Patents Examined by Venkat Perungavoor
  • Patent number: 10298548
    Abstract: An apparatus for data replication is disclosed. A method and computer program product also perform the functions of the apparatus. In one embodiment, an apparatus includes a read module configured to read into a communication buffer, from a persistent storage volume, a first file that is encrypted with file-level encryption without decrypting the first file. In certain embodiment, the apparatus also includes a write module configured to write data from a second file from the communication buffer, that is received from a source device and that is encrypted with file-level encryption, to the persistent storage volume without decrypting the second file.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: May 21, 2019
    Assignee: International Business Machines Corporation
    Inventors: Hiroshi Araki, Shah M. R. Islam, Hiroyuki Miyoshi
  • Patent number: 10298562
    Abstract: Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs.
    Type: Grant
    Filed: March 9, 2017
    Date of Patent: May 21, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Bin Benjamin Zhu, Min Feng
  • Patent number: 10291584
    Abstract: A network device may determine a plurality of reputation indicators that indicate a measure of reputation associated with the flow. A first reputation indicator, of the plurality of reputation indicators, may be determined based on applying a first reputation analysis technique in association with the flow. A second reputation indicator, of the plurality of reputation indicators, may be determined based on applying a second reputation analysis technique in association with the flow. The second reputation analysis technique may be different from the first reputation analysis technique. The network device may determine a reputation score for the flow based on the plurality of reputation indicators. The network device may prioritize the flow based on the reputation score.
    Type: Grant
    Filed: March 28, 2016
    Date of Patent: May 14, 2019
    Assignee: Juniper Networks, Inc.
    Inventors: Srinivas Koripella, Anil Kumar Reddy Sirigiri
  • Patent number: 10291586
    Abstract: Techniques and devices for circumventing wireless data monitoring in communications between a communication device and a proxy server, as well as systems and techniques for detecting and resolving vulnerabilities in wireless data monitoring systems are described herein. The techniques for circumventing wireless data monitoring may include manipulating a routing table of a communication device, encapsulating data in an unmonitored protocol, and transmitting the encapsulated data in a “bearer,” or communications channel, to a proxy server that fulfills requests included in the encapsulated data. Furthermore, the techniques for detecting and resolving network vulnerabilities may include restricting protocols by bearers in an Access Control List, limiting a bandwidth of a bearer, or protecting a routing table in a secure location of the communication device.
    Type: Grant
    Filed: October 30, 2017
    Date of Patent: May 14, 2019
    Assignee: T-Mobile USA, Inc.
    Inventors: Yunhan Jia, Jong Sung Yoon, Jie Hui, Samson Kim-Sun Kwong, Kevin Lau, Salvador Mendoza, Zhuoqing Morley Mao
  • Patent number: 10284375
    Abstract: Techniques for a trust service for a client device are described. In various implementations, a trust service is implemented remotely from a client device and provides various trust-related functions to the client device. According to various implementations, communication between a client device and a remote trust service is authenticated by a client identifier (ID) that is maintained by both the client device and the remote trust service. In at least some implementations, the client ID is stored on a location of the client device that is protected from access by (e.g., is inaccessible to) device components such as an operating system, applications, and so forth. Thus, the client ID may be utilized to generate signatures to authenticate communications between the client device and the remote trust service.
    Type: Grant
    Filed: July 19, 2017
    Date of Patent: May 7, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Stefan Thom, Ronald Aigner, Dennis J. Mattoon, Stuart H. Schaefer, Merzin Kapadia, Robert Karl Spiger, David R. Wooten, Paul England
  • Patent number: 10285051
    Abstract: A system and method for securing communication across an in-vehicle bus, includes establishing a connection between a gateway in a vehicle and the in-vehicle bus; generating a session key at the gateway within the vehicle; transmitting a public key certificate and ephemeral key to the gateway and an electronic control unit of the vehicle; generating a shared secret at the gateway and the electronic control unit, respectively; encrypting the session key with the shared secret at the gateway; receiving the encrypted session key through the in-vehicle bus at the electronic control unit; and decrypting the encrypted session key based on the shared secret generated at the electronic control unit.
    Type: Grant
    Filed: September 20, 2016
    Date of Patent: May 7, 2019
    Assignees: 2236008 Ontario Inc., Certicom Corp.
    Inventors: James Robert Alfred, Sergei Sidorov, Ming Chee Tsang, Scott Lee Linke
  • Patent number: 10277579
    Abstract: There are provided a beacon authentication API that obtains identification information of a terminal and performs authentication if a resource is provided to an application of a terminal via network and if the terminal receives a beacon transmitted from a beacon transmitter, and an authorization API that issues an authorization token if the authentication is performed by the beacon authentication API, wherein the authorization API verifies whether or not the authorization token is valid if there is a call request of the resource by using the authorization token from the terminal, and wherein the beacon authentication API permits the application to use the resource in accordance with the content of an event based on the beacon if the authorization token is verified to be valid.
