Patents Examined by William Goodchild
  • Patent number: 10013557
    Abstract: The disclosed embodiments include a method for disarming malicious code in a computer system having a processor. The method comprises accessing, by the computer system, input content, wherein the input content includes a plurality of data units having a value representing media content, and adjusting, by the processor, a data unit value of at least a portion of the data units, wherein the portion of the data units and an adjustment of the data unit value are determined so as to render any malicious code included in the plurality of data units inactive for its intended malicious purpose while not interfering with an intended use of the input content.
    Type: Grant
    Filed: February 24, 2017
    Date of Patent: July 3, 2018
    Assignee: VOTIRO CYBERSEC LTD.
    Inventors: Aviv Grafi, Itay Glick
  • Patent number: 9998391
    Abstract: A method and apparatus for use with a plurality of resources integrated within a space for performing a process and a program run by a processor for controlling the process, the apparatus for associating the resources with the program and comprising a processor running a program to perform the steps of identifying at least a first reference point within the space, identifying the relative juxtaposition of at least a first resource with respect to the first reference point and associating the first resource with the program as a function of the relative juxtaposition of the first resource to the reference point.
    Type: Grant
    Filed: January 28, 2014
    Date of Patent: June 12, 2018
    Assignee: Rockwell Automation Technologies, Inc.
    Inventors: David W Farchmin, David Alan Vasko, Brian A Batke, Daniel P Noonen, David Michael Callaghan, John Joseph Baier, Scot A Tutkovics
  • Patent number: 9948605
    Abstract: Some aspects as described herein are directed to mirroring, in upstream and/or downstream data traffic for a particular connection, markings of data packets (e.g., DSCP and/or other markings) that have been received in downstream data traffic for that same connection. A trusted device in the network may control the markings, rather than a less-trusted endpoint device and/or a less trusted software application operating in any device.
    Type: Grant
    Filed: July 18, 2014
    Date of Patent: April 17, 2018
    Assignee: Comcast Cable Communications, LLC
    Inventors: Michael Chen, Sree Kotay, John Robinson
  • Patent number: 9923925
    Abstract: Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.
    Type: Grant
    Filed: April 10, 2015
    Date of Patent: March 20, 2018
    Assignee: Palantir Technologies Inc.
    Inventors: Jacob Albertson, Melody Hildebrandt, Harkirat Singh, Shyam Sankar, Rick Ducott, Peter Maag, Marissa Kimball
  • Patent number: 9917833
    Abstract: A speaker recognition system for authenticating a mobile device user includes an enrollment and learning software module, a voice biometric authentication software module, and a secure software application. Upon request by a user of the mobile device, the enrollment and learning software module displays text prompts to the user, receives speech utterances from the user, and produces a voice biometric print. The enrollment and training software module determines when a voice biometric print has met at least a quality threshold before storing it on the mobile device. The secure software application prompts a user requiring authentication to repeat an utterance based at least on an attribute of a selected voice biometric print, receives a corresponding utterance, requests the voice biometric authentication software module to verify the identity of the second user using the utterance, and, if the user is authenticated, imports the voice biometric print.
    Type: Grant
    Filed: May 22, 2015
    Date of Patent: March 13, 2018
    Assignee: Cirrus Logic, Inc.
    Inventor: Marta Garcia Gomar
  • Patent number: 9916439
    Abstract: The subject disclosure is directed towards securing network data traffic through a trusted partition of the computing environment. A proxy service may communicate transaction data from a client to security-critical code within the trusted partition, which compares the transaction data to a security policy from a commercial electronic entity. If the transaction data includes malicious content, a security component framework of the trusted partition may reject the transaction data and terminate communications with the client. If the transaction data does not include malicious content, the security component framework may communicate a secured version of the transaction data and retrieve response data from the commercial electronic entity, which may be further communicated back to the client.
    Type: Grant
    Filed: March 22, 2012
    Date of Patent: March 13, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Mariusz H. Jakubowski, Marcus Peinado
  • Patent number: 9886579
    Abstract: A method for proactively detecting shared libraries suspected of association with malware includes the steps of determining one or more shared libraries loaded on an electronic device, determining that one or more of the shared libraries include suspicious shared libraries by determining that the shared library is associated with indications that the shared library may have been maliciously injected, loaded, and/or operating on the electronic device, and identifying the suspicious shared libraries to a reputation server.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: February 6, 2018
    Assignee: MCAFEE, LLC
    Inventor: Ahmed S. Sallam
  • Patent number: 9881164
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for securing data. One of the methods includes receiving, by the map reduce framework, data for analysis. The method includes identifying, by the map reduce framework, private data in received data. The method includes encrypting the private data. The method includes storing the encrypted private data in a location separate from the received data. The method includes obfuscating the private data by adding a reference to the location of the encrypted private data in the received data.
