Message Digest Travels With Message Patents (Class 713/181)
  • Patent number: 10691526
    Abstract: Output is obtained from a remote computer function on a first set of arguments. Responsive to determining that the output exhibits an error, a fixer routine, other than a retry, is applied to the arguments to produce new arguments. Output is obtained from the remote computer function on the new arguments. In a case where the output from the remote computer function on the new arguments is acceptable, the output from the remote computer function on the new arguments is used as a corresponding output from the remote computer function on the first set of arguments. These steps can advantageously be carried out without modifying program code of the remote computer function and without access to the program code of the remote computer function; for example, by a wrapper which black-box wraps the remote computer function.
    Type: Grant
    Filed: November 8, 2017
    Date of Patent: June 23, 2020
    Assignee: International Business Machines Corporation
    Inventors: Daniel W. Barowy, Emery D. Berger, Charles M. Curtsinger, Rodric Rabbah
  • Patent number: 10686587
    Abstract: A method for saving the information security of data transmitted by a databus, in which the data to be transmitted via the databus from a transmitter (ECUs) to at least one receiver (ECUR) are divided into data blocks (M0 . . . Mn) before being sent off, wherein the data blocks (M0 . . . Mn) are encrypted and/or signed block by block by means of a sponge construction for forming a cryptological hash function, utilizing a key, and cipher blocks (C0 . . . Cn) generated in this way are transmitted via the databus to the at least one receiver. The invention also relates to a corresponding databus system.
    Type: Grant
    Filed: May 19, 2016
    Date of Patent: June 16, 2020
    Assignee: Continental Teves AG & Co. oHG
    Inventors: Hans Gregor Molter, Marc Stoettinger
  • Patent number: 10685124
    Abstract: An evaluation apparatus that is connected to a bus used by a plurality of electronic control units that constitute an electronic control system for communication and that evaluates security of the electronic control system. The evaluation apparatus includes a transmitter that sends, to the bus, at least one attack frame including an invalidation frame for invalidating a frame on the bus, a monitor that monitors at least one of the plurality of electronic control units, and an evaluator that evaluates the electronic control system in terms of security on the basis of the result of monitoring performed by the monitor when the attack frame is sent from the transmitter to the bus.
    Type: Grant
    Filed: March 27, 2018
    Date of Patent: June 16, 2020
    Assignee: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA
    Inventors: Hiroshi Amano, Toshihisa Nakano, Kimio Minami, Takako Hirose
  • Patent number: 10581609
    Abstract: A method is provided for authenticating a log message in a distributed network having a plurality of nodes coupled to a serial bus. In the method, a log session is started by a first device at a first node of the plurality of nodes. A first counter value is provided by the first device to the serial bus. A log message is generated by a second device at a second node of the plurality of nodes. A second counter value is generated by the second device. A log message payload is generated for the log message, wherein the log message payload includes a log message authentication code. A computation of the log message authentication code includes the first counter value and the second counter value. The second device does not store the first counter value in a non-volatile memory on the second device.
    Type: Grant
    Filed: October 23, 2017
    Date of Patent: March 3, 2020
    Assignee: NXP B.V.
    Inventor: Thierry G. C. Walrant
  • Patent number: 10582425
    Abstract: The embodiments herein relate to a method performed by a mobility node for handling network connections for a UE. The UE is simultaneously connected to a first gateway via a connection to a 3GPP network and a connection to a non-3GPP network. The mobility node detects that the UE has moved to another location. The mobility node selects a second gateway that the UE should be relocated to. The second gateway is closer to the UE at the other location. The mobility node transmits relocation information to the first gateway. The relocation information indicates that a gateway relocation to the second gateway is required for the UE. The gateway relocation involves deactivation of both the connection to the 3GPP and the non-3GPP network.
    Type: Grant
    Filed: October 14, 2015
    Date of Patent: March 3, 2020
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventor: Wenliang Xu
  • Patent number: 10574940
    Abstract: Embodiments include methods, systems and computer program products for minimizing face-to-face interaction for law enforcement officers during traffic stops. Aspects include broadcasting, by a law enforcement device, a request to initiate a secure communication channel with a driver device and receiving by the law enforcement device, a notification that the driver device has accepted the request. Aspects also include initiating a video conference between the law enforcement device and the driver device over the secure communication channel and transferring, between the driver device and the law enforcement device, one or more documents over the secure communication channel.
