Patents Examined by Shewaye Gelagay
  • Patent number: 10326781
    Abstract: Some embodiments of cloud-based gateway security scanning have been presented. In one embodiment, some data packets are received sequentially at a gateway device. The data packets constitute at least a part of a file being addressed to a client machine coupled to the gateway device. The gateway device forwards an identification of the file to a remote datacenter in parallel with forwarding the data packets to the client machine. The datacenter performs signature matching on the identification and returns a result of the signature matching to the gateway device. The gateway device determining whether to block the file from the client machine based on the result of the signature matching from the datacenter.
    Type: Grant
    Filed: January 26, 2017
    Date of Patent: June 18, 2019
    Assignee: SONICWALL INC.
    Inventors: Aleksandr Dubrovsky, Senthilkumar G. Cheetancheri, Boris Yanovsky
  • Patent number: 10320796
    Abstract: The claimed subject matter provides a method for securing a partner service. The method can include receiving a request, wherein the request comprises a unique value, to access the partner service, wherein the request is received from a browser client for a partner application and determining that a user is authorized to access the partner application, the partner application generating a token that associates the user with the partner application. The method can also include generating a signature for the token, the signature to enable the partner service to independently regenerate the signature, the token comprising an identifier for the partner application enabling the partner service to detect which partner application generates the token and sending the token with the signature to the browser client.
    Type: Grant
    Filed: May 28, 2015
    Date of Patent: June 11, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Eric Wai Ho Lau, Zhaowei Charlie Jiang, Ronald H. Jones, Jr., Derrick Isaacson, Ralph E. Lemke, Peter Wu
  • Patent number: 10313304
    Abstract: A system for regulating dynamic implementation of exceptions in an onboard network firewall includes a client application interface receptive to a data link request from a client device. An onboard connectivity manager includes a firewall interface connected to the onboard network firewall to request the exceptions in response to a connection authorization, a client presence manager receptive to the data link request relayed by the client application interface from the client device, and a network load manager in communication with the firewall interface and the client presence manager. A remote connectivity manager is connected to a remote application service and is in communication with the onboard connectivity manager. The network load manager generates the connection authorization to the firewall interface in response to the connection authorization request and an evaluation of one or more access grant conditions.
    Type: Grant
    Filed: March 16, 2016
    Date of Patent: June 4, 2019
    Inventors: James A. Haak, Kwok Liang Poo
  • Patent number: 10303863
    Abstract: Systems and methods are provided which allow for motion-based authentication of a user using magnified motion. Very small or imperceptible motions of a user may be captured and magnified to determine characteristics of the motions that may be used as a motion-based credential for user authentication. The motions, which may be very small and imperceptible to an observer, may be difficult for potential attackers to observe and copy, but may be useful when magnified.
    Type: Grant
    Filed: December 2, 2015
    Date of Patent: May 28, 2019
    Assignee: PayPal, Inc.
    Inventor: Geoffrey W. Chatterton
  • Patent number: 10284885
    Abstract: A method and system for protecting video and image files processes from original files to detect skin tones of persons appearing in the media. Pixels determined to contain skin tones are blurred or blacked out, and the pixel locations and their original color values are stored in a metadata file. The metadata file is encrypted and stored with the redacted video file. Thereafter, when an authorized person wants to see an unredacted version of the video, the system decrypts the metadata and reconstituted the video, replacing the redacted pixels with their original color values, and inserting a unique watermark into the video that identifies the requesting person. The watermarked video is then provided to the requesting person.
    Type: Grant
    Filed: January 30, 2017
    Date of Patent: May 7, 2019
    Assignee: NOA, Inc.
    Inventors: Jaime A. Borras, Siddharth Roheda
  • Patent number: 10275590
    Abstract: A computer system supports secondary authentication mechanism for authentication of a user, where the computer system may provide a variety of services including financial, scientific, academic, or governmental services. The computer system utilizes a multiphase distributed trust model in which the user is authenticated based on distributed trust of a set of randomly selected trusted contacts from a large set of trusted contacts initially chosen during an enrollment phase. During the authentication phase, a subset of contacts (affirmers) is selected from the contact list. The computer system then provides additional authentication information to each of the affirmers who subsequently share the information with the user. The user then provides this information from the computer system in order to complete the secondary authentication.
    Type: Grant
    Filed: September 27, 2016
    Date of Patent: April 30, 2019
    Assignee: Bank of America Corporation
    Inventors: Pinak Chakraborty, Nagasubramanya Lakshminarayana, Harigopal K. B. Ponnapalli
  • Patent number: 10257221
    Abstract: Techniques for selective sinkholing of malware domains by a security device via DNS poisoning are provided. In some embodiments, selective sinkholing of malware domains by a security device via DNS poisoning includes intercepting a DNS query for a network domain from a local DNS server at the security device, in which the network domain was determined to be a bad network domain and the bad network domain was determined to be associated with malware (e.g., a malware domain); and generating a DNS query response to the DNS query to send to the local DNS server, in which the DNS query response includes a designated sinkholed IP address for the bad network domain to facilitate identification of an infected host by the security device.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: April 9, 2019
    Assignee: Palo Alto Networks, Inc.
