Patents Examined by Sarah Su
  • Patent number: 9374362
    Abstract: A method and apparatus for providing radio communication with an electronic object in a local environment are disclosed. For example the method receives via a mobile endpoint device of a user at least one first digital certificate associated with the local environment from a trusted source, and a second digital certificate from the electronic device deployed in the local environment via a wireless connection. The method then authenticates the electronic device using the at least one first digital certificate and the second digital certificate.
    Type: Grant
    Filed: December 5, 2014
    Date of Patent: June 21, 2016
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Thomas Killian, Byoung-Jo Kim, Christopher Rice, Nemmara K. Shankaranarayanan
  • Patent number: 9369493
    Abstract: Systems and method are provided in accordance with one or more processes that run within an operating system, in which a first process of the one or more processes is an agent that encodes instructions for obtaining an authentication token uniquely associated with the agent. The agent collects security information about a first computer system running the one or more processes according to one or more commands received from a remote security system. The collected information is transmitted to the remote security system on an encrypted communication channel between the agent and the remote security system using the authentication token. Executable instructions are received through the encrypted communication channel at the first computer from the remote server according to a security policy assigned to the agent. The received executable instructions are executed at the first computer system, thereby implementing the assigned security policy.
    Type: Grant
    Filed: June 22, 2015
    Date of Patent: June 14, 2016
    Assignee: CloudPassage, Inc.
    Inventors: Carson Sweet, Vitaliy Geraymovych
  • Patent number: 9363269
    Abstract: A method in a cloud-based security system includes operating a Domain Name System (DNS) resolution service, proxy, or monitor in the cloud-based security system; receiving DNS records with time-to-live (TTL) parameters; checking the TTL parameters for indication of a fast flux technique; and detecting domains performing the fast flux technique based on the DNS records. A cloud-based security system includes a plurality of nodes communicatively coupled to one or more users; and a Domain Name System (DNS) service providing a resolution service, proxy, or monitor in the cloud-based security system; wherein the DNS service is configured to receive DNS records with time-to-live (TTL) parameters; check the TTL parameters for indication of a fast flux technique; and detect domains performing the fast flux technique based on the DNS records.
    Type: Grant
    Filed: July 30, 2014
    Date of Patent: June 7, 2016
    Assignee: Zscaler, Inc.
    Inventor: Subbu Srinivasan
  • Patent number: 9363082
    Abstract: Provided is a cryptographic communication system including a first semiconductor device and a second semiconductor device. The first semiconductor device includes a common key generation unit that generates a common key CK(a) by using a unique code UC(a) and correction data CD(a), and an encryption unit that encrypts the common key CK(a) generated in the common key generation unit by using a public key PK(b) of the second semiconductor device. The second semiconductor device includes a secret key generation unit that generates a secret key SK(b) by using a unique code UC(b) and correction data CD(b), and a decryption unit that decrypts the common key CK(a) encrypted in the encryption unit by using the secret key SK(b).
    Type: Grant
    Filed: June 13, 2012
    Date of Patent: June 7, 2016
    Assignee: RENESAS ELECTRONICS CORPORATION
    Inventors: Shigemasa Shiota, Shigeru Furuta, Masayuki Hirokawa, Akira Yamazaki, Daisuke Oshida
  • Patent number: 9338412
    Abstract: A digital data signal, such as a digital video signal, is intentionally pre-distorted before being sent over a network. In one embodiment, this pre-distortion may be performed in accordance with a pre-distortion pattern or algorithm which is shared with only intended receivers. The pre-distortion pattern may be used to vary the pre-distortion on a periodic basis, as frequently as on a symbol-by-symbol basis. The pre-distortion function may include distorting the phase and/or the amplitude of the digital signal's modulation.
    Type: Grant
    Filed: July 1, 2014
    Date of Patent: May 10, 2016
    Assignees: Sony Corporation, Sony Electronics Inc.
    Inventors: Robert Hardacker, Kenichi Kawasaki
  • Patent number: 9317697
    Abstract: Embodiments related to processing of restricted-access data. An aspect includes receiving a request for data from a user by a storage system infrastructure comprising a centralized database that stores non-restricted access data and a local system that stores restricted-access data associated with a first set of areas or entities and comprising a federated database for providing a federated view, wherein the requested data comprises restricted-access first data and non-restricted access second data. Another aspect includes based on an association of the user, routing, by a routing entity, the request to the local system. Another aspect includes receiving the request at the at least one federated database of the local system. Another aspect includes retrieving from the federated database the restricted-access first data and the non-restricted access second data.
