Patents Examined by Thomas Ho
-
Patent number: 10078751Abstract: A computer device includes hardware with a connected peripheral device such as a camera or a microphone. An operating system is configured to operate the peripheral device using a device driver and a representative device object. An agent is configured to apply security attributes to the device object which permit access from a primary user account while preventing direct access to the device object by a secondary user account in a sandbox. The agent may intercept requests made toward the device object, examine each request, and then satisfy the request, when the request is allowed, by selectively arranging access to the device object from the sandboxed secondary user account.Type: GrantFiled: April 13, 2016Date of Patent: September 18, 2018Assignee: Avecto LimitedInventors: Mark James Austin, John Goodridge
-
Patent number: 10038682Abstract: A JBoss application may allow for a distributed application hosted on a JBoss application server to connect to a hierarchical type database. Additionally, the JBoss application may communicate via IMS Connect and Open Database Manager Common Service Layers in order to retrieve the data from the IMS databases. A Java framework may be installed on the JBoss application server.Type: GrantFiled: October 12, 2015Date of Patent: July 31, 2018Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.Inventors: Manli Chan, Tapan Ganguly, Chandler C. Helmuth, Celia S. Hibbert Nelson, Gabriel A. Jimenez
-
Patent number: 10027479Abstract: According to an embodiment, a generating device includes a first key generator, a second key generator, and an output unit. The first key generator is configured to generate a first key according to a first key rule in which the first key is generated from a random number, the first key being a bit sequence. The second key generator is configured to generate a plurality of second keys according to a second key rule in which the second keys are generated from the first key, the second keys being bit sequences partly correlated to one another. The output unit is configured to output the first key and at least one of the second keys.Type: GrantFiled: January 24, 2014Date of Patent: July 17, 2018Assignee: Kabushiki Kaisha ToshibaInventors: Tsukasa Endo, Yuichi Komano, Kazuo Ohta, Mitsugu Iwamoto
-
Patent number: 10028202Abstract: A method for transmitting information is disclosed, including: writing at least a portion of the information to at least one multicast Internet Protocol (IP) address field; and transmitting at least a packet according to the at least one multicast IP address field. Even when the wireless network environment is encrypted, information can be transmitted to desired devices in the sniffer mode.Type: GrantFiled: December 16, 2014Date of Patent: July 17, 2018Assignee: MediaTek Singapore Pte. Ltd.Inventors: Dong-Bo Deng, Jian-Zhong He, Ko-Ming Chan
-
Patent number: 9965623Abstract: Systems and techniques for securing accessible computer-executable program code and systems are provided. One or more base functions may be generated and blended with existing program code, such that it may be difficult or impossible for a potential attacker to distinguish the base functions from the existing code. The systems and code also may be protected using a variety of other blending and protection techniques, such as fractures, variable dependent coding, dynamic data mangling, and cross-linking, which may be used individually or in combination, and/or may be blended with the base functions.Type: GrantFiled: March 28, 2013Date of Patent: May 8, 2018Assignee: IRDETO B.V.Inventors: Harold Johnson, Yuan Xiang Gu, Michael Wiener, Yongxin Zhou
-
Patent number: 9935958Abstract: A System that provides a secured connection between servers on the LAN and clients on the WAN comprises the LAN (which includes LAN Server and LAN Controller) and the DMZ (which includes DMZ Server and DMZ Stack Pool Service). Wherein the Client Request reaches the DMZ Server it stores it in the DMZ Stack Pool Service and the LAN Controller establishes outbound TCP based connection to the DMZ Stack Pool Service that passes the Client Connection Information to the LAN Server via the LAN Controller. Then the LAN Server then generates a connection between the Service and DMZ Server.Type: GrantFiled: February 13, 2013Date of Patent: April 3, 2018Assignee: SAFE-T DATA A.R LTD.Inventor: Amir Mizhar
-
Patent number: 9930023Abstract: Methods and systems provide indirect and temporary access to a company's IT infrastructure and business applications. The methods/systems involve establishing an access control center (ACC) to control the access that technical support personnel may have to the company's IT infrastructure and business applications. Thin client terminals with limited functionality may then be set up in the ACC for use by the technical support personnel. The thin client terminals connect the technical support personnel to workstations outside the ACC that operate as virtual desktops. The virtual desktops in turn connect the technical support personnel to the IT infrastructure and business applications. An ACC application may be used to automatically establish the connection between the thin client terminals and the virtual desktops and the virtual desktops and the IT infrastructure and business applications.Type: GrantFiled: August 31, 2015Date of Patent: March 27, 2018Assignee: United Services Automobile Associate (USAA)Inventors: Christopher Thomas Wilkinson, Edward Allen Francovich, Jeremy Ryan Scott, Steven Dale Sternitzke
-
