Application Layer Security Patents (Class 713/152)
  • Patent number: 10320843
    Abstract: In some embodiments, systems, methods, and devices disclosed herein enable trusted sharing of private data and/or transactions via a distributed ledger, while maintaining data consistency properties. Some embodiments provide and utilize one or more independent and/or dependent channels. In particular, in some embodiments, one or more independent and/or dependent channels can exist on a single distributed ledger, wherein participants or nodes that are members of a particular channel can view and access the information in a given network transaction. To other participants or nodes not on the particular channel, however, only an encrypted or redacted version of the information can be viewable, thereby not disclosing the transaction information to such participants or nodes. In some embodiments, consistency properties may be preserved even in the presence of selective sharing of transaction information with proofs of validity.
    Type: Grant
    Filed: December 7, 2018
    Date of Patent: June 11, 2019
    Assignee: SYMBIONT.IO, INC.
    Inventors: Lukasz Dobrek, Adam Krellenstein, Pankaj Surana, Aaron Todd, Yiqun Yin
  • Patent number: 10270588
    Abstract: Provided are a method and a system for an additive homomorphic encryption scheme with operation error detection functionality. A plaintext is obtained by decrypting a ciphertext encrypted based on a homomorphic encryption technique and subjected to an operation and lower setting bits corresponding to additional secret information included in a final private-key are extracted as plaintext information from the acquired plaintext. An operation error check is performed on the remaining bits other than the lower setting bits in the acquired plaintext.
    Type: Grant
    Filed: May 5, 2016
    Date of Patent: April 23, 2019
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Taek-Young Youn, Nam-Su Jho, Ku Young Chang
  • Patent number: 10270798
    Abstract: A method for assessing effectiveness of one or more cybersecurity technologies in a computer network includes testing each of two or more component stages of an attack model at a first computer network element twice. A first one of the tests is conducted with a first one of the cybersecurity technologies operable to protect the first computer network element, and a second one of the tests is conducted with the first cybersecurity technology not operable to protect the first computer network element. For each one of the twice-tested component stages, comparing results from the first test and the second test, wherein the comparison yields or leads to information helpful in assessing effectiveness of the first cybersecurity technology on each respective one of the twice-tested component stages at the computer network element.
    Type: Grant
    Filed: October 6, 2016
    Date of Patent: April 23, 2019
    Assignee: SIEGE TECHNOLOGIES LLC
    Inventors: Kara Zaffarano, Joshua Taylor, Samuel Hamilton
  • Patent number: 10255371
    Abstract: Systems and methods are disclosed for clustering multiple devices that are associated with particular users by utilizing both probabilistic and deterministic data derived from analytics information on the users. An analytics computing system generates at least one deterministic device cluster that groups a first set of devices associated with a first user. The first set of devices share deterministic user identifiers specific to the first user. The analytics computing system also identifies a probabilistic link between a device in the first set of devices and additional devices. The probabilistic link indicates common usage patterns between two devices. Based on the probabilistic link, the analytics computing system generates a data structure that includes the deterministic device cluster and the additional devices.
    Type: Grant
    Filed: September 19, 2016
    Date of Patent: April 9, 2019
    Assignee: Adobe Systems Incorporated
    Inventors: Karthik Raman, Nedim Lipka, Matvey Kapilevich
  • Patent number: 10237057
    Abstract: A method for controlling the exchange of private data, associated with a client device, between an application in execution on or for the device and a serving node in a data network, comprising transmitting a request to the serving node from the application for access to a service requiring use of the private data, receiving challenge data at the application from the serving node, requesting authorization for the use of the private data using a secure user interface of the client device to a trusted information manager on the basis of the challenge data, transmitting an obfuscated version of the private data for use with the service from the trusted information manager to the application on the basis of the authorization.
