Policy Patents (Class 726/1)
  • Patent number: 10104081
    Abstract: A method can include receiving a static web application at a trusted server, validating assurance characteristics of the static web application, and upon successful validation of the static web application, providing access to the static web application via a URL that identifies the static web application at a trusted server location. The static web application, when executed on the browser running on the client device, can be granted at least one permission to utilize local resources of the client device during execution of the static web application by the browser. Upon receiving a change to an object of the static web application, the validating of the assurance characteristics of the static web application, as a whole, can be performed before the change to the object is made accessible via the URL.
    Type: Grant
    Filed: October 24, 2014
    Date of Patent: October 16, 2018
    Assignee: GOOGLE LLC
    Inventor: Erik Kay
  • Patent number: 10102396
    Abstract: An application data storage area generation method that is executed by a processor includes, (a) generating an application data storage area including a data structure area where data of an application is stored, in a user data storage area shared by a plurality of user accounts, in response to a utilization request for the application, (b) generating, in the user data storage area, role information including a plurality of roles for which access control information on access to a data structure of the application is set, and (c) storing, in the user data storage area, information on association between the plurality of user accounts and the plurality of roles included in the role information.
    Type: Grant
    Filed: March 24, 2016
    Date of Patent: October 16, 2018
    Assignee: FUJITSU LIMITED
    Inventors: Mamoru Yoshimuta, Akio Shimono, Naoki Miyoshi, Shouhei Mizuno
  • Patent number: 10102533
    Abstract: Data processing systems and methods for: (1) receiving from a first set of users, respective answers for question/answer pairings regarding a product's proposed design; (2) using the question/answer pairings to prepare an initial privacy impact assessment for the product; (3) displaying the plurality of question/answer pairings to a second set of users; (4) receiving recommended steps to be implemented, before the product's implementation date, as part of the design of the product to address any privacy-related concerns identified in the initial privacy impact assessment; and (5) after the tasks have been completed, generating a report documenting that: (a) the initial privacy assessment has been conducted for the product; (b) one or more revisions have been made to the product to facilitate the compliance of the product with the one or more privacy standards; and (c) an updated privacy assessment has been conducted for the product.
    Type: Grant
    Filed: June 10, 2017
    Date of Patent: October 16, 2018
    Assignee: OneTrust, LLC
    Inventor: Kabir A. Barday
  • Patent number: 10097517
    Abstract: A system for the maintenance and creation of security tunnels between IoT devices and IoT cloud servers, comprising the steps of receiving one or more packets from one or more IoT devices in a smart router, routing the one or more packets to an agent within the router, the agent performing one or more services on the one or more packets, routing the one or more packets to a WAN port of the router, and sending the one or more packets by a cloud secure tunnel to one or more IoT cloud servers. The system may have secure tunnels that are formed between the IoT devices using a unique password for each IoT device. The additional step of selectively stopping communication between the IoT devices and the router, wherein when the communication of one IoT device to the router is compromised, the remaining tunnels with unique passwords are integral.
    Type: Grant
    Filed: September 1, 2016
    Date of Patent: October 9, 2018
    Assignee: CyberSight, Inc.
    Inventors: Timothy McElwee, Gang Ding, Ron Keidar
  • Patent number: 10097509
    Abstract: A network gateway device, comprises a tactical data link interface circuit to receive a message from a tactical data link unit in a tactical data link network, the tactical data link unit associated with a unique identifier within the tactical data link network; a message transformation circuit to: extract the unique identifier from the message; and build an Internet Protocol packet using a source address based on the unique identifier; and an Internet Protocol interface circuit to process the Internet Protocol packet toward a destination.
    Type: Grant
    Filed: September 29, 2014
    Date of Patent: October 9, 2018
    Assignee: Raytheon Company
    Inventors: Gregory S. Schrecke, Steve Davidson, Matt A. Kahn, Mu-Cheng Wang, Mark W. Henry
  • Patent number: 10097436
    Abstract: Some embodiments provide systems and methods to monitor network communications, comprising: a computing device comprising a control circuit and memory with instructions executed by the control circuit to implement: a tunneled monitoring service (TMS) operated local on the mobile computing device; and a tunnel protocol within the mobile computing device that is configured to establish a tunnel interface between software applications and the TMS, wherein the tunnel interface is configured to collect output data transactions, communicated by the software applications, and direct the output data transactions to the TMS; wherein the TMS is configured to initiate a monitoring of each output data transaction relative to predefined criteria to identify relevant parameter information, obtained from one or more of the output data transactions, that have a predefined relationship with one or more of the criteria, and cause results of the monitoring relative to the criteria to be recorded.
