Patents Examined by Sarah Su
  • Patent number: 9973334
    Abstract: One embodiment of the invention includes a method, including performing, a symmetric homomorphic encryption of a secret SA with a cryptographic key H as input yielding a homomorphic encryption result SA*, sending SA* for mathematical combination by at least one device with at least one secret SB yielding G*, the device A not having access to SB, the at least one device not having access to SA and not having access to H, receiving G*, performing a symmetric homomorphic decryption of data based on G* with H as input yielding a first decrypted output, determining a symmetric cryptographic key KA based on the first decrypted output for secure communication with a first device which is operationally connected to, or includes, a tamper resistant security system including SA and SB therein, securing data using KA yielding secured data, and sending the secured data to the first device.
    Type: Grant
    Filed: March 13, 2016
    Date of Patent: May 15, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Eliphaz Hibshoosh, Aviad Kipnis, Andrew Sinton
  • Patent number: 9973491
    Abstract: One embodiment of the present invention provides a system that facilitates determining an identity of a third-party user in a Security Assertion Markup Language (SAML) implementation of a web-service. During operation, the system receives an SAML token profile web service request from the third-party user at the web-service. The system also receives a digital certificate designated by the SAML token profile web service request from the third-party user at the web-service. Next, the system analyzes the digital certificate to identify a third-party associated with the third-party user. The system then determines if the third-party is a trusted party. Next, the system receives one or more attributes associated with the third-party user at the web-service. The system then uses the attributes to identify the third-party user. Finally, the system performs a lookup in a user map to determine a user account that is associated with the third-party user.
    Type: Grant
    Filed: May 16, 2008
    Date of Patent: May 15, 2018
    Inventors: Rahul Joshi, Wellen Lau
  • Patent number: 9965525
    Abstract: Personal information related to calls is protected from disclosure. Mobile location data may be useful for profiling users of mobile devices. However, information related to calls may need protection from disclosure. Any mobile location data related to calls is thus excluded from profiling efforts.
    Type: Grant
    Filed: April 9, 2015
    Date of Patent: May 8, 2018
    Assignee: AT&T MOBILITY II LLC
    Inventors: Sheldon Kent Meredith, Mark Austin, Jeremy Fix
  • Patent number: 9960910
    Abstract: A system for creating protected functional descriptions of integrated circuits provides encrypted gate delay information preventing deduction of gate function from gate delay but allowing simulation of the integrated circuit with accurate propagation delay calculation. Individual gate delay values may be modified so that they obscure actual gate delays but so that the modified individual gate delays total to equal the actual cumulative gate delay along a given data propagation path.
    Type: Grant
    Filed: February 25, 2016
    Date of Patent: May 1, 2018
    Assignee: Wisconsin Alumni Research Foundation
    Inventors: Parameswaran Ramanathan, Kewal Saluja
  • Patent number: 9953189
    Abstract: Disclosed is a system for configuring a terminal by intercepting requests, such as Input/Output (IO) requests or registry requests, evaluating rules based on the intercepted requests during runtime, and performing actions based on the rule evaluations, such as passing the request through, redirecting the request, modifying the request, hiding resources, or performing other actions. The system can be implemented in one or more of the terminal's file system filter drivers and registry filter drivers.
    Type: Grant
    Filed: July 30, 2014
    Date of Patent: April 24, 2018
    Assignee: FSLOGIX, INC.
    Inventors: Randall R. Cook, Jeremy Hurren, Brian Mann, Kevin Goodman
  • Patent number: 9949118
    Abstract: When setting up communication from a user equipment UE (1), such as for providing IP access for the UE in order to allow it to use some service, information or an indication of at least one network property relating to a first network, e.g. the current access network (3, 3?), is sent to the UE from a node (13) in a second network such as the home network (5) of the subscriber of the UE. The information or indication can be sent in a first stage of an authentication procedure being part of the setting up of a connection from the UE. In particular, the network property can indicate whether the access network (3, 3?) is trusted or not.
    Type: Grant
    Filed: August 6, 2015
    Date of Patent: April 17, 2018
    Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
  • Patent number: 9948458
    Abstract: In response to at least one message received by a processor of a gateway server from a user device wherein each message requests that an encryption key be downloaded to the user device, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: April 17, 2018
    Assignee: International Business Machines Corporation
    Inventors: Jonathan M. Barney, Cataldo Mega, Edmond Plattier, Daniel Suski
  • Patent number: 9942758
    Abstract: A method and apparatus for providing radio communication with an electronic object in a local environment are disclosed. For example the method receives via a mobile endpoint device of a user at least one first digital certificate associated with the local environment from a trusted source, and a second digital certificate from the electronic device deployed in the local environment via a wireless connection. The method then authenticates the electronic device using the at least one first digital certificate and the second digital certificate.
