Patents Examined by Teshome Hailu
  • Patent number: 10152582
    Abstract: A computer implemented method for use of encrypted identity on a QR code encoded onto a permanent medium. The system includes mechanism to generate the encrypted identity into a QR code. Also, at patient authentication, the encrypted identity in QR code is read through a custom application. The custom application decrypts the double encrypted global ID using the application encryption key. The server decrypts the application decrypted ID using the server key and date of the encryption. The decrypted global ID is then used to match with the patient information.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: December 11, 2018
    Inventors: Jose Bolanos, Yanick Gaudet
  • Patent number: 10148684
    Abstract: Systems, methods, and other embodiments associated with placing a workload on one of a plurality of hosts are described. In one embodiment, a method includes analyzing hosts to identify a first host and a second host determined to meet resource requirements of the workload. The example method may also include analyzing the first host to calculate a first threat score, and analyzing the second host to calculate a second threat score. The example method may also include selecting a host with a lowest threat score and placing the workload on the selected host. The example method may also include reanalyzing the selected host to calculate an updated threat score. The example method may also include in response to determining that the updated threat score exceeds a threshold threat score, moving the workload to a third host.
    Type: Grant
    Filed: January 27, 2017
    Date of Patent: December 4, 2018
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Ajai Joy, Sarat C. Aramandla
  • Patent number: 10140449
    Abstract: Systems and methods may provide for identifying a runtime behavioral pattern of an application and detecting an anomaly in the runtime behavioral pattern. In addition, a security event may be triggered in response to the anomaly. In one example, the anomaly is detected with regard to one or more of a library call count, a library call type, a library call argument configuration or a library call timing associated with a runtime operation of the application.
    Type: Grant
    Filed: August 24, 2017
    Date of Patent: November 27, 2018
    Assignee: Intel Corporation
    Inventors: Antonio C. Valles, Vincent J. Zimmer
  • Patent number: 10142109
    Abstract: Example embodiments relate to instantiating containers. For example, in an embodiment, integrity of a container image may be verified by executing a verification program using verification information associated with the container image. Provenance of the container image may be verified by checking a log associated with the container image. A container may be instantiated from the container image by loading a file system associated with the container image. The file system associated with the container image may be isolated from the verification information and the log.
    Type: Grant
    Filed: August 16, 2016
    Date of Patent: November 27, 2018
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventor: Nigel Edwards
  • Patent number: 10133865
    Abstract: The disclosed computer-implemented method for detecting malware may include (1) identifying a plurality of programs represented in machine code, (2) deriving a plurality of opcode n-grams from opcode sequences within the plurality of programs, (3) training an autoencoder by using the plurality of opcode n-grams as input, (4) discovering a set of features within the autoencoder after training the autoencoder, each feature within the set of features comprising a linear combination of opcode n-grams from the plurality of opcode n-grams, and (5) classifying a potentially malicious program as malicious by using the set of features discovered within the autoencoder to analyze the potentially malicious program. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: November 20, 2018
    Assignee: SYMANTEC CORPORATION
    Inventors: Reuben Feinman, Jugal Parikh
  • Patent number: 10135814
    Abstract: A self-authenticating chip includes first and second memory regions storing, respectively, first and second authentication codes. The second memory region is adapted to be unreadable and unmodifiable by the chip or a chip reader. The chip also includes a comparator for providing an indicator of whether given input matches the second authentication code. The chip also includes an authentication circuit that is operable to read the first authentication code from the first memory region, present the first authentication code to the comparator, and in response to receiving an indicator from the comparator indicating that the first and second authentication codes match, unlock at least one of (i) a communication interface of the chip to allow data to be transmitted therethrough to a chip reader and (ii) a third memory region of the chip to allow data to be read therefrom.
    Type: Grant
    Filed: December 16, 2016
    Date of Patent: November 20, 2018
    Assignee: CARDEX SYSTEMS INC
    Inventors: Dennis Bernard Van Kerrebroeck, Craig Michael Horn, Bernard Marie-Andre Van Kerrebroeck
  • Patent number: 10129284
    Abstract: In a system for configuring a web application firewall, one or more parameters of the firewall are adjusted such that a test configured for exposing a vulnerability of an application protected by the application firewall is blocked by the firewall and another test configured to invoke functionality of the application but that does not expose or exploit any security vulnerability is not blocked by the firewall. A notification is provided to a user if such a firewall configuration is not found after a specified number of attempts.
    Type: Grant
    Filed: September 25, 2014
    Date of Patent: November 13, 2018
    Assignee: Veracode, Inc.
    Inventor: Erik J. Peterson
  • Patent number: 10129020
    Abstract: Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device's public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.
