Packet Header Designating Cryptographically Protected Data Patents (Class 713/160)
  • Patent number: 10635829
    Abstract: Artificial intelligence, big data, and crowd sourcing techniques are utilized to efficiently and effectively determine permissions that should be granted to a party within an organization. In one example, the permissions granted to a party within an organization are determined using one or more algorithms to identify, weight, and correlate historical and current permissions to party attributes for parties within the organization and/or for similar parties in similar organizations. In one example, the activity of the party within the organization is then monitored and the permissions granted the party are automatically modified as needed to allow the party to perform their tasks in the organization as the party's responsibilities within the organization evolve.
    Type: Grant
    Filed: November 28, 2017
    Date of Patent: April 28, 2020
    Assignee: Intuit Inc.
    Inventors: Xiaoyan Cindy Barker, Yi Zhang, Shankar A. Chittoor
  • Patent number: 10622071
    Abstract: Examples disclosed herein relate, in one aspect, to a method for searching an array of content addressable memory (CAM) devices, where each device stores a plurality of entries. The method may obtain a search key from a processor, search a first set of CAM devices in the array to determine whether the first set of CAM devices include a matching entry corresponding to the search key; upon a determination that the first set of CAM devices does not include the matching entry, search a second set of CAM devices in the array to determine whether the second set of CAM devices include the matching entry; and upon a determination that the first set of CAM devices include the matching entry, output an address of the matching entry, without searching the second set of CAM devices.
    Type: Grant
    Filed: September 4, 2015
    Date of Patent: April 14, 2020
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: John A. Wickeraad
  • Patent number: 10601809
    Abstract: Provided is a system and method for providing a certificate by way of a Browser Extension. More specifically, provided is a Server System having at least one processor adapted to provide web pages to Browsers of user devices, the Server System further adapted to include at least one pattern and at least one identifier in at least one web page provided to a user device, the Server System further structured and arranged to receive from a Browser extension upon a user's device that has recognized the pattern and extracted the identifier a certificate request (CSR) and the extracted identifier, and upon verification of the identifier and the CSR, generating a certificate based at least in part on the CSR and returning the certificate to the Browser extension for installation upon the user device. An associated method is also provided.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: March 24, 2020
    Assignee: ARRIS Enterprises LLC
    Inventor: Kevin Lee Koster
  • Patent number: 10554622
    Abstract: A system is provided to deliver an application, hosted by a private application provider system, over a network to a user device, comprising: an application delivery system that includes a first network interface, a network security interface and a second network interface; wherein the network security interface is configured to determine whether a user or device request for access to an application is valid, and in response to determining that the user or device request for access to the first application is valid, to send the user or device request to the application agent.
    Type: Grant
    Filed: January 28, 2019
    Date of Patent: February 4, 2020
    Assignee: Akamai Technologies, Inc.
    Inventors: Haseeb Siddique Budhani, Seetharama Sarma Ayyadevara, Hanumantharao Kavuluru
  • Patent number: 10545884
    Abstract: Data security access and management may require a server dedicated to monitoring document access requests and enforcing rules and policies to limit access to those who are not specifically identified as having access to the data. One example of operation may include selecting data to access via a user device, identifying a user profile associated with the user device, retrieving at least one user policy associated with the user profile, determining whether the user policy permits the user device to access the data, matching the user policy to a data policy associated with the data, receiving an encryption key at the user device, applying the encryption key to the data, and unwrapping the data from a wrapped data format to access the data.
