Patents Examined by Sarah Su
  • Patent number: 9838413
    Abstract: A method in a cloud-based security system includes operating a Domain Name System (DNS) resolution service, proxy, or monitor in the cloud-based security system; receiving DNS records with time-to-live (TTL) parameters; checking the TTL parameters for indication of a fast flux technique; and detecting domains performing the fast flux technique based on the DNS records. A cloud-based security system includes a plurality of nodes communicatively coupled to one or more users; and a Domain Name System (DNS) service providing a resolution service, proxy, or monitor in the cloud-based security system; wherein the DNS service is configured to receive DNS records with time-to-live (TTL) parameters; check the TTL parameters for indication of a fast flux technique; and detect domains performing the fast flux technique based on the DNS records.
    Type: Grant
    Filed: May 3, 2016
    Date of Patent: December 5, 2017
    Assignee: Zscaler, Inc.
    Inventor: Subbu Srinivasan
  • Patent number: 9830469
    Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from an application to obtain permission and identity information related to the monitored requests, wherein the monitoring includes obtaining a runtime stack from the application, storing the permission and identity information in a data file, determining for the application and a file of the set of files, privileges available to the application for the available authority based on the stored data file, determining a set of privileges needed by the application to access the file based on the stored data file, selecting privileges for a user of the application based on set of privileges needed by the application and the authority available to the application, and assigning the privileges for the user based on the selected privileges.
    Type: Grant
    Filed: October 31, 2016
    Date of Patent: November 28, 2017
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Mark J. Anderson, Carol S. Budnik, Anna P. Dietenberger, Scott Forstie, Brian J. Hasselbeck, Allen K. Mei, Ellen B. Streifel, Jeffrey M. Uehling
  • Patent number: 9826400
    Abstract: Various aspects directed towards a wearable identity manager system are disclosed. In a first aspect, an association status between a user and a wearable identity manager device is ascertained based on whether the wearable identity manager device is worn by the user, and motion data associated with a movement of the wearable identity manager device is monitored. Authentication data, which includes the motion data, is then transmitted based on the association status. In another aspect, an association status between a user and a wearable identity manager device is again determined based on whether the wearable identity manager device is worn by the user. Here, however, the wearable identity manager device is paired with a pairing device, and authentication data is transmitted to the pairing device based on the association status to facilitate a user authentication via the pairing device.
    Type: Grant
    Filed: July 28, 2014
    Date of Patent: November 21, 2017
    Assignee: QUALCOMM Incorporated
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 9807083
    Abstract: To provide for security and robustness in distribution of high value video content such as UHD video, a white list is provided that does not grant default access to content like a revocation listing does, but rather forces a software update on potentially compromised devices to bring them back into copy protection compliance, eliminating, e.g., the use of certain outputs that have been compromised. Prior to outputting content, a source device determines whether the receiving device is on a white list, whether the output is still valid, whether the version number of the receiving device is still valid, and that the receiving device does not have insecure outputs on which it could re-output content.
    Type: Grant
    Filed: June 5, 2015
    Date of Patent: October 31, 2017
    Assignee: Sony Corporation
    Inventors: Brant Candelore, Graham Clift, Steven Richman
  • Patent number: 9788205
    Abstract: As individuals increasingly engage in different types of transactions they face a growing threat from, possibly among other things, identity theft, financial fraud, information misuse, etc. and the serious consequences or repercussions of same. Leveraging the ubiquitous nature of wireless devices and the popularity of (Short Message Service, Multimedia Message Service, etc.) messaging, an infrastructure that enhances the security of the different types of transactions within which a wireless device user may participate through a Second Factor Authentication facility. The infrastructure may optionally leverage the capabilities of a centrally-located Messaging Inter-Carrier Vendor.
    Type: Grant
    Filed: March 24, 2016
    Date of Patent: October 10, 2017
    Assignee: SYBASE, INC.
    Inventors: Dilip Sarmah, Kyle Warner Erickson, Rajat Mounendrababu Gadagkar
  • Patent number: 9787720
    Abstract: Systems and methods of correlating accounts among a plurality of network assets using account lateral movement data is presented in the context of network security. In one embodiment a plurality of authentication audit logs are received from a plurality of assets; the plurality of authentication audit logs are correlated; and a notification is generated based on a comparison of correlation results and a database of permitted account associations.
    Type: Grant
    Filed: February 26, 2015
    Date of Patent: October 10, 2017
    Assignee: Rapid7, Inc.
