Protection At A Particular Protocol Layer Patents (Class 713/151)
  • Patent number: 10575352
    Abstract: The present inventions, in one aspect, are directed to systems and circuitry for and/or methods of establishing communication having one or more pairing facilitator-intermediary devices (for example, a network connected server) to enable or facilitate pairing and/or registering at least two devices (e.g., (i) a portable biometric monitoring device and (ii) a smartphone, laptop and/or tablet) to, for example, recognize, interact and/or enable interoperability between such devices. The pairing facilitator-intermediary device may responsively communicates information to one or more of the devices (to be paired or registered) which, in response, enable or facilitate such devices to pair or register. The present inventions may be advantageous where one or both of the devices to be paired or registered is/are not configured (e.g., include a user interface or certain communication circuitry that is configured or includes functionality) to pair devices without use of a facilitator-intermediary device.
    Type: Grant
    Filed: January 22, 2019
    Date of Patent: February 25, 2020
    Assignee: Fitbit, Inc.
    Inventor: Heiko Gernot Albert Panther
  • Patent number: 10560452
    Abstract: An apparatus controls transfer apparatuses that transfer a packet transmitted and received by terminals in a network. Upon receiving detection information notified from a server that detects unauthorized communication of a terminal by using the packet, the apparatus identifies the terminal and a type of the unauthorized communication, based on the detection information. The apparatus determines a transfer apparatus to be controlled, by referencing first information that stores information identifying the transfer apparatus in association with the terminal, and determines a control to be performed on the transfer apparatus by referencing second information that stores information on the control in association with the type of the unauthorized communication.
    Type: Grant
    Filed: February 1, 2017
    Date of Patent: February 11, 2020
    Assignee: FUJITSU LIMITED
    Inventors: Hiroyasu Osaki, Takahiro Shimazaki, Hidehiko Mayumi, Shu Matsuoka, Takashi Okamura, Mitsuru Okajima
  • Patent number: 10547641
    Abstract: A network-based appliance includes a mechanism to provide TLS inspection with session resumption, but without requiring that a session cache be maintained. To this end, the inspector is configured to cause the TLS client to participate in maintaining the session context, in effect on behalf of the TLS inspector. In operation, when the inspector first receives a session ID from the TLS server, the inspector generates and issues to the client a session ticket that includes the original session ID and other session context information. In this manner, the inspector converts the Session ID-based connection to a Session Ticket-based connection. The session ticket is encrypted by the inspector to secure the session information. When the TLS client presents the session ticket to resume the TLS connection, the inspector decrypts the ticket and retrieves the session ID from it directly. The inspector then uses the original session ID to resume the TLS session.
    Type: Grant
    Filed: June 1, 2017
    Date of Patent: January 28, 2020
    Assignee: International Business Machines Corporation
    Inventors: Cheng-Ta Lee, Wei-Hsiang Hsiung, Wei-Shiau Suen, Ming-Hsun Wu
  • Patent number: 10545940
    Abstract: An implementation of the disclosure provides an apparatus comprising: a memory to store a plurality of handshake responses to authenticate client communications; and a processing device, operatively coupled to the memory, to: receive a handshake request from a client device The handshake request comprising an identifier of a communication protocol supported by the client device. A secure layer extension is extracted from the identifier of the communication protocol. Identify, in view of the communication protocol, a handshake response for the client device. The handshake response is modified to include information associated with the secure layer extension. Update a data structure with a hash value generated in view of the modified handshake response. Thereupon, forward the modified handshake response and the hash value to the client device.
    Type: Grant
    Filed: February 22, 2017
    Date of Patent: January 28, 2020
    Assignee: Red Hat, Inc.
    Inventors: Jean-Frederic Clere, Stuart Wade Douglas
  • Patent number: 10548008
    Abstract: A method and device for authenticating wireless communication links between devices. The method may comprise sending a first frame from first device to a second device. The first frame may comprise a header and a payload containing data packets for implementing a first Extensible Authentication Protocol. A first secure link may be established between the first network interface card of the first device and the first network interface card of the second device, then an action management frame may be sent across the first link. The action management frame may comprise the header, a payload comprising a vendor-specific information element containing identifying information about the first device, and an action that instructs the second device to implement a second Extensible Authentication Protocol through a second network interface card of the second device. A second secure link may be established between the second network interface cards of each device.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: January 28, 2020
    Assignee: Qualcomm Incorporated
    Inventors: Vladimir Shulman, Vladimir Kondratiev, Boris Sorochkin
  • Patent number: 10543751
    Abstract: The invention relates to a method of communication between a vehicle and a wayside control unit for controlling an inductive power transfer to the vehicle, wherein the control unit controls a generation of an electromagnetic field by a primary unit with a primary winding structure of a system for inductive power transfer, wherein the vehicle includes a secondary unit with a secondary winding structure for receiving the alternating electromagnetic field, wherein charging-related data is transmitted in between the vehicle and the control unit via a first communication link, wherein the authentication-related data is transmitted from the vehicle to the control unit via a second communication link, wherein the authentication-related data is used to authenticate the charging-related data, and a vehicle and an arrangement of a vehicle and a primary unit.
