Patents Examined by Kenneth Chang
-
Patent number: 9811478Abstract: Exemplary methods are provided for storing data in a flash storage device to facilitate subsequent detection of tampering, comprising receiving a plaintext; reading first metadata associated with a device sector; encrypting the plaintext based on the first metadata to generate a cipher text and first authentication data; storing the cipher text in the sector; and storing the first authentication data as second metadata associated with the sector. Exemplary methods are also provided for detecting tampering with data stored in a flash storage device, comprising determining a physical location in a device sector; reading cipher text from the physical location; reading first authentication data and maintenance metadata associated with the sector; decrypting the cipher text based on a user key and the maintenance metadata to generate second authentication data; and determining the occurrence of tampering based on the first and second authentication data. Memory devices embodying said methods are also provided.Type: GrantFiled: March 22, 2016Date of Patent: November 7, 2017Assignee: Mangstor, Inc.Inventors: Ashwin Kamath, Paul E. Prince, Trevor Smith
-
Patent number: 9806889Abstract: Disclosed is a key downloading management method, comprising: a device end authorizing the validity of an RKS server by checking a digital signature of a work certificate public key of the RKS server, and the RKS server generating an authentication token (AT); encrypting by using an identity authentication secondary key DK2 of the device end, and sending the ciphertext to the device end; the device end decrypting the ciphertext by using the identity authentication secondary key DK2 saved thereby, encrypting the ciphertext by using the work certificate public key and then returning same to the RKS server; the RKS server decrypting same by using a work certificate private key thereof and then comparing whether the authentication token (AT) is the same as the generated authentication token (AT) or not, and if so, it is indicated that the device end is valid, thereby achieving bidirectional identity authentication.Type: GrantFiled: January 23, 2014Date of Patent: October 31, 2017Assignee: Fujian LANDI Commercial Equipment Co., Ltd.Inventors: Chengyong Yao, Rongshou Peng, Luqiang Meng
-
Patent number: 9787479Abstract: There is described a challenge-response method for a client device. The method comprises steps of: (a) receiving challenge data, wherein the challenge data is content encrypted using an encryption key, the content including a nonce; (b) using a secured module of the client device to access the content by decrypting the challenge data using a decryption key of the secured module, the decryption key corresponding to the encryption key; (c) processing a version of the content output by the secured module so as to obtain the nonce; and (d) providing the nonce as a response. There is also described a client device for implementing the above challenge-response method. There is also described a computer program which, when executed by a processor, causes the processor to carry out the above challenge-response method. Finally, there is described a computer readable medium storing the above-mentioned computer program.Type: GrantFiled: March 27, 2013Date of Patent: October 10, 2017Assignee: IRDETO B.V.Inventors: Andrew Augustine Wajs, Calin Ciordas, Fan Zhang
-
Patent number: 9774577Abstract: Disclosed are devices, systems, and methods for securing data using attribute based data access. The data may correspond to a sensory environment, and the data is secured at the device. The device secures the data by segmenting the data into number of segments and defining an access policy, further submitting the access policy to a PKG of system for generating Access Tree having attributes at different level for accessing the data. These Access Trees are securely stored on the device using IBE mechanism. Further, the data after being secured, is uploaded to a system for analysis. At the system, an access request may be received for accessing the data. The access request further includes a request attribute, whereby the system verifies if the attribute satisfies the Access Policy. If the verification is positive, an access may be provided to the data accessor for accessing the data.Type: GrantFiled: June 12, 2015Date of Patent: September 26, 2017Assignee: Tata Consultancy Services LimitedInventors: Shivraj Vijayshankar Lokamathe, Rajan Mindigal Alasingara Bhattachar, Barkur Suryanarayana Adiga, Meena Singh Dilip Thakur, Balamuralidhar Purushothaman
-
Patent number: 9774609Abstract: A method of communicating in a secure communication system, comprises the steps of assembling as message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.Type: GrantFiled: January 8, 2016Date of Patent: September 26, 2017Assignee: Certicom Corp.Inventor: Marinus Struik
-
Patent number: 9773099Abstract: A system, method, and device includes a platform data storage that stores a wrap that secures an executable controller and executable sensors. The wrap is verified, optionally through a downloaded authentication driver. After verifying the wrap, the wrap is opened and a sister of the executable controller is installed into the platform memory to cooperate with the executable controller. Additionally or alternatively, the authentication driver may cooperate with the executable controller. The executable controller allows the platform processor to access data secured in a vault and/or verify the platform to create a connection to an application server.Type: GrantFiled: April 17, 2017Date of Patent: September 26, 2017Inventors: Wayne Odom, Karolyn Gee
-
