Patents Examined by William S. Powers
  • Patent number: 10291656
    Abstract: A system may include a traffic interception module configured to intercept network traffic of a host device. A traffic virtualization module may be configured to generate a virtual file on the host device containing the intercepted network traffic. A security system interface module may be configured to provide the virtual file to a secure digital security system over a virtualized file interface coupling the host device to the secure digital security system, and to receive instructions to allow or to deny the network traffic from the secure digital security system over the virtualized file interface. A traffic access management module may be configured to allow or to deny the network traffic based on the instructions.
    Type: Grant
    Filed: September 11, 2017
    Date of Patent: May 14, 2019
    Assignee: CUPP Computing AS
    Inventor: Omar Nathaniel Ely
  • Patent number: 10284593
    Abstract: Protecting newly restored clients from computer viruses is described. A system identifies a backed-up version of anti-virus software associated with a backup copy of a data set for a client. The system receives a request to restore the data set for the client. The system determines whether the backed-up version of the anti-virus software comprises a most recent version of the anti-virus software. The system restores the data set for the client based on the most recent version of the anti-virus software in response to a determination that the backed-up version of the anti-virus software does not comprise the most recent version of the anti-virus software.
    Type: Grant
    Filed: January 15, 2015
    Date of Patent: May 7, 2019
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Balaji Panchanathan, Ganesh Mony
  • Patent number: 10275592
    Abstract: According to an embodiment, an information processing device includes a first manager, a second manager, and a generator. The first manager loads a first class of a first object that requests execution of methods contained in a second object and a third class of a limiter configured to limit access from the first object to the methods. The second manager loads a second class of the second object. The generator generates the second object from the second class upon receiving a generation request for generating the second object from the first object, generates the limiter from the second object and the third class, and transmits the limiter to the first object.
    Type: Grant
    Filed: September 26, 2014
    Date of Patent: April 30, 2019
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Hiroyoshi Haruki, Fukutomo Nakanishi, Mikio Hashimoto
  • Patent number: 10277407
    Abstract: The present invention provides for streamlined issuance of certificates and other tokens that are contingent on key attestation of keys from a trusted platform module within a computing platform. Various methods are described for wrapping the requested token in a secret, such as an AES key, that is encrypted to a TPM based key in a key challenge. If the requesting platform fails the key challenge, the encrypted certificate or token cannot be decrypted. If requesting platform passes the challenge, the encrypted certificate or token can be decrypted using the AES key recovered from the key challenge.
    Type: Grant
    Filed: August 26, 2016
    Date of Patent: April 30, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Christopher Edward Fenner, Peter David Waxman, Gabriel Fortunato Stocco, Kam Kouladjie, Cristian Stefan Salvan, Prabu Raju, Himanshu Soni, Giridhar Viswanathan
  • Patent number: 10257232
    Abstract: An endpoint security agent facilitates a security policy on an endpoint computing device. The endpoint agent comprises an engine and one or more plugins that each provide a particular security feature. The endpoint agent receives a policy from a cloud server specifying one or more plug-ins used by the policy and configuration of those plug-ins. The endpoint agent retrieves, installs, and configures the one or more plugins. The endpoint agent updates a communication table with command subscription information obtained from each installed plugin indicating command types subscribed to by each plug-in. When a command is received, a lookup of the command type is performed in the table, and the command is sent to the subscribing plugin.
    Type: Grant
    Filed: September 13, 2017
    Date of Patent: April 9, 2019
    Assignee: Malwarebytes Inc.
    Inventors: Kevin Douglas Breton, Mark William Patton
  • Patent number: 10257233
    Abstract: A method for providing an administration policy to a user device comprising a plurality of applications, the method comprising centrally generating the administration policy to be implemented in the user device, the administration policy comprising at least one of an application administration policy to be used by at least one of the plurality of applications and a client administration policy for the user device; and providing the generated policy to the user device.
    Type: Grant
    Filed: December 30, 2016
    Date of Patent: April 9, 2019
    Assignee: BlackBerry Limited
    Inventors: Kenneth John Wallis, Bryan Richard Goring, Viera Bibr, Kamen Vitanov, Laura Brindusa Fritsch, Michael Shenfield, Jeffrey Christopher Rogers
  • Patent number: 10250581
    Abstract: Disclosed are a client, a server, an RADIUS capability negotiation method and system, and the method includes: a client transmits to a server a first message carrying RADIUS capability parameters of the client; the server captures the RADIUS capability parameters in the first message, matches the RADIUS capability parameters in the first message with RADIUS capability parameters of the server to obtain a matching result, and transmits the matching result to the client through a second message; and the client determines whether to establish effective communication with the server according to the matching result in the second message. By means of the technical solutions of the disclosure, it is possible to extend the RADIUS protocol, and to solve the problem existing in the current RADIUS protocol that both sides in communication cannot perform RADIUS capability negotiation.