    Type: Grant
    Filed: February 4, 2015
    Date of Patent: January 28, 2020
    Assignee: Bombardier Primove GmbH
    Inventor: Thoralf Schnarr
  • Patent number: 10542041
    Abstract: A network-based appliance includes a mechanism to provide TLS inspection with session resumption, but without requiring that a session cache be maintained. To this end, the inspector is configured to cause the TLS client to participate in maintaining the session context, in effect on behalf of the TLS inspector. In operation, when the inspector first receives the session ticket from the TLS server, and in lieu of caching it, the inspector generates and issues to the client a composited ticket that includes the original ticket and session context information that contains the session key. The composited ticket is encrypted by the inspector to secure the session information. When the TLS client presents the composited session ticket to resume the TLS connection, the inspector decrypts the ticket and retrieves the session context from it directly. The inspector then uses the original session ticket to resume the TLS session.
    Type: Grant
    Filed: June 1, 2017
    Date of Patent: January 21, 2020
    Assignee: International Business Machines Corporation
    Inventors: Cheng-Ta Lee, Wei-Hsiang Hsiung, Wei-Shiau Suen, Ming-Hsun Wu
  • Patent number: 10523426
    Abstract: For a network that includes host machines for providing computing and networking resources and a VPN gateway for providing external access to those resources, a novel method that distributes encryption keys to the hosts to encrypt/decrypt the complete payload originating/terminating at those hosts is described. These encryption keys are created or obtained by the VPN gateway based on network security negotiations with the external networks/devices. These negotiated keys are then distributed to the hosts via control plane of the network. In some embodiments, this creates a complete distributed mesh framework for processing crypto payloads.
    Type: Grant
    Filed: August 6, 2018
    Date of Patent: December 31, 2019
    Assignee: NICIRA, INC.
    Inventors: Jayant Jain, Anirban Sengupta, Uday Masurekar
  • Patent number: 10521584
    Abstract: A system acquires diagnostic information from event logs, trace files, and other diagnostic sources to reduce a set of event records. The event records are arranged in a graph based on correlations between individual event records. Correlations may be based on time, account, credentials, tags, instance identifiers, or other characteristics. The system analyzes the graph to identify anomalies such as data exfiltration anomalies, system compromises, or security events. In some implementations, the system deploys decoy resources within a customer computing environment. Interactions with the decoy resources are captured as event records and added to the graph.
    Type: Grant
    Filed: August 28, 2017
    Date of Patent: December 31, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 10503418
    Abstract: A system and method of securing a computer system by controlling write access to a storage medium by monitoring an application; detecting an attempt by the application to write data to said storage medium; interrogating a rules database in response to said detection; and permitting or denying write access to the storage medium by the application in dependence on said interrogation.
    Type: Grant
    Filed: February 1, 2017
    Date of Patent: December 10, 2019
    Assignee: Drive Sentry Limited
    Inventor: John Safa
  • Patent number: 10505984
    Abstract: Provided are a method and a system for exchanging control information between secure socket layer (SSL) gateways. The method may commence with intercepting, by a client facing node, a client request including session-specific information and a session request to establish an SSL communication session between a client and a server. The method may continue with generating an SSL extension based on the session-specific information and adding the SSL extension to the session request to obtain an extended session request. The extended session request may be sent to a server facing node in communication with the client facing node. The method may further include identifying the session-specific information contained in the SSL extension of the extended session request and generating a further session request for establishing the SSL communication session between the server facing node and the server. The method may further include sending the further session request to the server.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: December 10, 2019
    Assignee: A10 Networks, Inc.