    Type: Grant
    Filed: August 18, 2014
    Date of Patent: March 19, 2019
    Assignee: Alcatel Lucent
    Inventors: Tommaso Cucinotta, Stephane Betge-Brezetz
  • Patent number: 10230727
    Abstract: Method for authenticating a user, comprising the steps of a)providing a central server (101), in communication with at least one authentication service provider (110, 120, 130), arranged to authenticate users via a respective authentication web interface, and at least one user service provider (150), arranged to provide user services to users via a respective user service web interface; b) providing, for a particular user and using a web browser in an electronic device (170, 180), access to the authentication web interface, and upon an authentication of the user, the central server placing a cookie on the electronic device identifying the authentication service provider; c) providing, for the user and using the same web browser executed from the same electronic device, access to the user service web interface, and as a result providing the said cookie to the central server; d) identifying, based upon the said cookie, the authentication service provider; e) redirecting the web browser to the authentication ser
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: March 12, 2019
    Assignee: IDENTITRADE AB
    Inventor: Philip Hallenborg
  • Patent number: 10225235
    Abstract: A firewall system determines whether a protocol used by an incoming data packet is a standard protocol compliant with Request For Comment (RFC) standards. In the event the protocol is RFC compliant, the firewall transmits the packet to the recipient according to firewall policies regarding the standard protocol. If the protocol is not that of an RFC standard, the firewall determines whether the protocol matches an RFC-exception protocol in a RFC-exception protocol database. If the protocol does match an RFC-exception, the firewall may transmit the packet to the recipient according to firewall policies regarding the RFC-exception protocol. If it does not match an RFC-exception, the firewall may transmit the packet or protocol to a support system where it may be quarantined until it is approved based on a decision that the protocol is safe and/or widely adopted.
    Type: Grant
    Filed: December 4, 2017
    Date of Patent: March 5, 2019
    Assignee: SONICWALL INC.
    Inventor: Hugo Vazquez Carames
  • Patent number: 10200438
    Abstract: Measuring a quality of service in an Internet protocol network includes forming no more than one echo request packet in an originating device; transmitting the echo request packet to a destination device; swapping the source and destination addresses in the received echo request packet to form an echo reply packet without allocating memory for a new packet; receiving at the originating system the echo request packet repurposed as the echo reply packet; comparing a DSCP value in the echo request packet to a DSCP value in the echo reply packet; and when the DSCP values from the two packets are the same, asserting a prediction that the network will deliver a preferred quality of service for a streaming message service.
    Type: Grant
    Filed: January 17, 2017
    Date of Patent: February 5, 2019
    Assignee: PathSolutions, Inc.
    Inventor: Timothy G. Titus
  • Patent number: 10193862
    Abstract: A computer system provides a method for identifying firewall rules to apply to a virtual machine based on detecting initiation of a new network connection from the virtual machine. An example method generally includes detecting initiation of communications on a network port by a virtual machine, identifying one or more applications executing on the virtual machine that initiated communications on the network port, identifying one or more firewall rules to apply to the virtual machine based, at least in part, on the identification of the one or more applications, determining a deviation between firewall rules applied to the virtual machine and the identified one or more firewall rules, and upon determining that a deviation exists between the firewall rules applied to the virtual machine and the identified one or more firewall rules, applying one or more rules corresponding to the determined deviation to the virtual machine.
    Type: Grant
    Filed: November 29, 2016
    Date of Patent: January 29, 2019
    Assignee: VMware, Inc.
    Inventors: Jayant Jain, Anirban Sengupta, Alok Tiagi, Jingmin Zhou, Russell Lu
  • Patent number: 10182121
    Abstract: A method, computer system, and a computer program product for detecting a session status based on a cookie associated with the session is provided. The present invention may include receiving an access request to a specified location associated with a server computer. The present invention may also include determining that the received access request has the cookie corresponding with the specified location. The present invention may also include receiving a last refresh time from the cookie. The present invention may then include determining the session status based on the retrieved last refresh time, a current request time, a refresh interval, and an overdue value.
    Type: Grant
    Filed: December 31, 2017
    Date of Patent: January 15, 2019
    Assignee: International Business Machines Corporation
    Inventors: William J. Carpenter, Hai Ji, Zi Jian Ji, Yuan Yuan Li, Wen Bo Ma, Jia Mi
  • Patent number: 10180985
    Abstract: Methods, computer-readable media and apparatuses for automatically redirecting a search are disclosed. A processor receives a search term, connects to a search server hosting a search site that displays a plurality of sites in response to the search term, receives a selection of a site from the plurality of sites, provides an option to associate the site with the search term and receives a confirmation to associate the site with the search term, where the search term automatically redirects a connection to a server hosting the site and by-passing a connection to the search server hosting the search site when the search term is received at a later time.
    Type: Grant
    Filed: February 19, 2015
    Date of Patent: January 15, 2019
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Robert King, Sharon E. Carter
  • Patent number: 10171441
    Abstract: Embodiments can provide a computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for transforming a Channel ID communication, the method comprising: generating, by a SSL/TLS inspector, a secret; receiving, from a client, a Channel ID communication comprising a public key value; deriving, by the SSL/TLS inspector, a random seed value for a private key using the secret and the public key value of the Channel ID communication; generating, by the SSL/TLS inspector, a new private key based upon the random seed value; deriving, by the SSL/TLS inspector, a new public key based upon the new private key; generating, by the SSL/TLS inspector, a transformed Channel ID communication based upon the new private key and the new public key; and forwarding, by the SSL/TLS inspector, the transformed Channel ID communication to a server.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: Wei-Hsiang Hsiung, Cheng-Ta Lee, Wei-Shiau Suen, Ming-Hsun Wu
  • Patent number: 10142111
    Abstract: A client establishes an cryptographically protected communications session and determines information usable to distinguish the session from other sessions. The client digitally signs the information using a cryptographic key that is independent of the session to enable a server to check whether the information matches the session that it established and whether the digital signature is correct. The server may perform mitigating operations if either or both of the information or the digital signature is/are invalid.