    Type: Grant
    Filed: October 31, 2017
    Date of Patent: February 25, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Ali Y. Duale, Shailesh R. Gami, Arkadiy O. Tsfasman, John S. Werner
  • Patent number: 10530801
    Abstract: An anomaly detection electronic controller performs anomaly detection processing and is connected to a bus, which a plurality of electronic controllers use for communication to communicate following a Controller Area Network (CAN) protocol. The anomaly detection electronic controller includes an anomaly detection processor that performs anomaly detection processing regarding a data frame. The anomaly detection controller also includes an anomaly detection processing requester that decides an anomaly detection processing timing in accordance with a state of a vehicle in which the bus is installed when receiving the data frame, the anomaly detection processing timing being a reception timing of one or multiple fields in the data frame. The anomaly detection processor further performs the anomaly detection processing regarding the data frame at the anomaly detection processing timing decided by the anomaly detection processing requester.
    Type: Grant
    Filed: April 30, 2019
    Date of Patent: January 7, 2020
    Assignee: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA
    Inventors: Takeshi Kishikawa, Yoshihiro Ujiie, Tomoyuki Haga, Hideki Matsushima
  • Patent number: 10469569
    Abstract: Optimizing receive side scaling (RSS) key selection is provided. Different weights are assigned to different fields of flow data corresponding to a network connection of a registered client device. A score is generated representing an amount of balanced processor loading for each RSS key corresponding to the registered client device based on the different fields of the flow data with assigned weights. A current RSS key on the registered client device is updated with an optimal RSS key based on the score corresponding to the optimal RSS key representing balanced loading of processors on the registered client device.
    Type: Grant
    Filed: March 22, 2018
    Date of Patent: November 5, 2019
    Assignee: International Business Machines Corporation
    Inventors: Chih-Wen Chao, Wei-Hsiang Hsiung, Kuo-Chun Chen, Ming-Pin Hsueh, Sheng-Tung Hsu
  • Patent number: 10404696
    Abstract: In an embodiment, a computer-implemented method comprises: in response to receiving a first authentication request from one or more first computing devices, authenticating the first computing devices on behalf of a first client device using a first set of identity information; in response to authenticating the first computing devices, generating and queuing a first set of one or more transactions corresponding to at least one of the one or more first computing devices; in response to receiving a second authentication request from the first client device configured to access the first set of one or more transactions, authenticating the first client device on behalf of a second computing device using a second set of identity information that is associated with the first client device; in response to performing the second authentication service, encrypting and sending the first set of one or more transactions to the first client device.
    Type: Grant
    Filed: September 17, 2018
    Date of Patent: September 3, 2019
    Assignee: Xage Security, Inc.
    Inventors: Susanto Junaidi Irwan, Ganesh B. Jampani, Andy Sugiarto
  • Patent number: 10387350
    Abstract: A configurable sponge function engine. The configurable engine includes a register having bitrate and capacity sections, each having a variable size, where a sum of the bitrate and capacity sizes is fixed. A controller generates a bitrate size indication. A configurable message processor receives an input message from an input bus, receives the size indication, fragments the input message into fragmented blocks of a size specified by the size indication, and converts the blocks to a bus width of the bitrate and capacity sizes. An iterative calculator receives the blocks, performs iterative processing operations on the blocks, and stores a result of each operation in the register overwriting a previous register value. An output adaptor receives a value stored in the register after the block corresponding to the end of the input message is processed and outputs the register value converted to have an output bus width.
    Type: Grant
    Filed: December 21, 2017
    Date of Patent: August 20, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Ron Diamant, Ori Weber, Omer Shaked
  • Patent number: 10372895
    Abstract: A method for providing a security environment. The method includes detecting user information from an accessory in response to detection of the accessory, performing security authentication with input security information if the user information is detected; and providing the security environment when the security authentication is successful.
    Type: Grant
    Filed: April 18, 2014
    Date of Patent: August 6, 2019
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Yung-Kwan Kim, Jong-Seok Kim
  • Patent number: 10339310
    Abstract: A method for determining malicious attachments on messages is described. A computing device may receive an electronic message, including one or more unopened attachments, and identify one or more characteristic values of the message header, message body, or attachments of the message. The computing device may analyze the identified characteristics and in some instances compare at least a portion of the characteristics, individually or in combination, with one or more configured thresholds of the computing device. The computing device may determine an attachment is embedded with a macro. The macro may be associated with a visual basic application (VBA) and contain malicious code. Based on the determination, the computing device may initiate a security protocol, including notification via a user interface of the device.
    Type: Grant
    Filed: July 12, 2017
    Date of Patent: July 2, 2019
    Assignee: Symantec Corporation
    Inventors: Eduardo Altares, Maersk Chastine Menrige
  • Patent number: 10320826
    Abstract: An anomaly detection electronic control unit, that performs anomaly detection processing and that is connected to a bus which a plurality of electronic control units use for communication to communicate following a Controller Area Network (CAN) protocol, includes an anomaly detection processing requester that decides an anomaly detection processing timing based on an ID of a data frame acquired from the bus, and an anomaly detection processor that performs anomaly detection processing regarding the data frame at the anomaly detection processing timing decided by the anomaly detection processing requester.