    Type: Grant
    Filed: December 17, 2015
    Date of Patent: April 30, 2019
    Inventor: Kotaro Matsuda
  • Patent number: 10270760
    Abstract: Services from domainless machines are made available in a security domain under a virtual name. Each machine is not joined to the domain but can reach a security domain controller. The controller controls at least one security domain using an authentication protocol, such as a modified Kerberos protocol. One obtains a set of security domain credentials, generates a cluster name secret, gives the cluster a virtual name, and authenticates the machines to the domain controller using these items. In some cases, authentication uses a ticket-based protocol which accepts the cluster name secret in place of a proof of valid security domain membership. In some, the domain controller uses a directory service which is compatible with an active directory service; the cluster virtual name is provisioned as an account in the directory service. The cluster virtual name may concurrently serve clients on different security domains of the directory service.
    Type: Grant
    Filed: October 5, 2017
    Date of Patent: April 23, 2019
    Assignee: Microsoft Tehnology Licensing, LLC
    Inventors: Sai Sudhir Anantha Padmanaban, Lokesh Srinivas Koppolu, Andrea D'Amato, Yi Zeng
  • Patent number: 10270742
    Abstract: A method is provided for redirecting signed code images. The method includes the steps of receiving a code image from an origin device at a proxy machine, invoking a code signing client at the proxy machine, receiving signing request information indicating a requested cryptographic operation, sending a code signing request to a code signing server, receiving a signed code image at the code signing client from the code signing server, storing the signed code image in a restricted memory, invoking a software repository client at the proxy machine, and sending the signed code image from the restricted memory location to a software repository.
    Type: Grant
    Filed: March 28, 2016
    Date of Patent: April 23, 2019
    Assignee: ARRIS Enterprises LLC
    Inventors: Tat Keung Chan, Alexander Medvinsky, Ali Negahdar
  • Patent number: 10264021
    Abstract: Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced). As the AppliedTo tuples of the firewall rules can refer to dynamically modifiable constructs, the application of the AppliedTo firewall rules (i.e., rules that are specified to include an AppliedTo tuple) can be dynamically adjusted for different locations within a network by dynamically adjusting the membership of these modifiable constructs.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: April 16, 2019
    Assignee: NICIRA, INC.
    Inventors: Kaushal Bansal, Uday Masurekar, Aravind Srinivasan, Shadab Shah, Serge Maskalik
  • Patent number: 10248780
    Abstract: A device to secure an object receives a digital file representing a photograph as an input. The photogram represents at least one portion of the object. An encoder of the device encodes characteristic elements of the photograph into a matrix code. The device further includes a printer to print the matrix code on or in the object. The photograph can represent biometric data of a person, which are also visible on the object. An image sensor can be used to input the digital file representing the photograph and is configured to take an image of the object on which the matrix code is printed.
    Type: Grant
    Filed: February 6, 2015
    Date of Patent: April 2, 2019
    Inventors: Jean-Pierre Massicot, Alain Foucou, Zbigniew Sagan
  • Patent number: 10243963
    Abstract: The disclosed computer-implemented method for generating device-specific security policies for applications may include (1) installing, onto a computing device, an application requested by the computing device, (2) while the application is running on the computing device, monitoring interactions between the application and a computing environment in which the computing device operates to identify (A) computing resources within the computing environment required by the application and (B) potential security concerns related to the application within the computing environment, and then (3) generating, based on the monitored interactions, a set of device-specific security policies to enforce for the application while the application runs on the computing device that allow the application to access the required computing resources while mitigating the potential security concerns. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 18, 2015
    Date of Patent: March 26, 2019
    Assignee: Symantec Corporation
    Inventors: Azzedine Benameur, Nathan Evans, Yun Shen
  • Patent number: 10229249
    Abstract: A method and apparatus are disclosed for distributing content items to a handheld device using a personal computer. A user can browse and select content using a personal computer or other computer that may be more readily available or more convenient to use than the handheld device. The personal computer can communicate with a web server which receives the user's request for content to be distributed to the handheld device. The web server can retrieve configuration information pertaining to the handheld device and communicate with a content server to determine whether the user's request for content distribution is valid based on information identifying the handheld device and at least some of the configuration information pertaining to the handheld device. The content server can transmit the requested content item to the handheld device if the user's request is valid and if the handheld device is able to receive the content item.
    Type: Grant
    Filed: October 2, 2015
    Date of Patent: March 12, 2019
    Assignee: Google LLC
    Inventors: Jonathan Brunsman, David P. Conway, Pierre Delisle, Ficus Kirkpatrick, Paul Montoy-Wilson, Michael Morrissey, Christian Sonntag, Juliana Tsang, Mark Womack, Peisun Wu
  • Patent number: 10223518
    Abstract: The disclosure provided herein includes a multi-step authentication process to unlock a portable electronic device. To unlock the device, a user can use a touch screen on the device to select an access category, to select an access subcategory, and to enter an access subcategory value. The access subcategory can depend on the access category, making them logically related. The access subcategory value can be a value that corresponds to the selected access category and subcategory. The multi-step authentication or unlocking process can advantageously be easy to remember because the pieces of information to be provided are logically related to one another. In addition, the multi-step authentication or unlocking process can be difficult to guess as each step in the process decreases the chances an unwanted person or system correctly guesses the correct values for each step.