    Type: Grant
    Filed: October 2, 2018
    Date of Patent: January 28, 2020
    Assignee: VERA
    Inventors: Prakash Linga, Ajay Arora, Vladimir Buzuev, Maurice C. Evans, Justin Sisley
  • Patent number: 10531382
    Abstract: A wireless device having processor circuitry; and a hardware circuit configured to implement, during an active steady-state of a Medium Access Control/Link Layer (MAC/LL) with scheduled channel access, a MAC/LL function without processor circuitry intervention, wherein the steady-state is a state that is control packet transmission free for managed connections in connection oriented communications or a continuous broadcast or scan operation in connectionless communications.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: January 7, 2020
    Assignee: Intel Corporation
    Inventors: David Arditti Ilitzky, Jorge Hermosillo, Jorge Carballido Gamio, Arturo Veloz, Venkatesh Rajendran, Jorge Romero Aragon, Carlos A. Flores Fajardo, Rodrigo Varela Leos, Bernard Deadman
  • Patent number: 10523648
    Abstract: A user authentication technique that allows a user to access a protected resource such as an account on a web site or secure files on a computing device such as a smartphone, personal computer, tablet computer, and the like, employs a shared secret that employs a state machine to sequentially transition between a series of states during which the user is requested to enter predefined information that is also a part of the shared secret. That is, the shared secret includes user-specific data that must be provided and the particular sequence or manner in which the user-specific data or credentials are to be provided. The authentication technique may supplement the user of conventional one or two factor authentication techniques requiring, e.g., a password or both a username and password, which are commonly used to gain access to a resource.
    Type: Grant
    Filed: April 3, 2017
    Date of Patent: December 31, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: David Michael Callaghan
  • Patent number: 10516998
    Abstract: In some examples, a method includes assigning, with an Access Point (AP) in a wireless network, a value for an Authentication Control Threshold (ACT) field in an advertisement packet that allows devices having a predetermined access control role to immediately attempt to associate with the AP. The method can further include transmitting, with the AP, the advertisement packet including the value for the ACT field for devices having the predetermined access control role.
    Type: Grant
    Filed: March 15, 2017
    Date of Patent: December 24, 2019
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: Akram Sheriff Ismail
  • Patent number: 10505921
    Abstract: Aspects of the subject disclosure may include, for example, a method comprising transmitting, by a controller comprising a processor, a request to a server to enable initiation of a virtual private network session on behalf of devices other than the controller. The controller transmits authentication information to enable the server to validate the request, and receives a first list of computing devices. The controller transmits a first selection of a target device from the first list to cause the server to initiate the virtual private network session between the target device and a service node providing services to the target device via the virtual private network session. The controller receives a second list of applications executable on each of the computing devices, and transmits to the server a second selection of an application from the second list that is executable by the target device. Other embodiments are disclosed.
    Type: Grant
    Filed: February 12, 2019
    Date of Patent: December 10, 2019
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: Luis Francisco Albisu
  • Patent number: 10489599
    Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: November 26, 2019
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Amit Agarwal, Srikant Krishnapuram Tirumalai, Krishnakumar Sriramadhesikan
  • Patent number: 10484402
    Abstract: A computer implemented method to identify one or more parameters of a configuration of a target virtual machine (VM) in a virtualized computing environment used in a security attack against the target VM, the security attack exhibiting a particular attack characteristic, is disclosed.
    Type: Grant
    Filed: August 15, 2017
    Date of Patent: November 19, 2019
    Assignee: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
    Inventors: Fadi El-Moussa, Ian Herwono
  • Patent number: 10482245
    Abstract: A computer implemented method to determine a configuration of a target virtual machine (VM) in a virtualized computing environment to protect against a security attack exhibiting a particular attack characteristic.
    Type: Grant
    Filed: August 15, 2017
    Date of Patent: November 19, 2019
    Assignee: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
    Inventors: Fadi El-Moussa, Ian Herwono
  • Patent number: 10454678
    Abstract: A computing device includes an interface configured to interface and communicate with a dispersed storage network (DSN), a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory. The processing circuitry is configured to execute the operational instructions to perform various operations and functions. The computing device receives (e.g., via the DSN and from a first other computing device) a storage request that is based on data object. The computing device extracts a remote address (associated with the first other computing device) from the storage request. The computing device processes the storage request to determine whether any principals are associated with the storage request, wherein the principals include DSN system entities.
    Type: Grant
    Filed: April 13, 2018
    Date of Patent: October 22, 2019
    Assignee: PURE STORAGE, INC.
    Inventors: Jason K. Resch, Wesley B. Leggette
  • Patent number: 10404670
    Abstract: A distributed computing environment utilizes a cryptography service. The cryptography service manages keys securely on behalf of one or more entities. The cryptography service is configured to receive and respond to requests to perform cryptographic operations, such as encryption and decryption. The requests may originate from entities using the distributed computing environment and/or subsystems of the distributed computing environment.
