Patents Examined by Mary Li
  • Patent number: 9961106
    Abstract: A method for monitoring traffic flow in a network is provided. A network monitoring probe monitors one or more network traffic flow parameters to detect a denial of service attack. In response to detecting the denial of service attack, a first set of data representing the denial of service attack alert is displayed. Filtering criteria are received from a user. The filtering criteria include at least one of the network flow parameters identified as legitimate network traffic. A second set of data is generated and displayed based on the filtering criteria.
    Type: Grant
    Filed: September 24, 2014
    Date of Patent: May 1, 2018
    Assignee: Arbor Networks, Inc.
    Inventors: David Watson, Anthony Danducci, Joanna Markel, Willie Northway, Steven Lyskawa, James E. Winquist
  • Patent number: 9961107
    Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: May 1, 2018
    Assignee: SECUREWORKS CORP.
    Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas
  • Patent number: 9959395
    Abstract: A digital rights management system includes two digital rights management servers (RMS servers) connected to a client computer. The two RMS servers implement different but related digital rights management (DRM) policies, with the first RMS server implementing conventional DRM policies and the second RMS server implementing extended DRM policies. An application program on the client computer interacts with a document on the client computer, and communicates with the first RMS server to obtain access authorization for the document. A plug-in program in the client computer cooperates with the application program, and communicates with the second RMS server to obtain additional access authorization for the document. Access to the document is granted when both RMS servers grant access to the document. This achieves extended digital rights management control which can provide a more flexible access control than that provided by existing DRM systems.
    Type: Grant
    Filed: June 30, 2015
    Date of Patent: May 1, 2018
    Assignee: KONICA MINOLTA LABORATORY U.S.A., INC.
    Inventors: Rabindra Pathak, Kyohei Shiraishi
  • Patent number: 9959537
    Abstract: The disclosure provides a portable electronic card system and a method for manufacturing a rewritable plastic card. The portable electronic card system includes: a portable personal electronic device, a rewritable plastic card and a writing device. The portable personal electronic device is used for obtaining a certificated code and a personal information from a database by internet. The rewritable plastic card has a rewritable storage device for storing the personal information. The writing device electrically connects to the portable personal electronic device, and is used for writing the personal information into the rewritable plastic card.
    Type: Grant
    Filed: February 27, 2014
    Date of Patent: May 1, 2018
    Inventor: Pinsheng Sun
  • Patent number: 9961095
    Abstract: Systems and methods are provided for advanced persistent threat detection on a network. The method includes capturing data packets from a network and performing layered session decoding on the captured packets. Metadata is extracted from the decoded packets and is stored for analysis. Analysis of the metadata is used to detect advanced persistent threats on the network. The system includes a network and a processor coupled to the network. The processor is configured to capture data packets from the network and perform layered session decoding on the captured packets. Metadata is extracted by the processor and stored in a memory coupled to the processor. The metadata may then be analyzed to detect advanced persistent threats on the network.
    Type: Grant
    Filed: March 14, 2014
    Date of Patent: May 1, 2018
    Assignee: FIDELIS CYBERSECURITY, INC.
    Inventors: Gene Savchuk, Anubhav Arora
  • Patent number: 9961080
    Abstract: To allow a third party system to more particularly identify sets of users for distributing content, an online system receives data from a third party system identifying users of the online system who have authorized communication with the third party system and stores information authorizing communication between the third party system and the users in user profiles associated with the user. The online system receives a request from the third party system to transmit a notification to online system users satisfying criteria specified by the request. User profiles including information authorizing communication between the third party system and online system users are identified by the online system, which selects a set of the identified user profiles associated with information satisfying the criteria specified by the request. The online system transmits the notification to client devices associated with users associated with the set of the identified user profiles.
    Type: Grant
    Filed: March 6, 2015
    Date of Patent: May 1, 2018
    Assignee: Facebook, Inc.
    Inventors: Tirunelveli R. Vishwanath, Vijaye Ganesh Raji, James J. Yu
  • Patent number: 9959415
    Abstract: Methods and apparatus for use in presenting information from a plurality of security domains. A first request for first data from a first data source and a second request for second data from a second data source are transmitted by a computing device. The first data source is associated with a first security domain, and the second data source is associated with a second security domain. A bridge computing device forwards the first request and/or the second request based on determining that the requests are authorized. The first data and the second data may be received and combined by the computing device.
