Patents Examined by Joseph Pan
  • Patent number: 8880893
    Abstract: The present invention provides a policy specification framework to enable an enterprise to specify a given insider attack using a holistic view of a given data access, as well as the means to specify and implement one or more intrusion mitigation methods in response to the detection of such an attack. The policy specification provides for the use of “anomaly” and “signature” attributes that capture sophisticated behavioral characteristics of illegitimate data access. When the attack occurs, a previously-defined administrator (or system-defined) mitigation response (e.g., verification, disconnect, de-provision, or the like) is then implemented.
    Type: Grant
    Filed: September 24, 2004
    Date of Patent: November 4, 2014
    Assignee: IBM International Group B.V.
    Inventors: Pratyush Moghe, Narain Gehani, Peter T. Smith
  • Patent number: 8793796
    Abstract: Techniques described are capable of receiving an indication that an operating system of a computing device has entered a hibernated state and, in response, booting the computing device from a trusted environment that is unalterable by the hibernated operating system. A component stored on or accessible by the trusted environment may then perform an operation on the computing device. This operation may include scanning the device, performing a memory test on the device, or updating firmware on the device. In some instances, the computing device enters the hibernated state due to a predetermined length of user inactivity on the computing device. As such, the described techniques may perform an operation on the computing device without user interaction causing the operation.
    Type: Grant
    Filed: January 9, 2008
    Date of Patent: July 29, 2014
    Assignee: Microsoft Corporation
    Inventor: Anatoliy Panasyuk
  • Patent number: 8789151
    Abstract: Managing via a web portal a remote device from a source device connected to a communication network. A device ID is assigned to the remote device, and a remote management software for remote management of the remote device is not installed on the source device or the remote device. Based on the assigned device ID, a connection is established with the remote device via the communication network. A first instruction is received from a user for authenticating access to the web portal. The user is authenticated in response to the received first instruction. An online status is established for the authenticated user. A second instruction is received from the authenticated user requesting access to the remote device. The device ID of the remote device is validated. The validated device ID is associated with the authenticated user. A connection is established between the remote device and the web portal.
    Type: Grant
    Filed: January 9, 2008
    Date of Patent: July 22, 2014
    Assignee: Microsoft Corporation
    Inventors: Todd Ryun Manion, Kestutis Patiejunas, Junfeng Zhang, Ryan Yonghee Kim
  • Patent number: 8789193
    Abstract: Method and apparatus for Vulnerability Assessment techniques is disclosed. A method comprises detecting an event on a target in real time or at periodic intervals, by at least one of an OS service, an OS command, a hook, and an API. The event comprises a change in status of at least one of a network interface, a server network service, a client network service, and a port. An apparatus comprises a target having at least one of a deployed server network service, and a deployed client network service; and an agent deployed on the target, to detect an event on the target in real time or at periodic intervals. At least one of the agent and the VA server detect the event comprising a change in the status of at least one of a network interface, the server network service, the client network service, and a port.
    Type: Grant
    Filed: January 2, 2013
    Date of Patent: July 22, 2014
    Inventor: Samir Gurunath Kelekar
  • Patent number: 8782774
    Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
    Type: Grant
    Filed: March 7, 2013
    Date of Patent: July 15, 2014
    Assignee: Cloudflare, Inc.
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Albertus Strasheim
  • Patent number: 8775526
    Abstract: A method of controlling an external display using a personal communication device, comprising: providing an external display; processing an iconic message on a personal communication device to generate at least one instruction for said display; transmitting said at least one instruction from said personal communication device to said external display responsive to said processing; and displaying on external display in response to said at least one instruction.
    Type: Grant
    Filed: January 16, 2007
    Date of Patent: July 8, 2014
    Assignee: Zlango Ltd.
    Inventors: Yoav Lorch, Ehud Spiegel, Amir Yagil, Andrew Weinstein
  • Patent number: 8776187
    Abstract: Guest user are enabled to access network resources through an enterprise network using a guest user account. A guest user account may be created for a guest for a limited time. Guest account credentials of the guest account may be provided to the guest to use the guest account using any of a variety of techniques described herein, for example, by scanning a guest access card, credit card or mobile telephone of guest user, and providing the guest account credentials to the user based on the information obtained. A guest access management server may be configured to generate and maintain guest accounts, authenticate guest users, and track and log guest activity. A VLAN technology may be used to separate guest traffic from host enterprise traffic on the host enterprise network. After a guest user is authenticated, communications to and from the guest user may be routed to a guest VLAN.
