Patents Examined by Kaveh Abrishamkar
  • Patent number: 10382482
    Abstract: This document generally relates to systems, method, and other techniques for identifying and interfering with the operation of computer malware, as a mechanism for improving system security. Some implementations include a computer-implemented method by which a computer security server system performs actions including receiving a request for content directed to a particular content server system; forwarding the request to the particular content server system; receiving executable code from the particular content server system; inserting executable injection code into at least one file of the executable code; applying a security countermeasure to the combined executable code and executable injection code to create transformed code; and providing the transformed code to a client computing device.
    Type: Grant
    Filed: August 30, 2016
    Date of Patent: August 13, 2019
    Assignee: Shape Security, Inc.
    Inventors: Siying Yang, Jarrod Overson, Ben Vinegar, Bei Zhang
  • Patent number: 10374794
    Abstract: System and methods for secure transmission are described and include receiving, by a first computing system, an encrypted token generated using a public key of an asymmetric key pair; receiving, by the first computing system, a first partially decrypted token generated by applying a first private key fragment of a private key of the asymmetric key pair to the encrypted token; applying, by the first computing system, a second private key fragment of the private key to the encrypted token to generate a second partially decrypted token; applying, by the first computing system, a third private key fragment of the private key to the encrypted token to generate a third partially decrypted token; and combining the first partially decrypted token, the second partially decrypted token and the third partially decrypted token to generate a decrypted token.
    Type: Grant
    Filed: June 30, 2017
    Date of Patent: August 6, 2019
    Assignee: salesforce.com, inc.
    Inventors: Prasad Peddada, Taher ElGamal
  • Patent number: 10362004
    Abstract: Systems and methods for providing services are disclosed. One aspect comprises authenticating a user associated with a first service, receiving a selection of a second service, generating an opaque identifier associated with the user and the first service, wherein the opaque identifier facilitates the anonymous collection of data relating to the second service. Another aspect can comprise transmitting the opaque identifier to the second service, and receiving data relating to the second service.
    Type: Grant
    Filed: November 14, 2017
    Date of Patent: July 23, 2019
    Assignee: COMCAST CABLE COMMUNICATIONS, LLC
    Inventors: David Mays, Jason Press
  • Patent number: 10356095
    Abstract: In embodiments of the present invention improved capabilities are described for managing access to a secure exchange environment managed by an intermediate business entity through a user email identity, the method comprising establishing a secure exchange server hosted by an intermediate business entity, wherein communications and access to a collection of files established by a first business entity are managed for a second business entity; and establishing an email effectivity facility that allows a user of the first business entity to specify a condition for email-based access to at least one resource in the collection of files, wherein the condition expresses (a) an effective period for using an email providing access to the resource and (b) a condition of email access to the resource by a designated individual of the second business entity, wherein the access permission was assigned using a specific email address of the designated individual.
    Type: Grant
    Filed: December 16, 2016
    Date of Patent: July 16, 2019
    Assignee: Intralinks, Inc.
    Inventor: Jerry Lee Meyer
  • Patent number: 10356098
    Abstract: A system for systematically enhancing consumer and business contact information is disclosed. A server located “in the cloud” systematically controls a database of contact data elements, some of which have preferred and/or user-selected privacy protocols and update availability. These protocols and availability may restrict some data elements from being shared unless a data-owner's explicit permission is obtained. When the server receives a request for such a restricted data element, the server may issue an email or text message in order to obtain the necessary permissions. If permission is granted, the server then supplies the requested data. Beyond this base functionality, expanded services provide complementary enhancement functionality.
    Type: Grant
    Filed: December 21, 2017
    Date of Patent: July 16, 2019
    Inventors: Barry Gold, Karen Sallick
  • Patent number: 10348749
    Abstract: A method and an apparatus for detecting a port scan in a network are disclosed. For example, the method extracts statistics from a message, detects the port scan for a source internet protocol address, determines whether a port scan record exists for the source internet protocol address, creates a port scan record for the source internet protocol address that is extracted when the port scan record does not exist, determines an elapsed time when the port scan record does exist, wherein the elapsed time is determined as a difference between the time stamp that is extracted and a recorded time stamp, sets the recorded time stamp to be the extracted time stamp when the elapsed time is less than an intra-scan time, and determines the port scan has ended for the source internet protocol address when the elapsed time is not less than the intra-scan time.
    Type: Grant
    Filed: April 16, 2018
    Date of Patent: July 9, 2019
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Wai Sum Lai, Andrew Egan, Wen-Jui Li
  • Patent number: 10348728
    Abstract: The service layer may leverage the access network infrastructure so that applications on a device may bootstrap with a machine-to-machine server without requiring provisioning beyond what is already required by the access network.