    Type: Grant
    Filed: April 3, 2017
    Date of Patent: March 5, 2019
    Assignee: Light Cone Corp.
    Inventor: Curtis Lewis
  • Patent number: 10225284
    Abstract: Techniques of obfuscation for enterprise data center services are disclosed. In one embodiment, the techniques may be realized as a system for obfuscation comprising one or more processors. The one or more processors may be configured to receive a command from at least one of a user and an application and determine whether the command is authorized. If the command is determined to be unauthorized, the one or more processors may be further configured to generate a rewritten output of the command that is different from an original output of the command and return the rewritten output in response to the command.
    Type: Grant
    Filed: November 25, 2015
    Date of Patent: March 5, 2019
    Inventors: Nathan S. Evans, Azzedine Benameur, Yun Shen
  • Patent number: 10204222
    Abstract: A method and system to verify active content at a server system include receiving, at the server system a communication (e.g., an e-mail message or e-commerce listing) that includes active content that is to be made accessible via the server system. At the server system, the active content is rendered to generate rendered active content. The rendered active content presents a representation of information and processes to which an end user will be subject. At the server system, the rendered active content is verified as not being malicious.
    Type: Grant
    Filed: August 9, 2017
    Date of Patent: February 12, 2019
    Assignee: PAYPAL, INC.
    Inventors: Chris Lalonde, Andrew Millard Brown, Mathew Gene Henley, Quang D. Pham, Kevin Black
  • Patent number: 10205716
    Abstract: An information processing system includes a terminal apparatus and an information processing apparatus that is connected to the terminal apparatus via a network. The terminal apparatus includes a storage unit configured to store a first application program configured to provide another application program executed in the terminal apparatus with an interface for transmitting request information to the information processing apparatus, wherein the first application program includes authentication information for using the information processing apparatus, and a second application program configured to transmit the request information including identification information of an application program to the information processing apparatus in response to a predetermined user's operation, wherein the identification information of the application program is recorded in the second application program.
    Type: Grant
    Filed: September 14, 2016
    Date of Patent: February 12, 2019
    Assignee: Ricoh Company, Ltd.
    Inventor: Taichi Watanabe
  • Patent number: 10198752
    Abstract: Systems and methods are disclosed for protecting user privacy in, for example, online advertising environments. The method includes receiving data related to a user in a first communication session between a host server and a client device, and generating a user profile associated with the user. The method further may include encrypting the user profile to produce encrypted user profile data and generating a decryption key for decrypting the encrypted user profile data. Thereafter, either the decryption key or a portion of the encrypted user profile data may be transmitted to the client device and then deleted from host server before ending the first communication session. The method further may include establishing a second communication session between the host server and the client device and retrieving the transmitted content. Then targeted advertising may be provided by decrypting the encrypted user profile data.
    Type: Grant
    Filed: December 30, 2016
    Date of Patent: February 5, 2019
    Assignee: Oath Inc.
    Inventor: Jeffrey Todd Wilson
  • Patent number: 10191679
    Abstract: A data accessing method and system for a memory storage apparatus are provided. The method includes: performing a near field communication between a memory storage apparatus and an electronic apparatus, and receiving a first password from the electronic apparatus by the memory storage device in the near field communication. The method also includes: recording the first password in a memory unit of the memory storage apparatus. The method further includes: when the memory storage apparatus is not connected to the electronic apparatus or a host in a predetermined time after the memory storage apparatus receives the first password, deleting the first password recorded in the memory unit; and when the first password recorded in the memory unit is the same as a second password in the memory storage apparatus, allowing the electronic apparatus or the host to access the memory storage apparatus by the memory storage apparatus.
    Type: Grant
    Filed: September 10, 2016
    Date of Patent: January 29, 2019
    Inventor: Chien-Fu Lee
  • Patent number: 10193788
    Abstract: A network having a nodal architecture consisting of a child/parent familial structure formed by a parenting process which creates a structure relative to each node, with descendants below, siblings beside, and a parent above. In this network, a one-to-many relationship exists from the perspective of an entity that is an ancestor to multiple descendants. Thus, a parent may have many children, who each may have multiple children themselves, but each node will only have one parent. Data packets are routed to destination nodes by propagating from one node to the next via the tree structure.
    Type: Grant
    Filed: December 18, 2015
    Date of Patent: January 29, 2019
    Inventors: Terence Davis, Andrew Milburn, Chris Paul