Patents Issued in July 29, 2014
-
Patent number: 8793763Abstract: A prevention-based network auditing system includes a plurality of heterogeneous information sources gathering information about the network. An audit server invokes the heterogeneous information sources via a uniform communications interface to gather information about the network, and converts the information gathered by the information sources into a normalized data format such as, for example, into XML (Extensible Markup Language). The converted information is then stored in an audit repository for security and regulatory policy assessment, network vulnerability analysis, report generation, and security improvement recommendations.Type: GrantFiled: December 6, 2011Date of Patent: July 29, 2014Assignee: Preventsys, Inc.Inventors: John Leslie Williams, Brian Costello, John Patrick Ravenel, Thomas Paul Walpole
-
Patent number: 8793764Abstract: Information applied to a packet at an ingress port of a network may be used for enhancing security. The information applied to a packet may be “context information” which replaces at least some bits of layer 2 information (e.g., a header). Users or customers may define security policies. They may define different security policies for different types of transactions. They may also define security policies based on the location from which the transaction originated. If the customer is an organization with different classes of users, it may define different security policies. The class of user may be identified based on at least a part of the “context information”. At least a part of the context information may also be used to monitor a location from which a transaction originated, thereby permitting fraudulent uses to be traced.Type: GrantFiled: December 21, 2011Date of Patent: July 29, 2014Assignee: Verizon Patent and Licensing Inc.Inventor: Robert T. Baum
-
Patent number: 8793765Abstract: Disclosed is a data processing apparatus providing a predetermined function by executing a program for the data processing apparatus, including a first storage unit that stores encoded execution starting data for starting execution of the program; a first decode key storage unit that stores a first decode key capable of decoding the encoded execution starting data; a start up unit that obtains the first decode key from the first decode key storage unit when turning on the power is accepted and decodes the encoded execution starting data by the first decode key to start executing the program; and an authentication confirmation unit that sends a request for authentication to an external apparatus after the start up unit starts executing the program and starts providing the predetermined function when obtaining an authentication result indicating the apparatus is authenticated from the external apparatus.Type: GrantFiled: January 6, 2012Date of Patent: July 29, 2014Assignee: Ricoh Company, Ltd.Inventors: Alain Volmat, Shizu Kanauchi, Yoshinaga Kato, Takahiro Asai
-
Patent number: 8793766Abstract: In a method for scaling up/down security (non-functional) components of an application, determine (a) types of interactions and a number of each type of interaction each non-security (functional) component has with security components for a plurality of requests. Determine, based on (a) and an expected number of incoming requests to the application, (b) types of requests to and interactions with the security components involving the non-security components and (c) a number of requests to and interactions with the security components involving non-security components for each type of request to the security components involving non-security components. Determine, for each security component, a capacity required for each type of request involving the non-security components and a capacity required for each type of interaction involving the non-security components. Change the capacities of the security components to new capacities, wherein the new capacities are based on (a), (c) and the determined capacities.Type: GrantFiled: March 13, 2012Date of Patent: July 29, 2014Assignee: International Business Machines CorporationInventors: Ashish Kundu, Ajay Mohindra, Sambit Sahu
-
Patent number: 8793767Abstract: The present disclosure provides for selectively enabling a primary communication channel upon receipt of enablement instructions received via a secondary communication channel. In some embodiments, a first intelligent electronic device (IED) may be connected to a second IED via a primary communication channel. In various embodiments, the primary communication channel may be selectively and/or temporarily enabled by transmitting an enablement instruction via a secondary communication channel. The secondary communication channel may be relatively more secure than the primary communication channel. In some embodiments, the secondary communication channel may also connect the first and second IEDs. Accordingly, the first IED may transmit an enablement instruction to the second IED in order to temporarily enable communication via the primary communication channel between the first and second IEDs.Type: GrantFiled: August 30, 2012Date of Patent: July 29, 2014Assignee: Schweitzer Engineering Laboratories IncInventors: Edmund O. Schweitzer, III, David E. Whitehead, Rhett Smith, Mark Weber
-
