Patents Examined by Zachary A Davis
  • Patent number: 9100191
    Abstract: A method for forming a digital certificate includes receiving contact information associated with the digital certificate. The contact information includes at least a name, a mailing address, and an email address. The method also includes receiving billing information associated with the digital certificate and receiving a Certificate Signing Request (CSR) for the digital certificate. The method further includes receiving a first name for use in forming the digital certificate and receiving a second name for use in forming the digital certificate. Moreover, the method includes receiving an indication of a vendor of web server software, receiving an indication of a service period for the digital certificate, and forming the digital certificate. The first name is stored in a Subject field of the digital certificate and the second name is stored in the SubjectAltName extension of the digital certificate.
    Type: Grant
    Filed: January 25, 2013
    Date of Patent: August 4, 2015
    Assignee: Symantec Corporation
    Inventors: Quentin Liu, Marc Loren Williams, Richard F. Andrews
  • Patent number: 9088553
    Abstract: A network device includes a first circuit configured to generate a plurality of packets, and insert, in each of the plurality of packets, a different value for a count. A second circuit receives one or more of the plurality of packets. A third circuit generates a plurality of seeds. Each of the plurality of seeds is based on (i) a predetermined key, (ii) an address of the network device, and (iii) a predetermined value for the count. A fourth circuit encapsulates each of the plurality of packets using one of the plurality of seeds generated based on the value for the count in the respective one of the plurality of packets. A fifth circuit sends a message comprising (i) the address of the network device and (ii) the predetermined value for the count, and sends, subsequent to sending the message, the plurality of encapsulated packets.
    Type: Grant
    Filed: October 31, 2013
    Date of Patent: July 21, 2015
    Assignee: Marvell International LTD.
    Inventors: Peter Loc, Rahul Kopikare
  • Patent number: 9075994
    Abstract: An attestation technique is provided for processing attestation data associated with a plurality of data processing systems. A first data processing system is operable for receiving a request for attestation from a requester. In response to receiving the request, the first data processing system is further operable for retrieving a list of one or more children, wherein the one or more children include the second data processing system; retrieving and storing attestation data associated with each of the one or more children; retrieving and storing attestation data associated with the first data processing system; and sending to the requester a concatenated response containing the attestation data associated with the first data processing system and the child attestation data associated with the one or more children.
    Type: Grant
    Filed: April 30, 2012
    Date of Patent: July 7, 2015
    Assignee: International Business Machines Corporation
    Inventors: David Haikney, David N. Mackintosh, Jose J. P. Perez
  • Patent number: 9044855
    Abstract: A system for generating contexts of targets to estimate a high-order context is provided. The system includes: a detection device including: a sensor for detecting a target; a module for extracting the target and a primary context of the target based on data detected by the sensor; and a module for encrypting the primary context with a key corresponding to the target; a storage device for recording encrypted primary context from the detection device; and a processing device including: a module for receiving the encrypted primary context from the storage device; a module for receiving the key corresponding to the target involved in the encrypted primary context; a module for decrypting the encrypted primary context using the received key; and a module for estimating a high-order context using the decrypted primary context, where the processing device further includes a module for requesting the detection device to delete information on a key corresponding to a specific target.
    Type: Grant
    Filed: June 20, 2012
    Date of Patent: June 2, 2015
    Assignee: International Business Machines Corporation
    Inventor: Michiharu Kudo
  • Patent number: 9047476
    Abstract: Example browser-based secure desktop applications for open computing platforms are disclosed. An example method disclosed herein to provide secure desktop functionality to a computing platform comprises providing, in response to a first request, a secure desktop application to the computing platform, the secure desktop application for execution by a browser on the computing platform, and establishing a secure communication connection between a service node and the secure desktop application, the secure communication connection to provide the secure desktop application with access to a trusted entity, the secure communication connection being accessible to a trusted application downloaded to the computing platform for execution by the browser in association with the secure desktop application, the secure communication connection being inaccessible to an untrusted application not executed in association with the secure desktop application.
