Data Authentication Patents (Class 713/161)
-
Patent number: 8812638Abstract: A method of controlling an apparatus comprising a plurality of features and adapted to receive messages via a first network interface, wherein said method is implemented in a filter superposed on the top of an existing architecture of the apparatus. The method comprises the following steps: receiving network management message via said first network interface; interrogating said message in order to identify a feature said network management message relates to and filtering the received management message such that said management message is rejected if the identified feature is classified as disabled and said management message is allowed top go through if said feature is classified as enabled.Type: GrantFiled: July 12, 2006Date of Patent: August 19, 2014Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventor: Jürgen Fischer
-
Patent number: 8811607Abstract: A method and system for generating contexts of targets to estimate a high-order context. The system includes: a detection device including: a sensor for detecting a target; module for extracting the target and a primary context of the target based on data detected by the sensor; and module for encrypting the primary context with a key corresponding to the target; a storage device for recording encrypted primary context from the detection device; and a processing device including: module for receiving the encrypted primary context from the storage device; module for receiving the key corresponding to the target involved in the encrypted primary context; module for decrypting the encrypted primary context using received key; and module for estimating a high-order context using the decrypted primary context; where the processing device further includes a module for requesting the detection device to delete information on a key corresponding to a specific target.Type: GrantFiled: August 30, 2012Date of Patent: August 19, 2014Assignee: International Business Machines CorporationInventor: Michiharu Kudoh
-
Patent number: 8806647Abstract: Behavioral analysis of a mobile application is performed to determine whether the application is malicious. During analysis, various user interactions are simulated in an emulated environment to activate many possible resulting behaviors of an application. The behaviors are classified as hard or soft signals. A probability of the application being malicious is determined through combining soft signals, and the application is classified as malicious or non-malicious. Users of the application, the developer of the application, or a distributor of the application are notified of the application classification to enable responsive action.Type: GrantFiled: April 27, 2012Date of Patent: August 12, 2014Assignee: Twitter, Inc.Inventors: Neilkumar Daswani, Ameet Ranadive, Shariq Rizvi, Michael Gagnon, Tufan Demir, Gerry Eisenhaur
-
Patent number: 8806633Abstract: In one embodiment, a security device receives one or more first unique identifications of packets sent by a first device to a second device for which a corresponding acknowledgment was purportedly returned by the second device to the first device. The security device also receives one or more second unique identifications of packets received by the second device from the first device and acknowledged by the second device to the first device. By comparing the first and second unique identifications, the security device may then determine whether acknowledgments received by the first device were truly returned from the second device based on whether the first and second unique identifications exactly match.Type: GrantFiled: August 22, 2011Date of Patent: August 12, 2014Assignee: Cisco Technology, Inc.Inventors: Shmuel Shaffer, Jean-Philippe Vasseur, Jonathan W. Hui
-
Patent number: 8806572Abstract: Systems, methods, and other embodiments associated with authentication via monitoring are described. One example method includes detecting a data flow in which indicia of identity (DFWIOI) travel between a first endpoint and a second endpoint. The DFWIOI may be partially encrypted. The example method may also include collecting an identity data associated with the DFWIOI from the DFWIOI, the first endpoint, the second endpoint, and so on. The example method may also include making an authentication policy decision regarding the DFWIOI based, at least in part, on the identity data. The example method may also include controlling a networking device associated with the DFWIOI based, at least in part, on the authentication policy decision.Type: GrantFiled: May 30, 2009Date of Patent: August 12, 2014Assignee: Cisco Technology, Inc.Inventors: David A. McGrew, Sandeep Rao
-
Patent number: 8806646Abstract: Behavioral analysis of a mobile webpage is performed to determine whether the webpage is malicious. During analysis, the webpage is visited by an emulated mobile device to cause behaviors to occur which may be malicious. The behaviors occurring after accessing the webpage are stored. The behaviors are classified as hard or soft signals. A probability of the webpage being malicious is determined through combining soft signals, and the webpage is classified as malicious or non-malicious. Users of the webpage, the developer of the webpage, or a distributor of the webpage are notified of the webpage classification to enable responsive action.Type: GrantFiled: April 27, 2012Date of Patent: August 12, 2014Assignee: Twitter, Inc.Inventors: Neilkumar Daswani, Ameet Ranadive, Shariq Rizvi, Michael Gagnon, Tufan Demir, Gerry Eisenhaur
