Data Authentication Patents (Class 713/161)
  • Patent number: 11889298
    Abstract: Method and apparatus relating to a wireless device supporting 3GPP 4G and 5G radio interfaces and also supporting non-3GPP access, i.e., WiFi, for selecting a security gateway of a first type e.g., ePDG or a security gateway of a second type, e.g., N3IWF for accessing to the core network of first type, e.g., EPC or of a second type e.g., SGC. As the access methods via ePDG and N3IWF are not the same, the wireless device has to determine based on information obtained by a function in the network and its capabilities whether to use an ePDG or an N3IWF for untrusted non-3GPP access. The wireless device may take into account in the selection whether it is connected to the Core network over 3GPP 4G or 5G radio access network. A corresponding apparatus claim is provided.
    Type: Grant
    Filed: November 20, 2018
    Date of Patent: January 30, 2024
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: George Foti, Lila Madour
  • Patent number: 11842586
    Abstract: Systems and methods for mutual authentication of a user and a container administrator computer system. A container administrator computer system receives a request from a mobile computing device for a user to access a secure container. The request includes a user identifier. The administrator system receives a first authentication factor corresponding to the user. The administrator system authenticates the user by verifying that the first authentication factor matches a first reference authentication factor associated with the user identifier. The administrator system sends a second authentication factor associated with the administrator system to a human-machine interface associated with the secure container or the mobile computing device. The administrator system receives a notification of authentication of the administrator system using the authentication factor. The administrator system transmits an unlock signal to unlock the secure container.
    Type: Grant
    Filed: December 6, 2021
    Date of Patent: December 12, 2023
    Inventors: Darren M. Goetz, Chris Kalaboukis, Lisa R. Magana, Andrew L. Martinez, Uma Meyyappan, Dennis E. Montenegro, Marla M. Pacis, Timothy R. Ward
  • Patent number: 11758494
    Abstract: A Reference Time Scale Dissemination System (RTS-DS) is provided that includes a RTS Dissemination Data Provider (RTS-DDP) and a User Terminal. The RTS Dissemination Data Provider is equipped with a radio receiver designed to receive radio signals and to compute a RTS-DDP Computed Time Scale based on received radio signals. The User Terminal (UT) is equipped with a Radio Receiver designed to receive radio signals and to compute a UT Computed Time Scale based on received radio signals, and with a Clock Device designed to be locked to the UT Computed Time Scale and to provide a UT Local Time Scale resultingly locked to the UT Computed Time Scale.
    Type: Grant
    Filed: September 10, 2018
    Date of Patent: September 12, 2023
    Assignee: Thales Alenia Space Italia S.p.A. Con Unico Socio
    Inventors: Claudio Cantelmo, Marco Blanchi
  • Patent number: 11743253
    Abstract: A system for bidirectional device authentication between two computing devices is disclosed. A first processor generates a first random number sequence, performs a first operation on the first random number sequence to determine a first table address, and retrieves a first entry in the first table based on the first table address. The processor also executes a first transformation function on the first entry to generate a first transformed entry, transmits the first random number sequence to the second computing device, receives an encoded entry from a second computing device in response to transmission of the first random number sequence, and decodes the encoded entry to determine a second transformed entry. The first transformed entry matches the second transformed entry, and the first processor performs an update to a dynamic table by replacing each entry of the dynamic table with an associated transformed entry.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: August 29, 2023
    Assignee: Roche Diabetes Care, Inc.
    Inventors: Nagaraj Hegde, Craig L. Carlson, Phillip E. Pash, Robert P. Sabo
  • Patent number: 11726662
    Abstract: A method for maintaining an availability of a storage system, the method may include obtaining, by a control module of the storage system, problem related information generated by one or more compute nodes of the storage system, the problem related information is indicative of one or more problems associated with an execution of one or more storage operations; determining, by the control module and based on the problem related information, whether to forbid an execution of a storage operation of the one of more storage operations; and updating, by the control module, and based on the determining, a forbidden storage operation data structure that is accessible to the compute nodes of the storage system.
    Type: Grant
    Filed: March 3, 2021
    Date of Patent: August 15, 2023
    Assignee: VAST DATA LTD.
    Inventors: Avi Goren, Amir Miron, Ido Yellin, Asaf Levy
  • Patent number: 11677737
    Abstract: Methods and systems for a browser extension system are disclosed. In some embodiments, a browser extension server includes a communication device configured to communicate with a first computing device executing a browser extension application and a web browser application and a second computing device executing an authentication application. The browser extension server further includes a memory storing instructions, and a processor configured to execute the instructions to perform operations. The operations may include receiving from the first computing device an indication of a financial service account associated with the first computing device, detecting a payment field in a web page provided by the computing device through the web browser application and, in response, generating a secure token mapped to the financial service account.