    Type: Grant
    Filed: September 18, 2013
    Date of Patent: April 2, 2019
    Assignee: ZTE CORPORATION
    Inventors: Qiandeng Liang, Yuxi Gan, Liang Fan, Huaxing Zhu
  • Patent number: 10250609
    Abstract: A method of providing a client with a privileged access ticket (PAT) to access a target service is performed at a credentials management service (CMS) in communication with a client and an authentication service. The CMS receives a privileged access ticket request from the client. The PAT request uses authentication credentials. The CMS retrieves privileged credentials using the authentication credentials, and sends a PAT request to the authentication service using the privileged credentials. When the PAT is received, the CMS forwards the PAT to the client. Optionally, in order to acquire a PAT the CMS sends a privileged provisioning ticket (PPT) request using the privileged credentials to the authentication service, and, after the PPT is received, requests the PAT from the authentication service using the PPT.
    Type: Grant
    Filed: September 26, 2018
    Date of Patent: April 2, 2019
    Assignee: CyberArk Software Ltd.
    Inventors: Yair Sade, Andrey Dulkin
  • Patent number: 10242342
    Abstract: One or more embodiments of techniques or systems for intelligent data presentation are provided herein. Data can be presented on similar devices having different characteristics in different manners. For example, data may be rendered in a first manner on a first device having one monitor, the same data may be rendered in a second manner on a second device having two displays or a different display size. Financial information, sales data, banking information, etc. may be presented in a variety of ways based on capabilities or properties of a device accessing the information or data. Similarly, renderings may be selected based on interaction capabilities or interaction options a user may have with different renderings or presentations. In other embodiments, user interaction with an automated teller machine (ATM), call center, vehicle, or other interface can be based on device properties or device capabilities.
    Type: Grant
    Filed: December 12, 2017
    Date of Patent: March 26, 2019
    Assignee: WELLS FARGO BANK, N.A.
    Inventors: Stephen M. Ellis, Bipin Sahni, David Hatch, Shahid Razzaq
  • Patent number: 10242220
    Abstract: A computer implemented system and method of sharing files between a link sharer and a link recipient over a network. The method comprises generating, in response to a request by a link sharer, a file sharing link to a file set, where the link does not provide a link recipient the ability to modify the contents of the linked file set. In response to receiving an indication that the generated link has been activated by a link recipient, displaying a representation of the linked file set with a display element configured to send a request for modification rights to the linked file set when activated by the link recipient. In response to receiving the request for modification rights, either automatically granting modification rights to the linked file set or sending notice to the link sharer indicating that the link recipient is requesting modification rights to the linked file set.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: March 26, 2019
    Assignee: Dropbox, Inc.
    Inventors: Ivan Kirigin, Olumakinde Adegboyega Adeagbo
  • Patent number: 10237060
    Abstract: A data protector is described. In an implementation, the data protector promotes and enforces a data retention policy of a data consumer. In an implementation, the data protector limits access to sensitive data to the data consumers. A key manager provides a time-limited encryption key to the data protector. Responsive to collection of the time-limited encryption key from the key manager and sensitive data from a data provider, the data protector encrypts the sensitive data with the time-limited encryption key effective to produce encrypted sensitive data. In some embodiments, the data protector provides a data consumer with access to the encrypted sensitive data and the key manager provides the data consumer with access to the time-limited encryption key to decrypt the encrypted sensitive data. The key manager deletes the time-limited encryption key in compliance with the data retention policy of the data consumer.
    Type: Grant
    Filed: June 23, 2011
    Date of Patent: March 19, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Kambiz Kouladjie, Robert Blanch, Robert Devine
  • Patent number: 10218681
    Abstract: A network control apparatus and method is provided. The method includes operations of informing a server of capability information including an encryption/decryption method, wherein the server provides the network control apparatus with control information used to control a network device using a general-purpose control web application, transmitting to the server a control information requesting message that requests the control information, receiving from the server the control information which has been encrypted using the encryption/decryption method, decrypting the encrypted control information according to the encryption/decryption method, and transmitting a control command for controlling the network device according to the decrypted control information.
    Type: Grant
    Filed: April 27, 2015
    Date of Patent: February 26, 2019
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Ho Jin, Jong-wook Park, Young-chul Sohn
  • Patent number: 10212176
    Abstract: Entity group behavior profiling. An entity group is created that includes multiple entities, where each entity represents one of a user, a machine, and a service. A behavior profile is created for each one of the entities of the entity group. The behavior of each of one of the entities of the entity group is monitored to detect behavior change. An indicator of compromise is detected based on multiple ones of the entities experiencing substantially a same behavior change.