    Type: Grant
    Filed: January 25, 2013
    Date of Patent: April 19, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Albert Maier, Thomas Rech, Johannes Schuetzner, Volker Seemann
  • Patent number: 9313662
    Abstract: A method of protecting a telecommunication terminal having a chip-card-type personal component which is required for telecommunication network access. The terminal includes a processing unit, at least one operating memory element containing the information necessary to the operation of the terminal, i.e. a terminal operating program, and the data necessary to the program. The method involves: a) encrypting the contents of the operating memory element of the telecommunication terminal using a pre-determined key K which is necessary for decryption; and b) allowing the terminal to commence decryption once the terminal has been started with a start-up program that is saved in a secure memory element and once the key for decryption has been calculated by same.
    Type: Grant
    Filed: March 19, 2004
    Date of Patent: April 12, 2016
    Assignee: GEMALTO SA
    Inventors: Pascal Moitrel, Pascal Guterman, Philippe Proust, Laurent Sustek, Mireille Pauliac, Cedric Cardonnel
  • Patent number: 9306747
    Abstract: As individuals increasingly engage in different types of transactions they face a growing threat from, possibly among other things, identity theft, financial fraud, information misuse, etc. and the serious consequences or repercussions of same. Leveraging the ubiquitous nature of wireless devices and the popularity of (Short Message Service, Multimedia Message Service, etc.) messaging, an infrastructure that enhances the security of the different types of transactions within which a wireless device user may participate through a Second Factor Authentication facility. The infrastructure may optionally leverage the capabilities of a centrally-located Messaging Inter-Carrier Vendor.
    Type: Grant
    Filed: February 5, 2013
    Date of Patent: April 5, 2016
    Assignee: Sybase, Inc.
    Inventors: Dilip Sarmah, Kyle Warner Erickson, Rajat Mounendrababu Gadagkar
  • Patent number: 9306925
    Abstract: An image processing apparatus including: a first interface; a second interface configured to be connected with a server configured to perform user authentication; an image processing unit configured to execute a job including image processing; and a control device configured to: receive authentication information of a user via the first interface; transmit the received authentication information to the server via the second interface; execute a specific operation after receiving the authentication information, the specific operation being a part of the job; receive a result of the user authentication from the server after executing the specific operation; determine whether the user authentication by the server has been successful in accordance with the received result; and execute the rest of the job after completing the specific operation and determining that the user authentication has been successful.
    Type: Grant
    Filed: February 19, 2014
    Date of Patent: April 5, 2016
    Assignee: Brother Kogyo Kabushiki Kaisha
    Inventor: Hiroto Nakayama
  • Patent number: 9288608
    Abstract: Mobile devices often communicate with network services that require an account. Because it may be undesirable to require user interaction when creating an account, it may be desirable to automatically create an account associating a mobile device to a network service after a new application is installed on the mobile device. In an embodiment, a new application is remotely installed on a mobile device. After the installation, the device monitors itself for an occurrence of an event. In response to detecting the occurrence, the device launches the new application. After the launch, the new application automatically obtains data from the mobile device, and then sends the data to a server that automatically creates an account for the user. The server also provides a service associated with the account.
    Type: Grant
    Filed: November 25, 2014
    Date of Patent: March 15, 2016
    Assignee: Lookout, Inc.
    Inventors: David Richardson, Kevin Mahaffey, Jonathan Grubb
  • Patent number: 9268949
    Abstract: Systems and methods for protecting data being sent between a client and a server include the capability of defining programmable processing steps that are applied by the server when protecting the data and the same steps are applied by the client when unprotecting the data. The programmable processing steps can be defined uniquely for each client, and the programmable processing steps are selected from a number of functions using sequencing data that defines the processing steps. The programmable processing steps allow for each client to process encrypted data in a different manner and the programmable processing steps are defined by what is called a digital rights management (DRM) Sequencing Key, and as such the system and method introduces a key-able DRM whereby each DRM message can be processed in a unique (or pseudo unique) manner.
    Type: Grant
    Filed: July 1, 2013
    Date of Patent: February 23, 2016
    Assignee: Verimatrix, Inc.
    Inventors: Robert T. Kulakowski, Craig Mautner, James B. Fahy, Jeffrey Bronte, Greg Hutchins
  • Patent number: 9268945
    Abstract: Systems, methods, and apparatus, including computer program products, for detecting a presence of at least one vulnerability in an application. The method is provided that includes modifying instructions of the application to include at least one sensor that is configurable to generate an event indicator, wherein the event indicator includes at least some data associated with the event; storing the event indicator with other stored event indicators generated by the at least one sensor during the execution of the application; analyzing the stored event indicators; detecting a presence of at least one vulnerability in the application based on the analysis of the stored event indicators; and reporting the presence of at least one vulnerability.
    Type: Grant
    Filed: February 11, 2014
    Date of Patent: February 23, 2016
    Assignee: Contrast Security, LLC
    Inventors: Jeffrey Williams, Arshan Dabirsiaghi
  • Patent number: 9241005
    Abstract: A network device including a first and second processors. The first processor: receives first and second packets; and selects some of the second packets according to contents of the second packets and sampling criteria. The second processor operates in first and second modes. While operating in the first mode, the second processor learns a traffic pattern of the first packets through the network device. While operating in the second mode, the second processor compares a traffic pattern of the some of the second packets to the traffic pattern of the first packets to determine whether the second packets are associated with an attack on the network device. In response to determining the second packets are not associated with an attack on the network device, the second processor updates the patterns of the first packets based on a characteristic of the some of the second packets.
