Patents Examined by Khalil Naghdali
  • Patent number: 10771062
    Abstract: Presented are systems and methods that allow hardware designers to protect valuable IP and information in the hardware domain in order to increase overall system security. In various embodiments of the invention this is accomplished by configuring logic gates of existing logic circuitry based on a key input. In certain embodiments, a logic function provides results that are dependent not only on input values but also on an encrypted logic key that determines connections for a given logic building block, such that the functionality of the logic function cannot be determined by reverse engineering. In some embodiments, the logic key is created by decrypting a piece of data using a secret or private key. Advantages of automatic encryption include that existing circuitry need not be re-implemented or re-built, and that the systems and methods presented are backward compatible with standard manufacturing tools.
    Type: Grant
    Filed: August 9, 2018
    Date of Patent: September 8, 2020
    Assignee: Maxim Integrated Products, Inc.
    Inventors: Robert Michael Muchsel, Donald Wood Loomis, III, Edward Tangkwai Ma, Hung Thanh Nguyen, Nancy Kow Iida, Mark Alan Lovell
  • Patent number: 10771491
    Abstract: Data packets transmitted to and from an IoT device are obtained and at least one of the data packets are analyzed using deep packet inspection to identify transaction data from payload of the at least one of the data packets. An event log is generated for the IoT device from the transaction data, the event log, at least in part, used to generate a historical record for the IoT device. The IoT device is profiled into a device profile based on the historical record for the IoT device. The event log is updated in real-time to indicate current operation of the IoT device. Abnormal device behavior of the IoT device is determined using the event log and the device profile. The device profile is updated to indicate the abnormal device behavior of the IoT device.
    Type: Grant
    Filed: February 19, 2019
    Date of Patent: September 8, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Gong Cheng, Pui-Chuen Yip, Zhiwei Xiao, Ran Xia, Mei Wang
  • Patent number: 10771454
    Abstract: An information processing system comprises a terminal device; an end server; and an intermediate server connected to the terminal device and the end server via a network. The intermediate server includes a communication device that communicates with the terminal device and the end server; a memory device that stores an ID correspondence table that registers a combination of first login information and second login information, the first login information being for logging in to the intermediate server, the second login information being for logging in to the end server; and a controller, when the controller executes an information processing program, the controller operating as an ID issue receiving unit, an end server accessing unit, an ID issuing unit, and an end server access receiving unit.
    Type: Grant
    Filed: July 27, 2018
    Date of Patent: September 8, 2020
    Assignee: KYOCERA DOCUMENT SOLUTIONS INC.
    Inventor: Takehiro Hara
  • Patent number: 10771246
    Abstract: Systems and methods allow to take advantage of the natural statistical variation of physical properties in a semiconductor device in order to create truly random, repeatable, and hard to detect cryptographic bits. This may be accomplished by recursively pairing mismatch values of Physically Unclonable Functions (PUF) elements so as to ensure that generated PUF key bits remain insensitive to environmental errors, without affecting the utilization rate of available PUF elements. The pairing process may be applied to any given hardware to generate more stable PUF bit sequences that provide a higher margin of error, increase the number of bits for a given margin of error, or any combination thereof.
    Type: Grant
    Filed: September 14, 2016
    Date of Patent: September 8, 2020
    Assignee: Maxim Integrated Products, Inc.
    Inventor: Sung Ung Kwak
  • Patent number: 10764261
    Abstract: A method for enabling a scalable public-key infrastructure (PKI) comprises invoking a process of receiving a message for a device, identifying an association ID for the device, retrieving encrypted association keys stored on the server for communicating with the device, the encrypted association keys encrypted using a wrapping key stored on a Hardware Security Module (HSM). The method further comprises sending the message and the encrypted association keys to the HSM, unwrapping, by the HSM, the encrypted association keys to create unwrapped association keys, cryptographically processing the message to generate a processed message, deleting the unwrapped association keys, sending the processed message to the device, and invoking, concurrently and by a second application, the process.
    Type: Grant
    Filed: December 31, 2014
    Date of Patent: September 1, 2020
    Assignee: ITRON, INC.
    Inventors: Christopher Vigliaturo, Benjamin Damm, David Drinan, Aditi Hilbert
  • Patent number: 10764294
    Abstract: A service request and a credential are sent from a customer environment to a service provider. The service provider maintains information, such as a credential whitelist, that identifies which credentials may be used with each customer environment. The service provider identifies the particular customer environment from which the service request was submitted using the IP address of the requester (or other environment-identifying information), and retrieves information that restricts the use of the credentials. A request may be approved or rejected based on the presence of the associated credential in a whitelist notwithstanding whether the credential otherwise authorizes the service request. In some examples, the system is used to limit data exfiltration from a customer environment.
