Data Authentication Patents (Class 713/161)
  • Patent number: 10686763
    Abstract: Various embodiments are generally directed to techniques to distribute encrypted packets among multiple cores in a load-balanced manner for further processing. An apparatus may include a processor component; a decryption component to decrypt an encrypted packet to generate a decrypted packet from the encrypted packet, the encrypted packet comprising a header that comprises at least one field of information; a hash component to generate a header hash from the at least one field of information during decryption of at least a portion of the encrypted packet by the decryption component, the header hash comprising a smaller quantity of bits than the at least one field of information; and a distribution component to select a first core of multiple cores coupled to the processor component based on the header hash and to transmit the decrypted packet to the first core from the processor component. Other embodiments are described and claimed.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: June 16, 2020
    Assignee: INTEL CORPORATION
    Inventors: Tomasz Kantecki, Niall McDonnell
  • Patent number: 10680816
    Abstract: A system for improving the data security during a communication process, including at least one processor and a hardware security module. The communication data is authenticated prior to a transmission process, and the authenticity of the communication data is checked upon being received. The authentication is carried out by the processor, and the authentication check is carried out by the hardware security module, wherein the communication data is car-to-X messages. The processor and the hardware security module are linked via a common secret element such that at least the hardware security module cannot be coupled to another processor.
    Type: Grant
    Filed: March 25, 2015
    Date of Patent: June 9, 2020
    Assignee: Continental Teves AG & Co. oHG
    Inventors: Henrik Antoni, Torsten Martin, Stefan Römmele, Marc Menzel
  • Patent number: 10638301
    Abstract: Each known operating system, software, or hardware can correspond to a list of identifiable attributes that is used to uniquely identify the operating system, software, or hardware of interest. By using these identifiable attributes in rules, fingerprints can be generated that define the existence of an object (e.g. operating systems, software and hardware). By using the generated fingerprints via a discovery tool, the existence of the objects can be determined within an environment (e.g. computing device, computing network).
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: April 28, 2020
    Assignee: BDNA Corporation
    Inventors: Alexander Meau, Danny Leung
  • Patent number: 10630555
    Abstract: Systems and methods are provided that include a network appliance comprising a plurality of virtual private network nodes operating on the network appliance, each virtual private network node being configurable to connect to selectable virtual private network end points in an on-demand computing network. A web interface is configured to connect a client device to the network appliance and to identify a selected virtual private network end point, where the client device is connected to a particular one of the virtual private network nodes and the particular virtual private network node is connected to the selected virtual private network end point based on interactions with the web interface.
    Type: Grant
    Filed: August 23, 2017
    Date of Patent: April 21, 2020
    Assignee: Berryville Holdings, LLC
    Inventors: Christopher Edward Delaney, Chava Louis Jurado, Carl Bailey Jacobs, William Theodore Schoon
  • Patent number: 10601793
    Abstract: In an embodiment, an electronic data security system improves the security and usability of encrypted electronic data using a symmetric key approach implemented by security engines embedded on operably coupled integrated circuits. Engines paired to integrated circuits in combinations of hardware and software engines implementing security tasks can also be utilized. A first security engine is configured to interface to a second security engine and, using the components of the respective security engines, securely exchange electronic data using symmetric key encryption. The key change instruction configures the second security engine private key for a subsequent transmission.
    Type: Grant
    Filed: March 10, 2017
    Date of Patent: March 24, 2020
    Assignee: PSS, LLC
    Inventors: Boris Maydanik, Michael Norton
  • Patent number: 10592670
    Abstract: Technologies for configuring a launch enclave include a computing device having a processor with secure enclave support. A trusted execution environment (TEE) of the computing device stores a launch enclave hash in a launch enclave hash table in secure storage and provisions the launch enclave hash to platform firmware at runtime. The TEE may receive the launch enclave hash via trusted I/O. The platform firmware sets a configure enclave launch bit and resets the computing device. On reset, the TEE determines whether the launch enclave hash is allowed for launch. The TEE may evaluate one or more launch configuration policies and may select a launch enclave hash based on the launch configuration policies. If allowed, the platform firmware writes the launch enclave hash to a model-specific register of the processor, and the launch enclave may be loaded and verified with the launch enclave hash. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 28, 2016
    Date of Patent: March 17, 2020
    Assignee: Intel Corporation
    Inventors: Rajesh Poornachandran, Vincent J. Zimmer, Mingqiu Sun, Gopinatth Selvaraje
  • Patent number: 10579814
    Abstract: A method, computer program product and system for preventing unauthorized access of confidential information. The transmission of data from a first user to a second user is detected. An authorization level corresponding to the second user is then determined. Furthermore, a probability that the authorization level corresponding to the second user and the data is accurate is generated. Additionally, a determination is made that the data includes sensitive information that the second user is not authorized to access based on the authorization level. Moreover, the data can be modified based on the probability, where the data is to be redacted if the probability is within a range of a threshold value or the data is to be blocked from transmission if the probability is above the range.
