Patents Examined by William Goodchild
-
Patent number: 9582673Abstract: A data model in which a set provides an abstraction that isolates the computation of membership from the details of how an enforcement point determines access (e.g., based on claims, based on security group membership etc). Set operations (e.g., intersection, union, inverse) can then be used across the sets. The architecture utilizes workflow on set transitions such that when an object such as a user enters the scope of one of these sets, notification can occur, such that inadvertent changes which lead to separation-of-duties violations can be detected quickly. The sets can also be used to define entitlements for enforcement of claims-based access control in a cross-organization deployment (e.g., to a cloud-hosted application).Type: GrantFiled: September 27, 2010Date of Patent: February 28, 2017Assignee: Microsoft Technology Licensing, LLCInventor: Mark Wahl
-
Patent number: 9578018Abstract: Remote sign-out of web based service sessions. As a part of remote sign-out of web based service sessions, a user authentication token is accessed that is used to establish a web based service session and this user authentication token is stored in memory of an authentication server and returned in a cookie to the device. User access and deletion of the user authentication token from memory is accommodated using a device different from that which initially established the web based service session. Upon receipt of a browser request involving the user authentication token, it is determined whether the user authentication token is stored in memory. An access denial indication is provided to a web based service that indicates that the user authentication token is not stored in memory.Type: GrantFiled: October 13, 2014Date of Patent: February 21, 2017Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Johnny Liu, Keith Senzel, Ye Gu
-
Patent number: 9572029Abstract: Representative embodiments of secure authentication to a resource in accordance with a predefined, electronically stored quorum-based authentication policy include causing electronic interaction among multiple devices that constitute a quorum in accordance with the policy, computationally determining whether the interaction satisfies the policy, and if so, electronically according access to the resource to one or more individuals associated with the interacting device(s).Type: GrantFiled: April 10, 2013Date of Patent: February 14, 2017Assignee: Imprivata, Inc.Inventors: Edward J. Gaudet, David M. T. Ting
-
Patent number: 9558362Abstract: Data encryption using an external arguments encryption algorithm: it is an encryption system which uses symmetrical secret key algorithms but the operating arguments thereof and/or the actual encryption/decryption algorithm is/are unknown before use and is/are created at the time of encryption and then destroyed but is/are stored in an independent or non-independent computer or non-computer system (paper, human memory, other non-computer media, etc.) of the system which encrypts or decrypts the data/message for the subsequent reuse thereof at the time of decryption. It will be used as a client/server system, wherein the client uses a set of variable arguments and/or the actual algorithm which is/are stored, however, outside the actual client in the server.Type: GrantFiled: January 23, 2012Date of Patent: January 31, 2017Inventor: Antonio Subires Bedoya
-
Patent number: 9558374Abstract: Methods and systems for securing information are provided. The method includes generating a hash key by an input/output (I/O) processing module interfacing with a processor executable application to encrypt a block of data of a data container to secure and store the data container; generating cipher text for the block of data encrypted with the hash key; using an encryption key to encrypt the hash key for the block of data; providing the cipher text and the encrypted hash key by the I/O processing module to a storage system for storage; where the I/O processing module segregates the encrypted hash key from the cipher text and maintains the encrypted hash key as part of metadata for the cipher text; and storing the cipher text with the encrypted hash key as the metadata for the cipher text for the block of data.Type: GrantFiled: February 25, 2015Date of Patent: January 31, 2017Assignee: NETAPP, INC.Inventors: Peter D. Shah, Won So
-
Patent number: 9553874Abstract: Provided is a programmable display apparatus that can permit access to an application through facial authentication, and can display a screen corresponding to an authenticated user after the access is permitted. The programmable display apparatus stores feature data of faces of a plurality of users and screen data for displaying a plurality of screens. The programmable display apparatus performs facial authentication based on image data of a user obtained through image capture and on the feature data. The programmable display apparatus permits a user to access the application if the user has been authenticated. Upon permitting the access, the programmable display apparatus displays, on a display, a screen corresponding to the authenticated user from among the plurality of screens.Type: GrantFiled: July 23, 2014Date of Patent: January 24, 2017Assignee: OMRON CorporationInventors: Kiyotaka Fujiwara, Takayoshi Yamashita, Fumio Kawakami
-
Patent number: 9552468Abstract: An image processing apparatus is provided, including a user input interface to input biometric information of at least one user, a processor to process image data to be displayed as an image and to provide a preset service to authenticate a personal identification (ID) and the group ID of a user group including users corresponding to personal IDs, and a controller to specify a personal ID corresponding to biometric information of an input through the user input interface, and to select and authenticate the group ID corresponding to specified personal IDs from the storage when multiple personal IDs are specified. The controller derives interest of the multiple users corresponding to the respective specified personal IDs in the image and selects the group ID corresponding to a personal ID of a user determined to have a high interest.Type: GrantFiled: November 12, 2014Date of Patent: January 24, 2017Assignee: SAMSUNG ELECTRONICS CO., LTD.Inventors: Eun-heui Jo, Sang-yoon Kim, Kyoung-jae Park, Ki-jun Jeong
