File Protection Patents (Class 713/165)
  • Patent number: 10848317
    Abstract: A system for establishing a trusted path for secure communication between client devices and server devices, such as between an account holder and a financial institution, can provide the core security attributes of confidentiality (of the parties), integrity (of the information), anti-replay (protection against replay fraud) and/or anti-tampering (protection against unauthorized changes to information being exchanged and/or modules that generate and communicate such information). A messaging layer implementation in favor of a transport layer implementation can provide a trusted path. This infrastructure features secure cryptographic key storage, and implementation of a trusted path built using the cryptographic infrastructure. The trusted path protects against unauthorized information disclosure, modification, or replays. These services can effectively protect against Man-in-the-Middle, Man-in-the-Application, and other attacks.
    Type: Grant
    Filed: February 4, 2019
    Date of Patent: November 24, 2020
    Assignee: INAUTH, INC.
    Inventor: Glenn S. Benson
  • Patent number: 10848556
    Abstract: Systems and methods for adding digital content associated with a first user account within a content management system to a second user account within the content management system. In various embodiments, the system may be configured to allow a user to add digital content to an account within a content management system associated with the user when the user receives a shared link to access digital content associated with an account within the content management system belonging to another user. The system may be configured to add the digital content to the user account by associating the digital content with the user's account. In various embodiments, the system may be configured to add the digital content to the user's account by creating an entry in a server-side file journal associated with the user's account, where the entry includes one or more file reference strings associated with the digital content.
    Type: Grant
    Filed: June 6, 2019
    Date of Patent: November 24, 2020
    Assignee: Dropbox, Inc.
    Inventors: Aston Motes, Makinde Adeagbo, Trevor Berg
  • Patent number: 10831911
    Abstract: The application discloses a method, a computer program product and a processing system for generating a secure alternative representation. The method in a processing system including: providing, by the processing system, a first sequence including a plurality of first values; providing, by the processing system, a plurality of storage cells belonging to a plurality of groups, each of the groups having one or more storage cells; performing, by the processing system, for each of the storage cells a symbol-deriving and cell-filling procedure; composing, by the processing system, a queue for each of the groups by picking up the symbol(s) filled in the storage cell(s) of the corresponding one of the groups; and generating, by the processing system, a secure alternative representation for the first sequence by concatenating the composed queue for each of the groups.
    Type: Grant
    Filed: December 19, 2017
    Date of Patent: November 10, 2020
    Assignee: Industrial Technology Research Institute
    Inventors: Shen-Ming Chung, Tzi-Cker Chiueh
  • Patent number: 10831506
    Abstract: Approaches for locally attesting an operational condition of a computer system during powering on the computer system. Prior to an operating system being loaded, an attestation client, executing on a computer system, analyzes a set of resources of the computer system to create measurement data. The attestation client provides the measurement data to an attestation server executing in a secure enclave on the computer system. The attestation server processes the measurement data and provides the processed measurement data to a remediation server. Upon the computer system being determined to be operationally healthy, the remediation server provides an unlock key to a locked persistent storage to permit the computer system to read the operating system stored on the persistent storage. Thereafter, a BIOS on the computer system may read the operating system and permit the same to be loaded on the computer system.
    Type: Grant
    Filed: April 5, 2018
    Date of Patent: November 10, 2020
    Assignee: Phoenix Technologies Ltd.
    Inventors: James L. Mortensen, Kenneth C. Taylor
  • Patent number: 10834060
    Abstract: A method, a computing system and a computer program product are provided. A link for use by a user to access a file is created. Content of the file is encrypted using a common key. The common key is encrypted using a public key of the user and is registered in the link. Access rights regarding the file are set for the user and registered in the link. The link includes information for use by the user to access the file when the access rights indicate that the user is authorized to access the file.
    Type: Grant
    Filed: November 9, 2018
    Date of Patent: November 10, 2020
    Assignee: International Business Machines Corporation
    Inventors: Junichi Kato, Takayuki Kushida, Tomoko Murayama, Masaharu Sakamoto, Kazuto Yamafuji
  • Patent number: 10820053
    Abstract: In one embodiment, a method receives a request from a user for one or more extensions to a first program. The first program is associated with a first bundle that indicates the first program starts at a first time and ends at a second time. A second program that starts before the first time or starts after the second time is selected. The second program is associated with a second bundle that indicates the second program ends at the first time or starts at the second time. The method generates an extension bundle that includes information for the one or more extensions and uses the extension bundle to record an extended program for the user that includes the first program and at least a portion of the one or more extensions from the second program.
