Data Authentication Patents (Class 713/161)
  • Patent number: 11165701
    Abstract: A network device may receive, from a first network, a network packet of a first network packet type that encapsulates a fragment of a second network packet of a second network packet type, where the network packet is part of a flow of a plurality of network packets of the first network packet type that encapsulates fragments of the second network packet, and where the network packet includes a flow label that indicates a source port for the second network packet. The network device may perform an anti-spoof check on the fragment of the second network packet based at least in part on the source port for the second network packet that is indicated by the flow label of the network packet. The network device may, based on the fragment passing the anti-spoof check, forward the fragment of the second network packet to a second network.
    Type: Grant
    Filed: March 31, 2020
    Date of Patent: November 2, 2021
    Assignee: Juniper Networks, Inc.
    Inventors: Ashish Suresh Ghule, Jagadish Narasimha Grandhi
  • Patent number: 11153295
    Abstract: Plugins are authenticated for purposes of accessing and using application program interfaces (APIs) of a management service of a virtualized computing environment. In an authentication process, each plugin is associated with a session ticket that is unique to the plugin. The session ticket may be in the form of a single-use token that has a finite duration, and which may be used by the plugin to establish a session with the APIs of the management service. Because of the single-use and finite duration constraints of the token, the plugin is unable to use the token for other sessions and other plugins are also unable to use the same token to conduct their own sessions with the management service.
    Type: Grant
    Filed: August 28, 2019
    Date of Patent: October 19, 2021
    Assignee: VMWARE, INC.
    Inventors: Tony Ganchev, Tihomir Mateev
  • Patent number: 11153289
    Abstract: A System-on-Chip (SoC) performs secure communication operations. The SoC may include a peripheral interface configured to communicate with a host system. The SoC may also include a network interface configured to receive network packets in a secure communication session. The SoC may further include a processor configured to execute an Operating System (OS) software and a secure communication software stack to process at least one received network packet in the secure communication session. In addition, the SoC may include a secure communication engine configured to perform cryptographic operations and generate at least one decrypted packet in the secure communication session. The at least one decrypted packet may be provided to the host system via the peripheral interface.
    Type: Grant
    Filed: July 28, 2017
    Date of Patent: October 19, 2021
    Assignee: ALIBABA GROUP HOLDING LIMITED
    Inventor: Xiaowei Jiang
  • Patent number: 11139980
    Abstract: Software for immutably storing computational determinations using distributed ledgers. The software performs the following operations: (i) receiving an indication that a first computational model is ready to be deployed; (ii) storing a copy of the first computational model in a first distributed ledger; (iii) computing a hash of the first computational model using a cryptographic hash function; (iv) receiving an indication that a second computational model has been used to produce a first computational determination; (vi) receiving a hash of the second computational model; and (vii) in response to determining that the hash of the second computational model matches the hash of the first computational model, storing a record of the first computational determination in a second distributed ledger, wherein the record of the first computational determination identifies the second computational model as being the first computational model and includes the hash of the first computational model.
    Type: Grant
    Filed: November 28, 2018
    Date of Patent: October 5, 2021
    Assignee: International Business Machines Corporation
    Inventors: Bradley C. Herrin, Xianjun Zhu, Bo Zhang, Alexander Sobran
  • Patent number: 11134069
    Abstract: A method for authorizing access includes generating a public identity parameter and a private identity parameter for each server, and using the public identity parameter of a first server indicated by a first credential from a resource owner to perform identity encryption on the first credential and a first random parameter so as to generate and transmit a first request message to the first server. The private identity parameter is used to decrypt the first request message. The public identity parameter of a second server indicates by the second credential to perform identity encryption on the second credential and a second random parameter so as to generate and transmit a second request message. The second server uses the private identity parameter to perform decryption on the second request message, and the method determines, according to the decrypted second credential, a resource to be provided to the client.
    Type: Grant
    Filed: April 13, 2016
    Date of Patent: September 28, 2021
    Assignee: SONY CORPORATION
    Inventor: Zhihui Zhang
  • Patent number: 11119988
    Abstract: An aspect of performing logical validation on loaded data in a database includes a rule engine configured to, in response to an addition or update of a new rule for logical validation, determine a delta rule that includes a delta part of the new rule with respect to existing rules. An aspect also includes an object container containing object instances that have been validated using the existing rules. The object instance contains only data related to the existing rules and extracted from the database. An aspect further includes a validation engine configured to, upon determining that the delta rule relates to extra data other than the data contained in the object instance, extract the extra data from a database and add it to corresponding object instances, and use at least a part of the new rule to perform logical validation on the relevant object instances in the object container.
