File Protection Patents (Class 713/165)
  • Patent number: 10182387
    Abstract: Aspects of the subject disclosure may include, for example, predicting opportunities for a mobile communication device to access a network via available pathways during a first time period according to a history of network connectivity of the mobile communication device, selecting a first pathway of the available pathways according to the opportunities that are predicted for the mobile communication device to access the network via the available pathways during the first time period, and directing transmission of first data to the mobile communication device via the first pathway during the first time period, wherein a presence of a second data at the mobile communication device enables an application to access the first data at the mobile communication device. Other embodiments are disclosed.
    Type: Grant
    Filed: June 1, 2016
    Date of Patent: January 15, 2019
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: James G. Beattie, Jr.
  • Patent number: 10182049
    Abstract: Implementations of a system and method of generating and using bilaterally generated variable instant passwords are disclosed. In some implementations, a computer implemented method of Authenticated Dialogue Initiation between a USER and another party is provided. In some implementations, the USER may attempt to establish a connection with another party at their IP address; the other party may be known or unknown by the USER. In this implementation, a publically available authentication device, comprised of a variable character set, is used to generate a CALL for a password. The password is used to authenticate the other party; authentication is to completed once the correct password is received from the IP address of the party contacted by the USER. In some implementations, Authenticated Dialogue Initiation may be used to control (e.g., grant, deny, and/or limit) another party's access to the USER's computer system.
    Type: Grant
    Filed: September 23, 2017
    Date of Patent: January 15, 2019
    Inventor: Abdul Rahman Syed Ebrahim Abdul Hameed Khan
  • Patent number: 10178127
    Abstract: A method is provided for securing a mobile communications device to a level required for accessing a network, for example a secured enterprise network, by means of a public network such as the Internet. A mobile communications device is also provided incorporating functionality to enable centralized control over the configuration of the mobile device and thereby to control the actions of users of that device and of applications software that may be installed and executed on that device. Furthermore, a system is provided to implement a mobile communications infrastructure for an enterprise network with centralized control over the configuration of mobile communications devices within the system.
    Type: Grant
    Filed: September 8, 2014
    Date of Patent: January 8, 2019
    Assignee: BAE Systems plc
    Inventors: Owain Thomas James Davies, Andrew John Roberts
  • Patent number: 10178499
    Abstract: Various embodiments may provide systems and methods for achieving continuous measurements (e.g., continuous video images) of the same spot on the Earth using Low Earth Orbit (LEO) satellite constellations and/or Middle Earth Orbit (MEO) satellite constellations. Various embodiments may provide a system of Virtual Low Earth Orbit (LEO) Stationary Satellites (VLSSs) over any area of the Earth for a continuous or a periodic amount of time.
    Type: Grant
    Filed: April 20, 2018
    Date of Patent: January 8, 2019
    Assignee: THE UNITED STATES OF AMERICA AS REPRESENTED BY THE ADMINISTRATOR OF NASA
    Inventors: Curtis R. Regan, Stephen J. Horan
  • Patent number: 10178077
    Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: January 8, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Todd Lawrence Cignetti, Eric Jason Brandwine, Robert Eric Fitzgerald, Andrew J. Doane
  • Patent number: 10171585
    Abstract: Provided are a method, a system, and a computer program product in which a computational device stores a first part of data in a first cloud storage maintained by a first entity. A second part of the data is stored in a second cloud storage maintained by a second entity.
    Type: Grant
    Filed: December 7, 2015
    Date of Patent: January 1, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Matthew G. Borlick, Lokesh M. Gupta, Roger G. Hathorn, Karl A. Nielsen
  • Patent number: 10169609
    Abstract: Responding to a data subject access request includes receiving the request and validating an identity of the requestor. In response to validating the identity of the requestor, a computer processor determines whether the data subject access request is subject to fulfillment constraints. If so, then the computer processor notifies the requestor that the data subject access request is subject to one or more limitations and the computer processor takes action based on those limitations. Fulfillment constraint data is updated and maintained in a database or server.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: January 1, 2019
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Jason L. Sabourin, Jonathan Blake Brannon, Mihir S. Karanjkar, Kevin Jones
  • Patent number: 10162971
    Abstract: In some embodiments, a first device may generate a data block for an ordered set of data blocks such that the data block is cryptographically chained to a given data block preceding the data block in the ordered set. The first device may obtain an encryption key used to encrypt information related to the data block, and use group members' keys to encrypt the encryption key to generate a group key. As an example, the group's members may include a first member associated with the first device and other members. The keys used to encrypt the encryption key may include the other members' keys. The first device may transmit the ordered set and the group key to a communication resource (e.g., accessible by the members). Other devices (associated with the other members) may use the ordered set and the group key to obtain content related to the ordered set.
