Patents Examined by Peter Poltorak
  • Patent number: 10120987
    Abstract: A device comprising a hardware processor and memory storing an application of an application package comprising a first version and a second version of the application, the first version being intended to be executed on a genuine device and the second version on a jailbroken device. The hardware processor determines a jailbreak status of the device, i.e. genuine or jailbroken and derives a key based on at least the jailbreak status. In case the device is genuine, the hardware processor deciphers using the key at least a first part of the first version and executes, the first version using the first deciphered part, for example a jump table used to execute CFG flattened code. In case the jailbreak status is jailbroken, the hardware processor deciphers using the key at least a first part of the second version and executes the second version using the second deciphered part, for example comprising executable instructions.
    Type: Grant
    Filed: December 9, 2016
    Date of Patent: November 6, 2018
    Assignee: INTERDIGITAL CE PATENT HOLDINGS
    Inventors: Antoine Monsifrot, Charles Salmon-Legagneur, Alain Durand
  • Patent number: 10083129
    Abstract: Systems and methods are provided for modifying one or more guest memory permissions. An example method includes receiving a request to modify a memory permission of a guest running on a virtual machine. The guest includes a kernel that includes loading code and kernel code. The method also includes determining whether the request was sent from the loading code. The loading code corresponds to a first set of hypervisor page tables and is stored at a first range of memory addresses, and the kernel code corresponds to a second set of hypervisor page tables. The first range of memory addresses is in an executable mode in the first set of hypervisor page tables. The method further includes in response to a determination that the request was sent from the loading code, modifying the guest's memory permission in the second set of hypervisor page tables in accordance with the request.
    Type: Grant
    Filed: August 29, 2016
    Date of Patent: September 25, 2018
    Assignee: Red Hat Israel, Ltd.
    Inventor: Michael Tsirkin
  • Patent number: 10084797
    Abstract: A first login request of a user is received from a first login window. The first login request comprises a login name, a user identifier, and a challenge. The challenge is generated and received from a second login request to a product in a second login window. The user copies and pastes the challenge into the first login window. A central control system determines if the login name and the user identifier are valid. If the login name and user identifier are valid, a response to the challenge is generated based a private key and is displayed in the first login window. The response to the challenge is copied from the first login window and pasted as part of a second step the second login process. The second login process verifies the response to the challenge using a public key to allow the user access to the product.
    Type: Grant
    Filed: October 3, 2016
    Date of Patent: September 25, 2018
    Assignee: Extreme Networks, Inc.
    Inventors: Rifaat Shekh-Yusef, William T. Walker
  • Patent number: 10050790
    Abstract: A method for authorizing a transaction has the following steps: inputting transaction data on a first mobile device, transmitting the transaction data from the first device to a background system by means of a first over-the-air interface, transmitting in encrypted manner at least a password to a second mobile device through the intermediary of the first mobile device, and authorizing the transaction by inputting the password displayed on the second device on the first device.
    Type: Grant
    Filed: January 19, 2015
    Date of Patent: August 14, 2018
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Florian Gawlas, Jan Eichholz
  • Patent number: 10027490
    Abstract: A method is described for revoking a group of certificates, each of which includes a key, for an authenticated communication between one first subscriber and at least one second subscriber, one first key and one revocation value, with the aid of which the keys of the group of certificates may be calculated from the first key, being transmitted for the purpose of revocation to the at least one second subscriber.
    Type: Grant
    Filed: March 4, 2015
    Date of Patent: July 17, 2018
    Assignee: ROBERT BOSCH GMBH
    Inventor: Alexander Tschache
  • Patent number: 10025560
    Abstract: A method of performing finite field addition and doubling operations in an elliptic curve cryptography (ECC) authentication scheme as a countermeasure to side-channel attack. The addition and doubling operations are executed using atomic patterns that involve the same sequence and number of operation types, so that the noise consumption and electromagnetic emanation profile of circuitry performing the operations is identical regardless of operation. A subtraction operation using such an atomic pattern is also disclosed.
    Type: Grant
    Filed: May 9, 2017
    Date of Patent: July 17, 2018
    Assignee: TEXAS INSTRUMENTS INCORPORATED
    Inventor: Eric Thierry Peeters
  • Patent number: 10021123
    Abstract: Systems, methods, and devices of the various aspects enable identification of anomalous application behavior. A computing device processor may detect network communication activity of an application on the computing device. The processor may identify one or more device states of the computing device, and one or more categories of the application. The processor may determine whether the application is behaving anomalously based on a correlation of the detected network communication activity of the application, the identified one or more device states of the computing device, and the identified one or more categories of the application.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: July 10, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Saumitra Mohan Das, Mona Mahmoudi, Vinay Sridhara, Rajarshi Gupta, Yin Chen
  • Patent number: 10009361
    Abstract: Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method of client reputation monitoring is provided. A monitoring unit executing on a network security device operable to protect a private network observes activities relating to multiple monitored devices within the private network. For each of the observed activities, a score is assigned by the monitoring unit based upon a policy of multiple polices established within the monitoring unit. For each of the monitored devices, a current reputation score is maintained by the monitoring unit based upon the score and a historical score associated with the monitored device. A monitored is classified by the monitoring unit as potentially being a malicious resource based upon the current reputation score for the monitored device.
