Abstract: Disclosed are a dynamic access method of a mobile front end, a mobile front end and a video surveillance platform. The method includes that a mobile front end acquires location information of the mobile front end and sends the location information to each video surveillance platform of a Video Surveillance System (VSS); each video surveillance platform judges whether to allow all the mobile front ends to access according to a preconfigured administration scope and the location information sent from the mobile front end; and the mobile front end completes an access process with the video surveillance platform which allows it to access. When being powered on, the mobile front end can determine to access a video surveillance platform to which it belongs according to the geographic location where it is located; and when being moved to the area of other video surveillance platforms, the mobile front end can automatically negotiate to access a corresponding video surveillance platform.
Abstract: A computing system is configured to access a plurality of remote databases in order to identify data inconsistencies between the remote databases and provide user interfaces to a user in order to initiate communication via one or more APIs to certain remote databases indicating updates that reconcile said data inconsistencies.
Abstract: A system for authenticating mobile device users transparently is disclosed. This invention improves on the existing flaws by deriving encryption keys from environmental condition data when the user and device are trusted. The keys are then cryptographically hashed and compared with repository hashed data to determine if the conditions match a prior set of conditions. If a match is found and trust factors are sufficient, the system uses the condition data to decrypt a master key that allows access to secure data in the same manner as would a user-provided password. The security system cannot be bypassed if the device is stolen, as an attacker would have to replicate the exact environment and behavioral attributes employed and learned from the user without any knowledge as to the factors that constitute them because the factors are not maintained by the system.
Abstract: Methods and apparatus for encrypting and storing data. The methods and apparatus provide different levels of security and usability. The methods and apparatus generate two or more keys based on a shared secret made available to a user equipment and a server. The two or more keys comprise at least one perfect forward secrecy key, and at least one limited forward secrecy key. The methods and apparatus encrypt data using at least one of the two or more keys. The methods and apparatus store the encrypted data in a memory of the user equipment and/or transmit the data from the user equipment to the server.
Type:
Grant
Filed:
June 28, 2013
Date of Patent:
June 5, 2018
Assignee:
TELEFONAKTIEBOLAGET L M ERICSSON (PUBL)
Inventors:
Mats Näslund, Tereza Cristina Melo De Brito Carvalho, Leonardo Horn Iwaya, Marcos Antonio Simplicio Junior
Abstract: A method for secure processing of encrypted data within a receiver includes receiving a packet of encrypted compressed data and allocating a region of memory for storing a decrypted version of the packet of encrypted compressed data. The allocation is in response to, and after, reception of the encrypted compressed data. A size of the region of the memory allocated is equal to a size of the packet of encrypted compressed data that is received. The method further includes modifying a configuration of an access authorization filter for defining access rights to the allocated region, decrypting the packet of encrypted compressed data, and storing, in the allocated region, the decrypted compressed data of the packet. The aforementioned allocation, modification, decryption, and storage steps are repeated in response to each new reception of a packet of encrypted compressed data so as to dynamically modify the configuration of the access authorization filter.
Type:
Grant
Filed:
August 31, 2015
Date of Patent:
May 29, 2018
Assignee:
STMICROELECTRONICS (GRENOBLE 2) SAS
Inventors:
Jean-Philippe Fassino, Roland Bohrer, Laurent Gerard
Abstract: Security system for protecting a vehicle electronic system by selectively intervening in the communications path in order to prevent the arrival of malicious messages at ECUs, in particular at the safety critical ECUs. The security system includes a filter which prevents illegal messages sent by any system or device communicating over a vehicle communications bus from reaching their destination. The filter may, at its discretion according to preconfigured rules, send messages as is, block messages, change the content of the messages, request authentication or limit the rate such messages can be delivered, by buffering the messages and sending them only in preconfigured intervals.
Type:
Grant
Filed:
September 14, 2017
Date of Patent:
May 8, 2018
Assignee:
ARILOU INFORMATION SECURITY TECHNOLOGIES LTD.
Abstract: Various embodiments are directed to techniques for controlling access to data in a decentralized manner. An apparatus includes an apportioning component to divide an item of data into multiple portions based on an organizational structure of the item of data; a tree component to generate a PRN tree including a multitude of nodes and a branching structure based on the organizational structure, the multitude including at least one branching node and multiple leaf nodes that correspond to the multiple portions; a PRN component to generate a PRN for each node of the multitude, the PRN component to use a PRN of a branching node of the PRN tree to generate a PRN for a leaf node that depends therefrom; and a communications component to transmit the multiple portions and multiple addresses based on PRNs of leaf nodes of the PRN tree to a server. Other embodiments are described and claimed.
Abstract: Systems and methods are provided for user authentication using hidden unique identifiers in networks. In some example embodiments these systems and methods only require a single human readable identifier be provided and minimize personal information exposure in the event of a network breach.
Abstract: A method includes receiving, at a meeting server, a first input from a first computing device associated with a first user; identifying, at the meeting server, a second user who is connected to an in-progress meeting using the first input; transmitting an access request message from the meeting server to a computing device associated with the second user; and in response to receiving a positive response to the access request message at the meeting server from the second computing device, granting the first user access to the in-progress meeting.
Type:
Grant
Filed:
March 27, 2015
Date of Patent:
May 1, 2018
Assignee:
GOOGLE LLC
Inventors:
Ronald Ho, Kevin Allen, Theresa Liberman, Pui See Priscilla Mok, Marco Quiros Viquez, Christopher Paul David Johnson
Abstract: Described herein are various aspects pertaining to a web ticket that is used in connection with authenticating a user. The web ticket is generated through use of a symmetric key, and is less than two hundred bytes in size. A ticket issuer executing on a first computing device generates the web ticket responsive to receiving authentication data from a client computing device, and transmits the web ticket to such client computing device. The client computing device includes the web ticket in requests for data transmitted to a second server computing device that is in communication with the ticket issuer. The second server computing device includes a validator that validates the web ticket using the symmetric key, which is shared between the first server and the second server.