    Type: Grant
    Filed: October 2, 2017
    Date of Patent: November 27, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Bradley Jeffery Behm, Gregory Branchek Roth, Gregory Alan Rubin
  • Patent number: 10129282
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.
    Type: Grant
    Filed: December 30, 2016
    Date of Patent: November 13, 2018
    Assignee: Palantir Technologies Inc.
    Inventors: Samuel Jones, Timothy Yousaf, Drew Dennison, Vivek Lakshmanan, Joseph Staehle, Samuel Kremin, Maxim Kesin, Taylor Heroux
  • Patent number: 10129279
    Abstract: Techniques for detecting application program spoofing. The techniques include: receiving a communication from an application program executing on a client device different from the at least one computer; identifying from the communication an asserted identity of the application program; and verifying the asserted identity of the application program at least in part by: interacting with the client device to obtain additional information about the application program, and determining whether the additional information about the application program is consistent with the asserted identity of the application program.
    Type: Grant
    Filed: September 4, 2016
    Date of Patent: November 13, 2018
    Assignee: Mastercard Technologies Canada ULC
    Inventors: Christopher Everett Bailey, Randy Lukashuk, Gary Wayne Richardson
  • Patent number: 10114958
    Abstract: A data processing machine is configured to include one or more buried memory zones that are not intelligibly accessible to user software and to operating system software or hypervisor software within the data processing machine. At least one of hardware and firmware are configured to intelligibly access at least one of the buried memory zones so as to store therein, metadata defining one or more extents of a respective one or more protected regions (PR's) that are constituted in other memory areas of the data processing machine. The stored metadata defines constraints for the corresponding PR's including at least one of corresponding operational constraints and/or operational requirements that respectively constrain the operations performed by or on the data of the PR's.
    Type: Grant
    Filed: April 18, 2016
    Date of Patent: October 30, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventor: John V Sell
  • Patent number: 10063579
    Abstract: Techniques for fraud detection based on user behavior that monitor and analyze user interactions with an application executing on an end user device. The techniques include monitoring behavior of an end user device user by tracking user interactions with the application executing on the end user device, and generating event records describing the user interactions and the times at which they occurred. The event records are sent to an analytics engine that uses the event records to perform a fraud detection operation by comparing the user interactions described in the event records to an expected pattern of user interactions with the application, and detecting anomalous user behavior indicative of fraud in response to the user interactions described in the event records not matching the expected pattern of user interactions with the application.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: August 28, 2018
    Assignee: EMC IP Holding Company LLC
    Inventor: Salah Machani
  • Patent number: 10063418
    Abstract: A method for providing a dormant state for content management servers. Client devices are allowed to conduct transactions with servers when the servers are active. However, in a dormant state, the servers are not allowed to accept new transactions. Thus, by utilizing the dormant state, software upgrades can be made to one server at a time. Alternatively, all servers can be taken down for major upgrades, with the servers still operated in a read-only mode based on a file image from a point in time just prior to the shutdown. When the upgrade is completed, the servers can be returned to the active state.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: August 28, 2018
    Assignee: Open Text Corporation
    Inventors: Shu-Shang Sam Wei, Shreyas Satyanand Kaushik, Edward C. Bueche
  • Patent number: 10045212
    Abstract: A method, non-transitory computer readable medium and apparatus for securing user input and/or output on a mobile endpoint device. For example, the method receives an input on the mobile endpoint device, encrypts and authenticates the input in a trusted domain of the mobile endpoint device executing an application and sends the input that is encrypted and authenticated to an untrusted domain of the mobile endpoint device over a secure channel.
    Type: Grant
    Filed: December 12, 2016
    Date of Patent: August 7, 2018
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Jeffrey E. Bickford, Mikhail Istomin, Evgene Vahlis
  • Patent number: 10033712
    Abstract: A processing system periodically configures a beacon code and random nonce to transmit to a beacon device at a location. Multiple users enter the location with associated user computing devices. The user computing devices retransmit the beacon code broadcasted by the beacon device to the processing system. A particular user initiates a transaction at a computing device at the location, which transmits to the processing system a request for account data and retransmits the beacon code and a random nonce. The processing system verifies the beacon code and random nonce and transmits, to the computing device at the location, user account identifiers associated with user computing devices that retransmitted the beacon code. The processing system receives a selection of the user identifier from the merchant point of sale device and transmits account information to the computing device at the location.