    Type: Grant
    Filed: July 6, 2021
    Date of Patent: June 13, 2023
    Assignee: Capital One Services LLC
    Inventors: Matthew de Ganon, Kunal Arora, Thomas Poole, Daniel Kahn, Dwij Trivedi, Paul Moreton
  • Patent number: 11677727
    Abstract: An apparatus may include a pipeline circuit configured to process packets and an authentication engine configured to authenticate packets and to provide an authentication signal to the pipeline circuit based on whether packets have been authenticated. The apparatus may further include a control circuit configured to route a given incoming packet to both the authentication engine and to a bypass path. The bypass path may be configured to provide a copy of the given incoming packet to the pipeline circuit to bypass the authentication engine.
    Type: Grant
    Filed: March 5, 2021
    Date of Patent: June 13, 2023
    Assignee: Microchip Technology Incorporated
    Inventor: Brian Branscomb
  • Patent number: 11595373
    Abstract: A method for utilizing a registration authority to facilitate a certificate signing request is disclosed. In at least one embodiment, a registration authority computer may receive a certificate signing request associated with a token requestor. The registration authority may authenticate the identity of the token requestor and forward the certificate signing request to a certificate authority computer. A token requestor ID and a signed certificate may be provided by the certificate authority computer and forwarded to the token requestor. The token requestor ID may be utilized by the token requestor to generate digital signatures for subsequent token-based transactions.
    Type: Grant
    Filed: December 28, 2020
    Date of Patent: February 28, 2023
    Assignee: Visa International Service Association
    Inventors: Simon Law, Kim R. Wagner
  • Patent number: 11563590
    Abstract: A computing resource service provider provides a certificate management service that allows customers of the computing resource service provider to create, distribute, manage, and revoke digital certificates issued by public and/or private certificate authorities. In an embodiment, when a new certificate is generated, a certificate template is used to apply various settings and policies for the new certificate. In various examples, templates may be used to establish default values, enforce required and optional values, place restrictions on one or more data fields, and enforce signature requirements. In some embodiments, the template establishes rules for rejecting certificate requests that don't conform to the template.
    Type: Grant
    Filed: June 25, 2018
    Date of Patent: January 24, 2023
    Assignee: Amazon Technologies, Inc.
    Inventors: Peter Zachary Bowen, Todd Lawrence Cignetti, Preston Anthony Elder, III, Brandonn Gorman, Ronald Andrew Hoskinson, Jonathan Kozolchyk, Kenneth Lawler, Marcel Andrew Levy, Kyle Benjamin Schultheiss, Sandeep Shantharaj, Param Sharma, Jose Maria Silveira Neto
  • Patent number: 11556929
    Abstract: A method is provided. The method includes receiving a request message, the request message relating to a transaction between a first client and a second client, the request message including first client data and second client data, the first client data identifying an account to be used by the first client in the transaction, the second client data indicating if the second client is subscribed to a service. The method further includes determining if the second client is subscribed to the service, and generating an authentication request message if the second client is not subscribed to the service, the authentication request message requesting confirmation that a holder of the account is the first client. The method further includes sending the authentication request message, and receiving an authentication response message from the external server in response, the authentication response message including an indication whether the holder is the first client.
    Type: Grant
    Filed: September 23, 2019
    Date of Patent: January 17, 2023
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Tadepally Venkata Seshadri, Manohar Murali, Sandeep Malhotra
  • Patent number: 11529739
    Abstract: The present invention is the invention for providing a guidance service by using a robot. For example, the robot may provide the guidance service in an airport. The robot may receive a destination, acquire a movement path from a current position to the destination, and transmit the movement path to the mobile terminal. The mobile terminal may receive the movement path from the robot and display a guidance path representing a movement path and a user path representing a position movement of the mobile terminal and overlapping the guidance path.
    Type: Grant
    Filed: August 29, 2017
    Date of Patent: December 20, 2022
    Assignee: LG ELECTRONICS INC.
    Inventor: Jaesik Jung
  • Patent number: 11436308
    Abstract: Provided is an electromyogram (EMG) signal-based user authentication apparatus and method. The apparatus includes an EMG signal receiver configured to receive an EMG signal measured using an EMG sensor, a pre-processor configured to remove a partial signal from the received EMG signal according to a preset frequency band, and a controller configured to authenticate a user by comparing a pre-stored EMG signal with the EMG signal in which the partial signal has been removed.
