Patents Examined by Matthew B. Smithers
  • Patent number: 8037517
    Abstract: Methods, systems, and computer program products for providing function-parallel firewalls are disclosed. According to one aspect, a function-parallel firewall includes a first firewall node for filtering received packets using a first portion of a rule set including a plurality of rules. The first portion includes less than all of the rules in the rule set. At least one second firewall node filters packets using a second portion of the rule set. The second portion includes at least one rule in the rule set that is not present in the first portion. The first and second portions together include all of the rules in the rule set.
    Type: Grant
    Filed: December 22, 2005
    Date of Patent: October 11, 2011
    Assignee: Wake Forest University
    Inventors: Errin W. Fulp, Ryan J. Farley
  • Patent number: 8024806
    Abstract: A method, apparatus and system enable a secure location-aware platform. Specifically, embodiments of the present invention may utilize a secure processing partition on the platform to determine a location of the platform and dynamically apply and/or change security controls accordingly.
    Type: Grant
    Filed: October 17, 2006
    Date of Patent: September 20, 2011
    Assignee: Intel Corporation
    Inventor: Dennis Morgan
  • Patent number: 8010788
    Abstract: For each process a stack data structure that includes two stacks, which are joined at their bases, is created. The two stacks include a normal stack, which grows downward, and an inverse stack, which grows upward. Items on the stack data structure are segregated into protected and unprotected classes. Protected items include frame pointers and return addresses, which are stored on the normal stack. Unprotected items are function parameters and local variables. The unprotected items are stored on the inverse stack.
    Type: Grant
    Filed: December 21, 2009
    Date of Patent: August 30, 2011
    Assignee: AT&T Intellectual Property II, LP
    Inventors: Michael L. Asher, Charles C. Giddens, Harold Jeffrey Stewart
  • Patent number: 8006302
    Abstract: A system for detecting unauthorised use of a network is provided with a pattern matching engine for searching attack signatures into data packets, and with a response analysis engine for detecting response signatures into data packets sent back from an attacked network/computer. When a suspect signature has been detected into a packet, the system enters an alarm status starting a monitoring process on the packets sent back from the potentially attacked network/computer. An alarm is generated only in case the analysis of the response packets produces as well a positive result. Such intrusion detection system is much less prone to false positives and misdiagnosis than a conventional pattern matching intrusion detection system.
    Type: Grant
    Filed: August 11, 2003
    Date of Patent: August 23, 2011
    Assignee: Telecom Italia S.p.A.
    Inventor: Paolo Abeni
  • Patent number: 8006102
    Abstract: A data transmission method and apparatus for transmitting data, such as encrypted content data. A device that is to be a destination of transmission is authenticated. If the device has not been authenticated, encrypted data read out from a storage unit is decrypted to give decoded data which then is re-encrypted based on innate key data acquired from the device that is to be the destination of transmission to give re-encrypted data. The re-encrypted data is then transmitted to the device that is to be a destination of transmission.
    Type: Grant
    Filed: June 20, 2008
    Date of Patent: August 23, 2011
    Assignee: Sony Corporation
    Inventors: Yoichiro Sako, Tatsuya Inokuchi, Shunsuke Furukawa
  • Patent number: 8006312
    Abstract: To provide a system which allows large volumes of data to be exchanged efficiently through network connections using portable terminals. An example data communications system includes a data terminal which stores certain data; and an operation terminal which controls access rights to the data stored in the data terminal, in which the operation terminal grants another operation terminal access rights to desired data. The data terminal returns the data according to an access request made based on the access rights. On the other hand, the operation terminal passes the acquired access rights to the data terminal, which then accesses the data terminal via a high-speed, stable, wired network and acquires the desired data, based on the access rights.
    Type: Grant
    Filed: August 19, 2007
    Date of Patent: August 23, 2011
    Assignee: International Business Machines Corporation
    Inventor: Taiga Nakamura
  • Patent number: 8005223
    Abstract: Embodiments of a system and method for providing additional security for data being transmitted across a wireless connection that has been established using a known wireless protocol (e.g. Bluetooth) are described. An encryption key is exchanged between a computing device (e.g. a mobile device) and a wireless peripheral device (e.g. a keyboard, a printer). In exemplary embodiments, the encryption key is generated at one of the two devices. Data associated with the encryption key is output at the one device, which can be input by the user at the other device. The encryption key is then recovered at the other device from the input, thereby completing the key exchange. The encryption key can then be used to encrypt and decrypt data transmitted over the established wireless connection, providing additional security.
    Type: Grant
    Filed: May 12, 2006
    Date of Patent: August 23, 2011
    Assignee: Research In Motion Limited
    Inventors: Michael G. Kirkup, Michael K. Brown, Michael S. Brown
  • Patent number: 8001610
    Abstract: An endpoint defense system uses endpoint health indicators and user identity information to provide fine-grain access control over network resources. For example, the endpoint defense system may include a controller, a set of protection devices, and a set of agents. The agents are software applications installed on a set of endpoints to gather the health information that represents security states of the endpoint devices. The agents send updated health information to the controller. In response to a login attempt, the controller processes the health indicators and identity information through a set of administrator-defined policies to generate a set of access rights. The controller transfers the set of access rights to the protection devices. The protection devices then control user access to network resources according to the set of access rights. The controller sends updated sets of access rights to the protection devices whenever the access rights change.