    Inventors: Yang Yang, Xuyang Jiang, Ali Golshan
  • Patent number: 10498711
    Abstract: Aspects of the present disclosure relate to providing a booting key to a remote system. A policy server receives a verification that a predetermined number of user devices provided secret information for booting a remote system. The policy server provides, in response to the received verification, a message for a key server to provide a booting key to the remote system, the key server providing the booting key in response to the message and causing the remote system to complete a booting procedure, in response to the message from the policy server.
    Type: Grant
    Filed: June 21, 2016
    Date of Patent: December 3, 2019
    Assignee: Palantir Technologies Inc.
    Inventors: Justin Cassidy, Tristan Smith, Kori Oliver
  • Patent number: 10491575
    Abstract: In a secure cloud for transmitting packets of digital data, the packets may be repeatedly scrambled (i.e., their data segments reordered) and then unscrambled, split and then mixed, and/or encrypted and then decrypted as they pass through media nodes in the cloud. The methods used to scramble, split, mix and encrypt the packets may be varied in accordance with a state such as time, thereby making the task of a hacker virtually impossible inasmuch as he or she may be viewing only a fragment of a packet and the methods used to disguise the data are constantly changing.
    Type: Grant
    Filed: April 6, 2018
    Date of Patent: November 26, 2019
    Assignee: LISTAT LTD.
    Inventors: Ievgen Verzun, Oleksandr Holub, Richard K. Williams
  • Patent number: 10484364
    Abstract: A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include a user name and a password. The user name may include a credential and the password may be a digitally signed version of the user name. The authentication computing device may authenticate the requesting computing device by decrypting the password and comparing the received user name to the decrypted password.
    Type: Grant
    Filed: September 1, 2017
    Date of Patent: November 19, 2019
    Assignee: Comcast Cable Communications, LLC
    Inventors: Kris Bransom, Christopher Zarcone
  • Patent number: 10474448
    Abstract: In embodiments of the present invention improved capabilities are described for a updating software in a plurality of devices coupled to one another in a communicating relationship through a local network, the method comprising receiving a descriptor file for a software update at the first device from a remote source outside the local network, the descriptor file including a hash code for each of a plurality of update sub-files and an order for assembling the update sub-files into the software update, downloading the plurality of update sub-files to the first device from a remote source outside the local network until the sub-files identified in the descriptor file are present on the first device, where a presence of the sub-files is evaluated using the hash codes in the descriptor file, and broadcasting every one of the plurality of update sub-files from the first device to the number of other devices.
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: November 12, 2019
    Assignee: Sophos Limited
    Inventor: John Melton Reynolds
  • Patent number: 10474402
    Abstract: A print management server provided outside a predetermined LAN includes a receiver, a processor, and a transmitter. The receiver receives a print output instruction from a communication terminal of a user, the print output instruction being issued to a print output device provided inside the predetermined LAN and being an instruction to print out a print target file. The processor determines whether the print target file is present inside the predetermined LAN. When it is determined that the print target file is present inside the predetermined LAN, the transmitter transmits a generation command to a communication relay device inside the predetermined LAN, the generation command being a command to generate print job data on the basis of the print target file acquired by the communication relay device and a print setting instruction.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: November 12, 2019
    Assignee: Konica Minolta, Inc.
    Inventor: Takahiro Kouno
  • Patent number: 10469452
    Abstract: A secure communication system includes an outer VPN gateway representative of an outer tunnel for facilitating communication with a black network. The outer VPN gateway includes a first Ethernet port and first program instructions for providing a first layer of encryption. The secure communication system, further includes an inner VPN gateway representative of an inner tunnel for facilitating communication with a red network. The inner VPN gateway comprises a second Ethernet port and second program instructions for providing a second layer of encryption. The secure communication system further includes a coupling bracket for mechanically coupling the inner VPN gateway with the outer VPN gateway, and for facilitating communication between the inner VPN gateway and the outer VPN gateway by interfacing with the first Ethernet port and the second Ethernet port.
    Type: Grant
    Filed: January 6, 2017
    Date of Patent: November 5, 2019
    Assignee: Klas Technologies Limited
    Inventors: Frank Murray, Cian Masterson, Cathal Daly
  • Patent number: 10469594
    Abstract: Provided are methods and systems for inspecting secure data. A system for inspecting secure data comprises a server facing module, and a client facing module in communication with the server facing module. The client facing module is operable to intercept a client request associated with the secure data to establish a secure connection with a server, establish a data traffic channel via the server facing module, and provide a control message to the server facing module via the data traffic channel. The control message includes an instruction to the server facing module to obtain a security certificate from the server. The security certificate is received from the server facing module via the data traffic channel. The security certificate is forged to establish the secure connection between the client and the client facing module. The client facing module sends unencrypted data to the server facing module via the data traffic channel.
