Patents Examined by Sarah Su
-
Patent number: 10620241Abstract: A packet intercept system includes probes along the field area network. A portion of the probes are mobile probes configured to receive and process a global positioning system signal. Intercepting by the mobile probes includes implementing a global positioning tag in each packet in the traffic data stream intercepted by the mobile probes, the global positioning tag includes a timestamp and global positioning system coordinates, derived from the global position system signal. The packet intercept system backhauls the traffic data stream to an additional network that is distinct from the field area network. Processors on the additional network obtain the traffic data stream and process the stream into a live traffic data stream by ordering each packet intercepted by the mobile probes in the processed live traffic data stream, based on the timestamp. The processors analyze the processed live traffic data stream.Type: GrantFiled: July 3, 2017Date of Patent: April 14, 2020Assignee: Perspecta Labs Inc.Inventors: Stanley Pietrowicz, Jason Youzwak, John Haluska, James L. Dixon
-
Patent number: 10616270Abstract: An optimization apparatus collects cyber attack information that is information related to a cyber attack, and system information that is information related to an entire system including a device that has received the cyber attack. Based on the collected cyber attack information and system information, the optimization apparatus identifies an attack route of the cyber attack, and extracts, as dealing point candidates, devices that are on the attack route and have an effective dealing function against the cyber attack. Subsequently, the optimization apparatus selects a dealing point from the extracted dealing point candidates by using optimization logic that has been set.Type: GrantFiled: November 5, 2015Date of Patent: April 7, 2020Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Bo Hu, Toshiharu Kishi, Hideo Kitazume, Takaaki Koyama, Yukio Nagafuchi, Yasuhiro Teramoto
-
Patent number: 10609033Abstract: An access determination management system obtains information regarding various different entities in a system (e.g., a networked environment) and what rights or privileges those entities have. An entity, also referred to herein as a principal, can be a user, a computing device, a group of users, a group of computing devices, or a service. The rights or privileges that an entity has includes, for example, whether administrative privileges are available to the entity, whether a particular program can be executed, whether an entity is a member of another entity, and so forth. The access determination management system uses the obtained information to generate and display a graph of the environment. The graph of the environment includes the different objects as well as links between the objects that indicate rights or privileges one object has with respect to another.Type: GrantFiled: December 19, 2018Date of Patent: March 31, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Blake R. Hutchinson, Jesse Shi-Yuan Ou, Ambrose Y.W. Leung, Brandon A. Chalk, Robert J. Mooney, III
-
Patent number: 10608815Abstract: A method for securely communicating digital content includes steps of: (1) receiving data from a plurality of key sources; (2) retrieving a plurality of data sets from the data, each one of the plurality of data sets comprising a plurality of data units; (3) extracting a plurality of selected data units from the plurality of data units; (4) generating a custom key using the plurality of selected data units; (5) encrypting content using the custom key; and (6) transmitting encrypted content.Type: GrantFiled: December 11, 2017Date of Patent: March 31, 2020Assignee: The Boeing CompanyInventors: Wayne R. Howe, Jeffrey H. Hunt
-
Patent number: 10601807Abstract: Computer systems and methods are provided in which an agent executive running concurrent with a security module, when initially executed, obtains an agent API key from a user. This key is communicated to a grid computer system. An agent identity token, generated by a cryptographic token generation protocol when the API key is valid, is received from the grid and stored in a secure data store associated with the agent executive. Information that evaluates the integrity of the agent executive is collected using agent self-verification factors. The information, encrypted and signed with a cryptographic signature, is communicated to the grid. Commands are obtained from the grid by the agent executive to check the security, compliance, and integrity of the computer system. Based on these check results, additional commands are obtained by the grid by the agent executive to correct security, compliance, and integrity problems and/or to prevent security comprises.Type: GrantFiled: June 18, 2018Date of Patent: March 24, 2020Assignee: CloudPassage, Inc.Inventors: Carson Sweet, Amit Gupta
-
Patent number: 10592922Abstract: Systems and methods for identifying fraudulent Internet traffic are provided. A tracking script is provided that generates a unique URL encoding an IP address of a client device. In order to find an IP address associated with the unique URL, a request for the IP address associated with the unique URL is received at a DNS resolver server from a DNS server upstream from the client device. The IP address of the client device, the DNS server upstream from the client device and the DNS resolver server in a database are correlated to obtain information about the Internet traffic to determine the likelihood that the traffic is fraudulently generated.Type: GrantFiled: September 11, 2017Date of Patent: March 17, 2020Assignee: NS8, Inc.Inventor: Adam Rogas
-