    Type: Grant
    Filed: May 17, 2019
    Date of Patent: September 14, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Bai Chen Deng, An Chao Song, Feng Cheng Sun, Jing Sun, Lin Xu
  • Patent number: 11102169
    Abstract: The present disclosure provides a method of embedding finer grained information such as user identity and application identity in IPv6 addresses used for end-to-end communications within a network. The finer grained information can be used for improved policy enforcement within the network. In one aspect, generating an address for an end-to-end communication within a network, the address including a user identifier and an application identifier for network policy enforcement; assigning the address to an application used in the end-to-end communication; and performing network segmentation and the network policy enforcement within the network using the address.
    Type: Grant
    Filed: June 6, 2019
    Date of Patent: August 24, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Marcel Paul Sosthène Enguehard, Jordan Augé, Giovanna Carofiglio
  • Patent number: 11086890
    Abstract: Embodiments of the present invention are directed to validating extraction rules. In embodiments, a set of events for which field extraction is desired is obtained. Thereafter, an extraction rule is applied to the set of events to extract fields of the events. The application of the extraction rule can be monitored to determine that the applied extraction rule is invalid. Based on the applied extraction rule being invalid, a new extraction rule can be generated to apply to the set of events.
    Type: Grant
    Filed: January 31, 2019
    Date of Patent: August 10, 2021
    Assignee: SPLUNK Inc.
    Inventors: Li Li, Yongxin Su, Ting Yuan, Qian Jie Zhong, Yiyun Zhu
  • Patent number: 11074112
    Abstract: Systems, methods, and software are disclosed herein for maintain the responsiveness of a user interface to an application. In an implementation, a synchronous operation is commenced on a main thread of an application. The application monitors for a request by an additional thread to interrupt the synchronous operation in favor of an asynchronous operation. The synchronous operation is canceled in response to the request and is retried after completing the asynchronous operation.
    Type: Grant
    Filed: January 13, 2017
    Date of Patent: July 27, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Micah James Myerscough, Weide Zhong, Xiaohui Pan, Toshiharu Kawai, Emily Anne Schultz
  • Patent number: 11030306
    Abstract: The present invention particularly concerns a method for executing a program (P) intended to be interpreted by a virtual machine (M), the method comprising steps of determination (102) of a reference code instruction to be interpreted when executing the program, interpretation (112) by the virtual machine of the reference code instruction using machine code. This method also comprises read-out (106) of interpretation rights data (DR) indicating a portion (P1) of the program containing code instructions interpretable by the virtual machine and, on the basis of read-out data, checking the presence (110) of the reference code instruction in the portion (P1) of the program (P), the interpretation of the reference code instruction being implemented by the virtual machine (M) only if the reference code instruction is contained in the portion (P1) of the program (P).
    Type: Grant
    Filed: April 19, 2018
    Date of Patent: June 8, 2021
    Assignee: IDEMIA IDENTITY & SECURITY FRANCE
    Inventors: Ahmadou Sere, Karim Madjid Ammouche
  • Patent number: 11019085
    Abstract: The disclosed computer-implemented method for identifying potentially risky traffic destined for network-connected devices may include (1) receiving, at a cloud-based server, characteristics of a network-connected device being adding to a network, (2) creating a digital virtual image of the network-connected device on the cloud-based server, (3) receiving a request sent to a port on the network-connected device and (4) performing a security action including (A) sending the request to the digital virtual image of the network-connected device, (B) identifying the request as a potentially risky request by monitoring a runtime reaction of the digital virtual image of the network-connected device to the request, and (C) sending, to a network monitoring device, a message indicating the request is a potentially risky request. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 17, 2018
    Date of Patent: May 25, 2021
    Inventors: Ilya Sokolov, Bruce McCorkendale
  • Patent number: 11019033
    Abstract: An apparatus comprises at least one processing device that includes a processor coupled to a memory. The processing device is configured to establish a secure enclave in cloud infrastructure as part of a trust domain, to load the secure enclave with a program for execution in the secure enclave, and to provide the secure enclave with information sufficient to allow the secure enclave to prove to one or more clients of the trust domain that the secure enclave was established within the trust domain. The provided information customizes the secure enclave for the trust domain in a manner that is detectable by the one or more clients of the trust domain. The establishing, loading and providing are illustratively performed at least in part by an orchestrator component that is part of the trust domain and is implemented using a first physical machine that is separate from a second physical machine used to implement the secure enclave.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: May 25, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Radia J. Perlman, Charles Kaufman
  • Patent number: 11017102
    Abstract: A kernel driver on an endpoint is configured to monitor processes executing on the endpoint that use network communications, and to transmit process information to a firewall for the endpoint. The firewall can, in turn, use process this stream of information from individual endpoints or groups of endpoints as context for observed network activity in order to control secure network communications and otherwise manage network activity.
