Patents Examined by Michael Simitoski
  • Patent number: 10298593
    Abstract: Embodiments of the present disclosure include a platform for a resource provisioning system. The platform can execute big data analysis techniques to access-right data to generate statistics that characterize a set of users. For example, characteristics of users who access resources events can be analyzed with varying levels of detail. The access-right data can include access right assignments, and data identifying the users to which access rights are assigned. In some implementations, spatial management systems can access the platform to generate statistics for the resources.
    Type: Grant
    Filed: June 13, 2018
    Date of Patent: May 21, 2019
    Assignee: Live Nation Entertainment, Inc.
    Inventors: Alex Oberg, Evan Altman
  • Patent number: 10291594
    Abstract: A computer-implemented method is provided for encrypting a message using a plurality of keys and a plurality of encryption algorithms. The method includes mapping, by the computing device, each of the plurality of keys to an encryption algorithm randomly selected from the plurality of encryption algorithms, and storing, by the computing device, in an index table the plurality of keys correlated to their respective encryption algorithms. The method also includes decomposing, by the computing device, the message into one or more message segments and encrypting, by the computing device, each of the one or more message segments using the index table. The method further includes transmitting, by the computing device, at least one of the index table or the one or more encrypted message segments to a receiving computing device over the electronic network.
    Type: Grant
    Filed: August 31, 2017
    Date of Patent: May 14, 2019
    Assignee: FMR LLC
    Inventor: Vishal Jindal
  • Patent number: 10282535
    Abstract: A method and system to verify identity while protecting private data. To locally verify identity without requiring communication with an external database or passing personal/identity information over network connections. To create a database and/or statistical model for later use to verify identify, private information from a first media is input to a device. Private information subsequently presented via a second media is then verified locally by comparing to the private information previously captured from the first media. If the resultant correlation score is sufficiently high the private information from the first media and from the second media are determined to belong to the same individual, and the user is authenticated or a desired action is approved. In case of a low correlation score, a notification may be sent to one or more entities alerting authorities of a security breach or identity theft.
    Type: Grant
    Filed: September 1, 2015
    Date of Patent: May 7, 2019
    Assignee: NXT-ID, INC.
    Inventors: Andrew Tunnell, Christopher Santillo, Justin Mitchell, Sean Powers
  • Patent number: 10270808
    Abstract: Embodiments disclosed herein generally relate to a system and method for detecting fraudulent computer activity. A computing system generates a plurality of synthetic identities. Each of the plurality of synthetic identities mimics information associated with a verified identity. The computing system receives, from a user, an input attempt. The input attempt includes a synthetic identity of the plurality of synthetic identities. The computing system compares input information in the input attempt to the plurality of synthetic identities. The computing system determines that the input information in the input attempt includes information from the plurality of synthetic identities, if it does, the computing system rejects the input attempt.
    Type: Grant
    Filed: March 12, 2018
    Date of Patent: April 23, 2019
    Assignee: Capital One Services, LLC
    Inventors: Timur Sherif, Hannes Jouhikainen, Steve Blanchet
  • Patent number: 10257184
    Abstract: A centralized policy management may allow for one set of credentials to various applications and services offered by a computing resource service provider or other third-party servers. An entity responsible for the administration of a directory made available through a managed directory service may specify one or more policies for users and/or groups of users that utilize the directory. For example, the managed directory service may include a policy management subsystem that manages a set of policies for users and/or groups of users that controls a level of access to applications and services. Administrators can assign one or more policies to a user or a group of users and users can select one or more policies provided to the user by the administrator when attempting to access an application or service.
    Type: Grant
    Filed: September 29, 2014
    Date of Patent: April 9, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Gaurang Pankaj Mehta, Shon Kiran Shah, Neelam Satish Agrawal, Lawrence Hun-Gi Aung
  • Patent number: 10257192
    Abstract: A storage system includes a host configured to provide a request for setting or clearing secure write protection; and a storage device including a register, the register including fields that store information for controlling write protection attributes and a secure mode of the storage device, the storage device being configured to authenticate a request of the host when the secure mode is enabled, wherein the storage device is configured set or clear the secure write protection based on the request of the host when the storage device authenticates the request of the host, wherein after the secure mode is set, the storage device restricts an access of an unauthenticated host for setting and clearing write protection, and wherein the register comprises a secure write protection (WP) configuration masking field for controlling register fields of the register that are associated with write protection.
    Type: Grant
    Filed: May 13, 2015
    Date of Patent: April 9, 2019
    Inventors: Bo-Ram Shin, Jaegyu Lee, HeeChang Cho, Wonchul Ju
  • Patent number: 10250636
    Abstract: MITM attacks are detected by intercepting network configuration traffic (name resolution, DHCP, ARP, ICMP, etc.) in order to obtain a description of network components. A computer system generates artificial requests for network configuration information and monitors responses. Multiple responses indicate a MITM attack. Responses that are different from previously-recorded responses also indicate a MITM attack. MITM attacks may be confirmed by transmitting fake credentials to a source of a response to a request for network configuration information. If the fake credentials are accepted or are subsequently used in an access attempt, then a MITM attack may be confirmed.
