Patents Examined by Zachary Davis
  • Patent number: 10715334
    Abstract: Various embodiments include one or more of systems, methods, software, and data structures for validating a digital signature, wherein common information in a certification chain is maintained in one entry of a Document Secure Store (DSS). The DSS separates the Long Term Validation (LTV) information from the digital signature, allowing amendment of and addition to the LTV information in the DSS after a digital signature is applied to a document.
    Type: Grant
    Filed: August 2, 2017
    Date of Patent: July 14, 2020
    Assignee: Adobe Inc.
    Inventors: Isak Tenenboym, Marc T. Kaufman, Philip Levy
  • Patent number: 10701097
    Abstract: A non-transitory processor-readable medium stores code that represents instructions that, when executed at a processor, cause the processor to access an attack description; intercept a data set from an application via an application programming interface (API), where the intercepted data set is based on an attack data set and where the attack data set is used to test for a security vulnerability in the application; correlate, using a Hamming distance, the intercepted data set with the attack description using a correlation type identifier; and report the security vulnerability for the application in response to the intercepted data set based at least in part on a result of the correlation.
    Type: Grant
    Filed: December 20, 2011
    Date of Patent: June 30, 2020
    Assignee: MICRO FOCUS LLC
    Inventors: Matias Madou, Brian V. Chess, Sean Patrick Fay
  • Patent number: 10664844
    Abstract: A method for tokenizing credentials is disclosed. In addition to a token, a verification value can be provided for each interaction. The verification value can be generated based at least in part on a dynamic data element. The dynamic data element may be kept secret, while the verification value can be distributed for use during an interaction. When the verification value is used, it can be validated by re-creating the verification value based at least on the stored dynamic data element.
    Type: Grant
    Filed: March 28, 2017
    Date of Patent: May 26, 2020
    Assignee: Visa International Service Association
    Inventors: Prasanna L. Narayan, Phillip Kumnick, Madhu Vasu
  • Patent number: 10664843
    Abstract: A method for tokenizing credentials is disclosed. In addition to a token, a verification value can be provided for each interaction. The verification value can be generated based at least in part on a dynamic data element. The dynamic data element may be kept secret, while the verification value can be distributed for use during an interaction. When the verification value is used, it can be validated by re-creating the verification value based at least on the stored dynamic data element.
    Type: Grant
    Filed: December 2, 2016
    Date of Patent: May 26, 2020
    Assignee: Visa International Service Association
    Inventors: Prasanna L. Narayan, Phillip Kumnick, Madhu Vasu
  • Patent number: 10659959
    Abstract: A secure cell broadcast method entails defining a group of mobile devices, reserving a channel for the group, associating cryptographic key material with the group, notifying the mobile devices of the channel for the group, securely providing the key material to the mobile devices of the group, and broadcasting on the channel a secure broadcast message that is encrypted such that the mobile devices of the group receiving on the channel can receive and decrypt the secure broadcast message using the key material.
    Type: Grant
    Filed: November 12, 2014
    Date of Patent: May 19, 2020
    Assignee: BlackBerry Limited
    Inventors: John David Netto, Shu-Lin Chen
  • Patent number: 10567357
    Abstract: According to one embodiment, an apparatus is configured to receive a request to communicate a message including a body to an intended recipient and to receive a first public key of the intended recipient and a second public key of the intended recipient. The apparatus is further configured to encrypt the body using a first message key to produce a first encrypted body, to encrypt the first message key using the first public key to produce a first encrypted message key, to encrypt the first encrypted message key and the first encrypted body using a second message key to produce a second encrypted body, and to encrypt the second message key using the second public key to produce a second encrypted message key. The apparatus is also configured to communicate an encrypted message to the intended recipient, the encrypted message including the second encrypted message key and the second encrypted body.
    Type: Grant
    Filed: October 2, 2015
    Date of Patent: February 18, 2020
    Assignee: ZixCorp Systems, Inc.
    Inventor: David Joseph Robertson
  • Patent number: 10554688
    Abstract: Traffic into and out of an organization-level network is monitored. A request for an encryption key from ransomware infecting a computer in the organization-level network to a remote command and control server is detected. A simulated reply to the ransomware is generated. A known encryption key for which the corresponding decryption key is also known is substituted for the encryption key supplied by the C&C server. The simulated reply containing the substituted known key is then supplied to the ransomware, such that the ransomware uses the known encryption key to encrypt files accessible from the computing device, and requests payment in order to provide a decryption key. Instead of paying the ransom, the encrypted files are decrypted using the known decryption key corresponding to the known encryption key which was provided to the ransomware.
    Type: Grant
    Filed: May 30, 2017
    Date of Patent: February 4, 2020
    Assignee: CA, Inc.