Patent number: 9769188Abstract: A method, product and computer program product for building a malware detector, the method including the steps of: receiving at least one characteristic for each of a plurality of malware variants; categorizing each of the characteristics as a malicious characteristic or a non-malicious characteristic; generating a detector; training the detector to distinguish between the malicious characteristic and the non-malicious characteristic; and rating the detector based on an accuracy of detection of an amount of malicious characteristics for each malware variant.Type: GrantFiled: February 19, 2016Date of Patent: September 19, 2017Assignee: PayPal, Inc.Inventors: Shlomi Boutnaru, Liran Tancman, Michael Markzon
-
Patent number: 9769161Abstract: A reader configured to perform dual-factor authentication is provided. The reader is configured to analyze credential data as well as event-based user inputs. The event-based user inputs are received in response to the reader presenting one or more events to a user and monitoring the user's reaction thereto. Utilization of an event-based user input enables the reader to perform dual-factor authentication without necessarily being provided with a keyboard or other advanced user input device.Type: GrantFiled: July 12, 2011Date of Patent: September 19, 2017Assignee: ASSA ABLOY ABInventors: Masha Leah Davis, Mark Robinton, Peter F. Klammer
-
Patent number: 9762579Abstract: A technique for network authentication interoperability involves initiating an authentication procedure on a first network, authenticating on a second network, and allowing access at the first network. The technique can include filtering access to a network, thereby restricting access to users with acceptable credentials. Offering a service that incorporates these techniques can enable incorporation of the techniques into an existing system with minimal impact to network configuration.Type: GrantFiled: August 17, 2016Date of Patent: September 12, 2017Assignee: Aerohive Networks, Inc.Inventors: Kenshin Sakura, Matthew Stuart Gast, Long Fu
-
Patent number: 9740859Abstract: Threat detection is improved by monitoring variations in observable events and correlating these variations to malicious activity. The disclosed techniques can be usefully employed with any attribute or other metric that can be instrumented on an endpoint and tracked over time including observable events such as changes to files, data, software configurations, operating systems, and so forth. Correlations may be based on historical data for a particular machine, or a group of machines such as similarly configured endpoints. Similar inferences of malicious activity can be based on the nature of a variation, including specific patterns of variation known to be associated with malware and any other unexpected patterns that deviate from normal behavior. Embodiments described herein use variations in, e.g., server software updates or URL cache hits on an endpoint, but the techniques are more generally applicable to any endpoint attribute that varies in a manner correlated with malicious activity.Type: GrantFiled: August 12, 2016Date of Patent: August 22, 2017Assignee: Sophos LimitedInventors: Mark D. Harris, Kenneth D. Ray
-
Patent number: 9727751Abstract: An approach is provided for applying privacy policies to structured data. A privacy policy management infrastructure receives a request for an exchange of structured data among a plurality of devices. The privacy policy management infrastructure determines one or more elements of the structured data. The privacy policy management infrastructure also determines one or more privacy policies corresponding to the structured data, respective ones of the one or more elements, or a combination thereof. The privacy policy management infrastructure further determines to apply the one or more privacy policies to the structured data, respective ones of the one or more elements, or a combination thereof when initiating the exchange.Type: GrantFiled: October 29, 2010Date of Patent: August 8, 2017Assignee: Nokia Technologies OyInventors: Ian Justin Oliver, Sergey Boldyrev, Jari-Jukka Harald Kaaja, Joni Jorma Marius Jantunen
-
Patent number: 9710658Abstract: Described herein is a computing platform incorporating a trusted entity, which is controllable to perform cryptographic operations using selected ones of a plurality of cryptographic algorithms and associated parameters, the entity being programmed to record mode of operation information, which is characterized by the algorithms and associated parameters that are selected to perform an operation.Type: GrantFiled: March 6, 2015Date of Patent: July 18, 2017Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Valiuddin Y. Ali, Graeme John Proudler
-
Patent number: 9703979Abstract: The described embodiments relate to encryption methods and computer program products. An encryption application is used to determine a keystore seed with a seed bit set having seed bits in an ordered sequence. A plurality of key derivation sets are determined and a selected key derivation set is selected randomly. A key bit sequence is generated from the seed bit set using the selected key derivation set. An encryption key is generated using the key bit sequence, and corresponding keying information is determined from the selected key derivation set such that the latter is also derivable from the former. The keying information discloses zero information about the encryption key absent knowledge of the keystore seed. Plaintext data is encrypted using the encryption key to generate ciphertext data, and the keying information is stored with the ciphertext data. The encryption key may then be deleted.Type: GrantFiled: June 10, 2016Date of Patent: July 11, 2017Assignee: BICDROID INC.Inventor: En-Hui Yang
-