    Type: Grant
    Filed: December 5, 2018
    Date of Patent: October 27, 2020
    Assignee: HULU, LLC
    Inventors: Joshua Cook, Ale Capistrano, Yingan Wang
  • Patent number: 10812451
    Abstract: Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (VMs) in some embodiments, containers in other embodiments, or a mix of VMs and containers in still other embodiments. Some embodiments execute a guest-introspection (GI) agent on each machine from which contextual attributes need to be captured. In addition to executing one or more machines on each host computer, these embodiments also execute a context engine and one or more attribute-based service engines on each host computer. One of these service engines is a firewall engine. Through the GI agents of the machines on a host, the context engine of that host in some embodiments collects contextual attributes associated with network events and/or process events on the machines.
    Type: Grant
    Filed: December 19, 2017
    Date of Patent: October 20, 2020
    Assignee: NICIRA, INC.
    Inventors: Laxmikant Vithal Gunda, Arnold Poon, Jayant Jain
  • Patent number: 10810183
    Abstract: Systems and methods for synchronizing database operations with a distributed blockchain are disclosed. The database operations are performed on a database that is shared between multiple users including a first user. Exemplary implementations may: receive database information reflecting one or more database operations performed by the first user on a first version of the database; verify whether the one or more database operations are allowed to be performed by the first user; record on the distributed blockchain, responsive to the verification being affirmative, a message that describes or refers to a description of one or more modifications to the database; effectuate transmissions of notifications to the first version of the database; subsequent to the transmissions, propagate or revert the one or more database operations, based on the verification result.
    Type: Grant
    Filed: February 19, 2019
    Date of Patent: October 20, 2020
    Assignee: Mythical, Inc.
    Inventors: Stephan Cunningham, Cameron Thacker, John Linden
  • Patent number: 10812506
    Abstract: A method for detecting intrusions uses a searchable enciphering algorithm and includes: generating a trap bypass key for a security device, which is able to determine keywords characteristic of intrusions, generating by the security device a trap for each keyword by using the trap bypass key; providing the traps to an intrusions detection device; intercepting by the detection device character strings sent on the network by a sender and enciphered with a public key of a receiver; applying by the detection device a test procedure on the character strings enciphered using the traps; and detecting an intrusion on the network if there exists according to the test procedure an enciphered character string representative of a cipher of a keyword.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: October 20, 2020
    Assignee: ORANGE
    Inventors: Sebastien Canard, Aida Diop, Nizar Kheir, Marie Paindavoine
  • Patent number: 10789374
    Abstract: A database system including: a database server for storing registration information including encrypted data encrypted using a probabilistic encryption method; and a terminal. The terminal includes: an encryption unit; a decryption unit; an encrypted search query generating unit for generating an encrypted search query obtained by encrypting a search query used for retrieving the encrypted data; and an additional processing unit for encrypting a search condition of a plaintext and transmitting a data acquisition request including the encrypted search condition. The database server holds database operation command definition information and search additional information.
    Type: Grant
    Filed: March 28, 2016
    Date of Patent: September 29, 2020
    Assignee: Hitachi, Ltd.
    Inventors: Keisei Fujiwara, Yumiko Yokohari, Takayuki Suzuki, Yoshinori Sato, Masayuki Yoshino
  • Patent number: 10785177
    Abstract: According to certain aspects of the disclosure, a computer-implemented method computer-implemented method may be used for screening electronic communications. The method may comprise analyzing contents of an electronic communication to determine whether the contents include sensitive information. A recipient list of the electronic communication may be compared to a screening list. Based on the analyzing and the comparing, it may be determined whether the contents are permitted to be transmitted to the recipient list. Upon determining that the contents are not permitted to be transmitted to at least one party of the recipient list, a notification may be provided to an author of the electronic communication indicating that contents are not permitted to be transmitted to the at least one party of the recipient list.
    Type: Grant
    Filed: July 22, 2019
    Date of Patent: September 22, 2020
    Assignee: Capital One Services, LLC
    Inventors: Austin Walters, Jeremy Goodsitt, Reza Farivar, Vincent Pham
  • Patent number: 10776515
    Abstract: Responding to a data subject access request includes receiving the request and identifying the requestor and source. In response to identifying the requestor and source, a computer processor determines whether the data subject access request is subject to fulfillment constraints, including whether the requestor or source is malicious. If so, then the computer processor denies the request or requests a processing fee prior to fulfillment. If not, then the computer processor fulfills the request.
    Type: Grant
    Filed: February 10, 2020
    Date of Patent: September 15, 2020
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Jason L. Sabourin, Jonathan Blake Brannon, Mihir S. Karanjkar, Kevin Jones
  • Patent number: 10769116
    Abstract: Disclosed herein is a technique for performing an operation on a hierarchy of content. The operation is performed atomically by utilizing a hidden directory in a hidden area of a filesystem namespace. In particular, a number of actions associated with the operation are performed in the hidden area to ensure that the hierarchy of content always appears in a consistent state to users and/or system processes.