-
Patent number: 9542555Abstract: A system and method for detecting malware in compressed data. The system and method identifies a set of search strings extracted from compressed executables, each of which is infected with malware from a family of malware. The search strings detect the presence of the family of malware in other compressed executables, fragments of compressed executables, or data streams.Type: GrantFiled: April 13, 2015Date of Patent: January 10, 2017Assignee: Pulse Secure, LLCInventors: George Tuvell, Deepak Venugopal
-
Patent number: 9529994Abstract: Computer systems and methods in various embodiments are configured for improving the security and efficiency of client computers interacting with server computers through supervising instructions defined in a web page and/or web browser. In an embodiment, a computer system comprising one or more processors, coupled to a remote client computer, and configured to send, to the remote client computer, one or more instructions, which when executed by the remote client computer, cause a run-time environment on the remote client computer to: intercept, within the run-time environment, a first call to execute a particular function defined in the run-time environment by a first caller function in the run-time environment; determine a first caller identifier, which corresponds to the first caller function identified in a run-time stack maintained by the run-time environment; determine whether the first caller function is authorized to call the particular function based on the first caller identifier.Type: GrantFiled: November 24, 2014Date of Patent: December 27, 2016Assignee: Shape Security, Inc.Inventors: Yao Zhao, Xinran Wang
-
Patent number: 9521130Abstract: Systems and methods are provided for establishing an encrypted communication link between a first device and a second device. One exemplary computer-implemented method includes accessing, from a storage, identification information of a user of the first device. The method further includes receiving, at a domain name server, a Domain Name Service (DNS) request from the first device requesting a network address corresponding to a domain name associated with the second device, the domain name being used to establish the encrypted communication link to the second device. The method further includes authenticating the user based on the user identification information, the user identification information including biometric information of the user. The method also includes transmitting network address in response to the DNS request based on a determination that the user has been authenticated at the domain name server using the biometric information of the user.Type: GrantFiled: September 25, 2013Date of Patent: December 13, 2016Assignee: VIRNETX, INC.Inventors: Robert Dunham Short, III, Nathaniel Jackson Short, Michael Williamson
-
Patent number: 9507947Abstract: A technique performs similarity-based data loss prevention on content from a content source. The technique involves generating multiple variants from the content, the multiple variants including a set of variants for each parsed word of the content, each variant of that set (i) including multiple characters and (ii) differing from other variants of that set by at least one character. The technique further involves performing evaluation operations to determine whether any of the variants includes sensitive data. The technique further involves performing, in response to the evaluation operations, a control operation which (i) releases all of the parsed words of the content to a destination when none of the variants is determined to include sensitive data, and (ii) blocks at least one parsed word of the content from reaching the destination when at least one variant is determined to include sensitive data.Type: GrantFiled: September 27, 2013Date of Patent: November 29, 2016Assignee: EMC IP Holding Company LLCInventor: Yedidya Dotan
-
Patent number: 9509515Abstract: A method and an apparatus for validating device-to-device (D2D) communication devices in a server via a mobile terminal are provided. A 1st device-to-device (D2D) communication device includes a communication unit for communicating with a mobile terminal via D2D communication, and a controller. The controller is configured to control the communication unit to transmit digital signature information of the 1st D2D communication device to the mobile terminal, receive, when the digital signature information is successfully authenticated in a server, server public encryption information, from the mobile terminal, and transmit device information of the 1st D2D communication device, which is encrypted using the server public encryption information, to the server, and register the 1st D2D communication device in the server. The method and apparatus reduce user input for registering D2D communication devices in a server, increases user convenience, and decrease authentication time.Type: GrantFiled: December 2, 2014Date of Patent: November 29, 2016Assignee: Samsung Electronics Co., Ltd.Inventors: Dongik Lee, Daedong Kim, Heedong Kim, Inho Park, Chungyong Eom, Yangdon Lee, Dongyun Hawng
-
Patent number: 9494645Abstract: The present invention relates to a method for testing cryptography circuits. It also relates to a secure cryptography circuit capable of being tested. The cryptography circuit includes registers and logic gates, and a test thereof performs a differential power analysis on the registers of the circuit. A cryptography circuit being secure and including a first half-circuit associated with a second half-circuit operating in complementary logic, the electric power supply of the first half-circuit is separated from the electric power supply of the second half-circuit, the differential power analysis being carried out in parallel on each half-circuit, the two power supplies being combined into one and the same electric power supply after the test.Type: GrantFiled: February 11, 2009Date of Patent: November 15, 2016Assignee: INSTITUT TELECOM-TELECOM PARIS TECHInventors: Sylvain Guilley, Jean-Luc Danger
-
Patent number: 9490979Abstract: A method and system is operable to provide credentials by generating a first credential that conforms to a first specified format. A second credential conforming to a second specified format is included in the first credential so that the second credential may be distributed through the cryptosystem using the first specified format. The credential may be a digital certificate.Type: GrantFiled: September 9, 2010Date of Patent: November 8, 2016Assignee: BlackBerry LimitedInventors: Matthew John Campagna, Herbert Anthony Little, Anthony Rosati, Scott Alexander Vanstone
