Patents Examined by Viral Lakhia
  • Patent number: 9965618
    Abstract: Disclosed are various embodiments for reducing privileges for imported software packages, such as software libraries. Trusted code is received that is configured to use untrusted code. A wrapper is generated for the untrusted code. The trusted code is reconfigured to use the wrapper. The wrapper is configured to invoke the untrusted code with reduced privileges as compared to the trusted code.
    Type: Grant
    Filed: August 27, 2015
    Date of Patent: May 8, 2018
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 9967273
    Abstract: Aspects of an abuse detection system for a web service include an abuse detection engine executing on a server. The abuse detection engine includes a pre-processing module for aggregating a data set for processing and analysis; a suspiciousness test module for identifying suspicious content owners and suspicious users; a graphing module for finding connections between suspicious content owners and suspicious users; an analysis module for determining which groups are constituted of fraudulent or abusive accounts; and a notification generation and output module for generating a list of abusive entities and a notification for output to at least one of: the abusive entity, a digital content distribution company associated with the abusive entity, and a legal department or other entity for further investigation or action. Additionally, royalties for content consumptions associated with abusive accounts may be held.
    Type: Grant
    Filed: June 15, 2015
    Date of Patent: May 8, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.
    Inventors: Victor Cazin, Nicolas Rival
  • Patent number: 9954844
    Abstract: A method including determining, by a processing device, whether a computer system is able to access an authentication server, in response to determining that the computer system is able to access the authentication server, requesting a first set of credentials, authenticating the first set of credentials, assigning a user a first role for performing operations on the computer system in view of the first set of credentials, and in response to determining that the computer system is unable to access the authentication server, requesting a second set of credentials different from the first set of credentials, authenticating one or more credentials provided by the user, and assigning the user a second role for performing operations on the computer system in view of the one or more credentials, wherein the first role specifies a first type of access to at least one object on the computer system, and the second role specifies a second type of access to the at least one object, wherein the first type of access is di
    Type: Grant
    Filed: January 28, 2015
    Date of Patent: April 24, 2018
    Assignee: Red Hat, Inc.
    Inventor: Dmitri V. Pal
  • Patent number: 9946879
    Abstract: Disclosed are various embodiments for establishing risk profiles for software packages that have an insufficient security history. A security history for a software package is received. It is determined that the security history does not meet a sufficiency threshold. One or more other software packages are identified that are similar to the software package and have a corresponding security history that meets the sufficiency threshold. A risk profile of the software package is generated based at least in part on the corresponding security history of the other software package(s).
    Type: Grant
    Filed: August 27, 2015
    Date of Patent: April 17, 2018
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 9942042
    Abstract: A digitally signed authentication assertion is generated in response to successful authentication of a current user of a user device by using a signing key that is uniquely assigned to the authenticator process to digitally sign a document indicating that the current user of the user device was successfully authenticated on the user device. The signing key uniquely assigned to the authenticator process is stored in a key container associated with the user device, and the key container is located on a key container server that is physically separate from the user device. The digitally signed authentication assertion is conveyed from the authenticator process to an authentication service, in order to securely indicate to the authentication service that the current user of the user device has been verified as an authentic user by the authenticator process.
    Type: Grant
    Filed: March 18, 2016
    Date of Patent: April 10, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Lawrence N. Friedman, Kayvan Alikhani
  • Patent number: 9940455
    Abstract: In one aspect of the present description, operations are described for detecting whether programming code of a first computer program has been modified by a second computer program. In one embodiment, the modification detecting includes registering a first section of programming code of the first computer program in a first registry data structure. To detect a modification, the registered first section of programming code may be validated. In one embodiment, the validating includes comparing the section of programming code actually located at the first memory address to the registered first section of programming code. In another aspect, various selectable remedial actions may be taken upon detecting modification of programming code of the first computer program. Other features and aspects may be realized, depending upon the particular application.
    Type: Grant
    Filed: February 25, 2015
    Date of Patent: April 10, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Philip R. Chauvet, Joseph V. Malinowski, David C. Reed, Max D. Smith
  • Patent number: 9917851
    Abstract: A variety of techniques are disclosed for detection of advanced persistent threats and similar malware. In one aspect, the detection of certain network traffic at a gateway is used to trigger a query of an originating endpoint, which can use internal logs to identify a local process that is sourcing the network traffic. In another aspect, an endpoint is configured to periodically generate and transmit a secure heartbeat, so that an interruption of the heartbeat can be used to signal the possible presence of malware. In another aspect, other information such as local and global reputation information is used to provide context for more accurate malware detection.
