Patents Examined by Peiliang Pan
  • Patent number: 10432653
    Abstract: Disclosed is a method for detecting anomaly traffic using an autoencoder based on an inception-residual network-v2 which is one type of machine learning methods, the method including generating a plurality of encoders on the basis of traffic data for learning; generating a plurality of pieces of image data on the basis of traffic data for each session, which is a detection target; and determining whether the traffic data for each session is abnormal using at least one among the traffic data for learning, the plurality of encoders, and the plurality of pieces of image data.
    Type: Grant
    Filed: December 5, 2017
    Date of Patent: October 1, 2019
    Assignee: PENTA SECURITY SYSTEMS INC.
    Inventors: Sang Gyoo Sim, Seok Woo Lee, Seung Young Park, Duk Soo Kim
  • Patent number: 10395023
    Abstract: A system connected to an existing computer includes a unit for monitoring the screen and provides input, a storage unit that stores data that pairs screen buffer regions with authentication details, wherein the system learns new pairs via user training and presents stored authentication details when the screen buffer regions match a related stored region which is paired with a region of the screen, and a unit that determines which of stored passwords need to be presented to the system by a pattern matching of regions of screen pixels.
    Type: Grant
    Filed: March 27, 2018
    Date of Patent: August 27, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Adrian David Dick, James Stuart Taylor
  • Patent number: 10366215
    Abstract: The invention provides a computer-implemented authentication method comprising the step of enabling a user to input an identifier (e.g. a PIN) into an electronic device having a screen and a keypad operable within a keypad zone of the screen; by operating at least one key of the keypad via an image of at least part of a scrambled keypad which is displayed at least partially within the keypad zone. The user's operation of the keypad key via the image generates an encoded version of the user's intended input. In one sense the invention can be perceived as superimposing a non-functional image of a scrambled keyboard over an underlying, functional keypad. The image may be any type of electronic image, and may include a video image. The invention is particularly suited for use with, but not limited to, mobile phones, tablet computer, PCs etc. It can be implemented in any system wherein a user's identity must be verified before access is granted to a controlled resource.
    Type: Grant
    Filed: April 8, 2016
    Date of Patent: July 30, 2019
    Assignees: LICENTIA GROUP LIMITED, MYPINPAD LIMITED
    Inventor: Justin Pike
  • Patent number: 10367827
    Abstract: Systems and methods are provided for identifying network addresses and/or IDs of a deduplicated list among network data, machine data, and/or events derived from network data and/or machine data, and for identifying notable events by searching for the presence of network addresses and/or network IDs that are deduplicated across lists received from multiple external sources. One method includes receiving a plurality of lists of network locations, wherein each list is received from over a network, wherein each of the network locations includes a domain name or an IP address, and wherein at least two of the plurality of lists each include a same network location; aggregating the plurality of lists of network locations into a deduplicated list of unique network locations; and searching network data or machine data for a network location included in the deduplicated list of unique network locations.
    Type: Grant
    Filed: December 19, 2013
    Date of Patent: July 30, 2019
    Assignee: SPLUNK INC.
    Inventors: Mark Seward, John Robert Coates
  • Patent number: 10361998
    Abstract: A computer security architecture applies selected rules from among a set of rules defining one or more security policies to a given set of security context parameters to produce security verdicts, each representing whether a certain action requested by a subject entity is permissible. Each security policy is associated with a corresponding communication interface. A plurality of gateway engines are each associated with at least one of the subject entities and dedicated to interfacing with the security server. Each of the gateway engines carries out monitoring of requested actions by the associated subject entity and, for each requested action, identifies a security context. A security policy is determined for the requested action based on a corresponding security context, and a security verdict is obtained via a communication interface corresponding to the applicable security policy.
    Type: Grant
    Filed: August 30, 2017
    Date of Patent: July 23, 2019
    Assignee: AO KASPERSKY LAB
    Inventors: Andrey P. Doukhvalov, Pavel V. Dyakin, Dmitry A. Kulagin, Sergey B. Lungu, Stanislav V. Moiseev
  • Patent number: 10354090
    Abstract: A method is provided, including establishing a plurality of context profiles for a user, at least one context profile is associated with: (i) subject areas pertinent to the at least one context profile (ii) permissions identifying respective third parties with which personal information can be shared when the at least one context profile is active; (iii) permissions identifying what personal information can be shared with respective third parties when the at least one context profile is active; (iv) permissions identifying respective third parties that are permitted to contact the user when the at least one context profile is active; and (v) permissions identifying how respective third parties may contact the user when the at least one context profile is active; when the at least one context profile is active, operating in one of two or more modes (e.g., a regular mode or a discovery mode).
    Type: Grant
    Filed: October 2, 2015
    Date of Patent: July 16, 2019
    Assignee: Trunomi Ltd.