-
Patent number: 8799645Abstract: Web-based authentication includes receiving a packet in a network switch having at least one associative store configured to forward packet traffic to a first one or more processors of the switch that are dedicated to cryptographic processing if a destination port of the packet indicates a secure transport protocol, and to a second one or more processors of the switch that are not dedicated to cryptographic processing if the destination port does not indicate a secure transport protocol. If a source of the packet is an authenticated user, the packet is forwarded via an output port of the switch, based on the associative store. If the source is an unauthenticated user, the packet is forwarded to the first one or more processors if the destination port indicates a secure transport protocol, and to the second one or more processors if the destination port does not indicate a secure transport protocol.Type: GrantFiled: April 27, 2012Date of Patent: August 5, 2014Assignee: Foundry Networks, LLC.Inventors: Yan-Zhe Wang, Sean Hou, Sridhar Devarapalli, Louis Yun
-
Patent number: 8799653Abstract: A storage device and method for storage device state recovery are provided. In one embodiment, a storage device commences an authentication process to authenticate a host device. The authentication process comprises a plurality of phases, and the storage device stores the state of the authentication process, wherein the state indicates the phase(s) of the authentication process that have been successfully completed. After a power loss, the storage device retrieves the state of the authentication process and resumes an operation with the host device without re-performing the phase(s) of the authentication process that have been completed.Type: GrantFiled: February 13, 2012Date of Patent: August 5, 2014Assignee: SanDisk IL Ltd.Inventors: Rotem Sela, Avraham Shmuel
-
Patent number: 8799634Abstract: Methods and devices for controlling system settings of a computing device are described herein. One example embodiment comprises: determining configuration data associated with a software application, wherein the configuration data identifies one or more new system settings to be temporarily enforced on the computing device during an execution of the software application, and wherein the configuration data is digitally signed; and in response to an initiation of the execution of the software application, reconfiguring system settings on the computing device; wherein the reconfiguring comprises verifying at least one digital signature associated with the digitally signed configuration data; wherein if the at least one digital signature associated with the digitally signed configuration data successfully verifies, then the reconfiguring further comprises temporarily enforcing new system settings for the duration of the execution of the software application.Type: GrantFiled: December 23, 2011Date of Patent: August 5, 2014Assignee: BlackBerry LimitedInventors: Sean Alexander Courtney, Alexander Truskovsky, Neil Patrick Adams
-
Patent number: 8792641Abstract: In one embodiment, the method performed by mobile equipment to authenticate communication with a network includes generating keys using cellular authentication and voice encryption, and then generating an authentication key based on these keys. The authentication key is used to generate an expected message authentication code used in authenticating the network according to authentication and key agreement security protocol.Type: GrantFiled: January 10, 2013Date of Patent: July 29, 2014Assignee: Alcatel LucentInventor: Sarvar Patel
-
Publication number: 20140208099Abstract: A method for providing service plane encryption in IP/MPLS and GRE networks is disclosed. The method for providing service plane encryption in IP/MPLS and GRE networks includes receiving a first Security Parameter Index with associated first encryption key and associated first authentication key at a first network element supporting the first Service Distribution Point; receiving an instruction at the first network element to encrypt data entering the first Service Distribution point with the first encryption key; receiving an instruction at the first network element to associate a data communication service provided at the first network element to the first Service Distribution Point; providing an encryption label; and providing data associated with the first communication service to the first Service Distribution Point for transmission to the second Service Distribution Point.Type: ApplicationFiled: January 21, 2013Publication date: July 24, 2014Applicant: Alcatel-Lucent Canada Inc.Inventor: Carl RAJSIC
-
