Data Authentication Patents (Class 713/161)
  • Patent number: 8812638
    Abstract: A method of controlling an apparatus comprising a plurality of features and adapted to receive messages via a first network interface, wherein said method is implemented in a filter superposed on the top of an existing architecture of the apparatus. The method comprises the following steps: receiving network management message via said first network interface; interrogating said message in order to identify a feature said network management message relates to and filtering the received management message such that said management message is rejected if the identified feature is classified as disabled and said management message is allowed top go through if said feature is classified as enabled.
    Type: Grant
    Filed: July 12, 2006
    Date of Patent: August 19, 2014
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventor: Jürgen Fischer
  • Patent number: 8811607
    Abstract: A method and system for generating contexts of targets to estimate a high-order context. The system includes: a detection device including: a sensor for detecting a target; module for extracting the target and a primary context of the target based on data detected by the sensor; and module for encrypting the primary context with a key corresponding to the target; a storage device for recording encrypted primary context from the detection device; and a processing device including: module for receiving the encrypted primary context from the storage device; module for receiving the key corresponding to the target involved in the encrypted primary context; module for decrypting the encrypted primary context using received key; and module for estimating a high-order context using the decrypted primary context; where the processing device further includes a module for requesting the detection device to delete information on a key corresponding to a specific target.
    Type: Grant
    Filed: August 30, 2012
    Date of Patent: August 19, 2014
    Assignee: International Business Machines Corporation
    Inventor: Michiharu Kudoh
  • Patent number: 8806647
    Abstract: Behavioral analysis of a mobile application is performed to determine whether the application is malicious. During analysis, various user interactions are simulated in an emulated environment to activate many possible resulting behaviors of an application. The behaviors are classified as hard or soft signals. A probability of the application being malicious is determined through combining soft signals, and the application is classified as malicious or non-malicious. Users of the application, the developer of the application, or a distributor of the application are notified of the application classification to enable responsive action.
    Type: Grant
    Filed: April 27, 2012
    Date of Patent: August 12, 2014
    Assignee: Twitter, Inc.
    Inventors: Neilkumar Daswani, Ameet Ranadive, Shariq Rizvi, Michael Gagnon, Tufan Demir, Gerry Eisenhaur
  • Patent number: 8806633
    Abstract: In one embodiment, a security device receives one or more first unique identifications of packets sent by a first device to a second device for which a corresponding acknowledgment was purportedly returned by the second device to the first device. The security device also receives one or more second unique identifications of packets received by the second device from the first device and acknowledged by the second device to the first device. By comparing the first and second unique identifications, the security device may then determine whether acknowledgments received by the first device were truly returned from the second device based on whether the first and second unique identifications exactly match.
    Type: Grant
    Filed: August 22, 2011
    Date of Patent: August 12, 2014
    Assignee: Cisco Technology, Inc.
    Inventors: Shmuel Shaffer, Jean-Philippe Vasseur, Jonathan W. Hui
  • Patent number: 8806572
    Abstract: Systems, methods, and other embodiments associated with authentication via monitoring are described. One example method includes detecting a data flow in which indicia of identity (DFWIOI) travel between a first endpoint and a second endpoint. The DFWIOI may be partially encrypted. The example method may also include collecting an identity data associated with the DFWIOI from the DFWIOI, the first endpoint, the second endpoint, and so on. The example method may also include making an authentication policy decision regarding the DFWIOI based, at least in part, on the identity data. The example method may also include controlling a networking device associated with the DFWIOI based, at least in part, on the authentication policy decision.
    Type: Grant
    Filed: May 30, 2009
    Date of Patent: August 12, 2014
    Assignee: Cisco Technology, Inc.
    Inventors: David A. McGrew, Sandeep Rao
  • Patent number: 8806646
    Abstract: Behavioral analysis of a mobile webpage is performed to determine whether the webpage is malicious. During analysis, the webpage is visited by an emulated mobile device to cause behaviors to occur which may be malicious. The behaviors occurring after accessing the webpage are stored. The behaviors are classified as hard or soft signals. A probability of the webpage being malicious is determined through combining soft signals, and the webpage is classified as malicious or non-malicious. Users of the webpage, the developer of the webpage, or a distributor of the webpage are notified of the webpage classification to enable responsive action.
    Type: Grant
    Filed: April 27, 2012
    Date of Patent: August 12, 2014
    Assignee: Twitter, Inc.
