Data Authentication Patents (Class 713/161)
  • Patent number: 10277562
    Abstract: In one embodiment, a first device in a network receives intercepted traffic that has been encrypted. The first device decrypts the intercepted traffic and sends the decrypted traffic to one or more analysis devices in the network. The first device receives a message indicative of a result of analysis of the decrypted traffic by the one or more analysis devices.
    Type: Grant
    Filed: December 16, 2016
    Date of Patent: April 30, 2019
    Assignee: Symantec Corporation
    Inventors: Ronald Andrew Frederick, Srinivas Yerra, Tarun Soin
  • Patent number: 10225284
    Abstract: Techniques of obfuscation for enterprise data center services are disclosed. In one embodiment, the techniques may be realized as a system for obfuscation comprising one or more processors. The one or more processors may be configured to receive a command from at least one of a user and an application and determine whether the command is authorized. If the command is determined to be unauthorized, the one or more processors may be further configured to generate a rewritten output of the command that is different from an original output of the command and return the rewritten output in response to the command.
    Type: Grant
    Filed: November 25, 2015
    Date of Patent: March 5, 2019
    Assignee: SYMANTEC CORPORATION
    Inventors: Nathan S. Evans, Azzedine Benameur, Yun Shen
  • Patent number: 10218511
    Abstract: A signature authority generates a master seed value that is used as the root of a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values which are distributed to one or more key generators, each of which generates a set of one-time-use cryptographic keys. Each key generator generates a hash tree from its set of one-time-use cryptographic keys, and the root of its hash tree is returned to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree. The root of the comprehensive hash tree acts as a public key for the signature authority.
    Type: Grant
    Filed: December 23, 2016
    Date of Patent: February 26, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Matthew John Campagna, Gregory Alan Rubin, Nicholas Alexander Allen, Andrew Kyle Driggs, Eric Jason Brandwine
  • Patent number: 10200348
    Abstract: A method is to detect a message compatible with the OTA (Over The Air) standard and affected by a wrong ciphering. The method may include receiving the ciphered OTA message; deciphering the OTA message; and reading a counter field of padding bytes in the deciphered OTA message and reading corresponding padding bytes in the OTA message deciphered. The method may also include detecting at least one bit in at least one of the padding bytes of the OTA message deciphered, with the at least one bit being indicative of the wrong ciphering.
    Type: Grant
    Filed: June 13, 2017
    Date of Patent: February 5, 2019
    Assignee: STMICROELECTRONICS S.R.L.
    Inventors: Agostino Vanore, Vitantonio Di Stasio
  • Patent number: 10148643
    Abstract: A method of authenticating or controlling a software application on an end user device. The method includes selecting a code signing certificate related to an application developer; selecting one or more clean files from a database of known clean files signed with the selected code signing certificate; generating an application developer identification for the application developer on the basis of data extracted from the selected one or more clean files; adding the generated application developer identification to a database of trusted application developer certificates; comparing a signature related to a software application to be installed on an end user device with the application developer identification for authenticating said signature; and in the event that authentication is successful, performing authentication of the software application code and/or controlling installation and/or operation of the software application.
    Type: Grant
    Filed: March 2, 2017
    Date of Patent: December 4, 2018
    Assignee: F-Secure Corporation
    Inventors: Jarno Niemelä, Mikko Hyykoski
  • Patent number: 10142343
    Abstract: In an unauthorized access detecting system, authentication information to be leaked outside is generated. In the unauthorized access detecting system, the generated authentication information is set on an analyzing host, and a program to be analyzed is operated on the analyzing host. In the unauthorized access detecting system, access to a content using the authentication information is detected, and if the access using the authentication information is detected, the access is identified as unauthorized access.
    Type: Grant
    Filed: June 19, 2014
    Date of Patent: November 27, 2018
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Mitsuaki Akiyama, Takeshi Yagi
  • Patent number: 10116452
    Abstract: System and method embodiments are provided for segment integrity and authenticity for adaptive streaming. In an embodiment, the method includes receiving at a data processing system a segment of a media stream, determining, with the data processing system, a digest or a digital signature for the segment, and comparing, with the data processing system, the digest/digital signature to a correct digest or a correct digital signature to determine whether the segment has been modified.
    Type: Grant
    Filed: March 8, 2017
    Date of Patent: October 30, 2018
    Assignee: Futurewei Technologies, Inc.