    Type: Grant
    Filed: October 27, 2017
    Date of Patent: May 25, 2021
    Assignee: Sophos Limited
    Inventor: Richard S. Teal
  • Patent number: 10993112
    Abstract: System and method embodiments are provided for accessing a wireless network. The embodiments enable establishing and releasing session resources in a wireless local area network (WLAN) corresponding to packet data network (PDN) connections in a 3 GPP enhanced packet core (EPC). In an embodiment, a method in a network component for establishing a control channel with a user equipment (UE) includes setting up, by the network component, a link layer channel, sending, by the network component, an identifier of the link layer channel to the UE; and communicating, by the network component, with the UE over the link layer channel using a WLAN control protocol (WLCP), wherein the WLAN comprises a trusted WLAN Access Network (TWAN).
    Type: Grant
    Filed: October 26, 2018
    Date of Patent: April 27, 2021
    Assignee: Futurewei Technologies, Inc.
    Inventors: Kaippallimalil Mathew John, Weisheng Jin, Wenruo Zhu
  • Patent number: 10963279
    Abstract: Embodiments are directed to a computer implemented method of controlling a host computing device connected to at least one subordinate computing device. The method includes configuring a host virtual machine manager (VMM) of the host computing device to perform a method that includes deploying an instance of a subordinate virtual machine (VM) on the subordinate computing device, and deploying another instance of the subordinate VM on the host computing device. The method further includes administering features or functions of the instance of the subordinate VM on the subordinate computing device, and administering features or functions of the another instance of the subordinate VM on the host computing device.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: March 30, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: David B. Lection, Ruthie D. Lyle, Eric L. Masselle
  • Patent number: 10853514
    Abstract: A document management system includes a memory for storing machine-readable code and a processor configured to execute the machine-readable code. The processor stores a first document, a first hash of the first document, and a first key in the memory. The first document is encrypted with the first key. The processor further receives a request for the first key. The request includes a second hash of a second document where the second document is purported to be a copy of the first document. The processor further compares the first hash to the second hash and sends the first key in response to the request when the first hash matches the second hash.
    Type: Grant
    Filed: May 10, 2018
    Date of Patent: December 1, 2020
    Assignee: Dell Products, L.P.
    Inventors: Daniel L. Hamlin, Charles D. Robison
  • Patent number: 10841088
    Abstract: Techniques for generating and validating credentials are disclosed. A server generates credentials using only a single current key, up to a threshold number of credentials. The server accepts client connection requests with credentials that were generated using n most recently used keys, including the current key and one or more legacy keys. The server rejects connection requests with credentials that were generated using any other key. When the current key has been used to generate the threshold number of credentials, the server updates the current key to a new key.
    Type: Grant
    Filed: December 17, 2018
    Date of Patent: November 17, 2020
    Assignee: Oracle International Corporation
    Inventor: Xuelei Fan
  • Patent number: 10841730
    Abstract: Systems and methods for incentivizing a user to satisfy a goal for attending twelve step meetings. The method includes the steps of: providing the user with a mobile device; detecting the presence of the mobile device at a first location and at a first time selected by the user; comparing the first time and the first location to a database of approved meetings, wherein the comparing is substantially contemporaneous with the first time; and providing a reward to the user upon confirming that: i) the first time and the first location correspond to an approved meeting; and ii) the user is proximate the mobile device at the first time.