    Type: Grant
    Filed: December 9, 2015
    Date of Patent: July 24, 2018
    Assignee: GOOGLE LLC
    Inventors: Sashikanth Chandrasekaran, Sheldon Israel Walfish, Yilei Wang, Zhihong Xu
  • Patent number: 10033729
    Abstract: Techniques are disclosed for authenticating a user. One technique includes receiving a passphrase at a server. The technique further includes parsing the passphrase using one or more parsing requests to create one or more parsings. The technique includes storing the one or more parsings on the server. The technique also includes receiving, at the server, a request from a user to authenticate the user. Finally, the technique includes transmitting a first parsing request to authenticate the user.
    Type: Grant
    Filed: April 14, 2016
    Date of Patent: July 24, 2018
    Assignee: International Business Machines Corporation
    Inventors: John B. Beauvais, Michael J. Turek
  • Patent number: 10021063
    Abstract: A method includes generating an obfuscation of a notification and transmitting the obfuscation to an end-user device via an unsecure notification infrastructure. The method also includes, in response to a request from the end-user device, transmitting the notification to the end-user device via a secure connection. The request from the end-user device can also be received via the secure connection. The method could also include receiving information associated with an event and storing at least one of the notification and the information in association with the obfuscation, where the notification contains the information. The event could denote an event associated with an industrial process control and automation system. The obfuscation could include a unique identifier associated with the notification or a summary of the notification.
    Type: Grant
    Filed: September 23, 2015
    Date of Patent: July 10, 2018
    Assignee: Honeywell International Inc.
    Inventor: Andrew Duca
  • Patent number: 10009171
    Abstract: Innovations in the construction and use of variable-input-length tweakable ciphers (“VILTCs”). In some cases, a VILTC uses an initialization vector that is protected from exposure outside an encryption/decryption system in order to provide enhanced security with efficient performance. For example, a system for encryption and/or decryption includes two fixed-input-length tweakable block ciphers (“FIL TBCs”) and a VILTC. The first FIL TBC is adapted to produce a fixed-length initialization vector. The VILTC is adapted to produce a variable-length output string using the fixed-length initialization vector as a tweak. The second FIL TBC is adapted to produce a fixed-length output string. In this way, the first FIL TBC and the second FIL TBC protect the fixed-length initialization vector from exposure outside the system. In other cases, a VILTC is used for a reliable and efficient implementation of authenticated encryption/decryption with associated data.
    Type: Grant
    Filed: December 28, 2016
    Date of Patent: June 26, 2018
    Assignee: Portland State University
    Inventors: Thomas E. Shrimpton, Robert S. Terashima
  • Patent number: 9973500
    Abstract: A mechanism for consolidating communications between a computer tenant and a web services layer is provided. The mechanism may include a web services layer. The web services layer may be configured to receive communications, via an authentication validation module, from an authentication service. The authentication service may be in communication with the computer tenant and/or the web services layer. The web services layer may be configured to receive authorization data, via an authorization module, from an authorization data store. The web services layer may also receive and transmit logged calls from a log database. The logged calls may store calls from the computer tenant to the web services layer and calls from the web services layer to the authentication server. The computer tenant may initiate communication with the web services layer. Included in the communications may be a token.
    Type: Grant
    Filed: April 18, 2016
    Date of Patent: May 15, 2018
    Assignee: Bank of America Corporation
    Inventors: Savitri Podal, Sandhya Vanapalli, Glenda Aranas
  • Patent number: 9940149
    Abstract: Certain aspect of the present disclosure relates to a virtual machine (VM) control system, which includes a VM controller. For a plurality of employees, the VM controller registers each employee by assigning an employee ID, and stores registration information in an attendance database. The VM controller also associates one or more VMs to each employee, and stores VM association information between the VMs and the employees in an employee ID database. The VM controller transmits polling inquiries periodically to the attendance database to retrieve employee presence events of the employees. For each employee, the employee presence events include an ingress event and an egress event. When the ingress event is detected and the associated VM is off, the VM controller launches the associated VM. When the egress event is detected and the associated VM is on, the VM controller shuts down the associated VM.
    Type: Grant
    Filed: November 18, 2014
    Date of Patent: April 10, 2018
    Assignee: AMERICAN MEGATRENDS, INC.