    Type: Grant
    Filed: November 7, 2011
    Date of Patent: June 2, 2015
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Deepak Chawla, Urs A. Muller
  • Patent number: 9021546
    Abstract: A computer-implemented method for workload security in virtual data centers may include (1) identifying a virtual data center that hosts a plurality of workloads sharing a common computing infrastructure, (2) identifying a workload within the plurality of workloads that is subject to a sensitivity assessment that pertains to an application of at least one security policy to at least one computing resource used by the workload, (3) performing the sensitivity assessment for the workload based at least in part on an attribute of an allocated resource within the common computing infrastructure provisioned to the workload, and (4) applying the security policy to the computing resource based at least in part on the sensitivity assessment for the workload. Various other methods, systems, and encoded computer-readable media are also disclosed.
    Type: Grant
    Filed: November 8, 2011
    Date of Patent: April 28, 2015
    Assignee: Symantec Corporation
    Inventor: Deb Banerjee
  • Patent number: 9015840
    Abstract: A portable media system with a host computer system and method of operation thereof includes: accessing a public partition of the portable media system for a virus blocker for activation on the host computer system, the portable media system having a private partition for storing a file; sending a command from the virus blocker on the host computer system to open the private partition in the portable media system when the virus blocker is downloaded on the host computer system; blocking transfer of a virus between the host computer system and the portable media system with the virus blocker executing on the host computer system; and sending a command from the virus blocker on the host computer system to close the private partition when the virus blocker terminates activity on the host computer system.
    Type: Grant
    Filed: June 8, 2010
    Date of Patent: April 21, 2015
    Assignee: ClevX, LLC
    Inventors: Simon B. Johnson, Lev M. Bolotin
  • Patent number: 9009860
    Abstract: Systems and apparatuses disclosed herein provide for a tamper resistant electronic device. The electronic device can include a circuit board, housing, a security shield, one or more pressure sensitive switches, and security electronics. The security shield can cover a first area of the circuit board and be configured to sense tampering. The security shield can also be integrated into the first part of the housing, wherein a second area of the circuit board is covered by the housing and is outside of the security shield, both the first area and the second area having electronics therein. The security electronics on the circuit board can be coupled to the security shield and the one or more pressure switches, and can be configured to zeroize data stored on the circuit board if the security shield senses tampering or if one or more of the one or more pressure sensitive switches is disengaged.
    Type: Grant
    Filed: November 3, 2011
    Date of Patent: April 14, 2015
    Assignee: Cram Worldwide, LLC
    Inventors: R. Daren Klum, Matthew D. Fairchild, Daniel L. Hench, Keith A. Pagan, Robert Sean Hagen
  • Patent number: 9009483
    Abstract: A manufacturing entity provides a blinded signature to a secure device and associates a time with the blinded signature. If a signing key is compromised, the manufacturing entity provides a time of the compromise and the time associated with the blinded signature to the replacement authority.
    Type: Grant
    Filed: August 24, 2011
    Date of Patent: April 14, 2015
    Assignee: Intel Corporation
    Inventors: Matthew D. Wood, Ernie Brickell
  • Patent number: 8990911
    Abstract: Systems, methods and apparatus for providing single sign on across a plurality of resources is disclosed. An exemplary method includes receiving a request from a user to access a particular one of the plurality of resources; establishing an SSO session for the user if an SSO session has not been established; determining if the user has been authenticated to the particular resource, and if not, retrieving credentials for the user that are specific to the resource; presenting the credentials to the resource so as to create a session with the resource; and presenting a user interface for a customer to configure which of the plurality of resources can be accessed by users.