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: September 8, 2020
    Assignee: Apple Inc.
    Inventor: Dominic B. Giampaolo
  • Patent number: 10769295
    Abstract: Embodiments allow join operations to be performed upon encrypted database tables stored on an unsecure server (e.g., as part of a DBaaS offering), with reduced information leakage. Such secure join operations may be implemented through the combination of two cryptographic techniques: non-deterministic (randomized) searchable encryption; and attribute based encryption. The searchable encryption (e.g., Symmetric Searchable Encryption: SSE) allows join values to be revealed only for rows fulfilling additional predicate attributes that the client has filtered for, thereby offering fine granular security. The attribute based encryption (e.g., Key-Policy Attribute-Based Encryption: KP-ABE) avoids the unmanageable consumption of memory that would otherwise result from the creation of intermediate constructions on the server. Embodiments offer a solution reducing information leakage of join values not contained in the result of the actual database query.
    Type: Grant
    Filed: January 18, 2018
    Date of Patent: September 8, 2020
    Assignee: SAP SE
    Inventors: Nicolas Loza, Florian Hahn, Florian Kerschbaum
  • Patent number: 10771467
    Abstract: Methods and apparati for permitting Computing Devices 200 to safely accept Payloads 220 from External Access Entity Devices 260, and to safely access external Networks 710. In an apparatus embodiment, a Computing Device 200 contains an Access Control Module 210 comprising an Access Verification Public Key 211 and a Device Signature Key 214. The Access Control Module 210 is configured to verify authorization of an External Access Payload 220 by verifying a digital signature affixed to the Payload 220 using the Access Verification Public Key 211. The authorized External Access Payload 220 is then permitted to execute on the Computing Device 200. The Access Control Module 210 is also configured to receive from a Network Access Device 600 information associated with a Network 710 access request, and to create a plurality of digital signatures, using the Device Signature Key 214, that link said information associated with the Network 710 access request with the Access Verification Public Key 211.
    Type: Grant
    Filed: April 30, 2020
    Date of Patent: September 8, 2020
    Inventor: Ernest Brickell
  • Patent number: 10754969
    Abstract: Embodiments are directed to a question and answer (QA) pipeline system that adjusts answers to input questions based on a user criteria, thus implementing a content-based determination of access permissions. The QA system allows for information to be retrieved based on permission granted to a user. Documents are ingested and assigned an access level based on a defined information access policy. The QA system is implemented with the defined information access policy, the ingested documents, and the inferred access levels. For the QA system implementation, a user enters a question; primary search and answer extraction stages are performed; candidate answer extraction is performed using only content the user is allowed to access; the candidate answers are scored, ranked, and merged; ranked answers based on user permissions are filtered; and answers are provided to the user.
    Type: Grant
    Filed: September 22, 2016
    Date of Patent: August 25, 2020
    Assignee: International Business Machines Corporation
    Inventors: Donna K. Byron, Elie Feirouz, Daniel M. Jamrog, Kristin A. Witherspoon
  • Patent number: 10747797
    Abstract: Systems, methods, and media for the automated removal of private information are provided herein. In an example implementation, a method for automatic removal of private information may include: receiving a transcript of communication data; applying a private information rule to the transcript in order to identify private information in the transcript; tagging the identified private information with a tag comprising an identification of the private information; applying a complicate rule to the tagged transcript in order to evaluate a compliance of the transcript with privacy standards; removing the identified private information from the transcript to produce a redacted transaction; and storing the redacted transcript.
    Type: Grant
    Filed: October 10, 2017
    Date of Patent: August 18, 2020
    Assignee: VERINT SYSTEMS LTD.
    Inventors: Saar Carmi, Yair Horesh, Galia Zacay
  • Patent number: 10742694
    Abstract: A method for migrating data and a terminal are provided. The method includes the following. An application migration instruction is received, and a target application and a target terminal corresponding to the application migration instruction are determined. A target system type of the target terminal and a local system type are acquired. User data of the target application is acquired. When the local system type is not matched with the target system type, the target terminal is instructed to download the target application from an application store. The user data is migrated to the target terminal.
    Type: Grant
    Filed: February 22, 2019
    Date of Patent: August 11, 2020
    Assignee: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP., LTD.
    Inventor: Zhifeng Ma
  • Patent number: 10740443
    Abstract: Provided is a method and system for code obfuscation of an application. A method configured as a computer may include receiving an application program package that includes an intermediate language (IL) code generated by compiling code for an application including a plurality of classes and a plurality of methods as a dex file over a network, selecting a protection target class or a protection target method from among the plurality of classes and the plurality of methods, encrypting the selected protection target class or the selected protection target method by retrieving and encrypting an IL code corresponding to the selected protection target class or the selected protection target method from the dex file, and adding decryption information for decrypting the encrypted protection target class or the encrypted protection target method to a secure module that is further included in the application program package.