    Type: Grant
    Filed: March 14, 2018
    Date of Patent: July 9, 2019
    Assignee: Convida Wireless, LLC
    Inventors: Michael F. Starsinic, Guang Lu, Suresh Palanisamy, Qing Li, Dale N. Seed
  • Patent number: 10339292
    Abstract: Method and devices for making access decisions in a secure access network are provided. The access decisions are made by a portable credential using data and algorithms stored on the credential. Since access decisions are made by the portable credential non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database thereby reducing the cost of building and maintaining the secure access network.
    Type: Grant
    Filed: September 3, 2013
    Date of Patent: July 2, 2019
    Assignee: Assa Abloy AB
    Inventors: Masha Leah Davis, Robert Wamsley, Tam Hulusi
  • Patent number: 10334054
    Abstract: The present disclosure generally relates to techniques for managing a remote authorization to proceed with an action, such as creating a secure network connection. In some examples, a requesting device receives selection of one or more options. The requesting device transmits a request to proceed with an action to an authenticating device. The authenticating device concurrently displays an indication of the request to proceed with the action, information about the selected one or more options, and an indication of the requesting device. The authenticating device receives authorization to proceed with the action and transmits a response to the requesting device regarding the request to proceed with the action.
    Type: Grant
    Filed: December 18, 2017
    Date of Patent: June 25, 2019
    Assignee: Apple Inc.
    Inventors: Marcel Van Os, Oluwatomiwa B. Alabi, Peter D. Anton, George R. Dicker, Anton K. Diederich, Donald W. Pitschel, Nicholas J. Shearer
  • Patent number: 10325270
    Abstract: A method and system are provided for environmental credit scoring of a plurality of users, partners, and distributors comprising: registering the plurality of users, partners, and distributors; receiving information from the registered users; receiving environmental activity records from partners, and distributors; assigning each activity an identification number; verifying the environmental activity records; calculating a score of each environmental activity; calculating an environmental credit score of the partners and distributors; receiving data from a point of service system; identifying the environmental activity records of users, partners and distributors, and crediting respective environmental activity records; calculating an environmental credit score for the users based on the environmental activities' data credited under the environmental activity record of the users; analyzing the environmental credit score of the users, partners, and distributors; and publishing the environmental credit scores.
    Type: Grant
    Filed: July 24, 2018
    Date of Patent: June 18, 2019
    Inventor: Maher A Abdelsamie
  • Patent number: 10320835
    Abstract: In one example, a mobile device includes a network interface configured to receive data for an application including a set of application permissions describing elements of the mobile device to which the application will have access upon installation of the application, and a processing unit configured to determine a type for the application and, based on an analysis of the set of application permissions and the type for the application, determine whether the application includes malware.
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: June 11, 2019
    Assignee: Pulse Secure, LLC
    Inventors: Neil Book, Daniel V. Hoffman
  • Patent number: 10298550
    Abstract: A computer program product for transmitting data flow in a network between two resources using a processing circuit to perform a method which includes obtaining a data record from a first resource, storing the data record and an associated data record identifier in a first memory, transmitting the data record from a first network to a second network, storing the data record and an associated data record identifier in a second memory, determining by an inline service provider whether the data record is suitable for transmission from a first resource to a second resource; based on determining that the data record is suitable for transmission by the inline service provider transmitting only the data record identifier stored in the second memory to the first switch and retrieving the data record stored in the first memory associated with the data record identifier for transmission to the second resource.
    Type: Grant
    Filed: September 22, 2016
    Date of Patent: May 21, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Chih-Wen Chao, Cheng-Ta Lee, Yin Lee, Wei-Shiau Suen, Ming-Hsun Wu
  • Patent number: 10291657
    Abstract: The technology disclosed relates to enforcing multi-part policies on data-deficient transactions of independent data stores. In particular, it relates to combining active analysis of access requests for the independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and persisting object metadata in a supplemental data store, actively processing data-deficient transactions that apply to the objects by accessing the supplemental data store to retrieve object metadata not available in transaction streams of the data-deficient transactions, and actively enforcing the multi-part policies using the retrieved object metadata.
    Type: Grant
    Filed: June 5, 2018
    Date of Patent: May 14, 2019
    Assignee: NetSkope, Inc.
    Inventors: Krishna Narayanaswamy, Lebin Cheng, Abhay Kulkarni, Ravi Ithal, Chetan Anand, Rajneesh Chopra
  • Patent number: 10284541
    Abstract: A system for generating an enhanced distributed online registry that utilizes an interoperable framework, and machine learning and natural language processing technologies to automatically provide compatible registry items. A persistent secure connection across distributed systems facilitates automatic synchronization of the generated online registry items across the distributed systems and devices accessing those systems. The online registry application processor utilizes machine learning and natural language technologies to generate an acquisition trending model which may be utilized to generate an enhanced distributed online registry that may determine and provide registry items that are compatible with the customer acquisition. Utilizing a persistent bi-directional connection, the online registry application processor may automatically synchronize the enhanced distributed online registry in real time as registry items are added and purchased.