    Type: Grant
    Filed: December 8, 2015
    Date of Patent: November 5, 2019
    Assignee: A10 Networks, Inc.
    Inventors: Xuyang Jiang, Yang Yang, Ali Golshan
  • Patent number: 10469464
    Abstract: In one embodiment, a method includes receiving, in a first device, at least one of a first symmetric key and a first asymmetric key in a common key management structure, the common key management structure to accommodate asymmetric keys and symmetric keys, and further including security policy information to enable communication between the first device of a first domain of an Internet of Things (IoT) network and a second device of a second domain of the IoT network according to an inter-domain security policy; and sending a first message directly from the first device to the second device according to the security policy information of the common key management structure. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: November 5, 2019
    Assignee: Intel Corporation
    Inventor: Ned M. Smith
  • Patent number: 10459924
    Abstract: An information processing device assists generation of social communication, based on user communication information exchanged through a network. The information processing device includes: a communication information collection unit that collects the communication information; a life log information extraction unit that extracts life log information included in the collected communication information; a life log information storage unit that stores the extracted life log information in a configuration capable of being searched at least on an individual user unit basis, the life log information storage unit memorizing scores of a plurality of indexes while associating the scores with the life log information, the indexes indicating degrees of contribution of the life log information to new social communication generation; and a life log information management unit that manages the life log information stored in the life log information storage unit, based on a combination of the scores of the indexes.
    Type: Grant
    Filed: September 24, 2012
    Date of Patent: October 29, 2019
    Assignee: NEC Corporation
    Inventors: Hirokazu Kawano, Kouichi Onodera, Fumiaki Imanari, Keito Kouda, Naoya Kondou
  • Patent number: 10462171
    Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.
    Type: Grant
    Filed: August 8, 2018
    Date of Patent: October 29, 2019
    Assignee: Sentinel Labs Israel Ltd.
    Inventors: Tomer Weingarten, Almog Cohen
  • Patent number: 10462147
    Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the device connecting to a port on the switch. The threat management server determines the endpoint device is present in a device log file. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period and the number of times the endpoint device has passed authentication is less than a second threshold value within a second time period. The threat management server determines the endpoint device does not have a lease for the port on the switch and sends a reroute command to the switch to transform the destination of traffic associated with the endpoint device to a safe zone.
    Type: Grant
    Filed: June 26, 2017
    Date of Patent: October 29, 2019
    Assignee: Bank of America Corporation
    Inventors: Rahul Isola, Anthony P. Grossi
  • Patent number: 10462001
    Abstract: A method and a network node device run Push-Button Configuration sessions within a heterogeneous network, IEEE 1905.1, using a push button configuration mechanism that ensures that only one single new network node device is registered for a single push button key press event and thus overlapping Push-Button Configuration sessions within a heterogeneous network are prevented. After finishing the push button configuration mode, the number of new nodes is checked. If more than one node has been added, a configuration roll-back is performed. Preferably, the push button configuration roll-back is performed as soon as the authentication of more than one distinct node has been detected. The roll-back includes the deletion or deactivation of credentials established by the push-button configuration.
    Type: Grant
    Filed: February 10, 2017
    Date of Patent: October 29, 2019
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Michael Bahr, Rainer Falk, Parag Mogre
  • Patent number: 10452851
    Abstract: Systems and methods which provide a new application security assessment framework that allows auditing and testing systems to automatically perform security and compliance audits, detect technical security vulnerabilities, and illustrate the associated security risks affecting business-critical applications.
    Type: Grant
    Filed: February 4, 2016
    Date of Patent: October 22, 2019
    Assignee: ONAPSIS S.R.L.
    Inventor: Mariano Nuñez Di Croce
  • Patent number: 10454895
    Abstract: A method for enforcing a network policy is described herein. In the method, a network socket event request from an application executing in a first context is intercepted by an agent prior to the request reaching a transport layer in the first context. A context refers to virtualization software, a physical computer, or a combination of virtualization software and physical computer. In response to the interception of the request, the agent requests a decision on whether to allow or deny the network socket event request to be communicated to a security server executing in a second context that is distinct from the first context. The request for a decision includes an identification of the application. The agent then receives from the security server either an allowance or a denial of the network socket event request, the allowance or denial being based at least in part on the identification of the application and a security policy.
    Type: Grant
    Filed: September 12, 2016
    Date of Patent: October 22, 2019
    Assignee: VMware, Inc.