    Type: Grant
    Filed: April 13, 2018
    Date of Patent: December 25, 2018
    Assignee: TOPIA TECHNOLOGY, INC.
    Inventors: John Haager, Cody Sandwith, Janine Terrano, Prasad Saripalli
  • Patent number: 10153896
    Abstract: A method of encrypting data transmitted from a first device to a second device, performed by using an Advanced Encryption Standard (AES) encryption algorithm, includes obtaining size information of an encryption key and size information of data that is to be encrypted and includes a plurality of bits; encrypting a first bit group, which is at least one bit corresponding to a size of the encryption key, among the plurality of bits, by using the encryption key; selecting a third bit group, which is at least one bit of the encrypted first bit group based on size information of the encryption key and a size of a second bit group including bits that are different from the first bit group among the plurality of bits; and encrypting the second bit group and the selected third bit group by using the encryption key.
    Type: Grant
    Filed: August 26, 2015
    Date of Patent: December 11, 2018
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventor: Han-gil Moon
  • Patent number: 10154037
    Abstract: Techniques are disclosed for implementation of a data storage device as a security device for managing access to resources. These techniques can be implemented for multi-factor authentication (MFA) to provide multiple layers of security for managing access to resources in an enterprise and/or a cloud computing environments. As a security device, a storage device can be used a portable device to provide a point of trust for multi-factor authentication across any client application or device operated to access resources. A storage device may be configured with security data for authentication with an access management system. After configuration, a portable storage device may be used for authentication of a user without credential information at any client device based on accessibility of the device to the portable storage device. A storage device configured as a security device can ensure that legitimate users have an easy way to authenticate and access the resources.
    Type: Grant
    Filed: March 22, 2017
    Date of Patent: December 11, 2018
    Assignee: Oracle International Corporation
    Inventors: Nagaraj Pattar, Harsh Maheshwari
  • Patent number: 10152530
    Abstract: A control point module may receive information associated with a plurality of users accessing a plurality of files. Each of the files may be stored in a folder of the plurality of folders. Users who have accessed one or more files stored in a folder may be assigned to each corresponding folder. Users who have been assigned to each folder of a plurality of pairs of the folders may be compared to identify one or more differences of assigned users between each folder of each pair of the folders. Furthermore, a recommended control point may be determined based on the identified one or more differences of the assigned users.
    Type: Grant
    Filed: July 23, 2014
    Date of Patent: December 11, 2018
    Assignee: Symantec Corporation
    Inventors: Michael Andrew Hart, Anantharaman Ganesh
  • Patent number: 10153900
    Abstract: A method of restoring confidential information items of a first device to a second device by using a set of servers. The method generates a public and private key pair and ties the private key to the hash of executable code of the servers at the time of generating the public and private keys. The method receives the encrypted confidential information items in a secure object which is encrypted with a user-specific key and the public key. The method only provides the confidential information to the second device when the second device provides the same user-specific key as the key that encrypts the secure object and the hash of the executable code of the servers at the time of accessing the private key to decrypt the secure object matches the hash of the executable code running on the servers at the time of generating the private key.
    Type: Grant
    Filed: October 11, 2017
    Date of Patent: December 11, 2018
    Assignee: Apple Inc.
    Inventors: Dallas B. De Atley, Jerrold V. Hauck, Mitchell D. Adler
  • Patent number: 10148433
    Abstract: A method and apparatus of enabling access to a resource secured with a shared access control mechanism is provided. The method includes providing a public key and an authentication protected private key for a user. The private key is released to the user after receiving correct authentication. In one embodiment, the authentication may be one or more of a password, pass phrase, biometric, and smart card. The private key may be used to release the shared access control mechanism for the resource. In one embodiment, a plurality of users may have their private key provide access to the shared access control mechanism.
    Type: Grant
    Filed: October 14, 2009
    Date of Patent: December 4, 2018
    Assignee: DigitalPersona, Inc.
    Inventors: Kirill Lozin, Sergei Menchenin
  • Patent number: 10146961
    Abstract: Described embodiments provide systems and methods for encrypting journal data of a storage system. At least one key is generated, each key having an associated key identifier. The at least one key and the associated key identifiers are stored to a key store. User data is read from a replica volume of the storage system. The read user data is encrypted with an associated key. Encrypted data is written to a journal associated with the replica volume. The key identifier of the associated key is written to the journal.