    Type: Grant
    Filed: January 19, 2017
    Date of Patent: September 3, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Matthew James Wren, Eric Jason Brandwine, Brian Irl Pratt
  • Patent number: 10404468
    Abstract: Technologies for counter with CBC-MAC (CCM) mode encryption include a computing device that performs a CBC-MAC authentication operation on a message with an encryption key, using a 64-bit block cipher to generate a message authentication code. The computing device generates a first 64-bit authentication block including an 8-bit flag field and a length field of between 11 and 32 bits. The flag field indicates the length of the length field. Performing the CBC-MAC authentication operation includes formatting the message into one or more 64-bit authentication blocks. The computing device performs a counter mode encryption operation on the message with the encryption key using the 64-bit block cipher to generate a cipher text. Performing the counter mode encryption includes generating multiple 64-bit keystream blocks. The computing device generates an authentication tag based on the message authentication code and a first keystream block of keystream blocks. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 15, 2016
    Date of Patent: September 3, 2019
    Assignee: Intel Corporation
    Inventors: Santosh Ghosh, Manoj R. Sastry, Jesse Walker, Li Zhao, Rafael Misoczki
  • Patent number: 10387665
    Abstract: Data security access and management may require a server dedicated to monitoring document access requests and enforcing rules and policies to limit access to those who are not specifically identified as having access to the data. One example of operation may include selecting data to access via a user device, applying at least one policy to the data that limits access to the data to user profiles assigned privileges to the policy, encrypting the data, generating metadata indicating the policy and pairing the metadata with the data, and storing the data and the metadata in a policy server.
    Type: Grant
    Filed: November 12, 2015
    Date of Patent: August 20, 2019
    Assignee: Vera
    Inventors: Prakash Linga, Ajay Arora, Vladimir Buzuev, Maurice C. Evans, Justin Sisley, Nicolas Vautier
  • Patent number: 10380353
    Abstract: Methods for enhancing the security of content in a records management system. A document is received to be stored as a record in the records management system. A unique combination of an encryption key and encryption parameters is selected for the document. The encryption key and encryption parameters are stored on a server that is different from a server upon which the document is to be stored in the records management system. The document is encrypted using the selected unique combination of encryption key and encryption parameters. The encrypted document is stored in the records management system.
    Type: Grant
    Filed: December 3, 2014
    Date of Patent: August 13, 2019
    Assignee: International Business Machines Corporation
    Inventors: Kenytt D. Avery, Jean-Marc Costecalde, David B. Harnick-Shapiro
  • Patent number: 10380352
    Abstract: Methods and apparatus, including computer program products, implementing and using techniques for enhancing the security of content in a records management system. A document is received to be stored as a record in the records management system. A unique combination of an encryption key and encryption parameters is selected for the document. The encryption key and encryption parameters are stored on a server that is different from a server upon which the document is to be stored in the records management system. The document is encrypted using the selected unique combination of encryption key and encryption parameters. The encrypted document is stored in the records management system.
    Type: Grant
    Filed: February 4, 2014
    Date of Patent: August 13, 2019
    Assignee: International Business Machines Corporation
    Inventors: Kenytt D. Avery, Jean-Marc Costecalde, David B. Harnick-Shapiro
  • Patent number: 10375036
    Abstract: Disclosed is a content management system comprising: a server; a content database, configured within the server, within which are stored one or more channels, each channel comprising one or more stories, each story comprising a title and one or more files; and one or more user devices connected to the network, each user device being associated with a user, each user device being configured to allow the associated user to view one or more stories from a channel to which the associated user has viewing rights. The title of each story and the names of the files contained in the story are stored obfuscated in the content database, and the files are stored encrypted in the content database.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: August 6, 2019
    Assignee: BigTinCan Holdings Limited
    Inventor: David Malcolm Keane
  • Patent number: 10356830
    Abstract: A method is provided in one example embodiment and may include sharing an access key from a control-plane serving gateway (SGW-C) to a plurality of user-plane serving gateways (SGW-Us); allocating a plurality of Fully Qualified Tunnel Endpoint Identifiers (FQTEIDs) associated with a user equipment (UE) session; generating an access token for the UE session based, at least in part, on the access key and the plurality of FQTEIDs; and appending the access token to user-plane packets for the UE session. The method can further include receiving a data packet for the UE session by a particular SGW-U, wherein the uplink packet is appended with the access token for the UE session; determining FQTEIDs associated with the UAT; and routing the uplink packet from the particular SGW-U based on the FQTEIDs.