Patent number: 8788810Abstract: In a method of temporarily registering a second device with a first device, in which the first device includes a temporary registration mode, the temporary registration mode in the first device is activated, a temporary registration operation in the first device is initiated from the second device, a determination as to whether the second device is authorized to register with the first device is made, and the second device is temporarily registered with the first device in response to a determination that the second device is authorized to register with the first device, in which the temporary registration requires that at least one of the second device and the first device delete information required for the temporary registration following at least one of a determination of a network connection between the first device and the second device and a powering off of at least one of the first device and the second device.Type: GrantFiled: December 29, 2009Date of Patent: July 22, 2014Assignee: Motorola Mobility LLCInventors: Jiang Zhang, Alexander Medvinsky, Paul Moroney, Petr Peterka
-
Publication number: 20140201523Abstract: Provided is a transmission apparatus capable of avoiding unnecessary decryption and preventing a denial-of-service attack. The transmission apparatus that establishes a secure communications channel (SA) between the transmission apparatus and a reception apparatus includes a creation section that creates a packet, an encryption section that, based on a ratio of a redundant packet to the packets created by the packet creation section and on an instruction from the reception apparatus, determines an encryption coverage in the created packet and encrypts data in the encryption coverage, and a transmission section that transmits the encrypted packet through SA.Type: ApplicationFiled: April 15, 2013Publication date: July 17, 2014Inventor: Tetsuro Sato
-
Patent number: 8782751Abstract: Systems and methods of authenticating user access based on an access point to a secure data network include a secure data network having a plurality of a network access points serving as entry points for a user to access the secure data network using a user device. The user is associated with a user identity, each network access point with a network access point identity. The user uses a user device to send an access request, requesting access to the secure data network, to the network access point, which then sends an authentication request to an identity server. The identity server processes the authentication request, by validating the combination of the user identity and the network access point identity, and responds with an authentication response, granting or denying access, as communicated to the user device via an access response.Type: GrantFiled: March 19, 2012Date of Patent: July 15, 2014Assignee: A10 Networks, Inc.Inventors: Lee Chen, John Chiong, Yang Yu
-
Patent number: 8776249Abstract: A method is performed at a computer system having one or more processors and memory storing one or more programs executed by the one or more processors. The method includes generating a document, including marking one or more portions of the document as private; and sending the document to an intermediary system for transmission to a destination system. Prior to the document being transmitted to the destination system, the marked portions of the document are encrypted by the intermediary system using a key that is unavailable to the destination system.Type: GrantFiled: February 23, 2012Date of Patent: July 8, 2014Assignee: Google Inc.Inventor: Ben Margolin
-
Patent number: 8769261Abstract: A method provides subscriber-specific activation of network-based mobility management using an authentication server. According to the method, network-based mobility management is enforced, even if the mobile terminal supports terminal-based mobility management. This gives a network provider complete control over mobility management in his network, preventing configuration problems during the configuration of mobile terminals. In the method, after the successful authentication of a subscriber, the authentication server transmits an authentication confirmation message to an authentication client in an access network. The received authentication confirmation message contains an activation attribute for activating network-based mobility management, if the authentication server does not provide a common mobile key for terminal-based mobility management.Type: GrantFiled: October 31, 2006Date of Patent: July 1, 2014Assignee: Siemens AktiengesellschaftInventors: Rainer Falk, Christian Günther, Dirk Kröselberg
-
Patent number: 8769289Abstract: A user accessing a protected resource is authenticated using multiple channels, including a mobile device of the user. A user attempting to access a protected resource is authenticated by receiving a request from a mobile device of the user to access the protected resource; receiving a public key from the mobile device of the user; providing a provision token to the mobile device, wherein the provision token is used by the user to access the protected resource using a second device; and confirming the provision token to a provider of the protected resource to authorize the user to access the protected resource. The user then communicates with the provider using a second device to authorize the provisioning token. A transaction signing protocol is also provided.Type: GrantFiled: September 14, 2012Date of Patent: July 1, 2014Assignee: EMC CorporationInventor: Boris Kronrod
-
Patent number: 8762711Abstract: Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain's security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain.Type: GrantFiled: January 31, 2011Date of Patent: June 24, 2014Assignee: Intertrust Technologies CorporationInventor: Xavier Serret-Avila