    Inventors: Alexander Giladi, Xin Wang, Shaobo Zhang, Yongliang Liu
  • Patent number: 10117100
    Abstract: System and method embodiments are provided for accessing a wireless network. The embodiments enable establishing and releasing session resources in a wireless local area network (WLAN) corresponding to packet data network (PDN) connections in a 3 GPP enhanced packet core (EPC). In an embodiment, a method in a network component for establishing a control channel with a user equipment (UE) includes setting up, by the network component, a link layer channel, sending, by the network component, an identifier of the link layer channel to the UE; and communicating, by the network component, with the UE over the link layer channel using a WLAN control protocol (WLCP), wherein the WLAN comprises a trusted WLAN Access Network (TWAN).
    Type: Grant
    Filed: January 2, 2014
    Date of Patent: October 30, 2018
    Assignee: Futurwei Technologies, Inc.
    Inventors: Kaippallimalil Mathew John, Weisheng Jin, Wenruo Zhu
  • Patent number: 10104062
    Abstract: A system that incorporates the subject disclosure may perform, for example, receiving a baseline credential and an external credential, mapping the external credential to the baseline credential in a secure element memory, receiving a request for an authentication from a secure device processor of the communication device where the request for the authentication includes a user credential inputted into the communication device, comparing the user credential with the baseline credential to verify the authentication, and providing the authentication and the external credential to the secure device processor without providing the baseline credential to enable the secure device processor to provide the external credential to an external entity device that is remote from the communication device. Other embodiments are disclosed.
    Type: Grant
    Filed: November 2, 2015
    Date of Patent: October 16, 2018
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Walter Cooper Chastain, Stephen Emille Chin
  • Patent number: 10097520
    Abstract: A method and apparatus for delaying responses to requests in a server are described. Upon receipt, from a client device, of a first request for a resource at a first location, a response that includes a redirection instruction to a second location is transmitted. The response includes a first number of redirects to be completed prior to the first request being fulfilled. Upon receipt of a following request including a number of redirects, the remote server determines whether the number of redirects has been performed. When the number of redirects has not been performed the transmission of the redirection instruction is repeated with a number of redirects smaller than the first number of redirects until the receipt of a request indicating that the number of redirects has been performed. When the number of redirects has been performed the request is fulfilled.
    Type: Grant
    Filed: May 9, 2017
    Date of Patent: October 9, 2018
    Assignee: CLOUDFLARE, INC.
    Inventor: John Graham-Cumming
  • Patent number: 10091221
    Abstract: Systems and methods for account security are provided. In one example embodiment, a first login request including a username and a password is analyzed to identify a first internet protocol (IP) address and a first request time associated with the first login request. A login history comprising login request data for the server computer is analyzed to identify a plurality of usernames, wherein each username of the plurality of usernames is associated with a corresponding login request from the first IP address within a threshold time period of the first request time. In response to determining a login success ratio is below a threshold login success ratio and a number of unique usernames in the analyzed data is above the unique username threshold, the system automatically performs a security action.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: October 2, 2018
    Assignee: Snap Inc.
    Inventor: Jinlin Yang
  • Patent number: 10089245
    Abstract: One method for managing encryption includes identifying an available or a secure mode. During restarts a passphrase must be entered in secure mode but not in available mode. Further, a master key is created for encrypting volume keys, where master and volume encryption keys are not stored in non-volatile memory (NVRAM) nor in disk storage. A half-key is created by encrypting the master key with a secure key, the secure key and the encrypted volume encryption keys being stored in disk storage. The half-key is stored in NVRAM only in available mode but not in secure mode. The master key is recreated during a restart when operating in the available mode by decrypting the NVRAM half-key with the secure key from disk storage. Further, the passphrase must be entered by an operator to recreate the half-key and the master key during a restart in the secure mode.
    Type: Grant
    Filed: May 12, 2016
    Date of Patent: October 2, 2018
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: John Kent Peacock, Tomasz Barszczak, Brian Rowe
  • Patent number: 10051138
    Abstract: An output method and an output device are provided. The output method includes the following steps. A first electronic device sends a file to a server and generates a piece of verification information corresponding to the file. A second electronic device receives the piece of verification information and displays the piece of verification information on screen. An output device reads the piece of verification information displayed by the second electronic device, and obtains the file from the server according to the piece of verification information so as to output a paper document of the file.
    Type: Grant
    Filed: August 11, 2017
    Date of Patent: August 14, 2018
    Assignee: Avision Inc.
