Patents Examined by Stephen Gundry
  • Patent number: 10171250
    Abstract: A client device may provide, to a host device, a request to access a website associated with a host domain. The client device may receive, based on the request, verification code that identifies a verification domain and a resource, associated with the verification domain, to be requested to verify a public key certificate. The verification domain may be different from the host domain. The client device may execute the verification code, and may request the resource from the verification domain based on executing the verification code. The client device may determine whether the requested resource was received, and may selectively perform a first action or a second action based on determining whether the requested resource was received. The first action may indicate that the public key certificate is not valid, and the second action may indicate that the public key certificate is valid.
    Type: Grant
    Filed: July 25, 2017
    Date of Patent: January 1, 2019
    Assignee: Juniper Networks, Inc.
    Inventor: Kyle Adams
  • Patent number: 10154082
    Abstract: Methods and systems are presented for accessing customer relationship management (CRM) information stored in a carrier system associated with a user of an identified client device. A client device is identified based on client device identification information received from a carrier system. CRM information associated with the identified client device is received from the carrier system, and data corresponding to at least a subset of the CRM information is output to the client device. The client device may be configured to pre-populate data fields of a transaction based on the data corresponding to at least a subset of the CRM information.
    Type: Grant
    Filed: August 12, 2014
    Date of Patent: December 11, 2018
    Assignee: Danal Inc.
    Inventors: Atreedev Banerjee, James Pardue
  • Patent number: 10129031
    Abstract: A variety of mechanisms to perform End-to-End authentication between entities having diverse capabilities (E.g. processing, memory, etc.) and with no prior security associations are used. Security provisioning and configuration process is done such that appropriate security credentials, functions, scope and parameters may be provisioned to an Entity. Mechanisms to distribute the security credentials to other entities which could then use the credentials to perform an End-to-End authentication at the Service Layer or the Session Layer and using Direct or Delegated modes are developed.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: November 13, 2018
    Assignee: Convida Wireless, LLC
    Inventors: Vinod Kumar Choyi, Dale N. Seed, Catalina M. Mladin, Chonggang Wang
  • Patent number: 10116672
    Abstract: A method for detecting distributed denial-of-service (DDoS) attacks is provided. Current aggregated flow information for a defined period of time is analyzed. It is determined whether network flow increased above a defined flow threshold value to a second data processing system connected to a network within the defined period of time based on analyzing the current aggregated flow information. In response to determining that the network flow has increased above the defined flow threshold value to the second data processing system connected to the network within the defined period of time, it is determined that the second data processing system is under a DDoS attack.
    Type: Grant
    Filed: November 14, 2017
    Date of Patent: October 30, 2018
    Assignee: International Business Machines Corporation
    Inventors: Kuo-Chun Chen, Chih-Hung Chou, Wei-Hsiang Hsiung, Sheng-Tung Hsu
  • Patent number: 10116671
    Abstract: A system and computer program product for detecting distributed denial-of-service (DDoS) attacks is provided. Current aggregated flow information for a defined period of time is analyzed. It is determined whether network flow increased above a defined flow threshold value to a second data processing system connected to a network within the defined period of time based on analyzing the current aggregated flow information. In response to determining that the network flow has increased above the defined flow threshold value to the second data processing system connected to the network within the defined period of time, it is determined that the second data processing system is under a DDoS attack.
    Type: Grant
    Filed: September 28, 2017
    Date of Patent: October 30, 2018
    Assignee: International Business Machines Corporation
    Inventors: Kuo-Chun Chen, Chih-Hung Chou, Wei-Hsiang Hsiung, Sheng-Tung Hsu
  • Patent number: 10104090
    Abstract: Access to a module element within a first module by a second module is prohibited if the module element within the first module has not been exposed to the second module. If a particular module element within a first module has been exposed to a second module, then access to the particular module element by the second module may or may not be allowed depending on: (a) whether the particular module element has been declared with a public or non-public access modifier, (b) whether a second exposed module element, which includes the particular module element, has been declared with a public or non-public access modifier, (c) a level of access associated with the operation that attempts to access the particular module element of the first module, and/or (d) whether an accessibility override configuration is set for accessing the particular module element.
    Type: Grant
    Filed: September 8, 2015
    Date of Patent: October 16, 2018
    Assignee: Oracle International Corporation
    Inventors: Alexander R. Buckley, Mark B. Reinhold, Alan Bateman, Paul Sandoz, Chris Hegarty
  • Patent number: 10083302
    Abstract: According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and identify the content as including malware if the delay exceed a first time period.
    Type: Grant
    Filed: December 29, 2016
    Date of Patent: September 25, 2018
    Assignee: FireEye, Inc.
