Patents Examined by Michael J. Simitoski
  • Patent number: 10083290
    Abstract: A domain identifier of a first domain of a plurality of domains is identified, the domain identifier included in a domain certificate received from the first domain. A first permanent hardware identifier set as a fuse key value embedded in hardware of the device during fabrication is identified. A plurality of unique second private hardware identifiers stored in the secured memory are identified. A plurality of hardware-based root identifiers are derived from the plurality of unique second private hardware identifiers respectively. A plurality of secure identifiers for the respective plurality of unique second private hardware identifiers are derived for a pairing of the device and the first domain based on the plurality of root identifiers respectively and the domain identifier. A secure identifier of the plurality of secure identifiers is caused to be sent over a secured channel to a domain computing device associated with the first domain.
    Type: Grant
    Filed: February 14, 2018
    Date of Patent: September 25, 2018
    Assignee: McAfee, LLC
    Inventors: Vincent Edward Von Bokern, Purushottam Goel, Sven Schrecker, Ned McArthur Smith
  • Patent number: 10033756
    Abstract: A trust management system may be configured to compute a trust level for a compute resource based on a trust manifest corresponding to compute resource. Based on the construction of a trust manifest for each class of compute resources, a trust level may be computed for a wide range of compute resources, including bare-metal hosts, hypervisor hosts, virtual machines and containers. A trust manifest may specify one or more inputs for calculating the trust level, as well as how the inputs are to be processed to arrive at the trust level. The one or more inputs may include integrity measurements determined in accordance with one or more integrity measurement methods and security assessments determined in accordance with one or more security assessment methods. The inputs for the trust level calculation may be evaluated by one or more rule statements specified in the trust manifest, the evaluation of which returns the trust level for the compute resource.
    Type: Grant
    Filed: October 26, 2017
    Date of Patent: July 24, 2018
    Assignee: HyTrust, Inc.
    Inventors: Govindarajan Rangarajan, Hemma Prafullchandra, Sean Patrick Murphy, Laxmana Kumar Bhavandla
  • Patent number: 10002258
    Abstract: Security system for protecting a vehicle electronic system by selectively intervening in the communications path in order to prevent the arrival of malicious messages at ECUs, in particular at the safety critical ECUs. The security system includes a filter which prevents illegal messages sent by any system or device communicating over a vehicle communications bus from reaching their destination. The filter may, at its discretion according to preconfigured rules, send messages as is, block messages, change the content of the messages, request authentication or limit the rate such messages can be delivered, by buffering the messages and sending them only in preconfigured intervals.
    Type: Grant
    Filed: September 14, 2017
    Date of Patent: June 19, 2018
    Assignee: ARILOU INFORMATION SECURITY TECHNOLOGIES LTD.
    Inventors: Gil Litichever, Ziv Levi
  • Patent number: 9928500
    Abstract: Securing access to a portable electronic device (PED), securing e-commerce transactions at an electronic device (ED) and dynamically adjusting system settings at a PED are disclosed. In an example, usage or mobility characteristics of the PED or ED (e.g., a location of the ED or PED, etc.) are compared with current parameters of the PED or ED. A determination as to whether to permit an operation (e.g., access, e-commerce transaction, etc.) at the ED or PED can be based at least in part upon a degree to which the current parameters conform with the usage or mobility characteristics. In another example, at least a current location of a PED can be used to determine which system settings to load at the PED.
    Type: Grant
    Filed: February 20, 2015
    Date of Patent: March 27, 2018
    Assignee: QUALCOMM Incorporated
    Inventor: Arnold Jason Gum
  • Patent number: 8020192
    Abstract: The protection of data on a client mobile computing device by a server computer system such as within an enterprise network or on a separate mobile computing device is described. Security tools are described that provide different security policies to be enforced based on a location associated with a network environment in which a mobile device is operating. Methods for detecting the location of the mobile device are described. Additionally, the security tools may also provide for enforcing different policies based on security features. Examples of security features include the type of connection, wired or wireless, over which data is being transferred, the operation of anti-virus software, or the type of network adapter card. The different security policies provide enforcement mechanisms that may be tailored based upon the detected location and/or active security features associated with the mobile device. Examples of enforcement mechanisms are adaptive port blocking, file hiding and file encryption.
    Type: Grant
    Filed: October 29, 2007
    Date of Patent: September 13, 2011
    Inventors: Michael Wright, Peter Boucher, Gabe Nault, Merrill Smith, Sterling K. Jacobson, Jonathan Wood, Robert Mims
  • Patent number: 8015599
    Abstract: A method for provisioning a device such as a token. The device issues a certificate request to a Certification Authority. The request includes a public cryptographic key uniquely associated with the device. The Certification Authority generates a symmetric cryptographic key for the device, encrypts it using the public key, and creates a digital certificate that contains the encrypted symmetric key as an attribute. The Certification Authority sends the digital certificate to the device, which decrypts the symmetric key using the device's private key, and stores the decrypted symmetric key.