    Type: Grant
    Filed: October 30, 2017
    Date of Patent: March 3, 2020
    Assignee: International Business Machines Corporation
    Inventors: Yoav Ben-Yair, Gil Fuchs, Itai Gordon, Ilan D. Prager
  • Patent number: 10574438
    Abstract: In sharing processing, a security apparatus applies secret sharing to processing information m to obtain a plurality of pieces of fragment information (where n=1, . . . , N), obtains verification information which is an image of the obtained fragment information through mapping, stores the verification information and outputs the fragment information. Each piece of the fragment information is stored in a storage apparatus. In restoration processing, the security apparatus accepts input of fragment information (where k=1, . . . , K) required for restoration, compares fourth verification information which is an image of the inputted fragment information through mapping with stored verification information, and restores the processing information m from the fragment information (where k=1, . . . , K) corresponding to the fourth verification information which matches the verification information.
    Type: Grant
    Filed: February 17, 2015
    Date of Patent: February 25, 2020
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Miki Hosaka, Yasushi Takami, Tokutaro Yoshida
  • Patent number: 10521478
    Abstract: Systems and methods for enhancing confidence in a biometric search result include submitting one or more biometric samples to a biometric search engine. In response to the one or more submitted biometric samples, a plurality of candidates identified as potentially associated with the one or more submitted biometric samples is received from the biometric search engine. Each identified candidate has associated biographic information. The biographic information associated with each identified candidate is submitted to a relationship detection engine. In response to the submitted biographic information, an identified relationship between at least one of the identified candidates and one or more other individuals is received from the relationship detection engine.
    Type: Grant
    Filed: June 2, 2017
    Date of Patent: December 31, 2019
    Assignee: AWARE, INC.
    Inventor: David Benini
  • Patent number: 10521141
    Abstract: A memory module includes: a front interface suitable for performing a serial-to-parallel conversion of a command, an address, and data that are received from a host memory controller; a module controller suitable for communicating with the host memory controller through the front interface; and a memory device suitable for receiving the command and the address from the module controller and transferring and receiving data to and from the module controller. The number of lines for transferring the command, the address, and the data between the host memory controller and the front interface is greater than the number of lines for transferring the command, the address, and the data between the module controller and the memory device.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: December 31, 2019
    Assignee: SK hynix Inc.
    Inventor: Jae-Young Lee
  • Patent number: 10491565
    Abstract: Various embodiments of systems and methods to generate web application firewall specific validation rule are described herein. Initially, a web service metadata is processed to retrieve a plurality of data parameters from the web service metadata. Next, a common validation rule is generated based on the retrieved one or more data parameters. The common validation rule is then modified to generate the web application firewall specific validation rule.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: November 26, 2019
    Assignee: SAP SE
    Inventors: Sanjeev Agarwal, Karthik Mohan Mokashi, Bhanu Mohanty
  • Patent number: 10445396
    Abstract: A host application executing on a client device includes a content processing extension that extends its functionality to process content items to a requesting host application executing on a client device. The content processing extension is an executable file that includes data conversion code and application code. The data conversion code, when executed in requesting host application, identifies content items provided by the requesting host application and formats the identified content items to be received by the content processing extension. The application code is native code executable by the host application associated with the content processing extension. The application code processes the results from execution of the data conversion and the identified content items in accordance with one or more functions of the host application, and returns the processed content items to the requesting host application via the content processing extension.
