Patents Examined by Peter Poltorak
  • Patent number: 9722797
    Abstract: A method for generating a digital signature includes grouping, with a processing device, a first record with a second record, and generating a first digital signature based at least in part on the first record and the second record.
    Type: Grant
    Filed: September 29, 2014
    Date of Patent: August 1, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: John C. Dayka, Anthony T. Sofia
  • Patent number: 9716692
    Abstract: A technology-agnostic and protocol-agnostic system for transferring data between an enterprise, such as a financial institution or the like and external entities, such as commercial banking customers and the like. The embodiments described provide the user with a data transfer solution that is compatible with all major operating systems, supports mobile platforms and allows for local data transfer, as well as, data transfer from cloud services and cloud connection services. The comprehensive nature of the application provides for applicable data transfer amongst all of the different services provided by the enterprise and provides the user/external entity with a streamlined means for transferring data to and from the enterprise. The application minimizes external entity involvement from an Information Technology (IT) standpoint, such that any user can efficiently, effectively and reliably transfer data to and from an enterprise with minimal risk and high confidence.
    Type: Grant
    Filed: January 1, 2015
    Date of Patent: July 25, 2017
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Sorin N. Cismas, Manu Jacob Kurian
  • Patent number: 9716728
    Abstract: A method of managing keys and policies is provided. The method includes communicating policies from a key and policy manager in an enterprise environment to an agent in a cloud environment. The method includes generating keys at the key and policy manager and distributing one or more of the keys to computing or communication devices in the enterprise environment, in accordance with the policies. The method includes enforcing the policies in the cloud environment via an application of the policies by the agent, wherein at least one method operation is executed through a processor.
    Type: Grant
    Filed: September 10, 2013
    Date of Patent: July 25, 2017
    Assignee: Vormetric, Inc.
    Inventor: Derek Tumulak
  • Patent number: 9710617
    Abstract: Systems and methods are described which utilize a recursive security protocol for the protection of digital data. These may include encrypting a bit stream with a first encryption algorithm and associating a first decryption algorithm with the encrypted bit stream. The resulting bit stream may then be encrypted with a second encryption algorithm to yield a second bit stream. This second bit stream is then associated with a second decryption algorithm. This second bit stream can then be decrypted by an intended recipient using associated keys.
    Type: Grant
    Filed: January 18, 2013
    Date of Patent: July 18, 2017
    Assignee: Rubicon Labs, Inc.
    Inventor: William V. Oxford
  • Patent number: 9705677
    Abstract: Embodiments of systems and methods which provide highly specific control over the execution of general-purpose code block are disclosed. These embodiments may allow the exact circumstances under which a given code block is allowed to execute to be determined with specificity. Such a control mechanism may be coupled with embodiments of a data hiding system and method, based for example, on an ordered execution of a set of code segments implemented via recursive execution. When embodiments of these systems and methods are utilized together an unencumbered generality as well as a level of protection against attack that surpasses many other security systems may be obtained.
    Type: Grant
    Filed: April 2, 2013
    Date of Patent: July 11, 2017
    Assignee: Rubicon Labs, Inc.
    Inventor: William V. Oxford
  • Patent number: 9692782
    Abstract: Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method is performed for client reputation monitoring. A monitoring unit within a network observes activities relating to multiple monitored devices within the network. For each observed activity, the monitoring unit assigns a score to the observed activity based upon a policy of multiple polices established within the monitoring unit. For each of the monitored devices, the monitoring unit maintains a current reputation score for the monitored device based upon the score and a historical score associated with the monitored device. The monitoring unit classifies one of the monitored devices as potentially being a malicious resource based upon its current reputation score.
    Type: Grant
    Filed: February 3, 2015
    Date of Patent: June 27, 2017
    Assignee: Fortinet, Inc.
    Inventor: Darren W. Turnbull
  • Patent number: 9684788
    Abstract: A method is provided to instrument applications with an instrumentation policy that is visually configurable and allows for run-time modifications of the policy. Instrumentation is achieved without modifying the source code of the applications. Modification of the instrumentation policy of an application is applied without re-compiling, re-deploying, and re-provisioning the application. The instrumentation tracks the flow of values at run time throughout the execution of an application and fixes any security violation automatically by dynamically modifying any value that violates integrity or confidentiality.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: June 20, 2017
    Assignee: International Business Machines Corporation
    Inventors: Pietro Ferrara, Marco Pistoia, Omer Tripp, Petar I. Tsankov
  • Patent number: 9667647
    Abstract: Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method of client reputation monitoring is provided. A monitoring unit executing on a network security device operable to protect a private network observes activities relating to multiple monitored devices within the private network. For each of the observed activities, a score is assigned by the monitoring unit based upon a policy of multiple polices established within the monitoring unit. For each of the monitored devices, a current reputation score is maintained by the monitoring unit based upon the score and a historical score associated with the monitored device. A monitored is classified by the monitoring unit as potentially being a malicious resource based upon the current reputation score for the monitored device.
