Patents Examined by Teshome Hailu
  • Patent number: 9916459
    Abstract: Methods, systems, and computer program products for encrypting photograph metadata are provided. An image file is received. The image file includes digital image data and a plurality of data fields. A first data field of the plurality of data fields includes a first metadata. A rule set for modifying the first metadata is received. In response to determining that at least one rule of the rule set corresponds to the first metadata, the first metadata is encrypted based to create a second metadata. The second metadata is stored in the image file.
    Type: Grant
    Filed: August 21, 2015
    Date of Patent: March 13, 2018
    Assignee: International Business Machines Corporation
    Inventors: Erik Rueger, Tim U. Scheideler, Matthias Seul, Thomas A. Snellgrove
  • Patent number: 9906361
    Abstract: An apparatus comprises a storage system and a key manager incorporated in or otherwise associated with the storage system. The storage system comprises first storage of a first type and second storage of a second type with the first storage providing enhanced data protection relative to the second storage. The key manager is configured to maintain a master key hierarchy for the storage system. The master key hierarchy comprises a plurality of levels each including one or more master keys, with an uppermost level of the master key hierarchy comprising a root master key that is stored in the first storage and at least one lower level of the master key hierarchy comprising a plurality of master keys that are stored in the second storage under encryption by the root master key. Keys of a lowermost level of the master key hierarchy are associated with respective groups of data items.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: February 27, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Radia Perlman, Xuan Tang, Thomas Dibb, Greg Lazar
  • Patent number: 9898326
    Abstract: Methods, systems, and computer program products are included for loading a code module. A method includes providing, by a hypervisor, a virtual machine that includes a guest operating system. The code module and a signature corresponding to the code module are sent by the guest operating system to the hypervisor. One or more relocations are applied to the code module. The hypervisor verifies the signature corresponding to the code module. After verifying the signature, the hypervisor allows the guest operating system to execute the code module.
    Type: Grant
    Filed: February 23, 2016
    Date of Patent: February 20, 2018
    Assignee: RED HAT ISRAEL, LTD.
    Inventors: Michael Tsirkin, Paolo Bonzini
  • Patent number: 9898878
    Abstract: An integrated security system which seamlessly assimilates with current generation logical security systems. The integrated security system incorporates a security controller having standard network interface capabilities including IEEE 802.x and takes advantage of the convenience and security offered by smart cards and related devices for both physical and logical security purposes. The invention is based on standard remote authentication dial-in service (RADIUS) protocols or TCP/IP using SSL, TLS, PCT or IPsec and stores a shared secret required by the secure communication protocols in a secure access module coupled to the security controller. The security controller is intended to be a networked client or embedded intelligent device controlled remotely by to an authentication server. In another embodiment of the invention one or more life cycle management transactions are performed with the secure access module.
    Type: Grant
    Filed: April 12, 2017
    Date of Patent: February 20, 2018
    Assignee: Assa Abloy AB
    Inventors: Dominique Louis Joseph Fedronic, Wu Wen
  • Patent number: 9900300
    Abstract: In an approach for protecting against use of clones of electronic devices, a first sequence value is initialized on the server and an equal second sequence value is initialized on an electronic device. In response to a first login request to the server from a user operating the electronic device, the first and second sequence values are compared. If the values are equal, processing of the login process continues. Otherwise, the login request is rejected. If the login is successful, a next value is computed for the first and second sequence values, and the next first and second sequence values are stored on the server and on the electronic device, respectively.
    Type: Grant
    Filed: April 22, 2015
    Date of Patent: February 20, 2018
    Assignee: IONU Security, Inc.
    Inventors: David W. Bennett, Alan M. Frost
  • Patent number: 9898617
    Abstract: The present disclosure relates to a computer system for querying a database residing on a server computer of the computer system, said database storing data records, the database further comprising a relation, wherein the relation comprises data items, wherein the data items are encrypted with a first encryption method in the relation, wherein the data items form a partially ordered set in the relation, the partial order being formed with respect to the data items in non-encrypted form, wherein a referential connection exists assigning each encrypted data item in the relation to a respective data record of the data records, wherein the encrypted data items are annotated with data elements of a linear order in the database, the linear order corresponding the order in which the encrypted data items are stored in the relation with respect to the partial ordered set, the computer system further comprising a client computer, the client computer being configured for sending to the server computer a request for data
    Type: Grant
    Filed: February 1, 2016
    Date of Patent: February 20, 2018
    Inventors: Jan Lehnhardt, Tobias Rho
  • Patent number: 9894055
    Abstract: An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: February 13, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Vincent E. Parla, David McGrew, Andrzej Kielbasinski
  • Patent number: 9893960
    Abstract: A device hub system includes: a control unit configured to: generate a workroom for providing access to a workroom accessible resource, including an enterprise multifunctional printer, protected by a network firewall; provide authentication for a participant device to access the workroom; receive a workroom request through the workroom; generate a workroom sharable information from the workroom request; and a communication unit, coupled to the control unit, configured to distribute the workroom sharable information within the workroom.