    Type: Grant
    Filed: September 23, 2016
    Date of Patent: December 4, 2018
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Leehod Baruch, Assaf Natanzon, Jehuda Shemer, Amit Lieberman, Ron Bigman
  • Patent number: 10140477
    Abstract: A method for obfuscating keys is provided. The method includes identifying that a memory is subject to one of a core dump or an hibernation and overwriting a key in unencrypted form in the memory, responsive to the identifying, wherein at least one method operation is performed by a processor. A system and a computer readable media are also provided.
    Type: Grant
    Filed: December 9, 2013
    Date of Patent: November 27, 2018
    Assignee: THALES E-SECURITY, INC.
    Inventors: Ramaraj Pandian, Rohan Nandode, Rajesh Gupta
  • Patent number: 10140451
    Abstract: A method is provided in one example embodiment and includes initiating an execution of a compiled script, evaluating a function called in the compiled script, detecting an execution event based on at least a first criterion, and storing information associated with the execution event in an execution event queue. The method also includes verifying a correlation signature based on information associated with at least one execution event in the execution event queue. In specific embodiments, the method includes evaluating an assignment statement of a script during compilation of the script by a compiler, detecting a compilation event based on at least a second criterion, and storing information associated with the compilation event in a compilation event queue. In yet additional embodiments, the verification of the correlation signature is based in part on information associated with one or more compilation events in the compilation event queue.
    Type: Grant
    Filed: January 16, 2014
    Date of Patent: November 27, 2018
    Assignee: McAfee, LLC.
    Inventors: Chong Xu, Bing Sun, Navtej Singh, Yichong Lin, Zheng Bu
  • Patent number: 10134042
    Abstract: A computer system for processing vehicle ownership support data includes an infrastructure platform which includes a plurality of hardware and software components, infrastructure services, APIs, and SDKs adapted to communicate in a communication network. The infrastructure platform receives telematics data such as vehicle identification data, driving performance data, vehicle operation data and vehicle sensor data for a corresponding vehicle. Such telematics data can be received from a vehicle device (Onboard Device (OBD)), or from a cloud-based telematics platform. The infrastructure platform identifies vehicle ownership support services associated with the at least one vehicle and analyzes the received telematics data associated with the identified services. The infrastructure platform provides vehicle ownership support services to a mobile application accessible at a customer's mobile device associated with the vehicle or the customer.
    Type: Grant
    Filed: October 9, 2015
    Date of Patent: November 20, 2018
    Assignee: United Services Automobile Association (USAA)
    Inventors: Bharat Prasad, Charles L. Oakes, III
  • Patent number: 10135871
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for service oriented software-defined security framework are disclosed. In one aspect, a system includes a security control device, one or more assets, and a security controller that communicates with the security control device and the one or more assets. The security controller includes a processing engine configured to register the security control device by creating a physical-logical attribute mapping for the security control device, and generating a security service description associated with the security control device. The processing engine is further configured to register the one or more assets by creating a physical-logical attribute mapping for each of the one or more assets, and generating security service requirements for each of the one or more assets. The processing engine is further configured to generate a security service binding based on a request for service.
    Type: Grant
    Filed: June 8, 2016
    Date of Patent: November 20, 2018
    Assignee: Accenture Global Solutions Limited
    Inventors: Song Luo, Malek Ben Salem
  • Patent number: 10122753
    Abstract: A variety of techniques are disclosed for detection of advanced persistent threats and similar malware. In one aspect, the detection of certain network traffic at a gateway is used to trigger a query of an originating endpoint, which can use internal logs to identify a local process that is sourcing the network traffic. In another aspect, an endpoint is configured to periodically generate and transmit a secure heartbeat, so that an interruption of the heartbeat can be used to signal the possible presence of malware. In another aspect, other information such as local and global reputation information is used to provide context for more accurate malware detection.
    Type: Grant
    Filed: April 28, 2014
    Date of Patent: November 6, 2018
    Assignee: Sophos Limited
    Inventor: Andrew J. Thomas
  • Patent number: 10120984
    Abstract: An information processing apparatus includes a data processing unit which executes processing for decoding and reproducing encrypted content. The data processing unit executes processing for determining whether the content can be reproduced by applying an encrypted content signature file. The encrypted content signature file stores information on issue date of the encrypted content signature file and an encrypted content signature issuer certificate with a public key of an encrypted content signature issuer. In determining whether the content can be reproduced, the data processing unit compares expiration date of the encrypted content signature issuer certificate with the information on issue date of the encrypted content signature file, and does not perform processing for decoding and reproducing the encrypted content when the expiration date is before the issue date, and performs the processing for decoding and reproducing the encrypted content only when the expiration date is not before the issue date.