    Type: Grant
    Filed: November 16, 2016
    Date of Patent: November 17, 2020
    Inventor: Michael Jerome Senger
  • Patent number: 10824725
    Abstract: Automatic detection of software that performs unauthorized privilege escalation is disclosed. The techniques cause a programmable device to obtain a trace event of a program from an event logger, parse the trace event to determine a privilege level for an event, compare the privilege level for the event to an expected privilege level, and block execution of the program based on the comparison.
    Type: Grant
    Filed: January 23, 2018
    Date of Patent: November 3, 2020
    Assignee: McAfee, LLC
    Inventor: Eknath Venkataramani
  • Patent number: 10802924
    Abstract: The present disclosure involves systems, software, and computer-implemented methods for asynchronous session storing. An example method includes receiving, by a first thread of a data processing apparatus, a backup trigger for backing up session of an application being executed by a second, separate thread of the data processing apparatus; serializing, by the first thread of the data processing apparatus, session, wherein serializing the session comprises blocking execution of the application by the second thread of the data processing apparatus; storing the serialized session into a database; and validating the stored session.
    Type: Grant
    Filed: July 25, 2017
    Date of Patent: October 13, 2020
    Assignee: SAP SE
    Inventors: Martin Knechtel, Axel Schroeder, Kay Jugel, Christof Momm
  • Patent number: 10783255
    Abstract: Systems and techniques are provided for trust agents. Trust agents may be enabled. A state determination may be received from each of the enabled trust agents. The state determination may indicate either a trusted state or an untrusted state. The received state determinations may be combined to determine a security state. A security measure may be enabled or disabled based on the determined security state.
    Type: Grant
    Filed: April 4, 2019
    Date of Patent: September 22, 2020
    Assignee: Google LLC
    Inventors: James Brooks Miller, Michael Andrew Cleron
  • Patent number: 10733146
    Abstract: An encoding system may include a metadata manager, a key manager, and an encoder. The metadata manager may interface with one or more metadata sources to determine whether to include a metadata item from the one or more metadata sources. The key manager may determine whether the metadata item can be represented using one of already-allocated keys or an inline key must be used to represent the metadata item. The encoder may encode the metadata. If an inline key must be used to represent the metadata item, the encoder may associate the inline key and the type of the metadata item to the media file, and the encoder may encode the metadata item using the inline key in the media file.
    Type: Grant
    Filed: January 22, 2015
    Date of Patent: August 4, 2020
    Assignee: Apple Inc.
    Inventor: Christopher L. Flick
  • Patent number: 10686763
    Abstract: Various embodiments are generally directed to techniques to distribute encrypted packets among multiple cores in a load-balanced manner for further processing. An apparatus may include a processor component; a decryption component to decrypt an encrypted packet to generate a decrypted packet from the encrypted packet, the encrypted packet comprising a header that comprises at least one field of information; a hash component to generate a header hash from the at least one field of information during decryption of at least a portion of the encrypted packet by the decryption component, the header hash comprising a smaller quantity of bits than the at least one field of information; and a distribution component to select a first core of multiple cores coupled to the processor component based on the header hash and to transmit the decrypted packet to the first core from the processor component. Other embodiments are described and claimed.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: June 16, 2020
    Assignee: INTEL CORPORATION
    Inventors: Tomasz Kantecki, Niall McDonnell
  • Patent number: 10680816
    Abstract: A system for improving the data security during a communication process, including at least one processor and a hardware security module. The communication data is authenticated prior to a transmission process, and the authenticity of the communication data is checked upon being received. The authentication is carried out by the processor, and the authentication check is carried out by the hardware security module, wherein the communication data is car-to-X messages. The processor and the hardware security module are linked via a common secret element such that at least the hardware security module cannot be coupled to another processor.
    Type: Grant
    Filed: March 25, 2015
    Date of Patent: June 9, 2020
    Assignee: Continental Teves AG & Co. oHG
    Inventors: Henrik Antoni, Torsten Martin, Stefan Römmele, Marc Menzel
  • Patent number: 10638301
    Abstract: Each known operating system, software, or hardware can correspond to a list of identifiable attributes that is used to uniquely identify the operating system, software, or hardware of interest. By using these identifiable attributes in rules, fingerprints can be generated that define the existence of an object (e.g. operating systems, software and hardware). By using the generated fingerprints via a discovery tool, the existence of the objects can be determined within an environment (e.g. computing device, computing network).