    Type: Grant
    Filed: December 17, 2010
    Date of Patent: May 1, 2018
    Assignee: The Boeing Company
    Inventors: Ismael Rodriguez, Ross Wilson, Ricardo Torres, Michael C. Kline, Eric Irwin
  • Patent number: 9961054
    Abstract: A method includes transitioning a device in an industrial process control and automation system from a secondary role to a primary role during a switchover and, in response to the switchover, clearing one or more security values stored by the device. The method also includes receiving a message at the device from a network node and, in response to determining that no security association is associated with the received message or the network node, exchanging security credentials and establishing a trust relationship with the network node. Transitioning the device includes assuming a network address of another device that previously operated in the primary role, that previously communicated with the network node, and that previously had a security association with the network node. Clearing the security value(s) can prevent the device from having the trust relationship associated with the network node when the device receives the message from the network node.
    Type: Grant
    Filed: June 23, 2014
    Date of Patent: May 1, 2018
    Assignee: Honeywell International Inc.
    Inventors: Christopher Buonacuore, James Schreder, Gary Drayton
  • Patent number: 9961546
    Abstract: Various methods and communications devices to improve association and handoff performance of a wireless network are provided. By way of example, a modified state machine that permits reduced security requirements for authentication in order to achieve fast authentication is employed. The modified state machine providing fast authentication remains compatible with the classic state machine implementing the wireless fidelity (WiFi) standard.
    Type: Grant
    Filed: December 3, 2015
    Date of Patent: May 1, 2018
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Sheng Sun, Yunbo Li, Kwok Shum Au
  • Patent number: 9961102
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a function call for a function, determine a current stack pointer value for the function call, and determine if the current stack pointer value is within a pre-defined range. The electronic device can include a stack pivoting logging module to log a plurality of function calls. The electronic device can also include a stack pivoting detection module to analyze the log of the plurality of function calls to determine, for each of the plurality of function calls, if the current stack pointer value is within a pre-defined range.
    Type: Grant
    Filed: September 24, 2014
    Date of Patent: May 1, 2018
    Assignee: McAfee, LLC
    Inventors: Xiaoning Li, Lixin Lu, Lu Deng
  • Patent number: 9961073
    Abstract: Techniques are disclosed for dynamically generating a digital certificate for a customer server. A customer server creates a certificate profile and receives an associated profile identifier from a certificate authority (CA). The customer server installs an agent application received from the CA. The agent application generates a public/private key pair and an identifier associated with the customer server. The agent application sends a signed request to the CA that includes the profile identifier, server identifier, and the public key corresponding to the key pair. Upon receiving the credentials, the CA generates a dynamically updatable certificate. Thereafter, if the customer changes information associated with the certificate (or if external conditions require a change to the certificate, such as a key compromise or change in security standards), the CA may generate an updated certificate based on the certificate profile changes and the public key.
    Type: Grant
    Filed: September 30, 2013
    Date of Patent: May 1, 2018
    Assignee: DigiCert, Inc.
    Inventor: Kokil Bhalerao
  • Patent number: 9954856
    Abstract: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.
    Type: Grant
    Filed: December 21, 2015
    Date of Patent: April 24, 2018
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Gregory Branchek Roth, Graeme David Baer, Brian Irl Pratt
  • Patent number: 9953183
    Abstract: A method includes receiving at a processor, an indication of a user touching a point on a data entry device, receiving at the processor, an indication of a user gazing in a direction, and comparing via the processor the touched point and the gazing direction to a known touch point and gaze direction to verify the user is an authorized user.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: April 24, 2018
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Nathan J. Peterson, Rod D Waltermann, John Carl Mese, Arnold S. Weksler, Russell Speight VanBlon
  • Patent number: 9948653
    Abstract: Technology for policies with reduced associated costs is disclosed. A policy may include an ordered rule set. When evaluated, the highest priority rule in the order that does not skip may control the policy outcome. Rules within a policy may have associated costs, such as data fetch and evaluation costs. In some contexts, it may be less important to evaluate every rule than to evaluate the policy quickly. Reduced policies that have one or more rules removed or that skip evaluation of some rules may be created for these contexts. When a rule of a policy is skipped, it may result in a possibility of a false allow or false deny. In some cases, rules may be duplicative. Removal or skipping of duplicative rules does not increase the possibility of a false allow or false deny. By using reduced policies in identified contexts, policy evaluation costs may be reduced.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: April 17, 2018
    Assignee: Facebook, Inc.