Patent number: 8793768Abstract: Methods and apparatus, including computer program products, related to relationship-based authorization. In general, data characterizing a request for authorization to a computer-based resource is received, and the authorization may be provided based on one or more relationships of a requesting principal. A determination may be made as to whether a requesting principal is authorized, which may include determining whether the requesting user has a relationship with a principal that has management rights of the computer-based resource and determining whether the relationship allows for an access, such as a use of the computer-based resource, if the requesting principal has a relationship with the other principal. If there is no such relationship, a determination may be made as to whether an organization of the requesting principal has a relationship with the other principal that allows for the access.Type: GrantFiled: April 11, 2007Date of Patent: July 29, 2014Assignee: Medox Exchange, Inc.Inventor: Michael E. Beck
-
Patent number: 8793769Abstract: A authenticating system and process for authenticating user devices to a access a media service where access to certain portions of the media service may be limited according to a gateway or other device used by a user device to facilitate interfacing a user with the media service. The authentication may be achieved without directly assessing a trustworthiness of the user devices, and optionally, without requiring a user thereof to complete a sign-on operation.Type: GrantFiled: December 31, 2009Date of Patent: July 29, 2014Assignee: Cable Television Laboratories, Inc.Inventors: Oscar Marcia, Stuart Hoggan, Simon Krauss
-
Patent number: 8793770Abstract: A method for authorizing use of Augmented Reality (AR) information includes acquiring information regarding a location at which the AR information is to be provided, authorizing a user to use the AR information, creating attribute information including the AR information, the location information, and authority information, and transmitting the attribute information to an AR system. The AR system can register the attribute information, and can provide the AR information only to authorized users. An apparatus to authorize use of Augmented Reality (AR) information includes a location information acquiring unit, an authorization unit to authorize a user to use the AR information, and an AR information processor to create attribute information. The attribute information is transmitted to an AR system as a request for the AR system to register the attribute information so the AR system provides the AR information only to authorized users.Type: GrantFiled: January 13, 2011Date of Patent: July 29, 2014Assignee: Pantech Co., Ltd.Inventor: Jae-Young Lim
-
Patent number: 8793771Abstract: With a conventional image-display system, a presenter sometimes has difficulty in providing every viewer with an easy-to-see picture. When projecting an image transmitted from a computer operated by the presenter and enabling the viewer to watch the image projected by the projector, the projector receives image data transmitted through two-way communication from the computer operated by the presenter, projects an image represented by the received image data and transmits the received image data to a client computer operated by the viewer through the two-way communication, and the client computer receives the image data transmitted through the two-way communication and displays the image represented by the received image data on its display.Type: GrantFiled: June 22, 2012Date of Patent: July 29, 2014Assignee: Seiko Epson CorporationInventors: Minoru Sato, Shinji Kubota, Toru Karasawa
-
Patent number: 8793772Abstract: A computer readable medium stores a program for enabling access to a wireless local area network (WLAN) from a dual mode device. The program enables the dual mode device to detect presence of a WLAN access point. The program also transmits information about the access point and about the dual mode device via a cellular network to a clearinghouse server. A portion of the program receives the information via the cellular network, the information identifying the dual mode device and an access point of a WLAN provider. The program then determines whether the dual mode device has permission to access the access point. When permission exists, the program informs the WLAN provider. The dual mode device accesses the WLAN access point in response to the clearinghouse server approving access.Type: GrantFiled: April 26, 2006Date of Patent: July 29, 2014Assignee: AT&T Intellectual Property I, L.P.Inventors: Anil Doradla, Rias Muhamed
-
Patent number: 8793773Abstract: System and method for providing reciprocity in a reputation system are described.Type: GrantFiled: January 30, 2008Date of Patent: July 29, 2014Assignee: Apple Inc.Inventor: Duane Buss
-
Patent number: 8793774Abstract: In one embodiment, a method includes receiving a configuration request and a first key from a network device, granting a first class of access to the network device, sending a configuration instruction to the network device, receiving an association request from the network device, and granting a second class of access to the network device. The configuration request and the first key are received at a first time. The network device is outside a secure network segment at a first time. The first class of access is granted based on the first key. The configuration instruction is send in response to granting the first class of access. The association request includes a second key. The granting the second class of access is based on the second key.Type: GrantFiled: March 31, 2009Date of Patent: July 29, 2014Assignee: Juniper Networks, Inc.Inventors: Jainendra Kumar, Vineet Dixit, Prabhu Seshachellum
-