    Type: Grant
    Filed: November 6, 2012
    Date of Patent: November 6, 2018
    Assignee: Sony Corporation
    Inventors: Yoshiyuki Kobayashi, Hiroshi Kuno, Takamichi Hayashi
  • Patent number: 10114969
    Abstract: The system and method presents a secure blockchain enabled encryption. Incoming information and data files may be encrypted using any preferred method of encryption, then sliced into segments, each segment of which is hashed and encrypted onto one or more blockchains depending upon the size of the segments desired. A retrieval and recombination mechanism is employed to quickly locate and decrypt all of the segments of each information file such that the blockchain distributed across multiple servers, including cloud-based servers. Upon request, the encrypted blockchain segments may also be shared among multiple users without compromising the encryption of the information file.
    Type: Grant
    Filed: August 3, 2016
    Date of Patent: October 30, 2018
    Inventors: Jordan White Chaney, Charlie Housholder, William Krut, Christian Nimsch, Bryce Nelson Chaney
  • Patent number: 10116688
    Abstract: The disclosed computer-implemented method for detecting potentially malicious files may include (1) detecting an attempt by the computing device to execute a file, (2) prior to execution of the file, determining that a filename of the file contains a combination of characters indicative of a false filename extension included within a middle section of the filename, (3) determining, based at least in part on the false filename extension being included within the middle section of the filename, that the file is potentially malicious, and then in response to determining that the file is potentially malicious, (4) preventing the computing device from executing the file. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 24, 2015
    Date of Patent: October 30, 2018
    Assignee: Symantec Corporation
    Inventor: James Yun
  • Patent number: 10102517
    Abstract: A request to make a purchase from a mobile device of a first entity is detected. In response to the detected request, a determination is made whether the first entity has a subservient relationship with a second entity. In response to a determination that the first entity has the subservient relationship with the second entity, another determination is made whether the first entity is located proximate to the second entity. A first set of purchasing limitations is applied to the request in response to the determination that the first entity has the subservient relationship with the second entity and a determination that the first entity is located proximate to the second entity.
    Type: Grant
    Filed: January 9, 2017
    Date of Patent: October 16, 2018
    Assignee: PAYPAL, INC.
    Inventor: Jeremiah Joseph Akin
  • Patent number: 10104107
    Abstract: Various embodiments include methods of evaluating device behaviors in a computing device and enabling white listing of particular behaviors. Various embodiments may include monitoring activities of a software application operating on the computing device, and generating a behavior vector information structure that characterizes a first monitored activity of the software application. The behavior vector information structure may be applied to a machine learning classifier model to generate analysis results. The analysis results may be used to classify the first monitored activity of the software application as one of benign, suspicious, and non-benign. A prompt may be displayed to the user that requests that the user select whether to whitelist the software application in response to classifying the first monitored activity of the software application as suspicious or non-benign. The first monitored activity may be added to a whitelist of device behaviors in response to receiving a user input.
    Type: Grant
    Filed: September 10, 2015
    Date of Patent: October 16, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Vinay Sridhara, Yin Chen, Rajarshi Gupta
  • Patent number: 10097522
    Abstract: A query-based system for sharing encrypted data, comprising at least one hardware processor; and at least one non-transitory memory device having embodied thereon instructions executable by the at least one hardware processor to: receive a file and a plaintext tag and provide secure access to the file using the plaintext tag, and, responsive to receiving a search query matching the plaintext tag, securely retrieve the file, wherein providing secure access to the file comprises: encrypting the file into multiple portions, storing each portion separately, deriving multiple differently encrypted ciphertexts by encrypting the plaintext tag multiple times, separately indexing each portion using a different one of the ciphertexts, wherein securely retrieving the file comprises: deriving multiple differently encrypted search queries by encrypting the search query multiple times, querying using the multiple encrypted search queries, retrieving at least some of the multiple portions, and recovering the file from the r
    Type: Grant
    Filed: May 23, 2016
    Date of Patent: October 9, 2018
    Inventor: Nili Philipp
  • Patent number: 10097356
    Abstract: An electronic resource tracking and storage computer system is provided that communicates with a distributed blockchain computing system that includes multiple computing nodes. The system includes a storage system, a transceiver, and a processing system. The storage system includes an resource repository and transaction repository that stores submitted blockchain transactions. A new resource issuance request is received, and a new resource is added to the resource repository in response. A new blockchain transaction is generated and published to the blockchain. In correspondence with publishing to the blockchain, the transaction storage is updated with information that makes up the blockchain transaction and some information that was not included as part of the blockchain transaction. The transaction storage is updated when the blockchain is determined to have validated the previously submitted blockchain transaction.