    Inventor: Chun-Chieh Liao
  • Patent number: 10050961
    Abstract: A method, performed by an authentication processor of a first network device, includes receiving a first message through a network interface circuit from a second network device. The first message contains a first data unit to be operated upon by the first network device. A second message is received through the network interface circuit from the second network device. The second message contains a reported authentication token for the second network device and a second data unit to be operated upon by the first network device. The first message is received before receipt of the second message. A check authentication token is generated based on hashing the first data unit. A command that controls operation of the first network device is selectively performed on the second data unit based on whether the check authentication token matches the reported authentication token.
    Type: Grant
    Filed: January 21, 2016
    Date of Patent: August 14, 2018
    Assignee: CA, INC.
    Inventors: Jameel Ahmed Kaladgi, Praveen Kumar Thakur, Kiran Kumar B. S.
  • Patent number: 10044551
    Abstract: Embodiments relate to providing a secure management agent for high-availability continuity for cloud systems. An aspect includes receiving operating parameters and threshold settings for a plurality of computing clouds. Secure relationships are established with the plurality of computing clouds based on the operating parameters. Data is mirrored across the plurality of computing clouds. Threshold data is then monitored for the plurality of computing clouds to maintain a continuity of resources for the plurality of computing clouds.
    Type: Grant
    Filed: August 10, 2016
    Date of Patent: August 7, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Tara Astigarraga, Louie A. Dickens, Michael E. Starling, Daniel J. Winarski
  • Patent number: 10042780
    Abstract: A method and system for protecting the integrity of a memory system. An age counter and an opportunity counter are provided for each of multiple memory blocks. An epoch counter is provided for the memory system. Data is written in a selected memory block which increases the local sequence number of the selected memory block. The opportunity counter for the selected memory block is updated if the local sequence number of the selected memory block rolls over. A message authentication code (MAC) is generated in the selected memory block based on a global sequence number and the local sequence number. The age counter and the opportunity counter are updated for memory blocks when the opportunity counter for the memory blocks matches the LSB of the epoch counter. A new MAC is generator for any memory block for which the updating is performed.
    Type: Grant
    Filed: May 20, 2016
    Date of Patent: August 7, 2018
    Assignee: Synopsys, Inc.
    Inventor: Michael Kenneth Bowler
  • Patent number: 10044550
    Abstract: Embodiments relate to providing a secure management agent for high-availability continuity for cloud systems. An aspect includes receiving operating parameters and threshold settings for a plurality of computing clouds. Secure relationships are established with the plurality of computing clouds based on the operating parameters. Data is mirrored across the plurality of computing clouds. Threshold data is then monitored for the plurality of computing clouds to maintain a continuity of resources for the plurality of computing clouds.
    Type: Grant
    Filed: August 10, 2016
    Date of Patent: August 7, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Tara Astigarraga, Louie A. Dickens, Michael E. Starling, Daniel J. Winarski
  • Patent number: 10037216
    Abstract: Systems and methods for disabling one or more plugins associated with a browser application are provided. In one exemplary method, a plugin is installed on an electronic device, and the device receives data from a data source, where that data is associated with the installed plugin. Whether the installed plugin meets a disabling criteria is determined. In accordance with a determination that that the installed plugin meets a disabling criteria: performance of a function with the installed plugin is foregone; and it is reported to the data source that the installed plugin is not installed on the electronic device. In accordance with a determination that the installed plugin does not meet the disabling criteria, the function is performed with the installed plugin.
    Type: Grant
    Filed: September 24, 2015
    Date of Patent: July 31, 2018
    Assignee: APPLE INC.
    Inventors: Kevin Decker, Conrad Shultz, Steven Falkenburg, Darin Adler, Richard Mondello, Craig M. Federighi, Patrick L. Coffman, Jessie Berlin
  • Patent number: 10027705
    Abstract: The real-time cyber threat indicator verification mechanism technology (hereinafter “TIVM”) instantiates one or more virtual client emulators to access a source of a threat, in response to a received threat indicator, so as to evaluate validity and/or severity of the potential threat. In one embodiment, the TIVM may receive a cyber threat indicator having identifying information of a cyber threat source; instantiate, in response to the cyber threat indicator, a virtual client emulator; send a control message to cause the virtual client emulator to interact with the cyber threat source based on the identifying information; obtain a confidence indicator relating to the cyber threat indicator based on interaction between the virtual client emulator and the cyber threat source; and generate a cyber threat indicator confirmation report including the confidence indicator.
