File Protection Patents (Class 713/165)
  • Patent number: 10235534
    Abstract: In various embodiments, a data subject request fulfillment system may be adapted to prioritize the processing of data subject access requests based on metadata of the data subject access request. For example, the system may be adapted for: (1) in response to receiving a data subject access request, obtaining metadata regarding the data subject; (2) using the metadata to determine whether a priority of the data subject access request should be adjusted based on the obtained metadata; and (3) in response to determining that the priority of the data subject access request should be adjusted based on the obtained metadata, adjusting the priority of the data subject access request.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: March 19, 2019
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Jason L. Sabourin, Jonathan Blake Brannon, Mihir S. Karanjkar, Kevin Jones
  • Patent number: 10229193
    Abstract: Described herein is a framework for collecting event related tweets. In accordance with one aspect of the framework, an initial set of keywords is constructed from a reference source. Tweets are collected from a messaging stream using the initial set of keywords for a first time window. The collected tweets are filtered to generate a candidate keywords set. The selected tweets of the candidate keywords set are grouped into a plurality of clusters. The clusters are classified into event related and non-event related clusters. The initial set of keywords is updated to obtain a new set of keywords.
    Type: Grant
    Filed: October 3, 2016
    Date of Patent: March 12, 2019
    Assignee: SAP SE
    Inventors: Xin Zheng, Aixin Sun
  • Patent number: 10229285
    Abstract: The invention performs anonymous read/write accesses of a set of user devices to a server. Write accesses of the user devices of the set comprise generating an encrypted file by an anonymous encryption scheme; computing a pseudorandom tag; indexing the encrypted file with the tag as user set index of the user set and writing the encrypted file and the associated tag to the a storage system of the server. Read accesses of the user devices of the set comprise downloading tag data corresponding to a plurality of tags from the server, the tag data enabling the user devices of a respective set to recognize so-called “own” tags computed by one of the user devices of the respective set of user devices; determining the own tags among the plurality of tags; reading one or more encrypted files associated to the own tags; and decrypting the encrypted files.
    Type: Grant
    Filed: March 22, 2016
    Date of Patent: March 12, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jan L. Camenisch, Maria Dubovitskaya, Anja Lehmann, Gregory Neven
  • Patent number: 10218387
    Abstract: A system and method of utilizing ECC memory to detect software errors and malicious activities is disclosed. In one embodiment, after a pool of memory is freed, every data word in that pool is modified to ensure that an ECC error will occur if any data word in that pool is read again. In another embodiment, the ECC memory controller is used to detect and prevent non-secure applications from accessing secure portions of memory.
    Type: Grant
    Filed: May 8, 2017
    Date of Patent: February 26, 2019
    Assignee: Silicon Laboratories Inc.
    Inventor: Thomas S. David
  • Patent number: 10209915
    Abstract: An electronic device is provided. The electronic device includes at least one first memory being nonvolatile and a processor configured to read a file from the first memory or to write a file on the first memory. The first memory stores instructions, the instructions, when executed, causing the processor to provide a software layer structure including a first virtual file system layer configured to interface with an application program layer, a compressed file system layer configured to compress at least a part of data of the written file or to decompress at least a part of data of the read file, a second virtual file system layer configured to manage the written or read file, and a first file system layer configured to read at least a part of the file from the first memory or to write at least a part of the file on the first memory.
    Type: Grant
    Filed: April 14, 2016
    Date of Patent: February 19, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Sung Hwan Yun, Woo Joong Lee, Sei Jin Kim, Min Jung Kim, Jong Min Kim, Sung Jong Seo, Jun Beom Yeom, Sang Woo Lee, Jong Woo Hong
  • Patent number: 10212085
    Abstract: A system that includes multiple hosts, each running a plurality of virtual machines. The system may be, for example, a cloud computing environment in which there are services and a service coordination system that communicates with the hosts and with the services. The services include a middleware management service that is configured to maintain per-tenant middleware policy for each of multiple tenants. The middleware management service causes the middleware policy to be applied to network traffic by directing network traffic to a middleware enforcement mechanism. This middleware policy is per-tenant in that it depends on an identity of a tenant.