    Type: Grant
    Filed: February 2, 2018
    Date of Patent: August 11, 2020
    Assignee: Line Corporation
    Inventors: SangHun Jeon, Dongpil Seo, Sungbeom Ahn, Kwang-Hee Han, Wang Jin Oh, Seong Yeol Lim
  • Patent number: 10735425
    Abstract: Systems, methods, and computer program products for an application to securely record and propagate an invocation context for invoking other applications are described. The applications being invoked not only receive a user's authentication token, but also authentication tokens of an entire invocation chain. Accordingly, the applications being invoked can verify a chain of custody through verification of nested, cryptographically signed payloads of a chain of authentication tokens. An application can thus verify identities of each application in the chain of custody, as well as the invocation contexts (e. g. the HTTP request method and path) in which each application in the chain invoked the next application.
    Type: Grant
    Filed: January 31, 2017
    Date of Patent: August 4, 2020
    Assignee: Pivotal Software, Inc.
    Inventor: William Tran
  • Patent number: 10733685
    Abstract: In an embodiment, a user equipment (UE) is disclosed. The UE comprises a cellular radio transceiver, a non-transitory memory, a processor, a third party application stored in the non-transitory memory, and an application stored in the non-transitory memory. When executed by the processor, the third party application causes the processor to attempt to access confidential information of the UE. When executed by the processor, the application causes the processor to determine a status of consent to release confidential information to the third party application and to take action in response to a determination that the status of consent is consent is not granted to release confidential information to the third party application.
    Type: Grant
    Filed: June 25, 2015
    Date of Patent: August 4, 2020
    Assignee: Sprint Communications Company L.P.
    Inventors: Michael A. Gailloux, Lauren Ricardo St. Aubyn King
  • Patent number: 10735179
    Abstract: A computer implemented method, program product, and system implementing said method, for transforming a call graph representation of an algorithm into a secured call graph representation of said algorithm. The call graph comprises inputs (a, b, f), internal variables being the edges of the graph (c, d, e), elementary functions being the nodes of the graph, said functions being either linear or not linear, and outputs (g), the method comprising: a step of masking each input of the call graph, a step of replacing each unmasked internal variable of the call graph with a masked variable, a step of replacing at least each non-linear function of the call graph with an equivalent function that applies to masked variables, a step of unmasking each output of the call graph.
    Type: Grant
    Filed: February 16, 2018
    Date of Patent: August 4, 2020
    Assignee: SECURE-IC SAS
    Inventors: Philippe Nguyen, Sylvain Guilley
  • Patent number: 10726451
    Abstract: A system and method for creating and managing multimedia sales promotions with a multimedia dashboard application running on a computing device that is in networked communication with an inventory database for a particular retailer and is also in operative communication with a distribution server. In the preferred embodiment, the computing device is a handheld smartphone or tablet computer capable of operating the fully integrated multimedia sales promotion system. The multimedia dashboard application includes an item selector, a multimedia recording module, multimedia editors, and a distribution controller. The same multimedia dashboard application is used to record multimedia segments, select segments to be uploaded to and downloaded from the inventory database, edit the segments to produce multimedia promotions, and control the distribution of the promotions which provides users with a simplified and integrated system and process to market their goods.
    Type: Grant
    Filed: January 8, 2018
    Date of Patent: July 28, 2020
    Inventors: James E Plankey, Thomas G Gallaher
  • Patent number: 10719621
    Abstract: In one embodiment, a method comprises creating and storing, one or more data objects; wherein a first plurality of the data objects is associated with a base set of data representing data shared across a plurality of users; wherein a second plurality of the data objects is associated with one or more child sets of data, wherein each of the child sets of data represents data local to a project, wherein each of the users is associated with one or more of the child sets of data; wherein each data object is associated to an identifier value and to a version identifier value for a plurality of versions of the data object, wherein each of the versions represents a change to the data object by any of a plurality of users; receiving a request from a first user to view a third plurality of data objects; selecting, based on the base set of data, the particular set of data, the version identifier value for the data objects in the third plurality, and one or more rules associated with the particular set of data and the f
    Type: Grant
    Filed: February 26, 2019
    Date of Patent: July 21, 2020
    Assignee: Palantir Technologies Inc.
