Patents Examined by Teshome Hailu
  • Patent number: 10079674
    Abstract: A privacy-preserving verification methodology for SoC computing systems is described. The verification methodology utilizes the principles of Multi-Party Computation (“MPC”), and enables meaningful manipulation of encrypted data in the encrypted domain through the use of a fully homomorphic encryption (“FHE”) scheme. In the described verification methodology, IP logic is transformed and test vectors utilized to verify the IP logic are encrypted. The parties involved in the verification (e.g., the designer, the manufacturer, a third-party verification service, etc.) can functionally verify the IP core via the encrypted test vectors while the encrypted test vectors remain in the encrypted domain. Accordingly, the IP core is verified without revealing unwarranted information, such as the underlying IP behind the SoC.
    Type: Grant
    Filed: February 23, 2016
    Date of Patent: September 18, 2018
    Assignee: NEW YORK UNIVERSITY
    Inventors: Michail Maniatakos, Charalambos Konstantinou, Anastasis Keliris
  • Patent number: 10073916
    Abstract: Embodiments of the present application disclose a method for providing a terminal identifier to a terminal. During operation, a security server receives a registration information set from the terminal, in which the registration information set includes multiple pieces of equipment information from the terminal. The security server then generates a terminal identifier based on the multiple pieces of equipment information in the registration information set. The security server then returns the terminal identifier to the terminal.
    Type: Grant
    Filed: September 13, 2017
    Date of Patent: September 11, 2018
    Assignee: Alibaba Group Holding Limited
    Inventor: Jupeng Xia
  • Patent number: 10075527
    Abstract: A method and system for providing information management of data from hosted services receives information management policies for a hosted account of a hosted service, requests data associated with the hosted account from the hosted service, receives data associated with the hosted account from the hosted service, and provides a preview version of the received data to a computing device. In some examples, the system indexes the received data to associate the received data with a user of an information management system, and/or provides index information related to the received data to the computing device.
    Type: Grant
    Filed: January 6, 2017
    Date of Patent: September 11, 2018
    Assignee: CommVault Systems, Inc.
    Inventors: Manoj Kumar Vijayan, Ho-Chi Chen, Deepak Raghunath Attarde, Hetalkumar N. Joshi
  • Patent number: 10075301
    Abstract: A method of equality verification using relational encryption including receiving a relational key that includes a first relational key component and a registration ciphertext that includes an encryption of a first plaintext data set. The method includes storing the registration ciphertext without decrypting the registration ciphertext. After the storing of the registration ciphertext, the method includes receiving an authentication request and communicating a safeguard data set that includes a random challenge in response to the authentication request. The method includes receiving an encrypted response that is generated based on the safeguard data set and a second plaintext data set. The method includes verifying a relationship between the encrypted response and the registration ciphertext using the relational key without decrypting the encrypted response and without decrypting the registration ciphertext. The relationship indicates that equality exists between the first and the second plaintext data sets.
    Type: Grant
    Filed: July 13, 2015
    Date of Patent: September 11, 2018
    Assignee: FUJITSU LIMITED
    Inventors: Avradip Mandal, Arnab Roy
  • Patent number: 10068097
    Abstract: A data center has a plurality of secure processing units; a plurality of data stores holding encrypted data records; and a network connecting the secure processing units and the data stores. The secure processing units comprise computing functionality configured to execute a data processing operation in parallel on the secure processing units by being configured to read encrypted records from the stores, process one or more of the encrypted records within the secure processing units, send one or more of the encrypted records to the stores. The data center is configured to carry out a secret shuffle of the data records to protect the privacy of data processed in the data center from an observer observing any one or more of: the reading of the records, the sending of the records, the writing of the records; the secret shuffle comprising a random permutation of the records hidden from the observer.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: September 4, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Olga Ohrimenko, Manuel Costa, Cedric Fournet, Christos Gkantsidis, Markulf Kohlweiss, Divya Sharma
  • Patent number: 10063527
    Abstract: Techniques for handshake-free encrypted communication are described. An apparatus may comprise a key component, a message component, and a network component. The key component may be operative to retrieve a first symmetric encryption key from a key store and to store a second symmetric encryption key in the key store. The message component may be operative to construct a message comprising a data section, the data section encrypted using the first symmetric encryption key. The network component may be operative to transmit the message to a device and to receive a response to the message, the response comprising the second symmetric encryption key. Other embodiments are described and claimed.
    Type: Grant
    Filed: July 28, 2016
    Date of Patent: August 28, 2018
    Assignee: FACEBOOK, INC.
    Inventor: Yunnan Wu
  • Patent number: 10057295
    Abstract: A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.