    Type: Grant
    Filed: March 13, 2015
    Date of Patent: January 30, 2018
    Assignee: United Services Automobile Association (USAA)
    Inventors: Joel Andrew McKay, David South, Robert Aaron Ghavidel, Donald Nathaniel Holloway, III
  • Patent number: 9875134
    Abstract: A set of techniques is described for enabling a virtual machine based transcoding system. The system enables any transcoding provider to make their transcoding service available to other users over a network. The system can automate the deployment, execution and delivery of the transcoding service on behalf of the transcoding provider and enable other users to use the transcoding services to transcode content. The system receives a virtual machine image, transfers the image to a location where the media content is stored and creates a virtual private network of resources that will perform the transcoding of the media content. The virtual private network may be firewalled or otherwise restricted from opening connections with external clients when transcoding the content in order to prevent malicious use of the media content.
    Type: Grant
    Filed: January 11, 2016
    Date of Patent: January 23, 2018
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Jacob Gabrielson, Piragash Velummylum, Bradley E. Marshall, Jonathan B. Corley
  • Patent number: 9872175
    Abstract: A packet processing method, apparatus, and system. A first node receives a first packet sent by a relay device, where the first packet includes data in a second packet sent by a second node to the relay device, the data in the second packet is encrypted by using second additional authentication data and a session key between the first node and the second node, and the second additional authentication data is generated by the second node according to at least address information in a packet header of the second packet by using a second rule; the first node generates first additional authentication data according to address information in a packet header of the first packet by using a first rule, and decrypts the data in the first packet by using the first additional authentication data and the session key.
    Type: Grant
    Filed: June 9, 2015
    Date of Patent: January 16, 2018
    Assignee: HUAWEI DEVICE (DONGGUAN) CO., LTD.
    Inventors: Zhiming Ding, Guiming Shu
  • Patent number: 9853996
    Abstract: A system and method for identifying and preventing malicious application programming interface attacks is configured to, during a learning stage: monitor all requests sent to and from the server API; identify one or more first characteristic data points of each request and response sent during the learning stage; and determine, based at least in part on the identified one or more first characteristic data points, one or more characteristic data models, wherein a characteristic data model represents at least one of an expected input to the API and an expected output of the API; and during a protection stage: monitor all requests sent to and from the server API; identify one or more second characteristic data points of each request and response sent during the protection stage; and one of validate and invalidate the identified one or more second characteristic data points against the one or more characteristic data models.
    Type: Grant
    Filed: April 13, 2016
    Date of Patent: December 26, 2017
    Assignee: SECFUL, INC.
    Inventors: Roey Eliyahu, Omer Sadika
  • Patent number: 9836496
    Abstract: Example embodiments relate to a notification system. The notification system accesses a set of components of a first data object, a user having registered to monitor the first data object for modifications. The notification system compares the set of components of the first data object to a previous set of components of the first data object and determines, based on the comparison, that the set of components of the first data object includes at least one modification from the previous set of components of the first data object. In response to determining that the set of components of the first data object includes at least one modification from the previous set of components of the first data object, the notification system notifies the user of the at least one modification to the first data object.
    Type: Grant
    Filed: December 20, 2016
    Date of Patent: December 5, 2017
    Assignee: Palantir Technologies Inc.
    Inventors: Jeremy Liu, Timothy Wilson, Mitchell Beard
  • Patent number: 9813453
    Abstract: A device management system is configured to manage access to electronic documents on client devices using policies. The policies specify one or more download and processing restrictions to be enforced with respect to the particular electronic document at client devices for example, particular hardware and software configurations that are required at client devices before data is permitted to be downloaded to those client devices. The policies may also specify other requirements that must be satisfied before data is permitted to be downloaded to those client devices, for example, user authentication.
    Type: Grant
    Filed: December 2, 2015
    Date of Patent: November 7, 2017
    Assignee: Ricoh Company, Ltd.
