Patents Examined by Joseph P. Hirl
  • Patent number: 10382434
    Abstract: To make a trusted web service call, a client application sends a series of messages to obtain tokens that allow service requests to pass through a service relay. The user obtains a first security token by providing the user's credentials. A second token is obtained from a trust broker that validates the first token. Both tokens are then sent with a service request to a service relay. The service relay validates the second token and then passes the first token and the service request to a connector service. The connector service validates the first token and passes the service request to a target back end service. The connector service acts as the user when communicating with the back end service. Service responses are routed back to the user through the connector service and the service relay.
    Type: Grant
    Filed: October 5, 2017
    Date of Patent: August 13, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Kyle Stapley Young, Robert Aron Drollinger, Robert O'Brien, David J. Runde, Jagruti Dushyant Pandya, Georges El Khoury
  • Patent number: 10382417
    Abstract: This application discloses a supply chain security technique that enrolls an integrated circuit with a security server and subsequently utilizes the enrollment to authenticate the integrated circuit. The integrated circuit can include security circuitry to enroll the integrated circuit with the security server by generating an enrollment message—including a fingerprint code having an encoded version of a private value generated by the security circuitry—for transmission to the security server. The security circuitry can authenticate the integrated circuit by replying to a request to verify authentication of the integrated circuit from the security server. The response can confirm to the security server that the integrated circuit includes the private value, which can authenticate the integrated circuit.
    Type: Grant
    Filed: September 11, 2015
    Date of Patent: August 13, 2019
    Assignee: Mentor Graphics Corporation
    Inventors: Michael Chen, Mario Larouche, Joseph P. Skudlarek
  • Patent number: 10379778
    Abstract: A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method begins by identifying, for data stored within a DSN memory, one or more encryption keys used to encrypt data stored within the DSN memory. The method continues by identifying, for data stored within a portion of the DSN memory requiring sanitization, a master key of the one or more encryption keys that encrypts all of the data stored within the portion to be sanitized. The method continues by determining, if the master key is not used to encrypt data stored outside of the portion to be sanitized. The method continues, if the master key is not used to encrypt data stored outside of the portion to be sanitized, by sanitizing the data stored within a portion of the DSN memory by erasing the master key.
    Type: Grant
    Filed: August 18, 2016
    Date of Patent: August 13, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Alan M. Frazier, Scott M. Horan, Shibhani Rai, Jason K. Resch, Mark D. Seaborn
  • Patent number: 10382464
    Abstract: According to one embodiment, a method in a computing device for responding to a determination that a verification with a user is desired responsive to detection of activity indicative of a possible insider threat is described. The method includes selecting a target role and a target user for the verification based on an activity context and an enterprise context repository, the selecting including selecting the target role from a plurality of target roles based on the activity context and optionally the enterprise context repository and selecting a target user in the selected target role based on the enterprise context repository. The method further includes causing a verification request to be sent to the selected target user; and generating an alert when a verification result indicates that the activity is indicative of the possible insider threat.
    Type: Grant
    Filed: December 29, 2016
    Date of Patent: August 13, 2019
    Assignee: Imperva, Inc.
    Inventors: Amichai Shulman, Sagie Dulce
  • Patent number: 10380343
    Abstract: A system and method for performing runtime de-obfuscation of obfuscated malicious software code in a virtual machine is described. According to one embodiment, the method involves enumerating a first physical page associated with a first virtual address space of a first piece of analyzed software code. Herein, the first virtual address space is a portion of a virtual address space associated with the virtual machine. Thereafter, the first physical page is set a non-writable permission. Hence, upon detection of a write to the first physical page by the first piece of analyzed software code, a determination can be made that the first piece of analyzed software code may be categorized as malicious software code.
    Type: Grant
    Filed: October 3, 2016
    Date of Patent: August 13, 2019
    Assignee: FireEye, Inc.
