Patents Examined by Kenneth W Chang
  • Patent number: 10673872
    Abstract: A threat level is evaluated for an ongoing attack detected for a set of resources based on received notifications having low weight in the evaluation of the threat level. If the threat level is smaller than an entrapment threshold, sensors associated with resources of an information system infrastructure that are potential subsequent targets of the ongoing attack are activated, the weight of the notifications sent from the activated sensors are set as average weight in the evaluation of the threat level, and the threat level is further evaluated for the ongoing attack. If the threat level is greater than the entrapment threshold, traps are deployed in the information system infrastructure, the weight of the notifications sent from the deployed traps are set as high weight in the evaluation of the threat level, and the threat level is further evaluated for the ongoing attack.
    Type: Grant
    Filed: November 7, 2016
    Date of Patent: June 2, 2020
    Assignee: ALCATEL LUCENT
    Inventors: Serge Papillon, Haithem El Abed, Antony Martin
  • Patent number: 10673625
    Abstract: Disclosed are various embodiments for certificate-free cryptosystems that achieve significant computational and communication efficiency as compared to prior systems. A private key generator (PKG) generates a master public key and a master private key unique to the PKG; receives identifying information for at least one client device; generates a public key for the at least one client device; generates a private key for the at least one client device by: performing a hash of the identifying information using the public key generated for the at least one client device to generate a plurality of indices; identifying values corresponding to the indices from the master private key; and deriving the private key based at least in part on a summation of the values corresponding to the indices; and sends the public key and the private key to the at least one client device.
    Type: Grant
    Filed: June 15, 2019
    Date of Patent: June 2, 2020
    Assignee: University of South Florida
    Inventors: Rouzbeh Behnia, Muslum Ozgur Ozmen, Attila Altay Yavuz
  • Patent number: 10671546
    Abstract: A technique includes receiving a request to initialize a region of a memory. Content that is stored in the region is encrypted based at least in part on a stored nonce value and a key. The technique includes, in response to the request, performing cryptographic-based initialization of the memory, including altering the stored nonce value to initialize the region of the memory.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: June 2, 2020
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Amro J. Awad, Pratyusa K. Manadhata, Stuart Haber, William G. Horne
  • Patent number: 10671762
    Abstract: In one embodiment, a system includes a non-volatile memory that may serve as both the main memory system and the backing store (or persistent storage). In some embodiments, the non-volatile memory is divided into a main memory portion and a persistent portion. Data in the main memory operation may be encrypted using one or more first keys, and data in the persistent portion may be encrypted using one or more second keys, in an embodiment. The volatile behavior of main memory may be implemented by discarding the one or more first keys in a power down event or other event that indicates a loss of main memory data, while the one or more second keys may be retained. In one embodiment, the physical address space of the non-volatile memory may be a mapping from a second physical address space that is used within the system.
    Type: Grant
    Filed: August 25, 2016
    Date of Patent: June 2, 2020
    Assignee: Apple Inc.
    Inventors: Manu Gulati, Joseph Sokol, Jr., Jeffrey R. Wilcox, Bernard J. Semeria, Michael J. Smith
  • Patent number: 10666653
    Abstract: A technique for network authentication interoperability involves initiating an authentication procedure on a first network, authenticating on a second network, and allowing access at the first network. The technique can include filtering access to a network, thereby restricting access to users with acceptable credentials. Offering a service that incorporates these techniques can enable incorporation of the techniques into an existing system with minimal impact to network configuration.
    Type: Grant
    Filed: March 26, 2019
    Date of Patent: May 26, 2020
    Assignee: Aerohive Networks, Inc.
    Inventors: Kenshin Sakura, Matthew Stuart Gast, Long Fu
  • Patent number: 10666647
    Abstract: Digital rights management is extended such that control over the access to data stored in a cloud remains with the originator of the data. The access information is coordinated between a rights application in the cloud and a rights server outside the cloud. A rights policy is used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. The access limits actions that can be performed with the data, such as a server application being provided with access to index said data without being able to access the complete contents of the data in the process. The access extension may be used for any type of distributed data processing in which the data are intended to be protected against unauthorized access operations.
    Type: Grant
    Filed: April 29, 2019
    Date of Patent: May 26, 2020
    Assignee: ServiceNow, Inc.
    Inventors: Monika Maidl, Stefan Seltzsam
  • Patent number: 10636751
    Abstract: A semiconductor device 100 of the present invention includes a front end and back ends A and B, each including a plurality of layers. Further, in the plurality of layers of the back end B, (i) circuits 22, 23, and 24 having a security function are provided in at least one layer having a wiring pitch of 100 nm or more, (ii) a circuit having a security function is provided in at least one wiring layer in M5 or higher level (M5, M6, M7, . . . ), (iii) a circuit having a security function is provided in at least one layer, for which immersion ArF exposure does not need to be used, or (iv) a circuit having a security function is provided in at least one layer that is exposed by using an exposure wavelength of 200 nm or more.