    Inventors: Robert J. McGrew, Nathan Gettings, Stephen Baburao Cohen
  • Patent number: 10719585
    Abstract: According to one example, a method is described for accessing a composite document in which a trigger is received. A handling instruction for a content-part, from a composite document, and a status for the content-part, from a second computer, are retrieved. An action for the content-part is determined based on the handling instruction and the status, and the content-part action is executed. In the event that the content-part action is to revoke the content-part, the content-part is revoked. In the event that the content-part action is to synchronize the content-part, the content-part is synchronized.
    Type: Grant
    Filed: July 8, 2014
    Date of Patent: July 21, 2020
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Lorri J Jefferson, Valiuddin Ali, Helen Balinsky
  • Patent number: 10713324
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for generating native application search results. In one aspect, a method includes accessing application package files for native applications, and for each native application: determining, from the application package file, an application name of the native application, accessing, at the data processing apparatus, application pages of the native application, and for each of the application pages, generating application page data describing content of the application page, an application page name of the application page, the content described by the application page data including text that a user device displays on the application page when the user device displays the application page, and indexing the application page data and application icon for the native application in an index that is searchable by a search engine.
    Type: Grant
    Filed: December 21, 2017
    Date of Patent: July 14, 2020
    Assignee: Google LLC
    Inventors: Dong Ha Lee, Jaehyun Yeom
  • Patent number: 10715317
    Abstract: A processor-implemented method improves security in a blockchain network of devices, which supports a blockchain, by protecting security, privacy, financial fairness, and secure transfer of identity assets. An identity asset provider device creates an identity asset related to an entity. The identity asset provider also creates a provider key, which is composed of multiple bits, and which is needed to decrypt an encrypted version of the identity asset. The identity asset provider device transmits the provider key bit-by-bit to an identity asset consumer device. A price for the provider key depends on how many bits have been transmitted to the identity asset consumer device.
    Type: Grant
    Filed: December 12, 2017
    Date of Patent: July 14, 2020
    Assignee: International Business Machines Corporation
    Inventors: Suresh Chari, Hasini Gunasinghe, Ashish Kundu, Kapil Kumar Singh, Dong Su
  • Patent number: 10713373
    Abstract: A computing system includes: a control unit configured to: receive user information through a vault user account; process the user information for storage in an information vault; implement a security protocol for the vault user account including to determine a security breach to the vault user account based on receiving an electronic communication from a user electronic contact address addressed to a breach detection contact address; a storage unit, coupled to the control unit, configured to store the user information.
    Type: Grant
    Filed: February 9, 2017
    Date of Patent: July 14, 2020
    Assignee: LifeSite, Inc.
    Inventors: Christopher Lloyd Wong, Barney G. Lee, Joseph Michael Kolba, Scott Anthony Sylvester
  • Patent number: 10706175
    Abstract: A browsing session integrated with a hidden credential authentication system and with a privacy level mode property is created or resumed. Private browsing data is encrypted and hidden and can be accessed by inputting correct credentials. If credentials inputted into the hidden credential authentication system match credentials stored on a storage medium, access is granted to one or more types of private browsing data.
    Type: Grant
    Filed: June 8, 2017
    Date of Patent: July 7, 2020
    Inventor: Nirvon Shoa
  • Patent number: 10698751
    Abstract: In one example in accordance with the present disclosure, a system for web services generation based on client-side code scans client-side code of a web technology to find included server call code, where the server call code includes a request to a web service. The system analyzes the server call code to determine a type of the request to the web service. The system generates web service code capable of handling requests of the type of the request to the web service.
    Type: Grant
    Filed: November 4, 2014
    Date of Patent: June 30, 2020
    Assignee: Micro Focus LLC
    Inventors: Elad Levi, Avigad Mizrahi, Ran Bar Zik
  • Patent number: 10691757
    Abstract: A method for servicing document search requests. The method includes receiving, by a document management service, a document search query from a requesting user, identifying, in a document repository, by the document management service, a document that matches the search query, and obtaining a permission level by the document management service, from an access control cache, based on a combination of the requesting user and an access control list required by the document. The access control cache is located on the document management service, and the access control cache is populated using content in an access control repository located on a repository server, separate from the document management service. The method further includes making a determination that the permission level is sufficient and based on the determination, returning the document to the requesting user, as a search result.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: June 23, 2020
    Assignee: EMC IP Holding Company LLC
    Inventors: Chao Chen, Jingjing Liu, Lei Zhang, Kunwu Huang, Hongtao Dai, Ying Teng
  • Patent number: 10678892
    Abstract: Techniques to provide mobile access to content are disclosed. A request from a mobile application running on a mobile device to access content is received at a connector node. A user credential associated with the request is used to identify at the connector node a policy associated with the request. A policy metadata associated with the policy is provided from the connector node to the mobile application running on the mobile device. The mobile application may include application code that is responsive to the policy metadata to perform, with respect to the request to access content, an action indicated by the policy.