    Type: Grant
    Filed: March 10, 2016
    Date of Patent: September 1, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Muhammad Wasiq, Nima Sharifi Mehr
  • Patent number: 10757110
    Abstract: A computing system for generating allowed lists of applications for machines is provided. The system, for each machine, identifies a set of executed applications that were executed by that machine. The system then clusters the machines based on similarity between the sets of executed applications so that machines with similar sets are in the same cluster. The system then, for each cluster of machines, creates an allowed list of applications for the cluster that includes the applications in the sets of executed applications of the machines of the cluster. An allowed list for a cluster indicates that only applications in the allowed list are allowed to be executed by a machine in the cluster. The system then distributes the allowed list for a cluster to the machines of that cluster so that the machines execute only applications in the allowed list for their cluster.
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: August 25, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Moshe Israel, Ronen Yaari, Ben Kliger, Yaniv Dagan, Gilad Elyashar, Moshe Shalala, Erel Hansav
  • Patent number: 10742635
    Abstract: A global userID may be linked to many individual locations. A user may login to the global userID and select an experience environment. The experience environment may provide access to locations associated with the experience environment, such as all locations in a country. The user may switch between experience environments without providing login credentials for each individual location the user wishes to view.
    Type: Grant
    Filed: May 21, 2018
    Date of Patent: August 11, 2020
    Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.
    Inventors: Debdeep Banerjee, Yatharth Chowdhary, Dinesh Reddy Gudibandi, Gautam Gulati, Prasanth Harpanahalli, Edward L. Morabito, Jr.
  • Patent number: 10740461
    Abstract: Identification of an entity performing a deletion or modification action on locally stored files and notification to mitigate risks to cloud stored files is provided. A local or remote file watcher may monitor locally stored files and detect a deletion or modification action. The file watcher may also identify an entity performing the deletion or modification action. The entity may be an application, a process, a user other than the user that is the owner of the files, or the user himself/herself. The file watcher may further determine one or more alert conditions or rules associated with the affected file(s) and/or the entity, that is under which circumstances an alert is to be issued. The alert notification(s) may be issued to the user, an administrator, a cloud storage service, and/or a data protection service such that protective measures can be taken if necessary.
    Type: Grant
    Filed: May 16, 2019
    Date of Patent: August 11, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Filip Chelarescu, John D. Rodrigues, Steven J. Bailey, Adam C. Czeisler
  • Patent number: 10735432
    Abstract: Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which may comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted. However, if it is determined that the current user is likely illegitimate, than a verification procedure may be provided to the current user, such as a temporal, dynamic security challenge based on recent activity conducted by the legitimate user.
    Type: Grant
    Filed: January 18, 2019
    Date of Patent: August 4, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Nadav Bar, Tom Jurgenson
  • Patent number: 10719548
    Abstract: A method for territorial filtering, streaming, and downloading media files over a client-server network with local read-write execution capabilities enables application of digital rights management data across batches of media files without admin having to alter each file, or metadata associated with each file, individually. Media files stored remotely in memory associated with a server are batch-handled for application of digital rights management data. Digital rights management data is applicable to batched files by assignation to particular directories wherein media files stored within a particular directory are associable with particular digital rights management data. Territorial filtering is applied to exclude media files from display as part of a selectable menu whereby users requesting access from certain locations are denied access to media files restricted from playback in that location.
    Type: Grant
    Filed: October 15, 2018
    Date of Patent: July 21, 2020
    Inventor: Lee Johnson
  • Patent number: 10713369
    Abstract: The disclosure discloses a method and device for access control. The method includes: when a group of tasks are executed, controlling an access of a subject to an object according to operation permission corresponding to each of the tasks in the group of tasks. The device comprises a control component arranged to, when a group of tasks are executed, control an access of a subject to an object according to operation permission corresponding to each of the tasks in the group of tasks.
    Type: Grant
    Filed: April 17, 2015
    Date of Patent: July 14, 2020
    Assignee: ZTE CORPORATION
    Inventors: Yao Tong, Yihui Peng
  • Patent number: 10706430
    Abstract: Provided herein are systems, methods and computer readable media for consumer monitor and tracking. An example method may include receiving client device ID and client device profile data, comparing client device ID and client device profile data to a plurality of known client device versions, generating an updated known client device version in an instance in which the client device ID correlates to at least one of the plurality of known client device versions and the client device profile data does not correlate to the at least one of the plurality of known client device versions and generating a new known client device version in an instance in which the client device ID does not correlate to at least one of the plurality of known client device versions.
    Type: Grant
    Filed: August 1, 2018
    Date of Patent: July 7, 2020
    Assignee: Groupon, Inc.