    Inventors: Candid Wueest, Himanshu Anand
  • Patent number: 10516649
    Abstract: One or more integrated circuits for implementing a network firewall for a cloud computing platform are disclosed. The one or more integrated circuits comprise: special-purpose hardware, configured to perform: receiving an item in a transport layer from a second hardware portion through a communication bus, the item being derived from original data received by the second hardware portion from a source computer device; and applying processing in increasingly higher communication layers to the item to obtain processed data in an application layer. The applying comprises identifying a payload in the item; determining whether the item includes a security attack based on the payload, the original data, and additional data received from the source computer device before or after the original data was received; and transmitting the processed data, including a result of the determining, to the second hardware portion.
    Type: Grant
    Filed: June 27, 2018
    Date of Patent: December 24, 2019
    Assignee: VALTIX, INC.
    Inventors: Vishal Jain, Vijay Chander, Praveen Patnala
  • Patent number: 10491591
    Abstract: A method of a mesh network involves generating by a source node a random token to be included in a query packet having a source ID and a query for a destination node; transmitting the query packet to the destination node through a relay node; receiving at the destination node the query packet; adding, by the destination node, the random token to a response packet for the source node; and transmitting the response packet including the random token to the source node through the relay node. Also disclosed are arrangements for a source node, a relay node and a destination node, as well as a mesh network.
    Type: Grant
    Filed: January 18, 2016
    Date of Patent: November 26, 2019
    Inventors: Christoffer Jerkeby, Ian Kumlien
  • Patent number: 10466693
    Abstract: Techniques for using an aerial vehicle to provide a data service are provided. For example, information about a request for the data service is accessed. The request is sent to a provider computing device and identifies a user computing device to receive the data service. The provider computing device is configured to provide the data service. A location associated with providing the data service is determined based on the request. The aerial vehicle is flown to the location. The aerial vehicle includes a computing system configured to provide a portion of the data service. Based on detecting that the aerial vehicle is within a range of the location, the aerial vehicle provides the portion of the data service to the user computing device by using, for example, the computing system.
    Type: Grant
    Filed: August 2, 2018
    Date of Patent: November 5, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Abdul Sathar Sait
  • Patent number: 10320784
    Abstract: Methods, non-transitory computer readable media, and security management computing devices are disclosed herein. With this technology, an executable code is sent to a client. The executable code is configured to obtain information associated with the client, assemble the information into a fingerprint, and return the fingerprint. A determination is made when the fingerprint is returned from the client. When the determining indicates that the fingerprint has been returned, a determination is made when a record of a reputation database matches the fingerprint. Historical data in the record is updated to include information associated with the request and an action is initiated based on the historical data or other data included in the record. The action includes blocking an access request or providing access to a requested resource to the client, when the determining indicates that the record of the reputation database matches the fingerprint.
    Type: Grant
    Filed: November 12, 2015
    Date of Patent: June 11, 2019
    Assignee: F5 Networks, Inc.
    Inventors: Ron Talmor, Yaniv Shemesh
  • Patent number: 10299126
    Abstract: A hotspot provides an open wireless network and a secure wireless network. The open wireless network has no network-level encryption and allows open association therewith. The secure wireless network employs network-level encryption and requires authentication of a received access credential from a client device before allowing association therewith. A system for authorizing the client device for secured access at the hotspot includes an access controller configured to establish an encrypted connection between the client device and a login portal of the hotspot over the open wireless network, and to store a user-specific access credential transmitted via the encrypted connection as a valid access credential in a credential database. The credential database is accessed by wireless access points of the hotspot to authenticate the received access credential from the client device in response to a request from the client device to associate with the secure wireless network.
    Type: Grant
    Filed: March 28, 2018
    Date of Patent: May 21, 2019
    Assignee: Guest Tek Interactive Entertainment Ltd.
    Inventors: Ellison W. Bryksa, Andrew T. MacMillan
  • Patent number: 10277626
    Abstract: Techniques for network traffic filtering and flow control are disclosed. Some implementations provide a network communication evaluation module (“NCEM”) that executes on a networking device, such as a gateway or router, and performs network traffic control, such as suppressing denial of service attacks or otherwise limiting packet flow. The NCEM performs packet filtering in order to identify and drop packets that are being (or are likely to be) transmitted as part of a denial of service attack. The NCEM conditionally drops packets that meet specified conditions or rules. For example, the NCEM may drop all packets that are using a nonauthentic source address. As another example, the NCEM may limit the volume of packets of a particular type, such as by limiting the number of DNS requests that are made during a specified time interval.
    Type: Grant
    Filed: November 9, 2017
    Date of Patent: April 30, 2019
    Inventor: Daniel Chien
  • Patent number: 10216961
    Abstract: An administrator may set restrictions related to the operation of a virtual machine (VM), and virtualization software enforces such restrictions. There may be restrictions related to the general use of the VM, such as who may use the VM, when the VM may be used, and on what physical computers the VM may be used. There may be similar restrictions related to a general ability to modify a VM, such as who may modify the VM. There may also be restrictions related to what modifications may be made to a VM, such as whether the VM may be modified to enable access to various devices or other resources. There may also be restrictions related to how the VM may be used and what may be done with the VM. Information related to the VM and any restrictions placed on the operation of the VM may be encrypted to inhibit a user from circumventing the restrictions.