    Type: Grant
    Filed: May 8, 2020
    Date of Patent: September 6, 2022
    Assignee: Industry-Academic Cooperation Foundation, Chosun University
    Inventors: Youn Tae Kim, Jae Hyo Jung, Si Ho Shin, Min Gu Kang
  • Patent number: 11386419
    Abstract: An electronic device may include a printed circuit board having a physically unclonable function (PUF) source. The electronic device may also include an integrated circuit (IC) chip positioned on the printed circuit board, and the first PUF source may be embedded in or formed on the printed circuit board external to the IC chip. The IC chip has processing circuitry that is configured to determine PUF data based on the PUF source. The processing circuitry is further configured to determine a cryptographic key or authentication token based on the PUF data and to perform at least one secure operation using the cryptographic key or authentication token.
    Type: Grant
    Filed: March 20, 2020
    Date of Patent: July 12, 2022
    Assignee: Block, Inc.
    Inventors: Kamran Sharifi, Jeremy Wade, Bertram Leesti, Afshin Rezayee, Yue Yang, Max Joseph Guise
  • Patent number: 11368313
    Abstract: A data storage device including a non-volatile memory and a micro-controller is provided. The non-volatile memory stores a firmware file. The micro-controller is coupled to the non-volatile memory, and performs an encryption procedure on the firmware file. The encryption procedure includes: using a first key and a first algorithm to encrypt the firmware file to generate a signature, using the first key and a second algorithm to scramble the signature to generate a scrambled signature, and attaching the scrambled signature to the firmware file.
    Type: Grant
    Filed: May 7, 2020
    Date of Patent: June 21, 2022
    Assignee: Silicon Motion, Inc.
    Inventors: Ching-Ke Chen, Yu-Han Hsiao
  • Patent number: 11361014
    Abstract: A system and method for at least partially completing a user profile. The method includes analyzing the user profile to identify at least one missing informational element in the user profile, wherein identifying the at least one missing element further comprises determining at least one concept based on the user profile and matching the determined at least one concept to a plurality of category concepts, each concept including a collection of signatures and metadata describing the concept, wherein each category concept is associated with at least one required informational element, wherein each missing informational element is one of the at least one required informational element that is not included in the user profile; sending a query for the missing informational element; and updating at least a portion of the user profile based on a response to the query.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: June 14, 2022
    Assignee: CORTICA LTD.
    Inventors: Adam Harel, Igal Raichelgauz, Karina Odinaev, Yehoshua Y Zeevi
  • Patent number: 11361101
    Abstract: Disclosed are various examples for multi-party authentication and authentication. In one example, a user can gain access to secured data stored by a managed device based on the presence of the minimum quantity of other users within a threshold proximity of the user who desires access.
    Type: Grant
    Filed: June 27, 2018
    Date of Patent: June 14, 2022
    Assignee: AirWatch LLC
    Inventors: Sachin Vas, Ramani Panchapakesan, Vijaykumar Bhat, Sushilvas Vasavan
  • Patent number: 11303738
    Abstract: Data messages such as data packets in an IPv4 or IPv6 format are processed with a view to compression/decompression, using information obtained from sources other than the field data packet itself, or the stream to which it belongs. This may involve additional dynamic processing defined in specifications identified by a shared marker, or obtained from an additional data source such as a static file, database application or the like. Embodiments described herein enhance this approach with a dynamic determination of data components.
    Type: Grant
    Filed: March 13, 2019
    Date of Patent: April 12, 2022
    Assignee: ACKLIO
    Inventors: Ana Minaburo, Alexander Pelov
  • Patent number: 11301590
    Abstract: An example operation may include one or more of connecting to a blockchain configured to store transactions executed by the participating node, executing a transaction to produce a transaction trail, assigning a transaction identifier (ID) to the transaction, generating a transaction tag based on the transaction ID, and sending to the blockchain the transaction tag and the transaction trail to be entered into the blockchain.
    Type: Grant
    Filed: September 5, 2018
    Date of Patent: April 12, 2022
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Maria Dubovitskaya, Manu Drijvers
  • Patent number: 11272341
    Abstract: An information processing apparatus includes an acquisition unit that acquires first communication information for connecting with an apparatus via a first network and second communication information for connecting with the apparatus via a second network, a determination unit that determines whether communication between an information processing apparatus and the apparatus via the first network based on the first communication information is possible, a connection unit that connects the information processing apparatus with the apparatus via the second network based on the second communication information when the communication via the first network is impossible, and a request unit that transmits a processing request to the apparatus via the first network when the communication via the first network is possible, and transmits the processing request to the apparatus via the second network when the information processing apparatus is connected with the apparatus via the second network.