    Inventors: Santhosh Samuel Mathews, Sudhakar Errappa Parthasarathy
  • Patent number: 9886656
    Abstract: A method for managing privacy of information on a shipping label associated with a shipment is provided. The method includes receiving information associated with the shipment, generating at least two decryption keys associated with at least two pieces of information from the information, generating encrypted messages by encrypting the at least two pieces of information based on the at least two decryption keys including a first and second encrypted message encrypted based on a first and second decryption key, respectively, generating a machine-readable code including the encrypted messages, generating a shipping label including machine-readable code, and providing the first and second decryption keys based on a first and second status of the shipment, respectively.
    Type: Grant
    Filed: September 22, 2015
    Date of Patent: February 6, 2018
    Assignee: International Business Machines Corporation
    Inventors: Jia L. Chen, Bing Fang, Gao Y. Ruan, You You
  • Patent number: 9848013
    Abstract: Provided are methods and systems for detecting a DoS attack when initiating a secure session. A method for detecting a DoS attack may commence with receiving, from a client, a request to initiate a secure session between the client and a server. The method may continue with sending a pre-generated key to the client. The method may further include establishing that the request from the client is suspected of the DoS attack. The establishment may be performed based on further actions associated with the client.
    Type: Grant
    Filed: February 5, 2015
    Date of Patent: December 19, 2017
    Assignee: A10 NETWORKS, INC.
    Inventors: Yang Yang, Ali Golshan
  • Patent number: 9846774
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identify an application, run the application, log the parameters for each function call of the application, and store the logged parameters in an emulation table. The logged parameters can include a function call, input parameters, and output parameters. The emulation table can be used to simulate execution of an application without having to actually run the application.
    Type: Grant
    Filed: June 27, 2015
    Date of Patent: December 19, 2017
    Assignee: McAfee, LLC
    Inventors: Christoph Alme, Slawa Hahn, Stefan Finke
  • Patent number: 9843561
    Abstract: Methods, systems and computer readable media for a MiTM proxy that supports client authentication are described.
    Type: Grant
    Filed: October 15, 2015
    Date of Patent: December 12, 2017
    Assignee: Avaya Inc.
    Inventors: Vijaykumar V. Borkar, Saurabh Sule
  • Patent number: 9838357
    Abstract: A firewall system determines whether a protocol used by an incoming data packet is a standard protocol compliant with Request For Comment (RFC) standards. In the event the protocol is RFC compliant, the firewall transmits the packet to the recipient according to firewall policies regarding the standard protocol. If the protocol is not that of an RFC standard, the firewall determines whether the protocol matches an RFC-exception protocol in a RFC-exception protocol database. If the protocol does match an RFC-exception, the firewall may transmit the packet to the recipient according to firewall policies regarding the RFC-exception protocol. If it does not match an RFC-exception, the firewall may transmit the packet or protocol to a support system where it may be quarantined until it is approved based on a decision that the protocol is safe and/or widely adopted.
    Type: Grant
    Filed: February 16, 2017
    Date of Patent: December 5, 2017
    Assignee: SONICWALL INC.
    Inventor: Hugo Vazquez Carames
  • Patent number: 9794374
    Abstract: A server includes a network communication device, a storage device, and a processing device. The processing device executes computer-readable instructions that, when executed by the processing device, cause the processing device to: receive contextual data from a client computing device via the network communication device, the contextual data indicates a first application view displayed on the client computing device; identify a first application function ID that identifies a first application function corresponding with the first application view; determine a first user intent ID that corresponds with the first application function ID; determine a second user intent ID that transitions from the first user intent ID; identify a second application function ID that corresponds with the second user intent ID; retrieve a card object corresponding with the second application function ID from the storage device; and transmit the card object to the client computing device via the network communication device.
    Type: Grant
    Filed: August 24, 2016
    Date of Patent: October 17, 2017
    Assignee: Quixey, Inc.
    Inventors: Brahm Singh, Kalyan Desineni, Rajesh Konda, Yeongmi Jeon
  • Patent number: 9787743
    Abstract: A method for the transmission and adaption of data can include the steps of generating generic requirement documents, identifying a plurality of suitable communication patterns on the basis of the generic requirement documents, determining currently available transport options and their service quality across at least one communication network, and selecting a communication pattern from a plurality of suitable communication patterns based on the network transmission qualities of the at least one communication network. The method can utilize a first functional layer and a second functional layer that are integrated between a software application layer and a network access layer that each receive input documents that are independent of each other. The input documents of the second functional layer can contain transport-related information while the input documents of the first functional layer can contain application-related information.