    Type: Grant
    Filed: March 25, 2009
    Date of Patent: March 24, 2015
    Assignee: EMC Corporation
    Inventors: Eric Olden, Darren C. Platt, Coby Royer, Keshava Berg, Joseph H. Wallingford, III
  • Patent number: 8977848
    Abstract: Systems and methods for providing safety and security functions are disclosed. The system includes a computing device that provides at least a first partition and a second partition. The computing device implements time and space partitioning to isolate resources available to the first partition and the second partition. The system also includes a safety module that operates in the first partition for providing safety functions for the system. The system further includes a security module that operates in the second partition for providing security functions for the system. A predefined communication interface is utilized to facilitate communications between the safety module and the security module. The communication interface defines a set of communications allowable between the safety module and the security module, wherein information sharing between the safety module and the security module is restricted to only the set of communications allowed through the communication interface.
    Type: Grant
    Filed: November 15, 2011
    Date of Patent: March 10, 2015
    Assignee: Rockwell Collins, Inc.
    Inventors: Brandon L. Tomlinson, Kevin R. Priest, Branden H. Sletteland, Michael J. Frerking, Cheryl L. Killham, Brian S. Cain, Jeffrey B. McNamara, Greg L. Shelton
  • Patent number: 8958562
    Abstract: Key requests in a data processing system may include identifiers such as user names, policy names, and application names. The identifiers may also include validity period information indicating when corresponding keys are valid. When fulfilling a key request, a key server may use identifier information from the key request in determining which key access policies to apply and may use the identifier in determining whether an applicable policy has been satisfied. When a key request is authorized, the key server may generate a key by applying a one-way function to a root secret and the identifier. Validity period information for use by a decryption engine may be embedded in data items that include redundant information. Application testing can be facilitated by populating a test database with data that has been encrypted using a format-preserving encryption algorithm. Parts of a data string may be selectively encrypted based on their sensitivity.
    Type: Grant
    Filed: January 16, 2007
    Date of Patent: February 17, 2015
    Assignee: Voltage Security, Inc.
    Inventors: Terence Spies, Matthew J. Pauker
  • Patent number: 8955140
    Abstract: A system for collecting and reporting sensor data in a communication network includes a microprocessor coupled to a memory and an electronic storage device. The microprocessor receives sensor data from sensors, and stores the sensor data for each sensor in the electronic storage device. The microprocessor also receives, via the communication network, a data reporting instruction defining a data reporting technique corresponding to the sensor data associated with one or more of the sensors. The data reporting instruction is stored in the electronic storage device, and the microprocessor transmits, to a trust mediator over the communication network, at least a portion of the sensor data based on the data reporting instruction. The trust mediator maintains an acceptable level of security for data throughout the communication network by adjusting security safeguards based on the sensor data.
    Type: Grant
    Filed: December 23, 2013
    Date of Patent: February 10, 2015
    Assignee: American Express Travel Related Services Company, Inc.
    Inventor: Samuel A. Bailey, Jr.
  • Patent number: 8950005
    Abstract: A web page running on a client computing device accesses a web application hosted by a remote server. The local application receives data from the web application. The client computing device uses a data loss prevention (DLP) policy to determine whether the web application is a sensitive web application. In response to determining that the web application is a sensitive web application, the client computing device restricts a capability of at least one of the local application or the client computing device to perform one or more operations associated with the data received from the web application.
    Type: Grant
    Filed: November 4, 2011
    Date of Patent: February 3, 2015
    Assignee: Symantec Corporation
    Inventor: Milind Torney
  • Patent number: 8943570
    Abstract: Exemplary network infrastructures and methods employing a Security Gateway utilize client authentication for use of a secure connection between an application client and an application server of a protected network. Once a secure connection has been set up, a Security Gateway can start a timer for establishing a period within which a password and username are to be received from the application client before traffic is allowed to exit the Security Gateway. If a username and password are provided while the timer is running, the Security Gateway can contact a single sign on (SSO) server to check whether the username and password are correct. If the username and password are valid, the Security Gateway can start relaying traffic externally to the application server. If an invalid username and password are provided or the timer times out before receipt of a username and password, the secure connection can be terminated.