    Type: Grant
    Filed: October 22, 2015
    Date of Patent: October 9, 2018
    Assignee: COVENANT EYES, INC.
    Inventors: Jason King, Jeffrey M. Wofford, Patrick Smith, Scott Hammersley, Ronald DeHaas
  • Patent number: 10091210
    Abstract: A method may include sending, by a client device, an access request to an authentication server device. The access request may include a request to access an administered resource. The method may include in response to the client device not complying with an administrative policy associated with the administered resource, receiving, from the authentication server device, one or more instructions regarding installation of a client application, receiving, by the client device, a client application in accordance with the instructions, and installing the client application on the client device.
    Type: Grant
    Filed: November 22, 2017
    Date of Patent: October 2, 2018
    Assignee: Google LLC
    Inventors: Li Yin, Param Reddappagari, Mayur Kamat, Zhengping Zuo, Hong Zhang
  • Patent number: 10091180
    Abstract: Methods and systems for behavioral profiling, and in particular, utilizing crowd-managed data architectures to store and manage that profile, are described. In some embodiments, a method includes observing behavioral characteristics of user interactions during a current session with the user through one of a plurality of channels. Variations between the behavioral characteristics of the user interactions observed during the current session and a behavioral profile previously developed based on prior usage patterns of the user through the plurality of channels are identified, in real-time or near real-time.
    Type: Grant
    Filed: November 11, 2016
    Date of Patent: October 2, 2018
    Assignee: United Services Automobile Association (USAA)
    Inventors: Karen M. Moritz, Stephen Seyler Aultman, Joseph James Albert Campbell, Debra R. Casillas, Jonathan Edward Neuse, Sara Teresa Alonzo, Thomas Bret Buckingham, Gabriel Carlos Fernandez, Maland Keith Mortensen
  • Patent number: 10091167
    Abstract: A method of interpreting a rule and a rule-interpreting apparatus for rule-based security apparatus, and an apparatus implementing the method. The method comprises the following steps: designating a suspicious timeslot; if any packet does not present in the designated timeslot, capturing current incoming packets or capturing other incoming packets in the designated timeslot next time; automatically associating the packets in the designated timeslot to form at least one traffic flow corresponding to a connection or call; analyzing the at least one traffic flow to select at least one suspicious target traffic flow; and outputting the at least one selected suspicious target flow.
    Type: Grant
    Filed: May 18, 2017
    Date of Patent: October 2, 2018
    Assignee: International Business Machines Corporation
    Inventors: Sheng-Tung Hsu, Chien Pang Lee, Pei-Chun Yao
  • Patent number: 10091212
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing, and enforcing policies on data security. A policy appliance includes a policy administration point, a policy decision point, a policy enforcement point and, optionally, an auditing module. The policy appliance can execute in a self-contained environment, e.g., a single virtual machine, a single physical machine, or a cluster of virtual machines or physical machines identically configured. The self-contained policy appliance can receive, manage, enforce and audit multiple policies that specify access privileges of multiple users on multiple databases. The databases can include heterogeneous databases that are configured separately and differently from one another. A single configuration of the policy appliance centralizes and unifies policy management of the heterogeneous database in the self-contained environment.
    Type: Grant
    Filed: March 4, 2016
    Date of Patent: October 2, 2018
    Assignee: BlueTalon, Inc.
    Inventors: Benjamin L. Weintraub, Pratik Verma
  • Patent number: 10083305
    Abstract: A preferred method for providing multi-level security to a gate level information flow receives or specifies a security lattice having more than two security levels. The security lattice defines how security levels relate to each other. A hardware design implementing information flows including flows having security levels specified by the security lattice is received. Logic is created for testing the hardware design in view of the security lattice. A logic function is created based upon the hardware design and the logic for testing to implement the security lattice. Another method receives a hardware design in a hardware description language. At least a portion of the hardware design is synthesized to gate level primitives. Functional component tracking logic supporting more than two-security levels is built from the gate level primitives. Functional components in the hardware design are simulated with the functional component tracking logic.
    Type: Grant
    Filed: March 14, 2014
    Date of Patent: September 25, 2018
    Assignee: The Regents of the University of California
    Inventors: Ryan Kastner, Jason Oberg, Wei Hu, Timothy Sherwood, Mohit Tiwari
  • Patent number: 10084826
    Abstract: A computer-implemented method provides an improvement in security breach detection and comprises using a broker computing device, calculating a digital fingerprint of a computing device based on security service data of the computing device, and sending the fingerprint out-of-band for storing in a data repository; using an agent computing device, encrypting current security service data of the computing device to generate encrypted current security service data and sending the encrypted current security service data out-of-band to a gateway computing device; using the gateway computing device, receiving the encrypted current security service data out-of-band and conducting a real-time out-of-band health check of the computing device based, at least in part, on the fingerprint that is stored in the data repository; and using the gateway computing device, in response to conducting the real-time out-of-band health check, determining whether to allow access to in-band communication data.
