Application Layer Security Patents (Class 713/152)
  • Patent number: 10812496
    Abstract: In one embodiment, a method includes receiving data associated with a cluster at a computer and processing the data at the computer to automatically generate a description of the cluster. The data includes cluster data comprising data within the cluster and non-cluster data comprising a remaining set of the data. The description comprises a minimal set of features that uniquely defines the cluster to differentiate the cluster data from non-cluster data. An apparatus and logic are also disclosed herein.
    Type: Grant
    Filed: October 1, 2015
    Date of Patent: October 20, 2020
    Assignee: CISCO TECHNOLOGY, INC.
    Inventor: Blake Harrell Anderson
  • Patent number: 10778697
    Abstract: With regard to a method for transmitting and receiving data in a wireless communication system in the present specification, a method implemented by a first network node is characterized by comprising: transmitting a control message, including information pertaining to terminal context retention properties, to a terminal; receiving a first message including a first information block from the terminal; carrying out a verification process on the terminal on the basis of the received first message; and transmitting a second message to the terminal according to the results of the verification of the terminal, wherein the terminal context retention properties represent at least one of whether terminal context is retained or whether terminal context can be changed.
    Type: Grant
    Filed: June 22, 2016
    Date of Patent: September 15, 2020
    Assignee: LG Electronics Inc.
    Inventors: Heejeong Cho, Jiwon Kang, Genebeck Hahn, Eunjong Lee, Ilmu Byun
  • Patent number: 10764252
    Abstract: A method and system for communicating between a managed device and a device manager is provided by sending the managed device a message over a first communications channel, and then initiating communication between the managed device and the device manager over a second communications channel in response to the message, wherein the first communications channel and the second communications channel are of different types.
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: September 1, 2020
    Assignee: VODAFONE IP LICENSING LTD
    Inventors: Nick Bone, Simone Ferrara
  • Patent number: 10764263
    Abstract: Apparatuses and methods for authenticating a user to a host by an agent are disclosed. In the method the agent receives a connection request to the host from the user. In response to the received connection request, the agent determines an ephemeral authenticator, and acquires using the ephemeral authenticator a second authenticator. The second authenticator is based at least in part on use of the ephemeral authenticator. The agent then authenticates the user to the host using the second authenticator.
    Type: Grant
    Filed: November 28, 2016
    Date of Patent: September 1, 2020
    Assignee: SSH Communications Security OYJ
    Inventor: Markku Rossi
  • Patent number: 10712796
    Abstract: A non-transitory computer readable storage medium having stored thereon instructions, the instructions being executable by one or more processors to perform operations including: receiving, by a calibration module executed by the one or more processors, a calibration request including (i) a workload type, (ii) a list of compute nodes belonging to a distributed computer system, and (iii) one or more frequencies; responsive to identifying the workload type as a clustered workload type, instructing a plurality of compute nodes on the list of compute nodes to begin processing a workload of the workload type; and responsive to identifying the workload type as a clustered workload type, instructing a compute node on the list of compute nodes to begin processing the workload of the workload type is shown.
    Type: Grant
    Filed: December 24, 2014
    Date of Patent: July 14, 2020
    Assignee: INTEL CORPORATION
    Inventors: Muralidhar Rajappa, Andy Hoffman, Devadatta Bodas, Justin Song, James Alexander
  • Patent number: 10701091
    Abstract: A computerized method to identify potentially malicious code in a network is described. Herein, information associated with a threat is analyzed to yield intelligence that includes instructions or indicators related to the threat. Based on the intelligence, a determination is made as to an endpoint device, which includes an endpoint agent, is to (i) receive at least one of the instructions or the indicators, (ii) conduct an examination of memory of the endpoint device for data corresponding to any of the instructions or the indicators, and (iii) obtain results of the examination. Verification information, including at least a portion of the results of the examination by the endpoint device and an identifier for the endpoint device, is gathered and correlated to determine whether such information corresponds to a verified threat. Thereafter, a notification, including a portion of the verification information, is sent to identify the verified threat.
    Type: Grant
    Filed: July 23, 2018
    Date of Patent: June 30, 2020
    Assignee: FireEye, Inc.
    Inventors: Sean Cunningham, Robert Dana, Joseph Nardone, Joseph Faber, Kevin Arunski
  • Patent number: 10698900
    Abstract: Systems and methods are disclosed for generating a distributed execution model with untrusted commands. The system can receive a query, and process the query to identify the untrusted commands. The system can use data associated with the untrusted command to identify one or more files associated with the untrusted command. Based on the files, the system can generate a data structure and include one or more identifiers associated with the data structure in the distributed execution model. The system can distribute the distributed execution model to one or more nodes in a distributed computing environment for execution.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: June 30, 2020
    Assignee: Splunk Inc.