Patent number: 9923880Abstract: Examples of techniques for authenticating mobile applications are described herein. A method includes receiving, at a first server, a key pair and a policy file associated with a mobile service on a second server, the policy file includes a plurality of security objects to be authenticated, a plurality of computing devices to authenticate the security objects, and an order of authentication. The method includes distributing the key pair and the policy file to a security device. The method also includes receiving, at the first server, an authentication request from a mobile application. The method further includes creating an authenticity challenge as specified in the policy file and sending the authenticity challenge with a response to the mobile application.Type: GrantFiled: August 4, 2015Date of Patent: March 20, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Ishai Borovoy, Iddo Levin, Haim Schneider, Gal Shachor, Artem Spector
-
Patent number: 9906513Abstract: A system includes a key repository and a network node. The key repository is configured to generate a private key and a public key of the network node, to communicate the private key and the public key to the network node, to verify whether the network node is authorized to operate on a network, to generate a first message indicating whether the network node is authorized to operate on the network, to encrypt the first message using the public key, and to communicate the encrypted first message to the network node. The network node is configured to decrypt the encrypted first message using the private key, to generate a second message based on the first message, to encrypt the second message using the private key, and to record the encrypted second message to a ledger.Type: GrantFiled: September 28, 2015Date of Patent: February 27, 2018Assignee: Bank of America CorporationInventor: Michael Wuehler
-
Patent number: 9900302Abstract: Various embodiments concern mechanisms for facilitating communication between network-accessible platforms for developing, hosting, or running hybrid applications that utilize resources hosted across multiple platforms. Hybrid applications cause messages or “calls” to be passed between the platforms that must be authenticated. For example, when a call is placed by a Heroku platform to a Force.com platform, the call must be authenticated for security purposes. If Heroku has not already been authenticated when the call is submitted, an authentication process is invoked. An event listener can be used to register details regarding the initial callout task, and then register or “fire” an event when the authentication process is successfully completed. Registration of the initial callout task completely separates the authentication process from the resource being invoked. Requests can be completed without requiring further user input using at least some of the details registered by the event listener.Type: GrantFiled: June 22, 2016Date of Patent: February 20, 2018Assignee: FinancialForce.com, inc.Inventor: Matthew D. Wood
-
Patent number: 9900295Abstract: Content on a device is encrypted and protected based on a data protection key. The protected content can then be copied to cloud storage, and from the cloud storage the protected content can be transferred to various other ones of the user's devices. A key used to retrieve plaintext content from the protected content is associated with an identifier of a particular device that provides the key, the device providing the key being the device that generated the key, or another managed device to which the protected content was transferred. A wipe command can similarly be transferred to the various ones of the user's devices, causing any keys associated with a particular device to be deleted from each of the various ones of the user's devices.Type: GrantFiled: November 5, 2014Date of Patent: February 20, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Yogesh A. Mehta, Octavian T. Ureche, Preston Derek Adam, Narendra S. Acharya
-
Patent number: 9852311Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. The data includes a plurality of characters and defines a clear data. A modified clear data with number of characters greater than the clear data is formed using the clear data, a delimiter data and a pad data. The modified clear data is anonymized to derive an anonymized data. The anonymized data is transmitted to the destination computer over a network. In one embodiment, a portion of the pad data is selected as a seed value to generate an initialization vector to anonymize the clear data.Type: GrantFiled: March 30, 2014Date of Patent: December 26, 2017Assignee: Ciphercloud, Inc.Inventors: Pravin Kothari, Debabrata Dash, Yevgeniy Kaganovich, Jing Liu
-
Patent number: 9838425Abstract: Network access control systems and methods are provided herein. A method includes receiving at a network device a SYN packet from a client device over a network, determining if the client device is a trusted source for the network using the SYN packet, if the client device is a trusted resource, receiving an acknowledgement (ACK) packet from the client device that includes identifying information for the client device plus an additional value, and identifying information for the network device, and establishing a connection with the network for the client device.Type: GrantFiled: April 24, 2014Date of Patent: December 5, 2017Assignee: A10 NETWORKS, INC.Inventors: Rajkumar Jalan, Ronald Wai Lun Szeto, Steven Wu
-
Patent number: 9838355Abstract: A method includes receiving a first analytics set performed on a first network security appliance operated internal to a first organization, receiving a second analytics set performed on a second network security appliance operated internal to a second organization, processing the first analytics set and the second analytics set, and responsive to the processing, disseminating to the second network security appliance information indicating that the second analytics set has also been performed on at least the first network security appliance, without revealing an identity of the first organization. In one embodiment at least part of the first analytics set or the second analytics set is hashed.Type: GrantFiled: September 26, 2016Date of Patent: December 5, 2017Assignee: EMC IP Holding Company LLCInventors: Yedidya Dotan, Brian P. Girardi, Marcelo Blatt, Oleg Freylafert, Kevin D. Bowers, Michael S. Shreve