    Inventors: Neilkumar Daswani, Ameet Ranadive, Shariq Rizvi, Michael Gagnon, Tufan Demir, Gerry Eisenhaur
  • Patent number: 8799645
    Abstract: Web-based authentication includes receiving a packet in a network switch having at least one associative store configured to forward packet traffic to a first one or more processors of the switch that are dedicated to cryptographic processing if a destination port of the packet indicates a secure transport protocol, and to a second one or more processors of the switch that are not dedicated to cryptographic processing if the destination port does not indicate a secure transport protocol. If a source of the packet is an authenticated user, the packet is forwarded via an output port of the switch, based on the associative store. If the source is an unauthenticated user, the packet is forwarded to the first one or more processors if the destination port indicates a secure transport protocol, and to the second one or more processors if the destination port does not indicate a secure transport protocol.
    Type: Grant
    Filed: April 27, 2012
    Date of Patent: August 5, 2014
    Assignee: Foundry Networks, LLC.
    Inventors: Yan-Zhe Wang, Sean Hou, Sridhar Devarapalli, Louis Yun
  • Patent number: 8799653
    Abstract: A storage device and method for storage device state recovery are provided. In one embodiment, a storage device commences an authentication process to authenticate a host device. The authentication process comprises a plurality of phases, and the storage device stores the state of the authentication process, wherein the state indicates the phase(s) of the authentication process that have been successfully completed. After a power loss, the storage device retrieves the state of the authentication process and resumes an operation with the host device without re-performing the phase(s) of the authentication process that have been completed.
    Type: Grant
    Filed: February 13, 2012
    Date of Patent: August 5, 2014
    Assignee: SanDisk IL Ltd.
    Inventors: Rotem Sela, Avraham Shmuel
  • Patent number: 8799634
    Abstract: Methods and devices for controlling system settings of a computing device are described herein. One example embodiment comprises: determining configuration data associated with a software application, wherein the configuration data identifies one or more new system settings to be temporarily enforced on the computing device during an execution of the software application, and wherein the configuration data is digitally signed; and in response to an initiation of the execution of the software application, reconfiguring system settings on the computing device; wherein the reconfiguring comprises verifying at least one digital signature associated with the digitally signed configuration data; wherein if the at least one digital signature associated with the digitally signed configuration data successfully verifies, then the reconfiguring further comprises temporarily enforcing new system settings for the duration of the execution of the software application.
    Type: Grant
    Filed: December 23, 2011
    Date of Patent: August 5, 2014
    Assignee: BlackBerry Limited
    Inventors: Sean Alexander Courtney, Alexander Truskovsky, Neil Patrick Adams
  • Patent number: 8792641
    Abstract: In one embodiment, the method performed by mobile equipment to authenticate communication with a network includes generating keys using cellular authentication and voice encryption, and then generating an authentication key based on these keys. The authentication key is used to generate an expected message authentication code used in authenticating the network according to authentication and key agreement security protocol.
    Type: Grant
    Filed: January 10, 2013
    Date of Patent: July 29, 2014
    Assignee: Alcatel Lucent
    Inventor: Sarvar Patel
  • Publication number: 20140208099
    Abstract: A method for providing service plane encryption in IP/MPLS and GRE networks is disclosed. The method for providing service plane encryption in IP/MPLS and GRE networks includes receiving a first Security Parameter Index with associated first encryption key and associated first authentication key at a first network element supporting the first Service Distribution Point; receiving an instruction at the first network element to encrypt data entering the first Service Distribution point with the first encryption key; receiving an instruction at the first network element to associate a data communication service provided at the first network element to the first Service Distribution Point; providing an encryption label; and providing data associated with the first communication service to the first Service Distribution Point for transmission to the second Service Distribution Point.
    Type: Application
    Filed: January 21, 2013
    Publication date: July 24, 2014
    Applicant: Alcatel-Lucent Canada Inc.
    Inventor: Carl RAJSIC
  • Patent number: 8788810
    Abstract: In a method of temporarily registering a second device with a first device, in which the first device includes a temporary registration mode, the temporary registration mode in the first device is activated, a temporary registration operation in the first device is initiated from the second device, a determination as to whether the second device is authorized to register with the first device is made, and the second device is temporarily registered with the first device in response to a determination that the second device is authorized to register with the first device, in which the temporary registration requires that at least one of the second device and the first device delete information required for the temporary registration following at least one of a determination of a network connection between the first device and the second device and a powering off of at least one of the first device and the second device.