    Inventors: Arindam Bhattacharjee, Sourav Pal, Alexander Douglas James
  • Patent number: 10666665
    Abstract: A confirmation apparatus includes a determination unit configured to determine whether an information processing apparatus that has transmitted a security confirmation instruction executes communication via a firewall, a setting unit configured to set predetermined ports as inspection targets in a first case where the determination unit determines that the information processing apparatus executes communication via the firewall, and set ports listed in a used port list received from the information processing apparatus as the inspection targets in a second case where the determination unit determines that the information processing apparatus executes communication without interposing the firewall, an inspection unit configured to inspect ports set as the inspection targets by the setting unit, and a notification unit configured to notify the information processing apparatus of an inspection result acquired by the inspection unit.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: May 26, 2020
    Assignee: Canon Kabushiki Kaisha
    Inventor: Masamichi Akashi
  • Patent number: 10652297
    Abstract: A method for the transmission and adaption of data can include the steps of generating generic requirement documents, identifying a plurality of suitable communication patterns on the basis of the generic requirement documents, determining currently available transport options and their service quality across at least one communication network, and selecting a communication pattern from a plurality of suitable communication patterns based on the network transmission qualities of the at least one communication network. The method can utilize a first functional layer and a second functional layer that are integrated between a software application layer and a network access layer that each receive input documents that are independent of each other. The input documents of the second functional layer can contain transport-related information while the input documents of the first functional layer can contain application-related information.
    Type: Grant
    Filed: January 30, 2019
    Date of Patent: May 12, 2020
    Assignee: Unify GmbH & Co. KG
    Inventors: Jurgen Totzke, Karl Klug, Paul Mueller, Tino Fleuren, Joachim Goetze, Ralf Steinmetz, Apostolos Papageorgiou, Ulrich Lampe, Phuoc Tran-Gia, Martina Zitterbart, Erwin Rathgeb, Adam Wolisz
  • Patent number: 10642996
    Abstract: A method, system and computer-usable medium for adaptively remediating multivariate risk, comprising: detecting a violation of a multivariate security policy, the multivariate security policy comprising a plurality of variables; identifying a variable from the plurality of variables associated with a cause of the violation; associating an entity with the variable associated with the cause of the violation; and, adaptively remediating a risk associated with the entity.
    Type: Grant
    Filed: July 25, 2018
    Date of Patent: May 5, 2020
    Assignee: Forcepoint LLC
    Inventors: Richard A. Ford, Ann Irvine, Adam Reeve
  • Patent number: 10637848
    Abstract: Disclosed herein is an apparatus for supporting authentication between devices, which includes a certificate information storage unit for storing certificate data of a first terminal for managing a certificate; a communication unit for receiving a request for a certificate of the first terminal, which uses a signature value and certificate-related information corresponding to the first terminal, from a second terminal and returning information corresponding to a valid certificate of the first terminal to the second terminal in order to enable the second terminal to authenticate the first terminal; and a certificate verification unit for verifying whether a certificate of the first terminal is valid.
    Type: Grant
    Filed: November 15, 2017
    Date of Patent: April 28, 2020
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Yun-Kyung Lee, Young-Ho Kim, Jeong-Nyeo Kim, Jae-Deok Lim, Bo-Heung Chung, Hong-Il Ju, Yong-Sung Jeon
  • Patent number: 10628466
    Abstract: A full-text index can be created for each mailbox of an EDB to facilitate the performance of complex queries to quickly search for email data. In this way, relevant email data can be identified and retrieved quickly and efficiently from the full-text index rather than from the EDB. To create such indexes, each email in a mailbox can be retrieved and processed to convert the email from its native format into textual name/value pairs which can then be submitted for indexing. This use of name/value pairs to index each email enables the emails across all mailboxes to be efficiently queried using any possible combination of values.
    Type: Grant
    Filed: January 6, 2016
    Date of Patent: April 21, 2020
    Assignee: Quest Software Inc.
    Inventors: Sergey Romanovich Vartanov, Alexander Gennadievich Stepanoff, Sergey Evgenievich Zalyadeev
  • Patent number: 10523701
    Abstract: In a system for configuring a web application firewall, one or more parameters of the firewall are adjusted such that a test configured for exposing a vulnerability of an application protected by the application firewall is blocked by the firewall and another test configured to invoke functionality of the application but that does not expose or exploit any security vulnerability is not blocked by the firewall. A notification is provided to a user if such a firewall configuration is not found after a specified number of attempts.