    Type: Grant
    Filed: October 19, 2018
    Date of Patent: June 9, 2020
    Assignee: EMC IP Holding Company LLC
    Inventors: Anand Taralika, Divakara Challa, Srin Kumar, Alok Ojha, Leonard Chung
  • Patent number: 10678460
    Abstract: The subject matter described herein is generally directed to detecting and managing collisions in storage. A hash identifier (ID) for a first block of data is calculated and a determination is made whether the calculated hash ID matches hash IDs associated with a storage. If the calculated hash ID matches at least one of the hash IDs, the first block of data is compared with a second block of data, associated with the hash IDs, in the storage. If the first block of data is different from the second block of data based on the comparison, a hash number is associated with the calculated hash ID and the first block of data is stored in storage using the calculated hash ID and associated hash number as an index to the first block of data in the storage. In this manner, collision between data blocks is detected and prevented.
    Type: Grant
    Filed: March 12, 2018
    Date of Patent: June 9, 2020
    Assignee: VMware, Inc.
    Inventor: Dave Smith-Uchida
  • Patent number: 10678527
    Abstract: A method for application management and an electronic device therefor are provided. The electronic device includes a memory configured to store a first application, and a processor configured to obtain a request for installing a second application, compare a first identifier corresponding to the first application with a second identifier corresponding to the second application, if the first identifier is the same as the second identifier, compare first signature information corresponding to the first application with second signature information corresponding to the second application, if the first signature information is different from the second signature information, compare the first signature information with additional signature information corresponding to the second application, and if the first signature information is the same as the additional signature information, replace at least a portion of the first application by using at least a portion of the second application.
    Type: Grant
    Filed: October 21, 2016
    Date of Patent: June 9, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Myeong Jin Oh, Moon Kyung Kim, Kyung Moon Kim, Jae Young Lee
  • Patent number: 10657114
    Abstract: An import configuration section of a file is identified, where the import configuration identifies a database table. Key specifications of the database table are reserved based on the import configuration. A first and a second Boolean flag parameter associated with the database table is identified. A determination is made that i) a value of the first Boolean flag indicates importing of entries from the file into the database table is allowed, and that ii) a value of the second Boolean flag indicates removal of entries of the database table is allowed. In response to the determining entries are removed from the database table corresponding to the key specifications, and entries are imported from the file into the database table corresponding to the key specifications.
    Type: Grant
    Filed: November 28, 2017
    Date of Patent: May 19, 2020
    Assignee: SAP SE
    Inventors: Jonathan Bregler, Alexander Bunte, Arne Harren, Andreas Kellner, Daniel Kuntze, Simon Lueders, Volker Sauermann, Michael Schnaubelt, Le-Huan Stefan Tran
  • Patent number: 10657270
    Abstract: In some embodiments, a first device may generate a data block for an ordered set of data blocks such that the data block is cryptographically chained to a given data block preceding the data block in the ordered set. The first device may obtain an encryption key used to encrypt information related to the data block, and use group members' keys to encrypt the encryption key to generate a group key. As an example, the group's members may include a first member associated with the first device and other members. The keys used to encrypt the encryption key may include the other members' keys. The first device may transmit the ordered set and the group key to a communication resource (e.g., accessible by the members). Other devices (associated with the other members) may use the ordered set and the group key to obtain content related to the ordered set.
    Type: Grant
    Filed: December 12, 2018
    Date of Patent: May 19, 2020
    Assignee: TOPIA TECHNOLOGY, INC.
    Inventors: John Haager, Cody Sandwith, Janine Terrano, Prasad Saripalli
  • Patent number: 10652248
    Abstract: A method includes receiving an access request at a first computing device from a second computing device, the access request specifying a data structure, the data structure including first data stored in a first portion of the data structure and second data stored in a second portion of the data structure. The method also includes extracting a first key from the access request and identifying a data rights definition that is associated with the data structure and that is associated with a second key, the data rights definition indicating that the first data but not the second data is shared with an entity associated with the second computing device. The method further includes comparing the first key to the second key, and, based on the comparison, determining whether to grant the second computing device access to the first data but not the second data.
    Type: Grant
    Filed: July 28, 2016
    Date of Patent: May 12, 2020
    Assignee: Molecula Corp.
    Inventors: Higinio O. Maycotte, Travis Turner, Troy Lanier
  • Patent number: 10650121
    Abstract: Methods and systems for performing real time digital content concealment are described herein. A computing device may, in response to detecting a user within view of an image capture device of a client device, perform a first type of text recognition on a first region of digital content and a second type of text recognition on a second region of the digital content, where the first type of text recognition is determined based on a first type of content items contained in the first region and the second type of text recognition is determined based on a second type of content items contained in the second region. Based at least in part on rules corresponding to the user, the computing device may determine content items within the digital content to be concealed, and may modify the digital content to conceal the content items.