    Type: Grant
    Filed: March 13, 2018
    Date of Patent: November 13, 2018
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventor: Eric Le Saint
  • Patent number: 10129291
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to monitor activities of objects in a system, compare the monitored activities to metadata for the system, and identify low prevalence outliers to detect potentially malicious activity. The monitored activities can include an analysis of metadata of the objects in the system to identify polymorphic threats, an object reuse analysis of the system to detect an object reusing metadata from another object, and a filename analysis of the system.
    Type: Grant
    Filed: June 27, 2015
    Date of Patent: November 13, 2018
    Assignee: McAfee, LLC
    Inventors: James Bean, Joel R. Spurlock
  • Patent number: 10122686
    Abstract: A device is provided to perform secure operations in a network that includes multiple devices. The device comprises multiple processor cores; multiple physical ports to receive packets; a system interconnect and a network security engine. The network security engine is operative to: extract a key from a packet received from a physical port among the physical ports; in response to a first determination that the key does not match a stored key in the device, block the packet from entering the system interconnect through the physical port; and in response to the first determination that the key matches the stored key and in response to a second determination that one or more identifiers extracted from the packet do not match stored information in the device, block the packet from entering an identified processor core among the processor cores that is to be accessed by the packet.
    Type: Grant
    Filed: April 27, 2017
    Date of Patent: November 6, 2018
    Assignee: MediaTek Inc.
    Inventor: Hungwen Li
  • Patent number: 10116635
    Abstract: A mobile-based equipment service system includes a remote server, a mobile device, and at least one equipment controller. The mobile device includes a user interface, and is configured to send a user authentication message, initiated by a user via the user interface, to the remote server. The remote server is configured to verify the user via the user authentication message and once verified, send an encrypted blob to the mobile device in response to the user authentication message. At least one equipment controller is configured to receive and decrypt the encrypted blob from the mobile device.
    Type: Grant
    Filed: April 27, 2017
    Date of Patent: October 30, 2018
    Assignee: OTIS ELEVATOR COMPANY
    Inventors: Devu Manikantan Shila, Arthur T. Grondine, Michael Garfinkel, Teems E. Lovett
  • Patent number: 10114940
    Abstract: An information processing system includes a storage unit that stores, with respect to each application, application identification information identifying the application for executing a series of processes in cooperation with an external service and information relating to the series of processes; a receiving unit that receives from a device connected to the information processing system, a request including first authentication information acquired by the device from an authentication infrastructure, the application identification information, and information relating to electronic data designated by a user at the device; an acquisition unit that acquires second authentication information for using the external service based on the first authentication information included in the received request; and an execution unit that executes a process on the electronic data based on the information relating to the series of processes associated with the application identification information included in the received
    Type: Grant
    Filed: February 23, 2016
    Date of Patent: October 30, 2018
    Assignee: Ricoh Company, Ltd.
    Inventors: Kazunori Sugimura, Yuuichiroh Hayashi, Kohsuke Namihira, Dongzhe Zhang
  • Patent number: 10110586
    Abstract: A method may include identifying a candidate user based on a connection to an established user of a business management application (BMA). The candidate user may have an associated user identifier. The method may further include collecting, using the user identifier, social network data of the candidate user from an online social network, identifying, using the social network data of the candidate user, application programming interfaces (APIs) for collecting public data about the candidate user, retrieving, using the user identifier and an API, public data corresponding to the candidate user, generating, using the public data corresponding to the candidate user, an account creation request including the user identifier, and transmitting the account creation request to the BMA.
    Type: Grant
    Filed: January 27, 2017
    Date of Patent: October 23, 2018
    Assignee: Intuit Inc.
    Inventor: Ravi Iyer
  • Patent number: 10110613
    Abstract: Embodiments may be configured to receive a protected version of content that includes multiple encrypted content samples. In various embodiments, each encrypted content sample includes multiple encrypted blocks. For a given encrypted content sample, different sets of encrypted blocks in that sample may form different encryption chains. The protected version of the content may further include decryption information for decrypting the encrypted content samples. The decryption information may include at least some initialization vectors generated dependent upon non-content information that is not included in the protected version of the content. The non-content information may be from a different protected version of the content. Embodiments may be configured to use the decryption information to decrypt one or more of the encrypted content samples.
    Type: Grant
    Filed: August 12, 2016
    Date of Patent: October 23, 2018
    Assignee: Adobe Systems Incorporated
    Inventor: Viswanathan Swaminathan
  • Patent number: 10108795
    Abstract: The present invention is a method of and a system for enabling an initiating party to capture, store, and retrieve an image of at least one acknowledging party performing an acknowledgement requested by the initiating party where the acknowledging party(s) may be remotely located from the initiating party.