    Type: Grant
    Filed: October 16, 2018
    Date of Patent: December 31, 2019
    Assignee: Veracode, Inc.
    Inventor: Erik J. Peterson
  • Patent number: 10505960
    Abstract: One embodiment provides a method comprising, in a training phase, receiving one or more malware samples, extracting multi-aspect features of malicious behaviors triggered by the malware samples, determining evolution patterns of the malware samples based on the multi-aspect features, and predicting mutations of the malware samples based on the evolution patterns. Another embodiment provides a method comprising, in a testing phase, receiving a new mobile application, extracting a first set of multi-aspect features for the new mobile application using a learned feature model, and determining whether the new mobile application is a mutation of a malicious application using a learned classification model and the first set of multi-aspect features.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: December 10, 2019
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Deguang Kong, Wei Yang, Hongxia Jin
  • Patent number: 10467393
    Abstract: An application triggering method and device are provided in the field of terminals. The terminal device sets at least two different triggering passwords for at least two instances of an application corresponding to an application icon on a user interface on the display. The terminal device acquires an input password after a triggering operation over the application icon is detected on the user interface. The terminal device triggers a target instance of the application according to the input password, where the target instance refers to an instance for which one of the at least two different triggering passwords is the same as the input password.
    Type: Grant
    Filed: June 2, 2017
    Date of Patent: November 5, 2019
    Assignee: Beijing Xiaomi Mobile Software Co., Ltd.
    Inventors: Le Wang, Minghao Li, Yanfei Luo
  • Patent number: 10432579
    Abstract: Embodiments of the present disclosure provide an Internet Protocol address allocation method and a router. The Internet Protocol address allocation method of the present disclosure includes receiving a delegate prefix of an upper-level network device, where the upper-level network device is a network device connected to a wide area network interface of the router; generating a local prefix of the router and a delegate prefix of the router according to the delegate prefix of the upper-level network device; and sending the local prefix of the router and the delegate prefix of the router to a lower-level router of the router. Internet Protocol addresses of devices in a cascaded network can be obtained in the embodiments of the present disclosure.
    Type: Grant
    Filed: May 29, 2015
    Date of Patent: October 1, 2019
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Jian Liang, Jin Li
  • Patent number: 10389702
    Abstract: Disclosed are an entity authentication method and device, involving: sending, by an entity A, a first identity authentication message to an entity B; inspecting, by the entity B after receiving the first message, the validity of a certificate of the entity A; sending, by the entity B, a second identity authentication message to the entity A; inspecting, by the entity A after receiving the second message, the correctness of field data therein; calculating, by the entity A, a secret information and message authentication code using a private key thereof and a temporary public key of the entity B, and sending a third message to the entity B; inspecting, by the entity B after receiving the third message, the correctness of field data therein; calculating, by the entity B, a secret information and message authentication code using a private key thereof and a public key of the entity A.
    Type: Grant
    Filed: March 27, 2015
    Date of Patent: August 20, 2019
    Assignee: CHINA IWNCOMM CO., LTD.
    Inventors: Yanan Hu, Zhiqiang Du, Qin Li, Ming Li
  • Patent number: 10382431
    Abstract: Identifying a communication source includes receiving a message from a client computer requesting access to a computer-based resource; and receiving, a network signature from the client computer, wherein the network-related signature comprises a value representing how many routing devices are on a network path between the client computer and a predetermined computer. Also included is determining whether the vector of values matches a vector of stored values, each stored value potentially corresponding to a respective one of the values in the vector of values; and limiting access to the computer-based resource based at least in part on the vector of values not matching the vector of stored values.
    Type: Grant
    Filed: March 3, 2017
    Date of Patent: August 13, 2019
    Assignee: CA, Inc.
    Inventors: Himanshu Ashiya, Atmaram Shetye, Roshan Mathews
  • Patent number: 10375097
    Abstract: In one embodiment, a device in a network receives traffic information regarding one or more secure sessions in the network. The device associates the one or more secure sessions with corresponding certificate validation check traffic indicated by the received traffic information. The device makes a self-signed certificate determination for an endpoint domain of a particular secure session based on whether the particular secure session is associated with certificate validation check traffic. The device causes the self-signed certificate determination for the endpoint domain to be used as input to a malware detector.