-
Publication number: 20140173275Abstract: Embodiments of an invention for securing transmissions between processor packages are disclosed. In one embodiment, an apparatus includes an encryption unit to encrypt first content to be transmitted from the apparatus to a processor package directly through a point-to-point link.Type: ApplicationFiled: December 19, 2012Publication date: June 19, 2014Inventors: Simon Johnson, Abhishek Das, Carlos Rozas, Uday Savagaonkar, Robert Blankenship, Kiran Padwekar
-
Patent number: 8756413Abstract: The present invention relates to a method and a device for ensuring information integrity and non-repudiation over time. A basic idea of the present invention is to provide a mechanism for secure distribution of information, which information relates to an instance in time when usage of cryptographic key pairs associated with a certain brand identity commenced, as well as when the key pairs ceased to be used, i.e. when the key pairs were revoked. The mechanism further allows a company or an organization to tie administration of cryptographic key pairs and a procedure for verifying information integrity and non-repudiation to their own brand. This can be seen as a complement or an alternative to using a certificate authority (CA) as a trusted third party, which CA guarantees an alleged relation between a public key and the identity of the company or organization using the cryptographic key pair to which that public key belongs.Type: GrantFiled: April 20, 2005Date of Patent: June 17, 2014Assignee: Brandsign ABInventors: Anders Thoursie, Peter Holm, Sven-Håkan Olsson
-
Patent number: 8755522Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.Type: GrantFiled: August 16, 2013Date of Patent: June 17, 2014Assignee: Luminal, Inc.Inventors: Josha Stella, Dominic Zippilli, Matthew Brinkman
-
Patent number: 8756418Abstract: A system and method of guaranteeing the presence of secure and tamper-proof remote files over a distributed communication medium, such as the Internet, is provided. The system and method automatically detects, and then self-repairs corrupt, modified or non-existent remote files. The method first performs an integrity check on a remote file and then determines whether the integrity check passed. If the integrity check passed, then the user goes through the authentication process as normal. If the integrity check fails, then the present invention redirects to an install module in order to prepare to reinstall the remote file. Via the install module, the present invention then reinstalls the remote file and the user is then taken through the authentication process as normal.Type: GrantFiled: December 27, 2012Date of Patent: June 17, 2014Assignee: Citibank, N.A.Inventors: Steve Vlcan, Bikram Singh Bakshi
-
Patent number: 8756665Abstract: A user authenticates to a Web- or cloud-based application from a browser-based client. The browser-based client has an associated rich client. After a session is initiated from the browser-based client (and a credential obtained), the user can discover that the rich client is available and cause it to obtain the credential (or a new one) for use in authenticating the user to the application (using the rich client) automatically, i.e., without additional user input. An application interface provides the user with a display by which the user can configure the rich client authentication operation, such as specifying whether the rich client should be authenticated automatically if it detected as running, whether and what extent access to the application by the rich client is to be restricted, if and when access to the application by the rich client is to be revoked, and the like.Type: GrantFiled: July 8, 2011Date of Patent: June 17, 2014Assignee: International Business Machines CorporationInventors: Olgierd Stanislaw Pieczul, Mark Alexander McGloin, Mary Ellen Zurko
-
Patent number: 8751788Abstract: Embodiments of the invention provide a system for encrypting web session data which may include a session management module adapted to receive data from a web application module and provide a token that represents the data in encrypted form to the web application, wherein the web application is adapted to use the token to represent the data. The system may also include a tokenizer module communicably coupled to the session management module, wherein the tokenizer module is adapted to receive the data and generate the token. Further, the system may include a database communicably coupled to the session management module, wherein the database is adapted to receive the token and the data, associate the token with the data, and store the token and the data.Type: GrantFiled: June 10, 2009Date of Patent: June 10, 2014Assignee: Paymetric, Inc.Inventor: Nathan P. Leach
-
Patent number: 8751802Abstract: A storage device and method for storage device state recovery are provided. In one embodiment, a storage device commences an authentication process to authenticate a host device. The authentication process comprises a plurality of phases, and the storage device stores the state of the authentication process, wherein the state indicates the phase(s) of the authentication process that have been successfully completed. After a power loss, the storage device retrieves the state of the authentication process and resumes an operation with the host device without re-performing the phase(s) of the authentication process that have been completed.Type: GrantFiled: June 30, 2010Date of Patent: June 10, 2014Assignee: SanDisk IL Ltd.Inventors: Rotem Sela, Avraham Shmuel