    Type: Grant
    Filed: March 11, 2015
    Date of Patent: May 30, 2017
    Assignee: Fortinet, Inc.
    Inventor: Darren W. Turnbull
  • Patent number: 9660974
    Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.
    Type: Grant
    Filed: February 13, 2015
    Date of Patent: May 23, 2017
    Assignee: SecureAuth Corporation
    Inventors: Garret Florian Grajek, Chihwei Liu, Allen Yu Quach, Jeffrey Chiwai Lo
  • Patent number: 9660990
    Abstract: A root user identifier of a computing system is disabled. Thereafter, and in response to determining that a problem with the computing system requires root privileges to the computing system to solve, a code patch for installation on the computing system is received from a third party. The code patch is installed on the computing system, resulting in a user identifier temporarily having the root privileges to the computing system. The user identifier is different than the root user identifier is. A password for the user identifier is provided to the third party to permit the third party to solve the problem with the computing system using the root privileges, via the user identifier temporarily having the root privileges to the computing system. The code patch is computer code installable on the computing system.
    Type: Grant
    Filed: April 17, 2015
    Date of Patent: May 23, 2017
    Assignee: International Business Machines Corporation
    Inventors: John J. Auvenshine, Thomas K. Clark, Neeta Garimella, Bernhard J. Klingenberg
  • Patent number: 9652618
    Abstract: Example embodiments are disclosed herein for asset architecture evaluation and security enforcement within an enterprise computing platform. One example method includes receiving a proposed architecture for evaluation, wherein the proposed architecture for evaluation relates to integration of an asset into the enterprise computing platform. This example method further includes dynamically evaluating, by risk evaluation circuitry, the proposed architecture against embedded security policies, standards, baselines, or patterns established for the enterprise computing platform. In addition, the example method includes, in an instance in which dynamic evaluation of the proposed architecture identifies security gaps, determining, by the risk evaluation circuitry, changes to the proposed architecture that would remediate the identified security gaps.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: May 16, 2017
    Assignee: Optum, Inc.
    Inventor: Phillip F Lerner
  • Patent number: 9645794
    Abstract: A method of performing finite field addition and doubling operations in an elliptic curve cryptography (ECC) authentication scheme as a countermeasure to side-channel attack. The addition and doubling operations are executed using atomic patterns that involve the same sequence and number of operation types, so that the noise consumption and electromagnetic emanation profile of circuitry performing the operations is identical regardless of operation. A subtraction operation using such an atomic pattern is also disclosed.
    Type: Grant
    Filed: May 29, 2015
    Date of Patent: May 9, 2017
    Assignee: TEXAS INSTRUMENTS INCORPORATED
    Inventor: Eric Thierry Peeters
  • Patent number: 9641540
    Abstract: A method is performed at a management device to manage multiple network security devices over a network. The security devices are configured to control access to network accessible resources. A query is received. In response to the received query, a respective native security rule that references the specific resource is collected from each security device, where each native security rule is based on a respective native rule model associated with the security device from which the native security rule is collected. Each native security rule is translated into a respective normalized rule that is based on a generic rule model. The respective normalized rules are compared to each other to generate compare results. Based on the compare results, an indication of whether each security device allows or blocks access to the specific resource is generated.
    Type: Grant
    Filed: May 29, 2015
    Date of Patent: May 2, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: Yedidya Dotan, Jason M. Perry, Denis Knjazihhin, Zachary D. Siswick, Sachin Vasant
  • Patent number: 9642005
    Abstract: A computer-readable medium embodies a computer program for authenticating a user. The computer program comprises computer-readable program code for: generating a first message including an identifier for a session, sending the first message through an interface associated with the session, receiving a response message including the identifier for the session, a user identifier, and at least a portion encrypted using a private key associated with a mobile device associated with the user, and authenticating the user in response to identifying that the response message includes at least the portion encrypted using the private key associated with the mobile device.
    Type: Grant
    Filed: May 21, 2012
    Date of Patent: May 2, 2017
    Assignee: Nexiden, Inc.