    Type: Grant
    Filed: August 3, 2016
    Date of Patent: April 28, 2020
    Assignee: NATIONAL INSTITUTE OF ADVANCED INDUSTRIAL SCIENCE & TECHNOLOGY
    Inventors: Yohei Hori, Yongxun Liu, Shinichi Ouchi, Tetsuji Yasuda, Meishoku Masahara, Toshifumi Irisawa, Kazuhiko Endo, Hiroyuki Ota, Tatsuro Maeda, Hanpei Koike, Yasuhiro Ogasahara, Toshihiro Katashita, Koichi Fukuda
  • Patent number: 10623439
    Abstract: A computer system is reliably protected from unauthorized access. The present invention provides a computer system comprising a plurality of service computers each capable of performing predetermined services, and a management computer which manages each of the plurality of service computers. Each of the plurality of service computers comprises a controller which executes an operating system, and a management processor for managing computer hardware. The controller executes a monitoring program which manages predetermined events. The management processor sends information of a detected event to the management computer via a port for connecting to the management computer.
    Type: Grant
    Filed: January 15, 2016
    Date of Patent: April 14, 2020
    Assignee: HITACHI, LTD.
    Inventors: Yoshifumi Nakamura, Eiichi Inoue
  • Patent number: 10623420
    Abstract: A method for data inspection includes upon receiving an out-of-order part of a sequence of parts, checking the out-of-order part for matching in forward and backward direction of the sequence; temporarily saving a forward state and a backward state of said both checkings; and upon receiving an in-order part of the sequence, checking the in-order part for matching in the forward direction of the sequence and if the in-order packet is within a gap between the first part and the last part of the sequence the in-order part is also checked for matching in backward direction of the sequence. The backward state or the forward and backward state are updated or temporarily saved.
    Type: Grant
    Filed: January 19, 2016
    Date of Patent: April 14, 2020
    Assignee: NEC CORPORATION
    Inventors: Roberto Gonzalez Sanchez, Giulio Picierro, Giuseppe Bianchi
  • Patent number: 10616217
    Abstract: The invention is an authentication framework that enables a user to log in to a website using an Internet-connected device, such as smartphone, smart watch, smart glasses, or tablet, while browsing on a computer. The framework makes it easier for people with certain disabilities to log in to a website, such as by removing the mandatory step of entering usernames and passwords while giving users multiple options through which they are establish their identity using Internet-connected devices. For example, gyroscope, camera, microphone, or the accelerometer can be used to provide credentials. This approach of the framework greatly reduces the number of barriers that a user with disability encounters when trying to use password-based authentication on the Internet.
    Type: Grant
    Filed: May 9, 2019
    Date of Patent: April 7, 2020
    Assignee: Syracuse University
    Inventors: Nata Miccael Barbosa, Yang Wang
  • Patent number: 10601587
    Abstract: A method for establishing a first secured communication channel between an administrative agent in a device and a distant server, the device comprising a secure element communicating with the administrative agent, the secure element being administrated through the administrative agent by the distant server, the administrative agent being administrated by a third party server through a second secured communication channel, the distant server and the third party server being connected through a third secured channel. The third party server requests, from the distant server, an operation on the secure element and a one-time PSK. The distant server sends, to the third party server, the one-time PSK. The third party server sends, to the administrative agent, a triggering message including the one-time PSK. A TLS-PSK handshake is performed between the administrative agent and the distant server with the one-time PSK to establish the first secured communication channel.
    Type: Grant
    Filed: June 23, 2015
    Date of Patent: March 24, 2020
    Assignee: THALES DIS FRANCE SA
    Inventors: Xavier Berard, Frédéric Paillart, Frédéric Faure, Lionel Mallet
  • Patent number: 10601875
    Abstract: Methods, apparatus, systems, and non-transitory computer-readable media for managing a plurality of disparate computer application and data control policies on a computing device, especially a computing device connected to a computer network, are described. In one example, at least one policy distribution point is provided that includes least one policy distribution point including at least one information management policy. A plurality of policy enforcement points, including a first policy enforcement point operating at a first policy enforcement level, and a second enforcement point operating at second policy enforcement level, are also provided. A first policy element to the first policy enforcement point, and a second policy element to the second policy enforcement point, are allocated.
    Type: Grant
    Filed: January 24, 2019
    Date of Patent: March 24, 2020
    Assignee: CELLSEC, INC.
    Inventors: David Goldschlag, Yoav Weiss, Karl Ginter, Michael Bartman
  • Patent number: 10594494
    Abstract: The invention relates to a system of obtaining authorization where there are multiple authorization modules. When an authorization is provided by a module, it is combined with a security token, digital signature or encryption identifying which module provided the authorization. To obtain a full authorization, multiple authorization modules may be required and these modules can be connected in parallel and or in series with each other.
