Policy Patents (Class 726/1)
  • Patent number: 10027673
    Abstract: The present invention provides for managing and controlling data file transfer exchange to and from file hosting services, such as cloud-based file hosting services. Specifically, the present invention control what data files are authorized for uploading to the file hosting service and downloading from the file hosting service, as well as, controlling the access to such files after uploading or downloading the data file.
    Type: Grant
    Filed: January 4, 2016
    Date of Patent: July 17, 2018
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Manu Jacob Kurian, Sorin N. Cismas, Paul Grayson Roscoe, Mahesh Kumar Bhashetty
  • Patent number: 10027596
    Abstract: An apparatus comprises a processing platform implementing a plurality of resources of converged infrastructure of an information processing system. A controller associated with the plurality of resources comprises a resource discovery module and a hierarchical mapper. The resource discovery module is configured to identify and categorize the resources of the converged infrastructure. The hierarchical mapper is configured to map at least first and second applications of the processing platform to respective sets of services utilized by those applications and to map each of the services to respective sets of resources utilized by those services so as to provide a hierarchical mapping of applications, services and resources for the converged infrastructure. One or more resulting hierarchical mappings generated by the hierarchical mapper are stored in a database and utilized by the controller to implement orchestration functionality for one or more additional applications of the processing platform.
    Type: Grant
    Filed: April 27, 2016
    Date of Patent: July 17, 2018
    Assignee: EMC IP Holding Company LLC
    Inventor: John S. Harwood
  • Patent number: 10019252
    Abstract: Systems and methods for deploying and managing virtual machine clusters. A method commences upon launching, on a subject processor instance that is running a first operating system, an installation hypervisor that forms a RAM disk comprising an installation boot image and respective one or more scripts. A bootable portion of the RAM disk is exposed to a virtual machine so as to serve as a virtual boot device that comprises the installation boot image and its one or more scripts. Next, a physical boot device is exposed to the virtual machine so as to initiate a boot operation that causes the virtual machine to boot. A subsequent boot operation is initiated to cause transfer of instruction execution to a low-level I/O subsystem entry point such that the target boot image is booted.
    Type: Grant
    Filed: April 7, 2016
    Date of Patent: July 10, 2018
    Assignee: Nutanix, Inc.
    Inventors: Miao Cui, Jaspal Singh Dhillon, Jan Ralf Alexander Olderdissen
  • Patent number: 10019595
    Abstract: A system and method enabling information access control of the sensitive information, based on a trust computing platform is provided. The trustworthiness of the information seekers is computed and accordingly the information owner is capacitated to decide upon sharing the information completely or sharing with some perturbation. The objective is to provide the information owner with the ability to decide on sharing its private data with respect to a parameter so that the decision is less subjective. This invention allows minimum leakage of sensitive data and makes information owner aware of the risk of privacy breach when private data is shared.
    Type: Grant
    Filed: December 26, 2013
    Date of Patent: July 10, 2018
    Assignee: TATA CONSULTANCY SERVICES LIMITED
    Inventors: Arijit Ukil, Joel Joseph, Vijayanand Banahatti, Sachin Lodha
  • Patent number: 10019769
    Abstract: Methods and systems for providing location fencing within a controlled environment are disclosed herein. A location fencing server determines a location of a first inmate based on a first beacon device, and determines a location of a second inmate based on a second beacon device. Further, the location fencing server determines a proximity status based on the location of the first inmate and the location of the second inmate. Additionally, the location fencing server determines that the first inmate and the second inmate are in violation of a proximity policy based on the proximity status. In some embodiments, the location fencing server sends a notification to an employee device based on the violation of a proximity policy.
    Type: Grant
    Filed: July 17, 2017
    Date of Patent: July 10, 2018
    Assignee: Global Tel*Link Corporation
    Inventor: Stephen Lee Hodge
  • Patent number: 10021142
    Abstract: A method, non-transitory computer readable medium and apparatus for processing a request from a server of a machine-to-machine service provider are provided. For example, the method receives the request from the server of the machine-to-machine service provider to communicate with a machine-to-machine device, determines whether to authorize the request based upon a policy in a privacy database, and enables communications between the server of the machine-to-machine service provider and the machine-to-machine device if the request is authorized based upon the policy.