    Type: Grant
    Filed: August 4, 2016
    Date of Patent: June 11, 2019
    Assignee: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA
    Inventors: Takeshi Kishikawa, Yoshihiro Ujiie, Tomoyuki Haga, Hideki Matsushima
  • Patent number: 10289866
    Abstract: A privacy management system that is adapted for, in the course of processing a particular data subject access request, automatically determining a type of the data subject access request, such as: (1) a request to delete personal data of the requestor that is being stored by a particular organization; (2) a request to provide, to the requestor, personal data of the requestor that is being stored by the particular organization; (3) a request to update personal data of the requestor that is being stored by the particular organization; and (4) a request to opt out of having the particular organization use the requestor's personal information in one or more particular ways. After making this determination, the system may determine, based on the determined type of data subject access request, a particular workflow to follow in processing the data subject access request, and then execute the determined workflow.
    Type: Grant
    Filed: August 9, 2018
    Date of Patent: May 14, 2019
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Jason L. Sabourin, Jonathan Blake Brannon, Mihir S. Karanjkar, Kevin Jones
  • Patent number: 10243732
    Abstract: Technology can be used for sending and receiving messages on a CAN bus with a plurality of ECUs. The technology can include identifying a first message to send to a receiving ECU from a sending ECU; incrementing a sender-version message counter for the message type; determining to create a second session for the message type in the sending ECU; generating a second sender-version session key to be used during the second session in the sending ECU; and resetting the sender-version message counter. The technology further includes processing the first message using the second sender-version session key, including performing an operation to combine the sender-version message counter with the first message to create a combined message and encoding the combined message using the second sender-version session key to create an encoded message. The technology further includes sending the encoded message to the receiving ECU on the CAN bus.
    Type: Grant
    Filed: June 27, 2018
    Date of Patent: March 26, 2019
    Assignee: KARAMBA SECURITY
    Inventors: Amir Herzerg, Assaf Harel, Eli Mordechai, Tal Efraim Ben David, Amiram Dotan, David Barzilai, Itay Hazon
  • Patent number: 10216819
    Abstract: According to embodiments of the present invention, machines, systems, methods and computer program products as part of a data replication process are provided. One or more complex transformations are identified from source code files of installed software products on a target system. A subscription is created for each complex transformation, the subscription containing instructions for transforming data within the source system into a form compatible with the target system. The instructions are executed within the target system to transform source data of the source system into a form compatible with the target system.
    Type: Grant
    Filed: March 20, 2015
    Date of Patent: February 26, 2019
    Inventors: Rachel L. Jarvie, Nick Marcovecchio, Gregg W. Miller
  • Patent number: 10210233
    Abstract: According to embodiments of the present invention, machines, systems, methods and computer program products as part of a data replication process are provided. One or more complex transformations are identified from source code files of installed software products on a target system. A subscription is created for each complex transformation, the subscription containing instructions for transforming data within the source system into a form compatible with the target system. The instructions are executed within the target system to transform source data of the source system into a form compatible with the target system.
    Type: Grant
    Filed: December 16, 2015
    Date of Patent: February 19, 2019
    Assignee: International Business Machines Corporation
    Inventors: Rachel L. Jarvie, Nick Marcovecchio, Gregg W. Miller
  • Patent number: 10158548
    Abstract: Methods and systems for processing web pages by a server system (e.g., a proxy server) are disclosed. The proxy server is coupled to a user device and a plurality of web servers. The proxy server receives a first request for a first web page provided by a first web server from the user device. The first web page is zero-rated. In response to receiving the first request, the proxy server retrieves the requested first web page from the first web server. The proxy server then processes the retrieved first web page. The proxy server identifies one or more resource identifiers contained within the retrieved first web page and appends one or more signatures to the identified one or more resource identifiers respectively. Each identified resource identifier is associated with a content item that is zero-rated. The proxy server further forwards the processed first web page to the user device.
    Type: Grant
    Filed: August 24, 2016
    Date of Patent: December 18, 2018
    Assignee: Facebook, Inc.
    Inventors: Dekel Shmuel Naar, Itay Duvdevani
  • Patent number: 10140450
    Abstract: A method of real-time data security of a communications bus, the method comprising the steps of: reading at least an early portion of a message being transmitted over a communications bus, determining whether the message is suspicious, according to at least one rule applied on the read early portion of the message, and upon determining that the message is suspicious, corrupting at least a part of the message.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: November 27, 2018
    Assignee: ARILOU INFORMATION SECURITY TECHNOLOGIES LTD.