    Type: Grant
    Filed: April 14, 2015
    Date of Patent: October 10, 2017
    Assignee: Unify GmbH & Co. KG
    Inventors: Jurgen Totzke, Karl Klug, Paul Mueller, Tino Fleuren, Joachim Goetze, Ralf Steinmetz, Apostolos Papageorgiou, Ulrich Lampe, Phuoc Tran-Gia, Martina Zitterbart, Erwin Rathgeb, Adam Wolisz
  • Patent number: 9773105
    Abstract: A mobile device security system can include circuitry configured to receive first user-interaction information associated with the mobile device. The first user-interaction information can be indicative of first sensed interactions of a user with the mobile device during a first period of time. The system can also include circuitry configured to receive second user-interaction information associated with the mobile device. The second user-interaction information can be indicative of second sensed interactions of a user with the mobile device during a second period of time that is subsequent to the first period of time. The system can also include circuitry configured to compare the first and second user-interaction information. The system can also include circuitry configured to report anomaly information to a security service of the mobile device and/or a remote system, where a difference between the first and second user-interaction information exceeds a threshold.
    Type: Grant
    Filed: April 30, 2015
    Date of Patent: September 26, 2017
    Assignee: Xiaomi Inc.
    Inventors: Yang Li, Aibao Luo, Han Jiang
  • Patent number: 9754120
    Abstract: A method for redacting an electronic document (ED) having a file format, including: obtaining a request to redact a sensitive data item in the ED; identifying a first instance and a second instance of the sensitive data item in a markup of the ED, where the second instance of the sensitive data item is not visible in a rendered version of the ED; and generating a redacted ED having the file format by: replacing the first instance of the sensitive data item and the second instance of the sensitive data item with a neutral data item, and inserting, into the markup, an encrypted version of the sensitive data item at a first location.
    Type: Grant
    Filed: February 13, 2015
    Date of Patent: September 5, 2017
    Assignee: Konica Minolta Laboratory U.S.A., Inc.
    Inventor: Darrell Eugene Bellert
  • Patent number: 9743218
    Abstract: Apparatus has at least one processor and at least one memory having computer-readable code stored therein which when executed controls the at least one processor: to respond to receiving a proxy connection initiation request message from a source, the proxy connection initiation request message being a request to provide a proxy and including an address of a target and an address of the source, by causing sending of an advertising message addressed to the target; and to respond subsequently to receiving a connection request message from the target by causing sending of a proxy setup request message addressed to the source.
    Type: Grant
    Filed: November 7, 2012
    Date of Patent: August 22, 2017
    Assignee: Nokia Technologies Oy
    Inventors: Canfeng Chen, Jia Liu
  • Patent number: 9659183
    Abstract: A computer system, computer product, and method for accessing a secure store, which includes receiving a request to access a secure store, checking the file path of the request to make sure it exists in the secure store, verifying security parameters from the process at the file system filter layer, saving the PID of the process by the file system filter layer, comparing the saved PID to the process's PID, and allowing the process to access the path in the secure store specified in the request.
    Type: Grant
    Filed: June 18, 2012
    Date of Patent: May 23, 2017
    Assignee: Honeywell International Inc.
    Inventors: Qi Zhu, Jian Yin, Fei Jing
  • Patent number: 9659189
    Abstract: The disclosed technology includes techniques for improving data privacy in mobile communications over public cloud services. According to certain implementations, a novel conceptual layer may be interposed between the “application” layer and the “user” layer. In some implementations, the conceptual layer may be at least partially embodied by a transparent window or pane overlaid on top of existing app graphical user interfaces to: (1) intercept plaintext user input before transforming the input and feeding it to an underlying app; and (2) reverse transform output data from the app before displaying the plaintext data to the user. Accordingly, the conceptual layer may serve as a protective layer while preserving the original application workflow and look-and-feel.
    Type: Grant
    Filed: October 14, 2014
    Date of Patent: May 23, 2017
    Assignee: Georgia Tech Research Corporation
    Inventors: Wenke Lee, Alexandra Boldyreva, Chung Pak Ho, Billy Lau, Chengyu Song
  • Patent number: 9641513
    Abstract: The present disclosure includes an exemplary method for controlling access to a third-party server by a mobile terminal. The method comprises: acquiring, at the mobile terminal from a first-party server, login authorization information using which a user of the mobile terminal has logged in the first-party server through a client-side application corresponding to the first-party server, wherein the login authorization information includes a logged-in account; transmitting, to the third-party server, a login request, wherein the login request includes the login authorization information that is to be verified; and receiving authorization for the user to log in the third-party server using the logged-in account included in the verified login authorization information.