    Type: Grant
    Filed: July 21, 2006
    Date of Patent: July 8, 2014
    Assignee: Microsoft Corporation
    Inventors: Amer A. Hassan, Andrew Baron, Christian Huitema, Deyun Wu, Mahmood H. Khadeer, Vishesh M. Parikh, Wajih Yahyaoui
  • Patent number: 8751653
    Abstract: A management system for managing a plurality of computers and a plurality of pieces of software in a computer center includes: a selection data storage part for storing data regarding allocation destination selection, the data including at least either one of operation data and temperature data, wherein the operation data represent states of execution of the pieces of software by the computers, respectively, and temperature data represent temperature distribution in the computers; an instruction generation part for extracting an overheated computer that is assumed to emit more heat as compared with the other computers, and a less-heated computer that is assumed to emit less heat as compared with the other computers, by using the data regarding allocation destination selection, and generating an instruction for relocating at least a part of a piece of software allocated to the overheated computer to the less-heated computer; and an instruction part for outputting the instruction.
    Type: Grant
    Filed: March 28, 2006
    Date of Patent: June 10, 2014
    Assignee: Fujitsu Limited
    Inventors: Yasuhide Matsumoto, Masatomo Yasaki, Masashi Uyama
  • Patent number: 8732457
    Abstract: Managing a digital certificate includes a landlord providing a digital certificate, a secure hardware device generating a series of n hash values, the secure hardware device providing an nth hash value to the landlord, wherein other hash values are not readily available to the landlord, the landlord placing the nth hash value in the certificate, the landlord digitally verifying the certificate containing the nth hash value to obtain a digitally signed certificate, a tenant obtaining the digitally signed certificate, the tenant obtaining the n hash values and the tenant managing the certificate by periodically issuing a previous hash value in the series of n hash values in response to the certificate being valid when the previous hash value is issued.
    Type: Grant
    Filed: March 20, 2002
    Date of Patent: May 20, 2014
    Assignee: Assa Abloy AB
    Inventor: Silvio Micali
  • Patent number: 8724809
    Abstract: A method and system for tuning to a scrambled television channel is provided. One implementation involves receiving a channel selection from a user, tuning to the selected scrambled channel, checking a cache for Conditional Access (CA) descrambling information associated with the selected channel, and in case of a cache hit, then retrieving the descrambling information associated with the selected channel from the cache for descrambling the scrambled channel.
    Type: Grant
    Filed: August 12, 2008
    Date of Patent: May 13, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Fei Xie, Victor Liang, Kitae Nahm, Juan Carlos Trujillo
  • Patent number: 8681993
    Abstract: A method and system for distributed security for a plurality of devices in a communication network, each of the devices being responsible for generating, distributing and controlling its own keys for access to the communication network and using the keys to establish a trusted network, each device's membership to the communication network being checked periodically by other devices by using a challenge response protocol to establish which devices are allowed access to the communication network and the trusted network.
    Type: Grant
    Filed: February 20, 2009
    Date of Patent: March 25, 2014
    Assignee: Certicom Corp.
    Inventors: Marinus Struik, Scott Alexander Vanstone
  • Patent number: 8677480
    Abstract: Embodiments of the present disclosure provide techniques for distributing information about possible anomalies in a network. A sensor in a network may detect packets with payloads that match an anomaly signature. Address dispersion information, for example, in the form of source and address bitmaps, may be gathered at the sensor. The address dispersion information may be distributed to one or more peer sensors if the information indicates that the number of different addresses of the detected matching packets exceeds a threshold.
    Type: Grant
    Filed: September 3, 2008
    Date of Patent: March 18, 2014
    Assignee: Cisco Technology, Inc.
    Inventors: Chui-Tin Yen, Saumyavapuh Lugani, Snigdhendu Mukhopadhyay, Rajiv Raghunarayan, Sumeet Singh
  • Patent number: 8675872
    Abstract: Various embodiments facilitate program content access management. One embodiment is a system with a secure content provider communicatively coupled to a first system and a second system, operable to stream encrypted content over the first system, and operable to communicate access control information over the second system; and a receiving device coupled to the first system and the second system, operable to receive the encrypted program content from the first system, operable to receive the access control information over the second system such that the encrypted program content is decrypted based on the access control information to generate program content, and operable to communicate the program content to a presentation device.
    Type: Grant
    Filed: November 28, 2007
    Date of Patent: March 18, 2014
    Assignee: EchoStar Technologies L.L.C.
    Inventor: John A. Card, II
  • Patent number: 8677118
    Abstract: Building a kernel hook module (KHM) on a build machine in an automated manner uses a script file to control the process. A user requests a KHM for a particular Linux kernel of a Linux distribution. The build machine is rebooted if necessary to run the target Linux distribution. Kernel source files for the Linux distribution are loaded and installed on the build machine. Various parameters are set and source code representing the functionality of the KHM (or that of a related software product) are loaded onto the build machine. The KHM is then built automatically under direction of the script file. A control machine receives the user request for a particular KHM over the Internet and directs operation of the build machine. A test machine tests the KHM once built. The KHM works in conjunction with anti-virus software or other software.