    Inventors: Sushant Paithane, Michael Vincent, Sai Vashisht, Darien Kindlund
  • Patent number: 10083321
    Abstract: Systems and method for alerting a user device based on a proposed anonymization of a contribution to a conversation thread via one or several location-based anonymization rules are disclosed herein. The system can include a user device that can have location-determining features that can determine a physical location of the user device; a network interface that can exchange data with a server via a communication network; and an I/O subsystem that can convert electrical signals to user-interpretable outputs in a user interface. The system can include a server that can: receive a contribution from the user device; determine an anonymization level for applying to the contribution; identify a potential identifier in the content of the contribution; anonymize the potential identifier according to the determined anonymization level; and generate and provide an alert to the user device.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: September 25, 2018
    Assignee: PEARSON EDUCATION, INC.
    Inventors: Sean A. York, Scott A. Hellman, James Wyatt, Marko Rodriguez, Steven H. Hill
  • Patent number: 10078526
    Abstract: Some embodiments provide a method for securing a managed forwarding element (MFE) that operates within a data compute node (DCN) executing in a host machine. The method receives, from the MFE, a message to increase a local counter value by a first number when the MFE sends the first number of packets to a network interface controller (NIC). The method receives, from the NIC, a second number that indicates a total number of packets that the NIC has received from the MFE. The method compares the received second number with the local counter value after increasing the local counter value by the first number. The method determines that the DCN is under a malicious attack when the local counter value does not match the second number.
    Type: Grant
    Filed: November 30, 2015
    Date of Patent: September 18, 2018
    Assignee: NICIRA, INC.
    Inventor: Donghai Han
  • Patent number: 10050786
    Abstract: A method allows a random sample of a large population of voters to cast votes and for both the unpredictability/un-manipulability of the sample selection and the integrity of the tally to be verified by any interested parties using public information. The problem of vote selling is addressed. Also, a variant allows voters to remain substantially anonymous.
    Type: Grant
    Filed: January 13, 2017
    Date of Patent: August 14, 2018
    Inventor: David Chaum
  • Patent number: 10049194
    Abstract: A control system for controlling access to a protected function of an information device is disclosed. The control system includes a communication device configured to communicate with the information device entering an area. The control system also includes a database configured to store a relationship between the information device and a registered user. The control system further includes a control computer communicably coupled to the communication device. The control computer is configured to identify a user entering the area with the information device. The control computer is also configured to determine whether or not to permit access to the protected function based on the identified user and the registered user for the information device. The control computer is further configured to control the information device via the communication device so as to unlock or lock the protected function based on a result of determination whether or not to permit access.
    Type: Grant
    Filed: November 27, 2015
    Date of Patent: August 14, 2018
    Assignee: International Business Machines Corporation
    Inventors: Tohru Hasegawa, Yutaka Oishi, Masao Takayama
  • Patent number: 10044685
    Abstract: Embodiments include method, systems and computer program products for securing enterprise data in a mobile computing environment. Aspects include receiving, by an application disposed on a mobile computing device, a request to access the enterprise data stored on the mobile computing device in an encrypted format and determining whether the mobile computing device is in communication with an enterprise network. Based on determining that the mobile computing device is in communication with the enterprise network, aspects include transmitting a decryption request to an encryption application disposed on the enterprise network, receiving the enterprise data in an unencrypted format from the enterprise network and granting access to the enterprise data in an unencrypted format to the application. Based on a determination that the mobile computing device is not communication with the enterprise network, aspects also include denying the request to access the enterprise data.
    Type: Grant
    Filed: March 10, 2016
    Date of Patent: August 7, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Mohammad Abdirashid, Frank J. Degilio
  • Patent number: 10044717
    Abstract: A real-time plugin command-driven administrative control interface is provided that implements direct real-time command-driven control of operational functionality of application server plugins deployed at a group of application servers. One of request-level application server functionality and server-level application server functionality of at least one of the group of application servers is changed by issuing a real-time application-server plugin command received from the real-time plugin command-driven administrative control interface to a deployed application server plugin.
    Type: Grant
    Filed: August 29, 2016
    Date of Patent: August 7, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Peter D. Birk, Gordan G. Greenlee, Richard J. McCarty
  • Patent number: 10038551
    Abstract: Embodiments include method, systems and computer program products for securing enterprise data in a mobile computing environment. Aspects include receiving a request to access the enterprise data stored on the mobile computing device in an encrypted format and determining whether a decryption key is stored in a cache memory of the mobile computing device. Based on determining that the decryption key is not stored in a cache memory of the mobile computing device, aspects include transmitting a request to an enterprise network for the decryption key and receiving the decryption key and storing the decryption key in the cache memory. Aspects also include decrypting the enterprise data using the decryption key and deleting the decryption key from the cache memory based on a determination that the decryption key has not been accessed for a period of time greater than a threshold time.
