Patents Examined by Sameera Wickramasuriya
  • Patent number: 10540498
    Abstract: Technologies for hardware assisted native malware detection include a computing device. The computing device includes one or more processors with hook logic to monitor for execution of branch instructions of an application, compare the monitored branch instructions to filter criteria, and determine whether a monitored branch instruction satisfies the filter criteria. Additionally, the computing device includes a malware detector to provide the filter criteria to the hook logic, provide an address of a callback function to the hook logic to be executed in response to a determination that a monitored branch instruction satisfies the filter criteria, and analyze, in response to execution of the callback function, the monitored branch instruction to determine whether the monitored branch instruction is indicative of malware. Other embodiments are also described and claimed.
    Type: Grant
    Filed: August 12, 2016
    Date of Patent: January 21, 2020
    Assignee: Intel Corporation
    Inventors: Xiaoning Li, Ravi L. Sahita, David M. Durham
  • Patent number: 10536557
    Abstract: A method, apparatus, and computer program product are provided to implement a customized caching strategy which optimizes the implementation based on usage patterns. In the context of a method a client request for a service is intercepted and an authentication check is performed for the client request based on cached data. In an instance in which the authentication check succeeds, the method performs an authorization check for the client request based on the cached data. In an instance in which the authorization check succeeds, the method forwards the client request for the service to the service. A corresponding apparatus and a computer program product are also provided.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: January 14, 2020
    Assignee: HERE Global B.V.
    Inventors: Gopalakrishna Raghavan, Kalyan Kotamarthi
  • Patent number: 10530566
    Abstract: Input signals may be received. Furthermore, a control signal controlling the implementation of a Differential Power Analysis (DPA) countermeasure may be received. One of the input signals may be transmitted as an output signal based on the control signal. A cryptographic operation may be performed based on the first output signal that is transmitted based on the control signal.
    Type: Grant
    Filed: April 21, 2016
    Date of Patent: January 7, 2020
    Assignee: Cryptography Research, Inc.
    Inventors: Christopher Gori, Pankaj Rohatgi
  • Patent number: 10515221
    Abstract: An information processing apparatus, equipped with a processor for controlling the information processing apparatus and a storage device, has an encryption unit that encrypts or decrypts data stored in the storage device and data read from the storage device, and determines whether or not the encryption unit is mounted on the same circuit board as a control unit, and changes processing for detecting whether or not a connection between the encryption unit and the control unit is disconnected in accordance with the determination result.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: December 24, 2019
    Assignee: Canon Kabushiki Kaisha
    Inventor: Tomohiro Akiba
  • Patent number: 10382450
    Abstract: Network data obfuscation is disclosed. For example, an obfuscation driver is initialized in an endpoint device connected to an obfuscation gateway over a secure connection by collaboratively generating a unique machine identifier of the endpoint device. An obfuscated communication session is established between the obfuscation driver and the obfuscation gateway. Obfuscated messages including obfuscation seeds, de-obfuscation instructions and message payloads are exchanged between the obfuscation driver and the obfuscation gateway. Obfuscating and de-obfuscating a given message includes reordering a plurality of message segments of the message based on the de-obfuscation instructions. A de-obfuscated message from the obfuscation driver is forwarded to an application, and a response is obfuscated by the obfuscation gateway before being transmitted to the obfuscation driver.
    Type: Grant
    Filed: February 21, 2017
    Date of Patent: August 13, 2019
    Assignee: Sanctum Solutions Inc.
    Inventor: Noel Shepard Stephens
  • Patent number: 10341096
    Abstract: Various technologies for performing discrete-variable (DV) quantum key distribution (QKD) with integrated electro-optical circuits are described herein. An integrated DV-QKD system uses Mach-Zehnder modulators (MZMs) to modulate a polarization of photons at a transmitter and select a photon polarization measurement basis at a receiver. A transmitter of a DV-QKD system further uses phase shifters to correct for non-idealities of the MZM in output provided to a polarization beam splitter. A receiver of a DV-QKD system can use phase shifters between a polarization beam splitter and an MZM to correct for non-idealities of the polarization beam splitter and the MZM on the receiver side.