    Type: Grant
    Filed: May 29, 2015
    Date of Patent: October 15, 2019
    Inventors: Samuel M. Weinig, Jeffrey S. Miller, Yongjun Zhang
  • Patent number: 10437588
    Abstract: Methods, systems, and computer-readable storage media for receiving a request to open a source code file for editing within an integrated development environment (IDE), determining that the source code file includes source code with first comment text having a first digital signature associated therewith, authenticating the first digital signature, and in response, providing the source code file for display in the IDE, receiving input data, determining that the input data includes authoring of comment text within the source code file, and in response, automatically: providing comment metadata that is associated with the comment text and providing a second digital signature that is associated with the comment text, and storing the comment text, the comment metadata, and the second digital signature in a comment metadata repository.
    Type: Grant
    Filed: May 11, 2018
    Date of Patent: October 8, 2019
    Assignee: SAP SE
    Inventor: James Crawford
  • Patent number: 10419345
    Abstract: A system facilitates efficient and secure transportation of content. An intermediate node receives a packet that corresponds to a fragment of a content object message that is fragmented into a plurality of fragments. One or more fragments of the plurality of fragments indicate a unique name that is a hierarchically structured variable-length identifier that comprises contiguous name components ordered from a most general level to a most specific level. The received fragment indicates an intermediate state which is based on a hash function performed on an intermediate state from a previous fragment and data included in the received fragment. In response to determining that the received fragment is a first fragment, the system identifies a first entry in a pending interest table for an interest with a name that is based on a hash of a content object and that corresponds to the first fragment.
    Type: Grant
    Filed: October 23, 2017
    Date of Patent: September 17, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Marc E. Mosko, Christopher A. Wood
  • Patent number: 10417188
    Abstract: A method for generating a segmented blockchain includes: storing a first blockchain, the blockchain being comprised of blocks including a recent block, the recent block including a corresponding block header and transaction values; generating a recent hash value via hashing the corresponding block header; writing a terminal block to the first blockchain, the terminal block including a terminal block header comprised of the recent hash value, an activated terminal flag, and a forward reference identifier; generating a terminal hash value via hashing the terminal block header; generating a second blockchain, the second blockchain being comprised of a starting block, the starting blocking including a starting block header comprised of the terminal hash value and an activated starting flag; and transmitting the terminal block and the second blockchain to one or more computing devices associated with the first blockchain.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: September 17, 2019
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventor: David J. King
  • Patent number: 10396685
    Abstract: Some embodiments may include a multi-stage converter comprising: a branch connected between a positive busbar and a negative busbar; and a control device. The branch has two arms connected in series. The arms each comprise a series circuit including a plurality of two-pole submodules, an energy store, and a communication connection to the control device. The communication connection transmits state of charge of the energy store and a switching instruction for the respective submodule. For at least a subset of the submodules, the communication connection comprises a common communication connection with a plurality of insulation paths having an insulation capability in each case of at most 5 kV.
    Type: Grant
    Filed: February 20, 2017
    Date of Patent: August 27, 2019
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Manuel Blum, Marek Galek, Alexander Hofmann, Dirk Malipaard, Benjamin Ruccius
  • Patent number: 10372945
    Abstract: An abstract enclave identity is presented. An abstract identity may be a secure identity that may be the same for multiple related, but not identical, enclave instantiations. An enclave identity value may be determined from an abstract enclave identity type with respect to a instantiated enclave. An abstract identity value may be used to determine equivalence of two enclave instantiations that are not identical, such as two similar enclaves hosted on different computers, two enclaves hosted on different native enclave platforms, and two enclaves instantiated from different versions of the same enclave binary images.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: August 6, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Manuel Costa
  • Patent number: 10355978
    Abstract: Example implementations relate to calculating a time to live (TTL). An example implementation includes receiving a transaction request containing a first time to live (TTL) from a requester. A second TTL for a transaction response may be computed, and a transaction response containing the second TTL may be transmitted.
    Type: Grant
    Filed: June 19, 2017
    Date of Patent: July 16, 2019
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Gregg B. Lesartre, Derek Alan Sherlock, Gary Gostin, Nicholas George McDonald, Alan Davis, Darel N. Emmot, John Kim
  • Patent number: 10339297
    Abstract: A system for detecting user credentials comprising an interface and a processor. The interface is configured to receive a plurality of data chunks. The processor is configured to determine a number of continuous bytes in the plurality of data chunks having appropriate values and, in the event that the number of the continuous bytes is greater than or equal to a threshold number of bytes, determine whether continuous byte data of the continuous bytes comprises a credential.
