an image. A method may include receiving user input indicating a desire of a user to magnify a region within an image to a level of magnification. The method may further include causing the region to be magnified to the level of magnification. The method may further include determining whether the region is associated with at least one of an application or information and determining whether the level of magnification satisfies a level of magnification threshold. The method may further include causing the at least one application to be launched or information to be opened in an instance in which the region is associated with the at least one of an application or information and the level of magnification satisfies the level of magnification threshold. Corresponding apparatuses and computer program products are also provided.
    Type: Grant
    Filed: July 16, 2013
    Date of Patent: January 23, 2018
    Assignee: Nokia Technologies Oy
    Inventor: Jianming Lin
  • Patent number: 9871801
    Abstract: A computing system record security architecture comprises, in one example, a record generation component configured to generate a record in a computing system, the record identifying a set of users associated with the record, and having an owner property that identifies a first user as an owner of the record, a co-owner assignment component configured to receive a co-owner assignment request, from the first user, to assign a second user to the record as a co-owner, and a record security component configured to receive a record modification request, from the second user, that requests a modification to the record, and to propagate the record modification request to the set of users with a unique identifier that identifies the first user.
    Type: Grant
    Filed: September 10, 2015
    Date of Patent: January 16, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jaskaran Singh, Szymon Madejczyk, Sina Hakami
  • Patent number: 9830444
    Abstract: A device to process information is provided. According to an embodiment, a display unit is configured to display computer-generated objects. A processor is configured to receive selection input effective to select a particular computer-generated object from amongst the computer-generated objects. Manipulation input corresponding to detected motions is received. The particular computer-generated object is moved and rotated in its entirety in response to the manipulation input and in accordance with the detected motions. Each of the detected motions has a corresponding time period. A password is generated using the detected motions and the time periods. A user is authenticated by use of the generated password and an identified unrevealed authentication. The authentication of the user includes an indication of an authentication failure when the detected motions are different from an expected input and any of the corresponding time periods are outside of an allowable time range.
    Type: Grant
    Filed: July 30, 2016
    Date of Patent: November 28, 2017
    Assignee: BIZMODELINE CO., LTD.
    Inventors: Jae-Hyung Kim, Jong-Cheol Hong, Hong-Geun Kim, Bong-Ki Kwon
  • Patent number: 9817992
    Abstract: A user equipment (UE). The UE comprises a memory module, wherein the memory module is one of a subscriber identity module (SIM), a universal integrated circuit card (UICC), a universal subscriber identity module (USIM), or a removable user identity module (R-UIM), wherein clock signals from a second clock component are input to the memory module. The memory module comprises an application stored in a trusted security zone in the second non-transitory memory, that when executed by the second processor in the trusted security zone, wherein the second operating system accesses the second processor to implement instructions for applications in the second operating system, wherein the trusted security zone provides hardware assisted trust, compares a first mobile equipment identifier (MEID) stored in the first non-transitory memory with a second MEID stored in the memory module.
    Type: Grant
    Filed: November 20, 2015
    Date of Patent: November 14, 2017
    Assignee: Sprint Communications Company LP.
    Inventors: Lyle W. Paczkowski, Robert L. Spanel, Robert E. Urbanek
  • Patent number: 9813904
    Abstract: A system includes a sensor to determine a user is proximate to the system and a logon module to receive information from the sensor that a user is proximate to the system, receive logon information from the user and identification information associated with the user, authenticate the user to use the system based on the logon information, store the identification information, receive second information from the sensor that the user is not proximate to the system, suspend an operating system session, receive information from the sensor that the user is again proximate to the system, receive second identification information associated with the user, determine that the first and second identification information matches, and resume the OS session in response to determining that the first and second identification information matches.