    Type: Grant
    Filed: May 19, 2009
    Date of Patent: September 6, 2011
    Assignee: Symantec Corporation
    Inventor: Nicolas Popp
  • Patent number: 8006292
    Abstract: Embodiments of the present invention comprise systems, methods and devices for eliminating multiple submission of user credential data in a system with multiple distinct restricted sub-systems wherein a unique credential is required for each sub-system.
    Type: Grant
    Filed: July 29, 2005
    Date of Patent: August 23, 2011
    Assignee: Sharp Laboratories of America, Inc.
    Inventors: Hanzhong Zhang, David J. Lovat
  • Patent number: 8006293
    Abstract: Embodiments of the present invention comprise systems, methods and devices for eliminating multiple submission of user credential data in a system with multiple distinct restricted sub-systems wherein a unique credential is required for each sub-system.
    Type: Grant
    Filed: July 29, 2005
    Date of Patent: August 23, 2011
    Assignee: Sharp Laboratories of America, Inc.
    Inventors: Hanzhong Zhang, David J. Lovat
  • Patent number: 8001587
    Abstract: Embodiments of the present invention comprise systems, methods and devices for eliminating multiple submission of user credential data in a system with multiple distinct restricted sub-systems wherein a unique credential is required for each sub-system.
    Type: Grant
    Filed: July 29, 2005
    Date of Patent: August 16, 2011
    Assignee: Sharp Laboratories of America, Inc.
    Inventors: David J. Lovat, Hanzhong Zhang
  • Patent number: 8001586
    Abstract: Embodiments of the present invention comprise systems, methods and devices for eliminating multiple submission of user credential data in a system with multiple distinct restricted sub-systems wherein a unique credential is required for each sub-system.
    Type: Grant
    Filed: July 29, 2005
    Date of Patent: August 16, 2011
    Assignee: Sharp Laboratories of America, Inc.
    Inventors: Hanzhong Zhang, David J. Lovat
  • Patent number: 7992216
    Abstract: Systems and methods for displaying messages to a user, the messages having different levels of security, are provided herein. One method of displaying to a user messages having different levels of security includes receiving a message over a network includes examining an attribute of the message to determine a security-related level associated with the message. A visual indication for display to a device user is generated by the device. Such visual indication is indicative of the determined security-related level, and is configured to be visible during scrolling through a majority of the message text.
    Type: Grant
    Filed: November 17, 2009
    Date of Patent: August 2, 2011
    Assignee: Research in Motion Limited
    Inventors: Neil P. Adams, Michael S. Brown, Herbert A. Little
  • Patent number: 7992208
    Abstract: An estimate of a portion of network traffic that is nonconforming to a communication transmission control protocol is used to signal that a distributed denial of service attack may be occurring. Traffic flows are aggregated and packets are intentionally dropped from the flow aggregate in accordance with an assigned perturbation signature. The flow aggregates are observed to determine if the rate of arrival of packets that have a one-to-one transmission correspondence with the dropped packets are similarly responsive to the perturbation signature. By assigning orthogonal perturbation signatures to different routers, multiple routers may perform the test on the aggregate and the results of the test will be correctly ascertained at each router. Nonconforming aggregates may be redefined to finer granularity to determine the node on the network that is under attack, which may then take mitigating action.
    Type: Grant
    Filed: September 19, 2006
    Date of Patent: August 2, 2011
    Assignee: University of Maryland
    Inventors: Mehdi Kalantari Khandani, Mark A. Shayman
  • Patent number: 7987508
    Abstract: A copy-protected compact disc includes, within a single session, a table of contents (TOC) and a Video CD index (VI). Each track (T) is prefaced by unrecoverable data (UD) at a track start position (ATOC) indicated by the table of contents (TOC). However, the Video CD index (VI) indicates the actual position (AP) of the tracks. DVD players use the Video CD index (VI) to locate the tracks, while CD-ROM drives use the table of contents (TOC) and read the unrecoverable data (UD), which prevents them from reading the subsequent track (T). The unrecoverable data (UD) may be prefaced by data pointers (DP) which cause the CD-ROM drive to load a player program in response to the error condition. The player program can be used to play the tracks (T), but restricts copying. Subchannel data (P; DX) causes audio CD players to ignore the Video CD index (VI) and the unrecoverable data (UD), and to play the tracks (T) at their actual start positions (AP).
    Type: Grant
    Filed: June 9, 2004
    Date of Patent: July 26, 2011
    Assignee: First 4 Internet Ltd.