    Type: Grant
    Filed: October 10, 2016
    Date of Patent: July 2, 2019
    Assignee: National Technology & Engineering Solutions of Sandia, LLC
    Inventors: Anthony L. Lentine, Christopher DeRose, Paul Davids, Hong Cai
  • Patent number: 10326841
    Abstract: A server determines a status of a client device, wherein if the client device violates the compliance rule, the server accesses a device record established by the server for the client device. The device record comprises data specifying an operating system executing on the client device. The server determines whether the client device lacks an application native to the operating system of the client device with a programming interface that supports direct communication with the at least one computing device for remotely initiating execution of the native application. The server initiates execution of a computer-readable file on the client device in response to determining that the client device lacks the native application, where the computer-readable file comprises a routine for restricting access to a hard disk storage device of the client device without user interaction.
    Type: Grant
    Filed: June 7, 2016
    Date of Patent: June 18, 2019
    Assignee: VMware Inc.
    Inventors: Chase Bradley, Kevin Jones
  • Patent number: 10289821
    Abstract: A biometric authentication method includes determining a first similarity between first biometric data and first registration data; determining a second similarity between second biometric data and second registration data; performing authentication based on the first similarity and the second similarity; and updating the first registration data based on the first biometric data in response to the first similarity being greater than an authentication reference value corresponding to the first similarity and the second similarity being greater than an update reference value corresponding to the second similarity.
    Type: Grant
    Filed: July 21, 2016
    Date of Patent: May 14, 2019
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Jungbae Kim, Kyuhong Kim, Jaejoon Han
  • Patent number: 10261919
    Abstract: In one example in accordance with the present disclosure, a method may include receiving, by a processor on a system on a chip (SoC), a request to encrypt a subset of data accessed by a process. The method may also include receiving, at a page encryption hardware unit of the SoC, a system call from an operating system on behalf of the process, to generate an encrypted memory page corresponding to the subset of data. The method may also include generating, by the page encryption hardware unit, an encryption/decryption key for the first physical memory address. The encryption/decryption key may not be accessible by the operating system. The method may also include encrypting, by the page encryption hardware unit, the subset of data to the physical memory address using the encryption/decryption key and storing, by the page encryption hardware unit, the encryption/decryption key in a key store.
    Type: Grant
    Filed: July 8, 2016
    Date of Patent: April 16, 2019
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Geoffrey Ndu, Fraser John Dickin
  • Patent number: 10250586
    Abstract: Implementations for managing mobile devices associated with enterprise operations include actions of receiving a request to access information regarding a mobile application for download to and installation on a mobile device of a user, the request including an enterprise identifier, receiving a tenant-specific configuration based on the identifier, the tenant-specific configuration including criteria for mobile applications to be available for download to and installation on mobile devices associated with the enterprise, transmitting a request for a list of available mobile applications to an application and certification database, the request including the tenant-specific configuration, receiving the list of available mobile applications, which includes a subset of mobile applications of a superset of mobile applications, the subset of mobile applications being provided based on the tenant-specific configuration, and providing graphical representations of each mobile application in the list of available mob
    Type: Grant
    Filed: December 8, 2015
    Date of Patent: April 2, 2019
    Assignee: SAP SE
    Inventors: Achim D. Brucker, Michael Herzberg
  • Patent number: 10230712
    Abstract: Systems and methods to enable on-the-fly modification of running processes on a webserver more quickly and efficiently are discussed herein. A code vault is used to store binaries for use in production code running on a server, which are downloaded and implemented in the running process when authorized by developers. The process retrieves the binaries from the code vault to deploy the modifications to a specified audience without having to re-instantiate or run a parallel process with the new binaries. Binaries for different audiences or subsequent experiments may be downloaded onto the same machine, but remain isolated. Control of the deployments may require multi-factor or multi-user authentication and are logged for change control.
    Type: Grant
    Filed: September 12, 2016
    Date of Patent: March 12, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: David Scott Retterath, Zackaria Adel Ali, Arye Gittelman, Steven Li
  • Patent number: 10172000
    Abstract: Pre Shared Keys (“PSK”) for application and data session security are generated using application authentication secret values stored in a SIM device/card. The SIM internally uses the secret values as inputs to a security algorithm engine, but the secret values are not accessible outside of the SIM. The application authentication secret values cannot be used to authenticate the SIM, or a device that includes the SIM, to a communication network. Rather, symmetric keys and keying material are generated for use by applications outside of the standard and conventional wireless networking uses of a SIM device. Updated PSKs are generated at different network endpoints such that the PSKs are generated individually and separately at the endpoints; the ‘preshared’ keys are not actually shared. Thus, a client endpoint and a server endpoint, or an endpoint associated with the server, independently generate the same PSK without the PSK being transmitted between the endpoints.