    Type: Grant
    Filed: January 17, 2017
    Date of Patent: July 16, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Paras Mal Jain, Girish Sivasubramanian, Yogesh Devidas Patil
  • Patent number: 10348693
    Abstract: A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a gamut of trust ranging with guarantees such as, but not limited to, confidentiality, privacy, anonymity, tamper detection, integrity, etc. For instance, XML tags can be applied or augmented to create trust envelopes for structured XML data. Some examples of mathematical transformations or ‘decorations’ that can be applied to the XML data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof(s) of Application, blind fingerprints, Proof(s) of Retrievability, etc.
    Type: Grant
    Filed: July 8, 2010
    Date of Patent: July 9, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Rahul V. Auradkar, Roy Peter D'Souza, Darrell J. Cannon, Venkatesh Krishnan
  • Patent number: 10348700
    Abstract: A method may include, based on a set of capabilities, requesting access to data, metadata or both protected by a composite wrapper comprising a first wrapper and a second wrapper. The wrappers are each defined by different mathematical transformations performed by a component separate from the computing device. Based on an access privilege for the data, the metadata or both determined from the set of capabilities, visibility may be granted through at least one of the first or second wrapper based on independent evaluations of the first and second wrappers relative to the access privilege.
    Type: Grant
    Filed: December 29, 2016
    Date of Patent: July 9, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Rahul V. Auradkar, Roy Peter D'Souza
  • Patent number: 10333970
    Abstract: A method and technique for protecting against denial of service attacks includes maintaining a window over a sequence number space that includes sequence numbers that are sequentially assigned to challenge messages where the window has a leading edge and a trailing edge. Responsive to receiving a request from a client, the leading edge of the window is advanced and a leading edge sequence number is selected as a challenge sequence number. A challenge message including the challenge sequence number is sent to a client. Responsive to receiving a response message from the client, it is verified that a challenge sequence number included with the response message is within the window and does not correspond to a marked sequence number within the window.
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: June 25, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Clark Debs Jeffries, Mohammad Peyravian
  • Patent number: 10298601
    Abstract: A network address includes a predefined portion that identifies a hostname, where the predefined portion is less than all of the network address. A request is received for a secure session at the network address. The hostname is identified from the predefined portion of the network address and a secure session negotiation is made including returning a digital certificate for the identified hostname.
    Type: Grant
    Filed: February 27, 2017
    Date of Patent: May 21, 2019
    Assignee: CLOUDFLARE, INC.
    Inventor: John Graham-Cumming
  • Patent number: 10298386
    Abstract: An unencrypted media access control layer (MAC) protocol data unit (MPDU) having a header is received at a wireless network interface device. The header includes a sequence number. The wireless network interface device uses the sequence number to encrypt data in the unencrypted MPDU to generate an encrypted MPDU, and transmits the encrypted MPDU.
    Type: Grant
    Filed: July 5, 2016
    Date of Patent: May 21, 2019
    Assignee: Marvell International Ltd.
    Inventors: Paul A. Lambert, Yong Liu, Raja Banerjea, Harish Ramamurthy
  • Patent number: 10296364
    Abstract: An access data collector collects access assignment data characterizing active access assignment operations of a hypervisor in assigning host computing resources among virtual machines for use in execution of the virtual machines. Then, a capacity risk indicator calculator calculates a capacity risk indicator characterizing a capacity risk of the host computing resources with respect to meeting a prospective capacity demand of the virtual machines, based on the access assignment data.
    Type: Grant
    Filed: October 26, 2016
    Date of Patent: May 21, 2019
    Assignee: BMC Software, Inc.
    Inventors: Jeyashree Sivasubramanian, Sudheer Apte
  • Patent number: 10270809
    Abstract: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. A network-as-a-service customer operates endpoints that are desired to be connected to one another securely and privately using the overlay IP (OIP) routing mechanism. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport.
    Type: Grant
    Filed: December 2, 2014
    Date of Patent: April 23, 2019
    Assignee: Akamai Technologies, Inc.