Patent number: 8793775Abstract: Provided is a method and apparatus for managing a web based service account. The web based service account management apparatus may select, from among web based service accounts, an account undesired to be exposed to others, and may display an account set with a hiding indication only when a user authenticated through a user authentication process desires to read the account.Type: GrantFiled: December 15, 2010Date of Patent: July 29, 2014Assignee: Electronics and Telecommunications Research InstituteInventors: Seong Chul Cho, Hyung Jin Kim, Gweon Do Jo, Dae ho Kim
-
Patent number: 8793776Abstract: A system and method for authenticating a log-in request based on location using an authentication application. The authentication application includes a processing unit, a location module, an authentication module, a user interface engine, and a notification module. The processing unit receives a log-in request from a third party application. The processing unit also receives a location of the log-in request and a location of a registered user device. The location module computes a distance between the location of the log-in request and the location of the registered user device. The authentication module determines whether the computed distance exceeds a threshold. The authentication module authenticates the log-in request responsive to determining that the computed distance is within or less than the threshold. The authentication module denies authentication to the log-in request responsive to determining that the computed distance exceeds the threshold.Type: GrantFiled: September 12, 2011Date of Patent: July 29, 2014Assignee: Google Inc.Inventor: Dean K. Jackson
-
Patent number: 8793777Abstract: Embodiments of the present invention provide verification and/or authentication service engines that provide a customizable solution that can be “dialed” based on the risk level assigned to individual or grouped applications. The systems can also incorporate internal and external sources of data used to verify information provided by the user. It is dynamic and can pull information from a myriad of sources during the verification process, enabling credit reporting agencies (e.g., Equifax and others), FSPs, and other service providers to facilitate real-time approval and access to products and services.Type: GrantFiled: June 29, 2012Date of Patent: July 29, 2014Assignee: Equifax, Inc.Inventor: Christen J. Colson
-
Patent number: 8793778Abstract: Enables trusted user access of computer systems for example that verifies trusted users and may allow trusted users to bypass challenge-response tests, while limiting access by automated processes and unwanted human challenge-response test solvers. Embodiments may implement an account that may be utilized across websites to enable a valid or trusted user to bypass challenge-response tests. Embodiments of the invention cost time, or cost a nominal fee, or require use of something that may be validated as owned by a user such as a physical address or cell phone, or trusted referral or social graph or any combination thereof, but cost large amounts time or money for spammers using cheap third world labor, thus making it expensive to invoke attacks on sites protected by embodiments of the invention.Type: GrantFiled: August 31, 2012Date of Patent: July 29, 2014Assignee: Spamcaptcher Inc.Inventors: Stefan Marinov, Kieran Miller
-
Patent number: 8793779Abstract: Single sign-on process allowing a mobile user with a mobile phone or with a laptop to remote-access a remote server, comprising the steps of: (1) sending a first authenticator over a first communication layer to a first intermediate equipment between said mobile equipment and said remote server, (2) verifying in said first intermediate equipment said first authenticator sent by said mobile equipment, (3) if said first authenticator is accepted by said first intermediate equipment, completing the communication layer between said mobile equipment and said intermediate equipment, (4) repeating steps (1) to (3) with a plurality of successive intermediate equipment and over a plurality of successive communication layers, until a communication has been completed at the last requested communication layer between said mobile equipment and said remote server, wherein at least a plurality of said authenticators are furnished by a smart-card in said mobile equipment.Type: GrantFiled: September 14, 2005Date of Patent: July 29, 2014Assignee: Swisscom AGInventors: Azim Ferchichi, Eric Lauper
-
Patent number: 8793780Abstract: A system and method, implementable using an authenticating device, are provided for authenticating requesting devices such as mobile devices and other communication devices over a network. At least one group shared secret is provisioned on a plurality of requesting devices, which are further provided with other authentication credentials such as a shared secret for full authentication by the authenticating device. When authentication is sought, the requesting device transmits a pre-authentication request comprising one of the group shared secrets to the authenticating device, which verifies that group shared secret. The group shared secrets may be stored in volatile memory at the authenticating device. If the group shared secret is verified, the authenticating device will authenticate that same device in response to a subsequent authentication request.Type: GrantFiled: April 11, 2011Date of Patent: July 29, 2014Assignee: BlackBerry LimitedInventor: David Robert Suffling
-
