Patents Examined by Mohammed Waliullah
  • Patent number: 10284573
    Abstract: One or more embodiments of techniques or systems for session management, security scoring, and friction management are provided herein. Sessions may be monitored for commonalties or other attributes or aspects and closed, terminated, or a freeze placed on additional sessions from being initiated. A security score may be provided which is indicative of how secure a user is with respect to one or more ways the user interacts with a resource. One or more suggested actions or score improvement strategies may be suggested to facilitate improvement of a security score for a user. Friction management may be provided by having one or more additional layers of security applied to an account of a user or an entity based on suspicious behavior or other factors.
    Type: Grant
    Filed: April 23, 2015
    Date of Patent: May 7, 2019
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Traci H. Nguyen, Michael Chang, Nairobi N. Kim, Ian Jensen, Samuel Martin, Cheung Li
  • Patent number: 10284553
    Abstract: In a communication system in which a relay apparatus, a terminal apparatus, and other apparatuses, which can communicate with an authentication apparatus, are coupled through a communication path, the relay apparatus, and the terminal apparatus have unique authentication information, respectively. The relay apparatus transmits its own authentication information and authentication information collected from the terminal apparatus to the authentication apparatus. The authentication apparatus determines whether the relay apparatus and the terminal apparatus are authentic apparatuses based on the received authentication information. The relay apparatus shuts down communication between itself and an apparatus determined to be unauthentic based on a result of the determination, and transmits communication control information to shut down communication with the apparatus determined to be unauthentic to the terminal apparatus.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: May 7, 2019
    Assignee: RENESAS ELECTRONICS CORPORATION
    Inventors: Naoyuki Morita, Tadaaki Tanimoto
  • Patent number: 10262115
    Abstract: An embodiment of the invention provides a method including accessing a portal pursuant to instructions from a digital media device and identifying the digital media device to the portal to enable the portal to obtain a security code. Information having the security code is received; and, it is confirmed that the security code corresponds to a security key stored in the digital media device. The information is provided to a secure application environment in the digital media device if the security code corresponds to the security key. A copy of the security key is sent to a clearinghouse; and, the security code is received from the clearinghouse. The security code is sent to a provider of the information if the information satisfies a predetermined criteria.
    Type: Grant
    Filed: September 20, 2017
    Date of Patent: April 16, 2019
    Assignee: International Business Machines Corporation
    Inventors: Stephen S. Burnett, Martin G Kienzle, Paul J. Ledak
  • Patent number: 10248813
    Abstract: One embodiment provides a method for enabling computation of a signature of an information set given change information by storing information in a hierarchical data structure, the method including: utilizing at least one processor to execute computer code that performs the steps of: receiving change information relating to a first node within the hierarchical data structure; accessing a database comprising at least one key, wherein the at least one key comprises a crypto-hash and is assigned to a node within the hierarchical data structure; identifying a node key within the database that is assigned to the first node; computing a node crypto-hash for the first node after modifying the first node using the received change information; modifying the node key based upon the computed node crypto-hash; and updating the database with the modified node key. Other aspects are described and claimed.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: April 2, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Sheehan Anderson, Manish Sethi
  • Patent number: 10250620
    Abstract: Described is a technology by which a signature used by network traffic intrusion prevention/detection systems includes logic that helps a prevention/detection engine detect that signature. A signature to detect is compiled into executable logic that is executed to communicate with an engine that evaluates network traffic. The signature logic provides an expression set (such as group of regular expressions) for the engine to match against a token corresponding to the network traffic. When matched, the engine notifies the logic and receives a further expression set to match, or a communication indicative that that the signature was detected. The signature thus directs the analysis, facilitating a lightweight, generic engine. Safety of the signature logic is described as being accomplished through layers, including by publisher signing, and by compilation and execution (e.g., interpretation) in safe environments.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: April 2, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Vladimir Lifliand, Evgeney Ryzhyk, Yifat Sagiv, Maxim Uritsky
  • Patent number: 10237298
    Abstract: One or more embodiments of techniques or systems for session management, security scoring, and friction management are provided herein. Sessions may be monitored for commonalities or other attributes or aspects and closed, terminated, or a freeze placed on additional sessions from being initiated. A security score may be provided which is indicative of how secure a user is with respect to one or more ways the user interacts with a resource. One or more suggested actions or score improvement strategies may be suggested to facilitate improvement of a security score for a user. Friction management may be provided by having one or more additional layers of security applied to an account of a user or an entity based on suspicious behavior or other factors.