    Inventors: Brandon O. Williams, Martin K. Lohner, Kevin Harmon, Jeffrey Bower
  • Patent number: 10255157
    Abstract: Aspects of the disclosure relate to providing type safe secure logging. A computing platform may receive application code comprising one or more calls to one or more logging methods. Subsequently, the computing platform may compile the application code comprising the one or more calls to the one or more logging methods to produce a compiled software application. During the compiling of the application code comprising the one or more calls to the one or more logging methods, the computing platform may enforce one or more type-based secure logging rules on the application code comprising the one or more calls to the one or more logging methods. Thereafter, the computing platform may store the compiled software application. In some embodiments, enforcing the one or more type-based secure logging rules may include allowing logging of one or more predetermined classes of objects.
    Type: Grant
    Filed: July 14, 2017
    Date of Patent: April 9, 2019
    Assignee: Citrix Systems, Inc.
    Inventors: Thomas M. Kludy, Thomas Hammond
  • Patent number: 10230702
    Abstract: An example method performed by one or more processing devices includes: generating encrypted content at a sender device using one or more first keys that are available from a key provider; and outputting the encrypted content to a recipient device over one or more channels; where the key provider enables access, following authorization, by the recipient device to one or more second keys for decrypting the encrypted content; and where an entity that enables the channel is unaffiliated with the key provider.
    Type: Grant
    Filed: August 15, 2016
    Date of Patent: March 12, 2019
    Assignee: BlueRISC, Inc.
    Inventor: Csaba Andras Moritz
  • Patent number: 10218516
    Abstract: The invention relates to a system and method of re-programming memory, and in particular, to wirelessly re-programming software, such as the application code, residing in memory of a trainable transceiver. The wireless re-programming of memory allows for software in the trainable transceiver to be updated or replaced from a remote location, where a direct or wired connection to the product is not otherwise available.
    Type: Grant
    Filed: November 13, 2017
    Date of Patent: February 26, 2019
    Assignee: GENTEX CORPORATION
    Inventors: Chris H. Vuyst, Todd R. Witkowski, Carl L. Shearer, Steven L. Geerlings, Thomas D. Klaver
  • Patent number: 10210338
    Abstract: In a compression processing storage system, using a pool of encryption processing cores, the encryption processing cores are assigned to process either encryption operations, decryption operations, and decryption and encryption operations, that are scheduled for processing. A maximum number of the encryption processing cores are set for processing only the decryption operations, thereby lowering a decryption latency. A minimal number of the encryption processing cores are allocated for processing the encryption operations, thereby increasing encryption latency. The encryption operations, the decryption operations, and the decryption and encryption operations are scheduled between the pool of the plurality of processing cores according to a thread weight value (TWV) that is assigned to each one of the plurality of processing cores having a difference in processing power.
    Type: Grant
    Filed: November 22, 2017
    Date of Patent: February 19, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jonathan Amit, Amir Lidor, Sergey Marenkov, Rostislav Raikhman
  • Patent number: 10206138
    Abstract: Systems and methods are disclosed for assigning a quality of service to a data packet in a communications network by mapping a Wi-Fi access layer identifier such as an SSID to a value in a datagram header, and subsequently using the datagram header to assign an appropriate data bearer for the datagram, the data bearer having a quality of service class identifier appropriate for the type of traffic expected to be sent over the particular Wi-Fi access layer.
    Type: Grant
    Filed: June 20, 2016
    Date of Patent: February 12, 2019
    Assignee: Parallel Wireless, Inc.
    Inventors: Yang Cao, Sumit Garg, Anand Bhaskarwar, Steven Beaudette, Mohit Chugh
  • Patent number: 10193939
    Abstract: Managing Security Parameter Information (SPIs) to prevent race condition failures begins where a system negotiates SPIs along with associated expiration times, and re-negotiates new SPIs as necessary. The system prevents race conditions that would otherwise occur when both an old SPI and a new SPI are active at the same time. The system accomplishes this by managing the storage and deletion of old SPIs such that only active SPIs are stored on the system for use by a User Equipment (UE) or Proxy Call Session Control Function (P-CSCF).
    Type: Grant
    Filed: August 7, 2017
    Date of Patent: January 29, 2019
    Assignee: T-Mobile U.S.A., Inc.