    Type: Grant
    Filed: July 18, 2017
    Date of Patent: August 21, 2018
    Assignee: CUPP Computing AS
    Inventor: Shlomo Touboul
  • Patent number: 10057224
    Abstract: Embodiments as described herein provide systems and methods for sharing secrets between a device and another entity. The shared secret may be generated on the device as a derivative of a secret value contained on the device itself in a manner that will not expose the secret key on the device and may be sent to the entity. The shared secret may also be stored on the device such that it can be used in future secure operations on the device. In this manner, a device may be registered with an external service such that a variety of functionality may be securely accomplished, including, for example, the generation of authorization codes for the device by the external service based on the shared secret or the symmetric encryption of data between the external service and the device using the shared secret.
    Type: Grant
    Filed: August 3, 2016
    Date of Patent: August 21, 2018
    Assignee: Rubicon Labs, Inc.
    Inventors: William V. Oxford, Roderick Schultz, Gerald E. Woodcock, Stephen E. Smith, Alexander Usach, Marcos Portnoi
  • Patent number: 10050954
    Abstract: A method may include performing secure device configuration, via a configuration service manager device, for a SIP user device. The method includes monitoring, via the configuration service manager device, the SIP user device for device authentication problems, configuration file download problems, device registration problems and device third party registration problems. The method may also include detecting the device authentication problems, and logging and reporting the detected device authentication problems. The method may also include automated testing of the device and logging and reporting of detected device test problems. The method further includes resolving the detected device authentication, registration or testing problems.
    Type: Grant
    Filed: February 1, 2016
    Date of Patent: August 14, 2018
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Paul T. Schultz, Robert A. Sartini, Tim D. Paiement, Elliot G. Eichen
  • Patent number: 10043032
    Abstract: The present disclosure relates to transmitting a request for a set of data records, the request indicating encrypted data items associated with first and second interval boundaries, and selectively traversing a partially ordered set to determine an encrypted data item of the partially ordered set that is associated with an interval boundary of the first and second interval boundaries, based on no cache entries being associated with any encrypted data item associated with the interval boundary. The selectively traversing may include decrypting one or more portions of the partially ordered set, determining the encrypted data item of the partially ordered set, and transmitting a request to retrieve a data element of a linear order annotated to the encrypted data item of the partially ordered set associated with the interval boundary, to cause generation of a new cache entry including the encrypted data item and the data element.
    Type: Grant
    Filed: February 1, 2018
    Date of Patent: August 7, 2018
    Assignee: COMPUGROUP MEDICAL SE
    Inventors: Jan Lehnhardt, Tobias Rho
  • Patent number: 10032172
    Abstract: A privacy compliance measurement system, according to particular embodiments, is configured to determine compliance with one or more privacy compliance requirements by an organization or sub-group of the organization. In various embodiments, the system is configured to determine a privacy maturity rating for each of a plurality of sub-groups within an organization. In some embodiments, the privacy maturity rating is based at least in part on: (1) a frequency of risks or issues identified with Privacy Impact Assessments (PIAs) performed or completed by the one or sub-groups; (2) a relative training level of members of the sub-groups with regard to privacy related matters; (3) a breadth and amount of personal data collected by the sub-groups; and/or (4) etc. In various embodiments, the system is configured to automatically modify one or more privacy campaigns based on the determined privacy maturity ratings.
    Type: Grant
    Filed: June 9, 2017
    Date of Patent: July 24, 2018
    Assignee: OneTrust, LLC
    Inventor: Kabir A. Barday
  • Patent number: 10025926
    Abstract: A method for analyzing side-channel leakage of an application running on a device including loading the application on a system comprising a device simulator, wherein the application is configured to accept public inputs and secret inputs and selecting a set of public inputs. The method includes, for each public input in the set of public inputs, executing the application on the system comprising the device simulator based on a respective public input and a first value for a secret input and extracting first intermediate values for the simulated device, and executing the application on the system based on the respective public input and a second value for the secret input and extracting second intermediate values for the simulated device. The method includes determining an amount of dependency of a location of the simulated device on the secret input based on a plurality of the first and second intermediate values.
    Type: Grant
    Filed: June 18, 2015
    Date of Patent: July 17, 2018
    Assignee: THE MITRE CORPORATION
    Inventors: Dan Walters, Andrew Hagen
  • Patent number: 10021071
    Abstract: A device may receive rule information, associated with a firewall policy, that includes a set of N rules. The device may add a rule, of the set of N rules, to a detector tree associated with the firewall policy. The device may identify other rules to which the rule is to be compared. The other rules may be included in the set of N rules, and may include a quantity of rules approximately equal to a result of a logarithm to base 2 of N. The device may compare the rule and the other rules, and may detect a rule anomaly based on comparing the rule to the other rules. The rule anomaly may be associated with a conflict between the rule and a particular rule of the other rules. The device may identify the rule anomaly within the detector tree, and may output information regarding the rule anomaly.