    Type: Grant
    Filed: August 11, 2015
    Date of Patent: February 13, 2018
    Inventors: Ramon Rubio, Joseph Yang, Wei-jhy Chern
  • Patent number: 9892271
    Abstract: A device includes a thermal infrared sensor and a processor, operatively coupled to the thermal IR sensor. The processor is configured to determine that the device has been successfully unlocked by a user using a security procedure, obtain a thermal signature for the user using thermal sensor data from the thermal infrared sensor, monitor proximity of the user to the device using the thermal signature and maintain the device unlocked if the thermal signature is detectable and is within the detection proximity of the thermal infrared sensor.
    Type: Grant
    Filed: July 21, 2015
    Date of Patent: February 13, 2018
    Assignee: Motorola Mobility LLC
    Inventors: Amit Kumar Agrawal, Rachid M Alameh, Patrick J Cauwels
  • Patent number: 9888029
    Abstract: Systems, methods, and software described herein provide security actions based on the current state of a security threat. In one example, a method of operating an advisement system in a computing environment with a plurality of computing assets includes identifying a security threat within the computing environment. The method further includes, in response to identifying the security threat, obtaining state information for the security threat within the computing environment, and determining a current state for the security threat within the computing environment. The method also provides obtaining enrichment information for the security threat and determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: February 6, 2018
    Assignee: Phantom Cyber Corporation
    Inventors: Sourabh Satish, Oliver Friedrichs, Atif Mahadik, Govind Salinas
  • Patent number: 9876796
    Abstract: The field of the invention relates to network connected authentication systems, and more particularly to systems and methods that enable authentication of one or more users of a group using network connected devices. In an embodiment, the system includes a network connected authentication server coupled to a network for access by a plurality of user devices in a group to authenticate a user of one or more third party applications. When a user of the group visits a third party application and initiates a group authentication, the network connected authentication server retrieves authentication rules and sends authentication requests to the user devices of the group based on the authentication rules.
    Type: Grant
    Filed: September 12, 2016
    Date of Patent: January 23, 2018
    Assignee: iovation Inc.
    Inventors: Devin M. Egan, Yo Sub Kwon, Geoffrey R. Sanders, Christopher C. Shepherd, Kristin F. Tomasik
  • Patent number: 9871826
    Abstract: Systems and techniques are provided for creating sensor based rules for detecting and responding to malicious activity. Evidence corresponding to a malicious activity is received. The evidence corresponding to malicious activity is analyzed. Indicators are identified from the evidence. The indicators are extracted from the evidence. It is determined that an action to mitigate or detect a threat needs to be taken based on the indicators and evidence. A sensor to employ the prescribed action is identified. Whether a sensor based rule meets a threshold requirement is validated. A configuration file used to task the sensor based rule to the identified sensor is created. The number of sensor based rule triggers is tracked.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: January 16, 2018
    Assignee: Analyst Platform, LLC
    Inventors: Russell Scott Messick, Jason Daniel Smith
  • Patent number: 9864867
    Abstract: A 1st domain makes a request to a 2nd domain using a URI including the name of the 2nd domain, a public path for the domains, and a cryptographically secure path generated by the 1st domain. The 2nd domain makes a request to the 1st domain using a URI including the name of the 1st domain, the pre-defined public path, and the cryptographically secure path. The 1st domain or the 2nd domain sets a cookie including a message (the cookie's path scope includes the pre-defined public path and the cryptographically secure path, the cookie's domain scope includes all sub-domains of the nearest common ancestor for the 1st and 2nd domains), and makes a request to the other domain using a URI including the name of the other domain, the pre-defined public path, and the cryptographically secure path, which causes a web browser to send the cookie to the other domain.
    Type: Grant
    Filed: February 23, 2016
    Date of Patent: January 9, 2018
    Assignee:, inc.