    Type: Grant
    Filed: June 20, 2016
    Date of Patent: April 10, 2018
    Inventors: Thomas Killian, Byoung-Jo Kim, Christopher Rice, Nemmara K. Shankaranarayanan
  • Patent number: 9942272
    Abstract: Processing streaming data in accordance with policies that group data by source, enforce a maximum permissible late arrival value for streaming data, a maximum permissible early arrival for data and/or a maximum degree to which data can be out of order and still be compliant with the out of order policy is described. The correct starting point for reading a data stream so as to produce correct output from a given output start time can be enabled using the early arrival policy. Using combinations of policies, output can be generated promptly (with low latency). When input from a given source is not disrupted, output can be generated with low latency. Output can be generated even when the input stops by applying a late arrival policy.
    Type: Grant
    Filed: June 5, 2015
    Date of Patent: April 10, 2018
    Inventors: Zhong Chen, Lev Novik, Boris Shulman, Clemens A. Szyperski
  • Patent number: 9934508
    Abstract: The authenticity of a product associated with a host device is verified through a process. The product contains, in segments of a non-volatile memory, several different functions stored in ciphered fashion. The process involves, in a first phase, the sending by the host device of a control signal for executing a function, with the product functioning to decipher the function and store the unciphered function in the non-volatile memory. The process further involves, in a second phase, the sending by the host device of a control signal for causing execution of the deciphered function, with the product functioning to execute the function and send a result of this execution back to the host device. The host device evaluates the received result to verify product authenticity.
    Type: Grant
    Filed: June 16, 2014
    Date of Patent: April 3, 2018
    Inventors: Denis Farison, Fabrice Romain, Christophe Laurencin
  • Patent number: 9928355
    Abstract: An electronic device can include a processing device operatively connected to a biometric sensing device. The biometric sensing device may capture a biometric image each time a user interacts with the electronic device. When the user enters user identification data (UID) and a biometric image was recently captured, the biometric image is tagged with the UID. The user can access the electronic device and/or an application being accessed on the electronic device when a subsequently captured biometric image matches a tagged biometric image or an untagged biometric image that is assigned to a cluster that includes a tagged biometric image.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: March 27, 2018
    Assignee: Apple Inc.
    Inventor: Michael Boshra
  • Patent number: 9923874
    Abstract: A packet obfuscation method comprising receiving a data packet having a routing header portion and a payload portion, performing a first obfuscation on the routing header portion to generate an obfuscated routing header portion, performing a second obfuscation on at least the payload portion to generate an obfuscated payload portion, and combining the obfuscated routing header portion and the obfuscated payload portion to form an obfuscated packet. A packet forwarding method comprising obfuscating routing information using a packet obfuscation function, generating a plurality of forwarding rule entries in accordance with the obfuscated routing information, transmitting the plurality of forwarding rule entries to at least one network node in a network, transmitting the packet obfuscation function to at least one network node in the network, and transmitting a de-obfuscation function to at least one network node in the network.
    Type: Grant
    Filed: February 27, 2015
    Date of Patent: March 20, 2018
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Tao Wan, Peter Ashwood-Smith, Wen Tong
  • Patent number: 9917831
    Abstract: A method of authenticating a user of an image forming apparatus is provided that includes receiving, at the image forming apparatus, a one-time password (OTP) generating request, generating, at the image forming apparatus, an OTP according to the OTP generating request, receiving, at the image forming apparatus, an authentication request, from the host apparatus, including the OTP, and when the OTP received from the host apparatus matches the OTP generated according to the OTP generating request and absent a condition, approving an access to the image forming apparatus.
    Type: Grant
    Filed: July 29, 2014
    Date of Patent: March 13, 2018
    Inventor: Kwang-woo Lee
  • Patent number: 9917842
    Abstract: Systems and methods for normalization of physical interfaces having different physical attributes are provided. According to one embodiment, information regarding multiple network devices is presented to a network manager. The network devices have one or more different physical attributes. Two physical attributes of two network devices that are to be normalized and that are among the one or more different physical attributes are identified. The physical attributes are normalized by creating a virtual attributes to which both correspond. A policy applicable to the virtual attribute is received. Configuration files, in which policies or rules contained therein are implemented in terms of the virtual attribute, are created for the network devices while they are offline. Physical attribute configurations for the physical attributes are resolved during installation of the network devices by resolving references to the virtual attribute in the configuration files into the respective physical attributes.