    Type: Grant
    Filed: February 24, 2014
    Date of Patent: January 19, 2016
    Assignee: Marvell International Ltd.
    Inventor: Michael Orr
  • Patent number: 9218492
    Abstract: A programmable display that is connected to a control apparatus controlling apparatuses and that functions as a user interface for the control apparatus, includes a display processing unit displaying, on a display unit, a screen and display objects arranged in the screen; and a storing unit storing, concerning each of a candidate screen, which is a candidate of the screen, and a candidate display object, which is a candidate of the display objects, setting security level information for specifying a level to which the candidate screen or the candidate display object belongs among levels obtained by ranking security in a horizontal division manner and setting security group information for specifying a group to which the candidate screen or the candidate display object belongs among groups obtained by dividing security in a vertical division manner over the levels.
    Type: Grant
    Filed: September 9, 2011
    Date of Patent: December 22, 2015
    Assignee: Mitsubishi Electric Corporation
    Inventor: Kengo Koara
  • Patent number: 9213842
    Abstract: An apparatus and related method to track data block operations in a cloud system are provided. Attributes associated with the data block operation may be attached to each individual data block targeted by the data block operation.
    Type: Grant
    Filed: August 17, 2011
    Date of Patent: December 15, 2015
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Chun Hui Suen, Peter Jagadpramana, Kok Leong Ryan Ko, Bu Sung Lee
  • Patent number: 9215070
    Abstract: A method is provided for cryptographic protection of an application associated with an application owner and executed in an external data processing center having a security module that stores private cryptographic material of the application owner. A first secure channel between the security module and application owner and a second secure channel between the application owner and the application are used for transmitting a cryptographic key. The cryptographic key is automatically made available to the secure module and the application via the secure channels, without the data processing center service operator being able to access said key. The application can authenticate itself using the key so that the cryptographic material can be transmitted to the application via a channel protected by the cryptographic key. The application data can be encrypted using the cryptographic material such that the application data cannot be accessed by the data processing center service operator.
    Type: Grant
    Filed: June 22, 2011
    Date of Patent: December 15, 2015
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Monika Maidl, Stefan Seltzsam
  • Patent number: 9197653
    Abstract: Technologies are generally described for time-correlating administrative events within virtual machines of a datacenter across many users and/or deployments. In some examples, the correlation of administrative events enables the detection of confluences of repeated unusual events that may indicate a mass hacking attack, thereby allowing attacks lacking network signatures to be detected. Detection of the attack may also allow the repair of affected systems and the prevention of further hacking before the vulnerability has been analyzed or repaired.
    Type: Grant
    Filed: June 5, 2012
    Date of Patent: November 24, 2015
    Assignee: Empire Technology Development LLC
    Inventor: Ezekiel Kruglick
  • Patent number: 9177175
    Abstract: A method for storing data items in a data repository that allows a client storing a data item to lose the ability to either retrieve the stored data item or enable its retrieval, while preserving controlled access to the stored data item indefinitely. The client storing the data item encrypts it using an encryption key that it creates, which may be derived from the content of the data item. The encryption key is also stored in the data repository in an encrypted form, with its encryption making use of a public key. The method allows storage space to be shared for identical data items encrypted and stored by independent clients of the data repository.
    Type: Grant
    Filed: March 30, 2010
    Date of Patent: November 3, 2015
    Assignee: Permabit Technology Corporation
    Inventors: Norman H. Margolus, Jered J. Floyd
  • Patent number: 9172684
    Abstract: A host computer adds a keycode to e-mail and a terminal unit leads an information gathering candidate to add reply information to the e-mail. When the host computer receives the e-mail to which reply information has been added, the host computer stores the reply information in one of data storage areas having a memory address corresponding to a memory address associated the keycode of the e-mail.
    Type: Grant
    Filed: September 6, 2013
    Date of Patent: October 27, 2015
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Shinichi Fujimoto, Hiroko Higuma, Ai Enomoto
  • Patent number: 9165125
    Abstract: Described is a method of distributing dynamic structured content from a server or a first communication device to another communication device, the method comprising: populating content fields with data elements to define the dynamic structured content; receiving an identification of an authorized subscriber; associating the authorized subscriber with the dynamic structured content; and, transmitting the dynamic structured content to a communication device associated with the authorized subscriber.
    Type: Grant
    Filed: June 13, 2012
    Date of Patent: October 20, 2015
    Assignee: MOBILEXTENSION INC.
    Inventors: Mehrdad (John) Zarei, Jonathan Hamilton