    Inventor: Tetsuro Motoyama
  • Patent number: 9807121
    Abstract: An apparatus includes a processor and a memory storing instructions executed by the processor to receive a first communication session using a first key, where the first communication session is between a client and a server. A second communication session is initiated using a second key, where the second communication session is between the apparatus and the server. An active communication session is negotiated between the client and the server using the first key and the second key. The active communication session is decrypted using the first key and the second key. The active communication session is re-encrypted using a third key to form re-encrypted data.
    Type: Grant
    Filed: November 25, 2014
    Date of Patent: October 31, 2017
    Assignee: Symantec Corporation
    Inventors: Joseph H. Levy, David Wells, Paul Kraus
  • Patent number: 9807074
    Abstract: Obtaining and/or validating user credentials at client devices is described.
    Type: Grant
    Filed: May 1, 2015
    Date of Patent: October 31, 2017
    Assignee: MicroStrategy Incorporated
    Inventors: Michael J. Saylor, Gang Chen, Hector Vazquez
  • Patent number: 9794341
    Abstract: A server system with one or more processors and memory sends a verification request, to a client device, to verify that the client device is storing a data block, where the verification request includes verification parameters. In response, the server system obtains from the client device a first verification value for the data block. The server system compares the first verification value with a second verification value for the data block, where the second verification value was previously computed, in accordance with the data block and the verification parameters, and stored by the server system. In accordance with a determination that the first verification value matches the second verification value, the server system confirms that the client device is storing the data block.
    Type: Grant
    Filed: September 24, 2014
    Date of Patent: October 17, 2017
    Assignee: SANDISK TECHNOLOGIES LLC
    Inventors: Abhijeet Manohar, Daniel Tuers
  • Patent number: 9787690
    Abstract: When a user inputs an action request, such as a requested command, to be performed on a target machine, a management system receives the request and verifies it with a separate authentication and permission system. The verified command request is sent to the target machine. An authentication worker on the target machine accesses a set of policies, local to the target machine, to identify a least privileged execution environment in which the requested command can be performed. The authentication worker on the target machine launches the requested command within the identified least privileged execution environment on the target machine.
    Type: Grant
    Filed: May 18, 2015
    Date of Patent: October 10, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Liqiang Zhu, Anand Menon, Guanghui He, Jiahui Wang, Neil Shipp, Nick Voicu, Yi Zeng, Yu (Kyle) Huang, Rajalakshmi Dani, David Hetherington, Zhaoan Liu, Gavin Ackroyd
  • Patent number: 9787471
    Abstract: Embodiments of a data encryption and/or decryption technique are disclosed. Briefly, for example, in accordance with one example embodiment a method is provided. A message based at least in part on a hierarchical symbol assignment system is encrypted. The hierarchical symbol assignment system is represented as a numerical value.
    Type: Grant
    Filed: June 1, 2006
    Date of Patent: October 10, 2017
    Assignee: Robert T. Jenkins and Virginia T. Jenkins
    Inventors: Mark Gesley, Richard Crandall, Edlyn Teske, Tim Williams
  • Patent number: 9769276
    Abstract: A hardware device for monitoring and intercepting data packetized data traffic at full line rate, is proved. In high bandwidth embodiments, full line rate corresponds to rates that exceed 100 Mbytes/s and in some cases 1000 Mbytes/s. Monitoring and intercepting software, alone, is not able to operate on such volumes of data in real-time. An exemplary embodiment comprises: a data delay buffer with multiple delay outputs; a search engine logic for implementing a set of basic search tools that operate in real-time on the data traffic; a programmable gate array; an interface for passing data quickly to software sub-systems; and control means for implementing software control of the operation of the search tools. The programmable gate array inserts the data packets into the delay buffer, extracts them for searching at the delay outputs and formats and schedules the operation of the search engine logic.
    Type: Grant
    Filed: February 17, 2015
    Date of Patent: September 19, 2017
    Assignee: BAE SYSTEMS PLC
    Inventors: Mark Arwyn Bennett, Alexander Colin Piggott, David John Michael Garfield, Philip Morris
  • Patent number: 9769662
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for performing multi-factor authentication. In one aspect, a method includes determining that a user has successfully completed an authentication factor, determining whether a mobile device associated with the user is proximate to a computer; and authenticating the user based on determining that the user has successfully completed the authentication factor, and that the mobile device is proximate to the computer.
    Type: Grant
    Filed: June 5, 2015
    Date of Patent: September 19, 2017
    Assignee: Google Inc.
    Inventor: Jean Baptiste Maurice Queru