    Type: Grant
    Filed: January 30, 2018
    Date of Patent: July 2, 2019
    Assignee: GITHUB, INC.
    Inventor: Vicent Marti
  • Patent number: 10338911
    Abstract: A method and device for downloading a software version and a storage medium, including that: n partitions to be downloaded of a software version to be sent are determined, n?1 (S101); a mobile terminal is indicated to format a mapping partition corresponding to an mth partition to be downloaded in the n partitions to be downloaded in the mobile terminal, n?m?1 (S102); and when it is determined that formatting of the mapping partition corresponding to the mth partition to be downloaded is completed and succeeds, data of the mth partition to be downloaded is packed into an all-0 data packet or a non-0 data packet, and the all-0 data packet or the non-0 data packet is sent (S103).
    Type: Grant
    Filed: July 20, 2015
    Date of Patent: July 2, 2019
    Assignee: ZTE Corporation
    Inventor: Jianhua Xiao
  • Patent number: 10320803
    Abstract: Methods, systems and devices to authorize access to a simultaneous media streams are described. After a first media stream is initiated with a first client device, an authorization service receives a request to establish the simultaneous second media stream with a second client device. The service determines whether the second client device is at a geographic location where simultaneous streaming is allowed, and grants or denies access to the second simultaneous stream accordingly.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: June 11, 2019
    Assignees: DISH TECHNOLOGIES LLC, HUGHES NETWORK SYSTEMS, LLC
    Inventors: Max S. Gratton, Timothy Robert Jezek
  • Patent number: 10310776
    Abstract: An output method and an output device include steps below. A first electronic device sends a file to a server and generates a piece of verification information corresponding to the file. A second electronic device receives the piece of verification information. An output device reads the piece of verification information, and obtains the file from the server according to the piece of verification information. The output device receives a first verification code via a user interface, determines whether the first verification code matches the piece of verification information, and outputs the paper document of the file when the first verification code matches the piece of verification information. The output device sends a second verification code, generated according to encode data of the file, to the second electronic device for a further verification and deletes the file after the output device output the paper document of the file.
    Type: Grant
    Filed: June 20, 2018
    Date of Patent: June 4, 2019
    Assignee: AVISION INC.
    Inventor: Chun-Chieh Liao
  • Patent number: 10305894
    Abstract: In general, embodiments of the present invention provide systems, methods and computer readable media for providing a user verification service based on analyzing digital fingerprint signals derived from out-of-band data (i.e., data not directly supplied by the user). In some embodiments, a digital fingerprint engine embedded in an app hosted on a client device being accessed by a user reads various device or user data and then creates a set of encoded user verification data representing out-of-band data stored locally on that device. In some embodiments, the user verification data are encoded as hashes generated by a hash function. In some embodiments, the app is configured to contact a business server via the cloud, and the set of digital fingerprints are included in an authorization request transmitted from the client device to the business server.
    Type: Grant
    Filed: October 19, 2015
    Date of Patent: May 28, 2019
    Assignee: AVERON US, INC.
    Inventors: Wendell Brown, Evan Tann
  • Patent number: 10298595
    Abstract: Methods and apparatus are provided for improving both node-based and message-based security in a fiber channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fiber channel network entities into a fiber channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fiber channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.
    Type: Grant
    Filed: December 15, 2014
    Date of Patent: May 21, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Fabio R. Maino, Marco Di Benedetto, Claudio Desanti
  • Patent number: 10296747
    Abstract: Systems and techniques are provided for trust agents. Trust agents may be enabled. A state determination may be received from each of the enabled trust agents. The state determination may indicate either a trusted state or an untrusted state. The received state determinations may be combined to determine a security state. A security measure may be enabled or disabled based on the determined security state.
    Type: Grant
    Filed: October 30, 2017
    Date of Patent: May 21, 2019
    Assignee: Google LLC
    Inventors: James Brooks Miller, Michael Andrew Cleron
  • Patent number: 10277562
    Abstract: In one embodiment, a first device in a network receives intercepted traffic that has been encrypted. The first device decrypts the intercepted traffic and sends the decrypted traffic to one or more analysis devices in the network. The first device receives a message indicative of a result of analysis of the decrypted traffic by the one or more analysis devices.