    Inventor: Amalkrishnan Chemmany Gopalakrishnan
  • Patent number: 9854000
    Abstract: In one embodiment, a method includes identifying unusual behavior with respect to a handshake between a first endpoint and a second endpoint that are included in a network, and determining whether the unusual behavior with respect to the handshake indicates presence of malicious software. The method also includes identifying at least one of the first endpoint and the second endpoint as potentially being infected by the malicious software if it is determined that the unusual behavior with respect to the handshake indicates the presence of malicious software.
    Type: Grant
    Filed: November 6, 2014
    Date of Patent: December 26, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: Daniel G. Wing, Flemming S. Andreasen, Kent K. Leung
  • Patent number: 9853815
    Abstract: A password verifying method includes the following steps: providing a plurality of interactive regions in which several known password characters are arranged and shown randomly, at least one interactive region containing at least two characters; accepting selection of one of said plurality of interactive regions by a user, and after selection of one of the interactive regions by the user, randomly re-distributing said several known password characters into said interactive regions for subsequent selection by the user; and comparing characters contained in a predefined password sequence with characters contained in the interactive regions selected by the user, and outputting a signal representing a successful password verification when each character contained in the password sequence is identical to corresponding ones of the characters shown in respective ones of the interactive regions selected by the user.
    Type: Grant
    Filed: April 21, 2015
    Date of Patent: December 26, 2017
    Assignees: Smart Electronic Industrial (Dong Guan) Co., Ltd.
    Inventor: Lee Zheng
  • Patent number: 9852281
    Abstract: According to an embodiment, an authentication system includes a physical device, a calculator, and an authenticator. The physical device includes a data source which outputs a data sequence along time series. The calculator performs, using hidden Markov model, probability calculation on an ID which is based on the data sequence obtained from the physical device. The authenticator authenticates the physical device based on calculation result of the calculator.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: December 26, 2017
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Tetsufumi Tanamoto, Takao Marukame, Shinichi Yasuda, Yuichiro Mitani, Shinobu Fujita
  • Patent number: 9846774
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify an application, run the application, log the parameters for each function call of the application, and store the logged parameters in an emulation table. The logged parameters can include a function call, input parameters, and output parameters. The emulation table can be used to simulate execution of an application without having to actually run the application.
    Type: Grant
    Filed: June 27, 2015
    Date of Patent: December 19, 2017
    Assignee: McAfee, LLC
    Inventors: Christoph Alme, Slawa Hahn, Stefan Finke
  • Patent number: 9843561
    Abstract: Methods, systems and computer readable media for a MiTM proxy that supports client authentication are described.
    Type: Grant
    Filed: October 15, 2015
    Date of Patent: December 12, 2017
    Assignee: Avaya Inc.
    Inventors: Vijaykumar V. Borkar, Saurabh Sule
  • Patent number: 9838435
    Abstract: Different types of soft-lockout policies can be associated with different organizations (or groups) in an identity management system. Each soft-lockout policy can indicate different parameters such as a number of login attempts allowed and an amount of time that a user account will be locked-out if the maximum allowed attempts are exceeded unsuccessfully. Users can be associated with the different organizations. For each user, the soft-lockout policies for the organization with which that user is associated are applied to that user when that user attempts to log in. Thus, different groups of users can be handled with different security behaviors regarding unsuccessful login attempts. If, for example, a user were to become moved from one organization to another, then the soft-lockout policies associated with the user's new organization would become applicable to that user.
    Type: Grant
    Filed: September 7, 2016
    Date of Patent: December 5, 2017
    Assignee: Oracle International Corporation
    Inventors: Achyut Ramchandra Jagtap, Gregory Alan Wilson, Shailesh Kumar Mishra
  • Patent number: 9836603
    Abstract: The disclosed computer-implemented method for automated generation of generic signatures used to detect polymorphic malware may include (1) clustering a set of polymorphic file samples that share a set of static attributes in common with one another, (2) computing a distance of the polymorphic file samples from a centroid that represents a reference data point with respect to the set of polymorphic file samples, (3) determining that the distance of the polymorphic file samples from the centroid is below a certain threshold, and then upon determining that the distance is below the certain threshold, (4) identifying, within the set of static attributes shared in common by the polymorphic file samples, a subset of static attributes whose values are identical across all of the polymorphic file samples and (5) generating a generic file-classification signature from the subset of static attributes. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: February 11, 2016
    Date of Patent: December 5, 2017
    Assignee: Symantec Corporation
    Inventors: Ajitesh RoyChowdhury, Anudeep Kumar, Himanshu Dubey, Nitin Shekokar