    Type: Grant
    Filed: June 9, 2020
    Date of Patent: March 8, 2022
    Assignee: RICOH COMPANY, LTD.
    Inventor: Tsuyoshi Yamada
  • Patent number: 11258672
    Abstract: Systems and methods are provided for a network appliance comprising a plurality of virtual private network nodes operating on the network appliance, each virtual private network node being configurable to connect to selectable virtual private network end points in an on-demand computing network. A web interface is configured to connect a client device to the network appliance and to identify a selected virtual private network end point, where the client device is connected to a particular one of the virtual private network nodes and the particular virtual private network node is connected to the selected virtual private network end point based on interactions with the web interface.
    Type: Grant
    Filed: March 24, 2020
    Date of Patent: February 22, 2022
    Assignee: Berryville Holdings, LLC
    Inventors: Christopher Edward Delaney, Chava Louis Jurado, Carl Bailey Jacobs, William Theodore Schoon
  • Patent number: 11258866
    Abstract: In various embodiments described herein, a content extension and programming interface enable third-party content extensions to supply transformation and filtering actions and associated criteria to native web clients on a system. In one embodiment, the native web client loads data for a third-party content filtering, blocking, or transformation extension and conducts extension defined actions without requiring additional intermediation by the third-party content. In one embodiment, a third-party application downloaded to a mobile or handheld device can include an extension data object that provides actions and triggers that are loaded by a native web client of the system. The third-party application is not required to execute continuously and can exit or be terminated once the web client retrieves the extension data object.
    Type: Grant
    Filed: February 14, 2020
    Date of Patent: February 22, 2022
    Assignee: APPLE INC.
    Inventors: Samuel M. Weinig, Jessie Berlin, Benjamin Poulain, Adele Peterson, Brian Weinstein, Richard Mondello, Alex Christensen
  • Patent number: 11257077
    Abstract: Blockchain-based, smart contract platforms have great promise to remove trust and add transparency to distributed applications. However, this benefit often comes at the cost of greatly reduced privacy. Techniques for implementing a privacy-preserving smart contract is described. The system can keep accounts private while not losing functionality and with only a limited performance overhead. This is achieved by building a confidential and anonymous token on top of a cryptocurrency. Multiple complex applications can also be built using the smart contract system.
    Type: Grant
    Filed: November 30, 2018
    Date of Patent: February 22, 2022
    Assignees: Visa International Service Association, The Board of Trustees of the Leland Stanford Junior University
    Inventors: Shashank Agrawal, Karl Benedikt Bünz, Mahdi Zamani, Dan Boneh
  • Patent number: 11232157
    Abstract: A text comparison method is adapted for comparing a query file with an existing file. The text comparison method includes: converting the existing file, by an irreversible method, to obtain a first intermediate file, wherein the first intermediate file includes a plurality of characters, and a number of different characters of the plurality of characters is a predetermined value; receiving a second intermediate file which is a file converted from the query file by the irreversible method; and according to a predetermined string length, comparing the second intermediate file with the first intermediate file by a high repeating-character comparison method to output a comparison result. Therefore, the second intermediate file can be created offline and then only the second intermediate file but not the original query file is submitted through internet for private text comparison.
    Type: Grant
    Filed: October 16, 2019
    Date of Patent: January 25, 2022
    Assignees: NATIONAL TSING HUA UNIVERSITY, NATIONAL CHIAO TUNG UNIVERSITY
    Inventors: Lee-Wei Yang, Jui-Hung Hung, Emmanuel Oluwatobi Salawu, Yuan-Yu Chang
  • Patent number: 11209963
    Abstract: A system and method to access one or more insights to display in a context-specific display pane based on PIM application context data, filter the one or more insights to display in the context-specific display pane, and display the filtered one or more insights in the context-specific display pane.
    Type: Grant
    Filed: June 20, 2019
    Date of Patent: December 28, 2021
    Assignee: salesforce.com, inc.