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: April 28, 2020
    Assignee: BDNA Corporation
    Inventors: Alexander Meau, Danny Leung
  • Patent number: 10630555
    Abstract: Systems and methods are provided that include a network appliance comprising a plurality of virtual private network nodes operating on the network appliance, each virtual private network node being configurable to connect to selectable virtual private network end points in an on-demand computing network. A web interface is configured to connect a client device to the network appliance and to identify a selected virtual private network end point, where the client device is connected to a particular one of the virtual private network nodes and the particular virtual private network node is connected to the selected virtual private network end point based on interactions with the web interface.
    Type: Grant
    Filed: August 23, 2017
    Date of Patent: April 21, 2020
    Assignee: Berryville Holdings, LLC
    Inventors: Christopher Edward Delaney, Chava Louis Jurado, Carl Bailey Jacobs, William Theodore Schoon
  • Patent number: 10601793
    Abstract: In an embodiment, an electronic data security system improves the security and usability of encrypted electronic data using a symmetric key approach implemented by security engines embedded on operably coupled integrated circuits. Engines paired to integrated circuits in combinations of hardware and software engines implementing security tasks can also be utilized. A first security engine is configured to interface to a second security engine and, using the components of the respective security engines, securely exchange electronic data using symmetric key encryption. The key change instruction configures the second security engine private key for a subsequent transmission.
    Type: Grant
    Filed: March 10, 2017
    Date of Patent: March 24, 2020
    Assignee: PSS, LLC
    Inventors: Boris Maydanik, Michael Norton
  • Patent number: 10592670
    Abstract: Technologies for configuring a launch enclave include a computing device having a processor with secure enclave support. A trusted execution environment (TEE) of the computing device stores a launch enclave hash in a launch enclave hash table in secure storage and provisions the launch enclave hash to platform firmware at runtime. The TEE may receive the launch enclave hash via trusted I/O. The platform firmware sets a configure enclave launch bit and resets the computing device. On reset, the TEE determines whether the launch enclave hash is allowed for launch. The TEE may evaluate one or more launch configuration policies and may select a launch enclave hash based on the launch configuration policies. If allowed, the platform firmware writes the launch enclave hash to a model-specific register of the processor, and the launch enclave may be loaded and verified with the launch enclave hash. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 28, 2016
    Date of Patent: March 17, 2020
    Assignee: Intel Corporation
    Inventors: Rajesh Poornachandran, Vincent J. Zimmer, Mingqiu Sun, Gopinatth Selvaraje
  • Patent number: 10579814
    Abstract: A method, computer program product and system for preventing unauthorized access of confidential information. The transmission of data from a first user to a second user is detected. An authorization level corresponding to the second user is then determined. Furthermore, a probability that the authorization level corresponding to the second user and the data is accurate is generated. Additionally, a determination is made that the data includes sensitive information that the second user is not authorized to access based on the authorization level. Moreover, the data can be modified based on the probability, where the data is to be redacted if the probability is within a range of a threshold value or the data is to be blocked from transmission if the probability is above the range.
    Type: Grant
    Filed: October 30, 2017
    Date of Patent: March 3, 2020
    Assignee: International Business Machines Corporation
    Inventors: Yoav Ben-Yair, Gil Fuchs, Itai Gordon, Ilan D. Prager
  • Patent number: 10574438
    Abstract: In sharing processing, a security apparatus applies secret sharing to processing information m to obtain a plurality of pieces of fragment information (where n=1, . . . , N), obtains verification information which is an image of the obtained fragment information through mapping, stores the verification information and outputs the fragment information. Each piece of the fragment information is stored in a storage apparatus. In restoration processing, the security apparatus accepts input of fragment information (where k=1, . . . , K) required for restoration, compares fourth verification information which is an image of the inputted fragment information through mapping with stored verification information, and restores the processing information m from the fragment information (where k=1, . . . , K) corresponding to the fourth verification information which matches the verification information.