    Inventors: Jiaqi Guo, Michael Elizarov, Jim Breen, Selvam Velmurugan
  • Patent number: 10680798
    Abstract: A secure computing device, including: a processor configured to carry out a secure operation; a memory in communication with the processer configured to store secure data; and a memory controller configured control storage of data in the memory and reading data from the memory, wherein the secure data is split into shares before being stored in the memory and wherein the memory controller is configured to: apply a masking storage transform (MST) to one of the shares to produce a masked share before storing the shares in the memory, wherein the MST is a permutation without a fixed point; apply an inverse MST to the masked share when reading the shares from the memory; and combine the read shares to reconstruct the secure data.
    Type: Grant
    Filed: February 15, 2017
    Date of Patent: June 9, 2020
    Assignee: NXP USA, Inc.
    Inventors: Miroslav Knezevic, Ventzislav Nikov
  • Patent number: 10681024
    Abstract: A method, a system, and a non-transitory computer readable program code are disclosed for authenticating users for services. The method includes registering one or more users in an authentication system; assigning a score index to each of the one or more users in the authentication system for one or more services, the score index representing a security level and corresponding authentication required to access each of the one or more services; inputting each request for services from the one or more users into the authentication system to continuously update the score index for each of the one or more users, each of the requests including one or more authenticators or biometric identifiers for the requested service; and requesting the one or more users to register one or more additional authenticators or biometric identifiers with the authentication system upon the score index for a user reaching of a predefined threshold value.
    Type: Grant
    Filed: May 31, 2017
    Date of Patent: June 9, 2020
    Assignee: KONICA MINOLTA LABORATORY U.S.A., INC.
    Inventors: Subramanyam Badri, Sarma Sista
  • Patent number: 10681027
    Abstract: A program for light commercial building system (LCBS) solutions. Solutions and other systems may incorporate lightweight alerting service, auto-adjustment of gateway poll rates based on the needs of various consuming applications, detecting loss of space comfort control in a heating, ventilation and air conditioning (HVAC) system, HVAC capacity loss alerting using relative degree days and accumulated stage run time with operational equivalency checks, and HVAC alerting for loss of heat or cool capacity using delta temperature and dependent system properties. Also, incorporated may be triggering a subset of analytics by automatically inferring HVAC equipment details from controller configuration details, ensuring reliability of analytics by retaining logical continuity of HVAC equipment operational data even when controllers and other parts of the system are replaced, and an LCBS gateway with workflow and mechanisms to associate to a contractor account.
    Type: Grant
    Filed: January 19, 2016
    Date of Patent: June 9, 2020
    Assignee: Honeywell International Inc.
    Inventors: Gutha Stalin Sanghamitra, Paul Wacker, Daniel George Heine, Stuart Donaldson
  • Patent number: 10671744
    Abstract: Lightweight trusted execution technologies for internet-of-things devices are described. In response to a memory request at a page unit from an application executing in a current domain, the page unit is to map a current virtual address (VA) to a current physical address (PA). The policy enforcement logic (PEL) reads, from a secure domain cache (SDC), a domain value (DID) and a VA value that correspond to the current PA. The PEL grants access when the current domain and the DID correspond to the unprotected region or the current domain and the DID correspond to the secure domain region, the current domain is equal to the DID, and the current VA is equal to the VA value. The PEL grants data access and denies code access when the current domain corresponds to the secure domain region and the DID corresponds to the unprotected region.
    Type: Grant
    Filed: June 23, 2016
    Date of Patent: June 2, 2020
    Assignee: Intel Corporation
    Inventors: Li Zhao, Manoj R. Sastry, Arnab Raha
  • Patent number: 10673869
    Abstract: A method for identifying malicious encrypted network traffic communicated via a computer network is disclosed. A malicious encrypted traffic detector is also disclosed.
    Type: Grant
    Filed: February 16, 2015
    Date of Patent: June 2, 2020
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, George Kallos, Ben Azvine
  • Patent number: 10666668
    Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.
    Type: Grant
    Filed: January 28, 2019
    Date of Patent: May 26, 2020
    Assignee: Splunk Inc.
    Inventors: Sudhakar Muddu, Christos Tryfonas
  • Patent number: 10664591
    Abstract: The disclosed technology is generally directed to secure transactions. In one example of the technology, an enclave pool is formed. The enclave pool may include a plurality of enclaves that are secure execution environments. In some examples, forming the enclave pool includes registering the enclaves of the enclave pool. A request to allocate an enclave from the enclave pool may be received. An enclave may be fetched from the enclave pool responsive to the request to assign the enclave. Cryptlet code is executed in the fetched enclave such that a payload is generated in the enclave. The payload can be digitally signed and/or encrypted by the cryptlet, and can also be digitally signed by the enclave. The fetched enclave may be deallocated.
    Type: Grant
    Filed: May 11, 2017
    Date of Patent: May 26, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: John Marley Gray