Patents Examined by Theodore Parsons
-
Patent number: 9241009Abstract: Malicious message detection and processing systems and methods are provided herein. According to various embodiments, a method includes detecting, via an intermediary node, a link included in a message, the link being associated with an unknown resource, hashing a unique identifier for a recipient of the message, coupling the hashed identifier with the link, creating an updated link and updated message, and forwarding the updated message to the recipient.Type: GrantFiled: September 15, 2014Date of Patent: January 19, 2016Assignee: Proofpoint, Inc.Inventors: Angelo Starink, David Knight
-
Patent number: 9225526Abstract: A hashed value is computed from an encrypted password value and a displayed code value from a hardware token at a client. The encrypted password value is based on a username, a context identifier, and a password. The client provides the username and the hashed value to a server. The encrypted password value associated with the username is retrieved at the server. An expected hashed value is computed at the server. The client is validated based on a comparison of the hashed value and the expected hashed value.Type: GrantFiled: November 30, 2009Date of Patent: December 29, 2015Assignee: Red Hat, Inc.Inventor: James Paul Schneider
-
Patent number: 9225994Abstract: A global motion vector for a first video frame identifies a shift that, when applied to second video frame, increases the similarity between the two frames. A method comprises: selecting picture elements from the first frame; comparing the selected picture elements with correspondingly positioned picture elements of the second video frame to produce a measure of similarity corresponding to zero shift; comparing, for each of a plurality of trial shifts, the selected picture elements with picture elements of the second video frame that have the same mutual positions but shifted by the respective trial shift, to produce a measure of similarity in respect of that trial shift; identifying the trial or zero shift which gives rise to the highest measure of similarity; and estimating a global motion vector from the identified shift. The selected picture elements are less than 5% of the total number of lines in the frame.Type: GrantFiled: February 3, 2006Date of Patent: December 29, 2015Assignee: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANYInventor: Michael E Nilsson
-
Patent number: 9202086Abstract: Data can be protected in a centralized tokenization environment. A request to tokenize sensitive data is received by an endpoint. A token for use in tokenizing the sensitive data is identified. A token certificate store is queried for a token certificate associated with the identified token. The token certificate can include a token status and use rules describing a permitted use of the token. Responsive to the token certificate store storing the queried token certificate, the endpoint tokenizes the sensitive data using the identified token if the token status indicates the token is available, and subject to the use rules included in the token certificate being satisfied. The token certificate is updated based on the tokenization of the sensitive data with the identified token and stored at the token certificate store.Type: GrantFiled: March 27, 2013Date of Patent: December 1, 2015Assignee: Protegrity CorporationInventors: Ulf Mattsson, Yigal Rozenberg
-
Patent number: 9122863Abstract: A method and apparatus for configuring identity federation configuration. The method includes: acquiring a set of identity federation configuration properties of a first computing system and a set of identity federation configuration properties of a second computing system; identifying one or more pairs of associated properties in the first and the second sets, where the pairs of associated properties include one property from each set of identity federation configuration; displaying, properties that need to be configured manually from the each sets of identity federation configuration properties, where the properties that need to be configured manually do not include the property in any pair of associated properties for which the value can be derived from the value of another property in the pair; automatically assigning a property that can be derived from the value of another property; and providing each computing systems with each set of identity federation properties.Type: GrantFiled: December 19, 2012Date of Patent: September 1, 2015Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: He Yuan Huang, Liu Jian, Min Li, Xiao Xi Liu
-
Patent number: 9119070Abstract: An approach is provided for detecting unauthorized wireless devices in a network. A platform retrieves an identifier of a device from a log of devices connected to a network, determines whether the device is a wireless device by applying a plurality of criteria to the identifier, retrieving a list of wireless devices authorized to connect to the network if the device is determined to be a wireless device, and compares the identifier with the list to determine whether the device is authorized to connect to the network.Type: GrantFiled: August 31, 2009Date of Patent: August 25, 2015Assignee: Verizon Patent and Licensing Inc.Inventor: Monica Juliet Brindza
-
Patent number: 9094413Abstract: An application management agent running on a wireless communications device restricts access to device functionality (e.g., applications and device features) unless the application management agent has determined that a particular configuration profile has been installed on the device (after which the application management agent permits access to device functionality, and an operating system of the device enforces policy settings specified in the configuration profile). The application management agent confirms the presence of the configuration profile by initiating an SSL handshake with a client certificate request for a client SSL certificate embedded in the configuration profile. Validation against the embedded client SSL certificate implicitly confirms the presence of the configuration profile and validates the content of the configuration profile.Type: GrantFiled: March 21, 2013Date of Patent: July 28, 2015Assignee: VMware, Inc.Inventors: Harvey Tuch, Mark Zeren, Craig F. Newell