    Inventors: Kalyan Kalepu, Shujaur Mufti
  • Patent number: 10187215
    Abstract: A system and methods are provided for establishing an authenticated and encrypted communication connection between two devices with at most two round-trip communications. During establishment of an initial authenticated, encrypted communication connection (or afterward), a first device (e.g., a server) provides the second device (e.g., a client) with a token (e.g., a challenge) that lives or persists beyond the current connection. After that connection is terminated and the second device initiates a new connection, it uses the token as part of the handshaking process to reduce the necessary round-trip communications to one.
    Type: Grant
    Filed: November 6, 2017
    Date of Patent: January 22, 2019
    Assignee: WhatsApp Inc.
    Inventors: Bryan D O'Connor, Eugene Fooksman
  • Patent number: 10162847
    Abstract: An apparatus, method, system, and computer-readable medium are provided for maintaining contact information associated with a contact. In some embodiments a request associated with a contact may be received. Contact information may be obtained from one or more external or internal sources. One or more confidence scores may be generated for the obtained contact information and for one or more values received with the request. Based on the confidence score(s), one or more values associated with the contact may be incorporated in one or more data stores. In some embodiments, suggestions for contact related information may be generated. Responses to the suggestions may be used to update the generated confidence score(s).
    Type: Grant
    Filed: June 13, 2014
    Date of Patent: December 25, 2018
    Assignee: Comcast Interactive Media, LLC
    Inventors: Peter Lester, Justin Miller, Hendrick Lee, Aseem Sharma, Galen Trevor Gattis, Amber Dixon, Huy Tuan Nguyen, Derek McGowan, John McCrea
  • Patent number: 10154014
    Abstract: One embodiment provides a system for efficiently and securely encrypting, transmitting, and decrypting video data, including selective encryption of image frames. During operation, the system obtains by a content-transmitting device, an image frame which is used to form a video stream. In response to determining that the image frame satisfies a predetermined condition for encryption, the system encrypts the image frame based on an encryption algorithm. The system encapsulates the encrypted image frame based on encapsulation information. The system includes encryption identification information for the image frame in the encapsulation information.
    Type: Grant
    Filed: August 18, 2016
    Date of Patent: December 11, 2018
    Assignee: Alibaba Group Holding Limited
    Inventors: Qi Zhang, Didi Yao
  • Patent number: 10091117
    Abstract: Techniques for code block (CB) segmentation and rate matching in wireless deployments that may use CB-level feedback may provide that a transport block group (TBG) may include one or more CBs from multiple transport blocks (TBs). Such TBGs may support retransmissions of one or more CBs from different TBs within a TBG transmission. In certain examples, a TBG size may be determined, and a retransmission size associated with any CBs to be retransmitted are determined. Based at least in part on the TBG size and retransmission size, it may be determined whether a new TB may be included in the TBG.
    Type: Grant
    Filed: June 14, 2016
    Date of Patent: October 2, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Jing Sun, Taesang Yoo
  • Patent number: 10078736
    Abstract: Disclosed are systems and methods for improving interactions with and between computers in content communicating, rendering, generating, hosting and/or providing systems supported by or configured with personal computing devices, servers and/or platforms. The systems interact to identify and retrieve data within or across platforms, which can be used to improve the quality of data used in processing interactions between or among processors in such systems. The disclosed systems and methods The disclosed systems and methods enable the seamless, and adaptable implementation of digital rights management technology on a client device despite variations in the version, languages, programs executing on differing linked devices. The disclosed systems and methods enable the rendering of content via encryption and decryption of the content, which protects the digital media content on the client end.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: September 18, 2018
    Assignee: ALIBABA GROUP HOLDING LIMITED
    Inventor: Yusong Wei
  • Patent number: 10075416
    Abstract: In general, techniques for sharing of network session data are described. The techniques may enable security devices to leverage application classification information in a federated manner. An example security device includes a memory and one or more processors. The processor(s) are configured to receive data representative of an application classification for a first packet flow from a second security device, to receive data of a second packet flow, and, when the second packet flow corresponds to the first packet flow, to monitor the data of the second packet flow based on the application classification for the first packet flow without determining an application classification for the second packet flow.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: September 11, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Nagendra Singh Yadav, Anil Kumar Reddy Sirigiri
  • Patent number: 10075434
    Abstract: Generally, this disclosure describes a method and system for authenticating to a network via a device-specific one-time password. A method in an embodiment may include generating a first one-time password (OTP) based at least in part on a plurality of client device attributes; and providing the first OTP to an authenticator associated with a private network during a first session, wherein the authenticator is configured to authenticate the client device to at least one of the private network and protected content included in the private network for a second session following the first session based on the provided first OTP.
