Patents Examined by Michael D Anderson
  • Patent number: 9912643
    Abstract: An attack defense processing method and a protection device. The attack defense processing method includes the protection device receives a first packet by a protection device, if it is determined that the first packet is an Internet Control Message Protocol version 6 (ICMPv6) Packet Too Big packet, parses the first packet to obtain an internet protocol (IP) address of a source node, an IP address of a destination node, and a Maximum Transmission Unit (MTU) value that are carried in the first packet, determines a range of valid MTUs on a path between the source node and the destination node according to the IP address of the source node and the IP address of the destination node, and performs attack defense processing for the first packet when it is determined that the MTU value does not belong to the range of the valid MTUs.
    Type: Grant
    Filed: September 29, 2015
    Date of Patent: March 6, 2018
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Yongbo Pan
  • Patent number: 9876642
    Abstract: A method is provided for securely transmitting a digital message that is transmitted by means of an electronic letter service. A user of the service has a computer with a functioning browser and an Internet connection, and the electronic letter service makes use of a TrustCenter. The user creates a password using his/her browser. A user password verifier is cryptographically derived from the password. The user password verifier is transmitted to the electronic letter service and stored on a storage medium. A user secret is generated from the password by means of a cryptographic derivation. The user secret constitutes the symmetrical key for the encryption of a user-specific user master secret. The user secret is encrypted using the public key of the TrustCenter and the encrypted user secret is transmitted to the electronic letter service, from where it is then forwarded to the TrustCenter.
    Type: Grant
    Filed: August 15, 2013
    Date of Patent: January 23, 2018
    Assignee: DEUTSCHE POST AG
    Inventors: Mike Bobinski, Jürgen Pabel
  • Patent number: 9866579
    Abstract: A non-transitory machine-readable media embodying instructions executable by one or more processors to perform a method is provided. In one aspect, the method includes receiving, from a first computing device associated with a first account, a request for interaction with a second computing device associated with a second account, wherein the first account is assigned a quota for interacting with one or more accounts. The method includes determining a cost associated with the interaction. The method includes, when the quota exceeds the cost, determining that the interaction is allowed and deducting the cost from the quota. Systems and methods are also provided.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: January 9, 2018
    Assignee: Google LLC
    Inventors: Bharadwaj Subramanian, Matthew Knouse, Charles Zaffaroni
  • Patent number: 9860068
    Abstract: The invention relates to a method of signature with pseudonym ? of a message m by a user device storing a secret signature key sk dependent at least on a first part of key f, on a second part of key x and on a third part of key A equal to (g1hf)1/(x+y) and comprising the following steps: —generation of a pseudonym nym equal to hf dpkx, with dpk a public domain parameter, —determination of random numbers a, r_a, r_f, r_x, r_b, r_d, —calculation of signature coefficients R1 equal to hr_Jdpkr_x, R2 equal to nymr_ah?r_ddpk?r_b, R3 equal to Zr_x Va?r_x?r_f?r_b W?r_a, with Z, V and W respectively equal to e(A, g2), e(h, g2) and e(h,w), —obtaining of a first signature parameter T equal to Aha, —calculation of a second signature parameter c by applying a cryptographic hash function H, to the public domain parameter dpk, to the pseudonym nym, to the first signature parameter T, to the signature coefficients R1, R2, R3 and to the message m, —calculation of signature parameters s_f, s_x, s_a, s_b, s_d, respectively equa
    Type: Grant
    Filed: October 30, 2014
    Date of Patent: January 2, 2018
    Assignee: MORPHO
    Inventors: Alain Patey, Hervé Chabanne, Julien Bringer, Roch Lescuyer
  • Patent number: 9854002
    Abstract: An application centric compliance management system includes a computing system that executes a tool to identify a subset of a the resources of a multi-tier computing environment that are used to execute an application, and for each identified resource, obtain one or more application-based compliance policies associated with the application. The tool may then determine whether the resource meets each application-based compliance policy, and when the resource does not meet the application-based compliance policy, generate an alarm that includes information associated with the one unmet application-based compliance policy.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: December 26, 2017
    Assignee: VCE Holding Company LLC
    Inventors: Jonathan P. Streete, Nicholas A. Hansen, Todd Dolinsky, Christopher M. Davis
  • Patent number: 9838376
    Abstract: A system provides cloud-based identity and access management. The system receives a request for performing an identity management service, where the request includes a call to an application programming interface (“API”) that identifies the identity management service and a microservice configured to perform the identity management service. The system authenticates the request, accesses the microservice, and performs the identity management service by the microservice.