    Type: Grant
    Filed: May 14, 2018
    Date of Patent: September 25, 2018
    Assignee: XAGE SECURITY, INC.
    Inventors: Susanto Junaidi Irwan, Roman M. Arutyunov, Andy Sugiarto, Ganesh B. Jampani
  • Patent number: 10084722
    Abstract: A computer system deploys monitoring agents that monitor the status and health of the computing resources. An analysis engine aggregates and analyzes event information from monitoring agents in order to support self-configuration, self-healing, self-optimization, and self-protection for managing the computer resources. If the analysis engine determines that a computing resource for a software application is approaching a critical status, the analysis engine may issue a command to that computing resource in accordance with a selected policy based on a detected event pattern. The command may indicate how the computing resource should change its behavior in order to minimize downtime for the software application as supported by that computing resource. The computer system may also support a distributed approach with a plurality of servers interacting with a central engine to manage the computer resources located at the servers.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: September 25, 2018
    Assignee: Bank of America Corporation
    Inventors: Shankar Ramasubramanian Iyer, Edison M. Castro, Dhrumit Desai, Sangappa Galagali, Navanith R. Keerthi, Ramesh Pichaiyan, Maria Auxilia Dominique
  • Patent number: 10084795
    Abstract: In an embodiment, a data processing system comprises: one or more processors; one or more non-transitory computer-readable storage media storing sequences of instructions which, when executed by the one or more processors, cause the processor to perform: in a local data service, receiving a request for processing data; identifying one or more local policies applicable to the request; based, at least in part, on the one or more local policies, determining whether the request may be processed locally; in response to determining that the request may not be processed locally, transmitting the request to one or more remote brokers to cause the one or more remote brokers to determine a remote data service configured to process the request.
    Type: Grant
    Filed: July 14, 2014
    Date of Patent: September 25, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Ravi Akireddy, Robert S. Estes
  • Patent number: 10079859
    Abstract: A system and method for managing implementation of policies in an information technologies system receives into a processor at least one policy function stored in at least one memory, receives into the processor a policy input indicating a high-level policy for the IT system, the policy input being compliant with the at least one policy function, based on the received policy input, automatically or semi-automatically generates via the processor a rule and/or configuration by replacing at least one policy function in the policy input with the at received least one policy function, the generated rule and/or configuration being compliant with the received policy input or replacing at least one value or value placeholder in the policy input with a corresponding value, and distributes the rule and/or configuration to the at least one memory of the IT system or another at least one memory to thereby enable implementation of the policies.
    Type: Grant
    Filed: December 29, 2016
    Date of Patent: September 18, 2018
    Inventors: Ulrich Lang, Rudolf Schreiner
  • Patent number: 10079844
    Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.
    Type: Grant
    Filed: August 22, 2017
    Date of Patent: September 18, 2018
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Thusitha Jayawardena, Jeffrey E. Bickford, Mikhail Istomin, John Liefert, Gokul Singaraju, Christopher Van Wart
  • Patent number: 10078763
    Abstract: A system and method for metadata processing that can be used to encode an arbitrary number of security policies for code running on a stored-program processor. This disclosure adds metadata to every word in the system and adds a metadata processing unit that works in parallel with data flow to enforce an arbitrary set of policies, such that metadata is unbounded and software programmable to be applicable to a wide range of metadata processing policies. This instant disclosure is applicable to a wide range of uses including safety, security, and synchronization.
    Type: Grant
    Filed: November 19, 2015
    Date of Patent: September 18, 2018
    Assignees: BAE Systems Information and Electronic Systems Integration Incc, The Trustees of the University of Pennsylvania
    Inventors: Silviu Chiricescu, Andre DeHon, Udit Dhawan
  • Patent number: 10078577
    Abstract: In some examples, a container image is received, where a container is to be launched from the container image. An executable process is deployable in the container to isolate the executable process from another executable process. The container image is annotated with metadata specifying a policy. Compliance of the container image with the policy is checked in a test environment prior to publication of the container image to a registry for use in a production environment.