    Type: Grant
    Filed: November 29, 2015
    Date of Patent: July 31, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Mohammad Abdirashid, Frank J. Degilio
  • Patent number: 10032035
    Abstract: The present disclosure involves systems and computer implemented methods for protecting portions of electronic documents. An example method includes receiving a request for access to an electronic file having sections, at least one section encrypted using a first key based on a first password. A second key is generated in response to receiving a second password, wherein the second key is generated based on the second password. The second key is compared to the first key. If the second key is identical to the first key, the least one section of the electronic file encrypted using the first key is decrypted using the second key. The electronic file is then presented such that the section(s) previously encrypted using the first cryptographic key is made visible. If the second key is not identical to the first, the electronic file is presented with the encrypted section(s) obscured.
    Type: Grant
    Filed: August 29, 2017
    Date of Patent: July 24, 2018
    Assignee: SAP SE
    Inventors: Anand Sinha, Vinay Sheel
  • Patent number: 10032011
    Abstract: Aspects of the subject disclosure may include, for example, generating a digital certificate responsive to an authentication of a user according to a dynamic biometric process, associating the digital certificate with a transaction record for the transaction, storing information associated with authentication conditions of the dynamic biometric process, receiving an access request associated with the transaction, and providing access to the transaction record, the information associated with the authentication conditions of the dynamic biometric process or a combination thereof responsive to the access request, where granting of the access is according to transmitting an access acknowledgement to equipment of the user, or obtaining another authentication to allow permission to access or a combination thereof. Other embodiments are disclosed.
    Type: Grant
    Filed: August 12, 2014
    Date of Patent: July 24, 2018
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventor: Frank Kao
  • Patent number: 10032045
    Abstract: This disclosure provides for a system, method, and machine-readable medium for performing dynamic runtime field-level access control using a hierarchical permission context structure. The hierarchical permission context structure includes various levels of roles, where each role is assigned one or more permissions. The one or more permissions assigned to the one or more roles indicate the amount of control a given user has over data displayable in an electronic document. The electronic document includes one or more fields having corresponding records in one or more databases. A record includes metadata about the data for a corresponding field. When an electronic document is requested, the fields of the electronic document are generated from the data stored in their corresponding records. An evaluation is performed that determines whether the user requesting the electronic document is authorized to view the data for one or more of the fields based on their corresponding metadata.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: July 24, 2018
    Assignee: Raytheon Company
    Inventors: Nicholas Wayne Barrett, Aaron M. Kovell
  • Patent number: 10034315
    Abstract: A method and an apparatus for Wi-Fi connection based on Wi-Fi Protected Setup (WPS) in a portable terminal are provided. The method includes entering a group owner mode of Wi-Fi Direct when enabling of WPS is requested, after entering the group owner mode, entering a WPS session mode where the portable terminal is operable in a WPS registrar mode, determining whether an Access Point (AP) whose WPS session of the WPS registrar mode is enabled or a device whose group owner mode is enabled, exists nearby, and when an AP whose WPS registrar mode is enabled is discovered, disabling the WPS registrar mode and the group owner mode, enabling a WPS session where the portable terminal is to operate in a WPS enrollee mode, and accessing the discovered AP.
    Type: Grant
    Filed: August 27, 2015
    Date of Patent: July 24, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Bu-Seop Jung, Jung-Hun Lee
  • Patent number: 10033704
    Abstract: Embodiments include method, systems and computer program products for securing enterprise data in a mobile computing environment. Aspects include receiving, by an application disposed on a mobile computing device, a request to access the enterprise data stored on the mobile computing device in an encrypted format and determining whether the mobile computing device is in communication with an enterprise network. Based on determining that the mobile computing device is in communication with the enterprise network, aspects include transmitting a decryption request to an encryption application disposed on the enterprise network, receiving the enterprise data in an unencrypted format from the enterprise network and granting access to the enterprise data in an unencrypted format to the application. Based on a determination that the mobile computing device is not communication with the enterprise network, aspects also include denying the request to access the enterprise data.
    Type: Grant
    Filed: November 29, 2015
    Date of Patent: July 24, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Mohammad Abdirashid, Frank J. Degilio
  • Patent number: 10028135
    Abstract: Embodiments include method, systems and computer program products for securing enterprise data in a mobile computing environment. Aspects include receiving a request to access the enterprise data stored on the mobile computing device in an encrypted format and determining whether a decryption key is stored in a cache memory of the mobile computing device. Based on determining that the decryption key is not stored in a cache memory of the mobile computing device, aspects include transmitting a request to an enterprise network for the decryption key and receiving the decryption key and storing the decryption key in the cache memory. Aspects also include decrypting the enterprise data using the decryption key and deleting the decryption key from the cache memory based on a determination that the decryption key has not been accessed for a period of time greater than a threshold time.
    Type: Grant
    Filed: March 10, 2016
    Date of Patent: July 17, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Mohammad Abdirashid, Frank J. Degilio