    Type: Grant
    Filed: July 7, 2016
    Date of Patent: April 2, 2019
    Inventors: Venu Vissamsetty, Muthukumar Lakshmanan, Sreenivasa Sudheendra Penupolu, Ankur Rungta
  • Patent number: 10230733
    Abstract: Disclosed can improve rights list management as well as performance of systems utilizing an access control list. A database server having a transitive closure management module may receive an identification of an entity defined in a database storing a cached transitive closure. The transitive closure management module may incrementally update the cached transitive closure stored in the database by generating a new transitive closure for the entity and determining a delete transitive closure record. The delete transitive closure record may be determined by analyzing the cached transitive closure and the new transitive closure, determining a first transitive closure path for the entity that is not specified in the new transitive closure and that is specified in the cached transitive closure, and selecting as the delete transitive closure record a record specifying the first transitive closure path. The delete transitive closure record can then be deleted from the cached transitive disclosure.
    Type: Grant
    Filed: March 6, 2017
    Date of Patent: March 12, 2019
    Assignee: Open Text SA ULC
    Inventor: Geoffrey Michael Obbard
  • Patent number: 10218685
    Abstract: Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of keychains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels.
    Type: Grant
    Filed: November 10, 2015
    Date of Patent: February 26, 2019
    Assignee: APPLE INC.
    Inventors: Michael Brouwer, Dallas B. De Atley, Mitchell D. Adler
  • Patent number: 10216933
    Abstract: The disclosed computer-implemented method for determining whether malicious files are targeted may include (i) applying, to a malware detection structure, a plurality of sample data points, each sample data point corresponding to at least one of a malicious file known to be targeted and a malicious file known to be non-targeted, (ii) identifying one or more boundaries of the sample data points within the malware detection structure, (iii) determining, after identifying the sample boundaries, that a new data point falls outside of the boundaries, and (iv) classifying a malicious file associated with the new data point as non-targeted in response to determining that the new data point falls outside of the sample boundaries. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 16, 2016
    Date of Patent: February 26, 2019
    Assignee: Symantec Corporation
    Inventor: Ryan Ross Curtin
  • Patent number: 10217114
    Abstract: Embodiments provide methods and systems for providing labels to prevent counterfeiting of products. In an embodiment, the method includes accessing, by a processor, one or more biometric data associated with a manufacturer. The one or more biometric data include fingerprint data, iris pattern, facial pattern, heart rate, electrical activity of skeletal muscles and deoxyribonucleic acid (DNA) data that are encrypted using a first encryption method for generating a first encrypted data. From the first encrypted data, a biometric pattern is extracted. The biometric pattern is appended with one or more product identification codes for generating a product encoded data. The product encoded data is encrypted using a second encryption method. An error checksum data is appended to the second encrypted data and a unique identifier is prefixed to the second encrypted data. The second encrypted data is added to product labels of the products for securing the products from counterfeiting.
    Type: Grant
    Filed: August 27, 2018
    Date of Patent: February 26, 2019
    Assignee: Ennoventure, Inc.
    Inventor: Shalini Vanaja Nair
  • Patent number: 10204225
    Abstract: A system and method are described to automatically assess description-to-permission fidelity of applications. The system and method can employ techniques in natural language processing and a learning-based algorithm to relate description with permissions.
    Type: Grant
    Filed: May 13, 2015
    Date of Patent: February 12, 2019
    Assignee: Northwestern University
    Inventors: Yan Chen, Zhengyang Qu, Vaibhav Rastogi
  • Patent number: 10193868
    Abstract: The system and method for protecting multiple networked enclaves each having one or more insecure machines. The system may include an attack detector as part of a secure node (e.g., SAFE node) proxy. The system may include an attack detector external to the proxy. The proxy may support multiple detectors and its actions may include isolating an insecure machine, cleansing an insecure machine, or tattling on (impugning the reputation of) an insecure machine.
    Type: Grant
    Filed: September 9, 2016
    Date of Patent: January 29, 2019
    Assignee: BAE Systems Information and Electronic Systems Integration Inc.
    Inventors: Howard B. Reubenstein, Gregory Sullivan, David Wittenberg
  • Patent number: 10193900
    Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify candidate boundaries of Internet protocol addresses associated with a malicious Internet protocol address. An example method includes collecting, with a processor, netflow data associated with the Internet protocol addresses within a netblock having a lower boundary Internet protocol address and an upper boundary Internet protocol address, generating, with the processor, a first window of Internet protocol addresses numerically lower than the malicious Internet protocol address, generating, with the processor, a second window of Internet protocol addresses numerically higher than the malicious Internet protocol address, for respective Internet protocol addresses in the first and second windows, calculating, with the processor, occurrence counts associated with behavior features, and identifying candidate boundaries within the netblock based on divergence values caused by the behavior features.