    Type: Grant
    Filed: July 10, 2017
    Date of Patent: July 10, 2018
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Qingmin Hu, Farooq Bari
  • Patent number: 10015157
    Abstract: A multi-domain application requiring SSO and SLO operations in cloud environment is presented. The computing system of the multi-domain application includes a multi-domain service (MDS) to redirect the calls for the multi-domain application to an identity provider to authenticate the user or to invoke the single logout services (SLOs) on the domains of the multi-domain application and to invalidate the user sessions on the domains. A cookie that includes the multi-domain application URL is generated to reach the assertion consumer service (ASC) and the single logout service (SLO) that receive an identity assertion response from the identity provider. Domain specific SLOs are provided. A trust between these domain specific SLOs and the SLO is provided based on service provider keys. The SAML mechanism for a logout scenario is reused for communication between the SLO and the domain specific SLOs, where the SLO plays a role of a local IDP.
    Type: Grant
    Filed: June 1, 2016
    Date of Patent: July 3, 2018
    Assignee: SAP SE
    Inventors: Jasen Minov, Milen Manov, Stefan Petrov
  • Patent number: 10012766
    Abstract: A system and method is provided for the control of a network of devices wherein each device of the networked devices provides for the operation of a sensor such as an accelerometer, processor and communication element within each device, and network and/or cloud based processing and storage, to process collected data to permit detection and predictive analysis of traffic patterns, weather patterns and other forces of nature. The system and method can analyze duration and magnitude of vibration signals, and considering maps and known locations of devices, tracks and highways and historical data regarding each, use machine learning techniques to accurately classify the motion and provide real-time and predictive analysis.
    Type: Grant
    Filed: April 10, 2015
    Date of Patent: July 3, 2018
    Assignee: Google LLC
    Inventors: Yash Modi, Kenneth Louis Herman, Laura Rabb, Michael Lammers, Bryan James, Kevin Charles Peterson, Mark Rajan Malhotra
  • Patent number: 10015168
    Abstract: Systems and methods for secure control of a wireless mobile communication device are disclosed. Each of a plurality of domains includes at least one wireless mobile communication device asset. When a request to perform an operation affecting at least one of the assets is received, it is determined whether the request is permitted by the domain that includes the at least one affected asset, by determining whether the entity with which the request originated has a trust relationship with the domain, for example. The operation is completed where it is permitted by the domain. Wireless mobile communication device assets include software applications, persistent data, communication pipes, and configuration data, properties or user or subscriber profiles.
    Type: Grant
    Filed: July 11, 2016
    Date of Patent: July 3, 2018
    Assignee: BlackBerry Limited
    Inventors: Russell Norman Owen, Herbert Anthony Little, David Paul Yach, Michael Shenfield
  • Patent number: 10015178
    Abstract: A configuration is received for an agent associated with an application to monitor application transactions. The agent monitors incoming and outgoing application transactions using the agent and transmits monitored transaction data to a monitoring server for anomalous transaction detection. The agent receives instructions from the monitoring server to perform an action based on the transmitted monitored transaction data and reports the status of the performed action to the monitoring server.
    Type: Grant
    Filed: December 28, 2015
    Date of Patent: July 3, 2018
    Assignee: SAP SE
    Inventors: Elad Schulman, Amidan Tabak, Ofer Rivlin
  • Patent number: 10006782
    Abstract: A computing system located on-board a vehicle processes the input sensor data to obtain a downsampled representation of one or more time-series measurements. The computing system further identifies one or more characterization parameters to be reported as supplemental information along with the downsampled representation. The computing system processes the input sensor data to obtain a characterization value for each characterization parameter identified based on measurement conditions and communicates the characterizations based on a timing profile. The computing system formats the one or more characterization values to be reported along with the downsampled representation into one or more report messages. The computing system transmits the one or more report messages over a wireless wide area network directed to a server system. The one or more characterization values may be used by the server system as supplemental information in reconstructing the input sensor data from the downsampled representation.