    Inventors: Robert Jung, Antony Saba
  • Patent number: 10375050
    Abstract: Systems and methods are provided for authenticating image files when network connections should not or cannot be used to transfer image files. A user device application may capture an image at a user device, generate an image file, and generate a hash file based on the image file. Instead of sending the image file to an authentication server for authentication, the application may send the hash file. If desired, the application may transfer the image file when a desirable network connection is available. Any alteration to the image file in the meantime will result in a different hash file for the altered image file, thus allowing detection of altered image files. This approach offers decreases the amount of data that is required to be transmitted in low or undesirable signal conditions, while maintaining an ability to detect alterations to image files that may have been made in the meantime.
    Type: Grant
    Filed: October 10, 2017
    Date of Patent: August 6, 2019
    Assignee: TruePic Inc.
    Inventors: Jason Lyons, Craig Stack, Francis Lyons, Jeffrey McGregor
  • Patent number: 10372909
    Abstract: Example implementations relate to determination as to whether a process is infected with malware. For example, in an implementation, information of a process extracted from a snapshot of system memory is obtained. A determination as to whether the process is infected with malware is made based on a process model.
    Type: Grant
    Filed: August 19, 2016
    Date of Patent: August 6, 2019
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Michael John Wray, Nigel Edwards
  • Patent number: 10372916
    Abstract: Systems and/or methods for deploying and implementing data loss prevention (DLP) policy definition that may encapsulate the requirements, control objectives and directives, and/or the definitions of sensitive data types as stipulated directly or indirectly by the regulatory policy are disclosed. In one embodiment, DLP policies may be identified by an organization to run on top of a set of electronic file systems (e.g., email systems, file systems, web servers and the like). Organizations and their administrators may implement a set of DLP policy instance which are derived from DLP policy templates. DLP policy templates may comprise both structure and meaning—and may acquire a given DLP policy by the replacement of parameterized expressions with desired parameter values. In another embodiment, the state of the DLP policy instance may change according to the lifecycle of the policy instance deployment.
    Type: Grant
    Filed: March 9, 2016
    Date of Patent: August 6, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Lynn Ayres, Jack Kabat, Raja Charu Vikram Kakumani, Mashuri Libman, Benjamin Stull, Anatoly Koretsky, Andrey Shur, Joseph Schulman
  • Patent number: 10372913
    Abstract: A mismatch between model-based classifications produced by a first version of a machine learning threat discernment model and a second version of a machine learning threat discernment model for a file is detected. The mismatch is analyzed to determine appropriate handling for the file, and taking an action based on the analyzing. The analyzing includes comparing a human-generated classification status for a file, a first model version status that reflects classification by the first version of the machine learning threat discernment model, and a second model version status that reflects classification by the second version of the machine learning threat discernment model. The analyzing can also include allowing the human-generated classification status to dominate when it is available.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: August 6, 2019
    Assignee: Cylance Inc.
    Inventors: Kristopher William Harms, Renee Song, Raj Rajamani, Braden Rusell, Yoojin Sohn, Kiefer Ipsen
  • Patent number: 10372921
    Abstract: Approaches presented herein enable dynamic security policies through a plurality of application profiles. More specifically, a mobile device can open a profile of a plurality of profiles, each associated with an unlock credential and a security scope, in response to an unlock credential associated with that profile. All these profiles can be opened in a single user session and can be swapped within the session in response to an unlock credential corresponding to the desired profile. When the mobile device receives a request to open a digital item, the digital item is compared to a security scope of the opened profile to determine whether access to the digital item is permitted, and, in response to the determination, access to the digital item is permitted or denied. A list of digital items permitted to be accessed in each profile can be synchronized to a list received from a mobile device manager.