    Type: Grant
    Filed: July 10, 2017
    Date of Patent: October 23, 2018
    Inventor: David Ruma
  • Patent number: 10108814
    Abstract: The present disclosure relates to transmitting a request for a set of data records, the request indicating encrypted data items associated with first and second interval boundaries, and selectively traversing a partially ordered set to determine an encrypted data item of the partially ordered set that is associated with an interval boundary of the first and second interval boundaries, based on no cache entries being associated with any encrypted data item associated with the interval boundary. The selectively traversing may include decrypting one or more portions of the partially ordered set, determining the encrypted data item of the partially ordered set, and transmitting a request to retrieve a data element of a linear order annotated to the encrypted data item of the partially ordered set associated with the interval boundary, to cause generation of a new cache entry including the encrypted data item and the data element.
    Type: Grant
    Filed: May 23, 2018
    Date of Patent: October 23, 2018
    Assignee: COMPUGROUP MEDICAL SE
    Inventors: Jan Lehnhardt, Tobias Rho
  • Patent number: 10102533
    Abstract: Data processing systems and methods for: (1) receiving from a first set of users, respective answers for question/answer pairings regarding a product's proposed design; (2) using the question/answer pairings to prepare an initial privacy impact assessment for the product; (3) displaying the plurality of question/answer pairings to a second set of users; (4) receiving recommended steps to be implemented, before the product's implementation date, as part of the design of the product to address any privacy-related concerns identified in the initial privacy impact assessment; and (5) after the tasks have been completed, generating a report documenting that: (a) the initial privacy assessment has been conducted for the product; (b) one or more revisions have been made to the product to facilitate the compliance of the product with the one or more privacy standards; and (c) an updated privacy assessment has been conducted for the product.
    Type: Grant
    Filed: June 10, 2017
    Date of Patent: October 16, 2018
    Assignee: OneTrust, LLC
    Inventor: Kabir A. Barday
  • Patent number: 10089803
    Abstract: An integrated security system which seamlessly assimilates with current generation logical security systems. The integrated security system incorporates a security controller having standard network interface capabilities including IEEE 802.x and takes advantage of the convenience and security offered by smart cards and related devices for both physical and logical security purposes. The invention is based on standard remote authentication dial-in service (RADIUS) protocols or TCP/IP using SSL, TLS, PCT or IPsec and stores a shared secret required by the secure communication protocols in a secure access module coupled to the security controller. The security controller is intended to be a networked client or embedded intelligent device controlled remotely by to an authentication server. In another embodiment of the invention one or more life cycle management transactions are performed with the secure access module.
    Type: Grant
    Filed: January 10, 2018
    Date of Patent: October 2, 2018
    Assignee: Assa Abloy AB
    Inventors: Dominique Louis Joseph Fedronic, Wu Wen
  • Patent number: 10091232
    Abstract: A new paradigm for security analysis is provided by transitioning code analysis reporting from the problem space (the warnings themselves), to a solution space (potential solutions to the identified problems). Thus, instead of reporting raw findings to the user, the automated system as described here outputs proposed solutions to eliminate the defects identified in the security analysis. A consequence of this approach is that the report generated by the analysis tool is much more consumable, and thus much more actionable. Preferably, the report provides the user with one or more candidate location(s) at which to apply a fix to an identified security problem. These locations preferably are identified by processing overlapping nodes to identify one or more solution groupings that represent an API for a sanitization fix. The report also includes one or more recommendations for the fix, and preferably the report is generated on a per-vulnerability type basis.
    Type: Grant
    Filed: August 7, 2017
    Date of Patent: October 2, 2018
    Assignee: International Business Machines Corporation
    Inventors: Stephen Darwin Teilhet, Kristofer Alyn Duer, John Thomas Peyton, Jr., Omer Tripp
  • Patent number: 10079674
    Abstract: A privacy-preserving verification methodology for SoC computing systems is described. The verification methodology utilizes the principles of Multi-Party Computation (“MPC”), and enables meaningful manipulation of encrypted data in the encrypted domain through the use of a fully homomorphic encryption (“FHE”) scheme. In the described verification methodology, IP logic is transformed and test vectors utilized to verify the IP logic are encrypted. The parties involved in the verification (e.g., the designer, the manufacturer, a third-party verification service, etc.) can functionally verify the IP core via the encrypted test vectors while the encrypted test vectors remain in the encrypted domain. Accordingly, the IP core is verified without revealing unwarranted information, such as the underlying IP behind the SoC.
    Type: Grant
    Filed: February 23, 2016
    Date of Patent: September 18, 2018
    Assignee: NEW YORK UNIVERSITY
    Inventors: Michail Maniatakos, Charalambos Konstantinou, Anastasis Keliris