    Type: Grant
    Filed: November 12, 2014
    Date of Patent: June 26, 2018
    Assignee: Moj.io Inc.
    Inventor: Robb E. Lovell
  • Patent number: 10007791
    Abstract: Systems, methods, and non-transitory computer-readable media can provide a set of security features capable of being enabled by a user associated with an online service. In some implementations, it can be determined that at least one security feature in the set has yet to be enabled by the user. A communication can be provided to the user. In some instances, the communication can indicate that a quantity of social connections associated with the user has already enabled the at least one security feature. One or more options to enable the at least one security feature can be provided to the user.
    Type: Grant
    Filed: November 18, 2014
    Date of Patent: June 26, 2018
    Assignee: Facebook, Inc.
    Inventors: Adam Kramer, Sauvik Das
  • Patent number: 10007501
    Abstract: The present invention discloses a method for rapidly deploying an application based on a customized android platform, and is aimed to solve the problems of long installation time, high energy consumption, a slow system response, and poor user experience when installing an application in a mobile intelligent device running the Android system. The technical solutions are as below: building a system for rapidly deploying an application based on the customized Android platform, wherein the system includes a cloud application store running in a cloud server and an application store client running in a mobile intelligent device; improving the installation process of the application for the Android system, introducing the cloud application store and a store client, and incorporating an optimized target file into the APK file, wherein the optimized target file is needed when the mobile intelligent device runs the application.
    Type: Grant
    Filed: August 2, 2017
    Date of Patent: June 26, 2018
    Assignee: CENTRAL SOUTH UNIVERSITY
    Inventors: Yaoxue Zhang, Shaoyong Li, Yaping Liu, Haining Liao, Ning Hu
  • Patent number: 10009374
    Abstract: A computer-implemented method for detecting malware is described. In some embodiments, the method includes identifying an application identifier of a first application paired with a universal resource locator (URL) scheme, and storing the identified pairing of the application identifier and URL scheme of the first application in a database. In some cases, the database stores URL scheme pairings of a plurality of applications. In some embodiments, the method includes identifying an application identifier of a first application paired with a universal resource locator (URL) scheme, identifying a second application as an unknown application, detecting a request to register a URL scheme pairing of the second application, querying the database based on the request to register the URL scheme pairing of the second application, and determining whether the second application is potential malware based on a result of the querying.
    Type: Grant
    Filed: August 4, 2015
    Date of Patent: June 26, 2018
    Assignee: Symantec Corporation
    Inventors: Rui Jing, Jinghao Li
  • Patent number: 10009327
    Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.
    Type: Grant
    Filed: March 7, 2017
    Date of Patent: June 26, 2018
    Assignee: Intel Corporation
    Inventors: Ned M. Smith, Conor P. Cahill, Micah J. Sheller, Jason Martin
  • Patent number: 10009383
    Abstract: Methods and systems for microsegmentation of data networks are provided herein. Exemplary methods include: receiving a high-level declarative policy; getting metadata associated with a plurality of containers from an orchestration layer; determining a low-level firewall rule set using the high-level declarative policy and the metadata; and configuring by a plurality of enforcement points a respective virtual switch of a plurality of virtual switches to process packets in accordance with the low-level firewall ruleset, the virtual switches being collectively communicatively coupled to the plurality of containers, such that network communications between a first group of containers and a second group of containers of the plurality of containers are not permitted, and communications between containers of the first group of containers are permitted.
    Type: Grant
    Filed: December 16, 2016
    Date of Patent: June 26, 2018
    Assignee: vArmour Networks, Inc.