    Type: Grant
    Filed: July 1, 2016
    Date of Patent: October 9, 2018
    Assignee: NASDAQ, INC.
    Inventor: Alex Zinder
  • Patent number: 10089037
    Abstract: There is disclosed a method for use in managing data storage. In one embodiment, the method comprises operating storage processors of respective data storage systems at different location. The storage processors comprising a distributed data manager and an IO stack arranged within the storage processor such that the distributed data manager can receive a LUN outputted by the IO stack. The method further comprises distributed data managers receiving LUNs outputted by their corresponding IO stacks, controlling LUN output and providing LUN output that enables active-active access to the storage systems at the respective different locations.
    Type: Grant
    Filed: October 29, 2013
    Date of Patent: October 2, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Jean-Pierre Bono, Scott W. Keaney
  • Patent number: 10089035
    Abstract: There is disclosed a method for managing data storage. In one embodiment, the method comprises operating a storage processor of a first data storage system at a first location. The storage processor comprising a first distributed data manager and an IO stack arranged therein such that distributed data manager can receive a LUN outputted by IO stack. The method also comprises initiating a communication between first distributed data manager and second distributed data manager associated with a second data storage system at a second location. The method further comprises migrating stored data on first data storage system to second data storage system and providing LUN information associated with stored data to second data storage system such that a LUN identify of migrated data stored on second data storage system is similar to a LUN identity of corresponding stored data on first data storage system.
    Type: Grant
    Filed: October 29, 2013
    Date of Patent: October 2, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Jean-Pierre Bono, Scott W. Keaney
  • Patent number: 10090998
    Abstract: A request to perform one or more operations using a second key that is inaccessible to a customer of a computing resource service provider is received from the customer, with the request including information that enables the computing resource service provider to select the second key from other keys managed on behalf of customers of the computing resource service provider. A first key, and in addition to the first key, an encrypted first key, is provided to the customer. Data encrypted under the first key is received from the customer. The encrypted first key and the data encrypted under the first key is caused to be stored in persistent storage, such that accessing the data, in plaintext form, from the persistent storage requires use of both a third key and the second key that is inaccessible to the customer.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: October 2, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Matthew James Wren
  • Patent number: 10089459
    Abstract: The various aspects provide a method for recognizing and preventing malicious behavior on a mobile computing device before it occurs by monitoring and modifying instructions pending in the mobile computing device's hardware pipeline (i.e., queued instructions). In the various aspects, a mobile computing device may preemptively determine whether executing a set of queued instructions will result in a malicious configuration given the mobile computing device's current configuration. When the mobile computing device determines that executing the queued instructions will result in a malicious configuration, the mobile computing device may stop execution of the queued instructions or take other actions to preempt the malicious behavior before the queued instructions are executed.
    Type: Grant
    Filed: November 11, 2015
    Date of Patent: October 2, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Vinay Sridhara, Satyajit Prabhakar Patne, Rajarshi Gupta
  • Patent number: 10091156
    Abstract: A communication device is provided which includes a transmission unit, a BCC memory unit, a reception unit, a determination module, an accepting module and a mail generation module. The BCC memory unit stores the BCC destination of the mail sent in the past while being associated with the mail. The determination module determines whether or not a mail that the reception unit receives is a reply mail to the mail including the BCC destination that the transmission unit sent in the past. The mail generation module generates a mail addressed to sending destinations to which the BCC destination stored in the BCC destination memory unit while being associated with a mail of a reply source is added in addition to a sending destination that the accepting module accepts for the mail determined to be a reply mail to the mail including the BCC destination and sent in the past.
    Type: Grant
    Filed: June 17, 2015
    Date of Patent: October 2, 2018
    Assignee: KYOCERA Document Solutions Inc.