    Inventors: Melissa Ann O'Kane, Sriram Venkata Krishnan Iyer, Daniel Tafner McGarry, Douglas M. Lowder, Anthony J. Annuzzi, Elias Yates Andrew, Emily Schwartzman, Christopher Thomas Sellinger
  • Patent number: 11165701
    Abstract: A network device may receive, from a first network, a network packet of a first network packet type that encapsulates a fragment of a second network packet of a second network packet type, where the network packet is part of a flow of a plurality of network packets of the first network packet type that encapsulates fragments of the second network packet, and where the network packet includes a flow label that indicates a source port for the second network packet. The network device may perform an anti-spoof check on the fragment of the second network packet based at least in part on the source port for the second network packet that is indicated by the flow label of the network packet. The network device may, based on the fragment passing the anti-spoof check, forward the fragment of the second network packet to a second network.
    Type: Grant
    Filed: March 31, 2020
    Date of Patent: November 2, 2021
    Assignee: Juniper Networks, Inc.
    Inventors: Ashish Suresh Ghule, Jagadish Narasimha Grandhi
  • Patent number: 11153295
    Abstract: Plugins are authenticated for purposes of accessing and using application program interfaces (APIs) of a management service of a virtualized computing environment. In an authentication process, each plugin is associated with a session ticket that is unique to the plugin. The session ticket may be in the form of a single-use token that has a finite duration, and which may be used by the plugin to establish a session with the APIs of the management service. Because of the single-use and finite duration constraints of the token, the plugin is unable to use the token for other sessions and other plugins are also unable to use the same token to conduct their own sessions with the management service.
    Type: Grant
    Filed: August 28, 2019
    Date of Patent: October 19, 2021
    Assignee: VMWARE, INC.
    Inventors: Tony Ganchev, Tihomir Mateev
  • Patent number: 11153289
    Abstract: A System-on-Chip (SoC) performs secure communication operations. The SoC may include a peripheral interface configured to communicate with a host system. The SoC may also include a network interface configured to receive network packets in a secure communication session. The SoC may further include a processor configured to execute an Operating System (OS) software and a secure communication software stack to process at least one received network packet in the secure communication session. In addition, the SoC may include a secure communication engine configured to perform cryptographic operations and generate at least one decrypted packet in the secure communication session. The at least one decrypted packet may be provided to the host system via the peripheral interface.
    Type: Grant
    Filed: July 28, 2017
    Date of Patent: October 19, 2021
    Assignee: ALIBABA GROUP HOLDING LIMITED
    Inventor: Xiaowei Jiang
  • Patent number: 11139980
    Abstract: Software for immutably storing computational determinations using distributed ledgers. The software performs the following operations: (i) receiving an indication that a first computational model is ready to be deployed; (ii) storing a copy of the first computational model in a first distributed ledger; (iii) computing a hash of the first computational model using a cryptographic hash function; (iv) receiving an indication that a second computational model has been used to produce a first computational determination; (vi) receiving a hash of the second computational model; and (vii) in response to determining that the hash of the second computational model matches the hash of the first computational model, storing a record of the first computational determination in a second distributed ledger, wherein the record of the first computational determination identifies the second computational model as being the first computational model and includes the hash of the first computational model.
    Type: Grant
    Filed: November 28, 2018
    Date of Patent: October 5, 2021
    Assignee: International Business Machines Corporation
    Inventors: Bradley C. Herrin, Xianjun Zhu, Bo Zhang, Alexander Sobran
  • Patent number: 11134069
    Abstract: A method for authorizing access includes generating a public identity parameter and a private identity parameter for each server, and using the public identity parameter of a first server indicated by a first credential from a resource owner to perform identity encryption on the first credential and a first random parameter so as to generate and transmit a first request message to the first server. The private identity parameter is used to decrypt the first request message. The public identity parameter of a second server indicates by the second credential to perform identity encryption on the second credential and a second random parameter so as to generate and transmit a second request message. The second server uses the private identity parameter to perform decryption on the second request message, and the method determines, according to the decrypted second credential, a resource to be provided to the client.
    Type: Grant
    Filed: April 13, 2016
    Date of Patent: September 28, 2021
    Assignee: SONY CORPORATION
    Inventor: Zhihui Zhang
  • Patent number: 11119988
    Abstract: An aspect of performing logical validation on loaded data in a database includes a rule engine configured to, in response to an addition or update of a new rule for logical validation, determine a delta rule that includes a delta part of the new rule with respect to existing rules. An aspect also includes an object container containing object instances that have been validated using the existing rules. The object instance contains only data related to the existing rules and extracted from the database. An aspect further includes a validation engine configured to, upon determining that the delta rule relates to extra data other than the data contained in the object instance, extract the extra data from a database and add it to corresponding object instances, and use at least a part of the new rule to perform logical validation on the relevant object instances in the object container.