    Type: Grant
    Filed: April 23, 2015
    Date of Patent: March 19, 2019
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Traci H. Nguyen, Nairobi N. Kim, Ian Jensen, Upul Hanwella, Brian J. Hanafee, Christopher Wayne Howser, Ajay Panikkar, Michael Chang
  • Patent number: 10229282
    Abstract: The system described may implement a 1-bit protocol for differential privacy for a set of client devices that transmit information to a server. Implementations of the system may leverage specialized instruction sets or engines built into the hardware or firmware of a client device to improve the efficiency of the protocol. For example, a client device may utilize these cryptographic functions to randomize information sent to the server. In one embodiment, the client device may use cryptographic functions such as hashes including SHA or block ciphers including AES. Accordingly, the system provides an efficient mechanism for implementing differential privacy.
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: March 12, 2019
    Assignee: Apple Inc.
    Inventors: Yannick L. Sierra, Abhradeep Guha Thakurta, Umesh S. Vaishampayan, John C. Hurley, Keaton F. Mowery, Michael Brouwer
  • Patent number: 10223548
    Abstract: A personally identifiable information (PII) scrubbing system. The PII scrubbing system surgically scrubs PII form a log based on a scrubber configuration corresponding to the log. The scrubber configuration includes context information about locations and types of PII in the log and rules specifying how to locate and protect the PII. Scrubber configurations are quickly and easily created or modified as scrubbing requirements change or new scenarios are encountered. The flexibility provided by the scrubber configurations allows only the PII to be scrubbed, even from unstructured data, without having to include surrounding data. Many consumers can use the scrubbed data without needed to expose the PII because less non-personal data is obscured. Surgical scrubbing also retains the usefulness of the underlying PII even while protecting the PII. Consumers can correlate the protected PII to locate specific information without having to expose additional PII.
    Type: Grant
    Filed: February 27, 2017
    Date of Patent: March 5, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Michael Bilodeau, Gustavo Carmo
  • Patent number: 10212141
    Abstract: Various embodiments described herein relate to network key manager which is configured to manage keys in nodes in the network, wherein the network key manager including a memory configured to store an update data structure; a processor configured to: determine which nodes are blacklisted; generate the update data structure of volatile private keys for each node that is not blacklisted, wherein the volatile private key is based upon secret information associated with the node and an index, wherein the volatile private key is used for the indexth key update; determine a neighbor node of the network key manager; remove the volatile private key for the neighbor node from the update data structure; encrypt the resulting update data structure and a new network key with the private key for the neighbor node to produce an encrypted message; and send the encrypted message to the neighbor node.
    Type: Grant
    Filed: October 19, 2016
    Date of Patent: February 19, 2019
    Assignee: NXP USA, Inc.
    Inventors: Andrei Catalin Frincu, George Bogdan Alexandru
  • Patent number: 10169580
    Abstract: Identifying whether a first application is malicious. The first application can be presented for installation on a processing system. The first application can be scanned, via a static analysis implemented by a processor, to determine whether a user interface layout of the first application is suspiciously similar to a user interface layout of a second application installed on the processing system. When the user interface layout of the first application is suspiciously similar to the user interface layout of the second application installed on the processing system, an alert can be generated indicating that the first application is malicious.