    Inventors: Shoichi Sakaguchi, Hideki Takeda, Yoshihisa Tanaka, Yumi Hirobe
  • Patent number: 10083294
    Abstract: Described systems and methods allow protecting a computer system from malware, such as return-oriented programming (ROP) exploits. In some embodiments, a set of references are identified within a call stack used by a thread of a target process, each reference pointing into the memory space of an executable module loaded by the target process. Each such reference is analyzed to determine whether it points to a ROP gadget, and whether the respective reference was pushed on the stack by a legitimate function call. In some embodiments, a ROP score is indicative of whether the target process is subject to a ROP attack, the score determined according to a count of references to a loaded module, according to a stack footprint of the respective module, and further according to a count of ROP gadgets identified within the respective module.
    Type: Grant
    Filed: October 10, 2016
    Date of Patent: September 25, 2018
    Assignee: Bitdefender IPR Management Ltd.
    Inventor: Raul V. Tosa
  • Patent number: 10083298
    Abstract: A method for identifying malware is provided. The method includes performing a static analysis of a plurality of files and for each file of the plurality of files, determining in the static analysis whether the file includes an application programming interface (API). For each file, of the plurality of files, found to have an application programming interface, the method includes determining in the static analysis whether the application programming interface is proper in the file and alerting regarding an improper application programming interface when found in one of the plurality of files. A scanner for detecting malware is also provided.
    Type: Grant
    Filed: March 9, 2015
    Date of Patent: September 25, 2018
    Assignee: SYMANTEC CORPORATION
    Inventor: Bhaskar Krishnappa
  • Patent number: 10075400
    Abstract: An email is received. The email consists of a common content, at least one recipient for the common content, a private content, and at least one recipient for the private content. Each of the at least one recipients for the private content is a recipient of the common content. The common content is stored in a first storage location, and the private content is stored in a second storage location.
    Type: Grant
    Filed: May 19, 2017
    Date of Patent: September 11, 2018
    Assignee: International Business Machines Corporation
    Inventors: Chitwan Humad, Rajesh V. Patil
  • Patent number: 10061711
    Abstract: A file access method and apparatus, and a storage system are provided. After receiving a file access request from a process, a first physical address space is accessed according to a preset first virtual address space and a preset first mapping relationship between the first virtual address space and the first physical address space, where the first physical address space stores a file system. After obtaining an index node of a target file from the first physical address space according to a file identifier of the target file carried in the file access request, a file page table of the target file is obtained according to file page table information. The file page table records a second physical address space in the first physical address space. The target file is accessed according to the second physical address space.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: August 28, 2018
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Guanyu Zhu, Jun Xu, Qun Yu
  • Patent number: 10063528
    Abstract: A searchable encryption method enables encrypted search of encrypted documents based on document type. In some embodiments, the searchable encryption method is implemented in a network intermediary, such as a proxy server. The network intermediary encrypts documents on behalf of a user or an enterprise destined to be stored on a cloud service provider. The searchable encryption method encodes document type information into the encrypted search index while preserving encryption security. Furthermore, the searchable encryption method enables search of encrypted documents using the same encrypted index, either for a particular document type or for all encrypted documents regardless of the document type.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: August 28, 2018
    Assignee: Skyhigh Networks, Inc.
    Inventor: Hani T. Dawoud
  • Patent number: 10038557
    Abstract: A method of a security system to provide access by a requester to an encrypted data object stored in an object store, the requester being authenticated by the object store, the method comprising: receiving, from the object store: the encrypted object having associated an object identifier; and an identifier of the requester; deriving a first cryptographic key to decrypt the object; deriving a second cryptographic key; re-encrypting the object based on the second key and communicating the re-encrypted object to the requester; wherein each of the first and second keys are based on the object identifier, the requester identifier and a secret key portion generated by the security system, the secret key portion being different for each of the first and second keys, the method further comprising: in response to a second authentication of the requester by the security system, communicating the secret key portion for the second key to the requester.
    Type: Grant
    Filed: September 24, 2015
    Date of Patent: July 31, 2018
    Assignee: British Telecommunications Public Limited Company
    Inventors: Theo Dimitrakos, Ali Sajjad
  • Patent number: 10032035
    Abstract: The present disclosure involves systems and computer implemented methods for protecting portions of electronic documents. An example method includes receiving a request for access to an electronic file having sections, at least one section encrypted using a first key based on a first password. A second key is generated in response to receiving a second password, wherein the second key is generated based on the second password. The second key is compared to the first key. If the second key is identical to the first key, the least one section of the electronic file encrypted using the first key is decrypted using the second key. The electronic file is then presented such that the section(s) previously encrypted using the first cryptographic key is made visible. If the second key is not identical to the first, the electronic file is presented with the encrypted section(s) obscured.