Patent number: 8793781Abstract: A method and system are disclosed for analyzing policies for compliance with a specified policy. The method comprises the steps of creating a policy template representing said specified policy, and comparing a group of given policies to said policy template to determine whether said given policies conflict with said specified policy. In the preferred embodiment of the invention, the specified policy may include specified rules, the given policies include a plurality of given rules, and the policy template expresses said specified rules. In this preferred embodiment, the comparing step includes the step of comparing said plurality of given rules to the policy template to determine whether any of said given rules conflicts with said specified rules. In addition, preferably, if conflicts are found between said given policies and said specified policy, the given policies are modified to eliminate the conflicts.Type: GrantFiled: October 12, 2007Date of Patent: July 29, 2014Assignee: International Business Machines CorporationInventors: Aldo P. Grossi, Claire-Marie N. Karat, Peter K. Malkin, Nevenko Zunic
-
Patent number: 8793782Abstract: A method for injecting a security token into an authentication protocol response is disclosed. An authentication protocol response from a node requesting access to a network is intercepted. It is determined if the node complies with a health policy of the network. A security token is inserted into the authentication protocol response based on the compliance node.Type: GrantFiled: May 27, 2010Date of Patent: July 29, 2014Assignee: Crimson CorporationInventor: Jin Su
-
Patent number: 8793783Abstract: Methods, apparatuses, and computer program products for dynamic allocation of network security credentials for alert notification recipients are provided. Embodiments include receiving from a managed system, by an alert management system, an alert indicating one of a failure in the managed system and a pending failure in the managed system; selecting, by the alert management system, a remote device from a plurality of remote devices registered for remote access with the alert management system; preapproving, by the alert management system, network security clearance of the selected remote device, the network security clearance for remote access to the management system via a virtual private network (VPN) interface; and transmitting to the selected remote device, by the alert management system, an alert notification that includes an internet address corresponding to the VPN interface.Type: GrantFiled: December 20, 2011Date of Patent: July 29, 2014Assignee: International Business Machines CorporationInventors: Albert D. Bennah, David J. Rudda, Jr.
-
Patent number: 8793784Abstract: The method includes the steps of: a) generating by an application software (SWA) a message forming a key (DKE) comprising an encrypted data field containing a time-stamping or sequencing time marker; b) transferring the message to a portable communication device (CD), held by a user; c) transmitting the message, by short-range transmission, from the communication device to a reading interface (ERED) coupled to a lock device (LOCK); d) analyzing the message by decrypting the data field and checking the consistency of the time marker with an inner clock of the interface or with a sequence number memorized in the interface; and e) in case of compliant message, sending from the interface to the lock device a digital accreditation (OPEN) stored in memory in the interface and to operate the lock device unlocking upon recognizing the compliance of said digital accreditation.Type: GrantFiled: March 6, 2012Date of Patent: July 29, 2014Assignee: Openways SASInventors: Pascal Métivier, Aitor Agueda
-
Patent number: 8793785Abstract: A microprocessor includes a model specific register (MSR) having an address, fuses manufactured with a first predetermined value, and a control register. The microprocessor initially loads the first predetermined value from fuses into the control register. The microprocessor also receives a second predetermined value into the control register from system software of a computer system comprising the microprocessor subsequent to initially loading the first predetermined value into the control register. The microprocessor prohibits access to the MSR by an instruction that provides a first password generated by encrypting a function of the first predetermined value and the MSR address with a secret key manufactured into the first instance of the microprocessor and enables access to the MSR by an instruction that provides a second password generated by encrypting the function of the second predetermined value and the MSR address with the secret key.Type: GrantFiled: October 15, 2013Date of Patent: July 29, 2014Assignee: Via Technologies, Inc.Inventors: G. Glenn Henry, Terry Parks
-
Patent number: 8793786Abstract: Computer-readable media, computerized methods, and computer systems for alerting a user that an operating system has entered a secure mode is provided. Initially, inputs are received at an operating system residing in a default mode. Typically, the default mode allows applications running on the operating system to access the inputs. If the inputs are identified as a call to perform a protected operation, the operating system is transitioned from the default mode to the secure mode. Typically, the secure mode restricts the applications from intercepting the inputs. The transition to the secure mode is automatically communicated to the user via an indicator device. Generally, automatic communication includes providing a message from the operating system to the indicator device over a secure pathway that triggers the indicator device to generate a user-perceivable output. Accordingly, the operating system exerts exclusive control over the operation of the indicator device.Type: GrantFiled: February 8, 2008Date of Patent: July 29, 2014Assignee: Microsoft CorporationInventors: Firdosh K. Bhesania, Alain Michaud, Nathan C. Sherman, Hirofumi Yamamoto, Yashabh Sethi, Steve Wright
