Patents Examined by Peter Poltorak
  • Patent number: 9230075
    Abstract: Secret values used in a multi-server authentication scheme are updated. Information is authenticated in a system comprising a plurality of processing devices each adaptable for communication with one or more other devices. The information is authenticated by generating at least first and second shares of a first password associated with a first device (such as a client device); storing the first and second shares in respective second and third devices (such as authentication server devices); updating the first and second shares using a secret value T; assigning a version number to the updated first and second shares; and upon submission of additional information associated with the first device to at least one of the second and third devices, the second and third devices utilizing the respective updated first and second shares for a given version number to collectively determine a correspondence of the additional information with the first password.
    Type: Grant
    Filed: August 31, 2012
    Date of Patent: January 5, 2016
    Assignee: EMC Corporation
    Inventors: Peter Robinson, Jaimee Brown, Eric Young
  • Patent number: 9230092
    Abstract: A password-hardening system comprises at least first and second servers. The first server is configured to store a plurality of sets of passwords for respective users with each such set comprising at least one valid password for the corresponding user and a plurality of chaff passwords for that user. The second server is configured to generate valid password indication information indicating for each of the sets which of the passwords in that set is a valid password. The valid password indication information comprises index values computed for respective ones of the password sets by the second server to identify respective valid passwords in the respective password sets. The second server may be further configured to compute the index values utilizing a keyed pseudorandom function, and to send the index values to the first server in association with respective values of a user number counter maintained in the second server.
    Type: Grant
    Filed: September 25, 2013
    Date of Patent: January 5, 2016
    Assignee: EMC Corporation
    Inventor: Ari Juels
  • Patent number: 9218481
    Abstract: A system or computer usable program product for managing password strength including receiving a password on a data processing system for a user, filtering for personal information about the user from multiple independent data sources accessible across a computer network, computing the password strength by the data processing system using an algorithm which compares the password to the filtered personal information about the user, and presenting feedback to the user through a user interface on a data processing system display regarding the computed password strength.
    Type: Grant
    Filed: August 31, 2012
    Date of Patent: December 22, 2015
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Ella Belisario, Dwayne Dames, Jonathan Palgon, Roberto Vila
  • Patent number: 9208344
    Abstract: Methods and systems for accessing databases using a common web interface are provided. A method for transmitting data retrieved from an endpoint device to a client device using a common web interface includes providing the common web interface to the client device. The common web interface allows access to a plurality of endpoint devices, each endpoint device comprising a unique endpoint address. The method further includes receiving, by a computer, identification data from the client device, retrieving an endpoint address for one of the plurality of endpoint devices based on the identification data, connecting to the endpoint device corresponding to the endpoint address, retrieving data from the endpoint device, and transmitting the retrieved data to the client device.
    Type: Grant
    Filed: September 9, 2011
    Date of Patent: December 8, 2015
    Assignee: LexisNexis, A Division of Reed Elsevier Inc.
    Inventors: Mark McCray, Eric Scott Davis
  • Patent number: 9179306
    Abstract: Techniques for third-party content delivery via a unique mobile application address are presented. A mobile application on a mobile device of a consumer generates or is assigned a unique address. The consumer uses the mobile application to communicate with an enterprise over a network. The enterprise delegates delivery of content to the mobile application to a third-party service and provides the unique address. The third-party service directly sends the content over the network to the mobile application of the mobile device on behalf of the enterprise.
    Type: Grant
    Filed: August 31, 2011
    Date of Patent: November 3, 2015
    Assignee: NCR Corporation
    Inventor: Graham West
  • Patent number: 9172694
    Abstract: An approach is provided to access resources at legacy systems. In this approach, a resource request destined to a legacy system is receiving from a requestor with the resource request including an access token and being on behalf of a resource owner. A validation process is performed on the access token. If the access token is valid, the approach identifies the resource owner and one or more legacy access tokens used to access the legacy system. Another request is formed with the new request including the legacy access tokens. The new request is transmitted to the legacy system and a response is received back from the legacy system. The response received from the legacy system is transmitted back to the requestor.
    Type: Grant
    Filed: May 22, 2012
    Date of Patent: October 27, 2015
    Assignee: International Business Machines Corporation
    Inventors: Simon Gilbert Canning, Neil Ian Readshaw, Stephen Viselli, Shane Bradley Weeden
  • Patent number: 9154496
    Abstract: A password-hardening system comprises at least first and second servers. The first server is configured to store a plurality of sets of passwords for respective users with each such set comprising at least one valid password for the corresponding user and a plurality of chaff passwords for that user. The second server is configured to store at least a portion of valid password indication information indicating for each of the sets which of the passwords in that set is a valid password. The first and second servers are further configured to proactively update the sets of passwords and the valid password indication information in each of a plurality of epochs. The valid password indication information may comprise, for example, valid password index values for respective ones of the users, with the index values being stored as a shared secret across the first and second servers.