    Type: Grant
    Filed: September 28, 2005
    Date of Patent: August 16, 2011
    Assignee: Juniper Networks, Inc.
    Inventors: Roger Chickering, Sampath Srinivas, Timothy Liu
  • Patent number: 8001595
    Abstract: A security data structure, method and computer program product are provided. In use, computer code is received. Furthermore, functions in the computer code that control a behavior of the computer code when executed are statically identified.
    Type: Grant
    Filed: May 10, 2006
    Date of Patent: August 16, 2011
    Assignee: McAfee, Inc.
    Inventors: Joel Robert Spurlock, Aditya Kapoor
  • Patent number: 7996684
    Abstract: A digital logic circuit comprises a programmable logic device and a programmable security circuit. The programmable security circuit stores a set of authorized configuration security keys. The programmable security circuit compares the authorized configuration security keys with an incoming configuration request, and selectively enables a new configuration for the programmable logic device in response to the configuration request. In another exemplary embodiment, a programmable security circuit also stores a set of authorized operation security keys. The programmable security circuit compares the authorized operation security keys with an incoming operation request from the programmable logic device, and selectively enables an operation within the programmable logic device in response to the operation request.
    Type: Grant
    Filed: May 16, 2006
    Date of Patent: August 9, 2011
    Assignee: Infineon Technologies AG
    Inventors: Stephen L. Wasson, David K. Varn, John D. Ralston
  • Patent number: 7996881
    Abstract: Techniques are described for repairing some types of user account problems that interfere with granting a user access to a computer system and doing so during a process to authenticate the user in a way that does not require the user to re-enter authentication information or require the user to restart a communication session with the computer system. In response to a determination that a user's account has a problem during an authentication process, techniques are provided to enable a user to execute an appropriate process or processes to fix the user account, after which the authentication process continues. In this way, the correction to the user account may appear to be seamless to the user.
    Type: Grant
    Filed: November 9, 2005
    Date of Patent: August 9, 2011
    Assignee: AOL Inc.
    Inventors: Philip W. Flack, Yan Cheng, Zhihong Zhang, Matthew Nguyen
  • Patent number: 7992001
    Abstract: A method, system and computer program product for partitioning the binary image of a software program, and partially removing code bits to create an encrypted software key, to increase software security. The software program's binary image is partitioned along a random segment length or a byte/nibble segment length, and the code bits removed, and stored, along with their positional data in a software key. The software key is encrypted and is separately distributed from the inoperable binary image to the end user. The encrypted key is stored on a secure remote server. When the end user properly authenticates with the developer's remote servers, the encrypted security key is downloaded from the secure remote server and is locally decrypted. The removed code bits are reinserted into the fractioned binary image utilizing the positional location information. The binary image is then operable to complete execution of the software program.
    Type: Grant
    Filed: September 5, 2007
    Date of Patent: August 2, 2011
    Assignee: International Business Machines Corporation
    Inventors: Axel Aguado Granados, Benjamin A. Fox, Nathaniel J. Gibbs, Jamie R. Kuesel, Andrew B. Maki, Trevor J. Timpane
  • Patent number: 7987498
    Abstract: It is an object to provide a personal data management system which overcomes a problem of data leakage and a nonvolatile memory card applied to the personal data management system. A personal data management system includes a personal data storage medium including a communication control unit which transmits and receives data to/from a terminal, an encoding unit which encodes the received data, and a nonvolatile memory which stores the encoded data; a terminal including a communication control unit which transmits and receives data to/from the personal data storage medium and a server, a display portion which displays the received data, and an input unit; and the server including a communication control unit which transmits and receives data to/from the terminal, a decoding unit which decodes the encoded data, an identification data storage portion, and a unit which compares the decoded data with data in the identification data storage portion.
    Type: Grant
    Filed: June 20, 2007
    Date of Patent: July 26, 2011
    Assignee: Semiconductor Energy Laboratory Co., Ltd.
    Inventors: Yoshifumi Tanada, Shunpei Yamazaki, Yasuyuki Arai, Yoshitaka Moriya
  • Patent number: 7987371
    Abstract: Disclosed herein are methods and systems for encoding digital watermarks into content signals. Also disclosed are systems and methods for detecting and/or verifying digital watermarks in content signals. According to one embodiment, a system for encoding of digital watermark information includes: a window identifier for identifying a sample window in the signal; an interval calculator for determining a quantization interval of the sample window; and a sampler for normalizing the sample window to provide normalized samples. According to another embodiment, a system for pre-analyzing a digital signal for encoding at least one digital watermark using a digital filter is disclosed.
    Type: Grant
    Filed: July 9, 2008
    Date of Patent: July 26, 2011
    Assignee: Wistaria Trading, Inc.