-
Patent number: 9485241Abstract: A communication network processes intermediate security data from intermediate access nodes on a communication path between a network access node and an end-point device to determine if the intermediate access nodes are authorized. If the intermediate access nodes are authorized, then the network processes end-point security data from the end-point device to determine if the end-point device is authorized. If the end-point device is authorized, then the network processes end-point tethering data from the end-point device to determine if any tethered communication devices are coupled to the end-point device. If the end-point device is not coupled to any tethered communication devices, then the network authorizes a data transfer session for the end-point device over the communication path. If the end-point device is coupled to a tethered communication device, then the network denies authorization for the data transfer session over the communication path for the end-point device.Type: GrantFiled: November 21, 2014Date of Patent: November 1, 2016Assignee: Sprint Communications Company L.P.Inventors: Lyle Walter Paczkowski, Mike L. McRoberts, Thomas M. Renner, Ivan Sheon Fenwick
-
Patent number: 9479521Abstract: A particular method includes detecting, at a detection module, an indicator corresponding to a suspicious software component, where the indicator is detected based on monitored network data of a network system and based on a plurality of network behavior profiles. At least one of the network behavior profiles includes an ordered sequence of network actions. The method further includes determining, at an identification module, whether the indicator corresponds to any of the plurality of network behavior profiles. The method further includes generating output data in response to a determination that the indicator corresponds to a particular network behavior profile of the plurality of network behavior profiles.Type: GrantFiled: September 30, 2013Date of Patent: October 25, 2016Assignee: The Boeing CompanyInventors: Aaron R. Davis, Timothy M. Aldrich, Matthew S. Bialek, Timothy M. Lemm, Shaun Kospiah
-
Patent number: 9479526Abstract: A security appliance includes a vulnerable testbed that simulates at least one known vulnerability, and a secure testbed that simulates not having that vulnerability. A testbed monitor monitors run-time behavior of the vulnerable testbed and the secure testbed, obtaining at least one run-time behavior parameter. A comparative evaluator module compares the run-time behavior parameters with respect to the received client request to determine if it is legitimate or illegitimate. The security appliance outputs its determination with a message and/or by forwarding client requests deemed legitimate and dropping client requests deemed illegitimate. The determination can be based, on differences in the run-time behavior parameters. Illegitimate requests can be cached for later matching. The requests can be database data requests, XML formatted requests, operating system requests and/or other types of requests that would be differentially handled by a vulnerable server and a secure server.Type: GrantFiled: November 13, 2014Date of Patent: October 25, 2016Assignee: SHAPE SECURITY, INC.Inventor: Siying Yang
-
Patent number: 9473538Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for overriding a soft website block. One of the methods includes receiving, from a user device, a request to access a resource, determining, using a first policy group for the user device, that the user device should be prevented from accessing the resource, providing, to the user device and based on determining that the user device should be prevented from accessing the resource, instructions for the presentation of a user interface including a user credentials field, receiving user credentials from the user device, determining that the user credentials are the same as credentials used to log onto the user device, and allowing the user device access to the resource.Type: GrantFiled: June 3, 2015Date of Patent: October 18, 2016Assignee: iboss, Inc.Inventors: Paul Michael Martini, Peter Anthony Martini
-
Patent number: 9467433Abstract: There is described herein a device (101) for communicating with a network. The device (101) comprises a communications unit for receiving data, a notification device for providing a notification to a user, and a control unit for controlling the operation of the communications unit and notification unit. The communications unit is configured to receive an information message (110, 112, 115), and to receive security authentication data (110, 112, 115) associated with the information message if such security authentication data is available. The control unit is configured to operate in a first or second configuration. In the first configuration it ignores the security authentication data, (111, 113), and instructs the notification unit to convey the notification to the user. In the second configuration, it verifies the information message (116) on the basis of the security authentication data and instructs the notification unit to convey the notification to the user if the verification is successful.Type: GrantFiled: June 14, 2012Date of Patent: October 11, 2016Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Monica Wifvesson, Michael Liljenstam, John Mattsson, Karl Norrman
-
Patent number: 9467285Abstract: A method including receiving encrypted multimedia information of a multimedia broadcast multicast service streaming session, wherein the multimedia information is encrypted using an encryption key. An indication allowing to switch the receiving of the encrypted multimedia information to a peer-to-peer streaming session is received and receiving of the encrypted multimedia information from the multimedia broadcast multicast service streaming session to the peer-to-peer streaming session is switched. Encrypted multimedia information of the peer-to-peer streaming session is received.Type: GrantFiled: September 7, 2010Date of Patent: October 11, 2016Assignee: Nokia Technologies OyInventors: Silke Holtmanns, Pekka Johannes Laitinen