-
Patent number: 9088580Abstract: For a particular request to access a resource, both a user associated with the request and a service through which the request is made are identified. Whether requested access to a resource is permitted is determined based on a user associated with the requested access and a service through which the access is requested. This determination can be made based on an access control entry of an access control list corresponding to the resource, the access control entry identifying access to the resource that is permitted to the user when accessing the resource through the service.Type: GrantFiled: December 31, 2009Date of Patent: July 21, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Sunil P. Gottumukkala, Thomas C. Jones, Sunil S. Kadam
-
Patent number: 9058491Abstract: A system may include a host that may include a processor coupled to a non-volatile memory over a secure communication protocol. As a result, prior to release for manufacturing, a binding code may be established between the host and the non-volatile memory. In some embodiments, this binding code may be stored on the non-volatile memory and not on the host. Then during a boot up of the system, the boot up process may be initiated by the host using code associated with the host, followed by secure booting using the secure protocol using code stored on the non-volatile memory.Type: GrantFiled: March 26, 2009Date of Patent: June 16, 2015Assignee: MICRON TECHNOLOGY, INC.Inventor: Brent Ahlquist
-
Patent number: 9059910Abstract: Various example embodiments are disclosed herein. According to an example embodiment, a method may include receiving by a second computer a customization application, the customization application including a control panel to establish user preferences for a user account of the cloud-based service and/or system settings for the first computer; receiving by the second computer an input to the customization application to establish one or more user preferences for the user account and/or one or more system settings for the first computer; and transmitting from the second computer to a server associated with the cloud-based service the one or more user preferences and a username for the user account and/or the system settings for the first computer.Type: GrantFiled: August 15, 2014Date of Patent: June 16, 2015Assignee: Google Inc.Inventors: Kan Liu, John Nicholas Jitkoff
-
Patent number: 9032485Abstract: The disclosure provides an anchor authenticator relocation method and system. The method includes: after an old authenticator accepts an anchor authenticator relocation request of a Mobile Station (MS), a new authenticator sends an authenticator relocation request to an AAA server; when the AAA server's verification on the new authenticator is passed and the old authenticator confirms that the new authenticator is trusted, the anchor authenticator is relocated to the new authenticator. The disclosure provides a detailed solution to perform anchor authenticator relocation without re-authentication.Type: GrantFiled: December 31, 2010Date of Patent: May 12, 2015Assignee: ZTE CorporationInventors: Li Chu, Ge Zhu, Chengyan Feng, Hongyun Qu, Ling Xu
-
Patent number: 9021607Abstract: A first user may provide protected content to a second user. The user accesses the rights required by the protected content and the rights held by the second user. If the rights of the second user are equal or greater to those required by the protected content, the first user may then provide the protected content to the second user. Additionally, methods and systems for presenting information regarding multiple categories of content are provided. In addition, methods and systems that suggest activities by a user in relation to content and determined affinity for content in relation to user contacts are provided. A user interface application is provided that operates to display status and/or historical information regarding content, suggested activities, and suggested contacts. The user can interact with the interface to access detailed information and to act on suggestions.Type: GrantFiled: June 29, 2011Date of Patent: April 28, 2015Assignee: Avaya Inc.Inventor: David L. Chavez
-
Patent number: 8995663Abstract: Disclosed is a method for implementing an encryption engine, which includes: when an engine binding interface is called, a hardware encryption engine establishes a connection with a hardware encryption equipment, acquires an algorithm list of said equipment, and fills a first data structure; when a key initialization interface is called, said engine, according to the transmitted first data structure, sets an encryption/decryption algorithm to be used by said equipment, and retrieves a corresponding algorithm key; and if no algorithm key is retrieved, said engine controls said equipment to create said algorithm key; when a data encryption/decryption interface is called, said engine, according to the currently set encryption/decryption algorithm and said algorithm key, controls said equipment to perform an encryption/decryption operation on the transmitted data. The present invention can add or extend the encryption/decryption algorithm that can only be implemented in hardware to a software algorithm library.Type: GrantFiled: March 29, 2011Date of Patent: March 31, 2015Assignee: Feitian Technologies Co., Ltd.Inventors: Zhou Lu, Huazhang Yu
-