    Inventors: Stuart H. Lacey, Naresh Singhal, Douglas Cheline
  • Patent number: 10347215
    Abstract: A user manipulates a document using a desktop computer with a large screen. Upon deciding to sign the document, the user invokes a “Sign with Mobile” workflow that causes a two-dimensional barcode to be displayed. Using a signature acquisition application executing on his or her smartphone, the user scans the displayed barcode and creates an electronic signature by snapping a photograph of a conventional pen-and-paper signature or by detecting a handwritten signature drawn on a touch sensitive surface. The signature acquisition application sends the resulting electronic signature to the desktop computer, for example via an electronic signature server. The user is then able to apply the electronic signature to the document as desired.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: July 9, 2019
    Assignee: Adobe Inc.
    Inventors: Rahul Bansal, Nikhil Dang
  • Patent number: 10327136
    Abstract: The present invention relates to a method for identifying and/or, authenticating, and/or authorizing a first radio station in a radio network, comprising the steps of (a) at the first radio station, transmitting to a second radio station a first radio station identifier computed from a set of identity parameters based on the identity of the first radio station, comprising at least one identity parameter, (b) at the first radio station, transmitting at least one identity parameter from the set of identity parameters, (c) at the second radio station, comparing an authentication identifier computed on the basis of the transmitted identity parameter to the first radio station identifier for enabling a subsequent communication between the first and second radio stations.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: June 18, 2019
    Assignee: KONINKLIJKE PHILIPS N.V.
    Inventors: Oscar Garcia Morchon, Bozena Erdmann, Josef Heribert Baldus
  • Patent number: 10326803
    Abstract: A system, method and apparatus for network security monitoring, information sharing and collective intelligence between and among at least a first central processing unit and at least a second central processing unit connected together by a network. The system includes a network interface device with hardware-based logic for recognizing and cataloging individual sessions, wherein the network interface card is in communication with the network. The network interface device includes onboard cryptographic key management components with symmetric key algorithms, an onboard packet encryption software module using derived keys to encrypt network packets, and software for storing encrypted copies of network packets as blocks. Third party analyst hardware and software derive keys necessary to retrieve encrypted network packets.
    Type: Grant
    Filed: June 9, 2015
    Date of Patent: June 18, 2019
    Assignee: The University of Tulsa
    Inventor: Michael Haney
  • Patent number: 10321201
    Abstract: A method implemented by a set top box that encrypts communications for a channel stacking switch (CS) using a public key of the CSS, the method comprising: obtaining a message from a head end; extracting electronic counter measure (ECM) data from the message; sending the ECM data to the CSS; receiving, in response to the sending, a new public key of the CSS; encrypting communications for the CSS using the new public key of the CSS. Also, a method for implementation by a CSS, comprising: maintaining a private key and a public key; obtaining ECM data sent by a set top box in communication with the CSS; obtaining an identifier of the CSS; formulating a new public key based on the private key, the identifier and the ECM; rendering the new public key available to the set top box.
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: June 11, 2019
    Assignee: BCE INC.
    Inventors: Ovidiu Octavian Popa, Alexander Ishankov, Alan Dagenais, Louie Andriano, Bratislav Becic, Tim Dinesen
  • Patent number: 10313346
    Abstract: Virtual firewalls may be established that enforce sets of policies with respect to computing resources maintained by multi-tenant distributed services. Particular subsets of computing resources may be associated with particular tenants of a multi-tenant distributed service. A tenant may establish a firewalling policy set enforced by a virtual firewall for an associated subset of computing resources without affecting other tenants of the multi-tenant distributed service. Virtual firewalls enforcing multiple firewalling policy sets may be maintained by a common firewalling component of the multi-tenant distributed service. Firewalling policy sets may be distributed at multiple locations throughout the multi-tenant distributed service. For a request targeting a particular computing resource, the common firewalling component may identify the associated virtual firewall, and submit the request to the virtual firewall for evaluation in accordance with the corresponding firewalling policy set.
    Type: Grant
    Filed: November 25, 2014
    Date of Patent: June 4, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Kevin Ross O'Neill, Mark Joseph Cavage, Nathan R. Fitch, Anders Samuelsson, Brian Irl Pratt, Yunong Jeff Xiao, Bradley Jeffery Behm, James E. Scharf, Jr.
  • Patent number: 10305880
    Abstract: A system and method for providing, as a service over a computer network (especially a packet-switched computer network) to a body of merchants connected to the computer network, verification of consumer identification based on data provided over the computer network by scanning devices attached to the computers operated by consumers.
    Type: Grant
    Filed: June 2, 2017
    Date of Patent: May 28, 2019
    Assignee: Kount Inc.
    Inventor: Timothy P. Barber
  • Patent number: 10296737
    Abstract: A method (and structure) for enforcing a security policy includes retrieving from a memory a program to be verified against a security policy and a security specification defining the security policy. A static program analysis is performed on the program, using a processor on a computer, to determine whether the program is compatible with the security specification. The program is rejected if the program is determined by the static program analysis as being incompatible with the security specification. If the program is determined during the static program analysis as compatible with the security specification under static analysis criteria, then building a call-graph representation of the program for use to evaluate any dynamically-loaded code during an execution of the program. Any paths, if any, of the call-graph representation that reach at least one policy-relevant operation is marked.
