Patents Examined by Peter Poltorak
  • Patent number: 9553849
    Abstract: A method includes identifying a trusted computer network. The method also includes monitoring a plurality of active network connections. The method further includes determining that the trusted computer network is unavailable by determining that the plurality of active network connections does not comprise the trusted computer network. The method additionally includes, in response to determining that the trusted computer network is unavailable, securing sensitive data documents. Securing the sensitive data documents includes, for each data document of a plurality of data documents, determining a respective classification of a plurality of classifications. The plurality of classifications includes a sensitive classification based on predetermined criteria. Securing the sensitive data documents also includes encrypting particular data documents having the sensitive classification.
    Type: Grant
    Filed: September 11, 2013
    Date of Patent: January 24, 2017
    Assignee: CA, Inc.
    Inventor: Howard Smalley
  • Patent number: 9519782
    Abstract: Systems and methods for detecting malicious content on portable data storage devices or remote network servers are provided. In an exemplary embodiment, a system comprises a quarantine module configured to detect one or more portable data storage devices upon insertion of the devices into a security appliance, wherein the security appliance is configured to receive the portable data storage devices, a controller configured to receive from the security appliance, via a communication network, data associated with the portable data storage devices, an analysis module configured to analyze the data to determine whether the data includes malware, and a security module to selectively identify, based on the determination, the one or more portable data storage devices storing the malware.
    Type: Grant
    Filed: February 24, 2012
    Date of Patent: December 13, 2016
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Stuart Gresley Staniford, Muhammad Amin, Henry Uyeno, Samuel Yie
  • Patent number: 9509683
    Abstract: According to some embodiments, a method provides a designated link in a notification to an intended recipient of the message. The designated link includes a unique identifier associated with the message. Upon receiving a request to access the message, the method authenticates the request. Authentication includes verifying whether the request corresponds to the designated link provided in the notification. If the request passes authentication, the method communicates the message.
    Type: Grant
    Filed: March 13, 2015
    Date of Patent: November 29, 2016
    Assignee: ZixCorp Systems, Inc.
    Inventors: Dena Terry Bauckman, Nigel Paul Johnson, David Joseph Robertson
  • Patent number: 9497212
    Abstract: Systems and methods for detecting malicious resources by analyzing communication between multiple resources coupled to a network are provided. According to one embodiment, a method is performed for client reputation monitoring. A monitoring unit within a network observes activities relating to multiple monitored devices within the network. For each observed activity, the monitoring unit assigns a score to the observed activity based upon a policy of multiple polices established within the monitoring unit. For each of the monitored devices, the monitoring unit maintains a current reputation score for the monitored device based upon the score and a historical score associated with the monitored device. The monitoring unit classifies one of the monitored devices as potentially being a malicious resource based upon its current reputation score.
    Type: Grant
    Filed: May 21, 2012
    Date of Patent: November 15, 2016
    Assignee: Fortinet, Inc.
    Inventor: Darren W. Turnbull
  • Patent number: 9467281
    Abstract: According to one embodiment, an information processing apparatus, which is connected to an external apparatus, includes a device key storage unit, a creating unit, a calculating unit, a communication unit, and a key calculating unit. The device key storage unit stores therein a device key. The creating unit creates a media key from the device key and a media key block. The calculating unit calculates first output information on the basis of first inherent information inherent to the information processing apparatus and public information. The communication unit transmits the first output information to the external apparatus and receives second output information calculated by the external apparatus from the external apparatus. The key calculating unit calculates a shared key shared between the information processing apparatus and the external apparatus on the basis of the media key, the first inherent information, and the second output information.
    Type: Grant
    Filed: April 7, 2015
    Date of Patent: October 11, 2016
    Assignee: KABUSHIKI KAISHA TOSHIBA
    Inventors: Toru Kambayashi, Yoshikazu Hanatani, Yuichi Komano, Yoshihiro Oba, Satoshi Ito, Taku Kato, Yasuro Shobatake
  • Patent number: 9459955
    Abstract: A data storage device includes a memory and a controller. The controller is configured to scramble data using a scramble key to produce scrambled data and to encode the scramble key to produce an encoded scramble key. The controller is further configured to store the encoded scramble key and the scrambled data to the memory.
    Type: Grant
    Filed: May 24, 2012
    Date of Patent: October 4, 2016
    Assignee: SANDISK TECHNOLOGIES LLC
    Inventors: Daniel Edward Tuers, Steven Cheng
  • Patent number: 9443068
    Abstract: An authentication system protects a hardware cryptographic chip from being commanded to decrypt or sign data by someone other than the legitimate owner(s) of the certificate residing on the chip. Openness of present cryptographic hardware systems are limited by imposing a condition that the cryptographic chip will only perform critical cryptographic tasks if the task is accompanied by a signature which only the legitimate owner can provide.