    Type: Grant
    Filed: August 30, 2013
    Date of Patent: November 7, 2017
    Assignee: Dell Products, LP
    Inventors: Richard J. Cardone, Muhammad Yousaf
  • Patent number: 9800606
    Abstract: A computer-implemented method for evaluating network security may include (1) receiving, by a security server, a request to report a network risk score for an organization based on telemetry data describing file downloads at computers managed by the organization over a specified period of time, (2) identifying the telemetry data describing file downloads at the computers managed by the organization over the specified period of time, (3) searching the telemetry data to match file downloads over the specified period of time to at least one file that was previously categorized, prior to the request, as a hacking tool, (4) calculating the network risk score based on the telemetry data, and (5) reporting, automatically by the security server in response to the request, the calculated network risk score. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: November 25, 2015
    Date of Patent: October 24, 2017
    Assignee: Symantec Corporation
    Inventor: Leylya Yumer
  • Patent number: 9787642
    Abstract: Flux domain is generally an active threat vector, and flux domain behaviors are continually changing in an attempt to evade existing detection measures. Accordingly, new and improved techniques are disclosed for flux domain detection. In some embodiments, an online platform implementing an analytics framework for DNS security is provided for facilitating flux domain detection. For example, the online platform can implement an analytics framework for DNS security based on passive DNS traffic analysis, disclosed herein with respect to various embodiments.
    Type: Grant
    Filed: April 29, 2016
    Date of Patent: October 10, 2017
    Assignee: Infoblox Inc.
    Inventors: Bin Yu, Les Smith, Mark Threefoot
  • Patent number: 9785765
    Abstract: Differential access to data for a user of a processor-based system is disclosed wherein the user may select one secret from among a plurality of secrets that allows and/or enables access to potentially different sets of data, different resources for accessing the data and/or different tasks for the user to interact with the system. The selection of any particular secret may arise as to the user's feeling as to how secure the environment is for accessing the data. For example, if the user is in a very secure environment, the user may select a secret that allows substantially broad access to data, resources and tasks. If the environment is not secure, or if the user is under duress, the user may select a secret that provides limited access, or a decoy set of data and/or may provide the user with access to defensive measures to protect the data.
    Type: Grant
    Filed: November 13, 2014
    Date of Patent: October 10, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Naga Rohit Samineni
  • Patent number: 9781132
    Abstract: As provided herein, a user of a client device may navigate to a webpage using a browser. A browser window, populated with a verification image and/or details about the webpage, is generated and presented to the user. The verification image and/or details about the webpage differentiate a browser window generated by the browser, from the webpage, from a browser window generated by a malicious user. The browser window comprises a login box into which credentials for logging into the user account may be entered. Responsive to the user entering correct credentials into the login box and selecting a submit option based upon recognition of the verification image, the browser window may be submitted to a server and the user may be presented with a window comprising access to the user account.
    Type: Grant
    Filed: October 13, 2015
    Date of Patent: October 3, 2017
    Assignee: Yahoo Holdings, Inc.
    Inventor: Binu Ramakrishnan
  • Patent number: 9779236
    Abstract: One or more techniques and/or systems are provided for risk assessment. Historical authentication data and/or compromised user account data may be evaluated to identify a set of authentication context properties associated with user authentication sessions and/or a set of malicious account context properties associated with compromised user accounts (e.g., properties indicative of whether a user recently visited a malicious site, created a fake social network profile, logged in from unknown locations, etc.). The set of authentication context properties and/or the set of malicious account context properties may be annotated to create an annotated context property training set that may be used to train a risk assessment machine learning model to generate a risk assessment model. The risk assessment model may be used to evaluate user context properties of a user account event to generate a risk analysis metric indicative of a likelihood the user account event is malicious or safe.
    Type: Grant
    Filed: June 21, 2016
    Date of Patent: October 3, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Luke Abrams, David J. Steeves, Robert Alexander Sim, Pui-Yin Winfred Wong, Harry Simon Katz, Aaron Small, Dana Scott Kaufman, Adrian Kreuziger, Mark A. Nikiel, Laurentiu Bogdan Cristofor, Alexa Lynn Keizur, Collin Tibbetts, Charles Hayden