    Type: Grant
    Filed: March 13, 2017
    Date of Patent: July 17, 2018
    Assignee: Lookingglass Cyber Solutions, Inc.
    Inventors: Christopher D. Coleman, Allan Thomson, Jason A. Lewis
  • Patent number: 9967089
    Abstract: A secure and change-tolerant method for obtaining an identifier for a collection of assets associated with a computing environment. Each asset has an asset parameter and the computing environment has a fingerprint based on an original collection of assets and on a codeword generation algorithm on the original collection of assets. The method comprises: retrieving the asset parameters of the collection of assets and processing the retrieved asset parameters to obtain code symbols. An error-correction algorithm is applied to the code symbols to obtain the identifier. The method can be used in node-locking.
    Type: Grant
    Filed: March 15, 2011
    Date of Patent: May 8, 2018
    Assignee: IRDETO B.V.
    Inventors: Fan Zhang, Andrew Augustine Wajs
  • Patent number: 9934412
    Abstract: In one embodiment, a data storage client may establish a virtual replay protected storage system with an agnostic data storage. The virtual replay protected storage system may maintain a trusted counter and a secret key in a trusted client environment. The virtual replay protected storage system may encode a hash message authentication code signature based on the trusted counter, the secret key, and a data set. The virtual replay protected storage system may send a write request of the data set with the hash message authentication code signature to an agnostic data storage.
    Type: Grant
    Filed: June 23, 2015
    Date of Patent: April 3, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yevgeniy A. Samsonov, Kinshuman Kinshumann
  • Patent number: 9935995
    Abstract: A technique allows a client computer with a web browser to receive a web page having active content in response to transmitting a request for content. The active content includes a signature and a set of attributes associated with a web domain. The web browser can interpret the signature and the set of attributes as formatted in the active content. Validation of the signature and the set of attributes can be in a secure mode through a secure enclave module.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: April 3, 2018
    Assignee: McAfee, LLC
    Inventors: Venkata Ramanan Sambandam, Simon Hunt
  • Patent number: 9917699
    Abstract: A physical unclonable function (PUF) imaged through two faces is disclosed. The PUF is difficult to counterfeit because the view through both faces must be duplicated for a successful counterfeit. PUF may be incorporated into a user-replaceable supply item for an imaging device. A PUF reader may be incorporated into an imaging device to read the PUF. Other systems and methods are disclosed.
    Type: Grant
    Filed: October 9, 2015
    Date of Patent: March 13, 2018
    Assignee: Lexmark International, Inc.
    Inventors: James Ronald Booth, Roger Steven Cannon, Gary Allen Denton, James Paul Drummond, Kelly Ann Killeen
  • Patent number: 9916438
    Abstract: A system for detecting user credentials comprising an interface and a processor. The interface is configured to receive a plurality of data chunks. The processor is configured to determine a number of continuous bytes in the plurality of data chunks having appropriate values and, in the event that the number of the continuous bytes is greater than or equal to a threshold number of bytes, determine whether continuous byte data of the continuous bytes comprises a credential.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: March 13, 2018
    Assignee: GitHub, Inc.
    Inventor: Vicent Marti
  • Patent number: 9917858
    Abstract: Systems and methods of managing the security of a networked environment based on activity associated with deployed pseudo-accounts are presented. In one embodiment, a plurality of pseudo-accounts are deployed in one or more networks, domains, or virtual machines and activity associated with the pseudo-accounts is collected to identify security risks to facilitate remediation and mitigation.
    Type: Grant
    Filed: April 1, 2015
    Date of Patent: March 13, 2018
    Assignee: Rapid7, Inc.
    Inventors: Matthew Robert Hathaway, Samuel Adams, Jonathan Kelly
  • Patent number: 9876879
    Abstract: Disclosed are various embodiments for distributed generation of network pages from portions of network pages. A first request for a network page is obtained. A second request for a network page portion is sent to a server application. The second request includes a protocol header that specifies a base uniform resource locator (URL). The network page portion is obtained from the server application. The network page portion is based at least in part on the base URL. The network page is generated from the network page portion and other data.