    Type: Grant
    Filed: September 16, 2014
    Date of Patent: January 1, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Roee Hay, Daniel Kalman, Roi Saltzman, Omer Tripp
  • Patent number: 10148641
    Abstract: A user having remote device wants to access an application that requires that the user possess a user application cryptographic credential. If the application needs to verify the identity of the user, the user's remote device performs a cryptographic operation using the user application cryptographic credentials, and sends the result to the application. A configuration for securely distributing the user application cryptographic credentials includes at least one gateway located at an enterprise that is under the control of an enterprise administrator, and a controller that is not located at the enterprise but can be configured by the enterprise administrator to cooperate with the at least one gateway.
    Type: Grant
    Filed: May 11, 2015
    Date of Patent: December 4, 2018
    Assignee: ROUTE1 INC.
    Inventors: Jerry S. Iwanski, Yamian Quintero Cantero
  • Patent number: 10148522
    Abstract: To provide better administrative access control for allowing access to network applications, an authorization framework is extended by dynamically adding administrative access control to the authorization framework. For example, the authorization framework can be extended by adding a plug-in to the authorization framework. The authorization framework manages the access control by generating tokens. For example, a token may be a digital certificate. The tokens define what access control an application, such as a client application has when accessing the network application. The tokens are based on the dynamically added administrative access control. When a request for a token is securely received, the authorization framework generates a token that identifies if the application (e.g., the client application) is allowed or not allowed to access the network application. The token is then used by the application to access the network application.
    Type: Grant
    Filed: April 23, 2015
    Date of Patent: December 4, 2018
    Assignee: Avaya Inc.
    Inventors: Joel M. Ezell, Gordon Brunson, Geoff Baskwill, Seung Bong (Stephen) Han
  • Patent number: 10140438
    Abstract: In an approach for accessing data and applications on a device, a processor adds a first accessibility profile and a second accessibility profile, wherein the first accessibility profile and the second accessibility profile are each associated with a single-user profile of a device. A processor configures a first level of access for the first accessibility profile and a second level of access for the second accessibility profile, wherein the first level of access includes a different level of accessibility permissions than the second level of access. A processor assigns a first password to access the first accessibility profile and a second password to access the second accessibility profile, wherein the first password and the second password are each associated with the single-user profile.
    Type: Grant
    Filed: December 16, 2015
    Date of Patent: November 27, 2018
    Assignee: International Business Machines Corporation
    Inventor: Laurence J. Da Luz
  • Patent number: 10142335
    Abstract: An apparatus, method, system, and program product are disclosed for intrinsic chip identification. One method includes receiving first counter information from a device, determining whether such information matches second counter information, receiving first frequencies from the device, determining whether each frequency of such frequencies is within a predetermined range of a corresponding frequency of second frequencies, receiving a response to a challenge sent to the device, determining whether the response matches an expected response, and granting authentication. Granting authentication may include granting authentication in response to: the first counter information matching the second counter information; each frequency of the first frequencies being within the predetermined range of a corresponding frequency of the second frequencies; and the expected response matching the response. The expected response may be updated over time.
    Type: Grant
    Filed: December 18, 2015
    Date of Patent: November 27, 2018
    Assignee: International Business Machines Corporation
    Inventors: Chandrasekharan Kothandaraman, Sami Rosenblatt, Rasit O. Topaloglu
  • Patent number: 10136324
    Abstract: The present invention discloses a method and apparatus for controlling an application to read verification information. The method comprises: setting, in a terminal, a safe application strategy for reading a verification information, wherein the verification information is a message for verifying identity or permission of the terminal or a user in the process of executing a specific service; after the terminal receives the verification information from a network device, the application requesting to acquire the verification information; judging whether the application satisfies the safe application strategy, and according to the judging result, allowing only the application that satisfies the safe application strategy to read the verification information; and using the verification information for verifying identity or permission of the terminal or a user in the process of executing the specific service.