    Type: Grant
    Filed: August 29, 2017
    Date of Patent: July 24, 2018
    Assignee: SAP SE
    Inventors: Anand Sinha, Vinay Sheel
  • Patent number: 10032045
    Abstract: This disclosure provides for a system, method, and machine-readable medium for performing dynamic runtime field-level access control using a hierarchical permission context structure. The hierarchical permission context structure includes various levels of roles, where each role is assigned one or more permissions. The one or more permissions assigned to the one or more roles indicate the amount of control a given user has over data displayable in an electronic document. The electronic document includes one or more fields having corresponding records in one or more databases. A record includes metadata about the data for a corresponding field. When an electronic document is requested, the fields of the electronic document are generated from the data stored in their corresponding records. An evaluation is performed that determines whether the user requesting the electronic document is authorized to view the data for one or more of the fields based on their corresponding metadata.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: July 24, 2018
    Assignee: Raytheon Company
    Inventors: Nicholas Wayne Barrett, Aaron M. Kovell
  • Patent number: 10032048
    Abstract: A system and method are disclosed for compiling a database of investor-related data by gathering and linking customer-specific data records from multiple unaffiliated financial institutions, where such data records are coded in such a manner that the database compiler is enabled to link, across data providers and/or time periods, data records that pertain to the same investor without being provided any information that reveals the identity of any investor.
    Type: Grant
    Filed: May 9, 2016
    Date of Patent: July 24, 2018
    Assignee: Plutometry Corporation
    Inventors: Samuel G. Barton, Bhalchandra R. Ketkar, Casey V. O'Hara, Todd Goldwasser
  • Patent number: 10031944
    Abstract: A method, article of manufacture, and apparatus for processing information are disclosed. In some embodiments, this includes receiving a query plan, identifying a first work file based on the query plan, determining a first work file transaction ID associated with the first work file, determining a data transaction ID, comparing the first work file transaction ID and the data transaction ID, creating a second work file based on the query plan if the data transaction ID is greater than the first work file transaction ID, and storing the second work file in a storage device. In some embodiments, the second work file may be associated with a second work file transaction ID.
    Type: Grant
    Filed: June 30, 2011
    Date of Patent: July 24, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Florian Michael Waas, Joy Jie Kent
  • Patent number: 10025573
    Abstract: Methods and systems to install a player to process content data are disclosed. In some embodiments, a method includes launching a content access manager on a user device to read metadata containing compatible player data, determine whether a compatible player able to access the content data is installed on the user device, and if not, to install a compatible player. Other embodiments involve receiving content data and data about one or more compatible players able to access the content data, generating the metadata using the data about one or more compatible players, and distributing the content data, the metadata, and the content access manager in a transmittable unit. Additional apparatus, systems, and methods are disclosed.
    Type: Grant
    Filed: April 8, 2009
    Date of Patent: July 17, 2018
    Assignee: Adobe Systems Incorporated
    Inventors: Thangaraj Umapathy, Richard Teo, Sudharshan Somasundaram, Kapil Raja Durga, Akshava G, Raghuram C G, Shyam Rajagopalan, Mihir Gore, Mandeep Singh, Hemantha Sharma, Priyesh Kumar
  • Patent number: 10021143
    Abstract: A service provider computing environment includes a service provider computing device, which receives tenant secrets policies from tenants. The tenants are tenants of multi-tenant assets of a service provider. One or more data security zones in which the multi-tenant assets are located are identified. A service provider secrets policy includes data security jurisdiction zone secrets policy data for the one or more data security jurisdiction zones. The data security jurisdiction zone secrets policy data is analyzed to determine allowed secrets data with respect to each of the identified data security jurisdiction zones. The service provider computing environment determines of the tenant secrets policies satisfy the requirements of the service provider secrets policy. If the tenant secrets policies satisfy the requirements of the service provider secrets policy, the service provider computing environment allows the tenant secrets policies to be applied to tenant data or information in the multi-tenant assets.
    Type: Grant
    Filed: February 3, 2016
    Date of Patent: July 10, 2018
    Assignee: Intuit Inc.