-
Patent number: 8793787Abstract: Malicious network content is identified based on the behavior of one or more virtual environment components which process network content in a virtual environment. Network content can be monitored and analyzed using a set of heuristics. The heuristics identify suspicious network content communicated over a network. The suspicious network content can further be analyzed in a virtual environment that includes one or more virtual environment components. Each virtual environment component is configured to mimic live environment components, for example a browser application component or an operating system component. The suspicious network content is replayed in the virtual environment using one or more of the virtual environment components. The virtual environment component behavior is analyzed in view of an expected behavior to identify malicious network content. The malicious network content is then identified and processed.Type: GrantFiled: January 23, 2009Date of Patent: July 29, 2014Assignee: FireEye, Inc.Inventors: Osman Abdoul Ismael, Samuel Yie, Jayaraman Manni, Muhammad Amin, Bahman Mahbod
-
Patent number: 8793788Abstract: A system and method are provided for detecting artificially generated load on a search system. The system may include a load monitoring component for monitoring a current load for comparison with an expected load. The system may additionally include an abnormality detection component for detecting an abnormality when the monitored load exceeds an expected amount by a predetermined threshold. The system may further include an analysis component for determining if the monitored load is an artificial load.Type: GrantFiled: April 21, 2010Date of Patent: July 29, 2014Assignee: Microsoft CorporationInventor: James E. Walsh
-
Patent number: 8793789Abstract: Systems and methods for calculating threat scores for individuals within an organization or domain are provided. Aspects of the invention relate to computer-implemented methods that form a predictive threat rating for user accounts. In one implementation, a threat score representing a first time period may be calculated. The first threat score may be calculated from a quantification of a plurality of activity violations across a plurality of control groups. Weighting schemes may be applied to certain activities, controls, and/or user accounts. Further embodiments may be configured to consider additional indicators. Further aspects relate to apparatuses configured to execute methods for ranking individual user accounts. Certain embodiments may not block transmissions that violate predefine rules, however, indications of such improper transmission may be considered when constructing a threat rating.Type: GrantFiled: July 22, 2010Date of Patent: July 29, 2014Assignee: Bank of America CorporationInventors: Amanda Sorensen, Allan Byers
-
Patent number: 8793790Abstract: A system and method include obtaining data related to accessing cyber assets and accessing physical assets from a combined cyber access and physical access control system that protects cyber and physical assets of an organization from both authorized and unauthorized access with malicious intent. The system and method compare the data to known patterns of expected behavior, and identify patterns of suspicious behavior as a function of comparing the data to the patterns of expected behavior. The comparison is utilized to identify potentially malicious insider behavior toward the cyber and physical assets.Type: GrantFiled: October 11, 2011Date of Patent: July 29, 2014Assignee: Honeywell International Inc.Inventors: Himanshu Khurana, Valerie Guralnik, Robert Shanley
-
Patent number: 8793791Abstract: A method for classifying a signal is disclosed. The method can be used by a station or stations within a network to classify the signal as non-cooperative (NC) or a target signal. The method performs classification over channels within a frequency spectrum. The percentage of power above a first threshold is computed for a channel. Based on the percentage, a signal is classified as a narrowband signal. If the percentage indicates the absence of a narrowband signal, then a lower second threshold is applied to confirm the absence according to the percentage of power above the second threshold. The signal is classified as a narrowband signal or pre-classified as a wideband signal based on the percentage. Pre-classified wideband signals are classified as a wideband NC signal or target signal using spectrum masks.Type: GrantFiled: November 1, 2011Date of Patent: July 29, 2014Assignee: Shared Spectrum CompanyInventors: Eugene Livsics, Mark A McHenry, Dmitry Dain, Karl Steadman, Olga Ritterbush
-
Patent number: 8793792Abstract: In certain embodiments, a first network device stores a security key associated with a second network device. The first network device computes access information according to the security key and a time value. The access information may be a network address or a port/socket. The first network device sends a packet to the second network device using the access information. The first network device then computes next access information according to the security key and a next time value and sends a packet to the second network device using the next access information.Type: GrantFiled: May 5, 2011Date of Patent: July 29, 2014Assignee: Raytheon CompanyInventor: Bogart Vargas