    Inventor: Marc Woolward
  • Patent number: 10009385
    Abstract: A policy management system includes a policy management device that is configured to manage a policy input and/or a template and/or a functional model, a policy enforced device that is directly or indirectly connected to the policy management device via a network and that is configured such that at least a part of the functional model managed by the policy management device reflects the functional features/behaviors of the policy enforced device, a policy enforcement device that is configured to execute policy enforcement on the policy enforced device, and a policy decision device that is configured to receive machine-enforceable rule and/or configuration from the policy management device.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: June 26, 2018
    Inventors: Ulrich Lang, Rudolf Schreiner
  • Patent number: 10003614
    Abstract: The present disclosure discloses a Deep Packet Inspection (DPI) control method and device, and a storage medium. The method includes that: a traffic collection request is sent to a network controller according to a pre-set collection policy, wherein the traffic collection request is used for allowing the network controller to send a request for traffic collection to one or more corresponding network devices; traffic data collected by the one or more network devices are received (S11); and the received traffic data of the one or more network devices are analyzed and processed to generate a network control policy corresponding to each network device, and the network control policies are sent to the network controller correspondingly to allow the network controller to send each network control policy to the corresponding network device.
    Type: Grant
    Filed: June 23, 2014
    Date of Patent: June 19, 2018
    Assignee: ZTE Corporation
    Inventors: Sunliang Huang, Jun Feng, Liang Fan
  • Patent number: 9998466
    Abstract: Systems and methods for secure control of a wireless mobile communication device are disclosed. Each of a plurality of domains includes at least one wireless mobile communication device asset. When a request to perform an operation affecting at least one of the assets is received, it is determined whether the request is permitted by the domain that includes the at least one affected asset, by determining whether the entity with which the request originated has a trust relationship with the domain, for example. The operation is completed where it is permitted by the domain. Wireless mobile communication device assets include software applications, persistent data, communication pipes, and configuration data, properties or user or subscriber profiles.
    Type: Grant
    Filed: July 11, 2016
    Date of Patent: June 12, 2018
    Assignee: BlackBerry Limited
    Inventors: Russell Norman Owen, Herbert Anthony Little, David Paul Yach, Michael Shenfield
  • Patent number: 9996702
    Abstract: A computer-implemented system for processing a user device request to process a user data portion, the system comprising a server having a processor, the processor having a user space and a kernel space, the processor configured to perform receiving the request to process the user data portion from a user device, reading the user data portion from a database at the server, allocating space at the processor to define a sandbox environment defining a kernel space commands set of the processor to perform processing of the user data portion, isolating the processor within the sandbox environment in order to perform isolated execution of the request by the kernel space commands set, processing the user data portion within the sandbox environment, de-isolating the sandbox environment from the user space by returning an indication of a processed user data portion and writing the indication to the user space of the processor.
    Type: Grant
    Filed: September 12, 2016
    Date of Patent: June 12, 2018
    Assignee: YANDEX EUROPE AG
    Inventor: Grigory Victorovich Demchenko
  • Patent number: 9996534
    Abstract: The disclosed systems and methods enable a virtual machine, including any applications executing thereon, to quickly start executing and servicing users based on pre-staged data blocks supplied from a backup copy in secondary storage. Substantially concurrently with the ongoing execution of the virtual machine, a virtual-machine-file-relocation operation may move data blocks originating in the backup copy to a primary storage destination that becomes the virtual machine's primary data store after the relocation operation completes. An enhanced data agent, operating in conjunction with an enhanced media agent in a storage management system, coordinates restoring of the virtual machine and the launch of the relocation operation. The enhanced media agent may pre-stage certain backed up data blocks which may be needed to launch the virtual machine, based on predictive analysis pertaining to the virtual machine's operational profile.
    Type: Grant
    Filed: June 9, 2017
    Date of Patent: June 12, 2018
    Assignee: COMMVAULT SYSTEMS, INC.
    Inventors: Henry Wallace Dornemann, Rahul S. Pawar, Paramasivam Kumarasamy, Satish Chandra Kilaru, Ananda Venkatesha
  • Patent number: 9998470
    Abstract: Embodiments describing an approach to receiving user data, and monitoring a user data transaction. Monitoring a user data transaction. Identifying a plurality of attribute elements associated with the user data and the user data transaction. Creating benchmark data based on one or more identified attributes and user data gathered from a user data transaction, and storing, by the one or more processors, benchmark data.