    Type: Grant
    Filed: May 17, 2019
    Date of Patent: September 14, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Bai Chen Deng, An Chao Song, Feng Cheng Sun, Jing Sun, Lin Xu
  • Patent number: 11102169
    Abstract: The present disclosure provides a method of embedding finer grained information such as user identity and application identity in IPv6 addresses used for end-to-end communications within a network. The finer grained information can be used for improved policy enforcement within the network. In one aspect, generating an address for an end-to-end communication within a network, the address including a user identifier and an application identifier for network policy enforcement; assigning the address to an application used in the end-to-end communication; and performing network segmentation and the network policy enforcement within the network using the address.
    Type: Grant
    Filed: June 6, 2019
    Date of Patent: August 24, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Marcel Paul Sosthène Enguehard, Jordan Augé, Giovanna Carofiglio
  • Patent number: 11086890
    Abstract: Embodiments of the present invention are directed to validating extraction rules. In embodiments, a set of events for which field extraction is desired is obtained. Thereafter, an extraction rule is applied to the set of events to extract fields of the events. The application of the extraction rule can be monitored to determine that the applied extraction rule is invalid. Based on the applied extraction rule being invalid, a new extraction rule can be generated to apply to the set of events.
    Type: Grant
    Filed: January 31, 2019
    Date of Patent: August 10, 2021
    Assignee: SPLUNK Inc.
    Inventors: Li Li, Yongxin Su, Ting Yuan, Qian Jie Zhong, Yiyun Zhu
  • Patent number: 11074112
    Abstract: Systems, methods, and software are disclosed herein for maintain the responsiveness of a user interface to an application. In an implementation, a synchronous operation is commenced on a main thread of an application. The application monitors for a request by an additional thread to interrupt the synchronous operation in favor of an asynchronous operation. The synchronous operation is canceled in response to the request and is retried after completing the asynchronous operation.
    Type: Grant
    Filed: January 13, 2017
    Date of Patent: July 27, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Micah James Myerscough, Weide Zhong, Xiaohui Pan, Toshiharu Kawai, Emily Anne Schultz
  • Patent number: 11030306
    Abstract: The present invention particularly concerns a method for executing a program (P) intended to be interpreted by a virtual machine (M), the method comprising steps of determination (102) of a reference code instruction to be interpreted when executing the program, interpretation (112) by the virtual machine of the reference code instruction using machine code. This method also comprises read-out (106) of interpretation rights data (DR) indicating a portion (P1) of the program containing code instructions interpretable by the virtual machine and, on the basis of read-out data, checking the presence (110) of the reference code instruction in the portion (P1) of the program (P), the interpretation of the reference code instruction being implemented by the virtual machine (M) only if the reference code instruction is contained in the portion (P1) of the program (P).
    Type: Grant
    Filed: April 19, 2018
    Date of Patent: June 8, 2021
    Assignee: IDEMIA IDENTITY & SECURITY FRANCE
    Inventors: Ahmadou Sere, Karim Madjid Ammouche
  • Patent number: 11019085
    Abstract: The disclosed computer-implemented method for identifying potentially risky traffic destined for network-connected devices may include (1) receiving, at a cloud-based server, characteristics of a network-connected device being adding to a network, (2) creating a digital virtual image of the network-connected device on the cloud-based server, (3) receiving a request sent to a port on the network-connected device and (4) performing a security action including (A) sending the request to the digital virtual image of the network-connected device, (B) identifying the request as a potentially risky request by monitoring a runtime reaction of the digital virtual image of the network-connected device to the request, and (C) sending, to a network monitoring device, a message indicating the request is a potentially risky request. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 17, 2018
    Date of Patent: May 25, 2021
    Inventors: Ilya Sokolov, Bruce McCorkendale
  • Patent number: 11017102
    Abstract: A kernel driver on an endpoint is configured to monitor processes executing on the endpoint that use network communications, and to transmit process information to a firewall for the endpoint. The firewall can, in turn, use process this stream of information from individual endpoints or groups of endpoints as context for observed network activity in order to control secure network communications and otherwise manage network activity.