    Type: Grant
    Filed: June 18, 2015
    Date of Patent: February 19, 2019
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: Jisheng Wang
  • Patent number: 10205712
    Abstract: In an example, there is disclosed a computing apparatus, comprising: a trusted execution environment (TEE); and a security engine operable to: identify a key negotiation for an encrypted connection between a first device and a second device; request a service appliance key for the key negotiation; receive the service appliance key; and perform a service appliance function on traffic between the first device and the second device. There is also disclosed a method of providing the security engine, and a computer-readable medium having stored thereon executable instructions for providing the security engine.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: February 12, 2019
    Assignee: McAfee, LLC
    Inventors: Ned M. Smith, Simon Hunt, Venkata Ramanan Sambandam
  • Patent number: 10200451
    Abstract: In various example embodiments, a system and method for transferring the state of a first device to a second device are disclosed. Information associated with a current state of a first device is captured. The captured information includes application states associated with a plurality of corresponding applications that are executing on the first device at the time of capturing the information. A type of connection to be used to transfer the state of the device is determined based on the connections available to the first device and the second device. The file containing the information of the state of the first device is transferred to the second device using the connection type. The file, when processed by the second device, causes the second device to reproduce the state of the first device.
    Type: Grant
    Filed: March 29, 2017
    Date of Patent: February 5, 2019
    Assignee: eBay Inc.
    Inventor: Matthew Scott Zises
  • Patent number: 10193697
    Abstract: A method and apparatus for a certificate authority system providing authentication to a plurality of devices associated with an organization are described. The method may include receiving, at the certificate authority system, a request from a device to sign authentication information of the device, wherein the device is associated with the organization. The method may also include sending a challenge to the device to perform an action with a system other than the certificate authority system, and receiving the response to the challenge from the device. Furthermore, the method may include verifying that the response was generated correctly based on the challenge, and signing the authentication information of the device with one or more keys of the certificate authority system as an authentication of an identity of the device.
    Type: Grant
    Filed: May 14, 2018
    Date of Patent: January 29, 2019
    Assignee: STRIPE, INC.
    Inventors: Carl Jackson, Bryan Berg, David Terrance Bartley, Evan Broder
  • Patent number: 10187383
    Abstract: A method of pushing passwords, and a pushing system are provided. The method includes establishing a sharing cryptographic library which stores a plurality of application program identification codes, account names and passwords, receiving first biological characteristic information of a user, and simultaneously receiving a push request including second biological characteristic information and a current application program identification code. An account name and a password of the current application program identification code from the sharing cryptographic library is read, and the account name and the password is pushed to a second terminal device when the first biological characteristic information matches with the second biological characteristic information.
    Type: Grant
    Filed: December 18, 2017
    Date of Patent: January 22, 2019
    Assignee: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP., LTD.
    Inventors: Haiping Zhang, Yibao Zhou
  • Patent number: 10187403
    Abstract: A system detects a security attack through a network-based application. The system receives a runtime request for invocation of a function and dynamically determines if the request for invocation of the function is associated with a cross-site scripting attack. In response to determine the function is associated with a cross-site scripting attack, the system stores information associated with the request, which is used for determining if the request is a legitimate request or a cross-site scripting attack.
    Type: Grant
    Filed: December 2, 2015
    Date of Patent: January 22, 2019
    Assignee: SALESFORCE.COM, INC.
    Inventors: Amalkrishnan Chemmany Gopalakrishnan, Angel Prado, Sun Hwan Kim, Omkar Ramesh Kulkarni, Harsimranjit Singh Chabbewal
  • Patent number: 10182349
    Abstract: Systems and methods for user identification and authentication are disclosed. In one embodiment, a method of authenticating a first party to a second party may include the following: (1) receiving, from one of an electronic device of a first party and an electronic device of a second party, a request to generate authenticating indicia; (2) using at least one of a plurality of computer processors, generating the authenticating indicia; (3) transmitting, over a network, the authenticating indicia to the electronic device of a first party and to the electronic device of the second party; (4) receiving, from an electronic device of the second party, an indication that the second party has confirmed that the first party is authentic; and (5) storing an identity of the first party, the second party, and the authenticating indicia in a database.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: January 15, 2019
    Assignee: JPMorgan Chase Bank, N.A.
    Inventors: Kelly W. Scott, Tina Sanders Pragoff, Ravi Acharya, Michael W. Andrews, Michael L. Traxler
  • Patent number: 10171426
    Abstract: A network control apparatus and method is provided. The method includes operations of informing a server of capability information including an encryption/decryption method, wherein the server provides the network control apparatus with control information used to control a network device using a general-purpose control web application, transmitting to the server a control information requesting message that requests the control information, receiving from the server the control information which has been encrypted using the encryption/decryption method, decrypting the encrypted control information according to the encryption/decryption method, and transmitting a control command for controlling the network device according to the decrypted control information.
    Type: Grant
    Filed: April 27, 2015
    Date of Patent: January 1, 2019
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Ho Jin, Jong-wook Park, Young-chul Sohn