    Type: Grant
    Filed: March 6, 2017
    Date of Patent: December 5, 2017
    Assignee: Oracle International Corporation
    Inventors: Vadim Lander, Damien Carru, Gary P. Cole, Ajay Sondhi, Gregg Wilson
  • Patent number: 9832645
    Abstract: Aspects of the subject disclosure may include, for example, a method comprising authenticating, by a server comprising a processor, a communication device to a first communication network, in accordance with authentication information stored in a first repository of the first communication network. The method also comprises determining, by the server, that a second communication network is accessible to the communication device. The method further comprises providing, by the server, the authentication information to a second repository of the second communication network in accordance with the determining, wherein the providing is performed independently of a request from the second communication network. Other embodiments are disclosed.
    Type: Grant
    Filed: January 4, 2017
    Date of Patent: November 28, 2017
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Sangar Dowlatkhah, Venson Shaw, Thomas J Will
  • Patent number: 9825979
    Abstract: A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent (“UHCA”) may also be used to detect anomalous behavior.
    Type: Grant
    Filed: January 30, 2017
    Date of Patent: November 21, 2017
    Assignee: Los Alamos National Security, LLC
    Inventors: Joshua Charles Neil, Michael Edward Fisk, Alexander William Brugh, Curtis Lee Hash, Curtis Byron Storlie, Benjamin Uphoff, Alexander Kent
  • Patent number: 9811381
    Abstract: Resource restrictions are associated with a user identifier. A resource restriction agent receives operating system calls related for resources and provides resource request data to a resource agent. The resource agent determines whether the resource is restricted based on the resource request data and resource restriction data and generates access data based on the determination. The resource restriction agent grants or denies the system call based on the access data.
    Type: Grant
    Filed: July 25, 2016
    Date of Patent: November 7, 2017
    Assignee: APPLE INC.
    Inventors: Jussi-Pekka Mantere, III, Alexander Tony Maluta, John William Scalo, Eugene Ray Tyacke, Bruce Gaya, Michael John Smith, Peter Kiehtreiber, Simon P. Cooper
  • Patent number: 9807118
    Abstract: In an example, there is disclosed a computing apparatus, including: a network interface; one or more logic elements providing a security orchestration server engine operable for: receiving contextual data from a client via a network interface; providing the contextual data to a security orchestration state machine, the security orchestration state machine operable for deriving a policy decision from the contextual data; and receiving the policy decision from the policy orchestration state machine. There is also disclosed one or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions for providing a security orchestration engine, and a method of providing a security orchestration engine.
    Type: Grant
    Filed: June 27, 2015
    Date of Patent: October 31, 2017
    Assignee: McAfee, Inc.
    Inventor: Hemang Nadkarni
  • Patent number: 9798901
    Abstract: A device securely accesses data in a memory via an addressing unit which provides a memory interface for interfacing to a memory, a core interface for interfacing to a core processor and a first and second security interface. The device includes a security processor HSM for performing at least one security operation on the data and a remapping unit MMAP. The remapping unit enables the security processor to be accessed by the core processor via the first security interface and to access the memory device via the second security interface according to a remapping structure for making accessible processed data based on memory data. The device provides a clear view on encrypted memory data without requiring system memory for storing the clear data.
    Type: Grant
    Filed: April 30, 2013
    Date of Patent: October 24, 2017
    Assignee: NXP USA, Inc.
    Inventors: Juergen Frank, Michael Staudenmaier, Manfred Thanner
  • Patent number: 9800574
    Abstract: Methods, apparatus, and systems for generating and verifying one time passwords in connection with a risk assessment are disclosed. The risk assessment may comprise a client-side risk assessment. The risk assessment may also comprise a server-side risk assessment.
    Type: Grant
    Filed: December 30, 2014
    Date of Patent: October 24, 2017
    Assignee: VASCO Data Security, Inc.
    Inventors: Guillaume Teixeron, Sebastien Lavigne
  • Patent number: 9794729
    Abstract: Techniques for mobile devices to subscribe and share raw sensor data are provided. The raw sensor data associated with sensors (e.g., accelerometers, gyroscopes, compasses, pedometers, pressure sensors, audio sensors, light sensors, barometers) of a mobile device can be used to determine the movement or activity of a user. By sharing the raw or compressed sensor data with other computing devices, the other computing devices can determine a motion state based on the sensor data. Additionally, in some instances, the other computing devices can determine a functional state based on the sensor data and the motion state. For example, functional state classification can be associated with each motion state (e.g., driving, walking) by further describing each motion state (e.g., walking on rough terrain, driving while texting).
    Type: Grant
    Filed: February 16, 2016
    Date of Patent: October 17, 2017
    Assignee: Apple Inc.