    Type: Grant
    Filed: December 16, 2016
    Date of Patent: April 30, 2019
    Assignee: Symantec Corporation
    Inventors: Ronald Andrew Frederick, Srinivas Yerra, Tarun Soin
  • Patent number: 10225284
    Abstract: Techniques of obfuscation for enterprise data center services are disclosed. In one embodiment, the techniques may be realized as a system for obfuscation comprising one or more processors. The one or more processors may be configured to receive a command from at least one of a user and an application and determine whether the command is authorized. If the command is determined to be unauthorized, the one or more processors may be further configured to generate a rewritten output of the command that is different from an original output of the command and return the rewritten output in response to the command.
    Type: Grant
    Filed: November 25, 2015
    Date of Patent: March 5, 2019
    Assignee: SYMANTEC CORPORATION
    Inventors: Nathan S. Evans, Azzedine Benameur, Yun Shen
  • Patent number: 10218511
    Abstract: A signature authority generates a master seed value that is used as the root of a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values which are distributed to one or more key generators, each of which generates a set of one-time-use cryptographic keys. Each key generator generates a hash tree from its set of one-time-use cryptographic keys, and the root of its hash tree is returned to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree. The root of the comprehensive hash tree acts as a public key for the signature authority.
    Type: Grant
    Filed: December 23, 2016
    Date of Patent: February 26, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Matthew John Campagna, Gregory Alan Rubin, Nicholas Alexander Allen, Andrew Kyle Driggs, Eric Jason Brandwine
  • Patent number: 10200348
    Abstract: A method is to detect a message compatible with the OTA (Over The Air) standard and affected by a wrong ciphering. The method may include receiving the ciphered OTA message; deciphering the OTA message; and reading a counter field of padding bytes in the deciphered OTA message and reading corresponding padding bytes in the OTA message deciphered. The method may also include detecting at least one bit in at least one of the padding bytes of the OTA message deciphered, with the at least one bit being indicative of the wrong ciphering.
    Type: Grant
    Filed: June 13, 2017
    Date of Patent: February 5, 2019
    Assignee: STMICROELECTRONICS S.R.L.
    Inventors: Agostino Vanore, Vitantonio Di Stasio
  • Patent number: 10148643
    Abstract: A method of authenticating or controlling a software application on an end user device. The method includes selecting a code signing certificate related to an application developer; selecting one or more clean files from a database of known clean files signed with the selected code signing certificate; generating an application developer identification for the application developer on the basis of data extracted from the selected one or more clean files; adding the generated application developer identification to a database of trusted application developer certificates; comparing a signature related to a software application to be installed on an end user device with the application developer identification for authenticating said signature; and in the event that authentication is successful, performing authentication of the software application code and/or controlling installation and/or operation of the software application.
    Type: Grant
    Filed: March 2, 2017
    Date of Patent: December 4, 2018
    Assignee: F-Secure Corporation
    Inventors: Jarno Niemelä, Mikko Hyykoski
  • Patent number: 10142343
    Abstract: In an unauthorized access detecting system, authentication information to be leaked outside is generated. In the unauthorized access detecting system, the generated authentication information is set on an analyzing host, and a program to be analyzed is operated on the analyzing host. In the unauthorized access detecting system, access to a content using the authentication information is detected, and if the access using the authentication information is detected, the access is identified as unauthorized access.
    Type: Grant
    Filed: June 19, 2014
    Date of Patent: November 27, 2018
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Mitsuaki Akiyama, Takeshi Yagi
  • Patent number: 10116452
    Abstract: System and method embodiments are provided for segment integrity and authenticity for adaptive streaming. In an embodiment, the method includes receiving at a data processing system a segment of a media stream, determining, with the data processing system, a digest or a digital signature for the segment, and comparing, with the data processing system, the digest/digital signature to a correct digest or a correct digital signature to determine whether the segment has been modified.
    Type: Grant
    Filed: March 8, 2017
    Date of Patent: October 30, 2018
    Assignee: Futurewei Technologies, Inc.