Patent number: 10587610Abstract: A method for authorization management in an arrangement having multiple computer systems is disclosed.Type: GrantFiled: January 29, 2016Date of Patent: March 10, 2020Assignee: CISC SEMICONDUCTOR GMBHInventors: Markus Pistauer, Manfred Jantscher, Stephan Gether
-
Patent number: 10574672Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive data related to execution of a sandboxed process, determine if a high privileged process was created by the sandboxed process, and block the sandboxed process from executing if the high privileged process was created by the sandboxed process and the data indicates the sandboxed process is attempting a sandbox bypass attack. In an example, the high privileged process was created by the sandboxed process if a resource folder is associated with a sandbox folder. In another example, the high privileged process was created by the sandboxed process if a resource folder was created by a broker process in response to a request by the sandboxed process.Type: GrantFiled: July 1, 2016Date of Patent: February 25, 2020Assignee: McAfee, LLCInventors: Xiaoning Li, Haifei Li, Bing Sun, Lu Deng
-
Patent number: 10574628Abstract: A system and method is described for protecting applications against malicious URL links by identifying a final destination. The system and method also includes enabling a user process to directly connect to the final destination, bypassing the original URL altogether; thereby bypassing the hacker's ability to use that URL to programmatically send the application to a malicious site.Type: GrantFiled: July 10, 2019Date of Patent: February 25, 2020Inventor: Michael C. Wood
-
Patent number: 10546132Abstract: In one implementation, a static analysis system can include an operator engine to identify a modification operation on a string based on a structural comparison of program code to a static analysis rule, a label engine to maintain a label with the string based on the static analysis rule, and a sink engine to identify that the label denotes a string property and provide an analysis message associated with the string property based on the label.Type: GrantFiled: September 30, 2014Date of Patent: January 28, 2020Assignee: MICRO FOCUS LLCInventors: Alvaro Munoz, Yekaterina O'Neil
-
Patent number: 10542042Abstract: The APPARATUSES, METHODS AND SYSTEMS FOR A SECURE RESOURCE ACCESS AND PLACEMENT PLATFORM (“SRAP PLATFORM”) provides a secure supporting infrastructure within a corporate network framework and applications based thereon for use and placement of corporate resources. A non-trusted device may be authorized to access and use corporate resources, and the corporate network server may manage the placement of resources via the SRAP PLATFORM.Type: GrantFiled: December 18, 2018Date of Patent: January 21, 2020Assignee: Goldman Sachs & Co. LLCInventors: Harpreet Singh Labana, Yair Israel Kronenberg, Brian J. Saluzzo
-
Patent number: 10540663Abstract: The authenticity of a product associated with a host device is verified through a process. The product contains, in segments of a non-volatile memory, several different functions stored in ciphered fashion. The process involves, in a first phase, the sending by the host device of a control signal for executing a function, with the product functioning to decipher the function and store the unciphered function in the non-volatile memory. The process further involves, in a second phase, the sending by the host device of a control signal for causing execution of the deciphered function, with the product functioning to execute the function and send a result of this execution back to the host device. The host device evaluates the received result to verify product authenticity.Type: GrantFiled: February 20, 2018Date of Patent: January 21, 2020Assignee: STMicroelectronics (Rousset) SASInventors: Denis Farison, Fabrice Romain, Christophe Laurencin
-
Patent number: 10536266Abstract: Apparatus and method for managing entropy in a cryptographic processing system. In some embodiments, a first block of conditioned entropy is generated from at least one entropy source. The first block of conditioned entropy is subjected to a first cryptographic process to generate cryptographically secured entropy which is stored in a memory. The cryptographically secured entropy is subsequently retrieved from the memory and subjected to a second cryptographic process to generate a second block of conditioned entropy, which is thereafter used as an input in a third cryptographic process such as to encrypt or decrypt user data in a data storage device. The first cryptographic process may include an encryption algorithm to generate ciphertext and a hash function to generate a keyed digest value, such as an HMAC value, to detect tampering with the ciphertext by an attacker. The second cryptographic process may decrypt or further encrypt the ciphertext.Type: GrantFiled: May 2, 2017Date of Patent: January 14, 2020Assignee: Seagate Technology LLCInventor: Timothy J. Courtney
-
Patent number: 10511606Abstract: It can be difficult to manage assets, particularly when determining ownership of assets. Systems and methods for facilitating identification of ownership of an asset include identifying an asset (e.g., an item capable of being owned), identifying one or more actors (e.g., an entity capable of owning an asset), and identifying interactions between the asset and each actor. The systems and methods additionally apply a decay factor to the identified interactions to cause a reduction in the significance of the identified interactions between the asset and each actor and produce an asset ownership score for each actor based on the decay-modified interactions. The resulting asset ownership score for each actor is provided to an entity in a fashion that allows the entity to identify a comparative likelihood that each actor is a potential owner of the asset.Type: GrantFiled: June 30, 2017Date of Patent: December 17, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Samuel Terrence Trim, Patricia Anne Donnellan, Eliyohu Aron Inger, Keying Li, Praneeth Reddy Vatti, Yan Guo, Senthil Vel Gunasekaran, Nagarjuna Aravapalli, Neeta Vinod Atal, Priyatham Reddy Allala, Stephen Robert White, Xiaoming Wang, Michael Gordon Hale, Jason Drew Black