    Type: Grant
    Filed: January 25, 2016
    Date of Patent: September 18, 2018
    Assignee: ENTIT SOFTWARE LLC
    Inventors: Kishan Thomas, Dongye Pan, Hong Wong, Steven Lamdien Tran
  • Patent number: 10080117
    Abstract: A method and system for controlling operation of a computing device. An indication of policies provided by providers having corresponding priorities are received. The policies include an indication of corresponding settings of one or more features of the computing device. The providers are validated with at least one authority having certified the priorities and permissions of the providers to set the features of the policies. One or more applicable settings among the settings of the features of the policies are determined according to the priorities of the corresponding providers. The computing device is configured to operate according to the applicable settings of the features.
    Type: Grant
    Filed: October 20, 2017
    Date of Patent: September 18, 2018
    Assignee: International Business Machines Corporation
    Inventors: Fabio Cerri, Alice Guidotti, Leonardo Rosati, Elia Tufarolo
  • Patent number: 10073431
    Abstract: A programmable logic controller system has: an input unit system section in which plural input units are combined; a CPU unit system section in which plural CPU units are combined; and an output unit system section in which plural output units are combined. Each system section has: a setting retaining unit to retain a setting indicating whether to use any of the plural units alone or use the plural units in a multiplexed manner; and a comparing unit to make a comparison of processed data between the plural units when the setting indicates using the plural units in a multiplexed manner, to send the processed data if the comparison result indicates consistency, and to perform an error process if the comparison result indicates inconsistency. In the setting retaining unit, whether to use alone or in a multiplexed manner is set based on an externally-input setting instruction.
    Type: Grant
    Filed: April 24, 2014
    Date of Patent: September 11, 2018
    Assignee: Mitsubishi Electric Corporation
    Inventors: Midori Sugiyama, Masahiro Uchikoshi, Koichi Shinkai
  • Patent number: 10075429
    Abstract: The present disclosure relates generally to managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. A device access management system may be implemented to automate remediation of non-compliances of remote devices accessing an enterprise system. Remediation may be controlled based on different levels of non-compliance, each defined by one or more different non-compliances. In some embodiments, a level of non-compliance may be conditionally defined by one or more user roles for which non-compliance is assessed. Access to computing resources of an enterprise system may be controlled for a remote device based on compliance of the remote device. Access may be inhibited for those resources not permitted during a time period of a non-compliance.
    Type: Grant
    Filed: August 23, 2017
    Date of Patent: September 11, 2018
    Assignee: Oracle International Corporation
    Inventors: Bhagavati Kumar Jayanti Venkata, Harsh Maheshwari, Mohamad Raja Gani Mohamad Abdul, Parthipan Kandasamy
  • Patent number: 10068071
    Abstract: Disclosed are examples of marking screenshots and identifying screenshots that have been marked. A client application or a computing environment can generate a watermark template for encoding in a user interface of the client application where the watermark template is not visible to the user of a client device. If a screen capture event is performed on the client device where a digital image file of a screenshot is generated, the digital image file can be analyzed to identify the presence of the watermark template. If the watermark template is identified, a remedial action can be performed in association with the screenshot.
    Type: Grant
    Filed: September 9, 2015
    Date of Patent: September 4, 2018
    Assignee: AirWatch LLC
    Inventors: David Shaw, Karishma Babu, Evan Hurst
  • Patent number: 10068226
    Abstract: Embodiments of the invention are directed to a system, method, or computer program product for security confidence calculation for digital wallet integration. In this way, the invention provides instantaneous access to new payment methods, such as credit cards with prevention of misappropriation based on user device security confidence and token presentation. As such, the system allows for instant application approval, authorization, and instant integration of credit cards to a user's digital wallet. Thus allowing a user to instantaneously use the new credit card via his/her digital wallet without having to wait for the physical card to be received and activated.
    Type: Grant
    Filed: March 31, 2015
    Date of Patent: September 4, 2018
    Assignee: BANK OF AMERICA CORPORATION
    Inventor: Vignesh Chandrasekaran
  • Patent number: 10068092
    Abstract: A facility for booting a virtual machine hosted on a host is described. In one example facility, the facility boots the virtual machine in accordance with a policy instance associated with the virtual machine. As part of the booting, the facility extracts information needed to complete the booting from a virtual trusted platform module associated with the virtual machine, the extraction based upon the policy instance associated with the virtual machine. At the completion of the booting, the facility copies contents of a policy instance associated with the host into the policy instance associated with the virtual machine.
    Type: Grant
    Filed: August 12, 2015
    Date of Patent: September 4, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Lawrence Ralph Cleeton, Yevgeniy A. Samsonov, Kinshumann Kinshumann, Jingbo Wu, Kevin Michael Broas, Samartha Chandrashekar
  • Patent number: 10069816
    Abstract: A method and a system for testing an authentication server. The method comprises: installing a certificate of an authentication server to be tested in a monitor console and installing a certificate of the monitor console in the authentication server to be tested; constructing and sending, by the monitor console, based on a configuration type of the authentication server to be tested, according to a roaming authentication protocol, roaming authentication protocol data to the authentication server to be tested; capturing response data sent by the authentication server to be tested, and performing comparative analysis to determine whether field information in the response data is consistent with locally stored respective information; and displaying that the authentication server to be tested is tested successfully in a case that the field information in the response data is completely consistent with the locally stored respective information; otherwise, displaying comparative analysis information.