    Type: Grant
    Filed: June 30, 2017
    Date of Patent: February 19, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Deepak Bansal, Parveen Patel, Albert Greenberg
  • Patent number: 10204106
    Abstract: A computer stores a file in a folder. The computer executes a process including acquiring identification information of files included in a single archive file, when the folder stores the single archive file, the single archive file being generated by integrating the files and performing a compression process, or by integrating the files; outputting the acquired identification information of the files as candidates that may be associated with another folder, file, or an individual data object in another file, which is managed by the computer; and storing association information with respect to one of the files which is specified to be associated with another folder, file, or an individual data object included in another file, the association information being information for associating the one of the files with another folder, or file, or an individual data object included in another file, which is a target of association.
    Type: Grant
    Filed: January 13, 2015
    Date of Patent: February 12, 2019
    Assignees: FUJITSU LIMITED, HONDA MOTOR CO., LTD.
    Inventors: Naoki Hashiguchi, Kou Kawanobe, Hiroshi Ishida
  • Patent number: 10192074
    Abstract: Techniques describe preventing sensitive data from being misappropriated during a clipboard operation. A copy operation for data being copied to a clipboard is intercepted. Information describing a first application from which the data was copied is retrieved. The data and the information are stored into the clipboard. A paste operation is evaluated based on the data, and the information is evaluated against a policy to determine whether the paste operation should be blocked.
    Type: Grant
    Filed: October 31, 2017
    Date of Patent: January 29, 2019
    Assignee: Symantec Corporation
    Inventors: Sumit Manmohan Sarin, Sumant Modak, Amit Shinde, Bishnu Chaturvedi
  • Patent number: 10192278
    Abstract: A traceable data audit apparatus, method, and non-transitory computer readable storage medium thereof are provided. The traceable data audit apparatus is stored with an original data set. The original data set includes a plurality of records and is defined with a plurality of fields. Each of the records has a plurality of items corresponding to the fields one-on-one. The fields are classified into an identity sensitive subset and an identity insensitive subset. The traceable data audit apparatus generates a released data set by applying a de-identification operation to each of the items corresponding to the fields in the identity sensitive subset and stores an audit log of the original data set. The audit log includes a date, a consumer identity, an identity of the original data set, and a plurality of evidences. Each of the evidence is one of the records of the released data set.
    Type: Grant
    Filed: March 16, 2016
    Date of Patent: January 29, 2019
    Assignee: Institute For Information Industry
    Inventors: Yen-Hung Kuo, Tzu-Wei Yeh, Guang-Yan Zheng
  • Patent number: 10186266
    Abstract: Methods and systems for providing message playback using a shared electronic device is described herein. In response to receiving a request to output messages, a speech-processing system may determine a group account associated with a requesting device, and may determine messages stored by a message data store for the group account. Speaker identification processing may also be performed to determine a speaker of the request. A user account associated with the speaker, and messages stored for the user account, may be determined. A summary response indicating the user account's messages and the group account's message may then be generated such that the user account messages are identified prior to the group account's messages. The messages may then be analyzed to determine an appropriate voice user interface for the requester such that the playback of the messages using a shared electronic device is more natural and conversational.
    Type: Grant
    Filed: December 28, 2016
    Date of Patent: January 22, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Christo Frank Devaraj, Brian Oliver, Sumedha Arvind Kshirsagar, Gregory Michael Hart, Ran Mokady
  • Patent number: 10187428
    Abstract: Disclosed are various embodiments for active data that tracks usage. The active data includes instructions that are executable by a computing device. The computing device is scanned to identify characteristics of the computing device. The characteristics of the computing device are utilized to determine whether the usage of the active data is authorized. Data is transmitted to a network service, including identifying information for the particular computing device and data that identifies a deployment of the active data.
    Type: Grant
    Filed: June 9, 2017
    Date of Patent: January 22, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Harsha Ramalingam, Dominique Imjya Brezinski, Jesper Mikael Johansson, Jon Arron McClintock, James Connelly Petts
  • Patent number: 10182049
    Abstract: Implementations of a system and method of generating and using bilaterally generated variable instant passwords are disclosed. In some implementations, a computer implemented method of Authenticated Dialogue Initiation between a USER and another party is provided. In some implementations, the USER may attempt to establish a connection with another party at their IP address; the other party may be known or unknown by the USER. In this implementation, a publically available authentication device, comprised of a variable character set, is used to generate a CALL for a password. The password is used to authenticate the other party; authentication is to completed once the correct password is received from the IP address of the party contacted by the USER. In some implementations, Authenticated Dialogue Initiation may be used to control (e.g., grant, deny, and/or limit) another party's access to the USER's computer system.