    Type: Grant
    Filed: July 8, 2016
    Date of Patent: January 1, 2019
    Assignee: M2MD TECHNOLOGIES, INC.
    Inventor: Charles M. Link, II
  • Patent number: 10158991
    Abstract: Pre Shared Keys (“PSK”) for application and data session security are generated using application authentication secret values stored in a SIM device/card. The SIM internally uses the secret values as inputs to a security algorithm engine, but the secret values are not accessible outside of the SIM. The application authentication secret values cannot be used to authenticate the SIM, or a device that includes the SIM, to a communication network. Rather, symmetric keys and keying material are generated for use by applications outside of the standard and conventional wireless networking uses of a SIM device. Updated PSKs are generated at different network endpoints such that the PSKs are generated individually and separately at the endpoints; the ‘preshared’ keys are not actually shared. Thus, a client endpoint and a server endpoint, or an endpoint associated with the server, independently generate the same PSK without the PSK being transmitted between the endpoints.
    Type: Grant
    Filed: April 28, 2016
    Date of Patent: December 18, 2018
    Assignee: M2MD TECHNOLOGIES, INC.
    Inventor: Charles M. Link, II
  • Patent number: 10135867
    Abstract: Disclosed is a computerized system for dynamically updating a honeypot computer environment. The system typically includes a processor, a memory, and a honeypot management module stored in the memory. The system for is typically configured for: creating a honeypot environment within a computer network, the honeypot environment comprising a software application, wherein the computer network has one or more other environments, the honeypot environment being isolated from the other environments of the computer network; receiving an update to the software application for implementation in at least one of the other environments of the computer network; and, based on receiving the update to the software application for implementation in at least one of the other environments of the computer network, automatically implementing the update to the software application within the honeypot environment.
    Type: Grant
    Filed: December 8, 2015
    Date of Patent: November 20, 2018
    Assignee: Bank of America Corporation
    Inventor: Sounil Yu
  • Patent number: 10102152
    Abstract: A method includes generating a set of virtual-machine-specific (VMS) encryption keys for a dedicated virtual machine, storing the set of VMS encryption keys in a protected memory, storing a first look-up table in the protected memory, and replacing an encryption key stored in a crypto unit with at least one VMS encryption key of the set of VMS encryption keys in an operation mode where the dedicated virtual machine is executed by a processor. The protected memory is selectively excluded from access by operating systems executable on a computer system. The look-up table being accessible only by firmware of the computer system.
    Type: Grant
    Filed: April 11, 2016
    Date of Patent: October 16, 2018
    Assignee: International Business Machines Corporation
    Inventors: Christine Axnix, Ute Gaertner, Jakob C. Lang, Angel Nunez Mencias
  • Patent number: 9967266
    Abstract: A digital content system enables users of the content system to access, view and interact with digital content items in a safe, efficient and enjoyable online environment. The content system pre-filters an image content item and determines whether the content item is suspicious of having unsafe content, e.g., nudity and pornography. For example, the content system pre-filters an image content item based on the source of the image content item. A content item from a source known for providing safe content is determined to be safe. The content system determines an image content item to be safe if the content item matches a content item known to be safe or if the content item contains less than a threshold amount of human skin. The content system may further verify the content of the image content item with a verification service and takes remedial actions based on the verification result.
    Type: Grant
    Filed: November 9, 2015
    Date of Patent: May 8, 2018
    Assignee: Flipboard, Inc.
    Inventors: Meng Guo, David Zachary Creemer
  • Patent number: 9967097
    Abstract: The embodiments herein provide a method for converting data in an electronic device. The method includes determining a plurality of parameters associated with a user and a zone. Further, the method includes generating a key using the plurality of parameters associated with the user and the zone. Further, the method includes converting the data in the electronic device from a first format to a second format using the key. Further, the method includes performing at least one action on the data in the second format.
    Type: Grant
    Filed: November 5, 2015
    Date of Patent: May 8, 2018
    Assignee: BRillio LLC
    Inventors: Venkat Kumar Sivaramamurthy, Karthik Gopalakrishnan Vinmani, Renji Kuruvilla Thomas, Puneet Gupta, Gaurav Jain