    Type: Grant
    Filed: July 24, 2013
    Date of Patent: September 13, 2016
    Inventor: Micheal Bleahen
  • Patent number: 9442778
    Abstract: This disclosure describes a method for accessing network resources which includes receiving by a first application in a mobile computing device sign-in information from a user and enabling the user to sign in to a second application with the first application to access network resources from a resource server based on (a) a first application identification (ID) of the second application, (b) the user authorizing the second application to the resource server, and (c) receiving an authorization grant from the resource server to enable the second application to access the network resources, the mobile computing device coupled with the resource server via a network.
    Type: Grant
    Filed: September 25, 2013
    Date of Patent: September 13, 2016
    Assignee: salesforce.com, inc.
    Inventors: Sachin Desai, Qingqing Liu, Ronald Fischer
  • Patent number: 9436832
    Abstract: Systems and methods enabling secure virtual image access in a virtual or cloud computing environment. The systems and methods include assigning a status to indicator to guest virtual machines (virtual images) that provide applications and other services to cloud consumers in the cloud environment. A virtual appliance machine in the cloud environment maintains the status of the guest virtual machines and makes decisions based on the status as to whether to allow access to the guest virtual machines. These decisions are transmitted to local elements on the guest virtual machines, which enforce access control on a local level. In this manner, unauthorized virtual image access is prevented providing increased security and data integrity.
    Type: Grant
    Filed: July 22, 2014
    Date of Patent: September 6, 2016
    Assignee: CA, INC.
    Inventors: Nir Barak, Eitan Hadar
  • Patent number: 9432366
    Abstract: A touch screen, now incorporated in most smart phones, presents an effective and transparent method to incorporate continuous active user verification schemes. The projected capacitive grid structure can be used to capture enough information to verify that a valid user currently has possession of the mobile device, even while the user is not consciously engaged in an active verification interface. Further processing, such as habitual gesture recognition, can augment the process.
    Type: Grant
    Filed: April 1, 2014
    Date of Patent: August 30, 2016
    Assignee: AMI RESEARCH & DEVELOPMENT, LLC
    Inventors: John T. Apostolos, William Mouyos, Judy Feng, Dwayne T. Jeffrey
  • Patent number: 9419789
    Abstract: A method of scalar multiplication to obtain the scalar product between a key and a point on an elliptic curve, wherein the secret is m bits long. In selected embodiments, the first step is to partition the secret into two partitions each with m/2 bits. Point-doubling operations are performed on the point and stored into three buffers. Point additions are performed at randomized time intervals thereby preventing the method from being susceptible to differential power analysis attacks.
    Type: Grant
    Filed: September 5, 2014
    Date of Patent: August 16, 2016
    Assignee: UMM AL-QURA UNIVERSITY
    Inventors: Turki F Al-Somani, Hilal Houssain
  • Patent number: 9384349
    Abstract: A method for securing an electronic device includes, at a level below all of the operating systems of an electronic device, trapping a first attempt and second attempt to access sensitive system resources of the electronic device. The method also includes identifying the first attempt and second attempt as representing a potential malware attack, comparing the sequence of the first attempt and second attempt against a first anti-malware rule, and, based on the comparison of the sequence of the first attempt and second attempt against the first anti-malware rule, allowing the second attempt. The first attempt and second attempt originate from code of the same operating entity. The first anti-malware rule includes a requirement of a sequence of attempts including the first attempt followed by the second attempt.
    Type: Grant
    Filed: May 21, 2012
    Date of Patent: July 5, 2016
    Assignee: McAfee, Inc.
    Inventors: Aditya Kapoor, Guy Roberts
  • Patent number: 9378346
    Abstract: An efficient exchange of messages in a system for authenticating access to a base device is facilitated through the selection of a particular biometric template from among a plurality of biometric templates. Rather than transmitting the template to a peripheral device, an indication of a location of the particular biometric template within the plurality of biometric templates is transmitted to the peripheral device. At the peripheral device, once the indication of the location and a biometric candidate are received, the particular biometric template may be located and compared to the biometric candidate. Finally, an indication of a result of the comparing may be transmitted to the base device.
    Type: Grant
    Filed: January 24, 2008
    Date of Patent: June 28, 2016
    Assignee: BlackBerry Limited
    Inventors: Neil Patrick Adams, Herbert A. Little
  • Patent number: 9379891
    Abstract: Provided are identifier (ID)-based encryption and decryption methods and apparatuses for the methods. The ID-based encryption method includes having, at a transmitting terminal, a transmitting-side private key corresponding to a transmitting-side ID issued by a key issuing server, generating, at the transmitting terminal, a session key using the transmitting-side ID, a receiving-side ID, and the transmitting-side private key, extracting, at the transmitting terminal, a secret key from at least a part of the session key, and encrypting, at the transmitting terminal, a message using a previously set encryption algorithm and the secret key.