    Type: Grant
    Filed: July 30, 2014
    Date of Patent: September 4, 2018
    Assignee: China IWNCOMM Co., LTD.
    Inventors: Ya'nan Hu, Bianling Zhang, Qianjun Shi, Guobing Yuan
  • Patent number: 10063594
    Abstract: Embodiments of the present invention include methods involving an authentication application, a client application, or a combination of a network access control server with the authentication application and the client application. The client application collects compliance data regarding the user device and communicates the compliance data to the network access control server. The network access control server generates a compliance check result based on whether the compliance data indicates that the user device is compliant with a security policy for the software-as-a-service server. The authentication application grants access by the user device when the compliance check result is positive; and the authentication application denies access by the user device when the compliance check result is negative. In some embodiments, the compliance check result or a user device identifier is stored in a web browser cookie or a client certificate on the user device.
    Type: Grant
    Filed: March 14, 2016
    Date of Patent: August 28, 2018
    Assignee: OPSWAT, INC.
    Inventors: Adam Gregory Winn, Benjamin Czarny, Jianpeng Mo, Yiyi Miao
  • Patent number: 10061914
    Abstract: The present disclosure relates to receiving a request for recovery of an account associated with a user, sending a CAPTCHA challenge to a user device associated with the user, receiving an answer to the CAPTCHA challenge and a confirmation code wrapped by an encryption key derived from a provisional master password, sending a notification of the request for recovery to one or more trusted entities associated with the user, and receiving a confirmation of the request from one or more of the trusted entities. The confirmation includes a recovery token associated with the particular trusted entity and an encrypted confirmation code.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: August 28, 2018
    Assignee: McAfee, LLC
    Inventors: François Proulx, Richard Reiner, Mathieu René, Gregory Whiteside
  • Patent number: 10063587
    Abstract: Systems, methods, and software described herein provide for responding to security threats in a computing environment based on the classification of computing assets in the environment. In one example, a method of operating an advisement computing system includes identifying a security threat for an asset in the computing environment, and identifying a classification for the asset in relation to other assets within the computing environment. The method further provides determining a rule set for the security threat based on the classification for the asset and initiating a response to the security threat based on the rule set.
    Type: Grant
    Filed: December 2, 2015
    Date of Patent: August 28, 2018
    Assignee: Splunk Inc.
    Inventors: Sourabh Satish, Oliver Friedrichs, Atif Mahadik, Govind Salinas
  • Patent number: 10063512
    Abstract: A method for implementing community federation is disclosed, including: establishing community federation containing information of a plurality of social networks (SN) of a user on a device, and configuring a processing policy of the community federation; and after logging on the community federation, the community federation managing a message according to the process policy. An apparatus for implementing community federation is also disclosed. Through the above-mentioned method and apparatus, it guarantees that the content data obtain sufficient sharing in the community federation, eliminates the “garden wall” among the communities, and enables the user personal information, the message content, the friend information, etc., to flow better and faster, and improves the user experience in the service application.
    Type: Grant
    Filed: November 23, 2011
    Date of Patent: August 28, 2018
    Assignee: ZTE Corporation
    Inventors: Guoqiang Shang, Jun Chen, Yan Lu, Lizhe Yao
  • Patent number: 10063563
    Abstract: A method indicates a trustworthiness of data processed in accordance with a processing rule. A first trust weight is assigned to a data item to be processed to provide a weighted data item, the first trust weight representing a level of trust in the data item. A trust value is selected from a set of data trust values, the selected trust value being representative of a determined level of trust in the data item. The selected trust value is defined as the first trust weight which is associated with the data item. The first trust weight is assigned to a processing rule to provide a weighted processing rule, the first trust weight representing a level of trust in the processing rule. The weighted data item is processed in accordance with the weighted processing rule to generate a data output and an indication of a trust level for the data output.
    Type: Grant
    Filed: January 4, 2017
    Date of Patent: August 28, 2018
    Assignee: International Business Machines Corporation
    Inventors: Saritha Arunkumar, Stephen D. Pipes, Mudhakar Srivatsa
  • Patent number: 10063516
    Abstract: A network gateway device, comprises a tactical data link interface circuit to receive a message from a tactical data link unit in a tactical data link network, the tactical data link unit associated with a unique identifier within the tactical data link network; a message transformation circuit to: extract the unique identifier from the message; and build an Internet Protocol packet using a source address based on the unique identifier; and an Internet Protocol interface circuit to process the Internet Protocol packet toward a destination.