    Inventors: Azeem Feroz, Binyuan Chen, Amit Chopra
  • Patent number: 10455449
    Abstract: A device may perform dynamic load balancing to identify one or more service devices, of a group of service devices, that is to apply a set of network services to traffic associated with a session of a subscriber device. The device may provide outgoing traffic, associated with the session, to the one or more service devices based on identifying the one or more service devices. The outgoing traffic may be provided to cause the one or more service devices to apply the set of network services to the outgoing traffic. The device may provide, to another device, information that identifies the one or more service devices. The information that identifies the one or more service devices may be provided to cause the other device to provide incoming traffic, associated with the session, to the one or more service devices to apply the set of network services to the incoming traffic.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: October 22, 2019
    Assignee: Juniper Networks, Inc.
    Inventors: Dilip H. Sanghavi, Rakesh Kumar, Saravanadas P. Subramanian, Jwala Dinesh Gupta Chakka
  • Patent number: 10455578
    Abstract: Apparatuses, a method, and a computer program for influencing the selection of a frequency band for wireless communication with a mobile station. Disclosed is an apparatus, method, and computer program for controlling a frequency band selection for wireless communication with a mobile station in a wireless local area network—WLAN—, wherein at least a first and a second frequency band are selectable, the first and second frequency bands each having multiple transmission channels; and having a transmission circuit for transmitting at least one command to the mobile station that asks the mobile station to change from the first to the second frequency band, or vice versa.
    Type: Grant
    Filed: November 11, 2016
    Date of Patent: October 22, 2019
    Assignee: VOLKSWAGEN AG
    Inventors: Matthias Mohaupt, Sascha Jurthe
  • Patent number: 10439839
    Abstract: Field-device coupling unit for providing a supply voltage for a field device and for communication with a superordinate control unit, the field-device coupling unit including a current interface, which is configured for communication with the control unit and has a first controllable input load which is configured to provide, from an interface current of the current interface, a load voltage on which the supply voltage is based, the field-device coupling unit further including a circuit arrangement for providing a communication signal which is to be transmitted to the control unit, wherein the circuit arrangement is configured to control the first controllable input load according to the communication signal in order to superimpose the interface current with a current signal corresponding to the communication signal.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: October 8, 2019
    Assignee: FESTO AG & CO. KG
    Inventors: Steffen Wunderlich, Stefan Beuel
  • Patent number: 10440091
    Abstract: Provided is a communication method of an electronic device, including executing a web browser, requesting registration in an IP multimedia core network subsystem (IMS) using a first client associated with the web browser, and displaying, in a part of the web browser using the first client, information associated with a network to which the electronic device is connected.
    Type: Grant
    Filed: November 16, 2015
    Date of Patent: October 8, 2019
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Hyong-Jin Ban, Tae-Sun Yeoum, Ji-Hye Kang, Keon-Ho Kim, Eo-Jin Ham
  • Patent number: 10433174
    Abstract: The present disclosure provides techniques that may be applied, for example, in a multi-slice network for maintaining privacy when attempting to access the network. An exemplary method generally includes transmitting a registration request message to a serving network to register with the serving network; receiving a first confirmation message indicating a secure connection with the serving network has been established; transmitting, after receiving the first confirmation message, a secure message to the serving network comprising an indication of at least one configured network slice that the UE wants to communicate over, wherein the at least one configured network slice is associated with a privacy flag that is set; and receiving a second confirmation message from the serving network indicating that the UE is permitted to communicate over the at least one configured network slice.
    Type: Grant
    Filed: March 6, 2018
    Date of Patent: October 1, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Soo Bum Lee, Stefano Faccin, Anand Palanigounder, Miguel Griot, Adrian Edward Escott
  • Patent number: 10425446
    Abstract: This disclosure provides for a network element (in the middle) to inject enrichments into SSL connections, and for taking them out. This network element is sometimes referred to herein as a “middle box.” In the context of layered software architecture, this solution preferably is implemented by a library that operates below the SSL layer and above the TCP sockets layer at the two endpoints of the SSL connection. Preferably, the SSL enrichments are implemented as SSL/TLS records.
    Type: Grant
    Filed: September 29, 2015
    Date of Patent: September 24, 2019
    Assignee: Akamai Technologies, Inc.