    Type: Grant
    Filed: February 17, 2015
    Date of Patent: February 25, 2020
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Miki Hosaka, Yasushi Takami, Tokutaro Yoshida
  • Patent number: 10521141
    Abstract: A memory module includes: a front interface suitable for performing a serial-to-parallel conversion of a command, an address, and data that are received from a host memory controller; a module controller suitable for communicating with the host memory controller through the front interface; and a memory device suitable for receiving the command and the address from the module controller and transferring and receiving data to and from the module controller. The number of lines for transferring the command, the address, and the data between the host memory controller and the front interface is greater than the number of lines for transferring the command, the address, and the data between the module controller and the memory device.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: December 31, 2019
    Assignee: SK hynix Inc.
    Inventor: Jae-Young Lee
  • Patent number: 10521478
    Abstract: Systems and methods for enhancing confidence in a biometric search result include submitting one or more biometric samples to a biometric search engine. In response to the one or more submitted biometric samples, a plurality of candidates identified as potentially associated with the one or more submitted biometric samples is received from the biometric search engine. Each identified candidate has associated biographic information. The biographic information associated with each identified candidate is submitted to a relationship detection engine. In response to the submitted biographic information, an identified relationship between at least one of the identified candidates and one or more other individuals is received from the relationship detection engine.
    Type: Grant
    Filed: June 2, 2017
    Date of Patent: December 31, 2019
    Assignee: AWARE, INC.
    Inventor: David Benini
  • Patent number: 10491565
    Abstract: Various embodiments of systems and methods to generate web application firewall specific validation rule are described herein. Initially, a web service metadata is processed to retrieve a plurality of data parameters from the web service metadata. Next, a common validation rule is generated based on the retrieved one or more data parameters. The common validation rule is then modified to generate the web application firewall specific validation rule.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: November 26, 2019
    Assignee: SAP SE
    Inventors: Sanjeev Agarwal, Karthik Mohan Mokashi, Bhanu Mohanty
  • Patent number: 10445396
    Abstract: A host application executing on a client device includes a content processing extension that extends its functionality to process content items to a requesting host application executing on a client device. The content processing extension is an executable file that includes data conversion code and application code. The data conversion code, when executed in requesting host application, identifies content items provided by the requesting host application and formats the identified content items to be received by the content processing extension. The application code is native code executable by the host application associated with the content processing extension. The application code processes the results from execution of the data conversion and the identified content items in accordance with one or more functions of the host application, and returns the processed content items to the requesting host application via the content processing extension.
    Type: Grant
    Filed: May 29, 2015
    Date of Patent: October 15, 2019
    Inventors: Samuel M. Weinig, Jeffrey S. Miller, Yongjun Zhang
  • Patent number: 10437588
    Abstract: Methods, systems, and computer-readable storage media for receiving a request to open a source code file for editing within an integrated development environment (IDE), determining that the source code file includes source code with first comment text having a first digital signature associated therewith, authenticating the first digital signature, and in response, providing the source code file for display in the IDE, receiving input data, determining that the input data includes authoring of comment text within the source code file, and in response, automatically: providing comment metadata that is associated with the comment text and providing a second digital signature that is associated with the comment text, and storing the comment text, the comment metadata, and the second digital signature in a comment metadata repository.
    Type: Grant
    Filed: May 11, 2018
    Date of Patent: October 8, 2019
    Assignee: SAP SE
    Inventor: James Crawford
  • Patent number: 10419345
    Abstract: A system facilitates efficient and secure transportation of content. An intermediate node receives a packet that corresponds to a fragment of a content object message that is fragmented into a plurality of fragments. One or more fragments of the plurality of fragments indicate a unique name that is a hierarchically structured variable-length identifier that comprises contiguous name components ordered from a most general level to a most specific level. The received fragment indicates an intermediate state which is based on a hash function performed on an intermediate state from a previous fragment and data included in the received fragment. In response to determining that the received fragment is a first fragment, the system identifies a first entry in a pending interest table for an interest with a name that is based on a hash of a content object and that corresponds to the first fragment.