    Type: Grant
    Filed: September 23, 2017
    Date of Patent: January 15, 2019
    Inventor: Abdul Rahman Syed Ebrahim Abdul Hameed Khan
  • Patent number: 10182387
    Abstract: Aspects of the subject disclosure may include, for example, predicting opportunities for a mobile communication device to access a network via available pathways during a first time period according to a history of network connectivity of the mobile communication device, selecting a first pathway of the available pathways according to the opportunities that are predicted for the mobile communication device to access the network via the available pathways during the first time period, and directing transmission of first data to the mobile communication device via the first pathway during the first time period, wherein a presence of a second data at the mobile communication device enables an application to access the first data at the mobile communication device. Other embodiments are disclosed.
    Type: Grant
    Filed: June 1, 2016
    Date of Patent: January 15, 2019
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: James G. Beattie, Jr.
  • Patent number: 10178127
    Abstract: A method is provided for securing a mobile communications device to a level required for accessing a network, for example a secured enterprise network, by means of a public network such as the Internet. A mobile communications device is also provided incorporating functionality to enable centralized control over the configuration of the mobile device and thereby to control the actions of users of that device and of applications software that may be installed and executed on that device. Furthermore, a system is provided to implement a mobile communications infrastructure for an enterprise network with centralized control over the configuration of mobile communications devices within the system.
    Type: Grant
    Filed: September 8, 2014
    Date of Patent: January 8, 2019
    Assignee: BAE Systems plc
    Inventors: Owain Thomas James Davies, Andrew John Roberts
  • Patent number: 10178077
    Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: January 8, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Todd Lawrence Cignetti, Eric Jason Brandwine, Robert Eric Fitzgerald, Andrew J. Doane
  • Patent number: 10178499
    Abstract: Various embodiments may provide systems and methods for achieving continuous measurements (e.g., continuous video images) of the same spot on the Earth using Low Earth Orbit (LEO) satellite constellations and/or Middle Earth Orbit (MEO) satellite constellations. Various embodiments may provide a system of Virtual Low Earth Orbit (LEO) Stationary Satellites (VLSSs) over any area of the Earth for a continuous or a periodic amount of time.
    Type: Grant
    Filed: April 20, 2018
    Date of Patent: January 8, 2019
    Assignee: THE UNITED STATES OF AMERICA AS REPRESENTED BY THE ADMINISTRATOR OF NASA
    Inventors: Curtis R. Regan, Stephen J. Horan
  • Patent number: 10169609
    Abstract: Responding to a data subject access request includes receiving the request and validating an identity of the requestor. In response to validating the identity of the requestor, a computer processor determines whether the data subject access request is subject to fulfillment constraints. If so, then the computer processor notifies the requestor that the data subject access request is subject to one or more limitations and the computer processor takes action based on those limitations. Fulfillment constraint data is updated and maintained in a database or server.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: January 1, 2019
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Jason L. Sabourin, Jonathan Blake Brannon, Mihir S. Karanjkar, Kevin Jones
  • Patent number: 10171585
    Abstract: Provided are a method, a system, and a computer program product in which a computational device stores a first part of data in a first cloud storage maintained by a first entity. A second part of the data is stored in a second cloud storage maintained by a second entity.
    Type: Grant
    Filed: December 7, 2015
    Date of Patent: January 1, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Matthew G. Borlick, Lokesh M. Gupta, Roger G. Hathorn, Karl A. Nielsen
  • Patent number: 10162971
    Abstract: In some embodiments, a first device may generate a data block for an ordered set of data blocks such that the data block is cryptographically chained to a given data block preceding the data block in the ordered set. The first device may obtain an encryption key used to encrypt information related to the data block, and use group members' keys to encrypt the encryption key to generate a group key. As an example, the group's members may include a first member associated with the first device and other members. The keys used to encrypt the encryption key may include the other members' keys. The first device may transmit the ordered set and the group key to a communication resource (e.g., accessible by the members). Other devices (associated with the other members) may use the ordered set and the group key to obtain content related to the ordered set.
    Type: Grant
    Filed: April 13, 2018
    Date of Patent: December 25, 2018
    Assignee: TOPIA TECHNOLOGY, INC.