    Type: Grant
    Filed: December 29, 2014
    Date of Patent: January 23, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: William Haywood Warner, Jeremy Boynes, Shaun M. Vickers, Wisam Z. Yasen
  • Patent number: 9870116
    Abstract: A method for controlling actions for browser extensions includes registering, at a browser process module, a list of one or more rules from a browser extension, where the rules define one or more conditions and one or more corresponding actions to take when the conditions are satisfied. A renderer process module that is in communication with the browser process module applies the conditions to content of web pages rendered in the browser application. The renderer process module determines whether any of the conditions are satisfied by the content of the web pages rendered in the browser application using the renderer process module. The browser process module or the renderer process module performs the actions defined in the rules in response to at least one of the conditions defined in the rules being satisfied.
    Type: Grant
    Filed: December 9, 2013
    Date of Patent: January 16, 2018
    Assignee: GOOGLE LLC
    Inventor: Jeffrey Yasskin
  • Patent number: 9832123
    Abstract: One embodiment provides a system that facilitates efficient and secure transportation of content. An intermediate node receives a packet that corresponds to a fragment of a content object message that is fragmented into a plurality of fragments. One or more fragments of the plurality of fragments indicate a unique name that is a hierarchically structured variable-length identifier that comprises contiguous name components ordered from a most general level to a most specific level. The received fragment indicates an intermediate state which is based on a hash function performed on an intermediate state from a previous fragment and data included in the received fragment. In response to determining that the received fragment is a first fragment, the system identifies a first entry in a pending interest table for an interest with a name that is based on a hash of a content object and that corresponds to the first fragment.
    Type: Grant
    Filed: September 11, 2015
    Date of Patent: November 28, 2017
    Assignee: Cisco Technology, Inc.
    Inventors: Marc E. Mosko, Christopher A. Wood
  • Patent number: 9804745
    Abstract: Stacked tab views are described. A computing device can display multiple content panes in a web browser window. Each content pane can correspond to a different web site. The content panes can be arranged in a visual stack, where content pane are positioned one in front of another in a three-dimensional view. In the three-dimensional view, a distance between content panes can appear to separate the content panes. Each content pane can display snapshot image of content of a web site. The content panes can be used in place of tabs for navigating between web pages.
    Type: Grant
    Filed: March 5, 2014
    Date of Patent: October 31, 2017
    Assignee: Apple Inc.
    Inventors: Chanaka G. Karunamuni, Ian M. Henderson, Paul Russell Knight, Anthony D'Auria
  • Patent number: 9805201
    Abstract: Systems and techniques are provided for trust agents. Trust agents may be enabled. A state determination may be received from each of the enabled trust agents. The state determination may indicate either a trusted state or an untrusted state. The received state determinations may be combined to determine a security state. A security measure may be enabled or disabled based on the determined security state.
    Type: Grant
    Filed: June 23, 2014
    Date of Patent: October 31, 2017
    Assignee: Google Inc.
    Inventors: James Brooks Miller, Michael Andrew Cleron
  • Patent number: 9785772
    Abstract: Features are disclosed for facilitating remote management of browser add-ons on multiple user computing devices from a centralized add-on management system. A browser application on the user computing devices may include an integrated application programming interface that can be remotely accessed by the add-on management system. In some embodiments, a management add-on or some other object that is separate from or otherwise not integrated with the browsing application may be used to facilitate the remote management of add-ons. Management of add-ons may include permitting and/or blocking installation and/or execution of particular add-ons on a case-by-case basis. The determination may be based on user permissions, add-on characteristics, observed execution of add-ons, and the like.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: October 10, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Jesper Mikael Johansson, Leon Robert Warman
  • Patent number: 9787677
    Abstract: A method and apparatus for authenticating packets in a controller area network (CAN) are disclosed. The method includes transmitting messages using a mixture of message authentication codes (MACs) in a controller area network (CAN). In addition, a first MAC is generated using a first message and the first MAC is divided into a first MAC part and a second MAC part. A second MAC is generated using a second message and the second MAC is divided into a third MAC part and a fourth MAC part. A linear operation is performed between the second MAC part and the third MAC part to generate a first authentication MAC. The first message is transmitted with the first MAC part and the second message is transmitted with the first authentication MAC.