    Inventors: Maria S. Pimenova, Wendy Weihuan Mu, Dwayne Lloyd Reeves, Kendall Blair Hopkins
  • Patent number: 9838363
    Abstract: A method comprising generating an updated security key upon expiration of a key exchange timer, transferring the updated security key to a Coaxial Network Unit (CNU), retaining an original key, wherein the updated security key comprises a different key identification number than the original key, accepting and decrypting upstream traffic that employs either the original key or the updated key, after transferring the updated security key to the CNU, creating a key switchover timer, before the key switchover timer expires, verify that upstream traffic transferred from the CNU on a logical link uses the updated security key, and when upstream traffic is encrypted using the updated security key, begin using the updated security key to encrypt downstream traffic and clear the key switchover timer.
    Type: Grant
    Filed: January 14, 2016
    Date of Patent: December 5, 2017
    Assignee: Futurewei Technologies, Inc.
    Inventors: Yanbin Sun, Guangsheng Wu, Li Zhang, Jim Chen
  • Patent number: 9813392
    Abstract: Disclosed is a method for providing a public key for authenticating an integrated circuit. In the method, the integrated circuit obtains a hardware key and an integrated circuit identifier. The integrated circuit generates a derived key based on the hardware key using a key derivation function (KDF) shared with a manufacturing machine. The integrated circuit generates a private key and a corresponding public key using the derived key as an input to a deterministic function. The integrated circuit then provides the public key and the integrated circuit identifier to a partner service for authentication of the integrated circuit using an anonymized credential database to be provided to the partner service by a manufacturer.
    Type: Grant
    Filed: March 6, 2015
    Date of Patent: November 7, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Dean Lorenz, Boris Dolgunov, Roberto Avanzi, Ivan Hugh Mclean
  • Patent number: 9811676
    Abstract: A computer-implemented method for securely providing information external to documents may include identifying a document that may include at least one link to content external to the document, retrieving the content external to the document from the link, converting the content external to the document to embeddable content in a secure format that can be embedded within the document and creating a secure version of the document at least in part by embedding the embeddable content that has been converted to the secure format into the document. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: January 26, 2016
    Date of Patent: November 7, 2017
    Assignee: Symantec Corporation
    Inventor: William Gauvin
  • Patent number: 9811547
    Abstract: The invention relates to a client computer for updating a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises first data items and suffix items, wherein each suffix item describes a suffix of at least one first data item of the first data items, wherein for each suffix item a first referential connection exists in the database assigning said suffix item to the at least one first data item comprising the suffix of said suffix item, wherein each suffix item is encrypted with a suffix cryptographic key in the database, wherein each first data item is encrypted with a first cryptographic key in the database, wherein the client computer has installed thereon an application program, the application program being operational to: receiving a search request, the search request specifying a postfix search on a search criterion, determining the suffix item matching the search criterion, providing to the database a request for provi
    Type: Grant
    Filed: June 1, 2016
    Date of Patent: November 7, 2017
    Assignee: COMPUGROUP MEDICAL SE
    Inventors: Adrian Spalka, Jan Lehnhardt
  • Patent number: 9807059
    Abstract: A telecommunication device for real-time communication at a border between a global transport network and a private domain of a communication network may include a proxy for a communication protocol, means for traffic using real-time communication protocols to traverse a firewall, means for real-time traffic initiated by the communication protocol to traverse a firewall, means for measuring and collecting value information about the real-time traffic over the global transport network, means for creating mutual trust between the telecommunication device and a second device with which it communicates; and means for authorizing usage of a feature for a mutually trusted communication participant.
    Type: Grant
    Filed: January 17, 2013
    Date of Patent: October 31, 2017
    Assignee: IPALIVE AB.
    Inventor: Karl Erik Ståhl
  • Patent number: 9798864
    Abstract: A computer program product, a method, and an information handling system is provided to track and retrieve licensing agreements of features integrated into an application by detecting during development of an application installation of one or more features having a licensing agreement associated with using the one or more features; storing in a database a mapping between the one more installed features to a corresponding licensing agreement for each of the one or more installed features; and providing support to retrieve for the each installed features, the corresponding licensing agreement.
    Type: Grant
    Filed: March 6, 2015
    Date of Patent: October 24, 2017
    Assignee: International Business Machines Corporation
    Inventor: Craig A. Statchuk