Abstract: An authentication system for pairing two or more electronic devices is taught whereby two or more devices, such as cellular phones, receive a first vibration or motion and register a first event, they receive a second vibration or motion and register a second event, the said two or more devices pair or otherwise recognize devices that received first event and second event based on the detected interval between the first and second events. By measuring the interval or phase between two vibration or motion events, the current invention allows pairing without complex movement, without a great amount of a user's attention on the interfaces of the devices, and without the need for compensation between differences in the clocks internal to the devices.
Abstract: In a general aspect, a parameter is refreshed in a lattice-based cryptography system. In some aspects, a first value of a public parameter is obtained. The first value of the public parameter may have been previously used in an execution of a lattice-based cryptography protocol. A second value of the public parameter is generated based on the first value of the public parameter and random information. The second value of the public parameter is used in an execution of the lattice-based cryptography protocol.
Abstract: Methods and systems are presented for defining criteria that indicate when authentication for an identified client device should be revoked based on rules associated with interested parties. Authentication information is stored that indicates that an identified client device is authenticated. Rules that are associated with a plurality of interested parties and include rules of different rule types may also be stored. Criteria may be defined based on the rules and the authentication information, the criteria indicating when authentication of the identified client device should be revoked. Authentication of the identified client device may be revoked based on the criteria.
Abstract: Techniques for detecting exfiltration content are described herein. According to one embodiment, a malicious content suspect is executed and a packet inspection of outbound network traffic is performed by a packet inspector running within the virtual machine. Occurring before the outbound network traffic leaving the virtual machine, the packet inspector determines whether a portion of outbound network traffic matches one or more portions of predetermined network traffic patterns or signatures. If so, a determination is made whether the outbound network traffic includes at least one environmental property of the virtual machine that is unique or almost unique to the virtual machine. If so, migration of the outbound network traffic outside of the virtual machine is precluded and an alert is transmitted. The alert includes the malicious content suspect that is attempting to perform an exfiltration of data.
Type:
Grant
Filed:
February 6, 2017
Date of Patent:
April 3, 2018
Assignee:
FireEye, Inc.
Inventors:
Darien Kindlund, Julia Wolf, James Bennett
Abstract: An opportunity for a computing device to participate in a secure session with a particular domain is identified. A domain identifier of the particular domain is received and a secured microcontroller of the computing device is used to identify a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device. A secure identifier is derived for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain and the secure identifier is transmitted over a secured channel to the particular domain. The particular domain can verify identity of the computing device from the secure identifier and apply security policies to transactions involving the computing device and the particular domain based at least in part on the secure identifier.
Type:
Grant
Filed:
February 19, 2016
Date of Patent:
March 27, 2018
Assignee:
McAfee, LLC
Inventors:
Vincent Edward Von Bokern, Purushottam Goel, Sven Schrecker, Ned McArthur Smith
Abstract: The present disclosure relates to setup of IoT network devices, and specifically to setup of multiple similar IoT devices at substantially the same time using joint authentication.
Abstract: A server system generates and transfers Precision Time Protocol (PTP) synch requests for delivery to a PTP clock server and responsively receives PTP synch responses transferred by the PTP clock server. The server system processes the PTP synch responses to determine PTP clock phase error data for the PTP clock server. The server system compares the PTP clock phase error data to a historical phase error threshold for the PTP clock server. If the PTP clock phase error data does not exceed the historical phase error threshold, then the server system updates the historical phase error threshold for the PTP clock server based on the PTP clock phase error data. If the PTP clock phase error data exceeds the historical phase error threshold, then the server system generates an indication that the PTP clock server comprises a malicious PTP node.
Abstract: Aggregation of network traffic source behavior data across network endpoints may be implemented. Indications of endpoint-specific network traffic directed to different network endpoints may be received. Aggregate traffic source behavior data may be generated across multiple aggregation levels. One or more traffic aggregation nodes may be implemented for each aggregation level to maintain different respective portions of the aggregate traffic source behavior data. Different granularity of the aggregate traffic source behavior data may be maintained at each of the aggregation levels. An indication of traffic source behavior for traffic sources may be provided such that responsive actions, such as traffic control actions, may be performed with regard to the traffic sources.
Type:
Grant
Filed:
March 6, 2017
Date of Patent:
March 6, 2018
Assignee:
Amazon Technologies, Inc.
Inventors:
Christopher Samuel Zakian, Patrick Devere Smith
Abstract: A method and system is provided for embedding cryptographically modified versions of secret in digital certificates for use in authenticating devices and in providing services subject to conditional access conditions.
Type:
Grant
Filed:
July 29, 2015
Date of Patent:
March 6, 2018
Assignee:
ARRIS Enterprises, Inc.
Inventors:
Tat Keung Chan, Alexander Medvinsky, Eric J. Sprunk
Abstract: Methods, systems, and devices are described for the prevention of network peripheral takeover activity. In some embodiments, peripheral devices may implement an anti-takeover mechanism encrypting messages and transmitting unencrypted decryption keys for a limited period of time. Anti-takeover peripheral devices may transition from a plain operational mode, to a decryption key transmission mode, to a secure mode based on pre-defined triggering events, commands, or timers. Random decryption key values may be generated by peripheral devices and transmitted to listening devices for later storage and retrieval by the listening device. Decryption keys may be stored in remote data stores for later retrieval by anti-takeover aware controller devices.