    Type: Grant
    Filed: December 29, 2009
    Date of Patent: July 22, 2014
    Assignee: Motorola Mobility LLC
    Inventors: Jiang Zhang, Alexander Medvinsky, Paul Moroney, Petr Peterka
  • Publication number: 20140201523
    Abstract: Provided is a transmission apparatus capable of avoiding unnecessary decryption and preventing a denial-of-service attack. The transmission apparatus that establishes a secure communications channel (SA) between the transmission apparatus and a reception apparatus includes a creation section that creates a packet, an encryption section that, based on a ratio of a redundant packet to the packets created by the packet creation section and on an instruction from the reception apparatus, determines an encryption coverage in the created packet and encrypts data in the encryption coverage, and a transmission section that transmits the encrypted packet through SA.
    Type: Application
    Filed: April 15, 2013
    Publication date: July 17, 2014
    Inventor: Tetsuro Sato
  • Patent number: 8782751
    Abstract: Systems and methods of authenticating user access based on an access point to a secure data network include a secure data network having a plurality of a network access points serving as entry points for a user to access the secure data network using a user device. The user is associated with a user identity, each network access point with a network access point identity. The user uses a user device to send an access request, requesting access to the secure data network, to the network access point, which then sends an authentication request to an identity server. The identity server processes the authentication request, by validating the combination of the user identity and the network access point identity, and responds with an authentication response, granting or denying access, as communicated to the user device via an access response.
    Type: Grant
    Filed: March 19, 2012
    Date of Patent: July 15, 2014
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, John Chiong, Yang Yu
  • Patent number: 8776249
    Abstract: A method is performed at a computer system having one or more processors and memory storing one or more programs executed by the one or more processors. The method includes generating a document, including marking one or more portions of the document as private; and sending the document to an intermediary system for transmission to a destination system. Prior to the document being transmitted to the destination system, the marked portions of the document are encrypted by the intermediary system using a key that is unavailable to the destination system.
    Type: Grant
    Filed: February 23, 2012
    Date of Patent: July 8, 2014
    Assignee: Google Inc.
    Inventor: Ben Margolin
  • Patent number: 8769261
    Abstract: A method provides subscriber-specific activation of network-based mobility management using an authentication server. According to the method, network-based mobility management is enforced, even if the mobile terminal supports terminal-based mobility management. This gives a network provider complete control over mobility management in his network, preventing configuration problems during the configuration of mobile terminals. In the method, after the successful authentication of a subscriber, the authentication server transmits an authentication confirmation message to an authentication client in an access network. The received authentication confirmation message contains an activation attribute for activating network-based mobility management, if the authentication server does not provide a common mobile key for terminal-based mobility management.
    Type: Grant
    Filed: October 31, 2006
    Date of Patent: July 1, 2014
    Assignee: Siemens Aktiengesellschaft
    Inventors: Rainer Falk, Christian Günther, Dirk Kröselberg
  • Patent number: 8769289
    Abstract: A user accessing a protected resource is authenticated using multiple channels, including a mobile device of the user. A user attempting to access a protected resource is authenticated by receiving a request from a mobile device of the user to access the protected resource; receiving a public key from the mobile device of the user; providing a provision token to the mobile device, wherein the provision token is used by the user to access the protected resource using a second device; and confirming the provision token to a provider of the protected resource to authorize the user to access the protected resource. The user then communicates with the provider using a second device to authorize the provisioning token. A transaction signing protocol is also provided.
    Type: Grant
    Filed: September 14, 2012
    Date of Patent: July 1, 2014
    Assignee: EMC Corporation
    Inventor: Boris Kronrod
  • Patent number: 8762711
    Abstract: Systems and methods are disclosed for enabling a recipient of a cryptographically-signed electronic communication to verify the authenticity of the communication on-the-fly using a signed chain of check values, the chain being constructed from the original content of the communication, and each check value in the chain being at least partially dependent on the signed root of the chain and a portion of the communication. Fault tolerance can be provided by including error-check values in the communication that enable a decoding device to maintain the chain's security in the face of communication errors. In one embodiment, systems and methods are provided for enabling secure quasi-random access to a content file by constructing a hierarchy of hash values from the file, the hierarchy deriving its security in a manner similar to that used by the above-described chain.
    Type: Grant
    Filed: January 31, 2011
    Date of Patent: June 24, 2014
    Assignee: Intertrust Technologies Corporation
    Inventor: Xavier Serret-Avila
  • Publication number: 20140173275
    Abstract: Embodiments of an invention for securing transmissions between processor packages are disclosed. In one embodiment, an apparatus includes an encryption unit to encrypt first content to be transmitted from the apparatus to a processor package directly through a point-to-point link.