    Inventors: Alexander Giladi, Xin Wang, Shaobo Zhang, Yongliang Liu
  • Patent number: 10117100
    Abstract: System and method embodiments are provided for accessing a wireless network. The embodiments enable establishing and releasing session resources in a wireless local area network (WLAN) corresponding to packet data network (PDN) connections in a 3 GPP enhanced packet core (EPC). In an embodiment, a method in a network component for establishing a control channel with a user equipment (UE) includes setting up, by the network component, a link layer channel, sending, by the network component, an identifier of the link layer channel to the UE; and communicating, by the network component, with the UE over the link layer channel using a WLAN control protocol (WLCP), wherein the WLAN comprises a trusted WLAN Access Network (TWAN).
    Type: Grant
    Filed: January 2, 2014
    Date of Patent: October 30, 2018
    Assignee: Futurwei Technologies, Inc.
    Inventors: Kaippallimalil Mathew John, Weisheng Jin, Wenruo Zhu
  • Patent number: 10104062
    Abstract: A system that incorporates the subject disclosure may perform, for example, receiving a baseline credential and an external credential, mapping the external credential to the baseline credential in a secure element memory, receiving a request for an authentication from a secure device processor of the communication device where the request for the authentication includes a user credential inputted into the communication device, comparing the user credential with the baseline credential to verify the authentication, and providing the authentication and the external credential to the secure device processor without providing the baseline credential to enable the secure device processor to provide the external credential to an external entity device that is remote from the communication device. Other embodiments are disclosed.
    Type: Grant
    Filed: November 2, 2015
    Date of Patent: October 16, 2018
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Walter Cooper Chastain, Stephen Emille Chin
  • Patent number: 10097520
    Abstract: A method and apparatus for delaying responses to requests in a server are described. Upon receipt, from a client device, of a first request for a resource at a first location, a response that includes a redirection instruction to a second location is transmitted. The response includes a first number of redirects to be completed prior to the first request being fulfilled. Upon receipt of a following request including a number of redirects, the remote server determines whether the number of redirects has been performed. When the number of redirects has not been performed the transmission of the redirection instruction is repeated with a number of redirects smaller than the first number of redirects until the receipt of a request indicating that the number of redirects has been performed. When the number of redirects has been performed the request is fulfilled.
    Type: Grant
    Filed: May 9, 2017
    Date of Patent: October 9, 2018
    Assignee: CLOUDFLARE, INC.
    Inventor: John Graham-Cumming
  • Patent number: 10091221
    Abstract: Systems and methods for account security are provided. In one example embodiment, a first login request including a username and a password is analyzed to identify a first internet protocol (IP) address and a first request time associated with the first login request. A login history comprising login request data for the server computer is analyzed to identify a plurality of usernames, wherein each username of the plurality of usernames is associated with a corresponding login request from the first IP address within a threshold time period of the first request time. In response to determining a login success ratio is below a threshold login success ratio and a number of unique usernames in the analyzed data is above the unique username threshold, the system automatically performs a security action.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: October 2, 2018
    Assignee: Snap Inc.
    Inventor: Jinlin Yang
  • Patent number: 10089245
    Abstract: One method for managing encryption includes identifying an available or a secure mode. During restarts a passphrase must be entered in secure mode but not in available mode. Further, a master key is created for encrypting volume keys, where master and volume encryption keys are not stored in non-volatile memory (NVRAM) nor in disk storage. A half-key is created by encrypting the master key with a secure key, the secure key and the encrypted volume encryption keys being stored in disk storage. The half-key is stored in NVRAM only in available mode but not in secure mode. The master key is recreated during a restart when operating in the available mode by decrypting the NVRAM half-key with the secure key from disk storage. Further, the passphrase must be entered by an operator to recreate the half-key and the master key during a restart in the secure mode.
    Type: Grant
    Filed: May 12, 2016
    Date of Patent: October 2, 2018
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: John Kent Peacock, Tomasz Barszczak, Brian Rowe
  • Patent number: 10051138
    Abstract: An output method and an output device are provided. The output method includes the following steps. A first electronic device sends a file to a server and generates a piece of verification information corresponding to the file. A second electronic device receives the piece of verification information and displays the piece of verification information on screen. An output device reads the piece of verification information displayed by the second electronic device, and obtains the file from the server according to the piece of verification information so as to output a paper document of the file.