-
Patent number: 8745277Abstract: A command portal enables a host system to send non-standard or “vendor-specific” storage subsystem commands to a storage subsystem using an operating system (OS) device driver that does not support or recognize such non-standard commands. The architecture thereby reduces or eliminates the need to develop custom device drivers that support the storage subsystem's non-standard commands. To execute non-standard commands using the command portal, the host system embeds the non-standard commands in blocks of write data, and writes these data blocks to the storage subsystem using standard write commands supported by standard OS device drivers. The storage subsystem extracts and executes the non-standard commands. The non-standard commands may alternatively be implied by the particular target addresses used. The host system may retrieve execution results of the non-standard commands using standard read commands.Type: GrantFiled: January 15, 2013Date of Patent: June 3, 2014Assignee: SiliconSystems, Inc.Inventor: Alan C. Kan
-
Patent number: 8745395Abstract: If a smart card is to be used for a particular purpose, and there is no certificate initialized on the smart card for this purpose, a computerized device enables a user to select one of the certificates already installed in the smart card for the particular purpose. The selected certificate may be imported into the computerized device.Type: GrantFiled: July 25, 2012Date of Patent: June 3, 2014Assignee: BlackBerry LimitedInventors: Michael Kenneth Brown, Neil Patrick Adams, Herbert Anthony Little
-
Patent number: 8739270Abstract: The methods and systems of the present disclosure provide a high assurance means for multiple legacy communication (e.g., Mil-Std-1553 communications protocol) system users and/or devices and multiple IP based network users and/or devices to seamlessly, and in real time, share information across various security domains. Specifically, the system enables multiple legacy communication system protocols and interfaces to communicate with existing IP interfaces and protocols with a high degree of trust. The system includes a configurable filtering capability to allow for the data to be inspected prior to being passed from one security domain to another security domain.Type: GrantFiled: April 19, 2011Date of Patent: May 27, 2014Assignee: The Boeing CompanyInventor: Steven L. Arnold
-
Patent number: 8739307Abstract: A method, apparatus and system enabling software access to navigational data in a decrypted media stream while protecting stream payloads. In one embodiment, a filter may route an encrypted content stream and associated information to a secure partition having a trusted computing component for decryption. Upon decryption, the trusted computing component may store the decrypted payload of the content in a secure storage location accessible to the trusted computing component. Thereafter, the decrypted navigational header information of the content may be used to navigate to the decrypted content via a trusted component such as a trusted rendering unit in the secure partition.Type: GrantFiled: January 4, 2013Date of Patent: May 27, 2014Assignee: Intel CorporationInventors: Richard Maliszewski, Keith L. Shippy, Ajit P. Joshi
-
Patent number: 8739299Abstract: A content protection scheme for controlling access to digital content comprises dividing content into data sectors, storing the data sectors on a storage medium and storing selected original data sectors at a remote location. Additional content is unlocked by the remote location only if data from a storage medium correlates to at least a portion of data of the corresponding selected original data sectors.Type: GrantFiled: December 23, 2010Date of Patent: May 27, 2014Assignee: Cinram Group, Inc.Inventors: Paul Savage, Dave Lydon, Robert A. Davis
-
Patent number: 8738921Abstract: A system and method are provided for authenticating a person's identity to a business using a trusted entity with a secure repository to store and protect the person's identity information. The person accesses their account on the trusted entity's server using a user name and a password. Then, the trusted entity grants the person a unique code so the person can authenticate their identity to the business. The person delivers the unique code to the transactional entity. The business makes a request to verify the unique code with the trusted entity. The trusted entity verifies the unique code, which authenticates the person's identity to the business.Type: GrantFiled: November 21, 2007Date of Patent: May 27, 2014Assignee: Transactionsecure LLCInventors: Brian R. Gephart, Michael F. Dobson, Bradley W. Mitchell, Reed H. Larsen
-
Patent number: 8738909Abstract: A system and method of sending an e-mail message associated with a wireless device is provided. A request to forward or reply to an original e-mail message is sent from the wireless device to a server. The request contains one or more recipients and includes a message identifier of an original e-mail message. A portion indicator is provided for retrieving portions of the original e-mail message identified by the message identifier. An e-mail message is sent to the one or more recipients comprising any added user text and the one or more retrieved portions of the original e-mail message such that text of the original message that the user may not be aware is not forwarded to new recipients.Type: GrantFiled: October 26, 2011Date of Patent: May 27, 2014Assignee: BlackBerry LimitedInventors: Ravi Singh, Alexander Sherkin, Neil Patrick Adams, Nikhil Vats