    Inventors: Gil Litichever, Ziv Levi
  • Patent number: 10104077
    Abstract: In an embodiment, a computer-implemented method comprises receiving a first authentication request from one or more first computing devices; in response to receiving the first authentication request, performing a first authentication service for the one or more first computing devices on behalf of a second computing device using a first set of identity information; in response to performing the first authentication service, generating and queuing a first set of one or more transactions corresponding to at least one of the one or more first computing devices; receiving a second authentication request from the second computing device configured to access the first set of one or more transactions; in response to receiving the second authentication request, performing a second authentication service for the second computing device on behalf of a third computing device using a second set of identity information; in response to performing the second authentication service, encrypting and sending the first set of on
    Type: Grant
    Filed: October 6, 2017
    Date of Patent: October 16, 2018
    Assignee: XAGE SECURITY, INC.
    Inventors: Susanto Junaidi Irwan, Ganesh B. Jampani, Andy Sugiarto
  • Patent number: 10084688
    Abstract: Systems, methods, and computer program products for transmitting data between devices are disclosed. A device may utilize a standardized communication system (“SCS”) to transmit data directly between devices including an SCS. The SCS may discover available devices. The SCS may determine available transmission paths between a first device and a second device. The SCS may select a transmission path between the first device and the second device, and the SCS may transmit data from the first device to the second device using a standardized communication protocol (“SCP”).
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: September 25, 2018
    Assignee: FASETTO, INC.
    Inventors: Coy Christmas, Luke Malpass
  • Patent number: 10007895
    Abstract: A networking database containing a plurality of records for different identities in which identities are connected to one another by defined or interpreted Inter-Personal and Intra-Personal relationships. Individuals using the system may define, group and categorize specific identities and relationships; the system may also define, categorize and group both identities and relationships belonging to individuals registered with the system and unregistered users through computational analysis. Identities and relationships may be discovered by the system via an opt-in user-provided mechanism, via a third-party providing information, or through the system's own discovery. Identity and Relationship data can then be used to customize content.
    Type: Grant
    Filed: January 30, 2008
    Date of Patent: June 26, 2018
    Inventor: Jonathan Brian Vanasco
  • Patent number: 9894081
    Abstract: A method and device for avoiding manipulation of a data transmission. A message containing a message authentication code is received at a processing unit, the message from the processing unit is transferred to a hardware module, a check value as a function of the received message is computed in the hardware module, the received message authentication code and the check value are compared in the hardware module, a result of the comparison is transferred from the hardware module to the processing unit as an output variable, the message authentication code received in the message from the processing unit is checked in the processing unit based on the output variable.
    Type: Grant
    Filed: April 19, 2017
    Date of Patent: February 13, 2018
    Assignee: ROBERT BOSCH GMBH
    Inventors: Dirk Wagner, Andreas Soenkens, Frank Ahnert, Juergen Schramm, Thomas Hartgen, Werner Stadler
  • Patent number: 9892261
    Abstract: A system to identify and counter computer malware. The system comprises a processor, a memory, a data store comprising information about known computer malware, wherein the information about known computer malware is partitioned into a plurality of malware families, and comprising a plurality of mappings, wherein each mapping associates one malware family with at least one countermeasure for mitigating a risk to an information technology asset posed by the known computer malware associated with the malware family, and an application stored in the memory. The application analyzes a software artifact, determines characteristics of the software artifact, and determines a plurality of metrics, each metric representing a degree of match between the software artifact and one of the plurality of malware families. Based on the plurality of metrics, the application further determines a malware family that best matches the software artifact.
    Type: Grant
    Filed: April 28, 2015
    Date of Patent: February 13, 2018
    Assignee: FireEye, Inc.
    Inventors: Sharwan Kumar Joram, Shyam Prakash Jha, William Matthew Hartley, Madhav Sonthalia
  • Patent number: 9886733
    Abstract: Watermark data is converted to watermark coefficients, which may be embedded in an image by converting the image to a frequency domain, embedding the watermark in image coefficients corresponding to medium-frequency components, and converting the modified coefficients to the spatial domain. The watermark data is extracted from the modified image by converting the modified image to a frequency domain, extracting the watermark coefficients from the image coefficients, and determining the watermark data from the watermark coefficients. The watermark data may be truncated image data bits such as truncated least significant data bits. After extraction from the watermark, the truncated image data bits may be combined with data bits representing the original image to increase the bit depth of the image. Watermark data may include audio data portions corresponding to a video frame, reference frames temporally proximate to a video frame, high-frequency content, sensor calibration information, or other image data.