    Type: Grant
    Filed: September 19, 2017
    Date of Patent: June 12, 2018
    Assignee: International Business Machines Corporation
    Inventors: Christopher J. Hockings, Budi Mulyono, Sumana S. Narasipur, Codur S. Pranam
  • Patent number: 9998492
    Abstract: Provided are a processing method for a Network Address Translation, NAT, technology, an NAT device and a BNG device, the method includes: the NAT device determining whether or not session establishment of a UE reaches a preset threshold, and notifying the BNG device to execute a security strategy for the UE if the session establishment of the UE reaches the preset threshold, wherein the security strategy is used for stopping the attack behavior of the UE and informing the UE of the attack behavior of the UE. In the disclosure, the technical problem in the related art that the user lodges complaints against the operator for the abnormal behavior of the host user is solved, thus by reminding the user to check the security of the host user, the disclosure increases the utilization rate of the NAT device and improves user experience.
    Type: Grant
    Filed: August 27, 2013
    Date of Patent: June 12, 2018
    Assignee: ZTE CORPORATION
    Inventors: Liang Fan, Bo Yuan
  • Patent number: 9992217
    Abstract: Methods, systems, and computer readable media for detecting malicious network traffic are disclosed. According to one method, the method includes caching network traffic transmitted between a client and a server, wherein the network traffic includes a uniform resource locator (URL) for accessing at least one file from the server. The method also includes determining whether the at least one file is suspicious. The method further includes in response to determining that the at least one file is suspicious, determining whether the at least one file is malicious by replaying the network traffic using an emulated client and an emulated server.
    Type: Grant
    Filed: December 30, 2016
    Date of Patent: June 5, 2018
    Assignee: The University of North Carolina at Chapel Hill
    Inventors: Teryl Paul Taylor, Kevin Zachary Snow, Nathan Michael Otterness, Fabian Newman Monrose
  • Patent number: 9992074
    Abstract: A system and method for storing role definitions for cloud provider systems, receiving a first request to assign a user to a first role specifying a first cloud computing resource of a respective resource type, identifying a role definition corresponding to the first role that includes an action set permitted, and creating the first role for the user on the first cloud computing resource by associating the identified role definition with the first cloud computing resource and the user. A second request to assign the user to a second role is received specifying a second cloud computing of the respective resource type, and the second role is created for the user on the second cloud computing resource, where the identified role definition corresponds to the first and second roles, and wherein creating the second role includes associating the identified role definition with the first cloud computing resource and the user.
    Type: Grant
    Filed: May 15, 2017
    Date of Patent: June 5, 2018
    Assignee: Red Hat, Inc.
    Inventor: Scott Wayne Seago
  • Patent number: 9992107
    Abstract: Methods and systems are provided for processing data packets in a data network using a policy based network path. A policy enforcing point receives a data packet associated with a service session and routes it toward its destination along a network path which is determined according to data packet information and one or more packet processing criteria. The data packet information may include one or more of information associated with the packet, information associated with prior packets, and information obtained from a network computer. The network path may be selected from a database of network paths. The network path may include an order list of further policy enforcing points and corresponding network application appliances. The policy enforcing point may generate a new data packet based on the data packet and the policy based network path and send the new data packet to a next policy enforcing point.
    Type: Grant
    Filed: March 14, 2014
    Date of Patent: June 5, 2018
    Assignee: A10 NETWORKS, INC.
    Inventors: Rajkumar Jalan, Gurudeep Kamat
  • Patent number: 9992023
    Abstract: A system for authenticating mobile device users transparently is disclosed. This invention improves on the existing flaws by deriving encryption keys from environmental condition data when the user and device are trusted. The keys are then cryptographically hashed and compared with repository hashed data to determine if the conditions match a prior set of conditions. If a match is found and trust factors are sufficient, the system uses the condition data to decrypt a master key that allows access to secure data in the same manner as would a user-provided password. The security system cannot be bypassed if the device is stolen, as an attacker would have to replicate the exact environment and behavioral attributes employed and learned from the user without any knowledge as to the factors that constitute them because the factors are not maintained by the system.