    Type: Grant
    Filed: June 21, 2016
    Date of Patent: September 11, 2018
    Assignee: Intel Corporation
    Inventors: Jim S. Baca, Tobias M. Kohlenberg, Hong Li, David Stanasolovich, Mark H. Price, Steven J. Birkel, Kenneth W. Reese, Ronald Tafoya
  • Patent number: 10044713
    Abstract: Identity management, user authentication, and/or user access to services on a network may be provided in a secure and/or trustworthy manner, as described herein. For example, trustworthy claims may be used to indicate security and/or trustworthiness of a user or user device on a network. Security and/or trustworthiness of a user or a user device on a network may also be established using OpenID and/or local OpenID, a secure channel between a service and the user device, and/or by including a network layer authentication challenge in an application layer authentication challenge on the user device for example.
    Type: Grant
    Filed: August 20, 2012
    Date of Patent: August 7, 2018
    Assignee: InterDigital Patent Holdings, Inc.
    Inventors: Andreas Leicher, Andreas Schmidt, Yogendra Shah
  • Patent number: 10044809
    Abstract: Provided is a wireless communication device for packet communication. When power is applied, in a case where a packet data is received before receiving a message notifying that packet communication starts, the other party is urged to transmit a message saying that the packet communication starts and a packet number is initialized in accordance with transmission and reception of the message that the packet communication starts.
    Type: Grant
    Filed: November 3, 2015
    Date of Patent: August 7, 2018
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventor: Toshiyuki Sugitani
  • Patent number: 10015542
    Abstract: A method and system are provided for securely storing and retrieving live off-disk media programs. Events delineate media segments, each of which are encrypted with a different key so as to be streamable to a remote device via digital living network alliance (DLNA) or HTTP live streaming protocols. Media segments and identifiers for managing the storage and retrieval of such media segments are compatible with live streaming data structures, obviating the need to re-encrypt data streams.
    Type: Grant
    Filed: March 14, 2014
    Date of Patent: July 3, 2018
    Assignee: ARRIS Enterprises LLC
    Inventors: Rafie Shamsaasef, William P Franks, Geetha Mangalore, Paul Moroney
  • Patent number: 9992202
    Abstract: Certain aspects and features of the present disclosure relate to providing access control using groups that can be dynamically controlled by group owners, such access control hereinafter referred to as group access control. Group access control can be used to control the transmission of packets on a network layer, or for other access control. A network administrator can provide users with permissions, such as using user roles. Users can then establish groups to share permissions with other users. A group is established by a group owner, who can modify the member list of that group and modify what permissions will be passed on to group members all without the involvement of a network administrator. Members of a group can include users, devices, and network resources. Additionally, data path entities (e.g. routers and access points) can facilitate delivery of packets between group members across multiple logical networks.
    Type: Grant
    Filed: April 30, 2015
    Date of Patent: June 5, 2018
    Assignee: ARUBA NETWORKS, INC
    Inventors: Edward Vajravelu, Partha Narasimhan, Sachin Shamrao Sanap, Gopal Agarwal
  • Patent number: 9992019
    Abstract: A method includes affiliating an authentication token with user information of a user. The method further includes generating a private/public key pairing associated with the user information. The method further includes applying a share encoding function on a private key of the private/public key pairing to produce a set of encoded shares. The method further includes generating a set of random numbers and generating a set of hidden passwords based on the user information. The method further includes generating a set of encryption keys based on the set of hidden passwords and the set of random numbers. The method further includes encrypting the set of encoded shares utilizing the set of encryption keys to produce a set of encrypted shares. The method further includes outputting the set of encrypted shares to the authentication token for storage therein and outputting the set of random numbers to a set of authenticating units.
