Patents Examined by Viral Lakhia
-
Patent number: 9473309Abstract: A system for providing security services to a mobile device where the mobile device is in communication with a public network through a first network path that is subject to interference by a third party. The system includes a security server and a private network. The security server is operative to communicate with the mobile device through the private network. The security server is also operative to communicate with the public network through a second network path that is less susceptible to the interference by the third party than is the first network path. The security server communicates with the public network through the second network path to provide security services to the mobile device that are delivered over the private network.Type: GrantFiled: March 11, 2013Date of Patent: October 18, 2016Assignees: BlackBerry Limited, Certicom Corp.Inventors: Sean Alexander Courtney, Matthew John Campagna, George Ross Staikos, Alexander Truskovsky
-
Patent number: 9465927Abstract: Techniques are disclosed for validating input on a handheld device. In response to receiving an input and a request to access a computing resource, an application running on the handheld device may collect data from one or more sensors of the handheld device. The application may then determine, based on the collected sensor data, if an individual is interacting with the device and recognize the input as valid if such is the case. In one embodiment, the application may present a challenge to a user which is difficult for computer programs to perform, and determine whether an individual is interacting with the device based on successful completion of the challenge. In an alternative embodiment, the application may collect data and determine whether an individual is interacting with the device without presenting an explicit challenge to the user.Type: GrantFiled: October 2, 2012Date of Patent: October 11, 2016Assignee: Disney Enterprises, Inc.Inventors: Steven Makofsky, Paul Cutsinger
-
Patent number: 9454740Abstract: Embodiments of the present invention provide apparatus, method and/or computer program products for monitoring internet activity. In some method embodiments, a network is searched to detect network data indicative of actual and/or potential contact with a child. A report is generated that identifies a source of detected data and the report is sent to a responsible party.Type: GrantFiled: June 12, 2012Date of Patent: September 27, 2016Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.Inventor: John Ruckart
-
Patent number: 9455827Abstract: According to an embodiment, a communication apparatus includes a cryptographic key storage, a transmitter, a receiver, and a sharing controller. The cryptographic key storage stores therein one or more cryptographic keys shared with an external device. The transmitter transmits specifying information that specifies at least one of the cryptographic keys to the external device. The receiver receives determination information that indicates a result of determination, which is made by the external device based on the specifying information, on whether the shared cryptographic key is consistent between the apparatus and the external device. When receiving the determination information indicating that the shared cryptographic key is inconsistent between the apparatus and the external device, the sharing controller deletes the cryptographic key specified by the specifying information from the cryptographic key storage.Type: GrantFiled: July 31, 2014Date of Patent: September 27, 2016Assignee: Kabushiki Kaisha ToshibaInventors: Yoshimichi Tanizawa, Hideaki Sato, Ririka Takahashi, Alex Dixon
-
Patent number: 9449156Abstract: An authentication process receives information identifying a user, a device used by the user and a location in which the device is being used. That authentication process determines whether the location is among a set of familiar locations stored about the user for a service being accessed. If the location is not among the set of familiar locations, then the user is not authenticated. A desirable user experience can be obtained by using information about any existing relationship, such as a synchronization relationship, between the device and the service established at a prior familiar location. Instead of challenging a user whose device is in an unfamiliar location, the authentication process determines whether the device has a relationship established with the service. If the device has a relationship established with the service, then the set of familiar locations is updated to include the location in which the device is being used.Type: GrantFiled: October 1, 2012Date of Patent: September 20, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Steven Kafka, Richard Craddock, Ashutosh Tewari, Krish Vitaldevara
-
Patent number: 9450940Abstract: A service request for a managed computer system is received and once a primary authorization for same has been given, a secondary authorization management system (SAMS) determines whether or not the service request requires secondary authorization. This determination is made according to a context of the managed computer system and an authorization profile for the received service request. If needed, the SAMS resolves the secondary authorization request and returns the resolution decision.Type: GrantFiled: February 3, 2015Date of Patent: September 20, 2016Assignee: HyTrust, Inc.Inventors: Boris Belov, Hemma Prafullchandra, Govindarajan Rangarajan
-