    Type: Grant
    Filed: July 11, 2016
    Date of Patent: February 6, 2018
    Assignee: GoPro, Inc.
    Inventor: Balineedu Chowdary Adsumilli
  • Patent number: 9875362
    Abstract: For enabling improvement in throughput for generating a hash value, a hash value generation apparatus comprises: a ? operation unit configured to execute a ? operation included in a round process of a SHA-3 algorithm; a ? operation unit configured to execute a ? operation included in the round process; a ? operation unit configured to execute a ? operation included in the round process; a ? operation unit configured to execute a ? operation included in the round process; and an ? operation unit configured to execute an ? operation included in the round process, wherein the ? operation unit receives data for each sheet structure, and starts to execute the ? operation upon receiving data of three sheet structures.
    Type: Grant
    Filed: September 27, 2013
    Date of Patent: January 23, 2018
    Assignee: Canon Kabushiki Kaisha
    Inventor: Shinya Yamada
  • Patent number: 9843444
    Abstract: Disclosed is a communication apparatus for executing processing for sharing an encryption key between itself and another party's communication apparatus, wherein the communication apparatus executes the processing, respectively at least one time, as an authenticating apparatus and an authenticated apparatus. The communication apparatus determines which encryption key of an encryption key provided by this communication apparatus and an encryption key provided by the other party's communication apparatus is the encryption key used in common by this communication apparatus and the other party's communication apparatus, and decides, in accordance with result of the determination, which of this communication apparatus and the other party's communication apparatus is to be made the authenticating apparatus first.
    Type: Grant
    Filed: April 9, 2013
    Date of Patent: December 12, 2017
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Fumihide Goto
  • Patent number: 9805200
    Abstract: A system, method and computer-readable storage devices for providing protection mechanisms to a server motherboard prior to its booting. A system configured according to this would, upon receiving power at a motherboard, and prior to booting the motherboard: generate a nonce, send the nonce to a first component on the motherboard, and send the nonce to a second component on the motherboard. The system then receives a response from at least one of the first component on the motherboard and the second component on the motherboard, wherein the response is based on a communication protocol between the first component and the second component, the communication protocol utilizing the nonce. When the response indicates a correct hardware configuration, the system performs the booting of the motherboard.
    Type: Grant
    Filed: February 1, 2016
    Date of Patent: October 31, 2017
    Assignee: QUANTA COMPUTER, INC.
    Inventors: Kuo-Shu Huang, Wei-Yu Chien
  • Patent number: 9717992
    Abstract: A system and method for passively validating network game users is provided. Data indicative of game behavior and actions at one or more nodes interacting with a network game in a network game community are monitored. The data is evaluated to determine whether the one or more nodes are adhering to one or more rules associated with the network game. Data indicative of illicit game behavior may trigger various responses including invalidation of the node engaged in the illicit behavior. Alternatively, a query may be generated to further identify the nature and/or actual existence of illicit behavior at the node. Monitoring of game data may occur at a server, a peer, as part of a peer group or combinations thereof, which may be based on routine schedule or part of constant game behavior monitoring.
    Type: Grant
    Filed: June 24, 2014
    Date of Patent: August 1, 2017
    Assignee: SONY INTERACTIVE ENTERTAINMENT AMERICA LLC
    Inventors: Adam P. Harris, Steve C. Schneider
  • Patent number: 9692770
    Abstract: Provided is a signature verification system including a communication device and a verification device. The communication device and the verification device are connected to each other through a network. The communication device derives a first hash value from a first random number, derives a second hash value from data including electronic data and a certificate of the communication device which includes the first hash value and a public key of the communication device, using a unidirectional function, generates a signature using a secret key of the communication device with respect to the second hash value, and transmits the electronic data, the certificate, and the signature to the verification device.
    Type: Grant
    Filed: May 14, 2015
    Date of Patent: June 27, 2017
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventors: Kenjiro Ike, Saburo Toyonaga, Hiroyuki Tanaka, Masakatsu Matsuo
  • Patent number: 9654294
    Abstract: Various examples are directed to systems and methods for coordinating a non-repudiable atomic commit transaction. A client may direct a transaction request to a transaction manager, where the transaction request comprises a transaction origin token. The transaction manager may create a transaction submission token and provide it to the client. The transaction manager may create a digest of a first work item to be executed by a first resource manager and send the digest to the first resource manager. The first resource manager may send the transaction manager a work item receipt token. The transaction manager may send the resource manager the transaction origin token.
    Type: Grant
    Filed: February 26, 2015
    Date of Patent: May 16, 2017
    Assignee: Red Hat, Inc.