    Type: Grant
    Filed: March 15, 2017
    Date of Patent: August 6, 2019
    Assignee: International Business Machines Corporation
    Inventors: Sergio Jose Deras Arreola, Alejandra Sarahi Galindo Copado, Victor Adrian Sosa Herrera
  • Patent number: 10372932
    Abstract: In various embodiments, methods, devices and systems for securely generating, sealing, and restoring factory-generated calibration and provisioning data for an electronic device are described, in which calibration and provisioning data for an electronic device are generated in a distributed manner and stored on a storage system. The calibration data can be retrieved from the storage system during device assembly and finalized calibration and provisioning data for each electronic device can be stored to the storage system. In one embodiment, a sealing server, to attest to the authenticity of the factory generated data, seals the finalized calibration data. In one embodiment, an electronic device can access a data store containing the factory-generated data and can update or restore calibration or provisioning data for the device from the data store.
    Type: Grant
    Filed: January 6, 2017
    Date of Patent: August 6, 2019
    Assignee: Apple Inc.
    Inventors: Thomas P. Mensch, Jason D. Gosnell, Jerrold V. Hauck, Muralidhar S. Vempaty, Dallas B. De Atley
  • Patent number: 10375082
    Abstract: Provided herein are embodiments directed to facilitating an authentication process before allowing an action. An example apparatus may be configured to receive a request, via an authentication session established during a log-in process, to cause the action, send alert to a first device associated with an account associated with the requested action, cause the first device to communicate, via the short range wireless communication protocol, with a second device to verify a proximity, receive verification of the proximity, receive a first identifying data originating in a browser having been used to start the authentication session, receive a second identifying data string originating from a trusted agent, configured as software or hardware, residing on the second device, and upon confirmation of a match of the first identifying data string and the second identifying data string, authorize the action.
    Type: Grant
    Filed: August 22, 2016
    Date of Patent: August 6, 2019
    Assignee: AVERON US, INC.
    Inventors: Wendell Brown, Edward Mehr
  • Patent number: 10372949
    Abstract: A control device includes a prohibition unit that prohibits use of an electronic apparatus in a case where a sum of a cumulative amount of use of the electronic apparatus for a predetermined period of time and a new amount of use which is newly instructed by an user exceeds a permitted amount in the period of time which is permitted for the user, and a permission unit that permits use of the electronic apparatus by an amount based on an unused amount which is a difference between the permitted amount and the cumulative amount of use in an unreaching period when the unreaching period is present before the period of time in an accounting period including the period of time, in a case where the use of the electronic apparatus is prohibited by the prohibition unit.
    Type: Grant
    Filed: August 22, 2016
    Date of Patent: August 6, 2019
    Assignee: FUJI XEROX CO., LTD.
    Inventors: Satoshi Watanabe, Yusaku Kurihara, Tsubasa Kitai, Noriaki Tanaka
  • Patent number: 10374809
    Abstract: A server obtains response data for an asynchronous response to a request from a client. The server generates, in response to obtaining the response data, a digital signature for the response data. The server makes available the response data, the digital signature, and location information that indicates a location from which a digital certificate usable to verify the digital signature can be obtained.
    Type: Grant
    Filed: December 13, 2016
    Date of Patent: August 6, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Arjun Dasarakothapalli, Morgan Akers, David Alan Blunt, Darin Keith McAdams
  • Patent number: 10375027
    Abstract: An apparatus, method, system and computer-readable medium are provided for provisioning a user equipment device (UED). The UED may be configured to receive a generic configuration and (dynamically) derive settings specific to the UED that would otherwise have been received in the configuration. The UED may execute one or more applications to derive the settings specific to the UED. A first application may enable the UED to dynamically learn a fully qualified domain name (FQDN) and IP address of a node. A second application may enable the UED to generate authentication credentials for the UED. A third application may enable the UED to determine a port or ports that arc authorized for service and a port or ports that are not authorized for service. A fourth application may enable the UED to determine a number associated with the UED.