    Inventors: John Haager, Cody Sandwith, Janine Terrano, Prasad Saripalli
  • Patent number: 10154037
    Abstract: Techniques are disclosed for implementation of a data storage device as a security device for managing access to resources. These techniques can be implemented for multi-factor authentication (MFA) to provide multiple layers of security for managing access to resources in an enterprise and/or a cloud computing environments. As a security device, a storage device can be used a portable device to provide a point of trust for multi-factor authentication across any client application or device operated to access resources. A storage device may be configured with security data for authentication with an access management system. After configuration, a portable storage device may be used for authentication of a user without credential information at any client device based on accessibility of the device to the portable storage device. A storage device configured as a security device can ensure that legitimate users have an easy way to authenticate and access the resources.
    Type: Grant
    Filed: March 22, 2017
    Date of Patent: December 11, 2018
    Assignee: Oracle International Corporation
    Inventors: Nagaraj Pattar, Harsh Maheshwari
  • Patent number: 10153900
    Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.
    Type: Grant
    Filed: October 11, 2017
    Date of Patent: December 11, 2018
    Assignee: Apple Inc.
    Inventors: Dallas B. De Atley, Jerrold V. Hauck, Mitchell D. Adler
  • Patent number: 10152530
    Abstract: A control point module may receive information associated with a plurality of users accessing a plurality of files. Each of the files may be stored in a folder of the plurality of folders. Users who have accessed one or more files stored in a folder may be assigned to each corresponding folder. Users who have been assigned to each folder of a plurality of pairs of the folders may be compared to identify one or more differences of assigned users between each folder of each pair of the folders. Furthermore, a recommended control point may be determined based on the identified one or more differences of the assigned users.
    Type: Grant
    Filed: July 23, 2014
    Date of Patent: December 11, 2018
    Assignee: Symantec Corporation
    Inventors: Michael Andrew Hart, Anantharaman Ganesh
  • Patent number: 10153896
    Abstract: A method of encrypting data transmitted from a first device to a second device, performed by using an Advanced Encryption Standard (AES) encryption algorithm, includes obtaining size information of an encryption key and size information of data that is to be encrypted and includes a plurality of bits; encrypting a first bit group, which is at least one bit corresponding to a size of the encryption key, among the plurality of bits, by using the encryption key; selecting a third bit group, which is at least one bit of the encrypted first bit group based on size information of the encryption key and a size of a second bit group including bits that are different from the first bit group among the plurality of bits; and encrypting the second bit group and the selected third bit group by using the encryption key.
    Type: Grant
    Filed: August 26, 2015
    Date of Patent: December 11, 2018
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventor: Han-gil Moon
  • Patent number: 10146961
    Abstract: Described embodiments provide systems and methods for encrypting journal data of a storage system. At least one key is generated, each key having an associated key identifier. The at least one key and the associated key identifiers are stored to a key store. User data is read from a replica volume of the storage system. The read user data is encrypted with an associated key. Encrypted data is written to a journal associated with the replica volume. The key identifier of the associated key is written to the journal.
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: December 4, 2018
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Leehod Baruch, Assaf Natanzon, Jehuda Shemer, Amit Lieberman, Ron Bigman
  • Patent number: 10148433
    Abstract: A method and apparatus of enabling access to a resource secured with a shared access control mechanism is provided. The method includes providing a public key and an authentication protected private key for a user. The private key is released to the user after receiving correct authentication. In one embodiment, the authentication may be one or more of a password, pass phrase, biometric, and smart card. The private key may be used to release the shared access control mechanism for the resource. In one embodiment, a plurality of users may have their private key provide access to the shared access control mechanism.
    Type: Grant
    Filed: October 14, 2009
    Date of Patent: December 4, 2018
    Assignee: DigitalPersona, Inc.
    Inventors: Kirill Lozin, Sergei Menchenin
  • Patent number: 10140477
    Abstract: A method for obfuscating keys is provided. The method includes identifying that a memory is subject to one of a core dump or an hibernation and overwriting a key in unencrypted form in the memory, responsive to the identifying, wherein at least one method operation is performed by a processor. A system and a computer readable media are also provided.
    Type: Grant
    Filed: December 9, 2013
    Date of Patent: November 27, 2018
    Assignee: THALES E-SECURITY, INC.
    Inventors: Ramaraj Pandian, Rohan Nandode, Rajesh Gupta
  • Patent number: 10140451
    Abstract: A method is provided in one example embodiment and includes initiating an execution of a compiled script, evaluating a function called in the compiled script, detecting an execution event based on at least a first criterion, and storing information associated with the execution event in an execution event queue. The method also includes verifying a correlation signature based on information associated with at least one execution event in the execution event queue. In specific embodiments, the method includes evaluating an assignment statement of a script during compilation of the script by a compiler, detecting a compilation event based on at least a second criterion, and storing information associated with the compilation event in a compilation event queue. In yet additional embodiments, the verification of the correlation signature is based in part on information associated with one or more compilation events in the compilation event queue.