-
Patent number: 8731195Abstract: An approach for enabling contextual categories to be associated and scored in connection with a defined geographic region is described. A transient services platform establishes, based on biometric authentication of a user, a limited session for completing a transaction. The transient services platform then determines, based on a defined geographic region, a context to associate with the transaction. Credentials associated with the user are transferred to the transaction agent based on the authentication and the determined context.Type: GrantFiled: May 18, 2012Date of Patent: May 20, 2014Assignee: Verizon Patent and Licensing Inc.Inventors: Madhusudan Raman, Renu Chipalkatti
-
Patent number: 8732803Abstract: Some embodiments provide a verification system for automated verification of entities. The verification system automatedly verifies entities using a two part verification campaign. One part verifies that the entity is the true owner of the entity account to be verified. This verification step involves (1) the entity receiving a verification code at the entity account and returning the verification code to the verification system, (2) the entity associating an account that it has registered at a service provider to an account that the verification system has registered at the service provider, (3) both. Another part verifies the entity can respond to communications that are sent to methods of contact that have been previously verified as belonging to the entity. The verification system submits a first communication with a code using a verified method of contact. The verification system then monitors for a second communication to be returned with the code.Type: GrantFiled: October 3, 2013Date of Patent: May 20, 2014Assignee: Credibility Corp.Inventors: Jeffrey M. Stibel, Aaron B. Stibel, Peter Delgrosso, Shailen Mistry, Bryan Mierke, Paul Servino, Charles Chi Thoi Le, David Lo, David Allen Lyon
-
Patent number: 8732826Abstract: A method and system to verify active content at a server system include receiving, at the server system a communication (e.g., an e-mail message or e-commerce listing) that includes active content that is to be made accessible via the server system. At the server system, the active content is rendered to generate rendered active content. The rendered active content presents a representation of information and processes to which an end user will be subject. At the server system, the rendered active content is verified as not being malicious.Type: GrantFiled: January 7, 2013Date of Patent: May 20, 2014Assignee: eBay Inc.Inventors: Chris Lalonde, Andrew Millard Brown, Mathew Gene Henley, Quang D. Pham, Kevin Black
-
Patent number: 8726398Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. Accent preservation of data is selected. An accent value for the data is determined. The anonymized data with the determined accent value is transmitted to the destination computing device over a network. In one embodiment, the anonymized data has less number of characters than the input data.Type: GrantFiled: December 13, 2011Date of Patent: May 13, 2014Assignee: Ciphercloud, Inc.Inventors: Theron Tock, Pravin Kothari
-
Patent number: 8726382Abstract: Methods for tracking attacking nodes are described and include extracting, from a database, an instance of each unique packet header associated with IP-to-IP packets transmitted over a time period. The method includes determining from extracted headers, which nodes have attempted to establish a connection with an excessive number of other nodes over a period, identifying these as potential attacking nodes, determining from the headers, which other nodes responded with a TCP SYN/ACK packet indicating a willingness to establish connections, and a potential for compromise. Nodes scanned by potential attacking nodes are disqualified from the identified nodes based on at least one of: data in the headers relating to at least one of an amount of data transferred, and scanning activities conducted by the nodes that responded to a potential attacking node with a TCP SYN/ACK packet. Any remaining potential attacking nodes and scanned nodes are presented to a user.Type: GrantFiled: August 20, 2008Date of Patent: May 13, 2014Assignee: The Boeing CompanyInventors: Stephen Knapp, Timothy Mark Aldrich
-
Patent number: 8726036Abstract: According to this disclosure, a user is identified (and selectively granted access to protected resources) by using information that describes the user's interpersonal relationships. This information typically is stored in a datastore, such as a digital address book, an online profile page, or the like. The user's digital address book carries an “acquaintance pattern” that changes dynamically in time. This pattern comprises the information in the user's contact list entries. In this approach, the entropy inherent in this information is distilled into a unique acquaintance digest (or “fingerprint”) by normalizing the contact list data, and then applying a cryptographic function to the result.Type: GrantFiled: September 20, 2011Date of Patent: May 13, 2014Assignee: Wallrust, Inc.Inventors: Adam Kornafeld, Jozsef Patvarczki, Marton B. Anka, Endre Tamas