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: August 6, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Martin Kopp, Martin Grill, Jan Kohout
  • Patent number: 10375025
    Abstract: A virtual private network implementation method includes intercepting, by an NDIS intermediate driver, a packet sent by an application program to an intranet server, and determining, according to a PID corresponding to the packet, whether to allow a process corresponding to the packet to use an SSL VPN; when the process corresponding to the packet is allowed to use the SSL VPN, establishing, by the NDIS intermediate driver, a new packet, and submitting the new packet to an NDIS network interface card driver; and sending, by the NDIS network interface card driver, the new packet to the client, and sending, by the client, the new packet to the intranet server. Thereby, a virtual private network is implemented based on process control, and a client has a fast startup speed.
    Type: Grant
    Filed: February 7, 2017
    Date of Patent: August 6, 2019
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Xiaofeng Zheng, Yinghua Zhu, Tingke Ge, Fei Zhao
  • Patent number: 10372516
    Abstract: A method and system for processing a message of a messaging system. The messaging system includes a messaging engine and a set of messages. A messaging endpoint of each message of the set of messages is associated with a respective container configured to run an associated application. In response to a first message being published to a messaging endpoint of the first message, the container associated with the messaging endpoint of the first message is used to process the message.
    Type: Grant
    Filed: July 25, 2017
    Date of Patent: August 6, 2019
    Assignee: International Business Machines Corporation
    Inventors: Chris R. Bean, Matthew R. Whitehead
  • Patent number: 10366241
    Abstract: Systems and methods for receiving a request to analyze trust of a client system and perform actions based on a client trust profile. A trust rating server device receives a request from a client computing device to analyze the trust on the device. The request identifies at least one credential or certificate installed on the device for example. The credential or certificate is obtained and analyzed to identify key information that relates to trust, such as level of encryption, country or entity of origin, duration of credential, certifying authority, etc. A rating is established using the key information and compared to a profile or other metric. One or more credentials or certifications may be blocked, disabled, enabled or removed based on a user's profile. Trust credentials are continuously monitored on the device for changes, and new credentials are blocked that do not meet thresholds established in the user's profile.
    Type: Grant
    Filed: March 30, 2017
    Date of Patent: July 30, 2019
    Assignee: The Privacy Factor, LLC
    Inventor: Mark A. Sartor
  • Patent number: 10361927
    Abstract: It is determined whether a user is authorized to carry out a management operation on a plurality of information technology assets in parallel, based on a role of the user and at least one characteristic of the management operation. A risk level of the management operation, and at least one characteristic of the plurality of information technology assets, are both determined. Based on the risk level and the at least one characteristic of the plurality of information technology assets, an execution pattern for the management operation is specified. In at least some cases, the management operation is carried out on the plurality of information technology assets in parallel, in accordance with the execution pattern.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: July 23, 2019
    Assignee: International Business Machines Corporation
    Inventors: Constantin M. Adam, Shang Q. Guo, Rajeev Puri, Yaoping Ruan, Cashchakanith Venugopal, Frederick Y. Wu, Sai Zeng
  • Patent number: 10356120
    Abstract: Disclosed are techniques for use in assessing the risk of electronic communications using logon types. In one embodiment, the techniques comprise a method. The method comprises receiving an electronic communication relating to a login request involving a user and a provider of a computerized resource. The method comprises determining a logon type associated with the logon request. The method comprises determining a first value relating to an amount of logon requests associated with the logon type involving the user and the provider over a first time period and a second value relating to an amount of logon requests associated with the logon type involving the user and the provider over a second time period that is greater than the first time period. The method comprises generating a risk score describing the risk associated with the logon request based on the first and the second values.
    Type: Grant
    Filed: April 28, 2017
    Date of Patent: July 16, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Kineret Raviv, Uri Fleyder, Marcelo Blatt, Ofri Mann, Richard Chiles
  • Patent number: 10348756
    Abstract: A system and method for assessing vulnerability of a mobile device including at a remote analysis cloud service, receiving at least one vulnerability assessment request that includes an object identifier for an operative object of a mobile computing device, wherein the vulnerability assessment request originates from the mobile computing device; identifying a vulnerability assessment associated with the identifier of the operative object; and communicating the identified vulnerability assessment to the mobile computing device.
    Type: Grant
    Filed: September 8, 2016
    Date of Patent: July 9, 2019
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Dug Song, Adam Goodman
  • Patent number: 10320843
    Abstract: In some embodiments, systems, methods, and devices disclosed herein enable trusted sharing of private data and/or transactions via a distributed ledger, while maintaining data consistency properties. Some embodiments provide and utilize one or more independent and/or dependent channels. In particular, in some embodiments, one or more independent and/or dependent channels can exist on a single distributed ledger, wherein participants or nodes that are members of a particular channel can view and access the information in a given network transaction. To other participants or nodes not on the particular channel, however, only an encrypted or redacted version of the information can be viewable, thereby not disclosing the transaction information to such participants or nodes. In some embodiments, consistency properties may be preserved even in the presence of selective sharing of transaction information with proofs of validity.