    Type: Grant
    Filed: September 25, 2013
    Date of Patent: October 6, 2015
    Assignee: EMC Corporation
    Inventor: Ari Juels
  • Patent number: 9137210
    Abstract: A browsing process is directed to the generation and management of a browse session at a network computing provider. A client computing device transmits secure requests for network resources to a network computing provider. The network computing provider comprises one or more virtual network computing providers for processing secure communications between a client computing device and a content source. A virtual network computing provider handles the secure communications, decrypting and processing the communications while preventing third parties from accessing the unencrypted communication data. The virtual network computing provider may determine a browse configuration identifying processing actions to perform on the request content.
    Type: Grant
    Filed: February 21, 2012
    Date of Patent: September 15, 2015
    Assignee: Amazon Technologies, Inc.
    Inventors: Sachin P. Joglekar, Peter S. Vosshall, Jonathan A. Jenkins
  • Patent number: 9118711
    Abstract: A system, method, and computer program product are provided for displaying, via at least one user interface, a plurality of techniques of different technique types including a first technique for setting or modifying a policy for mitigating a first occurrence, and a second technique for dropping packets in connection with at least one networked device for mitigating the first occurrence. Based on user input selecting the first technique for setting or modifying the policy for mitigating the first occurrence, the first technique is automatically applied for setting or modifying the policy for mitigating the first occurrence. Based on the user input selecting the second technique for dropping packets in connection with the at least one networked device for mitigating the first occurrence, the second technique is applied for dropping packets in connection with the at least one networked device for mitigating the first occurrence.
    Type: Grant
    Filed: September 29, 2014
    Date of Patent: August 25, 2015
    Assignee: SecurityProfiling, LLC
    Inventors: Brett M. Oliphant, John P. Blignaut
  • Patent number: 9118709
    Abstract: A system, method, and computer program product are provided including client and server code configured to cooperate, resulting in display, via at least one user interface, of a plurality of user options for causing different actions of different types in connection with at least one of the networked devices that is actually vulnerable to at least one of a plurality of actual vulnerabilities for at least mitigating an occurrence. The user options include a first user option for causing a first action for dropping packets in connection with the at least one networked device for mitigating the occurrence and a second user option for causing a second action for installation of a patch on the at least one networked device for removing the at least one vulnerability from the at least one networked device.
    Type: Grant
    Filed: September 28, 2014
    Date of Patent: August 25, 2015
    Assignee: SecurityProfiling, LLC
    Inventors: Brett M. Oliphant, John P. Blignaut
  • Patent number: 9111115
    Abstract: A method, apparatus, and a computer readable storage medium having computer readable instructions to carry out the steps of the method for anonymous access to a database. Each record of the database has different access control permissions (e.g. attributes, roles, or rights). The method allows users to access the database record while the database does not learn who queries a record. The database does not know which record is being queried: (i) the access control list of that record or (ii) whether a user's attempt to access a record had been successful. The user can only obtain a single record per query and only those records for which he has the correct permissions. The user does not learn any other information about the database structure and the access control lists other than whether he was granted access to the queried record, and if so, the content of the record.
    Type: Grant
    Filed: November 4, 2013
    Date of Patent: August 18, 2015
    Assignee: International Business Machines Corporation
    Inventors: Jan Leonhard Camenisch, Maria Dubovitskaya, Gregory Neven, Greg Zaverucha
  • Patent number: 9098701
    Abstract: Provided are an application module injection device, a computing device including an application module injection function, and a recording medium that records a program for executing an application module injection method.
    Type: Grant
    Filed: December 8, 2010
    Date of Patent: August 4, 2015
    Assignee: FASOO.COM CO., LTD
    Inventors: Jong-Young Kim, Jong-II Lee
  • Patent number: 9098694
    Abstract: The present disclosure describes techniques and apparatuses for clone-resistant logic. In some aspects, this clone-resistant logic enables computing-device manufacturers to better protect their devices against use of inauthentic accessories.
    Type: Grant
    Filed: June 22, 2012
    Date of Patent: August 4, 2015
    Assignee: Marvell International Ltd.
    Inventor: Roy G. Moss
  • Patent number: 9100825
    Abstract: An approach for enabling multi-factor biometric authentication of a user based on different data capture modalities of a mobile device is described. A biometric enabler receives a request for authentication of a user via a network at a mobile device of the user. The biometric authentication further initiates a capture of media associated with the user at the mobile device based on the request, wherein the capture is based on a capture condition. The biometric enabler also determines, in response to the request, whether the media is associated with different types of biometric information of the user as maintained in association with a resource that requires authentication of the user.