    Type: Grant
    Filed: September 29, 2014
    Date of Patent: August 28, 2018
    Assignee: Raytheon Company
    Inventors: Gregory S. Schrecke, Steve Davidson, Matt A. Kahn, Mu-Cheng Wang, Mark W. Henry
  • Patent number: 10061937
    Abstract: An approach using a computer, receives from a first computer, text generated by a user and identifies in the text generated by the user, confidential information registered in a dictionary that contains registered confidential information and substitute words corresponding to the registered confidential information. The approach includes retrieving, from the dictionary, substitute words corresponding to each identified registered confidential information and identifying, in the text generated by the user, potentially confidential words based on a text analysis of the text generated by the user.
    Type: Grant
    Filed: June 28, 2017
    Date of Patent: August 28, 2018
    Assignee: International Business Machines Corporation
    Inventors: Daisuke Hayashi, Keisuke Nitta, Sayaka Tamai, Fumihiko Terui
  • Patent number: 10057298
    Abstract: This disclosure provides example techniques to invoke one or more tools, with an investigative tool. The investigative tool provides a common framework that allows investigators to invoke their own trusted tools or third-party generated tools. The investigative tool described herein seamlessly and transparently invokes the tools in accordance with an investigative profile created by the investigator.
    Type: Grant
    Filed: February 10, 2011
    Date of Patent: August 21, 2018
    Assignee: Architecture Technology Corporation
    Inventors: Derek P. Bronner, Robert A. Joyce, Matthew P. Donovan, Julia A. Baker
  • Patent number: 10057293
    Abstract: Methods, devices, and systems are described to modify the life cycle of a Google Android® application, in its application manifest file and byte code, such that the execution of the application can be controlled via policies and security governed by a workspace application installed on an Android-based device. Dummy wrapper classes are inserted into the byte code for network and I/O system calls that call security code before calling the original classes.
    Type: Grant
    Filed: April 27, 2016
    Date of Patent: August 21, 2018
    Assignee: Oracle International Corporation
    Inventors: Mohammad Aamir, Atta Ur Rehman
  • Patent number: 10057337
    Abstract: A live-feed video balancing system includes a peer-to-peer server network wherein each server communicates with the remaining servers of the peer-to-peer server network and each monitors corresponding performance criteria of a dedicated server of the peer-to-peer server network to define a hosting capacity for the dedicated server. The hosting capacity is communicated to the remaining servers and the servers cooperatively assess the corresponding hosting capacities from the monitoring servers to determine a potential hosting server having a first hosting capacity and the remaining servers have a range of second hosting capacities. The potential hosting server, in response to a hosting request, is placed in communication with an image capturing device that delivers the live video feed. The hosting server places the image capturing device in selective communication with the potential hosting server to deliver the live video feed to the customer terminal to define an active hosting server.
    Type: Grant
    Filed: August 19, 2016
    Date of Patent: August 21, 2018
    Assignee: AvaSure, LLC
    Inventors: Ryan Kyser, Brian Meinke, Brian John Ensink
  • Patent number: 10054912
    Abstract: Systems and methods for generating models of control systems based on the data emitted by the PLCs of the control system are disclosed. It is initially determined if the data of a PLC is structured data or unstructured data. If the data emitted by the PLC is structured data, a model of the control system is automatically generated based on the structured data from the PLC. If the data is unstructured data, information regarding the assets in the control system is obtained from another data source other than the PLC and a model of the control system is generated based on the received information and the data.
    Type: Grant
    Filed: October 19, 2015
    Date of Patent: August 21, 2018
    Assignee: GENERAL ELECTRIC COMPANY
    Inventors: Ayush Srivastava, Nagesh Laxminarayana Kurella, Abhik Banerjee, Pavan Kumar Singh Thakur, Siva Gundeboina
  • Patent number: 10057177
    Abstract: A method is disclosed for service offloading in a communications system, the method comprising determining, in a network apparatus, whether a traffic flow has been properly classified by a deep packet inspection virtual machine. If the traffic flow has been properly classified by the deep packet inspection virtual machine, the method comprises instructing a software defined networking controller to stop sending further packets of said traffic flow to the deep packet inspection virtual machine.