    Type: Grant
    Filed: August 25, 2016
    Date of Patent: March 17, 2020
    Assignee: Inexto SA
    Inventors: Erwan Fradet, Patrick Chanez, Philippe Chatelain
  • Patent number: 10587403
    Abstract: The invention relates to a method of defining a numerical basis by combining at least two different ranges of numbers which can be used to obfuscate an alphanumeric character. This basis can be used for product identification or other methods of creating unique tracking or identification numbers when used in combination with conversion functions.
    Type: Grant
    Filed: August 13, 2016
    Date of Patent: March 10, 2020
    Assignee: Inexto SA
    Inventors: Erwan Fradet, Patrick Chanez, Philippe Chatelain
  • Patent number: 10587638
    Abstract: Embodiments are directed to monitoring network traffic over a network using one or more network monitoring computers. A monitoring engine may be instantiated to perform actions, including: monitoring network traffic to identify client requests provided by clients and server responses provided by servers in response to the client requests; determining request metrics associated with the client requests; and determining response metrics associated with the server responses. An analysis engine may be instantiated that performs actions, including: comparing the request metrics with the response metrics; determining atypical behavior associated with the clients based on the comparison such that the atypical behavior includes an absence of adaption by the clients to changes in the server responses; and providing alerts that may identify the clients be associated with the atypical behavior.
    Type: Grant
    Filed: April 22, 2019
    Date of Patent: March 10, 2020
    Assignee: ExtraHop Networks, Inc.
    Inventors: Arindum Mukerji, Khurram Waheed
  • Patent number: 10574444
    Abstract: Systems and methods for secured access to cloud-based applications or services include a service node that may receive a request from client including a URL associated with an application manager. The service node may send a URL prefix identifying a termination to the termination node. The service node may receive a client hello message from the client that includes a first field incorporating the URL prefix, and may send the client hello message to the termination node to initiate a handshake with the client using a wildcard certificate of server, for establishing a SSL channel between the client and the termination node for a session of the application. The service node can direct a communication of the session from the client to the predetermined termination node, for decryption, using the established SSL channel, according to the URL prefix incorporated in a server name indication (SNI) field of the communication.
    Type: Grant
    Filed: January 22, 2018
    Date of Patent: February 25, 2020
    Assignee: Citrix Systems, Inc.
    Inventors: Keyoor Khristi, Mukul Agarwal, Ravi Ganesh, V, Saurabh Singh, Vishnu Prateek
  • Patent number: 10575170
    Abstract: The subject matter describes devices, networks, systems, media, and methods to create secure communications between wireless devices and cellular networks, where the wireless devices communicate with the cellular networks via multi-hopping methods in non-cellular networks.
    Type: Grant
    Filed: October 15, 2018
    Date of Patent: February 25, 2020
    Assignee: M87, INC.
    Inventors: Vidur Bhargava, Eric Kord Henderson, Peter Matthew Feldman
  • Patent number: 10575177
    Abstract: Provided is a technology for allowing only a wireless terminal satisfying a security policy to be connected to an in-company network without causing a significant increase in costs. The terminal management device including a determination part communicating with a wireless terminal via a different communication network from the wireless network system, and determining whether or not the wireless terminal satisfies a predetermined security policy, and a connection information transmission part transmitting connection information for connection to the wireless relay device to the wireless terminal which is determined to satisfy the security policy by the determination part is provided in a wireless network system that includes a wireless access point device constituting an in-company network and connecting a wireless terminal for which predetermined connection information has been set.
    Type: Grant
    Filed: March 17, 2014
    Date of Patent: February 25, 2020
    Assignee: Yamaha Corporation
    Inventors: Takahiro Asano, Toshihiro Kimura
  • Patent number: 10565368
    Abstract: Provided are an electronic device and a method of controlling same. The method of controlling the electronic device: displays a UI including a security index showing that the electronic device is in a state operating in a secure mode; compares the security index to a reference security index and determines whether the security index has been falsified; and when the security index is a falsified security index, shows that the security index is a security index that has been falsified.
    Type: Grant
    Filed: July 5, 2016
    Date of Patent: February 18, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Kyung-soo Kwag, Chang-sup Ahn, Joon-hyuk Ryu, Jung-kyuen Lee, Ji-yeon Choi, Sung-hyun Hong
  • Patent number: 10567358
    Abstract: An electronic circuit (200) includes one or more programmable control-plane engines (410, 460) operable to process packet header information and form at least one command, one or more programmable data-plane engines (310, 320, 370) selectively operable for at least one of a plurality of cryptographic processes selectable in response to the at least one command, and a programmable host processor (100) coupled to such a data-plane engine (310) and such a control-plane engine (410). Other processors, circuits, devices and systems and processes for their operation and manufacture are disclosed.
    Type: Grant
    Filed: August 24, 2018
    Date of Patent: February 18, 2020
    Assignee: Texas Instruments Incorporated
    Inventors: Amritpal Singh Mundra, Denis Roland Beaudoin