    Type: Grant
    Filed: December 9, 2015
    Date of Patent: May 21, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Luciano Bello, Pietro Ferrara, Marco Pistoia, Omer Tripp
  • Patent number: 10284583
    Abstract: An information processing system, having one or more information processing apparatuses, includes a data input unit configured to take as input first data being multidimensional; a dimension reduction unit configured to generate, based on the first data, second data representing a characteristic of the first data, the second data having a prescribed number of dimensions fewer than a number of dimensions of the first data; and a distinguishing unit configured to distinguish whether the first data is normal data or abnormal data by a semi-supervised anomaly detection, based on the first data and the second data.
    Type: Grant
    Filed: October 5, 2015
    Date of Patent: May 7, 2019
    Assignee: Ricoh Company, Ltd.
    Inventor: Ryosuke Kasahara
  • Patent number: 10275598
    Abstract: In one embodiment, the present invention includes a method to establish a secure pre-boot environment in a computer system and performs at least one secure operation in the secure environment. In one embodiment, the secure operation may be storage of a secret in the secure pre-boot environment.
    Type: Grant
    Filed: April 6, 2015
    Date of Patent: April 30, 2019
    Assignee: Intel Corporation
    Inventors: Vincent J. Zimmer, Bryant E. Bigbee, Andrew J. Fish, Mark S. Doran
  • Patent number: 10225282
    Abstract: System, method and computer program product for detecting a denial of service attack on a plurality of computers. Records are made of source IP addresses of requests sent to each of the computers. The records of requests sent to the plurality of computers are totalled per source IP address and/or per range of source IP addresses. A determination is made if the total for a source IP address and/or range of source IP addresses exceeds a respective, predetermined threshold. If so, a denial of service attack is suspected or determined, and a firewall can be notified to block subsequent requests from the source IP address and/or range of source IP addresses, and an administrator can be notified to investigate the situation. Records can also be made of requests sent to each of the computers for a file or access to an application. These records of requests sent to the plurality of computers are totalled per file or application access.
    Type: Grant
    Filed: April 14, 2005
    Date of Patent: March 5, 2019
    Assignee: International Business Machines Corporation
    Inventor: Nicolas E. Fosdick
  • Patent number: 10210539
    Abstract: Some embodiments provide an independent authentication system for authenticating entities that have registered accounts across different online service providers on behalf of the service providers. The authentication system maintains a database of previously verified entity information. A service provider requests authentication by providing the authentication system with unverified and basic identifying information used by an entity when registering with the service provider. The authentication system attempts to match the registration information against previously verified information for a known entity. When a match is found, the authentication system generates a series of challenge questions. The questions are submitted to the entity through the service provider and answers are processed in order to authenticate the entity.
    Type: Grant
    Filed: February 5, 2015
    Date of Patent: February 19, 2019
    Assignee: DUN & BRADSTREET EMERGING BUSINESSES CORP.
    Inventors: Jeffrey M. Stibel, Chad Michael Buechler, Raymond Landgraf, Peter Delgrosso, Aaron B. Stibel
  • Patent number: 10212162
    Abstract: Transfer of data between at least one supervisory control and data acquisition (SCADA) device and an advanced metering infrastructure (AMI) device via a wireless communication network is facilitated. The data is used for monitoring and/or controlling the AMI device. A protocol conversion of the data is performed to facilitate transfer of the data between the SCADA device and the AMI device as data packets via a packet data network gateway and a wireless communications network.
    Type: Grant
    Filed: November 24, 2014
    Date of Patent: February 19, 2019
    Assignee: AT&T Mobility II LLC
    Inventor: Arturo Maria
  • Patent number: 10129224
    Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: November 13, 2018
    Assignee: CLOUDFLARE, INC.
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Phillippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Albertus Strasheim
  • Patent number: 10090997
    Abstract: The invention relates to a method for generating an authentication key in a security module which stores a first root key (K_root_A) shared with a first network entity, the method including the following steps: sending a transfer request to a second network entity, receiving a first secret (S_b1) from the second network entity, generating a secret generation key (Kb1) from the first root key and from the first secret, receiving from the second network entity a second secret (S_b2) and an authentication message of the second secret calculated by means of the secret generation key transmitted to the second network entity by the first network entity, verifying the authentication message by means of the secret generation key, generating a second root key (K_root_B) if the verification is positive, said second root key being generated from the second secret (S_b2) and from the secret generation key (Kb1), and used to generate an authentication key to access a network of the second network entity.
    Type: Grant
    Filed: June 27, 2014
    Date of Patent: October 2, 2018
    Assignee: ORANGE
    Inventors: Jean Luc Grimault, Said Gharout