    Type: Grant
    Filed: January 16, 2014
    Date of Patent: November 27, 2018
    Assignee: McAfee, LLC.
    Inventors: Chong Xu, Bing Sun, Navtej Singh, Yichong Lin, Zheng Bu
  • Patent number: 10134042
    Abstract: A computer system for processing vehicle ownership support data includes an infrastructure platform which includes a plurality of hardware and software components, infrastructure services, APIs, and SDKs adapted to communicate in a communication network. The infrastructure platform receives telematics data such as vehicle identification data, driving performance data, vehicle operation data and vehicle sensor data for a corresponding vehicle. Such telematics data can be received from a vehicle device (Onboard Device (OBD)), or from a cloud-based telematics platform. The infrastructure platform identifies vehicle ownership support services associated with the at least one vehicle and analyzes the received telematics data associated with the identified services. The infrastructure platform provides vehicle ownership support services to a mobile application accessible at a customer's mobile device associated with the vehicle or the customer.
    Type: Grant
    Filed: October 9, 2015
    Date of Patent: November 20, 2018
    Assignee: United Services Automobile Association (USAA)
    Inventors: Bharat Prasad, Charles L. Oakes, III
  • Patent number: 10135871
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for service oriented software-defined security framework are disclosed. In one aspect, a system includes a security control device, one or more assets, and a security controller that communicates with the security control device and the one or more assets. The security controller includes a processing engine configured to register the security control device by creating a physical-logical attribute mapping for the security control device, and generating a security service description associated with the security control device. The processing engine is further configured to register the one or more assets by creating a physical-logical attribute mapping for each of the one or more assets, and generating security service requirements for each of the one or more assets. The processing engine is further configured to generate a security service binding based on a request for service.
    Type: Grant
    Filed: June 8, 2016
    Date of Patent: November 20, 2018
    Assignee: Accenture Global Solutions Limited
    Inventors: Song Luo, Malek Ben Salem
  • Patent number: 10120984
    Abstract: An information processing apparatus includes a data processing unit which executes processing for decoding and reproducing encrypted content. The data processing unit executes processing for determining whether the content can be reproduced by applying an encrypted content signature file. The encrypted content signature file stores information on issue date of the encrypted content signature file and an encrypted content signature issuer certificate with a public key of an encrypted content signature issuer. In determining whether the content can be reproduced, the data processing unit compares expiration date of the encrypted content signature issuer certificate with the information on issue date of the encrypted content signature file, and does not perform processing for decoding and reproducing the encrypted content when the expiration date is before the issue date, and performs the processing for decoding and reproducing the encrypted content only when the expiration date is not before the issue date.
    Type: Grant
    Filed: November 6, 2012
    Date of Patent: November 6, 2018
    Assignee: Sony Corporation
    Inventors: Yoshiyuki Kobayashi, Hiroshi Kuno, Takamichi Hayashi
  • Patent number: 10122753
    Abstract: A variety of techniques are disclosed for detection of advanced persistent threats and similar malware. In one aspect, the detection of certain network traffic at a gateway is used to trigger a query of an originating endpoint, which can use internal logs to identify a local process that is sourcing the network traffic. In another aspect, an endpoint is configured to periodically generate and transmit a secure heartbeat, so that an interruption of the heartbeat can be used to signal the possible presence of malware. In another aspect, other information such as local and global reputation information is used to provide context for more accurate malware detection.
    Type: Grant
    Filed: April 28, 2014
    Date of Patent: November 6, 2018
    Assignee: Sophos Limited
    Inventor: Andrew J. Thomas
  • Patent number: 10116688
    Abstract: The disclosed computer-implemented method for detecting potentially malicious files may include (1) detecting an attempt by the computing device to execute a file, (2) prior to execution of the file, determining that a filename of the file contains a combination of characters indicative of a false filename extension included within a middle section of the filename, (3) determining, based at least in part on the false filename extension being included within the middle section of the filename, that the file is potentially malicious, and then in response to determining that the file is potentially malicious, (4) preventing the computing device from executing the file. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 24, 2015
    Date of Patent: October 30, 2018
    Assignee: Symantec Corporation
    Inventor: James Yun
  • Patent number: 10114969
    Abstract: The system and method presents a secure blockchain enabled encryption. Incoming information and data files may be encrypted using any preferred method of encryption, then sliced into segments, each segment of which is hashed and encrypted onto one or more blockchains depending upon the size of the segments desired. A retrieval and recombination mechanism is employed to quickly locate and decrypt all of the segments of each information file such that the blockchain distributed across multiple servers, including cloud-based servers. Upon request, the encrypted blockchain segments may also be shared among multiple users without compromising the encryption of the information file.