    Inventors: Matthew Robert Hathaway, Samuel Adams, Jeff Myers, Steven Torance
  • Patent number: 9781111
    Abstract: An operation apparatus includes a communication section to communicate with an electronic apparatus capable of communicating, through a first transmission medium, with an accumulation apparatus capable of accumulating contents, the communication section communicating with the electronic apparatus through a second transmission medium, a content selection section to select a content to which a parental lock is to be set from among the contents accumulated in the accumulation apparatus, a release key setting section to set a key for releasing the parental lock for the content selected, a storage section to associate identification information of the content selected with the key set by the release key setting section and stores the identification information and the key associated with each other, and a parental lock notification section to notify the accumulation apparatus in which the content is accumulated of the identification information of the content to which the parental lock is set.
    Type: Grant
    Filed: February 28, 2014
    Date of Patent: October 3, 2017
    Assignee: Saturn Licensing, LLC
    Inventor: Nanami Miki
  • Patent number: 9767322
    Abstract: A method of protecting information in a data storage device is provided. The method includes receiving, in the data storage device, encrypted data via a host computer in which the data storage device is employed. The encrypted data is then decrypted, and re-encrypted, in the data storage device, either before storage or just before data is transferred back to the host computer. The decryption and re-encryption (transcription) is performed substantially independently of the host computer. In addition, a data storage device, readable by a computer system, for implementing the above method for protecting information is provided.
    Type: Grant
    Filed: August 28, 2014
    Date of Patent: September 19, 2017
    Assignee: Seagate Technology LLC
    Inventors: Laszlo Hars, Robert H Thibadeau
  • Patent number: 9762576
    Abstract: In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.
    Type: Grant
    Filed: February 26, 2009
    Date of Patent: September 12, 2017
    Assignee: Phonefactor, Inc.
    Inventor: Steve Dispensa
  • Patent number: 9754098
    Abstract: A policy tip or end user notification is provided for data loss prevention in collaborative environments. A document interactivity application detects an action or trigger by an end user that affects a document. The document is processed, through a classification engine and a unified policy engine, with policies based on the action to detect a matched policy. A policy tip associated with the matched policy is identified and displayed on the display device in association with the document.
    Type: Grant
    Filed: February 26, 2015
    Date of Patent: September 5, 2017
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Yu Li, Richard Wesley Holley, Srivalli Chavali, Jack Kabat, Leif Brenne, Serguei Martchenko, Mark Mullins, Mashuri Libman
  • Patent number: 9749136
    Abstract: The disclosure relates to processing content with watermarks to generate watermarked versions. In some aspects, each version may be different. Groups of fragments may be combined to generate a unique stream by pulling fragments from two or more of the groups of fragments. Further, fragmenting may be performed before watermarking, and fragments may be pulled and watermarked upon request.
    Type: Grant
    Filed: February 24, 2012
    Date of Patent: August 29, 2017
    Assignee: Comcast Cable Communications, LLC
    Inventors: John Leddy, James W Fahrny, Allen Broome, Michael A. Chen
  • Patent number: 9741022
    Abstract: A web service platform to improve end-user engagement in a captive audience environment. Mobile and web-based clients allow application users to authorize and approve usage of entitlements of other users, including their children, based upon preconfigured rules and the proximity between the user requesting and the user approving authorization to use the entitlement.
    Type: Grant
    Filed: February 26, 2015
    Date of Patent: August 22, 2017
    Assignee: BLAZER AND FLIP FLOPS, INC.
    Inventors: Benjamin Harry Ziskind, Joshua David Bass, Scott Sebastian Sahadi
  • Patent number: 9742565
    Abstract: Provided are a method and system for backing up a private key in an electronic signature token, the method comprising: a first electronic signature token and a second electronic signature token negotiate an encryption strategy and a corresponding decryption strategy to use for communication therebetween; the first electronic signature token utilizes the encryption strategy to encrypt a request data packet and transmits the encrypted request data packet; the second electronic signature token decrypts the encrypted request data packet; the second electronic signature token utilizes the encryption strategy to encrypt a response data packet and transmits the encrypted responses data packet; and the first electronic signature token utilizes the decryption strategy to decrypt the response data packet, and acquires a private key from the response data packet.
    Type: Grant
    Filed: April 18, 2014
    Date of Patent: August 22, 2017
    Assignee: Tendyron Corporation
    Inventor: Dongsheng Li
  • Patent number: 9734091
    Abstract: Remote load and update card emulation support may include providing emulation support for an emulated card by executing a command set from command sets that include an encrypted read write command set that uses a secure communication read write (SCRW) key, a plain read write command set that uses a plain communication read write (PCRW) key, and an encrypted read command set that uses a secure communication read only (SCR) key.