    Type: Grant
    Filed: February 26, 2015
    Date of Patent: October 10, 2017
    Assignees: Hyundai Motor Company, Kia Motors Corporation, SNU R&DB Foundation, Industry-Academic Cooperation Foundation, Chosun University
    Inventors: Ho Jin Jung, Chung Hi Lee, Ho Yoo, Byoung Wook Lee, Hyun Soo Ahn, Ho Youn Kim, Young Sik Moon, Jun Young Woo, Young Sik Kim, Kang Seok Lee, Jong Seon No
  • Patent number: 9769131
    Abstract: An example method includes receiving an indication of a selection of a first application environment that includes a first virtual environment associated with a first security domain and is configured to isolate execution of software applications within the first application environment, suspending execution of a second application environment that includes a second virtual environment associated with a second security domain different from the first security domain, initiating execution of the first application environment, identifying information associated with the first security domain and provided by the first application environment that is to be sent to an external computing device associated with the first security domain, selecting communication network(s) from one or more communication networks that are each available to the mobile computing device for data communication, encrypting, based on the first security domain and network(s), the information, and sending, to the external computing device via
    Type: Grant
    Filed: August 2, 2016
    Date of Patent: September 19, 2017
    Assignee: Architecture Technology Corporation
    Inventors: Timothy Hartley, Ranga Ramanujan, Jafar Al-Gharaibeh
  • Patent number: 9768613
    Abstract: In one embodiment, a layered/distributed grid-specific network services system comprises grid sensors in the utility grid configured to generate grid data values such as raw grid data values, processed grid data values, and/or any combination thereof, and to communicate the grid data values using a communication network. Distributed grid devices in the utility grid may be configured to receive the grid data values, and one or more of the grid devices may be configured to convert raw grid data values into processed grid data values. Application devices in the utility grid may be configured to access the grid data values from the distributed grid devices, and to further process the grid data values according to a particular grid application operating at the corresponding application device into application data values.
    Type: Grant
    Filed: May 30, 2012
    Date of Patent: September 19, 2017
    Assignee: Cisco Technology, Inc.
    Inventor: Jeffrey D. Taft
  • Patent number: 9762601
    Abstract: An anomaly detection system is provided in connection with a transport service. The anomaly detection system can construct routine route profiles for individual users of the transport service using historical route data. The anomaly detection system can monitor a current route traveled by a user. The anomaly detection system can further identify a matching routine route profile of the respective user. The anomaly detection system can utilize the matching routine route profile to identify a probable anomaly in the current route. In response to detecting the probable anomaly, the anomaly detection system can enable a safety protocol to perform a number of actions.
    Type: Grant
    Filed: June 17, 2015
    Date of Patent: September 12, 2017
    Assignee: Uber Technologies, Inc.
    Inventors: Michael Truong, David Purdy, Rami Mawas
  • Patent number: 9740840
    Abstract: Techniques are generally described for user authentication. Example techniques may include providing a data set including audio data and image data, wherein the audio data includes voice recordings of multiple people, wherein the image data includes at least a facial image of at least one of the multiple people, receiving a response to the data set from a user device, and determining whether the received response corresponds to at least a part of content of the voice recording of the one of the multiple people whose facial image is included in the image data.
    Type: Grant
    Filed: January 27, 2014
    Date of Patent: August 22, 2017
    Assignee: EMPIRE TECHNOLOGY DEVELOPMENT LLC
    Inventors: Tsutomu Miyasato, Noriaki Kuwahara, Rieko Kadobayashi, Masataka Ohira, Noriaki Mitsunaga
  • Patent number: 9723074
    Abstract: The backup-in-the-middle primary-backup configuration is created by placing a backup-in-the-middle forwarder in the routing path between the primary and the environment. The backup-in-the-middle forwarder intercepts output messages along with required state information sent by the primary to the environment. The backup-in-the-middle forwarder backs up the primary by updating its state information and forwards the output packets to the environment.
    Type: Grant
    Filed: November 15, 2011
    Date of Patent: August 1, 2017
    Assignee: Alcatel Lucent
    Inventors: Kedar Namjoshi, Pramod Koppol, Athanasios Stathopoulos, Gordon T. Wilfong
  • Patent number: 9720641
    Abstract: A music distribution server according to an embodiment provides a service in which users can easily enjoy digital contents. The server may include an information storage unit storing various tables and data bases, a playback transmission unit transmitting, in response to playback requests, music data to a terminal device in a streaming method, and a purchase transmission unit transmitting, in response to a purchase request, the music data to the terminal device in a downloading method, a ticket possession status update unit updating a possession status of virtual tickets used for playback of the music data possessed by users, a ticket providing unit providing the virtual tickets to users, a comment management unit managing users' comments on music pieces, a recommendation management unit managing recommendation of music pieces by one user to other users, and a ticket offer management unit offering the virtual tickets from one user to other users.