    Type: Grant
    Filed: October 23, 2017
    Date of Patent: September 17, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Marc E. Mosko, Christopher A. Wood
  • Patent number: 10417188
    Abstract: A method for generating a segmented blockchain includes: storing a first blockchain, the blockchain being comprised of blocks including a recent block, the recent block including a corresponding block header and transaction values; generating a recent hash value via hashing the corresponding block header; writing a terminal block to the first blockchain, the terminal block including a terminal block header comprised of the recent hash value, an activated terminal flag, and a forward reference identifier; generating a terminal hash value via hashing the terminal block header; generating a second blockchain, the second blockchain being comprised of a starting block, the starting blocking including a starting block header comprised of the terminal hash value and an activated starting flag; and transmitting the terminal block and the second blockchain to one or more computing devices associated with the first blockchain.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: September 17, 2019
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventor: David J. King
  • Patent number: 10396685
    Abstract: Some embodiments may include a multi-stage converter comprising: a branch connected between a positive busbar and a negative busbar; and a control device. The branch has two arms connected in series. The arms each comprise a series circuit including a plurality of two-pole submodules, an energy store, and a communication connection to the control device. The communication connection transmits state of charge of the energy store and a switching instruction for the respective submodule. For at least a subset of the submodules, the communication connection comprises a common communication connection with a plurality of insulation paths having an insulation capability in each case of at most 5 kV.
    Type: Grant
    Filed: February 20, 2017
    Date of Patent: August 27, 2019
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Manuel Blum, Marek Galek, Alexander Hofmann, Dirk Malipaard, Benjamin Ruccius
  • Patent number: 10372945
    Abstract: An abstract enclave identity is presented. An abstract identity may be a secure identity that may be the same for multiple related, but not identical, enclave instantiations. An enclave identity value may be determined from an abstract enclave identity type with respect to a instantiated enclave. An abstract identity value may be used to determine equivalence of two enclave instantiations that are not identical, such as two similar enclaves hosted on different computers, two enclaves hosted on different native enclave platforms, and two enclaves instantiated from different versions of the same enclave binary images.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: August 6, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Manuel Costa
  • Patent number: 10355978
    Abstract: Example implementations relate to calculating a time to live (TTL). An example implementation includes receiving a transaction request containing a first time to live (TTL) from a requester. A second TTL for a transaction response may be computed, and a transaction response containing the second TTL may be transmitted.
    Type: Grant
    Filed: June 19, 2017
    Date of Patent: July 16, 2019
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Gregg B. Lesartre, Derek Alan Sherlock, Gary Gostin, Nicholas George McDonald, Alan Davis, Darel N. Emmot, John Kim
  • Patent number: 10338911
    Abstract: A method and device for downloading a software version and a storage medium, including that: n partitions to be downloaded of a software version to be sent are determined, n?1 (S101); a mobile terminal is indicated to format a mapping partition corresponding to an mth partition to be downloaded in the n partitions to be downloaded in the mobile terminal, n?m?1 (S102); and when it is determined that formatting of the mapping partition corresponding to the mth partition to be downloaded is completed and succeeds, data of the mth partition to be downloaded is packed into an all-0 data packet or a non-0 data packet, and the all-0 data packet or the non-0 data packet is sent (S103).
    Type: Grant
    Filed: July 20, 2015
    Date of Patent: July 2, 2019
    Assignee: ZTE Corporation
    Inventor: Jianhua Xiao
  • Patent number: 10339297
    Abstract: A system for detecting user credentials comprising an interface and a processor. The interface is configured to receive a plurality of data chunks. The processor is configured to determine a number of continuous bytes in the plurality of data chunks having appropriate values and, in the event that the number of the continuous bytes is greater than or equal to a threshold number of bytes, determine whether continuous byte data of the continuous bytes comprises a credential.
    Type: Grant
    Filed: January 30, 2018
    Date of Patent: July 2, 2019
    Assignee: GITHUB, INC.