    Type: Grant
    Filed: March 18, 2017
    Date of Patent: June 26, 2018
    Assignee: Fortinet, Inc.
    Inventor: Darren W. Turnbull
  • Patent number: 9985779
    Abstract: An encrypted text matching system is provided. The system is configured to generate first auxiliary data and second auxiliary to verify matching between a first encrypted text that is and a second encrypted text based on a Hamming distance between plaintexts; perform one-way conversion on at least part of the first auxiliary data; perform one-way conversion on intermediate data that is generated based on a difference between the first encrypted text and the second encrypted text and on the second auxiliary data; and determine, by using a result of the one-way conversion performed on the intermediate data as well as using the first auxiliary data that underwent the one-way conversion, whether a Hamming distance between plaintexts is equal to or less than a predetermined certain value, the Hamming distance corresponding to the difference between the first encrypted text and the second encrypted text.
    Type: Grant
    Filed: April 23, 2014
    Date of Patent: May 29, 2018
    Assignee: NEC CORPORATION
    Inventors: Toshiyuki Isshiki, Kengo Mori, Toshinori Araki
  • Patent number: 9985787
    Abstract: A mobile device implements a state machine with full authentication, continuous authentication, and invalidation states. To access the device, the full authentication state requires the user to confirm his or her identity using some robust authentication technique. Upon success, the state machine transitions to the continuous authentication state wherein data samples are captured as the user interacts with the device and compared with stored exemplary fingerprints. Preferably, the state machine enforces a negative identification technique to determine whether the individual currently interacting with the touchscreen is not the user from which the exemplary fingerprints were generated. Upon such negative authentication, the state machine transitions to the invalidation state. In this state, operations (e.g., screen lock) are performed to secure the device against an unauthenticated use.
    Type: Grant
    Filed: August 18, 2015
    Date of Patent: May 29, 2018
    Assignee: International Business Machines Corporation
    Inventors: Aaron James Quirk, Ching-Yun Chao, Dennis DeLanoy Lingerfelt, William Daniel Whitt
  • Patent number: 9986428
    Abstract: The disclosure is related to a machine to machine (M2M) device and a security management method thereof. The M2M device includes an identification circuit. The identification circuit may be configured to encrypt data collected from a sensor with a device identification (ID) of the M2M device and at least one subscriber ID of the identification circuit and to generate a data packet in a predetermined communication standard format by including the encrypted data in a payload of the data packet.
    Type: Grant
    Filed: April 27, 2016
    Date of Patent: May 29, 2018
    Assignee: KT CORPORATION
    Inventors: Young-Bin Cho, Sung-Chul Kim, Jin-Hyoung Lee, Youn-Pil Jeung
  • Patent number: 9977832
    Abstract: A method comprises receiving a first user communication, accessing a directory entry associated with the user, accessing, by a processor, a database stored in a memory that includes content designated as private that is associated with the user in the directory, determining with the processor whether the first user communication includes content designated as private that is associated with the user, generating a second user communication by removing the content designated as private that is associated with the user from the first user communication, and sending the second user communication to an electronic personal assistant.
    Type: Grant
    Filed: September 3, 2015
    Date of Patent: May 22, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Eli M. Dow, James P. Gilchrist, Steven K. Schmidt, Charles J. Stocker, IV
  • Patent number: 9979712
    Abstract: Disclosed are various embodiments for synchronizing authentication sessions between applications. In one embodiment, a first authentication token is received from a first application in response to determining that the first application is authenticated with a service provider. A second authentication token is requested from a token exchange service associated with the service provider. The second authentication token is requested using the first authentication token. The second application is configured to use the second authentication token in order to access a resource of the service provider.
    Type: Grant
    Filed: August 4, 2015
    Date of Patent: May 22, 2018
    Assignee: Amazon Technologies, Inc.