    Type: Grant
    Filed: April 28, 2014
    Date of Patent: March 13, 2018
    Assignee: Sophos Limited
    Inventor: Kenneth D. Ray
  • Patent number: 9860154
    Abstract: An improved method and system for processing network metadata is described. Network metadata may be processed by dynamically instantiated executable software modules which make policy-based decisions about the character of the network metadata and about presentation of the network metadata to consumers of the information carried by the network metadata. The network metadata may be type classified and each subclass within a type may be mapped to a definition by a unique fingerprint value. The fingerprint value may be used for matching the network metadata subclasses against relevant policies and transformation rules. For template-based network metadata such as NetFlow v9, an embodiment of the invention can constantly monitor network traffic for unknown templates, capture template definitions, and informs administrators about templates for which custom policies and conversion rules do not exist.
    Type: Grant
    Filed: January 22, 2016
    Date of Patent: January 2, 2018
    Assignee: NETFLOW LOGIC CORPORATION
    Inventors: Igor Balabine, Alexander Velednitsky
  • Patent number: 9811869
    Abstract: A system, method, server processing system, and computer program product for operating a registry. In one aspect, the server processing system is configured to: receive, from a user processing system in data communication with the server processing system, document data relating to an entity; receive, from the user processing system, access data indicative of an accessing party to be provided access to the document data if a defined trigger event occurs; store, in a data store associated with the server processing system, a registry for the entity indicative of the document data and the access data; determine that a defined trigger event has occurred; and in response to determining that that a defined trigger event has occurred, provide the accessing party read-only access to the document data via an access processing system in data communication with the server processing system.
    Type: Grant
    Filed: October 25, 2012
    Date of Patent: November 7, 2017
    Assignee: YDF Global Party Ltd.
    Inventors: Jamie Robert Wilson, Craig Steven Wright
  • Patent number: 9807600
    Abstract: Methods and apparatuses that enroll a wireless device into an enterprise service with a management server addressed in a management profile are described. The enrollment may grant a control of configurations of the wireless device to the management server via the management profile. In response to receiving a notification from the management server, a trust of the notification may be verified against the management profile. If the trust is verified, a network session may be established with the management server. The network session may be secured via a certificate in the management profile. Management operations may be performed for management commands received over the secure network session to manage the configurations transparently to a user of the wireless device according to the control.
    Type: Grant
    Filed: May 4, 2015
    Date of Patent: October 31, 2017
    Assignee: Apple Inc.
    Inventors: Gordie Freedman, David Rahardja
  • Patent number: 9774605
    Abstract: Controlling access to a computing system. An escalation request is received for performing a protected activity on the computing system by a user not authorized to perform the protected activity. At least one activity indicator being indicative of a skill required to perform the protected activity is retrieved. At least one user indicator being indicative of the skill possessed by the user is retrieved. An indication of a capability of the user to perform the protected activity according to a comparison between the at least one activity indicator and the at least one user indicator is determined. A temporary authorization for performing the protected activity to the user according to the capability thereof is granted or denied. The temporary authorization lasts for a limited time window.
    Type: Grant
    Filed: August 27, 2015
    Date of Patent: September 26, 2017
    Assignee: International Business Machines Corporation
    Inventors: Gianluca Della Corte, Alessandro Donatelli, Antonio M. Sgro
  • Patent number: 9762596
    Abstract: In some embodiments, heuristic botnet detection is provided. In some embodiments, heuristic botnet detection includes monitoring network traffic to identify suspicious network traffic; and detecting a bot based on a heuristic analysis of the suspicious network traffic behavior using a processor, in which the suspicious network traffic behavior includes command and control traffic associated with a bot master. In some embodiments, heuristic botnet detection further includes assigning a score to the monitored network traffic, in which the score corresponds to a botnet risk characterization of the monitored network traffic (e.g., based on one or more heuristic botnet detection techniques); increasing the score based on a correlation of additional suspicious behaviors associated with the monitored network traffic (e.g., based on one or more heuristic botnet detection techniques); and determining the suspicious behavior is associated with a botnet based on the score.
    Type: Grant
    Filed: August 14, 2015
    Date of Patent: September 12, 2017
    Assignee: Palo Alto Networks, Inc.
    Inventors: Xinran Wang, Huagang Xie
  • Patent number: 9749133
    Abstract: A method of secure communication in a transmitter, includes determining a method of generating a training sequence that is shared with a receiver. The method further includes generating the training sequence based on the method of generating the training sequence, and secret information. The method further includes communicating with the receiver based on channel information derived from the training sequence.