Patent number: 9705856Abstract: Methods (500) of a network node (111) for creating and joining secure sessions for members (111-114) of a group of network nodes are provided. The methods comprise receiving an identity certificate and an assertion for the network node as well as a secret group key for the group. The method for creating a session further comprises creating (501) a session identifier and a secret session key for the session, and sending (502) an encrypted and authenticated broadcast message comprising the session identifier. The method for joining a session further comprises sending an encrypted and authenticated discovery message comprising the identity certificate and the assertion, and receiving an encrypted and authenticated discovery response message from another network node which is a member of the group. The disclosed combined symmetric key and public key scheme is based on the availability of three credentials at each node, i.e.Type: GrantFiled: July 27, 2012Date of Patent: July 11, 2017Assignee: TELEFONAKTIEBOLAGET L M ERICSSONInventors: Christian Gehrmann, Oscar Ohlsson, Ludwig Seitz
-
Patent number: 9698978Abstract: Provided is a network equipment and an authentication and key management method for the same. The network equipment generates a Network Key (NK); the network equipment performs authentication protocol interaction with opposite communication equipment, and calculates a Basic Session Key (BSK) according to parameters for the authentication protocol interaction and the NK; and the network equipment calculates link Encryption Keys (EKs) used respectively for Media Access Control (MAC) and Physical (PHY) layers using various access technologies according to the BSK, and provides the EKs for respective MAC and PHY layer function modules. With the disclosure, the legality of the equipment is verified by performing an authentication process on the heterogeneous network equipments in one pass, and keys in various MAC layer technologies are managed in a unified way.Type: GrantFiled: May 28, 2013Date of Patent: July 4, 2017Assignee: ZTE CORPORATIONInventors: Qiongwen Liang, Weiliang Zhang, Lin Wang, Junjian Zhang, Dezhi Zhang, Boshan Zhang
-
Patent number: 9680866Abstract: A system and computer based method are provided for identifying active content in websites on a network. In one aspects, a method for classifying web content includes determining a first property associated with static content of a web page, determining a second property associated with the content of the web page based at least in part on active content associated with the web page, evaluating a logical expression relating the first property and the second property, at least in part by evaluating whether a constant value matches at least a portion of the content of the web page, associating the web page with a category based on a result of the evaluation, and determining whether to allow network access to the web page based on the category.Type: GrantFiled: April 6, 2015Date of Patent: June 13, 2017Assignee: Websense, LLCInventors: Victor L Baddour, Stephan Chenette, Dan Hubbard, Nicholas J Verenini, Ali A Mesdaq
-
Patent number: 9680851Abstract: A method, product and computer program product for evolving malware variants, the method including the steps of: receiving a malware specimen; generating a first generation of variants corresponding to the malware specimen, wherein the malware specimen is altered by one or more mutations to generate each variant of the first generation of variants; selecting variants from the first generation of variants; and mutating the selected variants to generate successive generations of variants, wherein the successive generations are generated until one or more criteria are met.Type: GrantFiled: February 19, 2016Date of Patent: June 13, 2017Assignee: PAYPAL, INC.Inventors: Shlomi Boutnaru, Liran Tancman, Michael Markzon
-
Patent number: 9680836Abstract: This disclosure relates to a system and related operating methods. A computer-implemented server device receives a request from a device that includes an identifier proposed for a potential account holder. The computer-implemented server device determines whether the identifier is available for use with a new account, and communicates a response to the device that indicates whether the identifier is available for use with the new account. The response is presented at the device and includes an image that contains a visually obfuscated representation of an alphanumeric message that indicates either a success or a failure.Type: GrantFiled: May 9, 2016Date of Patent: June 13, 2017Assignee: salesforce.com, inc.Inventor: Gareth D. White
-
Patent number: 9658969Abstract: Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, and an encryption accelerator communicatively coupled to the processor. The encryption accelerator may be configured to encrypt and decrypt information in accordance with a plurality of cryptographic functions, receive a command from the processor to perform an encryption or decryption task upon data associated with an input/output operation, and in response to receiving the command, encrypt or decrypt the data associated with the input/output operation based on a particular one of the plurality of cryptographic functions.Type: GrantFiled: February 18, 2016Date of Patent: May 23, 2017Assignee: Dell Products L.P.Inventors: Kenneth W. Stufflebeam, Jr., Michele Kopp
-
Patent number: 9654487Abstract: A method, product and computer program product for providing evolutionary selection of malware variants, the method including the steps of: receiving a malware specimen; generating a first generation of variants corresponding to the malware specimen; evaluating each variant of the first generation of variants for one or more evasiveness characteristics and one or more maliciousness characteristics; based on the evaluating, selecting variants of the first generation of variants for further mutation; and generating a second generation of variants from each of the selected variants.Type: GrantFiled: February 19, 2016Date of Patent: May 16, 2017Assignee: PayPal, Inc.Inventors: Shlomi Boutnaru, Liran Tancman, Michael Markzon