-
Patent number: 8793793Abstract: A method and apparatus for improved digital rights management is provided.Type: GrantFiled: October 6, 2011Date of Patent: July 29, 2014Assignee: Samsung Information Systems America, Inc.Inventor: Eric Buchanan
-
Patent number: 8793794Abstract: The present invention provides systems and methods for applying hard-real-time capabilities in software to software security. For example, the systems and methods of the present invention allow a programmer to attach a periodic integrity check to an application so that an attack on the application would need to succeed completely within a narrow and unpredictable time window in order to remain undetected.Type: GrantFiled: January 4, 2013Date of Patent: July 29, 2014Assignee: Intellectual Ventures Fund 73 LLCInventor: Victor J. Yodaiken
-
Patent number: 8793795Abstract: A computer forensic accelerator engine designed to speed up the forensic analysis process is disclosed. It is a device for use with an analysis device to analyze data on a suspect computer device, and includes a first interface for connecting to the suspect computer device, a second interface for connecting to the analysis device, and a processing unit programmed to read data from the suspect device via the first interface, perform analysis on the data, transmit the data to the analysis device via the second interface, and transmit results of the analysis to the analysis device via the second interface. A drive write protect module may be integrated in the computer forensic accelerator engine. The computer forensic accelerator engine allows data read from the suspect drive to be analyzed while acquiring the data. Also disclosed is a computer forensic analysis system and method using the computer forensic accelerator engine.Type: GrantFiled: January 6, 2006Date of Patent: July 29, 2014Assignee: Intelligent Computer Solutions, Inc.Inventor: Gonen Ravid
-
Patent number: 8793796Abstract: Techniques described are capable of receiving an indication that an operating system of a computing device has entered a hibernated state and, in response, booting the computing device from a trusted environment that is unalterable by the hibernated operating system. A component stored on or accessible by the trusted environment may then perform an operation on the computing device. This operation may include scanning the device, performing a memory test on the device, or updating firmware on the device. In some instances, the computing device enters the hibernated state due to a predetermined length of user inactivity on the computing device. As such, the described techniques may perform an operation on the computing device without user interaction causing the operation.Type: GrantFiled: January 9, 2008Date of Patent: July 29, 2014Assignee: Microsoft CorporationInventor: Anatoliy Panasyuk
-
Patent number: 8793797Abstract: A secured database system with built-in antivirus protection is described. In one embodiment, for example, a method of the present invention is described for securing a database system, the method comprises steps of: provisioning storage from a storage device, for storing database information; generating an encryption key so that the database information is stored on the storage device in an encrypted manner; generating a decryption key for decrypting the database information stored on the storage device, wherein access to the decryption key is controlled by the database system based on user privileges; receiving a request from a user for access to the database information; determining whether the user has been granted sufficient privileges to access the database information; if the user has been granted sufficient privileges, automatically decrypting the database information to provide the access; and otherwise denying the request if the user has not been granted sufficient privileges.Type: GrantFiled: November 10, 2010Date of Patent: July 29, 2014Assignee: Sybase, Inc.Inventor: Sethu Meenakshisundaram
-
Patent number: 8793798Abstract: Systems and methods for content filtering are provided. According to one embodiment, a type and structure of an archive file are determined. The archive file includes identification bytes that identify the type of archive file and header information both in unencrypted and uncompressed form and a file data portion containing contents of files in encrypted form, compressed form or both. The determination is based solely on the identification bytes and/or the header information. Based thereon, descriptive information, describing characteristics of the files, is extracted from the header information for each file. The descriptive information includes a checksum of the file in uncompressed form, a size of the file in uncompressed form and/or a size of the file in compressed form. A file is identified as being potentially malicious or undesired when a comparison of the descriptive information to detection signatures of known malicious or undesired files results in a match.Type: GrantFiled: November 30, 2012Date of Patent: July 29, 2014Assignee: Fortinet, Inc.Inventors: Steven Michael Fossen, Alexander Douglas MacDonald
-