    Type: Application
    Filed: December 19, 2012
    Publication date: June 19, 2014
    Inventors: Simon Johnson, Abhishek Das, Carlos Rozas, Uday Savagaonkar, Robert Blankenship, Kiran Padwekar
  • Patent number: 8756413
    Abstract: The present invention relates to a method and a device for ensuring information integrity and non-repudiation over time. A basic idea of the present invention is to provide a mechanism for secure distribution of information, which information relates to an instance in time when usage of cryptographic key pairs associated with a certain brand identity commenced, as well as when the key pairs ceased to be used, i.e. when the key pairs were revoked. The mechanism further allows a company or an organization to tie administration of cryptographic key pairs and a procedure for verifying information integrity and non-repudiation to their own brand. This can be seen as a complement or an alternative to using a certificate authority (CA) as a trusted third party, which CA guarantees an alleged relation between a public key and the identity of the company or organization using the cryptographic key pair to which that public key belongs.
    Type: Grant
    Filed: April 20, 2005
    Date of Patent: June 17, 2014
    Assignee: Brandsign AB
    Inventors: Anders Thoursie, Peter Holm, Sven-Håkan Olsson
  • Patent number: 8755522
    Abstract: Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice.
    Type: Grant
    Filed: August 16, 2013
    Date of Patent: June 17, 2014
    Assignee: Luminal, Inc.
    Inventors: Josha Stella, Dominic Zippilli, Matthew Brinkman
  • Patent number: 8756418
    Abstract: A system and method of guaranteeing the presence of secure and tamper-proof remote files over a distributed communication medium, such as the Internet, is provided. The system and method automatically detects, and then self-repairs corrupt, modified or non-existent remote files. The method first performs an integrity check on a remote file and then determines whether the integrity check passed. If the integrity check passed, then the user goes through the authentication process as normal. If the integrity check fails, then the present invention redirects to an install module in order to prepare to reinstall the remote file. Via the install module, the present invention then reinstalls the remote file and the user is then taken through the authentication process as normal.
    Type: Grant
    Filed: December 27, 2012
    Date of Patent: June 17, 2014
    Assignee: Citibank, N.A.
    Inventors: Steve Vlcan, Bikram Singh Bakshi
  • Patent number: 8756665
    Abstract: A user authenticates to a Web- or cloud-based application from a browser-based client. The browser-based client has an associated rich client. After a session is initiated from the browser-based client (and a credential obtained), the user can discover that the rich client is available and cause it to obtain the credential (or a new one) for use in authenticating the user to the application (using the rich client) automatically, i.e., without additional user input. An application interface provides the user with a display by which the user can configure the rich client authentication operation, such as specifying whether the rich client should be authenticated automatically if it detected as running, whether and what extent access to the application by the rich client is to be restricted, if and when access to the application by the rich client is to be revoked, and the like.
    Type: Grant
    Filed: July 8, 2011
    Date of Patent: June 17, 2014
    Assignee: International Business Machines Corporation
    Inventors: Olgierd Stanislaw Pieczul, Mark Alexander McGloin, Mary Ellen Zurko
  • Patent number: 8751788
    Abstract: Embodiments of the invention provide a system for encrypting web session data which may include a session management module adapted to receive data from a web application module and provide a token that represents the data in encrypted form to the web application, wherein the web application is adapted to use the token to represent the data. The system may also include a tokenizer module communicably coupled to the session management module, wherein the tokenizer module is adapted to receive the data and generate the token. Further, the system may include a database communicably coupled to the session management module, wherein the database is adapted to receive the token and the data, associate the token with the data, and store the token and the data.
    Type: Grant
    Filed: June 10, 2009
    Date of Patent: June 10, 2014
    Assignee: Paymetric, Inc.
    Inventor: Nathan P. Leach
  • Patent number: 8751802
    Abstract: A storage device and method for storage device state recovery are provided. In one embodiment, a storage device commences an authentication process to authenticate a host device. The authentication process comprises a plurality of phases, and the storage device stores the state of the authentication process, wherein the state indicates the phase(s) of the authentication process that have been successfully completed. After a power loss, the storage device retrieves the state of the authentication process and resumes an operation with the host device without re-performing the phase(s) of the authentication process that have been completed.
    Type: Grant
    Filed: June 30, 2010
    Date of Patent: June 10, 2014
    Assignee: SanDisk IL Ltd.