    Type: Grant
    Filed: October 14, 2014
    Date of Patent: August 15, 2017
    Assignee: ACCENTURE GLOBAL SERVICES LIMITED
    Inventors: Viresh Veerasangappa Kadi, Veena Sudhakar Padiyar, Manigandan Km
  • Patent number: 9716691
    Abstract: A security server receives a request of a user to activate a secure communications channel over the network and, in response, transmits an activation code for delivery to the user via another network. The security server receives an activation code from the user network device via the network, compares the received activation code with the transmitted activation code to validate the received activation code, and activates the secure communications channel based on the validation. The security server next receives a query including a question for the user from an enterprise represented on the network, transmits the received enterprise query to the user network device via the secure communications channel, and receives, from the user network device via the secure communications channel, a user answer to the transmitted enterprise query. The security server then transmits the received user answer to the enterprise to further authenticate the user to the enterprise.
    Type: Grant
    Filed: June 7, 2012
    Date of Patent: July 25, 2017
    Assignee: Early Warning Services, LLC
    Inventors: Peter George Tapling, Andrew Robert Rolfe, Ravi Ganesan, Sally Sheward
  • Patent number: 9712398
    Abstract: A messaging system enables client applications to send and receive messages. The messaging system includes independent component programs performing different functions of the messaging system, such as connection managers that maintain network connections with the client applications, a message router that sends received messages to recipient applications through network connections, and a dispatcher that authenticates other component programs. A messaging server may authenticate client applications using certificate-based authentication (e.g., private and public keys), authentication transfer from another trusted messaging server, or other methods (e.g., user name and password). To authenticate a component program, the dispatcher compares instantiation information (e.g., user identity, process identifier, creation time) of the component program provided by the operating system with instantiation information saved in a shared memory at the time of the component program's instantiation.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: July 18, 2017
    Assignee: BlackRock Financial Management, Inc.
    Inventors: Elliot Hamburger, Jonathan S. Harris, Jeffrey A. Litvin, Sauhard Sahi, John D. Valois, Ara Basil, Randall B. Fradin
  • Patent number: 9705849
    Abstract: Technologies for distributed detection of security anomalies include a computing device to establish a trusted relationship with a security server. The computing device reads one or more packets of at least one of an inter-virtual network function network or an inter-virtual network function component network in response to establishing the trusted relationship and performs a security threat assessment of the one or more packets. The computing device transmits the security threat assessment to the security server.
    Type: Grant
    Filed: October 13, 2014
    Date of Patent: July 11, 2017
    Assignee: Intel Corporation
    Inventors: Kapil Sood, Mesut A. Ergin, John R. Fastabend, Shinae Woo, Jeffrey B. Shaw, Brian J. Skerry
  • Patent number: 9705882
    Abstract: The present invention discloses methods and systems for managing a node through a management server. The management server verifies whether a management confirmation has been received and allows a second user group to manage the node if the management confirmation is received. If the management confirmation is not received by the management server, the second user group is not allowed to manage the node through the management server.
    Type: Grant
    Filed: June 13, 2014
    Date of Patent: July 11, 2017
    Assignee: PISMO LABS TECHNOLOGY LIMITED
    Inventors: Ho Ming Chan, Kit Wai Chau
  • Patent number: 9705853
    Abstract: A method is to detect a message compatible with the OTA (Over The Air) standard and affected by a wrong ciphering. The method may include receiving the ciphered OTA message; deciphering the OTA message; and reading a counter field of padding bytes in the deciphered OTA message and reading corresponding padding bytes in the OTA message deciphered. The method may also include detecting at least one bit in at least one of the padding bytes of the OTA message deciphered, with the at least one bit being indicative of the wrong ciphering.
    Type: Grant
    Filed: October 27, 2014
    Date of Patent: July 11, 2017
    Assignee: STMICOELECTRONICS S.R.L.
    Inventors: Agostino Vanore, Vitantonio Distasio
  • Patent number: 9680643
    Abstract: A system for securely transmitting data includes a control device and at least one security module. The control device is configured for producing a cryptographic key using a physically unclonable function (PUF). The at least one security module is configured for communicating with the control device at least one of confidentially and authentically using the cryptographic key. The control device has no storage for storing the cryptographic key. The control device includes at least one hardware device that is configured for providing a specific feature combination. The control device also includes a calculation unit that is configured for producing the cryptographic key using the specific feature combination and the physically unclonable function (PUF).
    Type: Grant
    Filed: August 1, 2012
    Date of Patent: June 13, 2017
    Assignee: Siemens Aktiengesellschaft
    Inventor: Bernd Meyer