Patents Examined by Piotr Poltorak
  • Patent number: 10419418
    Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.
    Type: Grant
    Filed: September 28, 2017
    Date of Patent: September 17, 2019
    Assignee: SecureAuth Corporation
    Inventors: Garret Florian Grajek, Chihwei Liu, Allen Yu Quach, Jeffrey Chiwai Lo
  • Patent number: 10402630
    Abstract: An apparatus for maintaining privacy when providing media content to a group includes at least one sensor coupled to a processor that is configured to observe, based on sensor data from the sensor(s), that more than one user is engaged with the apparatus, and to obtain user identities for at least a first user and a second user engaged with the apparatus. The processor looks-up a first privacy preference for the first user and a second privacy preference for the second user based on the user identities of both users. The processor determines restricted content based on the first privacy preference and the second privacy preference and determines and outputs for display suggested content for engagement by the first user and the second user, based on the restricted content, where the suggested content satisfies criterion for the first privacy preference and the second privacy preference.
    Type: Grant
    Filed: March 10, 2017
    Date of Patent: September 3, 2019
    Inventors: James Fairbairn, Steven Trombetta, Vipul Hingne
  • Patent number: 10395036
    Abstract: Systems and methods for continued runtime authentication of Information Handling System (IHS) applications. In an illustrative, non-limiting embodiment, an IHS may include one or more processors and a memory coupled to the one or more processors, the memory including program instructions stored thereon that, upon execution by the one or more processors, cause the IHS to: receive a command to execute an application; initially verify a plurality of tokens, where a first token is provided by the application, a second token is provided by an application manager, and a third token is provided by a hardware component within the IHS; and execute the application in response the initial verification being successful.
    Type: Grant
    Filed: March 16, 2017
    Date of Patent: August 27, 2019
    Assignee: Dell Products, L.P.
    Inventors: Abeye Teshome, Ricardo L. Martinez, Charles D. Robison, David Konetski, Girish S. Dhoble, Carlton A. Andrews
  • Patent number: 10395029
    Abstract: A computing device is described that comprises one or more hardware processors and a memory communicatively coupled to the one or more hardware processors. The memory comprises software that supports a software virtualization architecture, including (i) a virtual machine operating in a guest environment and including a process that is configured to monitor behaviors of data under analysis within the virtual machine and (ii) a threat protection component operating in a host environment. The threat protection component is configured to classify the data under analysis as malicious or non-malicious based on the monitored behaviors.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: August 27, 2019
    Assignee: FireEye, Inc.
    Inventor: Udo Steinberg
  • Patent number: 10397080
    Abstract: A network security system for wireless devices derives a fingerprint from the modulation imperfections of the analog circuitry of the wireless transceivers. These fingerprints may be compared to templates obtained when the wireless devices are initially commissioned in a secure setting and used to augment passwords or other security tools in detecting intruders on the network.
    Type: Grant
    Filed: May 19, 2017
    Date of Patent: August 27, 2019
    Assignee: Wisconsin Alumni Research Foundation
    Inventors: Vladimir Alexander Brik, Suman Banerjee
  • Patent number: 10389532
    Abstract: A method for message routing in a multi-tenant system includes encrypting an ID of a tenant with a public key that is generated for the tenant together with a corresponding private key; storing a set of the encrypted ID and the public key in both a device and a server of the multi-tenant system; transmitting from the device to the server a message comprising the set of the encrypted ID and the public key stored in the device; and detecting whether the message is directed toward a data store for the tenant by comparing the set comprised in the message and the set stored in the server.
    Type: Grant
    Filed: September 22, 2017
    Date of Patent: August 20, 2019
    Inventor: Jeff Melrose
  • Patent number: 10360390
    Abstract: Methods, systems, and articles of manufacture are provided for oblivious order preserving encryption. A method may include: traversing, by a cloud service provider, an order preserving encryption (OPE) tree based on a result of an oblivious comparison performed by a data owner and a data client, the OPE tree having nodes that each correspond to a ciphertext of data associated with the data owner, the ciphertext of the data being stored at the cloud service provider, and a relative position of the nodes within the OPE tree corresponding to an order that is present in the data associated with the data owner; and determining, based on the traversing of the OPE tree, an OPE encoding for an input value from the data client, the OPE encoding for the input value indicative of a position of a node corresponding to the input value within the OPE tree.
    Type: Grant
    Filed: December 14, 2016
    Date of Patent: July 23, 2019
    Assignee: SAP SE
    Inventors: Anselme Kemgne Tueno, Florian Kerschbaum
  • Patent number: 10356109
    Abstract: According to an example, security indicator linkage determination may include parsing input data that is used to determine a plurality of sequences of steps that are involved in attacks. A linkage selected from temporal, spatial, and/or behavioral linkages may be applied to the parsed input data to determine the plurality of sequences of steps. A security indicator that is related to a potential attack may be received. The plurality of sequences of steps may be used to determine whether the security indicator matches a step in one of the plurality of sequences of steps. In response to a determination that the security indicator matches a step in one of the plurality of sequences of steps, linkage between the security indicator and another security indicator from the one of the plurality of sequences of steps that are involved in the attacks may be identified.