    Inventor: Mangesh Kasbekar
  • Patent number: 10425429
    Abstract: An improved method for analyzing computer network security has been developed. The method first establishes multiple nodes, where each node represents an actor, an event, a condition, or an attribute related to the network security. Next, an estimate is created for each node that reflects the ease of realizing the event, condition, or attribute of the node. Attack paths are identified that represent a linkage of nodes that reach a condition of compromise of network security. Next, edge probabilities are calculated for the attack paths. The edge probabilities are based on the estimates for each node along the attack path. Next, an attack graph is generated that identifies the easiest conditions of compromise of network security and the attack paths to achieving those conditions. Finally, attacks are detected with physical sensors on the network, that predict the events and conditions. When an attack is detected, security alerts are generated in response to the attacks.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: September 24, 2019
    Inventor: Gabriel Bassett
  • Patent number: 10423762
    Abstract: A method for detecting digital content misuse can include clustering a set of data points into a set of known violator dusters; determining, based on the set of known violator clusters, that a first user account is potentially a digital content violator, the first user account being represented by a first data point that is not included in the first set of data points, and the first data point having been determined based on usage signal data describing digital content usage association with the first user account; and in response to determining that the first user account is potentially a digital content violator, executing a remedial action with respect to the first user account.
    Type: Grant
    Filed: November 4, 2016
    Date of Patent: September 24, 2019
    Assignee: Screening Room Media, Inc.
    Inventors: James Armand Baldwin, Prem Akkaraju, Giorgio Vanzini
  • Patent number: 10409967
    Abstract: Systems and methods for limiting a user's access to a specific subset of a plurality of software applications installed on a computing device. A method includes the steps of: (i) activating a master application by a master user, where the master application allows access only to the specific subset of the plurality of software applications installed on the computing device, and further where the master application cannot be deactivated without authorization from the master user; (ii) accessing, from within the master application, one or more of the subset of software applications by an authorized user; (iii) returning to the master application or accessing a second of the subset of software applications; and (iv) deactivating the master application, where only the master user can deactivate the master application.
    Type: Grant
    Filed: June 16, 2015
    Date of Patent: September 10, 2019
    Assignee: HAH, Inc.
    Inventor: Heather Ahn
  • Patent number: 10410003
    Abstract: The disclosed technology addresses the need in the art for assigning multiple containers to a single application. A container can be a specified area of a file system that an assigned application can access to store data, while other applications are restricted access to the container. In some instances, it may be beneficial for multiple applications to share some data, while still maintaining other data in a secure location, thus an application can be assigned to multiple containers, a personal container that can only be accessed by the application, and a shared container that can be accessed by multiple applications. Further, an application can be assigned an alternate container, in addition to the personal container. The alternate container can be used when an alternate user is using the client device, thus restricting the alternate user from accessing any sensitive data stored in the personal container.
    Type: Grant
    Filed: June 7, 2013
    Date of Patent: September 10, 2019
    Assignee: Apple Inc.
    Inventors: Kelly B. Yancey, Jacques Anthony Vidrine, Eric Olaf Carlson, Paul William Chinn, Simon P. Cooper
  • Patent number: 10397779
    Abstract: Techniques disclosed herein are generally directed toward providing at least one security feature for an FTM session. More specifically, an initiating STA can include a security feature in an initial FTM request (iFTMR), determine whether a received FTM frame contains information responsive to the at least one security feature, and complete the FTM session accordingly (including terminating the FTM session if the FTM frame does not contain correct information responsive to the at least one security feature). Embodiments may include a security feature such as nonce values and/or generated (or partially-generated) media access control (MAC) addresses.
    Type: Grant
    Filed: September 20, 2016
    Date of Patent: August 27, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Subash Marri Sridhar, Carlos Horacio Aldana
  • Patent number: 10390224
    Abstract: A cellular terminal transmits a request that requires authentication procedure triggering to a cellular network and responsively receives from the cellular network an authentication request message with an indication of a selected cryptographic algorithm from a group of a plurality of cryptographic algorithms. The cellular terminal attempts to decode the authentication request message to a decoded authentication request according to the selected cryptographic algorithm and based on a shared secret known by the cellular terminal and a network operator of the cellular terminal.
    Type: Grant
    Filed: May 20, 2014
    Date of Patent: August 20, 2019
    Assignee: Nokia Technologies Oy
    Inventors: Hannu Bergius, Silke Holtmanns
  • Patent number: 10379759
    Abstract: A method for maintaining consistency for I/O operations on metadata distributed amongst a plurality of nodes forming a ring structure.