    Inventor: Scott A. Moskowitz
  • Patent number: 7987500
    Abstract: The present invention is a method and system for providing a user with confirmation of the origin of a Web site and related information including the steps of registering a Web site with an assuring third party, saving the registration on a registration server, entering in a database the Web site's Internet domain name and cross-referencing it to the registration data, retrieving the Web site's domain with an Internet browser, and either (1) using a client application tool to call for registration data for the domain name via a secure SSL connection with the registration server, determining if the domain has been registered, and returning and displaying registration data for the domain name as a confirmed identity, or (2) calling a program on the registration server in response to an HTML tag on the domain via a secure SSL connection and passing it the domain name, determining if the domain has been registered, determining if the domain name has been registered, and returning and displaying registration data
    Type: Grant
    Filed: May 18, 2009
    Date of Patent: July 26, 2011
    Assignee: Geotrust, Inc.
    Inventors: Jonathan B. Rosenberg, John C. Harrison, David L. Remy, Neal L. Creighton, Jr.
  • Patent number: 7984288
    Abstract: A software protection apparatus and its protection method are disclosed. The software protection apparatus includes a storage unit and a processing unit. The storage unit has a program area and a data area. The program area is used to save an executable. The processing unit generates a reference pointer based on internal information of the executable, and the reference pointer then is saved to the program area or the data area. The processing unit then generates an algorithm based on at least one characteristic of the executable to save the algorithm to a specific position of the program area or the data area through the reference pointer, and employs the algorithm to perform an encoding action for the executable to generate a wrap program that is saved to the program area. When the wrap program is decoded, the reference pointer is obtained through a restore program to take the algorithm out. The wrap program then is restored to become the executable by using the algorithm.
    Type: Grant
    Filed: May 21, 2007
    Date of Patent: July 19, 2011
    Assignee: Sercomm Corporation
    Inventor: Chungjen Yang
  • Patent number: 7984515
    Abstract: A storage area network (SAN) license validator manages data collection policies (DCPs) in deployed SAN agents by identifying data collection policies corresponding to unlicensed features, and disabling the DCPs for the unlicensed features. Thus, the agents need not expend computational and memory resources to gather data for unlicensed features that will not be queried. Agents receive a set of data collection policies (DCPs) for licensed features for which the corresponding data will be gathered and reported to the MODB. DCPs for unlicensed features are disabled in the agents that would have executed them, either by removing or canceling from an active DCP list or by omitting the unlicensed DCPs from the startup sequence of the agent. In this manner, agents operate with only the DCPs for licensed products and corresponding features, and need not gather extraneous data.
    Type: Grant
    Filed: March 30, 2007
    Date of Patent: July 19, 2011
    Assignee: EMC Corporation
    Inventors: Svetlana Patsenker, Boris Farizon
  • Patent number: 7984290
    Abstract: In an encryption communication using VPN technologies, a load on a VPN system becomes large if the number of communication terminals increases. When an external terminal accesses via an internal terminal an application server, processes become complicated because it is necessary to perform authentication at VPN and authentication at the application server. A management server is provided for managing external terminals, internal terminals and application servers. The management server authenticates each communication terminal and operates to establish an encryption communication path between communication terminals. Authentication of each terminal by the management server relies upon a validation server. When the external terminal performs encryption communication with the application server via the internal terminal, two encryption communication paths are established and used between the external terminal and internal terminal and between the internal terminal and application server.
    Type: Grant
    Filed: May 18, 2006
    Date of Patent: July 19, 2011
    Assignee: Hitachi, Ltd.
    Inventors: Yoko Hashimoto, Takahiro Fujishiro, Tadashi Kaji, Osamu Takata, Kazuyoshi Hoshino, Shinji Nakamura
  • Patent number: 7978859
    Abstract: The present invention relates to a method, a device and a system for preventing unauthorized introduction of content items in a network containing compliant devices and enabling users in the network to be anonymous. A basic idea of the present invention is to provide a CA (206) with a fingerprint of a content item to be introduced in a network at which the CA is arranged. Further, the CA is provided with an identifier of a content introducer (201), which introduces the particular content item in the network. The CA compares the fingerprint to a predetermined set of fingerprints, and content item intro?duction is allowed if the content item fingerprint cannot be found among the fingerprints comprised in the set. On introduction of the content item, the CA generates a pseudonym for the content introducer and creates a signed content ID certificate comprising at least said fingerprint and a unique content identifier for the content item and the pseudonym of the content introducer.
    Type: Grant
    Filed: January 19, 2006
    Date of Patent: July 12, 2011
    Assignee: Koninklijke Philips Electronics N.V.
    Inventors: Claudine Viegas Conrado, Geert Jan Schrijen, Milan Petkovic
  • Patent number: 7979906
    Abstract: A method and system for multifaceted scanning, the method having the steps of receiving a data source; processing the data source for a plurality of scanning aspects, the processing step utilizing rules and policies for the plurality of scanning aspects to provide transformed, modified or adapted content; and outputting the transformed, modified or adapted content.
    Type: Grant
    Filed: October 5, 2007
    Date of Patent: July 12, 2011
    Assignee: Research In Motion Limited
    Inventors: Brian McColgan, Gaelle Martin-Cocher, Michael Shenfield