    Inventors: Libo C. Meyers, Anil K. Kandangath, Xiaoyuan Tu
  • Patent number: 9787653
    Abstract: An encrypted cached content system includes a user IHS, a content provider IHS, and a caching IHS. The caching IHS includes a caching engine that is configured to receive a content request from the user IHS. The caching engine generates a user-side key using content identifying information in the content request, and forwards the content request to the content provider IHS over a network as a content partial information request. In response to receiving a content partial information response from the content provider IHS over a network, the caching engine generates a content-provider-side key using header information in the content partial information response. The caching engine performs a hashing operation on the content request using a combination of the user-side key and the content-provider-side key to produce a hashed content request, and uses the hashed content request to retrieve content from the cache.
    Type: Grant
    Filed: September 16, 2016
    Date of Patent: October 10, 2017
    Assignee: Dell Products L.P.
    Inventor: Samuel Liddicott
  • Patent number: 9769657
    Abstract: The present disclosure relates to a method and system for the remote provisioning of an access subscription of a user to a wireless communication network, wherein at least one network operator provides communication services to mobile communication devices provided with a user UICC card. Data of a temporary subscription are generated from the data of an initial subscription which will subsequently allow generating data of a definitive subscription in a network operator and in the UICC card requesting a subscription from the former without the need of remotely transmitting sensitive data of the definitive subscription.
    Type: Grant
    Filed: March 27, 2012
    Date of Patent: September 19, 2017
    Assignee: VALID SOLUCIONES TECNOLOGICAS, S.A.U.
    Inventors: Gloria Trujillo Gonzalez, Esther Martinez Sanz, Luis Lopez Rizaldos
  • Patent number: 9762586
    Abstract: The present invention discloses a system and method for controlling mutual access of smart devices. The method includes creating a home account on a cloud server, and adding smart devices and device information corresponding to the smart devices to a device list under the home account; acquiring, for each of the smart devices, authentication by using the home account and device information corresponding to the smart device; and establishing, for each of the smart devices, a Transmission Control Protocol (TCP) long connection to the cloud server. In the present invention, a unique home account is created on a cloud server, so that smart devices log in to the cloud server by using the unified home account, and the smart devices under the unified home account allow mutual access when being authorized. Therefore, when smart devices in a home access each other, the workload is greatly reduced.
    Type: Grant
    Filed: July 2, 2014
    Date of Patent: September 12, 2017
    Assignee: SHENZHEN TCL NEW TECHNOLOGY CO., LTD.
    Inventor: Max Wu
  • Patent number: 9754129
    Abstract: A data securing device according to an embodiment includes a processor that executes a process including: receiving individual data and a parameter for anonymization, using the parameter to suppress data that does not satisfy k-anonymity among data that is included in various attributes of records in the individual data, and suppressing data that is extracted from the data at random; and outputting individual data in which data is suppressed at the receiving.
    Type: Grant
    Filed: December 9, 2015
    Date of Patent: September 5, 2017
    Assignee: FUJITSU LIMITED
    Inventor: Yuji Yamaoka
  • Patent number: 9754092
    Abstract: One or more embodiments of the invention provide access to a work environment in a mobile device from a lock screen presented by a personal environment of the mobile device, wherein the work environment is running in a virtual machine supported by a hypervisor running within the personal environment and wherein the personal environment is a host operating system (OS) of the mobile device. The host OS receives an authentication credential from a user in response to a presentation of the lock screen on a user interface (UI) of the mobile device and then determines whether the authentication credential is valid for the personal environment or the work environment. If the authentication credential is valid for the personal environment, access is enabled only to the personal environment. If the authentication credential is valid for the work environment, access is enabled to both the personal environment and the work environment.
    Type: Grant
    Filed: October 26, 2015
    Date of Patent: September 5, 2017
    Assignee: VMware, Inc.
    Inventor: Craig F. Newell
  • Patent number: 9756057
    Abstract: A security method that includes assigning a sensitivity value for a communication with a sensitivity determining module including at least one hardware processor. Following assignment of the sensitivity value to the communication, the communication is formatted for display. When sensitivity value exceeds a security threshold, the communication is parsed into a sequence of fragments. The communication is transmitted as the sequence of fragments when said sensitivity value exceeds the security threshold.
    Type: Grant
    Filed: June 19, 2015
    Date of Patent: September 5, 2017
    Assignee: International Business Machines Corporation
    Inventors: Rhonda L. Childress, Itzhack Goldberg, James R. Kozloski, Clifford A. Pickover, Neil Sondhi, Maja Vukovic
  • Patent number: 9756023
    Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, access policies define authorizations regarding which entities are able to resolve a token to access the actual sensitive data.
    Type: Grant
    Filed: August 12, 2016
    Date of Patent: September 5, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Jonathan Kozolchyk, Darren E. Canavor, Jeffrey J. Fielding, Vaibhav Mallya, Darin Keith McAdams