    Inventors: Thomas John Jenkinson, Paul Fletcher Robinson
  • Patent number: 9628281
    Abstract: A long-term signature verification server receives long-term signature data configured using signing target data, verification information for verifying the signing target data, and long-term verification information for verifying the authenticity of original data from a verifier terminal. The server verifies the signing target data and the verification information for a predetermined period of time, forms long-term verification information forming information by extracting predetermined information included in the long-term signature data, and transmits the long-term verification information forming information to the verifier terminal.
    Type: Grant
    Filed: July 24, 2014
    Date of Patent: April 18, 2017
    Assignee: SEIKO INSTRUMENTS INC.
    Inventors: Shinichi Murao, Masakazu Uehata, Koichi Shibata
  • Patent number: 9569905
    Abstract: A method is described that involves creating a private key and a public key cryptographic key pair, generating a unique and random identifier for a voter's vote and accepting an election vote from said voter. The vote and identifier are electronically signed with the private key to create a digital signature. The vote and identifier are provided in a human readable format to the voter.
    Type: Grant
    Filed: November 11, 2011
    Date of Patent: February 14, 2017
    Inventors: Barry Cohen, Ira Cohen
  • Patent number: 9563769
    Abstract: A system and method for securely loading data in a cache memory associated with at least one secure processor that performs data processing by using at least one untrusted external memory storing data to be processed, at least one secure internal cache memory to load or store data, and at least one secure cache translator operating as a memory management unit. The secure cache translator stores, into a secure cache digest table, parameters arranged on persistent and variable data pages. The parameters comprise at least a root digest based on node digests calculated on at least one persistent data page according to a Merkle tree structure. The integrity of the data pages is verified during transfers between the secure internal cache memory and the external memory by comparing a calculated root digest with the root digest stored in the secure cache digest table.
    Type: Grant
    Filed: June 10, 2015
    Date of Patent: February 7, 2017
    Assignee: NAGRAVISION S.A.
    Inventors: Didier Hunacek, Marco Macchetti, Patrick Servet
  • Patent number: 9565558
    Abstract: In one or more embodiments, a network provider can receive a request to access a public network via a wireless network implemented via one or more wireless access points. The network provider can receive, via an unsecured wireless communication from a mobile device utilizing the wireless network and via a hypertext transfer protocol secure (HTTPS), an encryption key usable to secure wireless communications from the mobile device utilizing the wireless network. The encryption key can be encrypted via a public encryption key, received from the network provider or previously stored by the mobile device, associated with the network provider. The network provider can decrypt the encryption key and can provide the encryption key to a wireless access point implementing the wireless network and communicating with the mobile device. The wireless access point and the mobile device can communicate in a secure fashion based on the encryption key.
    Type: Grant
    Filed: October 21, 2011
    Date of Patent: February 7, 2017
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: Assad Radpour
  • Patent number: 9529874
    Abstract: A computer manages methods for determining accurate document transformation by rendering the source document into a non-rasterized format, where the non-rasterized format is a rendered source document. The computer rendering the target document into a non-rasterized format, where the non-rasterized format is a rendered target document. The computer comparing one or more aspects of the rendered source document to corresponding one or more aspects of the rendered target document. The computer determining, based, at least in part, on the compared one or more aspects, whether or not the source document was accurately transformed to the target document.
    Type: Grant
    Filed: December 19, 2013
    Date of Patent: December 27, 2016
    Assignee: International Business Machines Corporation
    Inventors: Michael Baessler, Thomas A. P. Hampp-Bahnmueller, Philipp Hoffmann, Markus Lorch, Juergen Maletz, Daniel Pittner, Werner Schollenberger, Dirk Seider
  • Patent number: 9529876
    Abstract: A computer manages methods for determining accurate document transformation by rendering the source document into a non-rasterized format, where the non-rasterized format is a rendered source document. The computer rendering the target document into a non-rasterized format, where the non-rasterized format is a rendered target document. The computer comparing one or more aspects of the rendered source document to corresponding one or more aspects of the rendered target document. The computer determining, based, at least in part, on the compared one or more aspects, whether or not the source document was accurately transformed to the target document.
    Type: Grant
    Filed: June 5, 2014
    Date of Patent: December 27, 2016
    Assignee: International Business Machines Corporation
    Inventors: Michael Baessler, Thomas A. P. Hampp-Bahnmueller, Philipp Hoffmann, Markus Lorch, Juergen Maletz, Daniel Pittner, Werner Schollenberger, Dirk Seider
  • Patent number: 9477714
    Abstract: Methods and apparatus are described for scoring documents in response, in part, to parameters related to the document, source, and/or cluster score. Methods and apparatus are also described for scoring a cluster in response, in part, to parameters related to documents within the cluster and/or sources corresponding to the documents within the cluster. In one embodiment, the invention may detect at least one document within the cluster; analyze a parameter corresponding to the document; and compute a cluster score based, in part, on the parameter, wherein the cluster score corresponds with at least one document within the cluster.