    Inventor: Vicent Marti
  • Patent number: 10320803
    Abstract: Methods, systems and devices to authorize access to a simultaneous media streams are described. After a first media stream is initiated with a first client device, an authorization service receives a request to establish the simultaneous second media stream with a second client device. The service determines whether the second client device is at a geographic location where simultaneous streaming is allowed, and grants or denies access to the second simultaneous stream accordingly.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: June 11, 2019
    Assignees: DISH TECHNOLOGIES LLC, HUGHES NETWORK SYSTEMS, LLC
    Inventors: Max S. Gratton, Timothy Robert Jezek
  • Patent number: 10310776
    Abstract: An output method and an output device include steps below. A first electronic device sends a file to a server and generates a piece of verification information corresponding to the file. A second electronic device receives the piece of verification information. An output device reads the piece of verification information, and obtains the file from the server according to the piece of verification information. The output device receives a first verification code via a user interface, determines whether the first verification code matches the piece of verification information, and outputs the paper document of the file when the first verification code matches the piece of verification information. The output device sends a second verification code, generated according to encode data of the file, to the second electronic device for a further verification and deletes the file after the output device output the paper document of the file.
    Type: Grant
    Filed: June 20, 2018
    Date of Patent: June 4, 2019
    Assignee: AVISION INC.
    Inventor: Chun-Chieh Liao
  • Patent number: 10305894
    Abstract: In general, embodiments of the present invention provide systems, methods and computer readable media for providing a user verification service based on analyzing digital fingerprint signals derived from out-of-band data (i.e., data not directly supplied by the user). In some embodiments, a digital fingerprint engine embedded in an app hosted on a client device being accessed by a user reads various device or user data and then creates a set of encoded user verification data representing out-of-band data stored locally on that device. In some embodiments, the user verification data are encoded as hashes generated by a hash function. In some embodiments, the app is configured to contact a business server via the cloud, and the set of digital fingerprints are included in an authorization request transmitted from the client device to the business server.
    Type: Grant
    Filed: October 19, 2015
    Date of Patent: May 28, 2019
    Assignee: AVERON US, INC.
    Inventors: Wendell Brown, Evan Tann
  • Patent number: 10296747
    Abstract: Systems and techniques are provided for trust agents. Trust agents may be enabled. A state determination may be received from each of the enabled trust agents. The state determination may indicate either a trusted state or an untrusted state. The received state determinations may be combined to determine a security state. A security measure may be enabled or disabled based on the determined security state.
    Type: Grant
    Filed: October 30, 2017
    Date of Patent: May 21, 2019
    Assignee: Google LLC
    Inventors: James Brooks Miller, Michael Andrew Cleron
  • Patent number: 10298595
    Abstract: Methods and apparatus are provided for improving both node-based and message-based security in a fiber channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fiber channel network entities into a fiber channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fiber channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.
    Type: Grant
    Filed: December 15, 2014
    Date of Patent: May 21, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Fabio R. Maino, Marco Di Benedetto, Claudio Desanti
  • Patent number: 10277562
    Abstract: In one embodiment, a first device in a network receives intercepted traffic that has been encrypted. The first device decrypts the intercepted traffic and sends the decrypted traffic to one or more analysis devices in the network. The first device receives a message indicative of a result of analysis of the decrypted traffic by the one or more analysis devices.
    Type: Grant
    Filed: December 16, 2016
    Date of Patent: April 30, 2019
    Assignee: Symantec Corporation
    Inventors: Ronald Andrew Frederick, Srinivas Yerra, Tarun Soin
  • Patent number: 10225284
    Abstract: Techniques of obfuscation for enterprise data center services are disclosed. In one embodiment, the techniques may be realized as a system for obfuscation comprising one or more processors. The one or more processors may be configured to receive a command from at least one of a user and an application and determine whether the command is authorized. If the command is determined to be unauthorized, the one or more processors may be further configured to generate a rewritten output of the command that is different from an original output of the command and return the rewritten output in response to the command.
    Type: Grant
    Filed: November 25, 2015
    Date of Patent: March 5, 2019
    Assignee: SYMANTEC CORPORATION
    Inventors: Nathan S. Evans, Azzedine Benameur, Yun Shen
  • Patent number: 10218511
    Abstract: A signature authority generates a master seed value that is used as the root of a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values which are distributed to one or more key generators, each of which generates a set of one-time-use cryptographic keys. Each key generator generates a hash tree from its set of one-time-use cryptographic keys, and the root of its hash tree is returned to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree. The root of the comprehensive hash tree acts as a public key for the signature authority.
    Type: Grant
    Filed: December 23, 2016
    Date of Patent: February 26, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Matthew John Campagna, Gregory Alan Rubin, Nicholas Alexander Allen, Andrew Kyle Driggs, Eric Jason Brandwine