    Type: Grant
    Filed: September 13, 2013
    Date of Patent: August 1, 2017
    Inventors: Takayasu Satake, Wataru Kawasaki, Mamoru Yamashiki
  • Patent number: 9715591
    Abstract: Methods and apparatus for validating a system include reading protected record data for a section of the system from a secure storage element, and verifying integrity of the section of the system using the record data. The secure storage element independently verifies that all record data and data to be written to the system is valid.
    Type: Grant
    Filed: July 30, 2012
    Date of Patent: July 25, 2017
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventor: Marvin D Nelson
  • Patent number: 9716694
    Abstract: An encryption method for packaging, encrypting, and transmitting a plurality of contents included in a web application to a communication device, the encryption method includes: acquiring performance information relating to performance of the communication device; determining, by circuitry, an encryption algorithm to be applied to each of the plurality of contents, based on the performance information; performing first encryption processing on the plurality of contents using the encryption algorithm respectively; performing second encryption processing on identification information that identifies the encryption algorithm used for the plurality of contents respectively; packaging encrypted contents and encrypted identification information, the encrypted identification information being stored in a location specified by the communication device; and transmitting the encrypted contents and the encrypted identification information, which are packaged, to the communication device.
    Type: Grant
    Filed: July 6, 2015
    Date of Patent: July 25, 2017
    Assignee: FUJITSU LIMITED
    Inventors: Koichi Yasaki, Hidenobu Ito, Takuya Sakamoto, Yosuke Nakamura, Kazuaki Nimura
  • Patent number: 9710658
    Abstract: Described herein is a computing platform incorporating a trusted entity, which is controllable to perform cryptographic operations using selected ones of a plurality of cryptographic algorithms and associated parameters, the entity being programmed to record mode of operation information, which is characterized by the algorithms and associated parameters that are selected to perform an operation.
    Type: Grant
    Filed: March 6, 2015
    Date of Patent: July 18, 2017
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Valiuddin Y. Ali, Graeme John Proudler
  • Patent number: 9699203
    Abstract: Systems and methods for account security are provided. In one example embodiment, a first login request including a username and a password is analyzed to identify a first internet protocol (IP) address and a first request time associated with the first login request. A login history comprising login request data for the server computer is analyzed to identify a plurality of usernames, wherein each username of the plurality of usernames is associated with a corresponding login request from the first IP address within a threshold time period of the first request time. In response to determining a login success ratio is below a threshold login success ratio and a number of unique usernames in the analyzed data is above the unique username threshold, the system automatically performs a security action.
    Type: Grant
    Filed: September 22, 2015
    Date of Patent: July 4, 2017
    Assignee: Snap Inc.
    Inventor: Jinlin Yang
  • Patent number: 9692787
    Abstract: A system includes a processor configured to execute a web browser in a first browser execution process initiated by an operating system of the system. The system includes a browser extension installed in the web browser, the browser extension including a markup language file and a file specifying at least one type of action related to a page element on which the browser extension seeks to act. The web browser may be configured to receive a set of rules from a web publisher associated with a first web page prior to rendering the first web page, determine based on the file, without loading the browser extension, that the browser extension is configured to implement a first action prohibited by the set of rules, and restrict the browser extension from implementing the first action on the first web page.
    Type: Grant
    Filed: January 16, 2014
    Date of Patent: June 27, 2017
    Assignee: Google Inc.
    Inventors: Craig Warner, Luke Stone, Timothy Wong O'Connor, Elysa Fenenbock, Ronit Kassis
  • Patent number: 9686303
    Abstract: A Web page vulnerability detection method and apparatus are described, where the method can receive a vulnerability detection task for performing vulnerability detection on a to-be-detected target Web page; acquiring a configuration file corresponding to the vulnerability according to the vulnerability detection task. The vulnerability detection task being is at least used to indicate a vulnerability that needs to be detected, and the configuration file includes a matching condition used to match the to-be-detected target Web page in to-be-detected Web pages and indication information of a test sample used to perform vulnerability detection on the to-be-detected target Web page. The method also detects whether the vulnerability indicated by the configuration file exists on the to-be-detected target Web page by using the configuration file.