    Inventors: Rotem Sela, Avraham Shmuel
  • Patent number: 8745277
    Abstract: A command portal enables a host system to send non-standard or “vendor-specific” storage subsystem commands to a storage subsystem using an operating system (OS) device driver that does not support or recognize such non-standard commands. The architecture thereby reduces or eliminates the need to develop custom device drivers that support the storage subsystem's non-standard commands. To execute non-standard commands using the command portal, the host system embeds the non-standard commands in blocks of write data, and writes these data blocks to the storage subsystem using standard write commands supported by standard OS device drivers. The storage subsystem extracts and executes the non-standard commands. The non-standard commands may alternatively be implied by the particular target addresses used. The host system may retrieve execution results of the non-standard commands using standard read commands.
    Type: Grant
    Filed: January 15, 2013
    Date of Patent: June 3, 2014
    Assignee: SiliconSystems, Inc.
    Inventor: Alan C. Kan
  • Patent number: 8745395
    Abstract: If a smart card is to be used for a particular purpose, and there is no certificate initialized on the smart card for this purpose, a computerized device enables a user to select one of the certificates already installed in the smart card for the particular purpose. The selected certificate may be imported into the computerized device.
    Type: Grant
    Filed: July 25, 2012
    Date of Patent: June 3, 2014
    Assignee: BlackBerry Limited
    Inventors: Michael Kenneth Brown, Neil Patrick Adams, Herbert Anthony Little
  • Patent number: 8739270
    Abstract: The methods and systems of the present disclosure provide a high assurance means for multiple legacy communication (e.g., Mil-Std-1553 communications protocol) system users and/or devices and multiple IP based network users and/or devices to seamlessly, and in real time, share information across various security domains. Specifically, the system enables multiple legacy communication system protocols and interfaces to communicate with existing IP interfaces and protocols with a high degree of trust. The system includes a configurable filtering capability to allow for the data to be inspected prior to being passed from one security domain to another security domain.
    Type: Grant
    Filed: April 19, 2011
    Date of Patent: May 27, 2014
    Assignee: The Boeing Company
    Inventor: Steven L. Arnold
  • Patent number: 8739307
    Abstract: A method, apparatus and system enabling software access to navigational data in a decrypted media stream while protecting stream payloads. In one embodiment, a filter may route an encrypted content stream and associated information to a secure partition having a trusted computing component for decryption. Upon decryption, the trusted computing component may store the decrypted payload of the content in a secure storage location accessible to the trusted computing component. Thereafter, the decrypted navigational header information of the content may be used to navigate to the decrypted content via a trusted component such as a trusted rendering unit in the secure partition.
    Type: Grant
    Filed: January 4, 2013
    Date of Patent: May 27, 2014
    Assignee: Intel Corporation
    Inventors: Richard Maliszewski, Keith L. Shippy, Ajit P. Joshi
  • Patent number: 8739299
    Abstract: A content protection scheme for controlling access to digital content comprises dividing content into data sectors, storing the data sectors on a storage medium and storing selected original data sectors at a remote location. Additional content is unlocked by the remote location only if data from a storage medium correlates to at least a portion of data of the corresponding selected original data sectors.
    Type: Grant
    Filed: December 23, 2010
    Date of Patent: May 27, 2014
    Assignee: Cinram Group, Inc.
    Inventors: Paul Savage, Dave Lydon, Robert A. Davis
  • Patent number: 8738921
    Abstract: A system and method are provided for authenticating a person's identity to a business using a trusted entity with a secure repository to store and protect the person's identity information. The person accesses their account on the trusted entity's server using a user name and a password. Then, the trusted entity grants the person a unique code so the person can authenticate their identity to the business. The person delivers the unique code to the transactional entity. The business makes a request to verify the unique code with the trusted entity. The trusted entity verifies the unique code, which authenticates the person's identity to the business.
    Type: Grant
    Filed: November 21, 2007
    Date of Patent: May 27, 2014
    Assignee: Transactionsecure LLC
    Inventors: Brian R. Gephart, Michael F. Dobson, Bradley W. Mitchell, Reed H. Larsen
  • Patent number: 8738909
    Abstract: A system and method of sending an e-mail message associated with a wireless device is provided. A request to forward or reply to an original e-mail message is sent from the wireless device to a server. The request contains one or more recipients and includes a message identifier of an original e-mail message. A portion indicator is provided for retrieving portions of the original e-mail message identified by the message identifier. An e-mail message is sent to the one or more recipients comprising any added user text and the one or more retrieved portions of the original e-mail message such that text of the original message that the user may not be aware is not forwarded to new recipients.