    Type: Grant
    Filed: October 20, 2016
    Date of Patent: August 6, 2019
    Assignee: Comcast Cable Communications, LLC
    Inventors: Carl Klatsky, Chris Wendt, Manoj Chaudhari, Christopher Zarcone
  • Patent number: 10366251
    Abstract: Systems and method for alerting a user device based on a proposed anonymization of a contribution to a conversation thread via one or several location-based anonymization rules are disclosed herein. The system can include a user device that can have location-determining features that can determine a physical location of the user device; a network interface that can exchange data with a server via a communication network; and an I/O subsystem that can convert electrical signals to user-interpretable outputs in a user interface. The system can include a server that can: receive a contribution from the user device; determine an anonymization level for applying to the contribution; identify a potential identifier in the content of the contribution; anonymize the potential identifier according to the determined anonymization level; and generate and provide an alert to the user device.
    Type: Grant
    Filed: August 29, 2018
    Date of Patent: July 30, 2019
    Assignee: Pearson Education, Inc.
    Inventors: Sean A. York, Scott A. Hellman, James Wyatt, Marko Rodriguez, Steven H. Hill
  • Patent number: 10367822
    Abstract: Access to a module element within a first module by a second module is prohibited if the module element within the first module has not been exposed to the second module. If a particular module element within a first module has been exposed to a second module, then access to the particular module element by the second module may or may not be allowed depending on: (a) whether the particular module element has been declared with a public or non-public access modifier, (b) whether a second exposed module element, which includes the particular module element, has been declared with a public or non-public access modifier, (c) a level of access associated with the operation that attempts to access the particular module element of the first module, and/or (d) whether an accessibility override configuration is set for accessing the particular module element.
    Type: Grant
    Filed: August 23, 2018
    Date of Patent: July 30, 2019
    Assignee: Oracle International Corporation
    Inventors: Alexander R. Buckley, Mark B. Reinhold, Alan Bateman, Paul Sandoz, Chris Hegarty
  • Patent number: 10360395
    Abstract: A process of hiding a key or data inside of random noise is introduced, whose purpose is to protect the privacy of the key or data. In some embodiments, the random noise is produced by quantum randomness, using photonic emission with a light emitting diode. When the data or key generation and random noise have the same probability distributions, and the key size is fixed, the security of the hiding can be made arbitrarily close to perfect secrecy, by increasing the noise size. The hiding process is practical in terms of infrastructure and cost, utilizing the existing TCP/IP infrastructure as a transmission medium, and using light emitting diode(s) and a photodetector in the random noise generator. In some embodiments, symmetric cryptography encrypts the data before the encrypted data is hidden in random noise, which substantially amplifies the computational complexity.
    Type: Grant
    Filed: November 28, 2015
    Date of Patent: July 23, 2019
    Assignee: Fiske Software, LLC
    Inventor: Michael Stephen Fiske
  • Patent number: 10361990
    Abstract: Disclosed are systems, apparatus, and methods for integrating an information feed. In various implementations, an identity of a user may be determined based on authentication information, where the authentication information identifies a user profile. In some implementations, profile information is identified based on the determined identity, where the profile information identifies one or more entities tracked using one or more information feeds associated with the user profile, and where the one or more information feeds comprises one or more feed items stored in a database system. In various implementations, the identified profile information is associated with a user account provided by a network communications application.
    Type: Grant
    Filed: June 1, 2017
    Date of Patent: July 23, 2019
    Assignee: salesforce.com, inc.
    Inventors: Anant Kumar Verma, Michael Brendan Tierney, Krzysztof Sebastian Oblucki, Blake Whitlow Markham
  • Patent number: 10362037
    Abstract: Management of IoT devices through a private cloud. An IoT device is coupled to a gateway. A request from the IoT device to connect to a private cloud, wherein the private cloud is used to manage IoT devices, is received at a private cloud control center agent. An identification of the IoT device is determined. The IoT device is onboarded, using the identification, for management through the private cloud. A device profile of the IoT device is generated. The flow of data to and from the IoT device is regulated through application of IoT rules according to the device profile of the IoT device.
    Type: Grant
    Filed: September 13, 2017
    Date of Patent: July 23, 2019
    Assignee: ZingBox, Ltd.
    Inventors: Xu Zou, Jianlin Zeng, Mei Wang