    Type: Grant
    Filed: December 7, 2018
    Date of Patent: June 11, 2019
    Assignee: SYMBIONT.IO, INC.
    Inventors: Lukasz Dobrek, Adam Krellenstein, Pankaj Surana, Aaron Todd, Yiqun Yin
  • Patent number: 10270588
    Abstract: Provided are a method and a system for an additive homomorphic encryption scheme with operation error detection functionality. A plaintext is obtained by decrypting a ciphertext encrypted based on a homomorphic encryption technique and subjected to an operation and lower setting bits corresponding to additional secret information included in a final private-key are extracted as plaintext information from the acquired plaintext. An operation error check is performed on the remaining bits other than the lower setting bits in the acquired plaintext.
    Type: Grant
    Filed: May 5, 2016
    Date of Patent: April 23, 2019
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Taek-Young Youn, Nam-Su Jho, Ku Young Chang
  • Patent number: 10270798
    Abstract: A method for assessing effectiveness of one or more cybersecurity technologies in a computer network includes testing each of two or more component stages of an attack model at a first computer network element twice. A first one of the tests is conducted with a first one of the cybersecurity technologies operable to protect the first computer network element, and a second one of the tests is conducted with the first cybersecurity technology not operable to protect the first computer network element. For each one of the twice-tested component stages, comparing results from the first test and the second test, wherein the comparison yields or leads to information helpful in assessing effectiveness of the first cybersecurity technology on each respective one of the twice-tested component stages at the computer network element.
    Type: Grant
    Filed: October 6, 2016
    Date of Patent: April 23, 2019
    Assignee: SIEGE TECHNOLOGIES LLC
    Inventors: Kara Zaffarano, Joshua Taylor, Samuel Hamilton
  • Patent number: 10255371
    Abstract: Systems and methods are disclosed for clustering multiple devices that are associated with particular users by utilizing both probabilistic and deterministic data derived from analytics information on the users. An analytics computing system generates at least one deterministic device cluster that groups a first set of devices associated with a first user. The first set of devices share deterministic user identifiers specific to the first user. The analytics computing system also identifies a probabilistic link between a device in the first set of devices and additional devices. The probabilistic link indicates common usage patterns between two devices. Based on the probabilistic link, the analytics computing system generates a data structure that includes the deterministic device cluster and the additional devices.
    Type: Grant
    Filed: September 19, 2016
    Date of Patent: April 9, 2019
    Assignee: Adobe Systems Incorporated
    Inventors: Karthik Raman, Nedim Lipka, Matvey Kapilevich
  • Patent number: 10237057
    Abstract: A method for controlling the exchange of private data, associated with a client device, between an application in execution on or for the device and a serving node in a data network, comprising transmitting a request to the serving node from the application for access to a service requiring use of the private data, receiving challenge data at the application from the serving node, requesting authorization for the use of the private data using a secure user interface of the client device to a trusted information manager on the basis of the challenge data, transmitting an obfuscated version of the private data for use with the service from the trusted information manager to the application on the basis of the authorization.
    Type: Grant
    Filed: August 18, 2014
    Date of Patent: March 19, 2019
    Assignee: Alcatel Lucent
    Inventors: Tommaso Cucinotta, Stephane Betge-Brezetz
  • Patent number: 10230727
    Abstract: Method for authenticating a user, comprising the steps of a)providing a central server (101), in communication with at least one authentication service provider (110, 120, 130), arranged to authenticate users via a respective authentication web interface, and at least one user service provider (150), arranged to provide user services to users via a respective user service web interface; b) providing, for a particular user and using a web browser in an electronic device (170, 180), access to the authentication web interface, and upon an authentication of the user, the central server placing a cookie on the electronic device identifying the authentication service provider; c) providing, for the user and using the same web browser executed from the same electronic device, access to the user service web interface, and as a result providing the said cookie to the central server; d) identifying, based upon the said cookie, the authentication service provider; e) redirecting the web browser to the authentication ser
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: March 12, 2019
    Assignee: IDENTITRADE AB
    Inventor: Philip Hallenborg
  • Patent number: 10225235
    Abstract: A firewall system determines whether a protocol used by an incoming data packet is a standard protocol compliant with Request For Comment (RFC) standards. In the event the protocol is RFC compliant, the firewall transmits the packet to the recipient according to firewall policies regarding the standard protocol. If the protocol is not that of an RFC standard, the firewall determines whether the protocol matches an RFC-exception protocol in a RFC-exception protocol database. If the protocol does match an RFC-exception, the firewall may transmit the packet to the recipient according to firewall policies regarding the RFC-exception protocol. If it does not match an RFC-exception, the firewall may transmit the packet or protocol to a support system where it may be quarantined until it is approved based on a decision that the protocol is safe and/or widely adopted.