    Type: Grant
    Filed: January 27, 2016
    Date of Patent: February 26, 2019
    Assignee: VMware, Inc.
    Inventors: Matthew David Ginzton, Matthew B. Eccleston, Srinivas Krishnamurti, Gerald C. Chen, Nick Michael Ryan
  • Patent number: 10218737
    Abstract: A system, method, and computer-readable medium for reporting sensor data over a communication network are provided. A data reporting instruction that identifies at least one of a sensor or a data reporting technique is received from a trust mediator over a communication network. The data reporting instruction is based at least in part on an identified risk. Sensor data is obtained from the sensor, and the sensor data is transmitted to the trust mediator over the communication network based on the data reporting technique.
    Type: Grant
    Filed: April 10, 2018
    Date of Patent: February 26, 2019
    Inventor: Samuel A. Bailey, Jr.
  • Patent number: 10178092
    Abstract: Methods and apparatus in accordance with various embodiments provide for private service IDs for utilization in wireless devices in neighbor aware networks. One aspect of the subject matter described in the disclosure provides a method of transmitting service information in a wireless neighborhood aware network. The method includes generating a first message having a first service identifier. The first service identifier includes a first hash value based on a service name and timing information. The first hash value is generated by applying a first hash function. The method further includes transmitting the first message.
    Type: Grant
    Filed: November 14, 2014
    Date of Patent: January 8, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Santosh Paul Abraham, Alireza Raissinia, George Cherian
  • Patent number: 10148655
    Abstract: Systems and methods for extending and re-using an IP multimedia subsystem (IMS) to extend the trust relationship from a closed group of customers of wireless service providers to users of other ecosystems (e.g., GMAIL, FACEBOOK, or YAHOO!) for IMS services are disclosed. Some embodiments include receiving a request from an initiating device to establish a service connection between the initiating device and an endpoint through an Internet Protocol Multimedia Subsystem (IMS) session. The request may include third-party domain credentials (e.g., maintained by a third-party domain) associated with an end-user. The third-party domain credentials can be extracted from the request. Communications with the third-party domain can be used to verify the third-party domain credentials. The IMS session can be established between the initiating device and the endpoint upon verification of the third-party domain credentials.
    Type: Grant
    Filed: June 14, 2017
    Date of Patent: December 4, 2018
    Assignee: T-Mobile USA, Inc.
    Inventors: Mehul Shah, Cameron Byrne
  • Patent number: 10135616
    Abstract: A method and apparatus are presented for revoking cryptographic keys within a distributed ledger system in which no central trusted authority is available. A key revocation message is sent by a network connected device to other network connected devices over a peer-to-peer network for inclusion in a ledger. In one embodiment the revocation message is signed using a private key of a public/private key pair to be revoked. In another embodiment an authorization for future revocation of the public/private key pair by a plurality of other public/private keys is sent for inclusion in the ledger, and subsequently the key revocation message is signed with one of the private keys of the plurality of other public/private key pairs before sending the key revocation message. Once a valid key revocation message is included in the ledger, any future request to include a message signed by a cryptographic key revoked by the valid key revocation message is rejected.
    Type: Grant
    Filed: May 7, 2016
    Date of Patent: November 20, 2018
    Inventor: Keir Finlow-Bates
  • Patent number: 10120993
    Abstract: A system includes a tag having a machine readable tag identifier (Tag ID) configured to be read by a reader; and a device to be identified by the tag, in which: the device is configured to communicate with the reader; the device has access to a secure Tag ID; and the device communicates a verification to the reader if the machine readable Tag ID communicated to the device from the reader matches the secure Tag ID. A method includes: reading a Tag ID from a tag attached to a device; communicating the Tag ID read from the tag to the device; comparing a secure Tag ID of the device to the Tag ID read from the tag; and responding with a “match” or “no-match” message from the device, according to which the device is either trusted or not trusted as being identified by the Tag ID. A method of verifying a trusted agent (TA) on a device includes: storing a digital signature of the TA in a secure vault of the device; and verifying the TA by verifying the digital signature of the TA each time the TA is used.
    Type: Grant
    Filed: September 14, 2015
    Date of Patent: November 6, 2018
    Assignee: PAYPAL, INC.
    Inventors: Sebastien Taveau, Hadi Nahari
  • Patent number: 10097571
    Abstract: A computer-implemented method includes receiving, by a computing device within a networking environment, a workload for execution within the networking environment; initiating, by the computing device, transfers of the workload to a plurality of network elements within the cloud networking environment; providing, by the computing device, tracking information of the workload as the workload traverses through the plurality of network elements; and storing or outputting, by the computing device, the tracking information regarding of the workload.
    Type: Grant
    Filed: March 23, 2016
    Date of Patent: October 9, 2018
    Inventors: Fred Allison Bower, III, Gary David Cudak, Ajay Dholakia, William Gavin Holland, Scott Kelso