    Type: Grant
    Filed: July 21, 2014
    Date of Patent: July 16, 2019
    Inventors: Anurag Singla, Edward Ross, Brian Frederik Hosea Che Hein
  • Patent number: 10348697
    Abstract: A portable encryption format wraps encrypted files in a self-executing container that facilitates transparent, identity-based decryption for properly authenticated users while also providing local password access to wrapped files when identity-based decryption is not available.
    Type: Grant
    Filed: April 14, 2016
    Date of Patent: July 9, 2019
    Assignee: Sophos Limited
    Inventors: Stefan Ortner, Andreas Berger, Vincent Vanbiervliet, Kenneth D. Ray
  • Patent number: 10341298
    Abstract: A technology is described for applying an encrypted customer security rule set to an application firewall. An example method may include obtaining an encrypted customer security rule from a shared data store for use by an application firewall that operates at an entry point to a computing service environment that utilizes security rules to monitor, filter, and manipulate network traffic. The customer encryption key used to decrypt the encrypted customer security rule in volatile computer memory may be obtained from a key data store and the encrypted customer security rule may be decrypted in the volatile computer memory using the customer encryption key, thereby forming a corresponding unencrypted customer security rule in the volatile computer memory. A volatile computer memory location containing the unencrypted customer security rule may be provided to the application firewall to enable the unencrypted customer security rule to be applied by the application firewall.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: July 2, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Kyle Adam Lichtenberg, Patrick Edward McDowell, Matthew Gordon Yanchyshyn
  • Patent number: 10334433
    Abstract: A communication system is provided in which multiple terminal devices form a group and at least one base station device assigns a channel to each group, so that communication from a terminal device included in a group assigned a channel to the other terminal devices included in the group is performed. In the communication system, a transmitting unit transmits information about authentication to a base station device before communication is started. A receiving unit receives, from a base station device, information about authentication status of at least another terminal device within the group.
    Type: Grant
    Filed: July 16, 2016
    Date of Patent: June 25, 2019
    Assignee: JVC KENWOOD Corporation
    Inventors: Tomoko Yaginuma, Ichiro Shishido, Shunichi Manabe, Masae Toko, Kazuya Tsukamoto
  • Patent number: 10320757
    Abstract: A secure repository receives and stores user data, and shares the user data with trusted client devices. The user data may be shared individually or as part of bundled data relating to multiple users, but in either case, the secure repository associates specific data with specific users. This association is maintained by the trusted client devices, even after the data is altered by processing on the client device. If a user requests a purge of their data, the system deletes and/or disables that data on both the repository and the client devices, as well as deleting and/or disabling processed data derived from that user's data, unless a determination has been made that the processed data no longer contains confidential information.
    Type: Grant
    Filed: June 6, 2014
    Date of Patent: June 11, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Hugh Evan Secker-Walker, Nitin Sivakrishnan
  • Patent number: 10311215
    Abstract: An authorized user obtains a packaging license that grants permission to use a particular recording device to generate multimedia content in accordance with specified license terms. The packaging license includes a content key that is used to encrypt the multimedia content at the point of capture on the recording device. The encrypted multimedia content can be transmitted via unsecure channels (for example, via electronic mail) to a networked content repository or an intended recipient. For playback, an authorized user obtains a playback license that grants permission to decrypt and playback the multimedia content using a particular playback device. An authorization server and a key management server are used to manage which users are entitled to receive a license, and to define the terms of the granted licenses. A record of the granted authorizations and licenses is maintained, thereby allowing access to a given content item to be audited.
    Type: Grant
    Filed: April 3, 2018
    Date of Patent: June 4, 2019
    Assignee: Adobe Inc.
    Inventors: Joseph Steele, John Landwehr
  • Patent number: 10282548
    Abstract: Systems and methods for detecting malicious content are provided. In an exemplary embodiment, a method for detecting malicious content is described that detects when a client device has access to a remote network server of a communication network. The client device includes one or more processors. Thereafter, a controller being a device separate from the client device, activates one or more security programs within the remote network server. The security programs enable the controller to analyze data stored within or transmitted from the remote network server. Lastly, the controller analyzing the data to determine whether the data includes malware.
    Type: Grant
    Filed: December 12, 2016
    Date of Patent: May 7, 2019
    Assignee: FireEye, Inc.