    Type: Grant
    Filed: October 27, 2017
    Date of Patent: May 25, 2021
    Assignee: Sophos Limited
    Inventor: Richard S. Teal
  • Patent number: 11019033
    Abstract: An apparatus comprises at least one processing device that includes a processor coupled to a memory. The processing device is configured to establish a secure enclave in cloud infrastructure as part of a trust domain, to load the secure enclave with a program for execution in the secure enclave, and to provide the secure enclave with information sufficient to allow the secure enclave to prove to one or more clients of the trust domain that the secure enclave was established within the trust domain. The provided information customizes the secure enclave for the trust domain in a manner that is detectable by the one or more clients of the trust domain. The establishing, loading and providing are illustratively performed at least in part by an orchestrator component that is part of the trust domain and is implemented using a first physical machine that is separate from a second physical machine used to implement the secure enclave.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: May 25, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Radia J. Perlman, Charles Kaufman
  • Patent number: 10993112
    Abstract: System and method embodiments are provided for accessing a wireless network. The embodiments enable establishing and releasing session resources in a wireless local area network (WLAN) corresponding to packet data network (PDN) connections in a 3 GPP enhanced packet core (EPC). In an embodiment, a method in a network component for establishing a control channel with a user equipment (UE) includes setting up, by the network component, a link layer channel, sending, by the network component, an identifier of the link layer channel to the UE; and communicating, by the network component, with the UE over the link layer channel using a WLAN control protocol (WLCP), wherein the WLAN comprises a trusted WLAN Access Network (TWAN).
    Type: Grant
    Filed: October 26, 2018
    Date of Patent: April 27, 2021
    Assignee: Futurewei Technologies, Inc.
    Inventors: Kaippallimalil Mathew John, Weisheng Jin, Wenruo Zhu
  • Patent number: 10963279
    Abstract: Embodiments are directed to a computer implemented method of controlling a host computing device connected to at least one subordinate computing device. The method includes configuring a host virtual machine manager (VMM) of the host computing device to perform a method that includes deploying an instance of a subordinate virtual machine (VM) on the subordinate computing device, and deploying another instance of the subordinate VM on the host computing device. The method further includes administering features or functions of the instance of the subordinate VM on the subordinate computing device, and administering features or functions of the another instance of the subordinate VM on the host computing device.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: March 30, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: David B. Lection, Ruthie D. Lyle, Eric L. Masselle
  • Patent number: 10853514
    Abstract: A document management system includes a memory for storing machine-readable code and a processor configured to execute the machine-readable code. The processor stores a first document, a first hash of the first document, and a first key in the memory. The first document is encrypted with the first key. The processor further receives a request for the first key. The request includes a second hash of a second document where the second document is purported to be a copy of the first document. The processor further compares the first hash to the second hash and sends the first key in response to the request when the first hash matches the second hash.
    Type: Grant
    Filed: May 10, 2018
    Date of Patent: December 1, 2020
    Assignee: Dell Products, L.P.
    Inventors: Daniel L. Hamlin, Charles D. Robison
  • Patent number: 10841088
    Abstract: Techniques for generating and validating credentials are disclosed. A server generates credentials using only a single current key, up to a threshold number of credentials. The server accepts client connection requests with credentials that were generated using n most recently used keys, including the current key and one or more legacy keys. The server rejects connection requests with credentials that were generated using any other key. When the current key has been used to generate the threshold number of credentials, the server updates the current key to a new key.
    Type: Grant
    Filed: December 17, 2018
    Date of Patent: November 17, 2020
    Assignee: Oracle International Corporation
    Inventor: Xuelei Fan
  • Patent number: 10841730
    Abstract: Systems and methods for incentivizing a user to satisfy a goal for attending twelve step meetings. The method includes the steps of: providing the user with a mobile device; detecting the presence of the mobile device at a first location and at a first time selected by the user; comparing the first time and the first location to a database of approved meetings, wherein the comparing is substantially contemporaneous with the first time; and providing a reward to the user upon confirming that: i) the first time and the first location correspond to an approved meeting; and ii) the user is proximate the mobile device at the first time.
    Type: Grant
    Filed: November 16, 2016
    Date of Patent: November 17, 2020
    Inventor: Michael Jerome Senger
  • Patent number: 10824725
    Abstract: Automatic detection of software that performs unauthorized privilege escalation is disclosed. The techniques cause a programmable device to obtain a trace event of a program from an event logger, parse the trace event to determine a privilege level for an event, compare the privilege level for the event to an expected privilege level, and block execution of the program based on the comparison.