Patent number: 8995274Abstract: Mechanisms for controlling traffic on a communication network are described. The mechanisms can be implemented, for example, using signaling messages. For example, a receiver can send a permission message to allow the sender to send a given amount of data along a particular path. As another example, a sender can send a query message indicating a volume of data that has been sent since the sender received a permission message. Upon receiving the query message, a receiver (or another device such as a router, etc.) can detect an attack by comparing the volume of data in the query message with the volume of data that has been received by the receiver. Upon detecting an attack, the receiver can drop unauthorized packets or request the sender to use a security protocol (e.g., IPsec AH) when transmitting data packets and/or change the path of the data flow (e.g., using multi-homing).Type: GrantFiled: July 2, 2009Date of Patent: March 31, 2015Assignee: The Trustees of Columbia University in the City of New YorkInventors: Se Gi Hong, Henning Schulzrinne
-
Patent number: 8984296Abstract: A method for device driver self authentication is provided. The method includes accessing a device driver having encrypted authentication parameters therein including, for instance, a vendor identification, a device identification, a serial number, an expiration date and a filename. The method includes executing an authentication portion of the device driver to generate a message digest of these parameters and comparing the message digest to a stored digest for a match thereof. The method further includes loading the device driver only if the authentication portion successfully authenticates the device driver, e.g., there is a match. The method can be applied to USB device drivers and peripherals.Type: GrantFiled: March 29, 2009Date of Patent: March 17, 2015Assignee: Cypress Semiconductor CorporationInventor: David W. Young
-
Patent number: 8966658Abstract: Systems, methods, and program products are provided for selectively restricting the transmission of copy protected digital media content from a computer system, over a network, and to a remote display. In one embodiment, a method includes the steps of capturing digital media content rendered on the local display by a media player application executed by the computer system; determining whether the media player application is accessing copy protected digital media content; and, if the media player application is not accessing copy protected digital media content, converting the captured digital media content to a media stream and transmitting the media stream over a network for presentation on a remote display.Type: GrantFiled: February 15, 2013Date of Patent: February 24, 2015Assignees: Sling Media PVT Ltd, Sling Media, Inc.Inventors: Arun L. Gangotri, Alexander Gurzhi
-
Patent number: 8966627Abstract: There are provided a method and apparatus for defending a Distributed Denial-of-Service (DDoS) attack through abnormally terminated sessions. The DDoS attack defending apparatus includes: a session tracing unit configured to parse collected packets, to extract header information from the collected packets, to trace one or more abnormally terminated sessions corresponding to one of pre-defined abnormally terminated session cases, based on the header information, and then to count the number of the abnormally terminated sessions; and an attack detector configured to compare the number of the abnormally terminated sessions to a predetermined threshold value, and to determine whether a DDoS attack has occurred, according to the results of the comparison. Therefore, it is possible to significantly reduce a false-positive rate of detection of a DDoS attack and the amount of computation for detection of a DDoS attack.Type: GrantFiled: September 12, 2012Date of Patent: February 24, 2015Assignee: Electronics and Telecommunications Research InstituteInventor: Seung Yong Yoon
-
Patent number: 8938013Abstract: A processing module encodes data into a plurality of sets of encoded data slices in accordance with first error coding dispersal storage function parameters optimized for data recovery speed and non-optimal for data recovery reliability. The processing module encodes priority data segments of the data in accordance with second error coding dispersal storage function parameters to produce a plurality of sets of priority encoded data slices optimized for data recovery reliability and non-optimal for data recovery speed. The module outputs the plurality of sets of encoded data slices and the plurality of sets of priority encoded data slices to a dispersed storage network memory for storage therein.Type: GrantFiled: December 31, 2010Date of Patent: January 20, 2015Assignee: Cleversafe, Inc.Inventors: Gary W. Grube, Timothy W. Markison
-
Patent number: 8925103Abstract: A mobile terminal supporting dual operating systems and an authentication method thereof. The mobile terminal includes a memory configured to store at least two different operating systems configured to act in at least two different modes, respectively, and a controller configured to perform an authentication procedure for authenticating that one mode can be switched to the other mode, and to display a type identifier only in one group identifier corresponding to a currently activated mode among the at least two different operating systems.Type: GrantFiled: June 16, 2011Date of Patent: December 30, 2014Assignee: LG Electronics Inc.Inventors: Dongwoo Kim, Heejung Bae, Ki Seo Kim, Hyehyun Kim, Jooyong Lee, Hyunah Cho
-
Patent number: 8917872Abstract: Systems, methods, and machine-readable and executable instructions are provided for encryption key storage. Encryption key storage may include associating each of a plurality of identifiers with a different one of a plurality of key fragment stores, determining a plurality of indexes, where each of the plurality of indexes is based upon a handle provided by a customer, an authorization token provided by the customer, and a different one of the plurality of identifiers, partitioning an encryption key provided by the customer into a number of encryption key fragments, and distributing the plurality of indexes and the number of encryption key fragments to the plurality of key fragment stores. The handle can be a uniform resource identifier, for instance.Type: GrantFiled: July 6, 2011Date of Patent: December 23, 2014Assignee: Hewlett-Packard Development Company, L.P.Inventors: Jun Li, Ram Swaminathan, Sharad Singhal