    Type: Grant
    Filed: November 30, 2015
    Date of Patent: June 5, 2018
    Assignee: International Business Machines Corporation
    Inventors: Jason K. Resch, S. Christopher Gladwin, Andrew Baptist, Thomas Franklin Shirley, Jr.
  • Patent number: 9961057
    Abstract: Methods of securing a cryptographic device against implementation attacks, are described. A disclosed method comprises the steps of obtaining a key (230) from memory of the cryptographic device; providing the key and a constant input (210) to an encryption module (240); deriving an output (250) of encrypted data bits using the encryption module (240); providing the output (250), the key (230) and an input vector (270) to a key update module (260); and using said key update module (260) to modify the key based on at least a part (270a) of the input vector (270) to derive an updated key (230a). This prevents the value of the key from being derived using the updated key or by using side-channel attacks because the input is constant for all keys. Additionally, by altering the input vector, the updated key is also altered.
    Type: Grant
    Filed: September 10, 2015
    Date of Patent: May 1, 2018
    Assignee: NXP B.V.
    Inventors: Marcel Medwed, Martin Feldhofer, Ventzislav Nikov
  • Patent number: 9942159
    Abstract: A node in a first network domain and a method performed thereby for transmitting a data packet to a VPN client in a second network domain, the node and the VPN client being part of a VPN, wherein the first and second network domain are connected by means of a third network domain are provided. The method comprises receiving, from an application server, a first packet comprising a first IP header and a payload; and determining a DCSP. The method further comprises adding a second header comprising the determined DCSP and an IP address of a VPN client resulting in a second packet and encrypting the second packet. Further the method comprises adding a third header to the encrypted second packet resulting in a third packet, the third header comprising a destination address of a node in the second network domain, and transmitting the third packet in an IP tunnel terminating at the node in the second network domain.
    Type: Grant
    Filed: January 28, 2014
    Date of Patent: April 10, 2018
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON
    Inventors: Henrik Basilier, Göran Eneroth, Michael Liljenstam, Linus Andersson, Björn Bodén, Kyösti Toivanen
  • Patent number: 9864850
    Abstract: A method of relicensing digital encrypted radio media content transmitted via a network and received by a user electronic device includes receiving a request to relicense an encrypted digital media data file included within digital encrypted radio media content. The encrypted digital media data file is retrieved from the digital encrypted radio media content stored in a memory of the user electronic device. The encrypted digital media data file is decrypted using a radio encryption key to generate an unbound digital media data file. The unbound digital media data file is bound with the user electronic device to generate, a bound encrypted digital media data file. The bound encrypted digital media data file is stored in the memory of the user electronic device.
    Type: Grant
    Filed: February 11, 2014
    Date of Patent: January 9, 2018
    Assignee: Intel Corporation
    Inventor: Joshua D. Hug
  • Patent number: 9858396
    Abstract: Media content is delivered to a variety of mobile devices in a protected manner based on client-server architecture with a symmetric (private-key) encryption scheme. A media preparation server (MPS) encrypts media content and publishes and stores it on a content delivery server (CDS), such as a server in a content distribution network (CDN). Client devices can freely obtain the media content from the CDS and can also freely distribute the media content further. They cannot, however, play the content without first obtaining a decryption key and license. Access to decryption keys is via a centralized rights manager, providing a desired level of DRM control.
    Type: Grant
    Filed: December 8, 2014
    Date of Patent: January 2, 2018
    Assignee: ERICSSON AB
    Inventors: Raj Nair, Mikhail Mikhailov
  • Patent number: 9846773
    Abstract: A technique for enabling a client to provide a server entity is disclosed. In method aspects, a first method is performed in the client and comprises the steps of providing the client with a secure trusted environment, the environment being trusted by the client and by at least one third party, and accommodating, in the secure trusted environment, at least a local portion of the server entity, the server entity being configured to handle one or more server requests from the client, and data required by the server entity so as to handle the server request. A second method is performed in a server and comprises the steps of providing, for the secure trusted environment of the client, the environment being trusted by the client and by the at least one third party the at least local portion of the server entity, and the data.
    Type: Grant
    Filed: December 20, 2012
    Date of Patent: December 19, 2017
    Assignee: Telefonaktiebolaget LM Ericsson (Publ)
    Inventor: Bernard Smeets