    Type: Grant
    Filed: January 23, 2018
    Date of Patent: November 3, 2020
    Assignee: McAfee, LLC
    Inventor: Eknath Venkataramani
  • Patent number: 10802924
    Abstract: The present disclosure involves systems, software, and computer-implemented methods for asynchronous session storing. An example method includes receiving, by a first thread of a data processing apparatus, a backup trigger for backing up session of an application being executed by a second, separate thread of the data processing apparatus; serializing, by the first thread of the data processing apparatus, session, wherein serializing the session comprises blocking execution of the application by the second thread of the data processing apparatus; storing the serialized session into a database; and validating the stored session.
    Type: Grant
    Filed: July 25, 2017
    Date of Patent: October 13, 2020
    Assignee: SAP SE
    Inventors: Martin Knechtel, Axel Schroeder, Kay Jugel, Christof Momm
  • Patent number: 10783255
    Abstract: Systems and techniques are provided for trust agents. Trust agents may be enabled. A state determination may be received from each of the enabled trust agents. The state determination may indicate either a trusted state or an untrusted state. The received state determinations may be combined to determine a security state. A security measure may be enabled or disabled based on the determined security state.
    Type: Grant
    Filed: April 4, 2019
    Date of Patent: September 22, 2020
    Assignee: Google LLC
    Inventors: James Brooks Miller, Michael Andrew Cleron
  • Patent number: 10733146
    Abstract: An encoding system may include a metadata manager, a key manager, and an encoder. The metadata manager may interface with one or more metadata sources to determine whether to include a metadata item from the one or more metadata sources. The key manager may determine whether the metadata item can be represented using one of already-allocated keys or an inline key must be used to represent the metadata item. The encoder may encode the metadata. If an inline key must be used to represent the metadata item, the encoder may associate the inline key and the type of the metadata item to the media file, and the encoder may encode the metadata item using the inline key in the media file.
    Type: Grant
    Filed: January 22, 2015
    Date of Patent: August 4, 2020
    Assignee: Apple Inc.
    Inventor: Christopher L. Flick
  • Patent number: 10686763
    Abstract: Various embodiments are generally directed to techniques to distribute encrypted packets among multiple cores in a load-balanced manner for further processing. An apparatus may include a processor component; a decryption component to decrypt an encrypted packet to generate a decrypted packet from the encrypted packet, the encrypted packet comprising a header that comprises at least one field of information; a hash component to generate a header hash from the at least one field of information during decryption of at least a portion of the encrypted packet by the decryption component, the header hash comprising a smaller quantity of bits than the at least one field of information; and a distribution component to select a first core of multiple cores coupled to the processor component based on the header hash and to transmit the decrypted packet to the first core from the processor component. Other embodiments are described and claimed.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: June 16, 2020
    Assignee: INTEL CORPORATION
    Inventors: Tomasz Kantecki, Niall McDonnell
  • Patent number: 10680816
    Abstract: A system for improving the data security during a communication process, including at least one processor and a hardware security module. The communication data is authenticated prior to a transmission process, and the authenticity of the communication data is checked upon being received. The authentication is carried out by the processor, and the authentication check is carried out by the hardware security module, wherein the communication data is car-to-X messages. The processor and the hardware security module are linked via a common secret element such that at least the hardware security module cannot be coupled to another processor.
    Type: Grant
    Filed: March 25, 2015
    Date of Patent: June 9, 2020
    Assignee: Continental Teves AG & Co. oHG
    Inventors: Henrik Antoni, Torsten Martin, Stefan Römmele, Marc Menzel
  • Patent number: 10638301
    Abstract: Each known operating system, software, or hardware can correspond to a list of identifiable attributes that is used to uniquely identify the operating system, software, or hardware of interest. By using these identifiable attributes in rules, fingerprints can be generated that define the existence of an object (e.g. operating systems, software and hardware). By using the generated fingerprints via a discovery tool, the existence of the objects can be determined within an environment (e.g. computing device, computing network).
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: April 28, 2020
    Assignee: BDNA Corporation
    Inventors: Alexander Meau, Danny Leung
  • Patent number: 10630555
    Abstract: Systems and methods are provided that include a network appliance comprising a plurality of virtual private network nodes operating on the network appliance, each virtual private network node being configurable to connect to selectable virtual private network end points in an on-demand computing network. A web interface is configured to connect a client device to the network appliance and to identify a selected virtual private network end point, where the client device is connected to a particular one of the virtual private network nodes and the particular virtual private network node is connected to the selected virtual private network end point based on interactions with the web interface.
    Type: Grant
    Filed: August 23, 2017
    Date of Patent: April 21, 2020
    Assignee: Berryville Holdings, LLC
    Inventors: Christopher Edward Delaney, Chava Louis Jurado, Carl Bailey Jacobs, William Theodore Schoon