    Type: Grant
    Filed: February 5, 2014
    Date of Patent: August 21, 2018
    Assignee: NOKIA SOLUTIONS AND NETWORKS OY
    Inventors: Sumanta Saha, Erkki Juhani Hietala, Jani Olavi Söderlund, Niko Markus Savolainen, Tommy Johannes Lindgren
  • Patent number: 10057773
    Abstract: System, methods, and computer program products are provided for interfacing between one of a plurality of service provider (SP) trusted service managers (TSM) and one of a plurality of secure elements (SE). A first request to renew a service is received from an SP system over a communications network. The first request includes a service qualifier associated with the service. A secure element corresponding to the service qualifier is determined. A second request to delete data associated with the service qualifier from the secure element is transmitted to the secure element. A third request to install an application on the secure element is transmitted to the secure element. A fourth request to activate the application on the secure element is transmitted to the secure element.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: August 21, 2018
    Assignee: GOOGLE LLC
    Inventor: Michael J. Gargiulo
  • Patent number: 10057269
    Abstract: In methods, systems, and computing devices configured to implement methods of authenticating a computing device, a first computing device and a second computing device may share a dynamically updated shared data set. The first computing device may select elements of the shared data set stored at the first computing device and may generate a rule set for extracting the selected elements from the shared data set. The first computing device may send the rule set to the second computing device, and may generate a first result using the selected elements. The second computing device may extract the selected elements from the shared data set using the rule set, may generate a second result, and may send the second result to the first computing device. The first computing device may determine whether the second computing device is authenticated based on whether the first result matches the second result.
    Type: Grant
    Filed: April 21, 2017
    Date of Patent: August 21, 2018
    Assignee: INFOSCI, LLC
    Inventor: John Ellingson
  • Patent number: 10050978
    Abstract: Various embodiments of the invention increase security of a network of interoperable devices. In certain embodiments, this is accomplished by a security module that uses a user-definable security policy that sets forth one or more tests for validating input data or commands received from an IoT device. A validator receives the command via a command controller and performs a security analysis of the command according to the security policy. Responsive to the security analysis, the validator generates a validation signal in order to authorize or reject further processing of the command.
    Type: Grant
    Filed: October 16, 2015
    Date of Patent: August 14, 2018
    Assignee: DELL PRODUCTS LP
    Inventors: Michael John Morton, Aaron Kenneth Blackwell, Richard A. Backhouse
  • Patent number: 10050930
    Abstract: An apparatus includes a first media access control (MAC) device with a first radio transceiver and having a first MAC address, and a second MAC device with a second radio transceiver and having a second MAC address. The first MAC device is operative to communicate with a first wireless access point using an Internet Protocol (IP) address. The second MAC device is operatively coupled to the first MAC device, and is operative to communicate with a second wireless access point using the same IP address.
    Type: Grant
    Filed: July 25, 2016
    Date of Patent: August 14, 2018
    Assignee: Motorola Mobility LLC
    Inventors: Binesh Balasingh, Ranjeet Gupta, Mary Hor-Lao
  • Patent number: 10050910
    Abstract: An event clustering system has an extraction engine in communication with a managed infrastructure. A signalizer engine includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine. The signalizer engine determines one or more common characteristics or features from events, the signalizer engine using the common features of events to produce clusters of events relating to the failure or errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. The system is configured to group two or more situations, where a situation is a collection of one or more events or alerts representative of a problem in the managed infrastructure.
    Type: Grant
    Filed: December 12, 2016
    Date of Patent: August 14, 2018
    Assignee: Moogsoft, Inc.
    Inventors: Philip Tee, Robert Harper
  • Patent number: 10043322
    Abstract: Computing systems for vehicle diagnostics are provided. In accordance with some aspects, a computing system may receive, from a vehicle (e.g., from a computing device installed in and/or at the vehicle), a diagnostic code generated by an on-board diagnostic (OBD) system of the vehicle. The computing system may determine an issue with the vehicle based on the diagnostic code and may determine, based on the issue, a remedial action for addressing the issue and a timeframe for performing the remedial action. The computing system may store data identifying the issue, the remedial action, and the timeframe in a record associated with the vehicle.
    Type: Grant
    Filed: May 4, 2017
    Date of Patent: August 7, 2018
    Assignee: Allstate Insurance Company
    Inventors: Daniel Kraft, Jenny Sankovsky, Howard Hayes
  • Patent number: 10038696
    Abstract: A method in an access control server of controlling access to an enterprise network includes: receiving, at the access control server from a client computing device outside the enterprise network, a request to establish a connection between the client computing device and an enterprise server in the enterprise network; at the access control server, responsive to receiving the request, obtaining a security attribute of the enterprise server from a central repository outside the enterprise network; determining, based on the security attribute, whether the enterprise server meets a predefined security threshold; and when the enterprise server does not meet the predefined security threshold, denying the request to establish a connection between the client computing device and the enterprise server.