Patent number: 8793799Abstract: Methods and systems for Sustained Testing and Awareness Refresh against Phishing threats (STAR*Phish™) are disclosed. In an embodiment, a method assigns schemes and unique identifiers to target e-mail addresses associated with a user accounts. The method delivers e-mail messages to the targeted e-mail addresses, the e-mail messages comprising an HTTP request and a unique identifier associated with each of the user accounts. The method then receives, at a Phishing Metric Tool (PMT), a response including the unique identifier. The PMT logs training requirements for the user accounts, tracks response metrics for the training requirements, and redirects the respective HTTP requests to a phishing training tool (PTT). The PTT sends a notification of the user account identities and the unique identifiers to the PMT and returns a status for the training requirements for the user accounts. Upon completion of the training, the PMT sends completion notifications for the user accounts.Type: GrantFiled: November 16, 2011Date of Patent: July 29, 2014Assignee: Booz, Allen & HamiltonInventors: Art Fritzson, Semion Bezrukov, Sean Palka
-
Static analysis for verification of software program access to secure resources for computer systems
Patent number: 8793800Abstract: Computer program products and apparatus are disclosed. Using a static analysis, a software program is analyzed to determine whether the software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program. In response to an access by the software program to the secure resource without verification that the secure resource can be accessed by the software program, a result is output indicative of the analyzing. An apparatus is disclosed that includes a user interface providing a security report to a user, the security report indicating a result of an analysis of whether or not a software program accesses a secure resource for a computer system without verification that the secure resource can be accessed by the software program.Type: GrantFiled: October 5, 2012Date of Patent: July 29, 2014Assignee: International Business Machines CorporationInventors: Ryan Berg, Paolina Centonze, Marco Pistoia, Omer Tripp -
Patent number: 8793801Abstract: Systems and methods are provided to secure restricted information in electronic mail messages. According to some embodiments, it is determined at a client device that an email message is being generated by a user. A security classification may be associated with the email message, and the email message may be sent toward a destination along with an indication of the security classification, wherein the email message is routed based, at least in part, on the security classification.Type: GrantFiled: May 18, 2007Date of Patent: July 29, 2014Assignee: Goldman, Sachs & Co.Inventors: Timothy Marman, Rajiv Kukreja
-
Patent number: 8793802Abstract: A system, method, and computer program product are provided for preventing data leakage utilizing a map of data. In use, information describing data stored on at least one system is received. To this end, a map of the data is generated, utilizing the information. Further, data leakage is prevented, utilizing the map.Type: GrantFiled: May 22, 2007Date of Patent: July 29, 2014Assignee: McAfee, Inc.Inventor: Michael G. Bishop
-
Patent number: 8793803Abstract: An apparatus including a microprocessor, a system memory, and a secure non-volatile memory. The microprocessor is mounted to a motherboard, and executes non-secure application programs and a secure application program. The system memory stores non-secure application programs, and is mounted to the motherboard and coupled to the microprocessor via a system bus. The microprocessor has secure execution mode logic that detects execution of a secure execution mode return event, and that terminates a secure execution mode within the microprocessor, where the secure execution mode exclusively supports execution of the secure application program. The secure non-volatile memory is coupled to the microprocessor via a private bus and stores the secure application program prior to termination of the secure execution mode, where transactions over the private bus between the microprocessor and the secure non-volatile memory are isolated from the system bus and corresponding system bus resources within the microprocessor.Type: GrantFiled: October 31, 2008Date of Patent: July 29, 2014Assignee: Via Technologies, Inc.Inventors: G. Glenn Henry, Terry Parks
-
Patent number: 8793804Abstract: A computer implemented method, a computer system or a nontransitory computer readable storage medium having an HTTP module is provided. The method, system or medium may be configured for use with a device having one or more processors and a memory storing one or more programs for execution by the one or more processors, the one or more programs may include instructions for processing information from multiple web sites served up from a web application, binding multiple secure socket layer (SSL) certificates to a single site supported by the web application, hosting the SSL certificates using an SSL accelerator, and intercepting incoming requests relayed from the SSL accelerator to the web application with the HTTP module. The method, system or medium may be configured for use with an identity management system that uses human knowledge and experience and computer software programs and databases to anticipate forms of identity-related fraud.Type: GrantFiled: June 29, 2012Date of Patent: July 29, 2014Assignee: EZShield, Inc.Inventors: Eugene Bekker, Darrell Lee Laffoon, Joseph P. Baker
-