-
Patent number: 10511585Abstract: Techniques are provided for smoothing discretized values used, for example, for authentication or identity assurance. An illustrative method comprises obtaining at least one probability of transitioning between at least two discretized values of a given feature; computing a smoothed feature score for the given feature for a transition from a first one of the discretized values to a second one of the discretized values based on the probability of the transition from the first discrete value to the second discrete value; and performing one or more of authenticating a user and verifying an identity of a user based at least in part on the smoothed feature score. The probabilities of transitioning between the discretized values are optionally stored in a transition matrix. Feature scores for first and second discretized values are optionally weighted based on the probability of the transition from the first discrete value to the second discrete value.Type: GrantFiled: April 27, 2017Date of Patent: December 17, 2019Assignee: EMC IP Holding Company LLCInventors: Shay Amram, Carmit Sahar, Anatoly Gendelev, Idan Achituve
-
Patent number: 10503909Abstract: In remediating a computer vulnerability, operations to be performed to correct the vulnerability are identified. Remediation processors are scheduled to perform the operations. Whether the vulnerability has been corrected is determined by: determining whether the operations have been performed successfully; and determining whether the operations have been performed by authorized remediation processors.Type: GrantFiled: October 31, 2014Date of Patent: December 10, 2019Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LPInventors: Peter Schmidt, Jeff Kalibjian
-
Patent number: 10492069Abstract: Described herein are techniques for selecting a subset of access points. In an example, a wireless access point stores a plurality of unique keys, each unique key being associated with a respective device. The access point advertises a first service set identifier, the first service set identifier requiring authentication of a device requesting connection at a remotely located authentication server. The access point monitors a connection to the remotely located authentication server, and, in response to the connection going down, advertising a second service set identifier, the second service set identifier requiring authentication of a device requesting connection using the unique key associated with the device requesting connection.Type: GrantFiled: September 30, 2014Date of Patent: November 26, 2019Assignee: Hewlett Packard Enterprise Development LPInventors: Anil Gupta, Mili Hoxha, Souvik Sen
-
Patent number: 10489251Abstract: Implementations may obtain a backup from a first storage system accessible outside a local area network (LAN). The backup may be stored on a second storage system inaccessible outside the LAN. An authorized backup user may be authenticated and the backup may be copied from the to a third storage system accessible outside the LAN.Type: GrantFiled: November 18, 2014Date of Patent: November 26, 2019Assignee: Hewlett Packard Enterprise Development LPInventor: Valentin Anders
-
Patent number: 10491404Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions configured to be executed by a processor. The code includes code to cause the processor to receive, at a first compute device, (1) a message signed using a signature associated with a derived private key of a second compute device, and (2) an identifier. The code further includes code to cause the processor to retrieve, using the identifier, an ascendant public key associated with the second compute device. The code further includes code to cause the processor to generate, using a key derivation function with the ascendant public key and the identifier as inputs, a derived public key that is paired with the derived private key. The code further includes code to cause the processor to authenticate the second compute device by verifying the signature using the derived public key.Type: GrantFiled: May 8, 2019Date of Patent: November 26, 2019Assignee: Hotpyp, Inc.Inventor: Kelly Bryant Yamamoto
-
Patent number: 10482240Abstract: An anti-malware device 50 includes: a risk information storage unit 51 in which risk information 510 is stored, in which there are associated a value indicating an attribution of an information processing device 60 for executing software 600, a value indicating an attribution of the software 600, and a value that indicates the degree of risk when the software 600 is executed; a subject attribution collection unit 53 for collecting the value indicating the attribution of the information processing device 60; an object attribution collection unit 54 for collecting the value indicating the attribution of the software 600; and a determination unit 55 for determining that the software 600 is malware when the value indicating the degree of risk obtained by comparing the risk information 510 and the values collected by the subject attribution collection unit 53 and object attribution collection unit 54 satisfies a criterion.Type: GrantFiled: January 21, 2016Date of Patent: November 19, 2019Assignee: NEC CORPORATIONInventor: Masaru Kawakita