    Type: Grant
    Filed: July 7, 2015
    Date of Patent: January 29, 2019
    Inventors: Baris Coskun, Suhrid Balakrishnan, Suhas Mathur
  • Patent number: 10182041
    Abstract: An apparatus, system, and method are disclosed for secure data transmissions. A method includes receiving a request for data that is encrypted according to a first encryption scheme, and determining a first public IP address associated with the request. The first public IP address identifies a remote client that created the request and is located in a field of a data packet that includes the request. The method includes determining a second public IP address associated with the request that identifies a sender of the request and is determined dynamically when the request is received. The method includes verifying an authenticity of the request in response to the first public IP address of the remote client matching the second public IP address of the sender. The method includes encrypting the requested data according to a second encryption scheme, and transferring the data to the remote client.
    Type: Grant
    Filed: December 23, 2016
    Date of Patent: January 15, 2019
    Assignee: CipherTooth, Inc.
    Inventor: Jerry Glade Hayward
  • Patent number: 10181957
    Abstract: Techniques for detecting and/or handling target attacks in an enterprise's email channel are provided. The techniques include receiving aspects of an incoming email message addressed to a first email account holder, selecting a recipient interaction profile and/or a sender profile from a plurality of predetermined profiles stored in a memory based upon the received properties, determining a message trust rating associated with the incoming email message based upon the incoming email message and the selected recipient interaction profile and/or the sender profile; and generating an alert identifying the incoming email message as including a security risk based upon the determined message trust rating.
    Type: Grant
    Filed: May 25, 2017
    Date of Patent: January 15, 2019
    Assignee: GraphUS, Inc.
    Inventor: Manoj Kumar Srivastava
  • Patent number: 10169587
    Abstract: A network can operate a WiFi access point with credentials. An unconfigured device can (i) support a Device Provisioning Protocol (DPP), (ii) record responder bootstrap public and private keys, and (iii) be marked with a tag. The network can record initiator bootstrap public and private keys, as well as derived initiator ephemeral public and private keys. An initiator can (i) operate a DPP application, (ii) read the tag, (iii) establish a secure and mutually authenticated connection with the network, and (iv) send the network data within the tag. The network can record the responder bootstrap public key and derive an encryption key with the (i) recorded responder bootstrap public key and (ii) derived initiator ephemeral private key. The network can encrypt credentials using the derived encryption key and send the encrypted credentials to the initiator, which can forward the encrypted credentials to the device, thereby supporting a device configuration.
    Type: Grant
    Filed: July 12, 2018
    Date of Patent: January 1, 2019
    Inventor: John A. Nix
  • Patent number: 10156900
    Abstract: Apparatus, systems, and methods are provided for substantially continuous biometric identification (CBID) of an individual using eye signals in real time. The apparatus is included within a wearable computing device with identification of the device wearer based on iris recognition within one or more cameras directed at one or both eyes, and/or other physiological, anatomical and/or behavioral measures. Verification of device user identity can be used to enable or disable the display of secure information. Identity verification can also be included within information that is transmitted from the device in order to determine appropriate security measures by remote processing units. The apparatus may be incorporated within wearable computing that performs other functions including vision correction, head-mounted display, viewing the surrounding environment using scene camera(s), recording audio data via a microphone, and/or other sensing equipment.
    Type: Grant
    Filed: January 27, 2017
    Date of Patent: December 18, 2018
    Assignee: GOOGLE LLC
    Inventors: Nelson Publicover, Lewis Marggraff
  • Patent number: 10142343
    Abstract: In an unauthorized access detecting system, authentication information to be leaked outside is generated. In the unauthorized access detecting system, the generated authentication information is set on an analyzing host, and a program to be analyzed is operated on the analyzing host. In the unauthorized access detecting system, access to a content using the authentication information is detected, and if the access using the authentication information is detected, the access is identified as unauthorized access.
    Type: Grant
    Filed: June 19, 2014
    Date of Patent: November 27, 2018
    Inventors: Mitsuaki Akiyama, Takeshi Yagi
  • Patent number: 10129248
    Abstract: An authentication system is provided using one-time passwords (OTPs) for user authentication. An OTP key may be stored on a different device than the device on which the OTP is generated. In an embodiment, the system described herein enables a combined authentication system, including the two separate devices communicating over a non-contact interface, to provide advantageous security features compared to the use of a single device, such as a hardware OTP token. One device may be a personal security device and the other device may be a reader device coupled to a host device via which access is being controlled.
    Type: Grant
    Filed: June 19, 2014
    Date of Patent: November 13, 2018
    Assignee: Assa Abloy AB
    Inventors: Julian Eric Lovelock, Philip Hoyer