Patent number: 8793805Abstract: Disclosed are various embodiments for facilitating the anonymization of unique entity information when transmitting data to services. A content server stores data in association with entity identifiers, each entity identifier represents an entity of the content server. The content server may send anonymized responses to requests for data from multiple services. The anonymized responses comprise the data requested in association with anonymous entity identifiers as opposed to the entity identifiers. Each anonymous identifier represents an entity associated with the data requested. The requesting services may each receive a different anonymous identifier representing a single entity.Type: GrantFiled: July 30, 2012Date of Patent: July 29, 2014Assignee: Amazon Technologies, Inc.Inventors: Jesper M. Johansson, Darren E. Canavor
-
Patent number: 8793806Abstract: This disclosure relates to generating whitelists respectively identifying subsets of content from a library of content, maintaining respective associations between tokens and the whitelists, and selectively limiting access only to the subsets of content identified in whitelists based upon one or more tokens included in a request for access to the library of content.Type: GrantFiled: July 13, 2012Date of Patent: July 29, 2014Assignee: Google Inc.Inventors: Brian Truong, Brian Anthony Palmer
-
Patent number: 8793807Abstract: A method, system, and computer program product for controlling access to and manipulation of a data object by different data object users. An example method includes determining a current user role of a current user requesting interaction with the data object. The method also includes determining a current lifecycle state of the data object. The method further includes restricting, by a computer processor, interaction with the data object by the current user based on at least the current user role of the current user and the current lifecycle state of the data object.Type: GrantFiled: January 8, 2011Date of Patent: July 29, 2014Assignee: International Business Machines CorporationInventors: Shane C. Claussen, Vladimir Klicnik, Matthias Kloppmann, Dieter Koenig, Simon D. Moser, Prabir Nandi
-
Patent number: 8793808Abstract: Systems and methods are described for applying digital rights management techniques to manage zones in electronic content. In one embodiment, zones are defined in a piece of electronic content, and a license is associated with the electronic content that indicates how the zones are to be accessed or otherwise used. A digital rights management engine governs access to or other use of the zoned content in accordance with the license.Type: GrantFiled: July 23, 2008Date of Patent: July 29, 2014Assignee: Intertrust Technologies CorporationInventor: Gilles Boccon-Gibod
-
Patent number: 8793809Abstract: Methods and apparatuses that collect tracking data items into a plurality of data stores for one or more domain in response to resources received from the domains are described. Each tracking data item may be accessible for one of the domains. Relationships of the domains may be identified among the tracking data items across multiple data stores according to the resources received. One or more of the domains may be selected according to the identified relationships to control accessibility of the tracking data items for the domains. The data stores may be updated to prohibit accessing at least a portion of the tracking data items for the selected domains.Type: GrantFiled: April 25, 2011Date of Patent: July 29, 2014Assignee: Apple Inc.Inventors: Steven Jon Falkenburg, Darin Benjamin Adler, Jessie Leah Berlin, Jing Jin, Kevin W. Decker, Maciej Stachowiak
-
Patent number: 8793810Abstract: Various embodiments of devices and associated methods are described herein for authenticating electrical devices. In one aspect, an electrical device is provided comprising an interface configured to receive and transmit signals; a power line coupled to the interface and configured to provide a power signal thereto; and an authentication circuit coupled to the interface and the power line. The authentication circuit is configured to disable the power signal on the power line for a specified time period in response to an authentication request signal received at the interface and to provide an authentication response signal on the power line to represent the disabling of the power signal.Type: GrantFiled: January 9, 2012Date of Patent: July 29, 2014Assignee: BlackBerry LimitedInventors: David Gerard Rich, Yu William Feng
-
Patent number: 8793811Abstract: This invention involves measurement of optical properties of materials with sub-micron spatial resolution through infrared scattering scanning near field optical microscopy (s-SNOM). Specifically, the current invention provides substantial improvements over the prior art by achieving high signal to noise, high measurement speed and high accuracy of optical amplitude and phase. Additionally, it eliminates the need for an in situ reference to calculate wavelength dependent spectra of optical phase, or absorption spectra. These goals are achieved via improved asymmetric interferometry where the near field scattered light is interfered with a reference beam in an interferometer. The invention achieves dramatic improvements in background rejection by arranging a reference beam that is much more intense than the background scattered radiation. Combined with frequency selective demodulation techniques, the near-field scattered light can be efficiently and accurately discriminated from background scattered light.Type: GrantFiled: March 15, 2013Date of Patent: July 29, 2014Assignee: Anasys InstrumentsInventors: Craig Prater, Markus B. Raschke, Sam Berweger