    Type: Grant
    Filed: July 15, 2014
    Date of Patent: May 2, 2017
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Min Ren, Hua Zong, Nan Liu, Pengzhuang Tang, Shuopei Liu
  • Patent number: 9607177
    Abstract: A method operational within a memory controller is provided for securing content stored in memory. The memory controller may allocate logical memory regions within a memory device to different domains. A different domain-specific key is obtained for each of the different domains, where each domain-specific key is a function of at least a master key and domain-specific information. During write operations, content/data is encrypted, at the memory controller, as it is written into each logical memory region using a domain-specific key corresponding to a domain providing the content and to which the logical memory region is allocated. Similarly, during read operations, content/data is decrypted, at the memory controller, as it is read from each memory region using a domain-specific key corresponding to a domain requesting the content and to which the logical memory region, where the content is stored, is allocated.
    Type: Grant
    Filed: September 30, 2013
    Date of Patent: March 28, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Ravindra R. Jejurikar, Ivan McLean
  • Patent number: 9608963
    Abstract: An intermediary network device receives a request for a secure communication session between an endpoint server and an endpoint client through the network device. The secure session between the endpoint server and the endpoint client is divided into a first session and a second session. The first session is between the endpoint server and the network device. The second session is between the network device and the endpoint client. The network device receives a first session ticket from the endpoint server. A session state of a proxy client in the first session, including the first session ticket, is determined. The network device also determines a session state of a proxy server in the second session. The combination of the session state of the proxy client, including the first session ticket, and the session state of the proxy server are encapsulated as part of a second session ticket.
    Type: Grant
    Filed: April 24, 2015
    Date of Patent: March 28, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: Chengning Lu, Eitan Bennun, Maypalli Jayadev Kumar, Nikhil Ravindra Rajguru, Shamira Joshua, Richard Lin, Elisa Caredio
  • Patent number: 9590949
    Abstract: Systems and methods are disclosed permitting a sender to send a secret and secure message to a recipient. An application on a sender device interfaces with known message generating tools to permit a user to generate a message. The local application encrypts the message (and optional attachments) based on public/private key pairing negotiated with the server given the recipient device id. The sender device transmits the cipher text to the server. The server generates a benign, text-based, context-appropriate message and delivers same to a recipient device by way of a known messaging service. The benign message provides a secret clue to the recipient that an encrypted message is available. Recipient may then access and decrypt the encrypted message, such as from the server in response to a successful challenge (e.g., password request).
    Type: Grant
    Filed: June 18, 2014
    Date of Patent: March 7, 2017
    Assignee: PRIVATE GIANT
    Inventors: Shaun Murphy, Charles Murphy, Richard Johnson
  • Patent number: 9584318
    Abstract: Provided are methods and systems for mitigating a DoS attack. A method for mitigating a DoS attack may commence with receiving, from a client, a request to initiate a secure session between the client and a server. The method may continue with determining whether the client is on a whitelist. Based on a determination that client is absent from the whitelist, a pre-generated key may be sent to the client. The method may include determining validity of the established secure session. The determination may be performed based on further actions associated with the client. Based on the determination that the secure session is valid, a renegotiation of the secure session may be forced. The method may further include generating a new key using a method for securely exchanging cryptographic keys over a public channel. The new key is then sent to the client.
    Type: Grant
    Filed: December 30, 2014
    Date of Patent: February 28, 2017
    Assignee: A10 Networks, Inc.
    Inventors: Yang Yang, Ali Golshan
  • Patent number: 9569617
    Abstract: A computer-implemented method for preventing false positive malware identification may include (1) identifying a set of variants of a trusted software program, (2) characterizing, for each variant in the set of variants of the trusted software program, at least one common property of the variants, (3) clustering the set of variants of the trusted software program based on the common property of the variants, and (4) creating a signature capable of recognizing variants of the trusted software program. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 5, 2014
    Date of Patent: February 14, 2017
    Assignee: Symantec Corporation
    Inventor: Joseph H. Chen
  • Patent number: 9553730
    Abstract: In many information security scenarios, a certificate issued by a certificating authority may be presented to a client in order to assert a trust level of a certificated item, such as a message or a web page. However, due to a decentralized structure and incomplete coordination among certificating authorities, the presence and exploitation of security vulnerabilities to issue untrustworthy certificates may be difficult to determine, particularly for an individual client. Presented herein are techniques for providing a certificating authority trust service that collects and evaluates certificates submitted to clients by certificating authorities, and advises the clients of a certificating authority trust level for respective certificating authorities (e.g., determined as a consensus of the evaluated certificates issued by the certificating authority).