    Type: Grant
    Filed: August 16, 2017
    Date of Patent: August 13, 2019
    Assignee: Nutanix, Inc.
    Inventors: Rishi Bhardwaj, Venkata Ranga Radhanikanth Guturi
  • Patent number: 10382490
    Abstract: A computer-implemented method includes monitoring a plurality of connections of a plurality of host applications at a host, where each connection of the plurality of connections carries network traffic associated with a respective host application of the plurality of host applications. A plurality of sets of security attributes are detected, and include a respective set of security attributes for each connection of the plurality of connections. The plurality of sets of security attributes are stored in a security database. From the security database, the respective set of security attributes of a first connection are compared to a centralized security policy. It is determined that the respective set of security attributes of the first connection do not meet the centralized security policy. A remedial action is performed on the first connection, responsive to the respective set of security attributes of the first connection not meeting the centralized security policy.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: August 13, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Constantinos Kassimis, Christopher Meyer, Linwood H. Overby, Jr., David J. Wierbowski
  • Patent number: 10374910
    Abstract: A system is disclosed for orchestrating services. Service orchestration profiles specify attributes defining desired services. The service orchestration profiles may be distributed amongst nodes and hierarchically related to each other. Service orchestration management functions process the information in the service orchestration profiles in order to determine the desired services and use the information to implement the desired services. The service orchestration management functions may be hierarchically related to each other.
    Type: Grant
    Filed: June 12, 2015
    Date of Patent: August 6, 2019
    Assignee: Convida Wireless, LLC
    Inventors: Dale N. Seed, Guang Lu, Lijun Dong, Catalina M. Mladin, William Robert Flynn, IV, Xu Li, Hongkun Li
  • Patent number: 10362021
    Abstract: Disclosed are various approaches for providing authentication of a user and a client device. A user's credentials can be authenticated by an identity provider. In addition, a device posture assessment that analyzes the device from which the authentication request originates is also performed. An authentication request can be authenticated based upon whether the device posture assessment reveals that device to be a managed device that is in compliance with compliance rules.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: July 23, 2019
    Assignee: Airwatch LLC
    Inventors: Craig Farley Newell, Jonathan Blake Brannon, Kabir Barday, Ashish Jain
  • Patent number: 10348706
    Abstract: Methods and apparati for permitting Computing Devices 200 to safely accept Payloads 220 from External Access Entity Devices 260, and to safely access external Networks 710. In an apparatus embodiment, a Computing Device 200 contains an Access Control Module 210 comprising an Access Verification Public Key 211 and a Device Signature Key 214. The Access Control Module 210 is configured to verify authorization of an External Access Payload 220 by verifying a digital signature affixed to the Payload 220 using the Access Verification Public Key 211. The authorized External Access Payload 220 is then permitted to execute on the Computing Device 200. The Access Control Module 210 is also configured to receive from a Network Access Device 600 information associated with a Network 710 access request, and to create a plurality of digital signatures, using the Device Signature Key 214, that link said information associated with the Network 710 access request with the Access Verification Public Key 211.
    Type: Grant
    Filed: May 4, 2017
    Date of Patent: July 9, 2019
    Inventor: Ernest Brickell
  • Patent number: 10348701
    Abstract: Described embodiments protect clients from open redirect security vulnerabilities in Web applications. A primary application receives a request for an operation to be performed on behalf of a secondary application. The request includes a return location parameter containing i) a return location, and ii) an encrypted portion. After completing the requested operation, the primary application retrieves the return location parameter and a cryptographic key uniquely associated with the secondary application. The primary application decrypts the encrypted portion of the return location parameter to generate a decrypted value, and uses the decrypted value to validate the return location contained in the return location parameter. The primary application transmits a redirect message to the client that causes the client to be redirected to the return location contained in the return location parameter only in response to the return location being successfully validated based on the decrypted value.
    Type: Grant
    Filed: March 2, 2017
    Date of Patent: July 9, 2019
    Assignee: Citrix Systems, Inc.