Patent number: 9444822Abstract: Providing authorization and authentication in a cloud for a user of a storage array includes: receiving, by a storage array access module from a client-side array services module, a token representing authentication of user credentials and authorized access privileges defining one or more storage array services accessible by the user, where the token is generated by a cloud-based security module upon authentication of the user credentials and identification of authorized access privileges for the user; receiving, by the storage array access module from the user, a user access request to one or more storage array services; and determining, by the storage array access module, whether to grant the user access request in dependence upon the authorized access privileges represented by the token.Type: GrantFiled: May 29, 2015Date of Patent: September 13, 2016Assignee: Pure Storage, Inc.Inventors: Benjamin P. Borowiec, Jimmy T. Hu, Ethan L. Miller, Terence W. Noonan, Constantine P. Sapuntzakis, Neil A. Vachharajani, Daquan Zuo
-
Patent number: 9432333Abstract: A trusted content distribution system is described comprising a trustworthy enduser device and a network management infrastructure, the enduser device being adapted for communications between the enduser device and the networked infrastructure via a secure tunnel; the end user device comprising a host processor and memory; secure non-volatile memory for storing an operating system, a trusted boot process executed by the host processor to boot the end user device into a known state, means for communicating with a visualization device.Type: GrantFiled: March 24, 2011Date of Patent: August 30, 2016Assignee: E-BO ENTERPRISESInventor: Christophe Dhaene
-
Patent number: 9432373Abstract: This is directed to providing access to content stored on a local cloud. In particular, a device can direct a librarian service overseeing the operation of a local cloud to provide another device with access to content stored on the local cloud. The librarian service can generate credentials for the other device, and provide the credentials to the other device. Using the credentials, the other device can connect directly to the local cloud and access the content. In addition, the local cloud can validate the credentials of the other before providing access to the content. The credentials can include, for example, a key to install or load on the device. The librarian may not require, however, the user to create credentials or register with the librarian before being permitted to access the content on the local cloud.Type: GrantFiled: April 23, 2010Date of Patent: August 30, 2016Assignee: Apple Inc.Inventor: Scott Ryder
-
Patent number: 9426522Abstract: The disclosure relates to techniques for switching between channels of digital multimedia content. In particular, a decoding device decodes and renders to a display at least one frame of a segment of data prior to receiving the entire segment. In certain aspects, the decoding device may render one of the frames of the segment and freeze the rendered frame until the decoding device receives all of the frames of the segment. In other aspects, the decoding device may render frames of one or more segments at a reduced rendering rate until the receiving and rendering operations of decoding device are synchronized such that the rendering of the current segment occurs at substantially the same time as the receiving of the next segment. By rendering at least frame prior to receiving the entire segment the decoding device more quickly displays content to a user during a channel switching event.Type: GrantFiled: July 10, 2007Date of Patent: August 23, 2016Assignee: QUALCOMM IncorporatedInventors: Qiang Gao, Peisong Chen
-
Patent number: 9392015Abstract: A variety of techniques are disclosed for detection of advanced persistent threats and similar malware. In one aspect, the detection of certain network traffic at a gateway is used to trigger a query of an originating endpoint, which can use internal logs to identify a local process that is sourcing the network traffic. In another aspect, an endpoint is configured to periodically generate and transmit a secure heartbeat, so that an interruption of the heartbeat can be used to signal the possible presence of malware. In another aspect, other information such as local and global reputation information is used to provide context for more accurate malware detection.Type: GrantFiled: April 28, 2014Date of Patent: July 12, 2016Assignee: Sophos LimitedInventor: Andrew J. Thomas
-
Method and system to impose enterprise security mechanisms throughout a mobile application lifecycle
Patent number: 9383983Abstract: Particular embodiments provide a method to authenticate a user of an application running on a mobile operating system (OS) installed on a mobile device, wherein the mobile OS invokes callback methods of the application upon making changes to an execution state of the application. Code embedded into the application causes the application to communicate with a management agent installed in the mobile OS upon invocation of a hooked callback method. Upon invocation of the hooked callback method, the embedded code assesses whether the user should be provided an authentication challenge prior to enabling the application to run in the foreground, and presents the authentication challenge if necessary. Finally, the embedded code returns execution control from the management agent back to the application wherein the application executes the at least one callback method prior to running in the foreground.Type: GrantFiled: June 14, 2013Date of Patent: July 5, 2016Assignee: AirWatch LLCInventors: Perry Hung, Harvey Tuch -
Patent number: 9369490Abstract: A method for the secure exchange of data over an ad-hoc network implementing an Xcast broadcasting service and an associated node are disclosed. The method includes providing a security graph for the network and a communication graph for the network, routing a data item between the sender node sending the data and each receiver node receiving the data along a secure route on the security graph. The method also includes generating, between one relay node and a subsequent relay node of the secure route, an appropriate message, containing the data protected in accordance with a security association shared between the relay node and the subsequent relay node. The method further includes routing the message from the relay node to the subsequent relay node along a communication route on the communication graph.Type: GrantFiled: July 24, 2014Date of Patent: June 14, 2016Assignee: THALESInventors: Sepideh Fouladgar, Patrick Duputz