    Inventors: Ashar Aziz, Stuart Staniford, Muhammad Amin, Henry Uyeno, Samuel Yie
  • Patent number: 10268557
    Abstract: According to an embodiment, a network monitoring device that monitors a network includes a software storage and a controller. The software storage is configured to store software applied to a first electronic device connected to the network. The controller is configured to determine, in response to reception of verification result data indicating software verification failure from the first electronic device, whether a recovery condition determined in advance as a condition of recovering software in the first electronic device is satisfied, and perform a control of transmitting the software stored in the software storage to the first electronic device when it is determined that the recovery condition is satisfied.
    Type: Grant
    Filed: February 23, 2017
    Date of Patent: April 23, 2019
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Toshiyuki Kito, Takeshi Kawabata
  • Patent number: 10262130
    Abstract: A system and method for providing cryptographic operation service in a virtualization environment. In the system, a configuration subsystem provides an interface for an administrator and a common user to input information about a virtual cryptographic device. A key file storage subsystem stores a key file and protects it with the protection password. A virtual machine operating subsystem obtains a corresponding key file from the storage subsystem according to the input of the configuration subsystem, creates a virtual device for a guest virtual machine, and finally operates the guest virtual machine to provide cryptographic computing service for the guest virtual machine. Thus the administrator/the common user can specify a key file and input a protection password for a guest virtual machine via the corresponding interface to facilitate the creation of a virtual cryptographic device, and can manage the virtual cryptographic device in a user-friendly and centralized manner.
    Type: Grant
    Filed: October 22, 2015
    Date of Patent: April 16, 2019
    Inventors: Jingqiang Lin, Kaijie Zhu, Lingchen Zhang, Bo Luo, Quanwei Cai, Congwu Li, Jiwu Jing, Wuqiong Pan
  • Patent number: 10262157
    Abstract: One embodiment provides a method, including: tracking behavior of a user when the user is providing input to a permission request of an application, wherein the permission request comprises at least one application permission requesting access for the application to information accessible by an information handling device; identifying at least one undesired application permission, wherein the identifying comprises detecting, based upon the behavior of the user, that the user is uncomfortable with the at least one undesired application permission; determining whether another similar application, having a permission set the user is comfortable with, is available, wherein the determining comprises searching for applications similar to the application and filtering the similar applications by removing applications having a permission similar to the undesired application permission; and providing a recommendation, if there is another similar application, to the user, wherein the recommendation comprises the anothe
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: April 16, 2019
    Inventors: Rahul Rajendra Aralikatte, Vijay Ekambaram, Senthil Kumar Kumarasamy Mani, Giriprasad Sridhara
  • Patent number: 10263987
    Abstract: Techniques for sharing virtual machine (VM) resources are provided. A relative location for a resource within a VM is created; the relative location dynamically resolves to a particular physical location when a principal requests access to the resource at runtime. The principal is located outside an environment associated with the VM. Authentication and access restrictions are dynamically enforced against the requests made by the principal before a connection is permitted between the principal and the resource (the resource located within the environment of the VM).
    Type: Grant
    Filed: June 16, 2016
    Date of Patent: April 16, 2019
    Assignee: Micro Focus Software Inc.
    Inventors: Lloyd Leon Burch, Prakash Umasankar Mukkara, Douglas Garry Earl
  • Patent number: 10257178
    Abstract: Method and apparatus for creating a second unique identifier for a user in a second system based on a first unique identifier for a user in a first system. A first authentication process is initiated based on a first unique identifier associated with the user in the first system. Responsive to the user successfully authenticating during the first authentication process, the second unique identifier for a user in the second system is generated. The second unique identifier is based on user data associated with the first unique identifier in the first system, and the second unique identifier is different from the first unique identifier.
    Type: Grant
    Filed: October 15, 2015
    Date of Patent: April 9, 2019
    Assignee: Visa Europe Limited
    Inventors: Paul Michael Carpenter, Jonathan Paul Sumpster, Andrew Paul Thompson, Christopher Ian Abrathat, Jonathan Rusca, Jean-Christophe Gilbert Lacour, Michael Ronald Philpotts
  • Patent number: 10251055
    Abstract: A personal mobile device receives a session-request message requesting establishment an encrypted-audio session with a call-initiating device. In response, one or more call-response inquiries are presented via a user interface of the mobile device. The one or more call-response inquiries include an accessory-status inquiry with respect to an accessory to the mobile device. The mobile device receives, via the user interface, an accessory-unready indication with respect to the accessory, which is associated with the presented accessory-status inquiry. In response to receiving the accessory-unready indication, the mobile device establishes a communication link with the call-initiating device and refrains from exchanging audio data with the call-initiating device via the established communication link.
    Type: Grant
    Filed: February 6, 2018
    Date of Patent: April 2, 2019
    Assignee: NAGRAVISION S.A.
    Inventor: Bertrand Wendling