-
Patent number: 8726123Abstract: A bit error corrector includes an aging bit pattern memory operable to store at least one aging bit pattern which conveys aging-related effects within a succession of uncorrected bit patterns, a bit pattern modifier operable to modify a current, uncorrected bit pattern using the at least one aging bit pattern and generate a modified bit pattern, and a bit pattern comparator operable to compare the current uncorrected bit pattern with a corrected bit pattern which is based on the modified bit pattern and determine a corresponding comparative bit pattern. An aging bit pattern determiner is operable to recursively determine a new aging bit pattern based on the at least one aging bit pattern and the comparative bit pattern, and store the new aging bit pattern in the aging bit pattern memory for use during modification of a subsequent uncorrected bit pattern by the bit pattern modifier.Type: GrantFiled: July 13, 2012Date of Patent: May 13, 2014Assignee: Infineon Technologies AGInventors: Rainer Goettfert, Berndt Gammel, Thomas Kuenemund
-
Patent number: 8724803Abstract: A method and apparatus for secure generation of a short-term key SK for viewing information content in a Multicast-broadcast-multimedia system are described. A short-term key is generated by a memory module residing in user equipment (UE) only when the source of the information used to generate the short-term key can be validated. A short-term key can be generated by a Broadcast Access Key (BAK) or a derivative of BAK and a changing value with a Message Authentication Code (MAC) appended to the changing value. A short-term key (SK) can also be generated by using a private key and a short-term key (SK) manager with a corresponding public key distributed to the memory module residing in the user equipment (UE), using a digital signature.Type: GrantFiled: September 1, 2004Date of Patent: May 13, 2014Assignee: QUALCOMM IncorporatedInventors: James Semple, Gregory Gordon Rose
-
Patent number: 8713310Abstract: The invention relates to a method for transmitting user data, particularly user data realizing real-time applications, between at least one first communication device and at least one second communication device, the user data being transmitted as data packets during a communication connection, wherein during the communication connection at least from the first communication device at least one packet enabling an authentication of the first communication device is embedded in at least one of the data packets transmitting the user data and directed at the second communication device. The invention furthermore relates to an arrangement for carrying out the method.Type: GrantFiled: September 6, 2007Date of Patent: April 29, 2014Assignee: Siemens Enterprise Communications GmbH & Co. KGInventors: Bruno Bozionek, Karl Klaghofer, Holger Prange, Werner Schneider, Michael Tietsch
-
Patent number: 8713311Abstract: Methods for changing authentication keys when transmitting data are provided. In one aspect, a method includes receiving a first data packet including a first sender-generated authentication value generated using a first authentication key, and a first message encrypted using a first encryption key, and receiving an indication that subsequent packets will include authentication values generated using a second authentication key. The method also includes receiving a second packet includes a second sender-generated authentication value and an encrypted second message, and applying the second authentication key to the second packet to generate a recipient-generated authentication value. The encrypted second message is decrypted if these two authentication values match. Otherwise, the first authentication key is applied to the second packet to generate another recipient-generated authentication value. If these two authentication values match, the encrypted message is decrypted using the first encryption key.Type: GrantFiled: November 7, 2012Date of Patent: April 29, 2014Assignee: Google Inc.Inventor: James Roskind
-
Patent number: 8713312Abstract: A method and apparatus for detecting data modification in a layered operating system is disclosed. Outbound content indicators at different layers are compared to detect potential outbound data modifications. Likewise, inbound content indicators at different layers are compared to detect potential inbound data modifications. Content indicators include checksum, cryptographic hash, signature, and fingerprint indicators. Embodiments of the present invention enable detection of data modifications across an operating system's kernel and user mode spaces, prevention of modified outbound data from reaching a network, prevention of modified input data from reaching a user application, and detection of malware and faults within an operating system.Type: GrantFiled: December 6, 2009Date of Patent: April 29, 2014Assignee: Trend Micrio IncorporatedInventors: Rares Stefan, Blake Stanton Sutherland
-