    Type: Grant
    Filed: September 17, 2014
    Date of Patent: October 25, 2016
    Assignee: Google Inc.
    Inventors: Krishna Bharat, Jeffrey A. Dean, Michael Curtiss, Amitabh Singhal, Michael Schmitt
  • Patent number: 9438416
    Abstract: Systems (100) and methods (600) for generating encrypted data. The methods involve: combining a cryptographic key with state initialization bits to generate first combination bits; producing a first keystream by performing a permutation function ƒ using the first combination bits as inputs thereto; and using the first keystream to encrypt first data (e.g., authentication data or message body data) so as to produce first encrypted data. The permutation function ƒ comprises a round function ƒround that is iterated R times. The round function ƒround consists of (1) a substitution layer in which the first combination bits are substituted with substitute bits, (2) a permutation layer in which the substitute bits are re-arranged, (3) a mixing layer in which multiple of the permutation layer are combined together, and (4) an addition layer in which a constant is added to the output of the mixing layer.
    Type: Grant
    Filed: July 18, 2014
    Date of Patent: September 6, 2016
    Assignee: Harris Corporation
    Inventors: Michael T. Kurdziel, Matthew Kelly, Alan Kaminsky, Marcin Lukowiak, Stanislaw Radziszowski
  • Patent number: 9401921
    Abstract: A system and method generates a message integrity check. The message integrity check value is computed by hashing one or more block checksums from procedure specific parameters of an RPC and then encrypting the resulting hash value. The computed message integrity check is appended to the RPC to thereby provide a level of security approaching or equal to the level of Integrity defined by the RPCSEC_GSS protocol specification.
    Type: Grant
    Filed: December 24, 2013
    Date of Patent: July 26, 2016
    Assignee: NetApp, Inc.
    Inventor: Peter F. Corbett
  • Patent number: 9344405
    Abstract: A method for establishing a secure communication session over communication paths between one or more client devices and one or more server computers according to a communication protocol includes initiating the session including passing communication through a proxy on a device on the communication paths, passing session initiation information between the client devices and the server computers via the proxy, passing encrypted content between the client devices and the server computers over secure communication sessions, each established for exclusive access from one client device and one server computer based on the exchanged session initiation information between said client device and said server computer whereby the proxy does not have access to the content, and modifying, using the proxy, at least some information passing between a client device and a server computer such that the communication to and from the server computer adheres to the communication protocol.
    Type: Grant
    Filed: June 17, 2013
    Date of Patent: May 17, 2016
    Assignee: Massachusetts Institute of Technology
    Inventors: Roger I. Khazan, Daniil M. Utin
  • Patent number: 9332435
    Abstract: A User Equipment (UE), network-side device, system and method are disclosed for external authentication using an Extensible Authentication Protocol (EAP). The method includes, when the UE is initially attached to an Evolved Packet System (EPS) network via an Evolved UMTS Terrestrial Radio Access Network (E-UTRAN), the UE transmitting EAP authentication information required for the EAP authentication to a packet data network gateway and, after receiving EAP request, the UE transmitting a bearing resource modification request message carrying EAP response to the packet data network gateway. With the method, the UE can use the EAP authentication to implement authentication and authorization by an external authentication and authorization server via a GGSN/PDN GW in a process of connecting the UE to the EPS via a 3GPP access.
    Type: Grant
    Filed: October 19, 2012
    Date of Patent: May 3, 2016
    Assignee: ZTE Corporation
    Inventors: Xingyue Zhou, Shuang Liang, Chunhui Zhu
  • Patent number: 9306905
    Abstract: A computer implemented system and method for providing users with secured access to application servers have been disclosed. The system and method envisaged by the present disclosure are not restricted to providing users with secured access to application servers. The system and the method also ensure that transactions performed by the users through the application servers remain secured and hack-resistant. The present disclosure envisages a system that acts as a secured, trusted gateway between the users and the application servers associated with providers of sensitive services such as banking and financial institutions. In case of the system envisaged by the present disclosure, rather than directly accessing an application server, users are made to contact the system of the disclosure and upon verification of their respective identities, are allowed to access the application servers associated with providers of sensitive services.
    Type: Grant
    Filed: December 15, 2012
    Date of Patent: April 5, 2016
    Assignee: TATA CONSULTANCY SERVICES LTD.