    Type: Grant
    Filed: February 1, 2005
    Date of Patent: March 18, 2014
    Assignee: Trend Micro, Inc.
    Inventors: Allen S. H. Liu, Eric Chao, Morris Chen
  • Patent number: 8656465
    Abstract: In one example, a method includes intercepting, by a first security module, a request from a software application executing on the computing device to access a resource of the computing device. The first security module may include a first group of permissions received from a second security module included in an operating system. The second security module may control access by software applications executing on the computing devices to resources of the computing device based upon permissions granted to the software applications. The method may also include identifying a second group of permissions granted to the software application. The second group of permissions may be a subset of the first group of permissions. The method may also include determining, based upon the first group of permissions, whether the software application is allowed to access the resource. The method may also include controlling access to the resource, based on the determining.
    Type: Grant
    Filed: May 9, 2012
    Date of Patent: February 18, 2014
    Assignee: Google Inc.
    Inventor: Zhen Elizabeth Fong-Jones
  • Patent number: 8639930
    Abstract: Some embodiments provide a verification system for automated verification of entities. The verification system automatedly verifies entities using a two part verification campaign. One part verifies that the entity is the true owner of the entity account to be verified. This verification step involves (1) the entity receiving a verification code at the entity account and returning the verification code to the verification system, (2) the entity associating an account that it has registered at a service provider to an account that the verification system has registered at the service provider, (3) both. Another part verifies the entity can respond to communications that are sent to methods of contact that have been previously verified as belonging to the entity. The verification system submits a first communication with a code using a verified method of contact. The verification system then monitors for a second communication to be returned with the code.
    Type: Grant
    Filed: November 7, 2011
    Date of Patent: January 28, 2014
    Assignee: Credibility Corp.
    Inventors: Jeffrey M. Stibel, Aaron B. Stibel, Peter Delgrosso, Shailen Mistry, Bryan Mierke, Paul Servino, Charles Chi Thoi Le, David Lo, David Allen Lyon
  • Patent number: 8627463
    Abstract: A computer-implemented method for using reputation information to evaluate the trustworthiness of files obtained via torrent transactions may include (1) identifying a torrent file that includes metadata for facilitating a torrent transaction for obtaining a target file via a peer-to-peer file-sharing protocol, (2) identifying at least one entity involved in the torrent transaction, (3) obtaining reputation information associated with the entity involved in the torrent transaction, wherein the reputation information identifies a community's opinion on the trustworthiness of the entity, (4) determining, based at least in part on the reputation information associated with the entity involved in the torrent transaction, that the target file represents a potential security risk, and then (5) performing a security action on the target file. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 13, 2010
    Date of Patent: January 7, 2014
    Assignee: Symantec Corporation
    Inventors: Adam Glick, Nicholas Graf, Spencer Smith
  • Patent number: 8621595
    Abstract: A method of network gateway authenticating involves a network gateway receiving an authentication request from a communications terminal. The communications terminal is in communication with an identity token. The authentication request includes a token cryptogram generated from a cryptographic key stored on the identity token. The network gateway transmits the authentication request to a communications network, and receives an authentication response from the communications network in accordance with a validity of the token cryptogram. The authentication response includes a gateway authentication certificate. The gateway authentication certificate is configured to authenticate the network gateway to a network device of the communications network.
    Type: Grant
    Filed: March 25, 2013
    Date of Patent: December 31, 2013
    Assignee: The Toronto Dominion Bank
    Inventors: Robert Hayhow, Bryan Michael Gleeson
  • Patent number: 8615805
    Abstract: A method for classifying a process that modifies a registry attribute is described. At least one attribute associated with a registry is monitored. A determination is made that the at least one attribute has been modified. The process that modified the at least one attribute is identified. One or more characteristics of the identified process is evaluated. The identified process is classified based on the evaluation of the one or more characteristics of the identified process.
    Type: Grant
    Filed: September 3, 2008
    Date of Patent: December 24, 2013
    Assignee: Symantec Corporation
    Inventors: Mark Obrecht, Shane Pereira
  • Patent number: 8615650
    Abstract: A method for deciphering control words for mechanically and electronically independent terminals includes causing first and second terminals to transmit a first and second cryptograms to a control-word server, causing that server to decipher them to obtain first and second control words for enabling descrambling of first and second multimedia content broadcast simultaneously on respective first and second channels, causing the server to transmit the control word to the respective terminals, the second control word obtained by deciphering the second cryptogram before the first terminal executes a channel change, and in response to the channel change, causing the first terminal to search to determine whether the second control word has already been transmitted in advance by the server before the channel change, and if the control word has been transmitted in advance, causing the first terminal to immediately start descrambling the second multimedia content with the second control word.
    Type: Grant
    Filed: December 20, 2010
    Date of Patent: December 24, 2013
    Assignee: Viaccess
    Inventor: Erwann Magis