Patent number: 8707033Abstract: An information processing apparatus has an authentication and key exchange processing unit, a packet selector, a content key generator, a content decryption unit to decrypt, based on the content key, the encrypted content which is included in the content packet and received following the CCI packet, a CCI set identifier management unit to manage a CCI identifier corresponding to recognizable copy control information, a CCI selector, a CCI analyzer to analyze copy control information corresponding to the CCI identifier selected by the CCI selector, a content processing unit to perform, based on an analysis result of the CCI analyzer, the receiving process on the content data corresponding to the content packet received following the CCI packet, a first communication connection unit to perform the authentication and key exchange process, and a second communication connection unit to transmit the content packet and the CCI packet.Type: GrantFiled: December 12, 2011Date of Patent: April 22, 2014Assignee: Kabushiki Kaisha ToshibaInventors: Hiroshi Isozaki, Yoshinobu Fujiwara, Kunio Honsawa, Taku Kato
-
Patent number: 8706701Abstract: Example embodiments of the present invention provide authenticated file system that provides integrity and freshness of both data and metadata more efficiently than existing systems. The architecture of example embodiments of the present invention is natural to cloud settings involving a cloud service provider and enterprise-class tenants, thereby addressing key practical considerations, including garbage collection, multiple storage tiers, multi-layer caching, and checkpointing. Example embodiments of the present invention support a combination of strong integrity protection and practicality for large (e.g., petabyte-scale), high-throughput file systems. Further, example embodiments of the present invention support proofs of retrievability (PoRs) that let the cloud prove to the tenant efficiently at any time and for arbitrary workloads that the full file system (i.e.Type: GrantFiled: June 30, 2011Date of Patent: April 22, 2014Assignee: EMC CorporationInventors: Emil P. Stefanov, Marten E. Van Dijk, Alina M. Oprea, Ari Juels
-
Publication number: 20140108790Abstract: Secure communication of user inputs is achieved by isolating part of an endpoint device such that certificates and encryption keys are protected from corruption by malware. Further, the communication is passed through a trusted data relay that is configured to decrypt and/or certify the user inputs encrypted by the isolated part of the endpoint device. The trusted data relay can determine that the user inputs were encrypted or certified by the protected certificates and encryption keys, thus authenticating their origin within the endpoint device. The trusted data relay then forwards the inputs to an intended destination. In some embodiments, the isolated part of the endpoint device is configured to detect input created by auto-completion logic and/or spell checking logic.Type: ApplicationFiled: October 16, 2013Publication date: April 17, 2014Inventors: Michael Eynon, Peter Sinclair, James Lloyd
-
Patent number: 8689009Abstract: The invention provides a method for accessing the mass memory of a data carrier with a mass memory and a chip. The data carrier has been or is personalized by an individual date of a use device which is or has already been stored in(to) the chip to a use device for accessing the data carrier, so that the data carrier can only be used with this use device.Type: GrantFiled: August 19, 2005Date of Patent: April 1, 2014Assignee: Giesecke & Devrient GmbHInventors: Thomas Bräutigam, Andreas Johne
-
Patent number: 8688994Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.Type: GrantFiled: June 25, 2010Date of Patent: April 1, 2014Assignee: Microsoft CorporationInventors: Hasan Alkhatib, Geoffrey Outhred, Deepak Bansal, Anatoliy Panasyuk, Dharshan Rangegowda, Anthony Chavez
-
Patent number: 8683577Abstract: An authentication method in a system having a display and a storage device is provided. The authentication method includes the steps of registering an object selected for each user from among a plurality of visually distinguishable objects prepared in advance as a key object in the storage device; and presenting the plurality of objects to the display, accepting selection of an object by a user to be authenticated, and performing authentication based on matching/mismatching of the selected object with the key object registered in association with the user. The step of registering includes a step of determining a degree of freedom of selection of the object at the time of registration of the key object according to a degree of overlapping of the key object already registered in the storage device.Type: GrantFiled: July 14, 2010Date of Patent: March 25, 2014Assignee: Konica Minolta Holdings, Inc.Inventors: Chiho Murai, Motohiro Asano
-
Patent number: 8683568Abstract: Techniques for using a network analyzer device connected to a network include (a) sniffing packets traversing the network between a web-based application server and a user machine, the user machine being operated by a user, (b) analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server, and (c) sending the extracted event information to an authentication server for risk-based authentication of the user.Type: GrantFiled: September 22, 2011Date of Patent: March 25, 2014Assignee: EMC CorporationInventors: Anton Khitrenovich, Oded Peer, Oleg Freylafert