    Type: Grant
    Filed: October 26, 2011
    Date of Patent: May 27, 2014
    Assignee: BlackBerry Limited
    Inventors: Ravi Singh, Alexander Sherkin, Neil Patrick Adams, Nikhil Vats
  • Patent number: 8731195
    Abstract: An approach for enabling contextual categories to be associated and scored in connection with a defined geographic region is described. A transient services platform establishes, based on biometric authentication of a user, a limited session for completing a transaction. The transient services platform then determines, based on a defined geographic region, a context to associate with the transaction. Credentials associated with the user are transferred to the transaction agent based on the authentication and the determined context.
    Type: Grant
    Filed: May 18, 2012
    Date of Patent: May 20, 2014
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Madhusudan Raman, Renu Chipalkatti
  • Patent number: 8732803
    Abstract: Some embodiments provide a verification system for automated verification of entities. The verification system automatedly verifies entities using a two part verification campaign. One part verifies that the entity is the true owner of the entity account to be verified. This verification step involves (1) the entity receiving a verification code at the entity account and returning the verification code to the verification system, (2) the entity associating an account that it has registered at a service provider to an account that the verification system has registered at the service provider, (3) both. Another part verifies the entity can respond to communications that are sent to methods of contact that have been previously verified as belonging to the entity. The verification system submits a first communication with a code using a verified method of contact. The verification system then monitors for a second communication to be returned with the code.
    Type: Grant
    Filed: October 3, 2013
    Date of Patent: May 20, 2014
    Assignee: Credibility Corp.
    Inventors: Jeffrey M. Stibel, Aaron B. Stibel, Peter Delgrosso, Shailen Mistry, Bryan Mierke, Paul Servino, Charles Chi Thoi Le, David Lo, David Allen Lyon
  • Patent number: 8732826
    Abstract: A method and system to verify active content at a server system include receiving, at the server system a communication (e.g., an e-mail message or e-commerce listing) that includes active content that is to be made accessible via the server system. At the server system, the active content is rendered to generate rendered active content. The rendered active content presents a representation of information and processes to which an end user will be subject. At the server system, the rendered active content is verified as not being malicious.
    Type: Grant
    Filed: January 7, 2013
    Date of Patent: May 20, 2014
    Assignee: eBay Inc.
    Inventors: Chris Lalonde, Andrew Millard Brown, Mathew Gene Henley, Quang D. Pham, Kevin Black
  • Patent number: 8726398
    Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. Accent preservation of data is selected. An accent value for the data is determined. The anonymized data with the determined accent value is transmitted to the destination computing device over a network. In one embodiment, the anonymized data has less number of characters than the input data.
    Type: Grant
    Filed: December 13, 2011
    Date of Patent: May 13, 2014
    Assignee: Ciphercloud, Inc.
    Inventors: Theron Tock, Pravin Kothari
  • Patent number: 8726382
    Abstract: Methods for tracking attacking nodes are described and include extracting, from a database, an instance of each unique packet header associated with IP-to-IP packets transmitted over a time period. The method includes determining from extracted headers, which nodes have attempted to establish a connection with an excessive number of other nodes over a period, identifying these as potential attacking nodes, determining from the headers, which other nodes responded with a TCP SYN/ACK packet indicating a willingness to establish connections, and a potential for compromise. Nodes scanned by potential attacking nodes are disqualified from the identified nodes based on at least one of: data in the headers relating to at least one of an amount of data transferred, and scanning activities conducted by the nodes that responded to a potential attacking node with a TCP SYN/ACK packet. Any remaining potential attacking nodes and scanned nodes are presented to a user.
    Type: Grant
    Filed: August 20, 2008
    Date of Patent: May 13, 2014
    Assignee: The Boeing Company
    Inventors: Stephen Knapp, Timothy Mark Aldrich
  • Patent number: 8726036
    Abstract: According to this disclosure, a user is identified (and selectively granted access to protected resources) by using information that describes the user's interpersonal relationships. This information typically is stored in a datastore, such as a digital address book, an online profile page, or the like. The user's digital address book carries an “acquaintance pattern” that changes dynamically in time. This pattern comprises the information in the user's contact list entries. In this approach, the entropy inherent in this information is distilled into a unique acquaintance digest (or “fingerprint”) by normalizing the contact list data, and then applying a cryptographic function to the result.
    Type: Grant
    Filed: September 20, 2011
    Date of Patent: May 13, 2014
    Assignee: Wallrust, Inc.