    Type: Grant
    Filed: January 8, 2019
    Date of Patent: May 12, 2020
    Assignee: Citrix Systems, Inc.
    Inventors: Daowen Wei, Jian Ding, Hengbo Wang
  • Patent number: 10642986
    Abstract: Disclosed are various embodiments for detecting unknown software vulnerabilities and system compromises. During a learning period, it is determined which of a plurality of portions of a software package are invoked. At least one unused portion of the software package is determined based at least in part on the portions of the software package invoked during the learning period. Access to the unused portion(s) of the software package is then prevented.
    Type: Grant
    Filed: June 19, 2018
    Date of Patent: May 5, 2020
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventor: Nima Sharifi Mehr
  • Patent number: 10628580
    Abstract: Some embodiments provide a method for a device having multiple users. The method identifies a process installed on the device that requires an isolated storage in a file system of the device. For each of a set of the users of the electronic device, the method assigns at least one container for use by the process within a user-specific section of the file system. The containers assigned to the process in a section of the file system specific to a particular user are only accessible by the process when the particular user is logged into the device. The method assigns at least one container for use by the process within a non-user-specific section of the file system. The containers assigned to the process within the non-user-specific section of the file system are accessible by the process irrespective of which user is logged into the device.
    Type: Grant
    Filed: September 22, 2016
    Date of Patent: April 21, 2020
    Assignee: APPLE INC.
    Inventors: Andrew S. Terry, Kelly B. Yancey, Pierre-Olivier J. Martel, Richard L. Hagy, Timothy P. Hannon, Alastair K. Fettes
  • Patent number: 10627993
    Abstract: A clipboard component provides a multi-item clipboard store. The clipboard component uses a technical strategy that facilitates its efficient adoption and use by end users and application developers. From an end user's standpoint, the clipboard component provides a new user experience which is easy for the users to discover, learn and use, due, in part, to the use of ergonomic control mechanisms for activating paste and copy operations. From a developer's standpoint, the clipboard component provides a way of allowing existing legacy applications to interact with a multi-item clipboard store, even though these applications were not originally created to provide that type of interaction. The clipboard component can also, upon instruction by a user, apply one or more supplemental operations to a copied content item, such as transferring the item to a target computing device.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: April 21, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Matthew Isaac Worley, Chaitanya Dev Sareen, Christopher Doan, Jason Morris Yore, Apurva Jain, Richard Fang
  • Patent number: 10630659
    Abstract: An example method of key management for encryption of traffic in a network having a network nodes includes negotiating, between a first network node and a centralized key management server, to obtain a master key shared among the network nodes; receiving, at the first network node, a first identifier for the first network node and a second identifier for a second network node; generating, at the first network node, a first session key by supplying the master key, the first identifier, and the second identifier as parametric input to a function; establishing, using a network stack of the first network node, a first point-to-point tunnel through the network to the second network node without a key exchange protocol; and sending first traffic from the first network node to the second network node through the first point-to-point tunnel, the first traffic including a portion encrypted by the first session key.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: April 21, 2020
    Assignee: Nicira, Inc.
    Inventors: Jinqiang Yang, Ganesan Chandrashekhar, Bin Qian, Amit Chopra, Sanal Pillai
  • Patent number: 10623435
    Abstract: Application security analysis including systems and methods for analyzing applications for risk is provided. In an example method, the applications reside on a mobile device configurable to access an enterprise system. The example method includes evaluating each of a plurality of applications variously for privacy, data leakage, and malicious behavior. The example method also includes calculating a risk score for each of the plurality of applications based on the evaluating; and automatically remediating (e.g., quarantining) the applications, of the plurality of applications, for which the risk score meets or exceeds a risk score threshold. The method may evaluate all of the applications residing on a mobile device. The method may include grouping application behaviors, for each of the applications, that indicate an increased risk into groups comprising two or more of privacy risk, a data leakage risk, an account takeover risk, a device takeover risk, and a malware risk.
    Type: Grant
    Filed: August 14, 2018
    Date of Patent: April 14, 2020
    Assignee: Proofpoint, Inc.
    Inventors: David Alexander Jevans, Suresh Kumar Basandra
  • Patent number: 10621363
    Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for layering authorization of resource distribution documents within an entity. In this way, the invention generates a multi-step layering process for resource distribution document generation. As such, each individual involved in resource distribution document generation process may add a unique layer to the resource distribution document prior to being authorized for use. Once the several layers have all been applied to the resource distribution document, the document becomes authenticated and approved for use. In some embodiments, the layers may include physical layers on the resource distribution document, such as account numbers, signature lines or the like. In some embodiments, the layers may include digital layers that combine to create a digital or physical marking on the resource distribution document identifying authentication for depositing.