    Type: Grant
    Filed: October 10, 2017
    Date of Patent: July 31, 2018
    Assignee: BLACKBERRY LIMITED
    Inventors: Vincenzo Kazimierz Marcovecchio, Glenn Daniel Wurster, Jonathon Brookfield
  • Patent number: 10038697
    Abstract: First and second security rules are accessed in a configuration file. Comparison points for comparing the first and second security rules are determined. Each comparison point identifies respective rule parameters of the first and second security rules. Respective weights are assigned to the comparison points. For each comparison point, the respective rule parameters are compared against each other to produce a corresponding comparison score indicative of a level similarity. Each comparison score is weighted by the weight assigned to the comparison point corresponding to the comparison score. The weighted comparison scores are combined into a total score indicative of an overall level of similarity between the first and second security rules.
    Type: Grant
    Filed: July 23, 2015
    Date of Patent: July 31, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Yedidya Dotan, Christopher Duane, Daniel Hollingshead, Denis Knjazihhin
  • Patent number: 10038700
    Abstract: Technology for establishing trustworthiness of devices in the Internet of Things (IoT), and for controlling communications between devices based on the trustworthiness scores of individual devices. A hub computer collects behavioral characteristics from multiple devices, and calculates trustworthiness scores for individual devices by comparing recently collected behavioral characteristics to expected behavioral characteristics. The expected behavioral characteristics may include i) historically collected behavioral characteristics for the device, and/or ii) expected behavioral characteristics for devices in a device group to which the device belongs. The trustworthiness scores are obtained from the hub by individual devices to control communication with other devices. A composite trustworthiness score for a device may also be calculated at the hub computer based on the trustworthiness scores of other devices with which the device has previously communicated.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: July 31, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Zohar Duchin, Alon Kaufman, Alex Zaslaysky, Mikael Peres, Marcelo Blatt
  • Patent number: 10033745
    Abstract: A virtual security isolation method includes monitoring security status information of a plurality of virtual machines in a virtual LAN; determining whether the security status information has abnormity; and generating security risk information corresponding to the virtual machine when it is determined that the security status information of a virtual machine has abnormity. The method also includes processing the security risk information according to a preset security risk treatment method having a corresponding relationship with the security risk information, generating ACL setting information for isolating the virtual machine; and sending an isolation command carrying the ACL setting information to an access control list module corresponding to the virtual LAN. The access control list module executes the isolation command and reconfigures the access control list according to the ACL setting information.
    Type: Grant
    Filed: January 12, 2016
    Date of Patent: July 24, 2018
    Assignee: SANGFOR TECHNOLOGIES INC.
    Inventor: Min Sang
  • Patent number: 10033858
    Abstract: Example embodiments of the present disclosure provide an order data interaction method and a server. The interaction method includes: receiving an order request sent by a first communication terminal, and acquiring a first communication number according to the order request; allocating a second communication number to the first communication number, and setting a correlation between the first communication number and the second communication number; sending correlation information to a basic communication server, in which the correlation information carries the first communication number and the second communication number; binding the second communication number with the order request; and sending the order request having a binding relation with the second communication number to a second communication terminal. The data interaction method effectively avoids leakage of users' telephone numbers.
    Type: Grant
    Filed: April 12, 2016
    Date of Patent: July 24, 2018
    Assignee: Alibaba Group Holding Limited
    Inventor: Daocheng Xie
  • Patent number: 10033589
    Abstract: In general, techniques are described for managing group policies in a network. In some examples, a policy enforcement device comprising a plurality of service planes, each having one or more processors operably coupled to a memory, receives a policy enforcement request that includes data identifying a subscriber from a policy control server for a network. The plurality of service planes are further configured to assign, in response to determining that the subscriber is a member of a subscriber group that includes a plurality of subscribers, the subscriber to a selected service plane of the plurality of service planes. The selected service plane applies a group policy for the subscriber group to subscriber data traffic associated with the subscriber.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: July 24, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Sarvesh K. Batta, Venkatesh Badakere, Prasad Chigurupati
  • Patent number: 10033701
    Abstract: A server is operated to securely convey information to a user via a network by receiving, from the user, a user selected presentation form representing one of a user selected specific voice and a user selected specific background image. Information for presentation to the user is received from another user and incorporated into the user selected presentation form. The information incorporated in the user selected presentation form is transmitted to the user via the network for presentation to the user.
    Type: Grant
    Filed: October 10, 2013
    Date of Patent: July 24, 2018
    Assignee: Early Warning Services, LLC
    Inventor: Andrew Robert Rolfe