    Inventors: Luis Felipe Cabrera, M. Shannon Lietz
  • Patent number: 10019587
    Abstract: Disclosed is a system and method for configuring control rules for applications executable on a computer. An example method includes classifying computer applications into one of a plurality of classification groups that include at least one predetermined classification group and an unknown classification group. The method further includes configuring control rules when the applications are classified in the unknown classification group that is done by determining, by the hardware processor, a computer competency score for a user of the computer; categorizing the applications into one or more predefined categories, and defining control rules for the application based on the determined computer competency score for the user and the one or more predefined categories of the at least one application.
    Type: Grant
    Filed: May 1, 2015
    Date of Patent: July 10, 2018
    Assignee: AO Kaspersky Lab
    Inventor: Andrey V. Ladikov
  • Patent number: 10019597
    Abstract: Data processing systems and methods for: (1) receiving, via privacy data compliance software, from a first set of users, respective answers for question/answer pairings regarding the proposed design of a product; (2) using the question/answer pairings to prepare an initial privacy impact assessment for the product; (3) displaying, via the privacy data compliance software, the plurality of question/answer pairings to a second set of users, and receiving recommended steps to be implemented as part of the design of the product; (4) initiating the generation of one or more tasks in project management software that would advance the completion of the recommended steps; and (5) after the tasks have been completed, generating, by the privacy data compliance software, an updated privacy impact assessment for the product that reflects the fact that the tasks have been completed.
    Type: Grant
    Filed: December 22, 2017
    Date of Patent: July 10, 2018
    Assignee: OneTrust, LLC
    Inventor: Kabir A. Barday
  • Patent number: 10013567
    Abstract: The embodiments set forth techniques for implementing a cloud service that enables cloud data to be shared between different users in a secure manner. One embodiment involves a sharing manager and a sharing client, where the sharing manager is configured to manage various data components stored within a storage system managed by the cloud service. These data components can include user accounts, share objects (for sharing data between users—and, in some cases, public users not known to the sharing manager)—as well as various “wrapping objects” that enable data to be logically separated in an organized manner within the storage system. According to this approach, the sharing client is configured to interface with the sharing manager in order to carry out various encryption/decryption techniques that enable the cloud data to be securely shared between the users.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: July 3, 2018
    Assignee: Apple Inc.
    Inventors: Per Love Hornquist Astrand, Paul A. Seligman, Van Hong, Mitchell D. Adler
  • Patent number: 10015249
    Abstract: An example computer-implemented method to translate a namespace includes receiving a first synchronization request associated with a first content item. This first synchronization request can include a first content item path and come from a client device. The example method can then include determining that a portion of the first content item path matches an entry path in an entry in a namespace mount table. The entry can include a second namespace. The example method can then include modifying the first synchronization request by removing the portion of the first content item path and including the second namespace in the first synchronization request. The example method can then include sending the first synchronization request to a content management system.
    Type: Grant
    Filed: November 4, 2015
    Date of Patent: July 3, 2018
    Assignee: DROPBOX, INC.
    Inventor: Arthur Kopatsy
  • Patent number: 10015150
    Abstract: A system and method are provided for the secure sharing of information across and open network and for performing management of keys used for encrypting and decrypting data.
    Type: Grant
    Filed: October 17, 2016
    Date of Patent: July 3, 2018
    Assignee: PKWARE, INC.
    Inventor: Yuri Basin
  • Patent number: 10007790
    Abstract: Examples of secure application development and execution are disclosed herein. An example method may include parsing code of an application configured for execution on a user device to identify one or more sensitive portions of the code. Example methods may further include identifying a trusted execution environment, different from the user device, suitable to execute the one or more sensitive portions of the code. Example methods may further include configuring the code to provide the one or more sensitive portions of the code from the user device to the trusted execution environment during execution of the application on the user device.
    Type: Grant
    Filed: June 6, 2014
    Date of Patent: June 26, 2018
    Assignee: Empire Technology Development LLC
    Inventor: Soma Biswas
  • Patent number: 9985971
    Abstract: An aspect includes a cognitive password entry system. A processor detects a login attempt targeting a website for a user identifier having a previously stored instance of a password associated with the user identifier. A number of login attempts is monitored since the password was manually entered at the website. The processor determines whether a prompting period has been reached based on the number of login attempts meeting a prompting period threshold. The stored instance of the password is used as an entered password for the login attempt based on determining that the prompting period has not been reached. A cognitive aid prompt is output based on determining that the prompting period has been reached.
    Type: Grant
    Filed: September 29, 2015
    Date of Patent: May 29, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Lisa Seacat DeLuca, James R. Kozloski, Boaz Mizrachi, Clifford A. Pickover