    Type: Grant
    Filed: December 4, 2017
    Date of Patent: March 5, 2019
    Assignee: SONICWALL INC.
    Inventor: Hugo Vazquez Carames
  • Patent number: 10200438
    Abstract: Measuring a quality of service in an Internet protocol network includes forming no more than one echo request packet in an originating device; transmitting the echo request packet to a destination device; swapping the source and destination addresses in the received echo request packet to form an echo reply packet without allocating memory for a new packet; receiving at the originating system the echo request packet repurposed as the echo reply packet; comparing a DSCP value in the echo request packet to a DSCP value in the echo reply packet; and when the DSCP values from the two packets are the same, asserting a prediction that the network will deliver a preferred quality of service for a streaming message service.
    Type: Grant
    Filed: January 17, 2017
    Date of Patent: February 5, 2019
    Assignee: PathSolutions, Inc.
    Inventor: Timothy G. Titus
  • Patent number: 10193862
    Abstract: A computer system provides a method for identifying firewall rules to apply to a virtual machine based on detecting initiation of a new network connection from the virtual machine. An example method generally includes detecting initiation of communications on a network port by a virtual machine, identifying one or more applications executing on the virtual machine that initiated communications on the network port, identifying one or more firewall rules to apply to the virtual machine based, at least in part, on the identification of the one or more applications, determining a deviation between firewall rules applied to the virtual machine and the identified one or more firewall rules, and upon determining that a deviation exists between the firewall rules applied to the virtual machine and the identified one or more firewall rules, applying one or more rules corresponding to the determined deviation to the virtual machine.
    Type: Grant
    Filed: November 29, 2016
    Date of Patent: January 29, 2019
    Assignee: VMware, Inc.
    Inventors: Jayant Jain, Anirban Sengupta, Alok Tiagi, Jingmin Zhou, Russell Lu
  • Patent number: 10180985
    Abstract: Methods, computer-readable media and apparatuses for automatically redirecting a search are disclosed. A processor receives a search term, connects to a search server hosting a search site that displays a plurality of sites in response to the search term, receives a selection of a site from the plurality of sites, provides an option to associate the site with the search term and receives a confirmation to associate the site with the search term, where the search term automatically redirects a connection to a server hosting the site and by-passing a connection to the search server hosting the search site when the search term is received at a later time.
    Type: Grant
    Filed: February 19, 2015
    Date of Patent: January 15, 2019
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Robert King, Sharon E. Carter
  • Patent number: 10182121
    Abstract: A method, computer system, and a computer program product for detecting a session status based on a cookie associated with the session is provided. The present invention may include receiving an access request to a specified location associated with a server computer. The present invention may also include determining that the received access request has the cookie corresponding with the specified location. The present invention may also include receiving a last refresh time from the cookie. The present invention may then include determining the session status based on the retrieved last refresh time, a current request time, a refresh interval, and an overdue value.
    Type: Grant
    Filed: December 31, 2017
    Date of Patent: January 15, 2019
    Assignee: International Business Machines Corporation
    Inventors: William J. Carpenter, Hai Ji, Zi Jian Ji, Yuan Yuan Li, Wen Bo Ma, Jia Mi
  • Patent number: 10171441
    Abstract: Embodiments can provide a computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for transforming a Channel ID communication, the method comprising: generating, by a SSL/TLS inspector, a secret; receiving, from a client, a Channel ID communication comprising a public key value; deriving, by the SSL/TLS inspector, a random seed value for a private key using the secret and the public key value of the Channel ID communication; generating, by the SSL/TLS inspector, a new private key based upon the random seed value; deriving, by the SSL/TLS inspector, a new public key based upon the new private key; generating, by the SSL/TLS inspector, a transformed Channel ID communication based upon the new private key and the new public key; and forwarding, by the SSL/TLS inspector, the transformed Channel ID communication to a server.