    Type: Grant
    Filed: July 9, 2018
    Date of Patent: May 7, 2019
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventors: Ponnazhakan Subramanian, Satish Chikkaveerappa, Liju Mathews
  • Patent number: 10284376
    Abstract: A code signing system operating a web portal for user clients and a web service for automated machine clients. The web service can receive an operation request from a code signing module running on a remote machine client, the operation request including a request for a cryptographic operation and user credentials retrieved from a hardware cryptographic token connected to the machine client. The code signing system can perform the requested cryptographic operation and return a result to the machine client if the code signing system authenticates the machine client and the requested cryptographic operation is within a permissions set associated with the machine client.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: May 7, 2019
    Assignee: ARRIS Enterprises LLC
    Inventors: Reshma T. Shahabuddin, Ting Yao, Tat Keung Chan, Alexander Medvinsky, Xin Qiu
  • Patent number: 10284521
    Abstract: Disclosed are systems, methods, and computer-readable storage media for automatic security list offload with exponential timeout. A second layer of a firewall can determine that a first data, that previously passed through a first layer of the firewall, should be blocked. The second layer of the firewall can utilize more resources than the first layer of the firewall to determine whether to block a data packet. In response, a first rule can be applied at the first layer of the firewall to block data packets received from a source of the first data packet. Accordingly, a second data packet received from the source of the first data packet will be blocked at the first layer of the firewall based on the first rule.
    Type: Grant
    Filed: August 17, 2016
    Date of Patent: May 7, 2019
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Robert Shanks, Daghan Altas
  • Patent number: 10282537
    Abstract: A request for authentication from a user of a computer system is received. An authentication prompt is transmitted to the user, wherein the authentication prompt corresponds to a plurality of stored authentication responses, and wherein each of the plurality of stored authentication responses is used to authenticate the user. A first user authentication response is received. Whether to accept the first user authentication response based on a degree of similarity between the first user authentication response is determined and a stored authentication response from the plurality of stored authentication responses. Responsive to accepting the first user authentication response, a security score is calculated representing a level of confidence with respect to verifying the user for authentication, based on a type of authentication response for the first user authentication response. Responsive to determining that the security score is greater than an authentication score the user is authenticated.
    Type: Grant
    Filed: September 20, 2016
    Date of Patent: May 7, 2019
    Assignee: International Business Machines Corporation
    Inventors: Calvin B. Swart, Sharon M. Trewin
  • Patent number: 10263957
    Abstract: A method and apparatus of a device that installs a new access control list for a port of a network element is described. In an exemplary embodiment, a network element receives an indication that the first access control list for the port is to be updated with a second access control list and the port processes data communicated with port with the first access control list. In addition, the network element configures the port to use a fallback access control list, where the fallback access control list includes a plurality of rules and the port uses the fallback access control list to process data communicated with the port. Furthermore, the network element loads the second access control list for the port. The network element additionally configures the port to use the second access control list, wherein the port uses the second access control list to process data communicated with the port.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: April 16, 2019
    Assignee: Arista Networks, Inc.
    Inventor: Kenneth James Duda
  • Patent number: 10257183
    Abstract: Techniques for an ID federation gateway include determining whether a user associated with a request for a particular network resource is to be identified by the provider of the particular service or by a different party. The service also comprises causing the different party to provide identification data that indicates an identity for the user, if the user is to be identified by the different party. The method further comprises causing user credentials data, based on the identification data, to be sent to an authentication process of the provider for a set of one or more network resources that includes the particular network resource requested by the user, if the data indicates that the user is successfully identified.
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: April 9, 2019
    Assignee: Nokia Technologies Oy
    Inventors: Jari Tapio Otranen, Jari Anssi Petteri Mononen, Jari Mikael Pehkonen, Pasi Allan Lantiainen
  • Patent number: 10257201
    Abstract: The present disclosure provides new methods and systems for managing access to service accounts by user accounts. For example, a user account and a service account may be created. The user account may be granted a first permission to access the service account. The first permission may provide a user with a capability to access the service account by at least one of accessing the service account through the user account and directly accessing the service account. A first credential may be issued to the service account. A user account status event regarding a change to the first permission may automatically be detected. It may be determined that the first permission provided access to the service account A second credential may be issued to the service account. The second credential may invalidate the first credential and may prevent the user from directly accessing the service account.
    Type: Grant
    Filed: July 28, 2016
    Date of Patent: April 9, 2019
    Assignee: Red Hat, Inc.
    Inventors: Benjamin Parees, Clayton Coleman, David Eads, Jordan Liggitt