    Type: Grant
    Filed: August 3, 2016
    Date of Patent: October 30, 2018
    Inventors: Jordan White Chaney, Charlie Housholder, William Krut, Christian Nimsch, Bryce Nelson Chaney
  • Patent number: 10104107
    Abstract: Various embodiments include methods of evaluating device behaviors in a computing device and enabling white listing of particular behaviors. Various embodiments may include monitoring activities of a software application operating on the computing device, and generating a behavior vector information structure that characterizes a first monitored activity of the software application. The behavior vector information structure may be applied to a machine learning classifier model to generate analysis results. The analysis results may be used to classify the first monitored activity of the software application as one of benign, suspicious, and non-benign. A prompt may be displayed to the user that requests that the user select whether to whitelist the software application in response to classifying the first monitored activity of the software application as suspicious or non-benign. The first monitored activity may be added to a whitelist of device behaviors in response to receiving a user input.
    Type: Grant
    Filed: September 10, 2015
    Date of Patent: October 16, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Vinay Sridhara, Yin Chen, Rajarshi Gupta
  • Patent number: 10102517
    Abstract: A request to make a purchase from a mobile device of a first entity is detected. In response to the detected request, a determination is made whether the first entity has a subservient relationship with a second entity. In response to a determination that the first entity has the subservient relationship with the second entity, another determination is made whether the first entity is located proximate to the second entity. A first set of purchasing limitations is applied to the request in response to the determination that the first entity has the subservient relationship with the second entity and a determination that the first entity is located proximate to the second entity.
    Type: Grant
    Filed: January 9, 2017
    Date of Patent: October 16, 2018
    Assignee: PAYPAL, INC.
    Inventor: Jeremiah Joseph Akin
  • Patent number: 10097356
    Abstract: An electronic resource tracking and storage computer system is provided that communicates with a distributed blockchain computing system that includes multiple computing nodes. The system includes a storage system, a transceiver, and a processing system. The storage system includes an resource repository and transaction repository that stores submitted blockchain transactions. A new resource issuance request is received, and a new resource is added to the resource repository in response. A new blockchain transaction is generated and published to the blockchain. In correspondence with publishing to the blockchain, the transaction storage is updated with information that makes up the blockchain transaction and some information that was not included as part of the blockchain transaction. The transaction storage is updated when the blockchain is determined to have validated the previously submitted blockchain transaction.
    Type: Grant
    Filed: July 1, 2016
    Date of Patent: October 9, 2018
    Assignee: NASDAQ, INC.
    Inventor: Alex Zinder
  • Patent number: 10097522
    Abstract: A query-based system for sharing encrypted data, comprising at least one hardware processor; and at least one non-transitory memory device having embodied thereon instructions executable by the at least one hardware processor to: receive a file and a plaintext tag and provide secure access to the file using the plaintext tag, and, responsive to receiving a search query matching the plaintext tag, securely retrieve the file, wherein providing secure access to the file comprises: encrypting the file into multiple portions, storing each portion separately, deriving multiple differently encrypted ciphertexts by encrypting the plaintext tag multiple times, separately indexing each portion using a different one of the ciphertexts, wherein securely retrieving the file comprises: deriving multiple differently encrypted search queries by encrypting the search query multiple times, querying using the multiple encrypted search queries, retrieving at least some of the multiple portions, and recovering the file from the r
    Type: Grant
    Filed: May 23, 2016
    Date of Patent: October 9, 2018
    Inventor: Nili Philipp
  • Patent number: 10089459
    Abstract: The various aspects provide a method for recognizing and preventing malicious behavior on a mobile computing device before it occurs by monitoring and modifying instructions pending in the mobile computing device's hardware pipeline (i.e., queued instructions). In the various aspects, a mobile computing device may preemptively determine whether executing a set of queued instructions will result in a malicious configuration given the mobile computing device's current configuration. When the mobile computing device determines that executing the queued instructions will result in a malicious configuration, the mobile computing device may stop execution of the queued instructions or take other actions to preempt the malicious behavior before the queued instructions are executed.