    Type: Grant
    Filed: September 28, 2016
    Date of Patent: January 1, 2019
    Assignee: International Business Machines Corporation
    Inventors: Wei-Hsiang Hsiung, Cheng-Ta Lee, Wei-Shiau Suen, Ming-Hsun Wu
  • Patent number: 10142111
    Abstract: A client establishes an cryptographically protected communications session and determines information usable to distinguish the session from other sessions. The client digitally signs the information using a cryptographic key that is independent of the session to enable a server to check whether the information matches the session that it established and whether the digital signature is correct. The server may perform mitigating operations if either or both of the information or the digital signature is/are invalid.
    Type: Grant
    Filed: October 2, 2017
    Date of Patent: November 27, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Bradley Jeffery Behm, Gregory Branchek Roth, Gregory Alan Rubin
  • Patent number: 10129282
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.
    Type: Grant
    Filed: December 30, 2016
    Date of Patent: November 13, 2018
    Assignee: Palantir Technologies Inc.
    Inventors: Samuel Jones, Timothy Yousaf, Drew Dennison, Vivek Lakshmanan, Joseph Staehle, Samuel Kremin, Maxim Kesin, Taylor Heroux
  • Patent number: 10129279
    Abstract: Techniques for detecting application program spoofing. The techniques include: receiving a communication from an application program executing on a client device different from the at least one computer; identifying from the communication an asserted identity of the application program; and verifying the asserted identity of the application program at least in part by: interacting with the client device to obtain additional information about the application program, and determining whether the additional information about the application program is consistent with the asserted identity of the application program.
    Type: Grant
    Filed: September 4, 2016
    Date of Patent: November 13, 2018
    Assignee: Mastercard Technologies Canada ULC
    Inventors: Christopher Everett Bailey, Randy Lukashuk, Gary Wayne Richardson
  • Patent number: 10114958
    Abstract: A data processing machine is configured to include one or more buried memory zones that are not intelligibly accessible to user software and to operating system software or hypervisor software within the data processing machine. At least one of hardware and firmware are configured to intelligibly access at least one of the buried memory zones so as to store therein, metadata defining one or more extents of a respective one or more protected regions (PR's) that are constituted in other memory areas of the data processing machine. The stored metadata defines constraints for the corresponding PR's including at least one of corresponding operational constraints and/or operational requirements that respectively constrain the operations performed by or on the data of the PR's.
    Type: Grant
    Filed: April 18, 2016
    Date of Patent: October 30, 2018
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventor: John V Sell
  • Patent number: 10063579
    Abstract: Techniques for fraud detection based on user behavior that monitor and analyze user interactions with an application executing on an end user device. The techniques include monitoring behavior of an end user device user by tracking user interactions with the application executing on the end user device, and generating event records describing the user interactions and the times at which they occurred. The event records are sent to an analytics engine that uses the event records to perform a fraud detection operation by comparing the user interactions described in the event records to an expected pattern of user interactions with the application, and detecting anomalous user behavior indicative of fraud in response to the user interactions described in the event records not matching the expected pattern of user interactions with the application.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: August 28, 2018
    Assignee: EMC IP Holding Company LLC
    Inventor: Salah Machani
  • Patent number: 10063418
    Abstract: A method for providing a dormant state for content management servers. Client devices are allowed to conduct transactions with servers when the servers are active. However, in a dormant state, the servers are not allowed to accept new transactions. Thus, by utilizing the dormant state, software upgrades can be made to one server at a time. Alternatively, all servers can be taken down for major upgrades, with the servers still operated in a read-only mode based on a file image from a point in time just prior to the shutdown. When the upgrade is completed, the servers can be returned to the active state.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: August 28, 2018
    Assignee: Open Text Corporation
    Inventors: Shu-Shang Sam Wei, Shreyas Satyanand Kaushik, Edward C. Bueche
  • Patent number: 10045212
    Abstract: A method, non-transitory computer readable medium and apparatus for securing user input and/or output on a mobile endpoint device. For example, the method receives an input on the mobile endpoint device, encrypts and authenticates the input in a trusted domain of the mobile endpoint device executing an application and sends the input that is encrypted and authenticated to an untrusted domain of the mobile endpoint device over a secure channel.
    Type: Grant
    Filed: December 12, 2016
    Date of Patent: August 7, 2018
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Jeffrey E. Bickford, Mikhail Istomin, Evgene Vahlis
  • Patent number: 10033729
    Abstract: Techniques are disclosed for authenticating a user. One technique includes receiving a passphrase at a server. The technique further includes parsing the passphrase using one or more parsing requests to create one or more parsings. The technique includes storing the one or more parsings on the server. The technique also includes receiving, at the server, a request from a user to authenticate the user. Finally, the technique includes transmitting a first parsing request to authenticate the user.