-
Patent number: 9357389Abstract: The present invention provides a security identity discovery method, through hiding or omitting MAC addresses of the first station and a second station in a frame for identity discovery between the two stations, adopting identity codes to identify the identities of the two stations and authenticating the identities by using a ciphertext, improves the degree of privacy protection during identity discovery of the stations.Type: GrantFiled: September 25, 2014Date of Patent: May 31, 2016Assignee: Huawei Technologies Co., Ltd.Inventors: Kaidi Huang, Guorui Yang, Linfeng Xia
-
Patent number: 9344405Abstract: A method for establishing a secure communication session over communication paths between one or more client devices and one or more server computers according to a communication protocol includes initiating the session including passing communication through a proxy on a device on the communication paths, passing session initiation information between the client devices and the server computers via the proxy, passing encrypted content between the client devices and the server computers over secure communication sessions, each established for exclusive access from one client device and one server computer based on the exchanged session initiation information between said client device and said server computer whereby the proxy does not have access to the content, and modifying, using the proxy, at least some information passing between a client device and a server computer such that the communication to and from the server computer adheres to the communication protocol.Type: GrantFiled: June 17, 2013Date of Patent: May 17, 2016Assignee: Massachusetts Institute of TechnologyInventors: Roger I. Khazan, Daniil M. Utin
-
Patent number: 9319408Abstract: This is directed to providing access to content stored on a local cloud. In particular, a device can direct a librarian service overseeing the operation of a local cloud to provide another device with access to content stored on the local cloud. The librarian service can generate credentials for the other device, and provide the credentials to the other device. Using the credentials, the other device can connect directly to the local cloud and access the content. In addition, the local cloud can validate the credentials of the other before providing access to the content. The credentials can include, for example, a key to install or load on the device. The librarian may not require, however, the user to create credentials or register with the librarian before being permitted to access the content on the local cloud.Type: GrantFiled: April 23, 2010Date of Patent: April 19, 2016Assignee: Apple Inc.Inventor: Scott Ryder
-
Patent number: 9319390Abstract: An approach is provided for providing a trust level to access a resource. A system receives a request at a device, from a first user, to access a resource associated with a second user. The resource is further associated with a predetermined privacy level. The system calculates a trust level between the first user and the second user based, at least in part, on a trust metric. The system then determines whether the trust level meets the predetermined privacy level and grants an access right to the resource based, at least in part, on the determination.Type: GrantFiled: March 26, 2010Date of Patent: April 19, 2016Assignee: NOKIA TECHNOLOGIES OYInventors: Kun Yu, Hao Wang, Wendong Wang, Yidong Cui
-
Patent number: 9300653Abstract: Information useful for authenticating an entity is sent over a back channel during the authentication of an entity to a RESTful service. The delivery of the entity-related information is triggered by the validation of a service ticket received by the authentication component of the RESTful service.Type: GrantFiled: April 21, 2014Date of Patent: March 29, 2016Assignee: JERICHO SYSTEMS CORPORATIONInventors: Michael Dufel, Vijayababu Subramanium, Mizanul Chowdhury
-
Patent number: 9258319Abstract: Disclosed are various embodiments for detecting and responding to attacks on a computer network. One embodiment of such a method describes monitoring data communications transmitted to a target class of first computing nodes; in response to detecting a non-legitimate data communication to a computing node in the target class, determining whether the non-legitimate data communication is a form of attack on a network to which the computing nodes are connected; and in response to determining that the network is under attack, implementing new security measures for second computing nodes that are not part of the target class to protect the second computing nodes against the attack on the network while the attack is ongoing.Type: GrantFiled: June 28, 2013Date of Patent: February 9, 2016Assignee: Amazon Technologies, Inc.Inventor: Gregory A. Rubin
-
Patent number: 9253772Abstract: A system and method for configuring a component carrier is presented. A component carrier assignment message is received. The component carrier assignment message may be configured to identify the component carrier and include at least one of, at least one of a downlink carrier frequency, a carrier frequency of a paired uplink carrier, a bandwidth of the component carrier, and a bandwidth of the paired uplink carrier, an indication of whether the component carrier is a control channel monitoring component carrier configured to signal data channel assignment information for the component carrier, and a logical index of the component carrier. The component carrier assignment message may then be used to configure the component carrier on a user equipment (UE).Type: GrantFiled: May 16, 2014Date of Patent: February 2, 2016Assignee: BlackBerry LimitedInventors: Mo-Han Fong, Richard Charles Burbidge, Zhijun Cai, Takashi Suzuki, Andrew Mark Earnshaw, Youn Hyoung Heo, Hua Xu, Jun Li, Sean Michael McBeath