    Inventor: Bharath Kumar Bhimanaik
  • Patent number: 9971879
    Abstract: An authorized user obtains a packaging license that grants permission to use a particular recording device to generate multimedia content in accordance with specified license terms. The packaging license includes a content key that is used to encrypt the multimedia content at the point of capture on the recording device. The encrypted multimedia content can be transmitted via unsecure channels (for example, via electronic mail) to a networked content repository or an intended recipient. For playback, an authorized user obtains a playback license that grants permission to decrypt and playback the multimedia content using a particular playback device. An authorization server and a key management server are used to manage which users are entitled to receive a license, and to define the terms of the granted licenses. A record of the granted authorizations and licenses is maintained, thereby allowing access to a given content item to be audited.
    Type: Grant
    Filed: May 26, 2016
    Date of Patent: May 15, 2018
    Assignee: Adobe Systems Incorporated
    Inventors: Joseph Steele, John Landwehr
  • Patent number: 9973494
    Abstract: An upload management system for managing data upload from a client to a storage system includes an acquisition unit, a determination unit, and a control unit. The acquisition unit acquires information about data already uploaded by the client from the storage system in response to a request from the client which performs the data upload. The determination unit determines whether the client violates a predetermined condition based on the information acquired by the acquisition unit. The control unit performs control to return authentication information for performing the data upload to the client in a case where the determination unit determines that the client does not violate the condition, and performs control not to return the authentication information in a case where the determination unit determines that the client violates the condition.
    Type: Grant
    Filed: May 25, 2016
    Date of Patent: May 15, 2018
    Assignee: Canon Kabushiki Kaisha
    Inventor: Shunsuke Ota
  • Patent number: 9973530
    Abstract: A method of providing at least one communications service provider a connection to an Internet Protocol, IP, server in a perimeter network, the IP server providing a service over a public IP network, the method comprising the steps of detecting, in the perimeter network, an irregularity in IP traffic arriving at the perimeter network over the public IP network, disregarding, in the perimeter network, IP traffic arriving at the perimeter network over the public IP network, and enabling, in the perimeter network, a connection between the IP server and the at least one communications service provider for the service provided by the IP server over at least one private IP network.
    Type: Grant
    Filed: December 20, 2013
    Date of Patent: May 15, 2018
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Martin Hobe, Anne Brussaard, Rogier August Caspar Joseph Noldus, Erik-Jan Van Loenen
  • Patent number: 9959327
    Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for shared folder backed integrated workspaces. In some implementations, a content management system can provide a graphical user interface (GUI) that integrates communications and content management into a single user interface. The user interface can include mechanisms that allow a user to provide input to generate a new workspace. The user interface can provide a mechanism to allow a user to view conversations related to the workspace and/or content items associated with the workspace. The user interface can present representations of content items associated with the workspace and allow the user to provide input to generate, view, edit, and share content items associated with the workspace.
    Type: Grant
    Filed: May 29, 2015
    Date of Patent: May 1, 2018
    Assignee: DROPBOX, INC.
    Inventors: Sean Beausoleil, Matteus Pan, Jean-Denis Greze, Anthony DeVincenzi
  • Patent number: 9930068
    Abstract: An image forming apparatus and a method of controlling the same, when it is instructed that the security policy be enabled, changes a setting item corresponding to the security policy so that the security policy is satisfied, and sets so that a setting value of the setting item cannot be changed, and when it is instructed that the security policy be disabled, controls so that a setting value of the setting item is changed under a condition that a security policy associated with the setting item corresponding to the security policy is disabled.
    Type: Grant
    Filed: March 4, 2015
    Date of Patent: March 27, 2018
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Shota Shimizu
  • Patent number: 9923882
    Abstract: In one example, a system for authenticating domains operates by authenticating a first domain and the extensions that make up the URI of an initial or primary Internet network call. Thereafter, the system can enable the owner of the first domain to make assertions or statements about additional domains and URIs that make up the rest of the web page, session or application.
    Type: Grant
    Filed: January 7, 2014
    Date of Patent: March 20, 2018
    Inventors: Mark Kevin Shull, John Francis Mergen
  • Patent number: 9917687
    Abstract: Systems and methods facilitating a framework that provides a core trusted computing base (TCB) of an electronic device with various security capabilities. The framework can include a low-resource device and at least one distributed resource. The low-resource device can be configured to generate sealing keys, migration keys, and attestation keys that are based on a device secret associated with the low-resource device and one or more software modules. The low-resource device can further be configured to use the migration keys and the sealing keys to both verify a software update and migrate secrets from a previous version of the software to a newer version of the software. Additionally, the low-resource device can be configured to generate an attestation statement using the attestation keys and perform attestation using the attestation statement and the at least one distributed resource.
    Type: Grant
    Filed: October 12, 2015
    Date of Patent: March 13, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: David R Wooten, Andrey Marochko, Dennis Mattoon, Paul England