    Type: Grant
    Filed: September 6, 2013
    Date of Patent: January 24, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Anooshiravan Saboor, Muhammad Umar Janjua, Nelly Porter, Philip Hallin, Haitao Li, Xiaohong Su, Kelvin Yiu, Anthony Paul Penta
  • Patent number: 9542555
    Abstract: A system and method for detecting malware in compressed data. The system and method identifies a set of search strings extracted from compressed executables, each of which is infected with malware from a family of malware. The search strings detect the presence of the family of malware in other compressed executables, fragments of compressed executables, or data streams.
    Type: Grant
    Filed: April 13, 2015
    Date of Patent: January 10, 2017
    Assignee: Pulse Secure, LLC
    Inventors: George Tuvell, Deepak Venugopal
  • Patent number: 9537880
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.
    Type: Grant
    Filed: December 29, 2015
    Date of Patent: January 3, 2017
    Assignee: PALANTIR TECHNOLOGIES INC.
    Inventors: Samuel Jones, Timothy Yousaf, Drew Dennison, Vivek Lakshmanan, Joseph Staehle, Samuel Kremin, Maxim Kesin, Taylor Heroux
  • Patent number: 9525671
    Abstract: This disclosure describes, in part, systems, devices, and techniques to encrypt address resolution protocol (ARP) messages to prevent a rogue device from accessing information about a local network. In certain embodiments described herein, networked devices are preconfigured with security credentials that allow the devices, possibly via network interface controllers (NICs), to encrypt outgoing ARP messages and decrypt incoming ARP messages. The NICs may listen for encrypted messages that are recognized as being ARP messages. These encrypted messages may include a designator that indicates that the message is an encrypted ARP message. When a NIC receives a message that is indicated as an encrypted ARP message, then the NIC will decrypt the message using secure credentials to obtain the true ARP message. The device will then process the message in accordance standard procedures.
    Type: Grant
    Filed: January 17, 2013
    Date of Patent: December 20, 2016
    Assignee: Amazon Technologies, Inc.
    Inventor: Timothy Craig Worsley
  • Patent number: 9521546
    Abstract: A method, terminal and secure RF communication system are provided. The method for radio frequency secure communication of the invention comprises: generating magnetic channel data, and transmitting the magnetic channel data via a magnetic channel; establishing a radio frequency link with a peer device which feeds back a response information of the magnetic channel data; generating first radio frequency data, encrypting the first radio frequency data using the magnetic channel data, and transmitting the encrypted first radio frequency data to the peer device via the radio frequency link; and/or receiving encrypted second radio frequency data transmitted by the peer device via the radio frequency link, and decrypting the encrypted second radio frequency data using the magnetic channel data. By the above technical solution, the invention avoids the risk that a preset key is intercepted or decrypted, and enhances the security of the radio frequency link data exchanging process.
    Type: Grant
    Filed: August 28, 2012
    Date of Patent: December 13, 2016
    Assignee: NATIONZ TECHNOLOGIES INC.
    Inventor: Meixiang Li
  • Patent number: 9503453
    Abstract: Disclosed is an authentication system and method. The authentication system according to one embodiment of the present disclosure comprises a transceiver for receiving an authentication request including a client-side OTP and encoded account information from a client, and transmitting the result of the authentication performed in accordance with the authentication request to the client; a decoder for decoding the encoded account information so as to compute the account information of the client and an authentication request time; a server-side OTP generator for generating a server-side OTP using the computed account information of the client and authentication request time; and an authenticator for comparing the client-side OTP included the authentication request and the server-side OTP in order to authenticate the client.
    Type: Grant
    Filed: June 21, 2013
    Date of Patent: November 22, 2016
    Assignee: SAMSUNG SDS CO., LTD.
    Inventors: Seong Dae Song, Han Eung Hwang, Seung Kuk Kim
  • Patent number: 9450975
    Abstract: A method performed in a processor of an intrusion detection/prevention system (IDS/IPS) checks for valid packets in an SMB named pipe in a communication network. In a processor configured as an IDS/IPS, a packet in a transmission is received and a kind of application of a target of the packet is determined. Also, the data in the packet is inspected by the IDS/IPS as part of the SMB named pipe on only one of a condition that: (a) the FID in an SMB command header of the packet is valid (i) for segments/fragments in the SMB named pipe and (ii) for the determined kind of application of the target of the packet, as indicated by a reassembly table, and (b) the determined kind of application of the target of the packet does not check the FID, as indicated by the reassembly table.
    Type: Grant
    Filed: May 7, 2015
    Date of Patent: September 20, 2016
    Assignee: Cisco Technology, Inc.
    Inventor: Kenneth Todd Wease