    Inventor: Prasanna Bidare
  • Patent number: 9300682
    Abstract: Identification, characterization and attribution of executable content within and across an enterprise infrastructure (e.g., hosts, subnets, routers, etc.) to provide situational awareness for cyber security for purposes of supporting proactive defense and response. Copies of executable content collected at one or more locations within an infrastructure (e.g., hosts, network edges, etc.) may be passed to a central analysis server whereby various characteristics of the executable content may be extracted or gleaned from the copies such as author marks (e.g., directory names), tool marks (e.g., compiler settings), behaviors (e.g., function extraction), patterns (e.g., byte sequences), text, and/or the like. The characteristics may be analyzed in various manners to build profiles of actors or organizations associated with (e.g., responsible for) executable content within the enterprise infrastructure.
    Type: Grant
    Filed: August 9, 2013
    Date of Patent: March 29, 2016
    Assignee: Lockheed Martin Corporation
    Inventors: James B. Burnham, Robert W. Hale, Timothy A. Sewell
  • Patent number: 9246929
    Abstract: A security system and service, which improves the performance of SECaaS services, is described. A security server system tracks the content that has successfully passed through its security modules and distributes this information to the end user client devices as hashlist information. The remote client devices can then safely bypass the cloud for a significant fraction of Web object requests by using information on a locally stored hashlist to validate Web objects.
    Type: Grant
    Filed: September 9, 2013
    Date of Patent: January 26, 2016
    Assignee: Polytechnic Institute of New York University
    Inventors: Justin Cappos, Nasir Memon, Sai Teja Peddinti, Keith Ross
  • Patent number: 9225737
    Abstract: A computer-implemented method for identifying abnormal computer behavior includes receiving, at a computer server subsystem, data that characterizes subsets of particular document object models for web pages rendered by particular client computers; identifying clusters from the data that characterize the subsets of the particular document object models; and using the clusters to identify alien content on the particular client computers, wherein the alien content comprises content in the document object models that is not the result of content that is the basis of the document object model served.
    Type: Grant
    Filed: October 16, 2013
    Date of Patent: December 29, 2015
    Assignee: Shape Security, Inc.
    Inventors: Justin D. Call, Subramanian Varadarajan, Xiaohan Huang, Xiaoming Zhou, Marc R. Hansen
  • Patent number: 9196099
    Abstract: A tachograph and a toll onboard unit as communication partners, which each have a data interface for a data communication via a vehicle data bus to which the communication partners are coupled. The tachograph and/or the toll onboard unit are implemented as a transmitter of data to ascertain a cryptographic check value as a function of user data, which are to be transmitted to the communication partner, and to transmit the cryptographic check value in addition to the user data to the communication partner. The toll onboard unit or the tachograph, respectively, as a receiver of data, is implemented to receive user data and the cryptographic check value associated with the user data from the communication partner and to check the received user data for corruption as a function of the received cryptographic check value.
    Type: Grant
    Filed: September 25, 2008
    Date of Patent: November 24, 2015
    Assignee: Continental Automotive GmbH
    Inventors: Thomas Grill, Erwin Hess, Raphael Lo Conte, Gerhard Rombach
  • Patent number: 9191324
    Abstract: A MAC aggregation technique utilizing a large field addition operation is disclosed. The large field addition operation defines the addition of two or more MACs mod p, where the two or MACs may comprise constituent MACs or aggregate MACs, and where p is a prime number that is large relative to the size of the MACs. The disclosed MAC aggregation technique yields an aggregate MAC much shorter than the concatenation of constituent MACs while achieving security even in the case where constituent MACs may be aggregated in duplicate.
    Type: Grant
    Filed: August 22, 2012
    Date of Patent: November 17, 2015
    Assignee: Alcatel Lucent
    Inventor: Vladimir Y. Kolesnikov
  • Patent number: 9189632
    Abstract: The present invention relates to communication technologies and discloses a method and an apparatus for protecting security of data, so as to solve the problem of the prior art in which the security of data transmission between a communication terminal which has a characteristic of small data transmission and the network cannot be guaranteed. Information relevant to security context is stored if a communication terminal has a characteristic of small data transmission; current security context is obtained according to the information relevant to security context; and security protection of communication data is performed by employing the current security context. The embodiments of the present invention may be applied to a communication system having a characteristic of small data transmission, such as an MTC and the like.
    Type: Grant
    Filed: July 16, 2013
    Date of Patent: November 17, 2015
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Lijia Zhang, Yixian Xu, Jing Chen
  • Patent number: 9177169
    Abstract: Systems and methods for activating a token to enable a user to enter a transaction based on information received from a recovery key and a passcode are described herein.
    Type: Grant
    Filed: February 11, 2013
    Date of Patent: November 3, 2015
    Assignee: WWPass Corporation
    Inventors: Eugene Shablygin, Eric Scace, Mikhail Vysogrets, Vasily Zakharov, Oleg Bolotov