    Inventors: Anthony Miles, Iain Benson, Ceri Coburn, Ian Davies
  • Patent number: 7984516
    Abstract: In one embodiment, the present invention includes a method for executing an application to perform voice over Internet protocol (VoIP) telephony, requesting a hardware key from a line interface device, comparing the hardware key to a software key associated with the application, and enabling the VoIP telephony if the keys match.
    Type: Grant
    Filed: August 31, 2006
    Date of Patent: July 19, 2011
    Assignee: Silicon Laboratories Inc.
    Inventor: David P. Bresemann
  • Patent number: 7984497
    Abstract: A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.
    Type: Grant
    Filed: April 4, 2007
    Date of Patent: July 19, 2011
    Assignee: Microsoft Corporation
    Inventors: Todd Carpenter, Shon Schmidt, David J. Sebesta, William J. Westerinen
  • Patent number: 7971239
    Abstract: A device control apparatus, comprising a processor for storing first key information, a memory section for storing encrypted second key information which is obtained by encrypting second key information such that the second key information is able to be restored through decryption using the first key information, and an interface section for carrying out authentication using the second key information when an access instruction requiring access to a device is given by the processor, and for controlling the access to the device based on the access instruction when the authentication is established.
    Type: Grant
    Filed: July 6, 2006
    Date of Patent: June 28, 2011
    Assignee: Sony Computer Entertainment Inc.
    Inventors: Atsushi Hamano, Mariko Kitajima, Jun Saito, Hiroyuki Obinata
  • Patent number: 7971240
    Abstract: Exchanging information in a multi-site authentication system. A network server receives, from an authentication server, a request by a client computing device for a service provided by the network server along with an authentication ticket. The authentication ticket includes: a session key encrypted by a public key associated with the network server, message content encrypted by the session key, and a signature for the encrypted session key and the encrypted message content. The signature includes address information of the network server. The network server identifies its own address information in the signature to validate the signature included in the authentication ticket and verifies the authentication ticket content based on the signature included in the authentication ticket. The network server decrypts the encrypted session key via a private key associated with the second network server and decrypts the encrypted message content via the decrypted session key.
    Type: Grant
    Filed: April 20, 2009
    Date of Patent: June 28, 2011
    Assignee: Microsoft Corporation
    Inventors: Wei-Quiang Michael Guo, John Hal Howard, Kok Wai Chan
  • Patent number: 7970140
    Abstract: A transmitting node produces synchronization data to be inserted into plain text and encrypts the thus generated data into multi-valued data so as to transmit the data. The synchronization data indicates the position of a running key used for encryption. A receiving node decrypts a signal including the synchronization data using the running key and detects the synchronization data from the signal to confirm synchronization of the running key between transmitting and receiving nodes. Then, the receiving node transmits a synchronization confirmation signal to the transmitting node. If the transmitting node does not receive the synchronization confirmation signal, it determines that synchronization of the running key is shifted, and re-synchronization is performed. To perform re-synchronization, a running key ahead of the position of the running key associated with synchronization data that has been stored is generated.
    Type: Grant
    Filed: April 26, 2007
    Date of Patent: June 28, 2011
    Assignee: Hitachi Information & Communication Engineering, Ltd.
    Inventors: Takeshi Hosoi, Katsuyoshi Harasawa, Makoto Honda, Shigeto Akutsu
  • Patent number: 7958347
    Abstract: A proxy (e.g., a switch) resides in a respective network environment between one or more clients and multiple servers. One purpose of the proxy is to provide the clients a unified view of a distributed file system having respective data stored amongst multiple remote and disparate storage locations over a network. Another purpose of the proxy is to enable the clients retrieve data stored at the multiple servers. To establish a first connection between the proxy and a respective client, the proxy communicates with an authentication agent (residing at a location other than at the client) to verify a challenge response received from the client. When establishing a set of second connections with the multiple servers, the proxy communicates with the authentication agent to generate challenge responses on behalf of the client. The proxy facilitates a flow of data on the first connection and the set of second connections.
    Type: Grant
    Filed: February 2, 2006
    Date of Patent: June 7, 2011
    Assignee: F5 Networks, Inc.
    Inventor: J C Ferguson
  • Patent number: 7954150
    Abstract: A system for granting access to resources includes a client machine, a collection agent, a policy engine, and a broker server. The client machine requests access to a resource. The collection agent gathers information about the client machine. The policy engine receives the gathered information and assigns one of a plurality of levels of access responsive to application of a policy to the received information. The broker server establishes, responsive to the assigned level of access, a connection between the client machine and a computing environment providing the requested resource, the computing environment provided by a virtual machine.
    Type: Grant
    Filed: January 18, 2007
    Date of Patent: May 31, 2011
    Assignee: Citrix Systems, Inc.
    Inventors: Richard Jason Croft, Anthony Edward Low, Richard James Mazzaferri, Bradley J. Pedersen, David N. Robinson