    Type: Grant
    Filed: November 11, 2015
    Date of Patent: October 2, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Vinay Sridhara, Satyajit Prabhakar Patne, Rajarshi Gupta
  • Patent number: 10090998
    Abstract: A request to perform one or more operations using a second key that is inaccessible to a customer of a computing resource service provider is received from the customer, with the request including information that enables the computing resource service provider to select the second key from other keys managed on behalf of customers of the computing resource service provider. A first key, and in addition to the first key, an encrypted first key, is provided to the customer. Data encrypted under the first key is received from the customer. The encrypted first key and the data encrypted under the first key is caused to be stored in persistent storage, such that accessing the data, in plaintext form, from the persistent storage requires use of both a third key and the second key that is inaccessible to the customer.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: October 2, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Matthew James Wren
  • Patent number: 10091156
    Abstract: A communication device is provided which includes a transmission unit, a BCC memory unit, a reception unit, a determination module, an accepting module and a mail generation module. The BCC memory unit stores the BCC destination of the mail sent in the past while being associated with the mail. The determination module determines whether or not a mail that the reception unit receives is a reply mail to the mail including the BCC destination that the transmission unit sent in the past. The mail generation module generates a mail addressed to sending destinations to which the BCC destination stored in the BCC destination memory unit while being associated with a mail of a reply source is added in addition to a sending destination that the accepting module accepts for the mail determined to be a reply mail to the mail including the BCC destination and sent in the past.
    Type: Grant
    Filed: June 17, 2015
    Date of Patent: October 2, 2018
    Assignee: KYOCERA Document Solutions Inc.
    Inventors: Shoichi Sakaguchi, Hideki Takeda, Yoshihisa Tanaka, Yumi Hirobe
  • Patent number: 10089037
    Abstract: There is disclosed a method for use in managing data storage. In one embodiment, the method comprises operating storage processors of respective data storage systems at different location. The storage processors comprising a distributed data manager and an IO stack arranged within the storage processor such that the distributed data manager can receive a LUN outputted by the IO stack. The method further comprises distributed data managers receiving LUNs outputted by their corresponding IO stacks, controlling LUN output and providing LUN output that enables active-active access to the storage systems at the respective different locations.
    Type: Grant
    Filed: October 29, 2013
    Date of Patent: October 2, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Jean-Pierre Bono, Scott W. Keaney
  • Patent number: 10089035
    Abstract: There is disclosed a method for managing data storage. In one embodiment, the method comprises operating a storage processor of a first data storage system at a first location. The storage processor comprising a first distributed data manager and an IO stack arranged therein such that distributed data manager can receive a LUN outputted by IO stack. The method also comprises initiating a communication between first distributed data manager and second distributed data manager associated with a second data storage system at a second location. The method further comprises migrating stored data on first data storage system to second data storage system and providing LUN information associated with stored data to second data storage system such that a LUN identify of migrated data stored on second data storage system is similar to a LUN identity of corresponding stored data on first data storage system.
    Type: Grant
    Filed: October 29, 2013
    Date of Patent: October 2, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Jean-Pierre Bono, Scott W. Keaney
  • Patent number: 10083298
    Abstract: A method for identifying malware is provided. The method includes performing a static analysis of a plurality of files and for each file of the plurality of files, determining in the static analysis whether the file includes an application programming interface (API). For each file, of the plurality of files, found to have an application programming interface, the method includes determining in the static analysis whether the application programming interface is proper in the file and alerting regarding an improper application programming interface when found in one of the plurality of files. A scanner for detecting malware is also provided.
    Type: Grant
    Filed: March 9, 2015
    Date of Patent: September 25, 2018
    Assignee: SYMANTEC CORPORATION
    Inventor: Bhaskar Krishnappa
  • Patent number: 10083294
    Abstract: Described systems and methods allow protecting a computer system from malware, such as return-oriented programming (ROP) exploits. In some embodiments, a set of references are identified within a call stack used by a thread of a target process, each reference pointing into the memory space of an executable module loaded by the target process. Each such reference is analyzed to determine whether it points to a ROP gadget, and whether the respective reference was pushed on the stack by a legitimate function call. In some embodiments, a ROP score is indicative of whether the target process is subject to a ROP attack, the score determined according to a count of references to a loaded module, according to a stack footprint of the respective module, and further according to a count of ROP gadgets identified within the respective module.