-
Patent number: 9832202Abstract: A system and method for with an inmate in a privileged communication are disclosed. a communication system includes a portal subsystem that determines whether a communication should be monitored, or not, based on received information, including access information, from a first communication device. Based on the determination, the communication system bypasses a monitoring subsystem and stores and/or transmits the communication to a second communication device by way of a non-monitoring subsystem.Type: GrantFiled: June 12, 2017Date of Patent: November 28, 2017Assignee: Global Tel*Link CorporationInventor: Stephen L. Hodge
-
Patent number: 9825913Abstract: A novel method for stateful packet classification that uses hardware resources for performing stateless lookups and software resources for performing stateful connection flow handshaking is provided. To classify an incoming packet from a network, some embodiments perform stateless look up operations for the incoming packet in hardware and forward the result of the stateless look up to the software. The software in turn uses the result of the stateless look up to perform the stateful connection flow handshaking and to determine the result of the stateful packet classification.Type: GrantFiled: June 4, 2014Date of Patent: November 21, 2017Assignee: NICIRA, INC.Inventors: Jayant Jain, Anirban Sengupta, Mohan Parthasarathy, Xinhua Hong
-
Patent number: 9817959Abstract: Wearable electronic device technology is disclosed. In an example, a wearable electronic device can include a handling portion that facilitates donning the wearable electronic device on a user. The wearable electronic device can also include a user authentication sensor associated with the handling portion and configured to sense a biometric characteristic of the user while the user is donning the wearable electronic device. In addition, the wearable electronic device can include a security module to determine whether the sensed biometric characteristic indicates an authorized user of the wearable electronic device.Type: GrantFiled: June 27, 2014Date of Patent: November 14, 2017Assignee: Intel CorporationInventors: Saurabh Dadu, Swarnendu Kar
-
Patent number: 9805188Abstract: An improved CFI system and method is described that provides security from attacks to hijack computer software. The improved CFI system and method inserts two tags to execute label identification. The first tag is positioned before any instruction that would result in an indirect control flow transfer and requires the program to execute a check. The second tag is located before the first line of any legitimate transfer destination and when discovered by the tag check allows a program to carry out the indirect transfer. This tag orientation does not prevent transfers to targets other than the origin instruction's specific intended destination but limits transfers to destinations that begin with the proper label dedication. Although, an incorrect address may be called, that will be within the software program's assortment of legitimate indirect transfer targets. Attempts to exploit or reroute indirect transfers outside of the established control flow are eliminated.Type: GrantFiled: November 11, 2014Date of Patent: October 31, 2017Assignee: RunSafe Security, Inc.Inventors: Andrew Michael Wesie, Brian Sejoon Pak
-
Patent number: 9785770Abstract: The present invention discloses a method, an apparatus, and a system for triggering virtual machine introspection, so as to provide a timely and effective security check triggering mechanism. In the present invention, data that needs to be protected is determined; the data that needs to be protected is monitored; and when it is determined that the data that needs to be protected is modified, virtual machine introspection is triggered. The present invention avoids a performance loss and a security problem that are brought about by regularly starting a virtual machine introspection system to perform a security check, and therefore, the present invention is more applicable.Type: GrantFiled: December 16, 2014Date of Patent: October 10, 2017Assignee: Huawei Technologies Co., Ltd.Inventors: Bin Tu, Haibo Chen, Yubin Xia
-
Patent number: 9774598Abstract: According to an embodiment, an information processing device is connected to a management apparatus via a network. The device includes a receiver, an acquisition unit, an MKB processor, and an authentication unit. The receiver is configured to receive communication information. The acquisition unit is configured to acquire a media key block from the management apparatus, in response to receipt of the communication information from a first external device not belonging to a group previously classified on a management unit basis by the management apparatus, the first external device and the information processing device being enabled to derive a first group key based on the media key block. The MKB processor is configured to generate the group key from a device key of the information processing device and the media key block. The authentication unit is configured to perform encrypted communication with the external device based on an authentication method using the group key.Type: GrantFiled: August 26, 2014Date of Patent: September 26, 2017Assignee: Kabushiki Kaisha ToshibaInventors: Fangming Zhao, Yuichi Komano, Satoshi Ito