    Type: Grant
    Filed: August 7, 2016
    Date of Patent: March 13, 2018
    Assignee: Fortinet, Inc.
    Inventors: Michael Xie, Langtian Du, Jun Li
  • Patent number: 9891810
    Abstract: Disclosed are various embodiments for facilitating collaboration among users for network-shared documents. A computing environment can identify that a particular identifier was used in a communication regarding a file being accessible on various client devices. A suitable task to perform in association with at least one of the plurality of client devices can be identified based on the identifier and a determination can be made whether performance of the task would comply with at least one compliance rule. In response to the performance of the task complying with the at least one compliance rule, the task can be performed.
    Type: Grant
    Filed: June 16, 2015
    Date of Patent: February 13, 2018
    Assignee: AirWatch LLC
    Inventors: Colleen Caporal, Gaurav Arora, Muhammad Abeer
  • Patent number: 9886565
    Abstract: A user input is received for accessing a page in an application. Page display element metadata is retrieved that defines how the display elements are related to other objects in the application. It is determined whether the user has license rights and user permissions to access the information represented by the related objects. If not, the display elements are removed, hidden or disabled and a remainder of the page is rendered.
    Type: Grant
    Filed: October 14, 2014
    Date of Patent: February 6, 2018
    Inventors: Brian Nielsen, Per Reitzel, Elly Nkya, Anders Larsen
  • Patent number: 9882920
    Abstract: Technologies are generally described for time-correlating administrative events within virtual machines of a datacenter across many users and/or deployments. In some examples, the correlation of administrative events enables the detection of confluences of repeated unusual events that may indicate a mass hacking attack, thereby allowing attacks kicking network signatures to be detected. Detection of the attack may also allow the repair of affected systems and the prevention of further hacking before the vulnerability has been analyzed or repaired.
    Type: Grant
    Filed: October 1, 2015
    Date of Patent: January 30, 2018
    Inventor: Ezekiel Kruglick
  • Patent number: 9881181
    Abstract: A device-installation-information distribution apparatus for distributing device installation information including a function of installing program on an information processing apparatus to enable the information processing apparatus to use a device over a network and a function of configuring operation settings of the program includes a distribution request obtaining unit configured to obtain a distribution request, which is transmitted from the information processing apparatus, requesting to distribute the device installation information, a device-installation-information update unit configured to obtain login information for use in logging into the information processing apparatus at a privilege authorized to install software based on the obtained distribution request and device installation information for the target device and update the device installation information by adding the login information to the device installation information, and a device-installation-information distribution unit configur
    Type: Grant
    Filed: June 16, 2015
    Date of Patent: January 30, 2018
    Assignee: RICOH COMPANY, LTD.
    Inventor: Toshio Akiyama
  • Patent number: 9848005
    Abstract: The present disclosure discloses a system and method for dynamically modifying role based access control for a client based on the activity. Generally, a client device is granted access to a network resource based on a first reputation score assigned to the client device. The activity of the client device is monitored. Responsive to monitoring the activity of the client device, a second reputation score is determined for the client device based on the activity. The access by the client device to the network resource is then modified to be granted based on the second reputation score.
    Type: Grant
    Filed: July 29, 2014
    Date of Patent: December 19, 2017
    Assignee: ARUBA NETWORKS, INC.
    Inventors: Ramesh Ardeli, Hari Krishna Kurmala
  • Patent number: 9838413
    Abstract: A method in a cloud-based security system includes operating a Domain Name System (DNS) resolution service, proxy, or monitor in the cloud-based security system; receiving DNS records with time-to-live (TTL) parameters; checking the TTL parameters for indication of a fast flux technique; and detecting domains performing the fast flux technique based on the DNS records. A cloud-based security system includes a plurality of nodes communicatively coupled to one or more users; and a Domain Name System (DNS) service providing a resolution service, proxy, or monitor in the cloud-based security system; wherein the DNS service is configured to receive DNS records with time-to-live (TTL) parameters; check the TTL parameters for indication of a fast flux technique; and detect domains performing the fast flux technique based on the DNS records.
    Type: Grant
    Filed: May 3, 2016
    Date of Patent: December 5, 2017
    Assignee: Zscaler, Inc.
    Inventor: Subbu Srinivasan