    Type: Grant
    Filed: October 10, 2016
    Date of Patent: September 25, 2018
    Assignee: Bitdefender IPR Management Ltd.
    Inventor: Raul V. Tosa
  • Patent number: 10075400
    Abstract: An email is received. The email consists of a common content, at least one recipient for the common content, a private content, and at least one recipient for the private content. Each of the at least one recipients for the private content is a recipient of the common content. The common content is stored in a first storage location, and the private content is stored in a second storage location.
    Type: Grant
    Filed: May 19, 2017
    Date of Patent: September 11, 2018
    Assignee: International Business Machines Corporation
    Inventors: Chitwan Humad, Rajesh V. Patil
  • Patent number: 10063528
    Abstract: A searchable encryption method enables encrypted search of encrypted documents based on document type. In some embodiments, the searchable encryption method is implemented in a network intermediary, such as a proxy server. The network intermediary encrypts documents on behalf of a user or an enterprise destined to be stored on a cloud service provider. The searchable encryption method encodes document type information into the encrypted search index while preserving encryption security. Furthermore, the searchable encryption method enables search of encrypted documents using the same encrypted index, either for a particular document type or for all encrypted documents regardless of the document type.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: August 28, 2018
    Assignee: Skyhigh Networks, Inc.
    Inventor: Hani T. Dawoud
  • Patent number: 10061711
    Abstract: A file access method and apparatus, and a storage system are provided. After receiving a file access request from a process, a first physical address space is accessed according to a preset first virtual address space and a preset first mapping relationship between the first virtual address space and the first physical address space, where the first physical address space stores a file system. After obtaining an index node of a target file from the first physical address space according to a file identifier of the target file carried in the file access request, a file page table of the target file is obtained according to file page table information. The file page table records a second physical address space in the first physical address space. The target file is accessed according to the second physical address space.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: August 28, 2018
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Guanyu Zhu, Jun Xu, Qun Yu
  • Patent number: 10038557
    Abstract: A method of a security system to provide access by a requester to an encrypted data object stored in an object store, the requester being authenticated by the object store, the method comprising: receiving, from the object store: the encrypted object having associated an object identifier; and an identifier of the requester; deriving a first cryptographic key to decrypt the object; deriving a second cryptographic key; re-encrypting the object based on the second key and communicating the re-encrypted object to the requester; wherein each of the first and second keys are based on the object identifier, the requester identifier and a secret key portion generated by the security system, the secret key portion being different for each of the first and second keys, the method further comprising: in response to a second authentication of the requester by the security system, communicating the secret key portion for the second key to the requester.
    Type: Grant
    Filed: September 24, 2015
    Date of Patent: July 31, 2018
    Assignee: British Telecommunications Public Limited Company
    Inventors: Theo Dimitrakos, Ali Sajjad
  • Patent number: 10031944
    Abstract: A method, article of manufacture, and apparatus for processing information are disclosed. In some embodiments, this includes receiving a query plan, identifying a first work file based on the query plan, determining a first work file transaction ID associated with the first work file, determining a data transaction ID, comparing the first work file transaction ID and the data transaction ID, creating a second work file based on the query plan if the data transaction ID is greater than the first work file transaction ID, and storing the second work file in a storage device. In some embodiments, the second work file may be associated with a second work file transaction ID.
    Type: Grant
    Filed: June 30, 2011
    Date of Patent: July 24, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Florian Michael Waas, Joy Jie Kent
  • Patent number: 10032035
    Abstract: The present disclosure involves systems and computer implemented methods for protecting portions of electronic documents. An example method includes receiving a request for access to an electronic file having sections, at least one section encrypted using a first key based on a first password. A second key is generated in response to receiving a second password, wherein the second key is generated based on the second password. The second key is compared to the first key. If the second key is identical to the first key, the least one section of the electronic file encrypted using the first key is decrypted using the second key. The electronic file is then presented such that the section(s) previously encrypted using the first cryptographic key is made visible. If the second key is not identical to the first, the electronic file is presented with the encrypted section(s) obscured.
    Type: Grant
    Filed: August 29, 2017
    Date of Patent: July 24, 2018
    Assignee: SAP SE
    Inventors: Anand Sinha, Vinay Sheel