    Inventors: Huagang Xie, Taylor Ettema
  • Patent number: 10218497
    Abstract: A hybrid AES-SMS4 hardware accelerator is described. A System on Chip implementing a hybrid AES-SMS4 hardware accelerator may include a processor core and a single hardware accelerator coupled to the processor core, the single hardware accelerator to encrypt or decrypt data. The single hardware accelerator may include a first block cipher to encrypt or decrypt the data according to a first encryption algorithm and a second block cipher to encrypt or decrypt the data according to a second encryption algorithm. The accelerator may further include a combined substitution box (Sbox) coupled to the first block cipher and the second block cipher, the combined Sbox comprising logic to perform Galois Field (GF) multiplications and inverse computations, wherein the inverse computations are common to the first block cipher and the second block cipher.
    Type: Grant
    Filed: August 31, 2016
    Date of Patent: February 26, 2019
    Assignee: Intel Corporation
    Inventors: Vikram Suresh, Sudhir Satpathy, Sanu Mathew
  • Patent number: 10200377
    Abstract: In one implementation, a server receives a request from a client device to access a user account, wherein the user account provides access to one or more credentials associated with the user. The server determines that the client device is not associated with the user account and prompts the user to provide a biometric identification of the user. The server then receives data representing the biometric identification of the user from the client device. The server determines that the data representing the biometric identification of the user matches a biometric profile of the user associated with the user account. In response to the determination, the server associates the client device with the user account, such that the user is enabled to access the user account, and the associated one or more credentials, from the client device.
    Type: Grant
    Filed: September 29, 2015
    Date of Patent: February 5, 2019
    Assignee: MicroStrategy Incorporated
    Inventors: Hector Vazquez, Gang Chen
  • Patent number: 10158491
    Abstract: A Qualified Electronic Signature (QES) system configured to exchange data with first processing means of the requester configured to allow a requester to generate requests requesting a qualified electronic signature through said system to a recipient. The system comprises second processing means of the recipient configured to allow the recipient of the request to sign with his qualified electronic signature.
    Type: Grant
    Filed: April 8, 2013
    Date of Patent: December 18, 2018
    Inventor: Antonio Salvatore Piero Vittorio Bonsignore
  • Patent number: 10153905
    Abstract: Techniques for electronically signing DNS records stored in a zone file for an internet DNS zone are presented. The techniques include electronically accessing a plurality of DNS resource records of a DNS zone stored on one or more DNS servers of a distributed DNS database; generating a plurality of leaf nodes from the plurality of DNS resource records; constructing a recursive hash tree from the plurality of leaf nodes, where the recursive hash tree includes a plurality of nodes including a root node and the plurality of leaf nodes, where each node of the plurality of nodes includes either a leaf node or a hash of data including child nodes; storing the root node in a DNS key resource record for a zone signing key for the zone; and publishing, in a DNS resource record signature resource record, validation data including path data from the recursive hash tree.
    Type: Grant
    Filed: December 4, 2015
    Date of Patent: December 11, 2018
    Assignee: VERISIGN, INC.
    Inventor: Burton S. Kaliski, Jr.
  • Patent number: 10142311
    Abstract: Devices between which packets are transmitted and received include mutually corresponding packet counters. The same random number value is given to the packet counters as their initial values and the packet counters are updated with packet transmission/reception. The transmission-side device generates a MAC value, draws out part thereof on the basis of a counted value of its own packet counter, sets it as a divided MAC value, generates a packet by adding the value to a message and transmits the packet onto a network. The reception-side device generates a MAC value on the basis of the message in the received packet, draws out part thereof on the basis of a counted value of its own packet counter, compares the part with the divided MAC value in the received packet and thereby performs message authentication.
    Type: Grant
    Filed: December 10, 2015
    Date of Patent: November 27, 2018
    Inventor: Daisuke Oshida
  • Patent number: 10142296
    Abstract: Systems and methods of cryptographically protecting location data transferred between servers via a network to tune a location engine are described herein. A first encryption module determines a first hash value for each location determination, encrypts the first hash value for each location determination using a first encryption protocol to generate a first encrypted data set, and transmits the first encrypted data set to a server. The first encryption module receives, from the server, a second encrypted data set with second hash values generated by a second encryption module of the server using a second encryption protocol. The first encryption module creates a first double encrypted data set from the second encrypted data set. A tuner compares the first double encrypted data set with a second double encrypted data set received from the server to adjust the location engine.