    Type: Grant
    Filed: May 31, 2013
    Date of Patent: August 4, 2015
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Paul T. Schultz, Robert A. Sartini
  • Patent number: 9083730
    Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify an Internet protocol address blacklist boundary. An example method includes identifying a netblock associated with a malicious Internet protocol address, the netblock having a lower boundary and an upper boundary, collecting netflow data associated with a plurality of Internet protocol addresses in the netblock, establishing a first window associated with a lower portion of Internet protocol addresses numerically lower than a candidate Internet protocol address, establishing a second window associated with an upper portion of Internet protocol addresses numerically higher than a candidate Internet protocol address, calculating a breakpoint score based on a comparison between a behavioral profile of the first window and a behavioral profile of the second window, and identifying a first sub-netblock when the breakpoint score exceeds a threshold value.
    Type: Grant
    Filed: December 6, 2013
    Date of Patent: July 14, 2015
    Assignee: AT&T Intellectual Property I., L.P.
    Inventors: Baris Coskun, Suhrid Balakrishnan, Suhas Mathur
  • Patent number: 9077813
    Abstract: A method, an apparatus and an article of manufacture for masking a message on an electronic device. The method includes receiving a message on an electronic device, determining if a message category label is included in the message, mapping the message category to a corresponding masking format if a message category label is included in the message, extracting the content of the message to generate a message category if a message category label is not included in the message, wherein each message category generated corresponds to a masking format, and masking the message on the electronic device by transforming the message into the masking format that corresponds to the message category for the message.
    Type: Grant
    Filed: February 29, 2012
    Date of Patent: July 7, 2015
    Assignee: International Business Machines Corporation
    Inventors: Sasha P. Caskey, Ossama Emam, Dimitri Kanevsky, Tara N. Sainath
  • Patent number: 9065854
    Abstract: The present disclosure relates to methods and systems for managing a guest virtual machine executing within a virtualized environment. A daemon is established on a guest virtual machine executing within a virtualized environment. The daemon is configured to communicate with a management service virtual machine executing within the virtualized environment. The daemon receives, from the management service virtual machine via an application layer protocol, a request identifying an action type of a plurality of predetermined action types. The daemon identifies the action type of the plurality of predetermined action types from the received request and performs an action corresponding to the identified action type. In some implementations, the application layer protocol is one of Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS).
    Type: Grant
    Filed: October 28, 2013
    Date of Patent: June 23, 2015
    Assignee: CITRIX SYSTEMS, INC.
    Inventors: Raghu Goyal, Sanjay Gupta, Dave Saurabh
  • Patent number: 9053294
    Abstract: The invention provides the ability to produce long, complex passwords from simple, easy to recall, pictorial selections. The invention features a picture based interface unit, linked to a series of individual process modules. Selecting images contained in the image selection module generates a reference pointer corresponding to coordinates in the reference pointer of the control module which thereby generates a rotor sequence that is passed to the password generator module containing ASCII characters groups. The character groups are processed according to the rotor sequence contents to produce a password that is displayed in a display module for editing and/or use.
    Type: Grant
    Filed: April 24, 2012
    Date of Patent: June 9, 2015
    Inventor: Vance Burkill
  • Patent number: 9055093
    Abstract: Method, system and computer program product for detecting at least one of security threats and undesirable computer files are provided. A first method includes receiving a data stream which represents outbound, application layer messages from a first computer process to at least one second computer process. The computer processes are implemented on one or more computers. The method further includes monitoring the data stream to detect a security threat based on a whitelist having entries which contain metadata. The whitelist describes legitimate application layer messages based on a set of heuristics. The method still further includes generating a signal if a security threat is detected. A second method includes comparing a set of computer files with a whitelist which characterizes all legitimate computer files. The whitelist contains one or more entries. Each of the entries describe a plurality of legitimate computer files.
    Type: Grant
    Filed: December 18, 2008
    Date of Patent: June 9, 2015
    Inventor: Kevin R. Borders
  • Patent number: 9043877
    Abstract: A root user identifier of a computing system is disabled. Thereafter, and in response to determining that a problem with the computing system requires root privileges to the computing system to solve, a code patch for installation on the computing system is received from a third party. The code patch is installed on the computing system, resulting in a user identifier temporarily having the root privileges to the computing system. The user identifier is different than the root user identifier is. A password for the user identifier is provided to the third party to permit the third party to solve the problem with the computing system using the root privileges, via the user identifier temporarily having the root privileges to the computing system. The code patch is computer code installable on the computing system.
    Type: Grant
    Filed: October 6, 2009
    Date of Patent: May 26, 2015
    Assignee: International Business Machines Corporation
    Inventors: John J. Auvenshine, Bernhard J. Klingenberg, Neeta Garimella, Thomas K. Clark