    Type: Grant
    Filed: June 13, 2017
    Date of Patent: April 14, 2020
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Manu Jacob Kurian, Joseph Benjamin Castinado
  • Patent number: 10613933
    Abstract: In some examples, a multi-node system may access physical storage divided into extents and further arranged into extent groups that may be allocated on demand as thin provisioned storage in response to write requests. Protection class instances are set with specified data protection capabilities. Each instance acts as a logical unit having a distinct addressable block storage space from the extent groups allocated thereto. The extents in an extent group to be allocated to a given protection class instance may vary depending on the protection class capabilities. Management information for the extents, extent groups, and protection classes may be stored in mirrored devices separate from the write data stored in the extents for providing redundant protection to the management information and for increasing the availability of write data in the event of a failure that may cause data loss at one or more locations in the system.
    Type: Grant
    Filed: December 9, 2014
    Date of Patent: April 7, 2020
    Assignee: Hitachi Vantara LLC
    Inventors: Charles C. Bennett, Jr., Nathan W. Clark, Kevin Canuette Grimaldi
  • Patent number: 10594721
    Abstract: A proxy computer system receives content intended for a client computer from a third-party network service, where the content includes an encrypted portion. The proxy computer system makes a determination as to whether the encrypted portion is to be decrypted for the client computer, where the determination is made based at least in part on a historical analysis of the client computer. The proxy computer system sends the content to the client computer in a form that is based on the determination.
    Type: Grant
    Filed: November 9, 2017
    Date of Patent: March 17, 2020
    Assignee: StratoKey Pty Ltd.
    Inventor: Anthony Scotney
  • Patent number: 10586076
    Abstract: Disclosed are systems, methods and computer program products for controlling access to operating system (OS) resources. An exemplary method includes: creating an OS resource associated with a first program; assigning a unique label to the first program; associating the unique label with the OS resource; and configuring a resource descriptor of the OS resource to allow access to the OS resource to processes having the same unique label as the first program, and to deny access to the OS resource to processes having a different label.
    Type: Grant
    Filed: August 24, 2016
    Date of Patent: March 10, 2020
    Assignee: Acronis International GmbH
    Inventors: Vladimir Simonov, Stanislav Protasov, Serguei M. Beloussov
  • Patent number: 10579795
    Abstract: The disclosed computer-implemented method for terminating a computer process blocking user access to a computing device may include (1) receiving, at a user computing device, a communication indicating that a user is unable to access the user computing device, (2) identifying, by the user computing device, an active computer process running on the user computing device, and (3) executing a process termination application stored on the user computing device to terminate the active computer process and enable the user to access the user computing device. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 13, 2016
    Date of Patent: March 3, 2020
    Assignee: CA, Inc.
    Inventors: Candid Wueest, Dinesh Venkatesan
  • Patent number: 10579451
    Abstract: A method for execution by one or more processing modules of one or more computing devices of a dispersed storage network (DSN), the method begins by maintaining dispersed storage network (DSN) storage and maintenance loading information. The method continues by estimating a future data access task rate and determining a probability level of potential future data loss based on the estimated future data access task rate. The method continues, when the probability level of the potential future data loss compares unfavorably to a maximum probability of data loss threshold level, by facilitating execution of a preventative data loss mitigation process and when a current data access task rate is greater than a maximum task rate level, suspending the execution of the preventative data loss mitigation process.
    Type: Grant
    Filed: December 19, 2017
    Date of Patent: March 3, 2020
    Assignee: PURE STORAGE, INC.
    Inventors: Teague S. Algie, Alexandra Gail Algie
  • Patent number: RE48146
    Abstract: A data search server stores a system ciphertext including a data ciphertext and a keyword ciphertext in each category-specific DB unit for each data category, and stores each category-determination secret key being associated with each category-specific DB unit. A search request receiving unit receives from a data search terminal a search request including a search trapdoor and an index tag. A data searching unit searches for a category-determination secret key with which the index tag is decrypted to the same value as a key-determination value. Using the search trapdoor, the data searching unit performs a search of a Public-key Encryption with Keyword Search scheme on system ciphertexts in a category-specific DB unit associated with this category-determination secret key. A search result transmitting unit transmits to the data search terminal a data ciphertext included in a system ciphertext which has been found as a hit in the search.
    Type: Grant
    Filed: May 21, 2018
    Date of Patent: August 4, 2020
    Assignee: MITSUBISHI ELECTRIC CORPORATION
    Inventors: Mitsuhiro Hattori, Nori Matsuda, Takashi Ito, Takumi Mori, Takato Hirano