    Type: Grant
    Filed: October 24, 2016
    Date of Patent: July 10, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Vinuth Tulasi, Arnav Shrivastava, Srivathsa Sarangapani
  • Patent number: 10015137
    Abstract: The invention relates to a device for interconnecting at least two data-communication networks, connecting a first network qualified as a high-security network and at least one second network qualified as a low-security network, the device including a one-way channel referred to as downlink channel between the high-security network and the low-security network, and a one-way channel referred to as uplink channel between the low-security network and the high-security network, the uplink channel being configured, in accordance with at least one predetermined data model from the low-security network or a dedicated loading channel, such as to transmit a return signal towards the high-security network whenever an uplink data stream sent from the low-security network to the high-security network includes all or part of the predetermined data model, the return signal being transmitted together with a transmission of the uplink data stream or at the end of a transmission of the uplink stream towards the high-security
    Type: Grant
    Filed: December 19, 2014
    Date of Patent: July 3, 2018
    Assignee: SAFRAN ELECTRONICS & DEFENSE
    Inventor: Jean-Marie Courteille
  • Patent number: 10009342
    Abstract: An authenticator in a second user device captures a media sample played on a first user device in proximity to the second user device. The media sample comprises at least one of an audio portion, a video portion or an image portion of a media stream received by the first user device from a remote media streaming source over a network. The authenticator sends at least a portion of the media sample from the second user device to an authentication server, the authentication server to compare the at least the portion of the media sample to a reference media stream received from the remote media streaming source to determine that the second user device is authenticated for viewing the media stream responsive to the portion of the media sample matching the reference media stream. The authenticator then receives an authentication decision from the authentication server at the second user device, the authentication decision indicating whether the second user device is authenticated.
    Type: Grant
    Filed: October 23, 2017
    Date of Patent: June 26, 2018
    Assignee: Audible Magic Corporation
    Inventors: Jim Schrempp, Vance Ikezoye
  • Patent number: 10009380
    Abstract: A method of configuring a network security device includes receiving a changed set of network rules to replace a current set of network rules; using a plurality of network traffic events to perform a first simulation of according to the current set of network rules and a second simulation according to the changed set of network rules; comparing the results of the first and second simulation to identify changes in network traffic allowed and denied between the current set and the changed set of network rules; displaying the changes in allowed and denied traffic for review of the changed set of network rules; receiving an instruction to implement the changed set of network rules based on the review; and filtering network traffic according to the changed set of network rules.
    Type: Grant
    Filed: January 8, 2016
    Date of Patent: June 26, 2018
    Assignee: SECUREWORKS CORP.
    Inventors: Ross R. Kinder, Jon R. Ramsey, Timothy M. Vidas, Robert Danford
  • Patent number: 10007785
    Abstract: The present disclosure relates to the field of information technologies and discloses a method and an apparatus for implementing virtual machine introspection. The method provided in the present disclosure may further include: determining to-be-checked data in a virtual machine; starting to read the to-be-checked data, saving a copy of the read to-be-checked data, and storing a storage address of the read to-be-checked data in a hardware transactional memory, so that the hardware transactional memory is capable of monitoring the read to-be-checked data according to the storage address; when the read to-be-checked data is modified, stop reading the to-be-checked data, and delete the copy; and when reading the to-be-checked data is completed and it is not detected that the read to-be-checked data is modified, performing security check on the copy. The method can be applied to virtual machine introspection.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: June 26, 2018
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Bin Tu, Haibo Chen, Yubin Xia
  • Patent number: 10003610
    Abstract: An incident response system and method for tracking data security incidents in enterprise networks is disclosed. An Incident Manager application (IM) stores incident objects and incident artifacts (IAs) created in response to the incidents, where the incident objects include the information for the incident and the IAs are associated with data resources (e.g. IP addresses and malware hashes) identified within the incident objects. In response to creation of the IAs, the IM issues queries against one or more external threat intelligence sources (TISs) to obtain information associated with the IAs and augments the IAs with the obtained information. In examples, the IM can identify known threats by comparing the contents of IAs against TIS(s) of known threats, and can identify potential trends by correlating the created incident objects and augmented IAs for an incident with incident objects and IAs stored for other incidents.
    Type: Grant
    Filed: October 23, 2017
    Date of Patent: June 19, 2018
    Assignee: International Business Machines Corporation
    Inventors: Allen Hadden, Kenneth Allen Rogers
  • Patent number: 9973471
    Abstract: A protection method, which releases an attack of a malware to a firewall apparatus disposed at an application layer, includes processing a microbatching operation in a plurality of session channels and at at least an operational period according to at least one input information, to generate a plurality of session-specific firewall patterns; and merging the plurality of session-specific firewall patterns to generate an application-specific firewall pattern at the application layer, so as to dispose a script information corresponding to the application-specific firewall pattern in the firewall apparatus for releasing the attack of the malware, wherein the microbatching operation is processed to generate a plurality of independent subset-specific firewall patterns in each session channel, so as to generate a session-specific firewall pattern corresponding to each session channel.
    Type: Grant
    Filed: July 13, 2015
    Date of Patent: May 15, 2018
    Assignee: Wistron Corporation
    Inventor: Chih-Ming Chen
  • Patent number: 9967090
    Abstract: Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device's public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.
    Type: Grant
    Filed: April 17, 2017
    Date of Patent: May 8, 2018
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventor: Eric Le Saint