    Type: Grant
    Filed: October 30, 2013
    Date of Patent: June 28, 2016
    Assignees: SAMSUNG SDS CO., LTD., SNU R&DB FOUNDATION
    Inventors: Hyo Jin Yoon, Jung Hoon Sohn, Seon Young Lee, Hyung Tae Lee, Jung Hee Cheon
  • Patent number: 9372963
    Abstract: A method may include receiving, at an application server, a session initiation protocol (SIP) message including a public user identifier (ID) associated a user. The public user ID corresponds to a plurality of user devices. The method also includes determining an applicable order of alerting at least one of the plurality of user devices. The method further includes identifying at least one available user device associated with the user, based on a terminal identifier (ID) associated with each at least one available user device. The method includes selecting a user device from the at least one available user device based on the applicable order of alerting. A SIP invite message, including a terminal ID for the selected user device, is generated. The method includes sending the SIP invite message to the selected user device based on the applicable order of alerting, and receiving a response to the SIP invite message.
    Type: Grant
    Filed: August 30, 2012
    Date of Patent: June 21, 2016
    Assignees: Verizon Patent and Licensing Inc., Cellco Partnership
    Inventors: Priscilla Lau, Mingxing S. Li, Jeffrey R. Evans
  • Patent number: 9369457
    Abstract: Features are disclosed for authentication of mobile device applications using a native, independent browser using a single-sign-on system. An authentication module within the mobile application can direct the mobile device's native browser to a URL to initiate authentication with an authentication appliance. The mobile browser can receive and store a browser-accessible token to indicate previous authentication performed by the user. The mobile application can receive from the application appliance and store a client application ID token that may be presented to network services for access. A second mobile device application may direct the same browser to the authentication appliance. The authentication appliance may inspect the persistent browser-accessible token and issue a second client application ID identity to the second application without collecting additional authentication information, or collecting additional authentication information that is different from the first authentication information.
    Type: Grant
    Filed: June 26, 2014
    Date of Patent: June 14, 2016
    Assignee: SecureAuth Corporation
    Inventors: Garret Florian Grajek, Jeff Chiwai Lo, Robert Jason Phillips, Shu Jen Tung
  • Patent number: 9356964
    Abstract: One embodiment is directed to a system that comprises a network device, including at least a first port, which is configured to analyze information within one or more messages received during a session initiated by another network device. The system is configured to perform operations including determining a total number of sessions for the first port of the network device and determining whether the total number of sessions for the first port exceeds a threshold value. If the total number of sessions for the first port exceeds the threshold value, an application associated with the first port is classified as a peer-to-peer application. Thereafter, a policy may be enforced based on this classification.
    Type: Grant
    Filed: October 30, 2013
    Date of Patent: May 31, 2016
    Assignee: ARUBA NETWORKS, INC.
    Inventors: Mohan Maturi, Sridhar Kamsetty, Andrew E. Schweig
  • Patent number: 9357381
    Abstract: The disclosure is related to a machine to machine (M2M) device and a security management method thereof. The M2M device includes an identification circuit. The identification circuit may be configured to encrypt data collected from a sensor with a device identification (ID) of the M2M device and at least one subscriber ID of the identification circuit and to generate a data packet in a predetermined communication standard format by including the encrypted data in a payload of the data packet.
    Type: Grant
    Filed: October 30, 2013
    Date of Patent: May 31, 2016
    Assignee: KT CORPORATION
    Inventors: Young-Bin Cho, Sung-Chul Kim, Jin-Hyoung Lee, Youn-Pil Jeung
  • Patent number: 9331993
    Abstract: A communication device comprising a central processing unit (CPU) and a memory device is disclosed. The CPU is configured to send a first attach request including a first subscription identity (FSI) to the network apparatus, receive an authentication request including a random number and an authentication token from the network apparatus as a response to the first attach request. Further, the CPU is configured to authenticate the authentication token using the random number and a first key associated with the FSI, obtain a second key and a second subscription identity (SSI) in response to authentication of the authentication token failing, where SSI is obtained from the authentication request. The CPU is further configured to send an authentication failure to the network apparatus. The second key and SSI are stored in the memory device such that the second key is associated with SSI.
    Type: Grant
    Filed: June 16, 2011
    Date of Patent: May 3, 2016
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Shingo Murakami, Ryoji Kato, Toshikane Oda, Shinta Sugimoto
  • Patent number: 9323912
    Abstract: An approach for enabling multi-factor biometric authentication of a user of a mobile device is described. A biometric authenticator captures, via a mobile device, first and second biometric data for a user. The biometric authentication further associates the first biometric data and the second biometric data. The biometric authenticator then initiates a multi-factor authentication procedure that utilizes the first biometric data and the second biometric data to authenticate the user based on the association.
    Type: Grant
    Filed: February 28, 2012
    Date of Patent: April 26, 2016
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Paul T. Schultz, Robert A. Sartini