    Inventors: Adam Kornafeld, Jozsef Patvarczki, Marton B. Anka, Endre Tamas
  • Patent number: 8726123
    Abstract: A bit error corrector includes an aging bit pattern memory operable to store at least one aging bit pattern which conveys aging-related effects within a succession of uncorrected bit patterns, a bit pattern modifier operable to modify a current, uncorrected bit pattern using the at least one aging bit pattern and generate a modified bit pattern, and a bit pattern comparator operable to compare the current uncorrected bit pattern with a corrected bit pattern which is based on the modified bit pattern and determine a corresponding comparative bit pattern. An aging bit pattern determiner is operable to recursively determine a new aging bit pattern based on the at least one aging bit pattern and the comparative bit pattern, and store the new aging bit pattern in the aging bit pattern memory for use during modification of a subsequent uncorrected bit pattern by the bit pattern modifier.
    Type: Grant
    Filed: July 13, 2012
    Date of Patent: May 13, 2014
    Assignee: Infineon Technologies AG
    Inventors: Rainer Goettfert, Berndt Gammel, Thomas Kuenemund
  • Patent number: 8724803
    Abstract: A method and apparatus for secure generation of a short-term key SK for viewing information content in a Multicast-broadcast-multimedia system are described. A short-term key is generated by a memory module residing in user equipment (UE) only when the source of the information used to generate the short-term key can be validated. A short-term key can be generated by a Broadcast Access Key (BAK) or a derivative of BAK and a changing value with a Message Authentication Code (MAC) appended to the changing value. A short-term key (SK) can also be generated by using a private key and a short-term key (SK) manager with a corresponding public key distributed to the memory module residing in the user equipment (UE), using a digital signature.
    Type: Grant
    Filed: September 1, 2004
    Date of Patent: May 13, 2014
    Assignee: QUALCOMM Incorporated
    Inventors: James Semple, Gregory Gordon Rose
  • Patent number: 8713310
    Abstract: The invention relates to a method for transmitting user data, particularly user data realizing real-time applications, between at least one first communication device and at least one second communication device, the user data being transmitted as data packets during a communication connection, wherein during the communication connection at least from the first communication device at least one packet enabling an authentication of the first communication device is embedded in at least one of the data packets transmitting the user data and directed at the second communication device. The invention furthermore relates to an arrangement for carrying out the method.
    Type: Grant
    Filed: September 6, 2007
    Date of Patent: April 29, 2014
    Assignee: Siemens Enterprise Communications GmbH & Co. KG
    Inventors: Bruno Bozionek, Karl Klaghofer, Holger Prange, Werner Schneider, Michael Tietsch
  • Patent number: 8713311
    Abstract: Methods for changing authentication keys when transmitting data are provided. In one aspect, a method includes receiving a first data packet including a first sender-generated authentication value generated using a first authentication key, and a first message encrypted using a first encryption key, and receiving an indication that subsequent packets will include authentication values generated using a second authentication key. The method also includes receiving a second packet includes a second sender-generated authentication value and an encrypted second message, and applying the second authentication key to the second packet to generate a recipient-generated authentication value. The encrypted second message is decrypted if these two authentication values match. Otherwise, the first authentication key is applied to the second packet to generate another recipient-generated authentication value. If these two authentication values match, the encrypted message is decrypted using the first encryption key.
    Type: Grant
    Filed: November 7, 2012
    Date of Patent: April 29, 2014
    Assignee: Google Inc.
    Inventor: James Roskind
  • Patent number: 8713312
    Abstract: A method and apparatus for detecting data modification in a layered operating system is disclosed. Outbound content indicators at different layers are compared to detect potential outbound data modifications. Likewise, inbound content indicators at different layers are compared to detect potential inbound data modifications. Content indicators include checksum, cryptographic hash, signature, and fingerprint indicators. Embodiments of the present invention enable detection of data modifications across an operating system's kernel and user mode spaces, prevention of modified outbound data from reaching a network, prevention of modified input data from reaching a user application, and detection of malware and faults within an operating system.