    Type: Grant
    Filed: April 14, 2016
    Date of Patent: July 24, 2018
    Assignee: International Business Machines Corporation
    Inventors: John B. Beauvais, Michael J. Turek
  • Patent number: 10033712
    Abstract: A processing system periodically configures a beacon code and random nonce to transmit to a beacon device at a location. Multiple users enter the location with associated user computing devices. The user computing devices retransmit the beacon code broadcasted by the beacon device to the processing system. A particular user initiates a transaction at a computing device at the location, which transmits to the processing system a request for account data and retransmits the beacon code and a random nonce. The processing system verifies the beacon code and random nonce and transmits, to the computing device at the location, user account identifiers associated with user computing devices that retransmitted the beacon code. The processing system receives a selection of the user identifier from the merchant point of sale device and transmits account information to the computing device at the location.
    Type: Grant
    Filed: December 9, 2015
    Date of Patent: July 24, 2018
    Assignee: GOOGLE LLC
    Inventors: Sashikanth Chandrasekaran, Sheldon Israel Walfish, Yilei Wang, Zhihong Xu
  • Patent number: 10021063
    Abstract: A method includes generating an obfuscation of a notification and transmitting the obfuscation to an end-user device via an unsecure notification infrastructure. The method also includes, in response to a request from the end-user device, transmitting the notification to the end-user device via a secure connection. The request from the end-user device can also be received via the secure connection. The method could also include receiving information associated with an event and storing at least one of the notification and the information in association with the obfuscation, where the notification contains the information. The event could denote an event associated with an industrial process control and automation system. The obfuscation could include a unique identifier associated with the notification or a summary of the notification.
    Type: Grant
    Filed: September 23, 2015
    Date of Patent: July 10, 2018
    Assignee: Honeywell International Inc.
    Inventor: Andrew Duca
  • Patent number: 10009171
    Abstract: Innovations in the construction and use of variable-input-length tweakable ciphers (“VILTCs”). In some cases, a VILTC uses an initialization vector that is protected from exposure outside an encryption/decryption system in order to provide enhanced security with efficient performance. For example, a system for encryption and/or decryption includes two fixed-input-length tweakable block ciphers (“FIL TBCs”) and a VILTC. The first FIL TBC is adapted to produce a fixed-length initialization vector. The VILTC is adapted to produce a variable-length output string using the fixed-length initialization vector as a tweak. The second FIL TBC is adapted to produce a fixed-length output string. In this way, the first FIL TBC and the second FIL TBC protect the fixed-length initialization vector from exposure outside the system. In other cases, a VILTC is used for a reliable and efficient implementation of authenticated encryption/decryption with associated data.
    Type: Grant
    Filed: December 28, 2016
    Date of Patent: June 26, 2018
    Assignee: Portland State University
    Inventors: Thomas E. Shrimpton, Robert S. Terashima
  • Patent number: 9973500
    Abstract: A mechanism for consolidating communications between a computer tenant and a web services layer is provided. The mechanism may include a web services layer. The web services layer may be configured to receive communications, via an authentication validation module, from an authentication service. The authentication service may be in communication with the computer tenant and/or the web services layer. The web services layer may be configured to receive authorization data, via an authorization module, from an authorization data store. The web services layer may also receive and transmit logged calls from a log database. The logged calls may store calls from the computer tenant to the web services layer and calls from the web services layer to the authentication server. The computer tenant may initiate communication with the web services layer. Included in the communications may be a token.
    Type: Grant
    Filed: April 18, 2016
    Date of Patent: May 15, 2018
    Assignee: Bank of America Corporation
    Inventors: Savitri Podal, Sandhya Vanapalli, Glenda Aranas
  • Patent number: 9940149
    Abstract: Certain aspect of the present disclosure relates to a virtual machine (VM) control system, which includes a VM controller. For a plurality of employees, the VM controller registers each employee by assigning an employee ID, and stores registration information in an attendance database. The VM controller also associates one or more VMs to each employee, and stores VM association information between the VMs and the employees in an employee ID database. The VM controller transmits polling inquiries periodically to the attendance database to retrieve employee presence events of the employees. For each employee, the employee presence events include an ingress event and an egress event. When the ingress event is detected and the associated VM is off, the VM controller launches the associated VM. When the egress event is detected and the associated VM is on, the VM controller shuts down the associated VM.
    Type: Grant
    Filed: November 18, 2014
    Date of Patent: April 10, 2018
    Assignee: AMERICAN MEGATRENDS, INC.
    Inventors: Santhosh Samuel Mathews, Sudhakar Errappa Parthasarathy