    Inventors: Javier Alejandro Figueroa, Kenneth Scott Bowden
  • Patent number: 10341822
    Abstract: A broadcast delivery system designed for the purpose of providing a broadcast delivery system that reduces the load on a wireless network control device comprises: a femto cell base station that provides a wireless connection to a terminal and forms one cell; a gateway device that relays data which the femto cell base station transmits to and receives from a core network; a wireless network control device that is connected to the gateway device; and a broadcast delivery device that transmits, to the wireless network control device, a broadcast delivery message addressed to the terminal connected to the femto cell base station. The gateway device controls the operating state of the femto cell base station and broadcast delivery to the terminal using, as a unit, a service area comprising one or more cells formed by the femto cell base station.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: July 2, 2019
    Assignee: NEC CORPORATION
    Inventor: Masashi Inagaki
  • Patent number: 10338898
    Abstract: A system includes a user interface presented to a developer. The developer selects a first function to supplement functionality of a first application with external functionality available from third party applications. A code generation module provides a software object to the developer for incorporation into a first state of the first application. The first state includes a user interface element associated with an entity. User selection of the user interface element initiates preparation of a query wrapper including a combination of the entity's name and a predefined text string corresponding to the first function. The query wrapper is transmitted to a search system and a result set is received and displayed. A first item of the result set includes an access mechanism for a specified state of a target application. User selection of the first item causes the access mechanism to open the target application to the specified state.
    Type: Grant
    Filed: September 18, 2017
    Date of Patent: July 2, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Taher Savliwala, Eric Chen, Jonathan Ben-Tzur
  • Patent number: 10341979
    Abstract: Techniques for exchanging secure FTM messages are disclosed. An example of a wireless transceiver system for providing a secure Fine Timing Measurement (FTM) exchange includes a memory and a processor configured to obtain a initial-secure-token value and a secure-token-response value via an out-of-band signal, generate a FTM Request message including the initial-secure-token value, a transmitter to send the FTM Request message to a responding station, and a receiver to receive a FTM Response message including the secure-token-response value from the responding station, such that the at least one processor is configured to determine a Round Trip Time (RTT) value based at least in part on the FTM Response message.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: July 2, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Santosh Vamaraju, Carlos Horacio Aldana
  • Patent number: 10318209
    Abstract: Discussed herein are methods, devices, and systems for moving a file to a process. A device can include a kernel, a memory, and processing circuitry to: issue one or more move and rename instructions to the memory to change a location and name of a file requested by the second process, issue one or more update access control instructions to update permissions, perform a UAC to determine whether any processes other than the second process currently have the file open and whether any MMaps have the file open, and allow the second process to access the renamed and moved file only if it is determined that no other processes other than the second process have the file open and no MMaps have the file open.
    Type: Grant
    Filed: January 30, 2017
    Date of Patent: June 11, 2019
    Assignee: Forcepoint LLC
    Inventor: Gregory Alan Hildstrom
  • Patent number: 10311248
    Abstract: A method for permission management may include creating a relationship between a client and a firm, receiving, in response to creating the relationship, an assignment of a first role to the firm, receiving, in response to receiving the assignment of the first role, an assignment of a second role to an agent of the firm, and generating, for the agent, a runtime token including token permissions based on the first role and the second role.
    Type: Grant
    Filed: January 27, 2017
    Date of Patent: June 4, 2019
    Assignee: Intuit Inc.
    Inventors: Nadeem Mohammed Yusuf Ilkal, Andrew Ernest Goldfinch, Yi Zhang, Almira Hortensia Niciu-Chiuaru
  • Patent number: 10296397
    Abstract: This disclosure sets forth systems and methods for recommending candidate computing platforms for migration of data and data-related workload from an original computing platform. The systems and methods further describe determining recommendations of candidate computing platforms based on a comparison of key performance and utilization statistics of the original computing platform under a user-generated workload with candidate computing platforms under a synthetic workload. Key performance and utilization statistics may relate to CPU, memory, file I/O, network I/O, and database I/O operations on the respective computing platforms. The synthetic workload may be defined by parameters that simulate the key performance and utilization statistics of the original computing platform under the user-generated workload. Further, the synthetic workloads may be executed on individual candidate computing platforms to determine service level capabilities that are ultimately used to form the recommendation.
    Type: Grant
    Filed: May 18, 2016
    Date of Patent: May 21, 2019
    Assignee: Krystallize Technologies, Inc.
    Inventors: Roger Richter, Matthew Gueller, James Richard Nolan
  • Patent number: 10296739
    Abstract: According to an example, a confidence factor function may be applied to determine a confidence factor for a condition of a rule to correlate events. The confidence factor may be an approximation of whether an event or a set of events satisfies the condition in the rule. The confidence factor may be compared to a threshold to determine whether the condition is satisfied.
    Type: Grant
    Filed: March 11, 2013
    Date of Patent: May 21, 2019
    Assignee: ENTIT SOFTWARE LLC
    Inventors: Anurag Singla, Robert Block, Suranjan Pramanik