    Type: Grant
    Filed: August 11, 2017
    Date of Patent: August 14, 2018
    Assignee: Avision Inc.
    Inventor: Chun-Chieh Liao
  • Patent number: 10050961
    Abstract: A method, performed by an authentication processor of a first network device, includes receiving a first message through a network interface circuit from a second network device. The first message contains a first data unit to be operated upon by the first network device. A second message is received through the network interface circuit from the second network device. The second message contains a reported authentication token for the second network device and a second data unit to be operated upon by the first network device. The first message is received before receipt of the second message. A check authentication token is generated based on hashing the first data unit. A command that controls operation of the first network device is selectively performed on the second data unit based on whether the check authentication token matches the reported authentication token.
    Type: Grant
    Filed: January 21, 2016
    Date of Patent: August 14, 2018
    Assignee: CA, INC.
    Inventors: Jameel Ahmed Kaladgi, Praveen Kumar Thakur, Kiran Kumar B. S.
  • Patent number: 10044551
    Abstract: Embodiments relate to providing a secure management agent for high-availability continuity for cloud systems. An aspect includes receiving operating parameters and threshold settings for a plurality of computing clouds. Secure relationships are established with the plurality of computing clouds based on the operating parameters. Data is mirrored across the plurality of computing clouds. Threshold data is then monitored for the plurality of computing clouds to maintain a continuity of resources for the plurality of computing clouds.
    Type: Grant
    Filed: August 10, 2016
    Date of Patent: August 7, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Tara Astigarraga, Louie A. Dickens, Michael E. Starling, Daniel J. Winarski
  • Patent number: 10042780
    Abstract: A method and system for protecting the integrity of a memory system. An age counter and an opportunity counter are provided for each of multiple memory blocks. An epoch counter is provided for the memory system. Data is written in a selected memory block which increases the local sequence number of the selected memory block. The opportunity counter for the selected memory block is updated if the local sequence number of the selected memory block rolls over. A message authentication code (MAC) is generated in the selected memory block based on a global sequence number and the local sequence number. The age counter and the opportunity counter are updated for memory blocks when the opportunity counter for the memory blocks matches the LSB of the epoch counter. A new MAC is generator for any memory block for which the updating is performed.
    Type: Grant
    Filed: May 20, 2016
    Date of Patent: August 7, 2018
    Assignee: Synopsys, Inc.
    Inventor: Michael Kenneth Bowler
  • Patent number: 10044550
    Abstract: Embodiments relate to providing a secure management agent for high-availability continuity for cloud systems. An aspect includes receiving operating parameters and threshold settings for a plurality of computing clouds. Secure relationships are established with the plurality of computing clouds based on the operating parameters. Data is mirrored across the plurality of computing clouds. Threshold data is then monitored for the plurality of computing clouds to maintain a continuity of resources for the plurality of computing clouds.
    Type: Grant
    Filed: August 10, 2016
    Date of Patent: August 7, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Tara Astigarraga, Louie A. Dickens, Michael E. Starling, Daniel J. Winarski
  • Patent number: 10037216
    Abstract: Systems and methods for disabling one or more plugins associated with a browser application are provided. In one exemplary method, a plugin is installed on an electronic device, and the device receives data from a data source, where that data is associated with the installed plugin. Whether the installed plugin meets a disabling criteria is determined. In accordance with a determination that that the installed plugin meets a disabling criteria: performance of a function with the installed plugin is foregone; and it is reported to the data source that the installed plugin is not installed on the electronic device. In accordance with a determination that the installed plugin does not meet the disabling criteria, the function is performed with the installed plugin.
    Type: Grant
    Filed: September 24, 2015
    Date of Patent: July 31, 2018
    Assignee: APPLE INC.