    Type: Grant
    Filed: June 10, 2015
    Date of Patent: June 20, 2017
    Assignee: Tencent Technology (Shenzhen) Company Limited
    Inventor: Jiacai Weng
  • Patent number: 9686243
    Abstract: A method and apparatus for encrypted universal resource identifier (URI) based messaging is described. In one embodiment of the method, a server computing system receives an encrypted message from a first client computing system over a network, decrypts the encrypted message, stores the decrypted message in a message data store, and generates a shortened uniform resource locator (URL) for subsequent retrieval of the stored message. The server computing system sends the shortened URL to the first client computing system. Subsequently, the server computing system receives from a requesting computing system, a request, including the shortened URL, to retrieve the stored message, encrypts the stored message in a uniform resource identifier (URI) with an encryption type URI, and sends the encrypted URI to the requesting computing system.
    Type: Grant
    Filed: September 26, 2013
    Date of Patent: June 20, 2017
    Assignee: Symantec Corporation
    Inventors: Vincent E. Moscaritolo, Damon Cokenias
  • Patent number: 9680951
    Abstract: A method and apparatus for delaying responses to requests in a server are described. Upon receipt, from a client device, of a first request for a resource at a first location, an identification of a second server is performed. A response that includes a redirection instruction to a second location is transmitted. The response includes a first number of redirects to be completed prior to the first request being fulfilled. Upon receipt of a following request including a number of redirects, the remote server determines whether the number of redirects has been performed. When the number of redirects has not been performed the transmission of the redirection instruction is repeated with a number of redirects smaller than the first number of redirects until the receipt of a request indicating that the number of redirects has been performed. When the number of redirects has been performed the request is fulfilled.
    Type: Grant
    Filed: September 6, 2016
    Date of Patent: June 13, 2017
    Assignee: CLOUDFLARE, INC.
    Inventor: John Graham-Cumming
  • Patent number: 9654413
    Abstract: Disclosed are a method, device, and system for implementing network access, and a network system. The method comprises: in the case that a terminal requests to access a webpage, a server determining content of the webpage that the terminal requests to access; and the server searching for a webpage, used as a reference webpage, with relevant content matching the content of the webpage, and providing information of the found reference webpage for the terminal. The present invention can enable a user terminal to obtain multiple associated access results by performing webpage access once.
    Type: Grant
    Filed: March 19, 2013
    Date of Patent: May 16, 2017
    Assignee: Beijing Qihoo Technology Company Limited
    Inventors: Gang Zhao, Bo Lu, Yuanjiang Zhou
  • Patent number: 9633187
    Abstract: A content access request from a first computing device for a digital content can be received. The content associated with request can be a digital content associated with a second computing device. A facial biometric identification challenge can be conveyed to the first computing device. The conveying can trigger the capture of a digital self-portrait photograph of a portion of a face of a user associated with the first computing device. A facial biometric of the face of a user within the digital self-portrait photograph can be compared to facial features of human faces within historic digital media associated with a different user. When the facial biometric matches a facial biometric within historic digital media, the digital content associated with the content access request can be conveyed to the first computing device.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: April 25, 2017
    Inventor: Dmitry Kozko
  • Patent number: 9619670
    Abstract: A system for detecting user credentials comprising a data chunker, a data chunk storage, a bytewise checker, a bit counter, and a credential checker. The data chunker is for determining a data chunk. The data chunk storage is for storing the data chunk. The bytewise checker is for checking that each byte of the data chunk comprises an appropriate value. The bit counter is for: determining a continuous number of bytes greater than or equal to the threshold byte value; and in the event the continuous number of bytes is greater than or equal to a threshold number of bytes, determining a credential address range corresponding to the continuous number of bytes. The credential checker is for determining whether data stored in the data chunk storage corresponding to the credential address range comprises a credential.
    Type: Grant
    Filed: January 9, 2015
    Date of Patent: April 11, 2017
    Assignee: GitHub, Inc.
    Inventor: Vicent Marti
  • Patent number: RE47019
    Abstract: A method, computer readable medium, and device for providing authenticated domain name service includes forwarding at a traffic management device a request for a domain name from a client device to one or more servers coupled to the traffic management device. The traffic management device receives a first response comprising at least a portion of the domain name from the one or more servers. The traffic management device attaches a first signature to the first response when the first response is determined by the traffic management device to be an unauthenticated response, and provides the first response with the first signature to the client device.
    Type: Grant
    Filed: October 5, 2016
    Date of Patent: August 28, 2018
    Assignee: F5 Networks, Inc.
    Inventors: Peter M. Thornewell, Christopher R. Baker