    Type: Grant
    Filed: December 6, 2009
    Date of Patent: April 29, 2014
    Assignee: Trend Micrio Incorporated
    Inventors: Rares Stefan, Blake Stanton Sutherland
  • Patent number: 8707033
    Abstract: An information processing apparatus has an authentication and key exchange processing unit, a packet selector, a content key generator, a content decryption unit to decrypt, based on the content key, the encrypted content which is included in the content packet and received following the CCI packet, a CCI set identifier management unit to manage a CCI identifier corresponding to recognizable copy control information, a CCI selector, a CCI analyzer to analyze copy control information corresponding to the CCI identifier selected by the CCI selector, a content processing unit to perform, based on an analysis result of the CCI analyzer, the receiving process on the content data corresponding to the content packet received following the CCI packet, a first communication connection unit to perform the authentication and key exchange process, and a second communication connection unit to transmit the content packet and the CCI packet.
    Type: Grant
    Filed: December 12, 2011
    Date of Patent: April 22, 2014
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Hiroshi Isozaki, Yoshinobu Fujiwara, Kunio Honsawa, Taku Kato
  • Patent number: 8706701
    Abstract: Example embodiments of the present invention provide authenticated file system that provides integrity and freshness of both data and metadata more efficiently than existing systems. The architecture of example embodiments of the present invention is natural to cloud settings involving a cloud service provider and enterprise-class tenants, thereby addressing key practical considerations, including garbage collection, multiple storage tiers, multi-layer caching, and checkpointing. Example embodiments of the present invention support a combination of strong integrity protection and practicality for large (e.g., petabyte-scale), high-throughput file systems. Further, example embodiments of the present invention support proofs of retrievability (PoRs) that let the cloud prove to the tenant efficiently at any time and for arbitrary workloads that the full file system (i.e.
    Type: Grant
    Filed: June 30, 2011
    Date of Patent: April 22, 2014
    Assignee: EMC Corporation
    Inventors: Emil P. Stefanov, Marten E. Van Dijk, Alina M. Oprea, Ari Juels
  • Publication number: 20140108790
    Abstract: Secure communication of user inputs is achieved by isolating part of an endpoint device such that certificates and encryption keys are protected from corruption by malware. Further, the communication is passed through a trusted data relay that is configured to decrypt and/or certify the user inputs encrypted by the isolated part of the endpoint device. The trusted data relay can determine that the user inputs were encrypted or certified by the protected certificates and encryption keys, thus authenticating their origin within the endpoint device. The trusted data relay then forwards the inputs to an intended destination. In some embodiments, the isolated part of the endpoint device is configured to detect input created by auto-completion logic and/or spell checking logic.
    Type: Application
    Filed: October 16, 2013
    Publication date: April 17, 2014
    Inventors: Michael Eynon, Peter Sinclair, James Lloyd
  • Patent number: 8689009
    Abstract: The invention provides a method for accessing the mass memory of a data carrier with a mass memory and a chip. The data carrier has been or is personalized by an individual date of a use device which is or has already been stored in(to) the chip to a use device for accessing the data carrier, so that the data carrier can only be used with this use device.
    Type: Grant
    Filed: August 19, 2005
    Date of Patent: April 1, 2014
    Assignee: Giesecke & Devrient GmbH
    Inventors: Thomas Bräutigam, Andreas Johne
  • Patent number: 8688994
    Abstract: Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member.
    Type: Grant
    Filed: June 25, 2010
    Date of Patent: April 1, 2014
    Assignee: Microsoft Corporation
    Inventors: Hasan Alkhatib, Geoffrey Outhred, Deepak Bansal, Anatoliy Panasyuk, Dharshan Rangegowda, Anthony Chavez
  • Patent number: 8683577
    Abstract: An authentication method in a system having a display and a storage device is provided. The authentication method includes the steps of registering an object selected for each user from among a plurality of visually distinguishable objects prepared in advance as a key object in the storage device; and presenting the plurality of objects to the display, accepting selection of an object by a user to be authenticated, and performing authentication based on matching/mismatching of the selected object with the key object registered in association with the user. The step of registering includes a step of determining a degree of freedom of selection of the object at the time of registration of the key object according to a degree of overlapping of the key object already registered in the storage device.
    Type: Grant
    Filed: July 14, 2010
    Date of Patent: March 25, 2014
    Assignee: Konica Minolta Holdings, Inc.
    Inventors: Chiho Murai, Motohiro Asano
  • Patent number: 8683568
    Abstract: Techniques for using a network analyzer device connected to a network include (a) sniffing packets traversing the network between a web-based application server and a user machine, the user machine being operated by a user, (b) analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server, and (c) sending the extracted event information to an authentication server for risk-based authentication of the user.
    Type: Grant
    Filed: September 22, 2011
    Date of Patent: March 25, 2014
    Assignee: EMC Corporation
    Inventors: Anton Khitrenovich, Oded Peer, Oleg Freylafert