    Inventors: Kevin Decker, Conrad Shultz, Steven Falkenburg, Darin Adler, Richard Mondello, Craig M. Federighi, Patrick L. Coffman, Jessie Berlin
  • Patent number: 10027705
    Abstract: The real-time cyber threat indicator verification mechanism technology (hereinafter “TIVM”) instantiates one or more virtual client emulators to access a source of a threat, in response to a received threat indicator, so as to evaluate validity and/or severity of the potential threat. In one embodiment, the TIVM may receive a cyber threat indicator having identifying information of a cyber threat source; instantiate, in response to the cyber threat indicator, a virtual client emulator; send a control message to cause the virtual client emulator to interact with the cyber threat source based on the identifying information; obtain a confidence indicator relating to the cyber threat indicator based on interaction between the virtual client emulator and the cyber threat source; and generate a cyber threat indicator confirmation report including the confidence indicator.
    Type: Grant
    Filed: March 13, 2017
    Date of Patent: July 17, 2018
    Assignee: Lookingglass Cyber Solutions, Inc.
    Inventors: Christopher D. Coleman, Allan Thomson, Jason A. Lewis
  • Patent number: 9967089
    Abstract: A secure and change-tolerant method for obtaining an identifier for a collection of assets associated with a computing environment. Each asset has an asset parameter and the computing environment has a fingerprint based on an original collection of assets and on a codeword generation algorithm on the original collection of assets. The method comprises: retrieving the asset parameters of the collection of assets and processing the retrieved asset parameters to obtain code symbols. An error-correction algorithm is applied to the code symbols to obtain the identifier. The method can be used in node-locking.
    Type: Grant
    Filed: March 15, 2011
    Date of Patent: May 8, 2018
    Assignee: IRDETO B.V.
    Inventors: Fan Zhang, Andrew Augustine Wajs
  • Patent number: 9934412
    Abstract: In one embodiment, a data storage client may establish a virtual replay protected storage system with an agnostic data storage. The virtual replay protected storage system may maintain a trusted counter and a secret key in a trusted client environment. The virtual replay protected storage system may encode a hash message authentication code signature based on the trusted counter, the secret key, and a data set. The virtual replay protected storage system may send a write request of the data set with the hash message authentication code signature to an agnostic data storage.
    Type: Grant
    Filed: June 23, 2015
    Date of Patent: April 3, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yevgeniy A. Samsonov, Kinshuman Kinshumann
  • Patent number: 9935995
    Abstract: A technique allows a client computer with a web browser to receive a web page having active content in response to transmitting a request for content. The active content includes a signature and a set of attributes associated with a web domain. The web browser can interpret the signature and the set of attributes as formatted in the active content. Validation of the signature and the set of attributes can be in a secure mode through a secure enclave module.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: April 3, 2018
    Assignee: McAfee, LLC
    Inventors: Venkata Ramanan Sambandam, Simon Hunt
  • Patent number: 9917699
    Abstract: A physical unclonable function (PUF) imaged through two faces is disclosed. The PUF is difficult to counterfeit because the view through both faces must be duplicated for a successful counterfeit. PUF may be incorporated into a user-replaceable supply item for an imaging device. A PUF reader may be incorporated into an imaging device to read the PUF. Other systems and methods are disclosed.
    Type: Grant
    Filed: October 9, 2015
    Date of Patent: March 13, 2018
    Assignee: Lexmark International, Inc.
    Inventors: James Ronald Booth, Roger Steven Cannon, Gary Allen Denton, James Paul Drummond, Kelly Ann Killeen
  • Patent number: 9916438
    Abstract: A system for detecting user credentials comprising an interface and a processor. The interface is configured to receive a plurality of data chunks. The processor is configured to determine a number of continuous bytes in the plurality of data chunks having appropriate values and, in the event that the number of the continuous bytes is greater than or equal to a threshold number of bytes, determine whether continuous byte data of the continuous bytes comprises a credential.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: March 13, 2018
    Assignee: GitHub, Inc.
    Inventor: Vicent Marti
  • Patent number: RE47019
    Abstract: A method, computer readable medium, and device for providing authenticated domain name service includes forwarding at a traffic management device a request for a domain name from a client device to one or more servers coupled to the traffic management device. The traffic management device receives a first response comprising at least a portion of the domain name from the one or more servers. The traffic management device attaches a first signature to the first response when the first response is determined by the traffic management device to be an unauthenticated response, and provides the first response with the first signature to the client device.
    Type: Grant
    Filed: October 5, 2016
    Date of Patent: August 28, 2018
    Assignee: F5 Networks, Inc.
    Inventors: Peter M. Thornewell, Christopher R. Baker