    Type: Grant
    Filed: May 29, 2015
    Date of Patent: November 20, 2018
    Assignee: Beijing Qihoo Technology Company Limited
    Inventor: Yuguang Hu
  • Patent number: 10122738
    Abstract: A botnet detection system and method are provided. The method includes the steps of: retrieving a network log file of a computer device; refining the network log file according to a device alive-time record of the computer device and a network white list to obtain a plurality of individual network log files, wherein each individual network log file records time information, a source IP address of the computer device, and an individual destination IP address; and analyzing a plurality of connection intervals of the source IP address connecting to the individual destination IP address in each individual network log file to determine whether the computer device exhibits connection behavior that indicates infection by a botnet malware.
    Type: Grant
    Filed: July 20, 2016
    Date of Patent: November 6, 2018
    Assignee: ACER INCORPORATED
    Inventors: Ming-Kung Sun, Chiung-Ying Huang, Zong-Cyuan Jhang
  • Patent number: 10122739
    Abstract: A rootkit detection method includes obtaining, from a target system, first data comprising raw data stored in a data block of a storage drive, checking the first data for known malware, and generating a first alert if known malware is detected. The drive may include a public key, the first data may include a digital signature based on the key, and checking the first data may include validating the signature. The method may be performed by a system management resource that sends a management request for a particular data block. Second data, corresponding to an operating system access of the particular data block, may be obtained and compared to the first data. Responsive to detecting a discrepancy, generating a second alert. The system management resource may be a cloud based server, a premise installed appliance, premise installed security server, or a management controller of the target system.
    Type: Grant
    Filed: August 31, 2016
    Date of Patent: November 6, 2018
    Assignee: Dell Products L.P.
    Inventors: David Warden, Marshal F. Savage
  • Patent number: 10116703
    Abstract: Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for controlling multiple distributed denial of service (DDoS) mitigation appliances. A DDoS attack mitigation central controller configures attack mitigation policies for the DDoS attack mitigation appliances. The DDoS attack mitigation policies are sent to the DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation central controller and the DDoS attack mitigation appliances.
    Type: Grant
    Filed: May 31, 2017
    Date of Patent: October 30, 2018
    Assignee: Fortinet, Inc.
    Inventor: Hemant Kumar Jain
  • Patent number: 10114980
    Abstract: A system and method provided for verifying data integrity for large volumes of critical data using blockchain technology. An exemplary method includes storing data files in electronic storage; creating a hash values for of each of the files; and transmitting the hash values to a blockchain network in which one or more nodes in the blockchain network adds the first hash values as blocks to the blockchain. Moreover, an API is provided to monitor data operations performed on the data files and transmit metadata of any operations performed to a transaction log. In turn, hash values relating to the data operations are also created and transmitted to the blockchain network to be added as additional blocks in the blockchain, such that the blockchain can be used to verify the accuracy of the data files stored on the electronic storage.
    Type: Grant
    Filed: July 21, 2016
    Date of Patent: October 30, 2018
    Assignee: Acronis International GmbH
    Inventors: Igor Barinov, Victor Lysenko, Serguei Beloussov, Mark Shmulevich, Stanislav Protasov
  • Patent number: 10111099
    Abstract: Multiple portions of protected content to host on a device are identified by the device, the multiple portions including one or more portions of each of one or more pieces of protected content. The multiple portions are obtained and stored on the device. The device is one of multiple devices in a managed wireless distribution network that allows portions of protected content to be transferred among the multiple devices via multiple wireless networks hosted by various ones of the multiple devices, and the device is configured to store portions of protected content that can be consumed by a user of the device only if the user of the device has permission to consume the protected content. Participation of the device in the managed wireless distribution network can also be identified, and a reward generated based on the participation of the device in the managed wireless distribution network.
    Type: Grant
    Filed: May 12, 2014
    Date of Patent: October 23, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Brandon T. Hunt, Alexander Burba, Michael J. Gallop, Frank R. Morrison, III