    Type: Grant
    Filed: October 24, 2016
    Date of Patent: June 5, 2018
    Assignee: Trusted Mobile, LLC
    Inventors: Jason Richard Sinchak, Troy Frost
  • Patent number: 9992072
    Abstract: A system, method, apparatus, and computer program product for enabling management of a plurality of computing components, such as a converged infrastructure, through a software framework are disclosed. For example, a method in accordance with some example embodiments may include receiving an action target command that is comprised of target component identification information, action identification information and action parameters. The method may include invoking a registered hook and passing the action parameters to a function that is bound to the action and resolving the received target component identification information and the received action identification data. A command and command parameters may be transmitted to each of the identified computing components thereby causing the command to be performed on the computing components.
    Type: Grant
    Filed: May 4, 2015
    Date of Patent: June 5, 2018
    Assignee: VCE IP Holding Company LLC
    Inventors: Ta-Ming Chen, Todd Dolinsky
  • Patent number: 9985973
    Abstract: Embodiments of the present invention provide systems and methods for providing security in a computing environment. These systems and methods can be applied to cloud computing environments. Interfaces allow a user to request and gain user access to applications (and their equivalents) even if the applications prior to implementing the present invention do not allow the user to request or gain user access to the applications. The embodiments of this invention can operate at the granular computing level.
    Type: Grant
    Filed: November 30, 2016
    Date of Patent: May 29, 2018
    Assignee: International Business Machines Corporation
    Inventors: Sumitra Chachar, Rupesh M. Mukkawar
  • Patent number: 9971987
    Abstract: Systems and methods for providing updates to a data store are described. A data store may receive, process and distribute update information in a substantially orderless manner. This may include implementing an “eventually consistent” design pattern, in which all operations include an object identifier associated with one of the objects in the data store, an information attribute identifier, an initial state, and a final state. Examples may include comparing the initial state included in the update instruction to a current state of one of the objects. If the initial state and the current state are the same, the current state of the object may be modified to match the final state of the update instruction. If the initial state and the current state are not the same, the update instruction may be sent to a redrive queue, from which the update may be reprocessed at a later time.
    Type: Grant
    Filed: March 25, 2014
    Date of Patent: May 15, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Soumyadip Banerjee, Ankit Saraswat, Prafulla Upadhyay
  • Patent number: 9973527
    Abstract: This disclosure is directed to a context-aware proactive threat management system. In general, a device may use internal activity data along with data about external activities (e.g., provided by remote resources) for threat assessment and mitigation. A device may comprise, for example, a hostile environment detection (HED) module to coordinate threat assessment and mitigation. The HED module may accumulate internal activity data (e.g., from security services in the device), and external activity data regarding a system environment and/or a physical environment from the remote resources. The HED module may then assess threats based on the activity data and determine automated and/or manual mitigation operations to respond to the threats. In one embodiment, visualization features may also be used to, for example, visualize threats to a user, visualize automatic/manual mitigation operations, request user confirmation regarding the performance of manual mitigation operations, etc.
    Type: Grant
    Filed: November 19, 2013
    Date of Patent: May 15, 2018
    Assignee: INTEL CORPORATION
    Inventors: Abhilasha Bhargav-Spantzel, John B. Vicente, Mohammad R. Haghighat, Oliver W. Chen, Hormuzd M. Khosravi, Uri Kahana
  • Patent number: 9971532
    Abstract: A GUID partition table (GPT) based Hidden Data Store (HDS) system includes first computing systems that include networked storage devices and that are coupled to a second computing system through a network. The second computing system include local storage devices that provide a GPT having a GPT entry that identifies local HDS elements that provides an HDS and that are included on the local storage devices, and networked HDS elements that provide the HDS and that are included on the networked storage devices. The second computing system also includes an HDS engine that receives the GPT entry and authorization credentials, determines that the authorization credentials allow access to the HDS and, in response, provides access to the local HDS elements that are included on the local storage devices, and provide access to the networked HDS elements that are included on the networked storage devices.
    Type: Grant
    Filed: February 24, 2016
    Date of Patent: May 15, 2018
    Assignee: Dell Products L.P.