    Type: Grant
    Filed: June 25, 2013
    Date of Patent: August 29, 2017
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Mi Suk Huh, Jong Bu Lim, Kyung Hun Jang
  • Patent number: 9712531
    Abstract: A method of detecting, verifying, preventing and correcting or resolving unauthorized use of electronic media content. In one embodiment, the method comprises providing an electronic system that allows auditors to register to audit the use of electronic media content, providing the auditors with information through the electronic system regarding a unique identifier that identifies one or more items of electronic media content, owners of electronic media content or other intellectual property or users who have subscribed to the use of electronic media content, obtaining information from auditors through the electronic system regarding unauthorized use of the electronic media content and verifying that the information received from auditors is complete.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: July 18, 2017
    Inventors: Wayne D Lonstein, Julie C Lonstein
  • Patent number: 9712490
    Abstract: An intrusion detection system (“IDS”) device is described that includes a flow analysis module to receive a first packet flow from a client and to receive a second packet flow from a server. The IDS includes a forwarding component to send the first packet flow to the server and the second packet flow to the client and a stateful inspection engine to apply one or more sets of patterns to the first packet flow to determine whether the first packet flow represents a network attack. The IDS also includes an application identification module to perform an initial identification of a type of software application and communication protocol associated with the first packet flow and to reevaluate the identification of the type of software application and protocol according to the second packet flow. The IDS may help eliminate false positive and false negative attack identifications.
    Type: Grant
    Filed: October 15, 2012
    Date of Patent: July 18, 2017
    Assignee: Juniper Networks, Inc.
    Inventors: Bryan Burns, Siying Yang, Julien Sobrier
  • Patent number: 9705857
    Abstract: Examples disclosed herein include methods, systems, and devices to help a UE to securely output a copy of a security key stored on the UE. According to examples, a UE receives a test security key from a provider. Based on the received test security key, the UE computes a test result, and then the UE transmits the computed test result to a network authentication system. The UE receives from the network authentication system a response indicating a match between the computed test result and a test result computed by the network authentication system. Based on the received response indicating the match, the UE outputs a copy of the security key stored in the UE to the provider.
    Type: Grant
    Filed: October 10, 2014
    Date of Patent: July 11, 2017
    Assignee: Sprint Spectrum L.P.
    Inventors: Gary Koller, Mark Peden, Raymond Reeves, Simon Youngs
  • Patent number: 9690934
    Abstract: The disclosed computer-implemented method for protecting computing devices from imposter accessibility services may include (1) registering a security application with the computing device as an accessibility service that has special permissions on the computing device that are not available to other applications, (2) ensuring that the security application is the first registered accessibility service on the computing device, and (3) performing, by the security application, a security action after ensuring that the security application is the first registered accessibility service. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: August 27, 2015
    Date of Patent: June 27, 2017
    Assignee: Symantec Corporation
    Inventor: Ramakrishnan Meenakshi Sundaram
  • Patent number: 9692603
    Abstract: A mobile device obtains an encryption key pair, including a public key and a private key, and engages in a process, that uses the private key, for requesting a digital certificate from a Public Key Infrastructure (PKI) Certificate Authority. The mobile device receives a digital certificate signed by the PKI Certificate Authority, and obtains, via a biometric input unit device, biometric data related to an identity of a user of the device. The mobile device derives a password using the biometric data, and stores, and password protects using the derived password, the public key, the private key, and the digital certificate in a secure key store.
    Type: Grant
    Filed: June 15, 2015
    Date of Patent: June 27, 2017
    Assignee: VERIZON PATENT AND LICENSING INC.
    Inventors: Mauricio Pati Caldeira de Andrada, Manuel Enrique Caceres
  • Patent number: 9688244
    Abstract: A destination request may specify a destination location for an autonomous vehicle identified by a vehicle identifier. The request may be for uniqueness of a timestamp of the destination request. An encrypted payload of the request may be decrypted to identify the destination location using a long key associated with the vehicle identifier and indexed to a key offset determined using the timestamp. A driving command may be sent to the autonomous vehicle specifying the destination location.
    Type: Grant
    Filed: June 15, 2015
    Date of Patent: June 27, 2017
    Assignee: Ford Global Technologies, LLC
    Inventors: Douglas Raymond Martin, Mark Anthony Rockwell
  • Patent number: 9679152
    Abstract: A method implemented on an augmented reality (AR) electronic device includes initiating a security access code software application on the AR electronic device. A user of the AR electronic device is identified. A first electronic computing device at or near a current location of the user is identified. The first electronic computing device is an input device for entry of a security code to permit access to a protected asset. A determination is made as to whether the user is authorized to access the protected asset. When a determination is made that the user is authorized to access the protected asset, a security access code is displayed on the AR electronic device. The security access code permits the user to access the protected asset via the first electronic computing device.
    Type: Grant
    Filed: July 24, 2014
    Date of Patent: June 13, 2017
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Brian Michael Young, Kourtney Eidam