    Type: Grant
    Filed: December 2, 2010
    Date of Patent: January 27, 2015
    Assignee: Cellco Partnership
    Inventor: Rohit Kalbag
  • Patent number: 8934550
    Abstract: A data processing apparatus that processes image data of a moving image is disclosed. The data processing apparatus includes: acquiring means for acquiring variations representing degrees of change in the image data, in a unit of picture; display-type determining means for determining, on the basis of the variations, display types, which represent display methods in displaying pictures, in a unit of picture; and display control means for causing a display to display type information representing display types of pictures and position information representing a position of a picture designated by picture-designation operating means operated in designating a picture to be displayed.
    Type: Grant
    Filed: February 13, 2007
    Date of Patent: January 13, 2015
    Assignee: Sony Corporation
    Inventors: Takaya Ono, Junichi Ogikubo
  • Patent number: 8931078
    Abstract: Various aspects of the disclosure relate to providing a per-application policy-controlled virtual private network (VPN) tunnel. In some embodiments, tickets may be used to provide access to an enterprise resource without separate authentication of the application and, in some instances, can be used in such a manner as to provide a seamless experience to the user when reestablishing a per-application policy controlled VPN tunnel during the lifetime of the ticket. Additional aspects relate to an access gateway providing updated policy information and tickets to a mobile device. Other aspects relate to selectively wiping the tickets from a secure container of the mobile device. Yet further aspects relate to operating applications in multiple modes, such as a managed mode and an unmanaged mode, and providing authentication-related services based on one or more of the above aspects.
    Type: Grant
    Filed: September 17, 2013
    Date of Patent: January 6, 2015
    Assignee: Citrix Systems, Inc.
    Inventors: Gary Barton, Zhongmin Lang, Nitin Desai, James Robert Walker
  • Patent number: 8925087
    Abstract: One embodiment relates to an apparatus for in-the-cloud identification of spam and/or malware. The apparatus includes computer-readable code configured to be executed by the processor so as to receive queries, the queries including hash values embedded therein. The apparatus further includes computer-readable code configured to be executed by the processor so as to detect a group of hash codes which are similar and to identify the group as corresponding to an undesirable network outbreak. Another embodiment relates to an apparatus for in-the-cloud detection of spam and/or malware. The apparatus includes computer-readable code configured to be executed by the processor so as to receive an electronic message, calculate a locality-sensitive hash based on the message, embed the locality-sensitive hash into a query, and send the query to a central analysis system via a network interface. Other embodiments, aspects and features are also disclosed.
    Type: Grant
    Filed: June 19, 2009
    Date of Patent: December 30, 2014
    Assignee: Trend Micro Incorporated
    Inventors: Jonathan James Oliver, Yifun Liang
  • Patent number: 8925070
    Abstract: An approach is provided for authenticating using user actions. A prompt is initiated on a display for an input to authenticate a user. The input is received as a sequence of user actions on the display. A predetermined sequence associated with the user is retrieved. The received sequence is compared with the predetermined sequence to determine a match. The user is declared to be authenticated based on the comparison.
    Type: Grant
    Filed: December 17, 2009
    Date of Patent: December 30, 2014
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Priyanka G. Sriraghavan, Lakshmi Nrusimhan N. V.
  • Patent number: 8924730
    Abstract: A system and method for embedding a watermark into a data file and communicating the data file to a particular node from a source component is described. The system includes a particular node, a source component, a node identifier request, a query, a watermark, a permutation key, an encrypted data file, and a node decryption key. The node identifier request is communicated from the source component to the particular node. The watermark is then embedded into the data file by the source component. The permutation key is configured to permute the watermark and the permutation key is changed so the location of the watermark changes. The encrypted data is decrypted at the particular node with the node decryption key that corresponds to the particular node. The particular node recovers the watermark from the data file with the permutation key.
    Type: Grant
    Filed: July 12, 2013
    Date of Patent: December 30, 2014
    Assignee: Xsette Technology, Inc.
    Inventors: Albert Carlson, Steven B. Cohen, Lawrence duBoef, H. Stan Johnson