    Type: Grant
    Filed: February 12, 2016
    Date of Patent: November 27, 2018
    Assignee: Google LLC
    Inventors: Mahyar Salek, Philip McDonnell, Amin Charaniya, Shobhit Saxena
  • Patent number: 10122724
    Abstract: Concepts and technologies disclosed herein are for detecting and managing unauthorized use of cloud computing services from within an internal network of a business or other organization. A computer system may be configured to identify a plurality of Web resources that have been accessed by computing devices from within the internal network. The computer system may also be configured to obtain Internet protocol (“IP”) information from a network component of the internal network. The IP information may be used to determine whether each of the plurality of Web resources is a cloud computing service resource. The computer system may also be configured to block access to a cloud computing service resource of the plurality of Web resources upon determining that the IP information identifies the cloud computing service resource as being unauthorized.
    Type: Grant
    Filed: November 30, 2015
    Date of Patent: November 6, 2018
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Flemming Elleboe, Luis Francisco Albisu, Joseph Bentfield, Janet Kerns, Jonathan Sheriffs
  • Patent number: 10091651
    Abstract: Techniques for remote authentication using reconfigurable boson samplers are provided. In one aspect, a method for remote authentication includes the steps of: providing an input photon configuration for an optical transmission network; receiving a response including measured output quantum photon coincidence frequencies from the optical transmission network based on the input photon configuration; comparing the measured output quantum photon coincidence frequencies to output quantum photon coincidence probabilities calculated for the optical transmission network; and verifying the response if the measured output quantum photon coincidence frequencies matches the output quantum photon coincidence probabilities calculated for the optical transmission network with less than a predetermined level of error, otherwise un-verifying the response. A verification system including an optical transmission network is also provided.
    Type: Grant
    Filed: December 7, 2015
    Date of Patent: October 2, 2018
    Assignee: International Business Machines Corporation
    Inventor: Jason S. Orcutt
  • Patent number: 10025915
    Abstract: A method including receiving sensed information corresponding to a contact signature of a user holding a device, generating a contact signature from the sensed information, comparing the contact signature to a library of contact signatures, and authenticating the user based on the comparison to provide access to functions on the device.
    Type: Grant
    Filed: December 5, 2013
    Date of Patent: July 17, 2018
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Aaron Michael Stewart, Jeffrey E. Skinner, Lance Warren Cassidy, James Stephen Rutledge
  • Patent number: 10021565
    Abstract: The present disclosure describes an integrated full and partial shutdown application programming interface. Embodiments herein disclosed include receiving an indication that a mobile device of a user is compromised. Further embodiments identify one or more applications associated with the mobile device and remotely access the mobile device to perform a switch-off of the one or more applications. The switch-off may include logging the user out of the one or more applications before removing the one or more applications from the mobile device.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: July 10, 2018
    Assignee: Bank of America Corporation
    Inventors: Alicia C. Jones-McFadden, Elizabeth S. Votaw
  • Patent number: 9998444
    Abstract: Disclosed are various embodiments for correlating a first use case-specific entity identifier with a second use case-specific entity identifier. A chained entity identifier corresponds to the first use case-specific entity identifier. The chained entity identifier can include the second use case-specific entity identifier cryptographically wrapped by a use case-specific key. The second use case-specific entity identifier can be received from the chained entity identifier. The second use case-specific entity identifier can be correlated to the first use case-specific entity identifier.
    Type: Grant
    Filed: March 10, 2017
    Date of Patent: June 12, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Jesper Mikael Johansson, Darren Ernest Canavor, Daniel Wade Hitchcock, Bharath Kumar Bhimanaik, Jon Arron McClintock
  • Patent number: 9986276
    Abstract: Provided are an authentication system and a method of operating the authentication system. The authentication system allows network cameras to authenticate an image storage device as a client. The authentication system includes an authentication preprocessing unit provided in the client to calculate and store an offset time representing a difference between time information of the client and time information that is received from a network camera in response to a time information request to the network camera, and an authentication processing unit provided in the network camera to authenticate the client by receiving authentication information including the offset time from the client in response to an authentication request of the client.
    Type: Grant
    Filed: January 27, 2014
    Date of Patent: May 29, 2018
    Assignee: Hanwha Techwin Co., Ltd.
    Inventor: Sujith Kunhi Raman
  • Patent number: 9979698
    Abstract: Local internet functionality may allow host devices positioned in branch office locations to securely communicate outgoing internet traffic directly over the internet. Local internet functionality may also allow said host devices to securely receive incoming internet traffic through the creation and tracking of local internet sessions. Local internet functionality is achieved by forwarding egress internet traffic over a local internet virtual pathway extending to a WAN interface/port of a local host device. The WAN interface/port is configured to communicate traffic received over the local internet virtual pathway directly over the internet, while communicating all other egress traffic over secure tunnels of the virtual edge router. The WAN interface/port is further configured to monitor outgoing local internet traffic to create and track local internet sessions.
    Type: Grant
    Filed: June 24, 2015
    Date of Patent: May 22, 2018
    Assignee: iPhotonix
    Inventors: Lance Arnold Visser, Son Thanh Tran, Russell Wiant