    Inventors: Klaus S. Fosmark, William A. Perry, Jr.
  • Patent number: 9641527
    Abstract: An information processing apparatus, method, and recording medium. The information processing apparatus includes processing circuitry that starts second software stored in a second medium to execute a second maintenance program when a type of a first medium is a maintenance type, and starts a first software stored in the first medium to execute a first maintenance program when the type of the first medium is not the maintenance type, the processing circuitry does not start the second software when the type of the first medium is not the maintenance type.
    Type: Grant
    Filed: February 11, 2015
    Date of Patent: May 2, 2017
    Assignee: RICOH COMPANY, LTD.
    Inventor: Hiroaki Uchiyama
  • Patent number: 9619671
    Abstract: A platform including a security system is described. The security system comprises, in one embodiment, a multi-state system having a plurality of modes, available whenever the platform has a source of power. The modes comprise an unarmed mode, in which the security system is not protecting the platform, an armed mode, in which the platform is protected, the armed mode reached from the unarmed mode, after an arming command, and a suspecting mode, in which the platform is suspecting theft, the suspecting mode reached from the armed mode, when a risk behavior is detected.
    Type: Grant
    Filed: December 22, 2011
    Date of Patent: April 11, 2017
    Assignee: Intel Corporation
    Inventors: Michael Berger, Mukesh Kataria, Jeffrey M. Tripp, Yasser Rasheed, David Birnbaum, Hung P. Huynh, Eli Kupermann, Mazen G. Gedeon, Joshua M. Resch
  • Patent number: 9614830
    Abstract: A relay apparatus includes a storage unit, a first reception unit, a first request unit, a second reception unit, a second request unit, a third reception unit, and an access unit. The storage unit stores, for each user, authorization information for accessing a service providing apparatus. The first reception unit receives from a client apparatus an access request including a request for access to the service providing apparatus and identification information for identifying the user. The first request unit issues an acquisition request for the authorization information to a different relay apparatus. The second reception unit receives authorization information transmitted from the different relay apparatus. The second request unit requests the different relay apparatus to update the received authorization information. The third reception unit receives updated authorization information transmitted from the different relay apparatus.
    Type: Grant
    Filed: February 12, 2015
    Date of Patent: April 4, 2017
    Assignee: FUJI XEROX CO., LTD.
    Inventor: Yutaka Sakai
  • Patent number: 9589154
    Abstract: An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process.
    Type: Grant
    Filed: July 7, 2014
    Date of Patent: March 7, 2017
    Assignee: Acer Cloud Technology Inc.
    Inventors: Pramila Srinivasan, John Princen
  • Patent number: 9584489
    Abstract: Controlling access resource functions. Establishing, by a resource access manager, enrollment information (e) for each of a plurality of users. Encrypting, by the access manager, each received (e) in an authorization data item for the corresponding user. Transmitting, by the access manager, each authorization data item to a corresponding user device. Receiving, by a resource control point, from a user device, a request for access to a function of the resource, the request for access comprising the received authorization data item and verification information (v). Decrypting, by the control point, the received authorization data item to extract (e). Determining, by the control point, a similarity measure between (v) and (e). For a determined similarity measure greater than or equal to a threshold, authorizing, by the control point, the request for access. For a determined similarity measure less than the threshold, denying, by control point, the request for access.
    Type: Grant
    Filed: May 29, 2015
    Date of Patent: February 28, 2017
    Assignee: GOOGLE INC.
    Inventors: Roger Trias Sanz, Erwin Aitenbichler
  • Patent number: 9571452
    Abstract: A firewall uses a variety of techniques to obtain a useful domain name from a network request, that is, a domain name that facilitates the accurate enforcement of domain-based security rules for network traffic at the firewall. If the network request includes an Internet Protocol (IP) address instead of the domain name, the firewall may begin with a reverse domain name lookup. If this technique fails to adequately resolve the domain name, then the firewall may attempt a hypertext transfer protocol (HTTP) GET request to the IP address and investigate the header for useful domain name information. The firewall may also or instead initiate a secure connection to the IP address and analyze a certificate returned from the destination for the presence of domain name information. These measures can produce one or more domain names that can be collectively analyzed to select a suitable domain name for the application of a domain-based security rule or policy by the firewall.
    Type: Grant
    Filed: June 29, 2015
    Date of Patent: February 14, 2017
    Assignee: Sophos Limited
    Inventor: Jonathan Egan Salcedo