    Inventors: Shekar Babu Suryanarayana, Neeraj Joshi
  • Patent number: 9965344
    Abstract: This disclosure discloses a method and apparatus for transmitting data in a robot operating system. The robot operating system includes a transmitting node, a receiving node, and a shared memory as a transmission medium between the transmitting and receiving nodes. The method in a particular embodiment includes: traversing, by the transmitting node, a sequence of data templates stored in advance in the shared memory, and determining whether the respective data templates in the sequence of data templates are currently being written into or read from; identifying a data template in the sequence of data templates currently being neither written into nor read from as a target data template, and obtaining information of the target data template; and writing data into the target data template according to the information of the target data template. This embodiment can improve the performance of transmitting the data while occupying less memory resources.
    Type: Grant
    Filed: January 19, 2017
    Date of Patent: May 8, 2018
    Assignee: BEIJING BAIDU NETCOM SCIENCE AND TECHNOLOGY CO., LTD.
    Inventors: Liming Xia, Jingchao Feng, Quan Wang, Ning Qu, Wei He, Chengliang Deng, Kaiwen Feng, Zhuo Chen
  • Patent number: 9965507
    Abstract: A method for securing content in a database includes identifying a challenge column associated with a database column referenced in an update query. A challenge value for the challenge column may be received and resolved for a match with a corresponding value stored in the challenge column. In case of a match, the update query may be certified for execution on the database, otherwise, the update query may be prevented from executing. Challenge columns may be determined by an analysis of the database on the basis of discriminating power, description complexity, and/or diversity.
    Type: Grant
    Filed: August 6, 2010
    Date of Patent: May 8, 2018
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Divesh Srivastava, Su Chen, Xin Dong, Lakshmanan Sundaram Viravanallur
  • Patent number: 9967702
    Abstract: An electronic device for managing one or more applications is provided. The electronic device includes a display, a location measurement module, a communication interface, a memory configured to store a first application program and a second application program, and a processor, electrically connected to the display, the location measurement module, the communication interface, and the memory, configured to execute the first application program, acquire a location information request from the first application program, and determine whether to respond to the location information request at least partially based on a state of the display or information related to the first application program when the instructions are executed.
    Type: Grant
    Filed: June 14, 2016
    Date of Patent: May 8, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Hyun-Woo Park, Dae-Yong Son, Jae-Woong Song, Chang-Ryeol Song, Woo-Jin Jun
  • Patent number: 9967744
    Abstract: A first electronic device is provided. The first electronic device includes, for example: a receiver configured to receive a first signal from a second device; a controller configured to generate a response signal corresponding to the first signal based on mutual information between users of the first electronic device and the second device, or the first signal; and a transmitter configured to transmit the response signal to the second device.
    Type: Grant
    Filed: November 5, 2015
    Date of Patent: May 8, 2018
    Assignee: Samsung Electronics Co., Ltd
    Inventors: Young-Kyoo Kim, Hyuk Kang, Kyung-Tae Kim, Jae-Bong Yoo
  • Patent number: 9959417
    Abstract: A technique for preventing selected sets of data words from unauthorized transmission out of the secure perimeter of a computer system is disclosed. A set of security rules is applied to an outgoing data message and if one of the set of rules is triggered, at least a portion of the message is transmitted to a central server that is within the secure perimeter, for scanning by another set of security rules. The central server then sends a security command back to the remote device, which executes the security command before transmitting the outgoing message out of the secure perimeter of the computer system.
    Type: Grant
    Filed: June 22, 2015
    Date of Patent: May 1, 2018
    Assignee: Workshare, Ltd.
    Inventors: Scott More, Ilya Beyer
  • Patent number: 9961114
    Abstract: A method includes acts for establishing a subscription for an entity. The method includes receiving, at a cloud service provider, a request from an entity to establish a subscription. The request includes credentials for the entity that are not proper credentials for an organization associated with the entity that the entity should use to access services for the organization. The method further includes performing a corrective action based on detecting one or more factors to determine that the entity is associated with the organization. The method further includes providing services based on the corrective action.
    Type: Grant
    Filed: February 10, 2017
    Date of Patent: May 1, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ranganathan Srikanth, David James Armour, Ashvinkumar J. Sanghvi, Jeremy Winter, John David Ballard, Dwayne Richard Need, Srivatsan Parthasarathy
  • Patent number: 9954849
    Abstract: Systems and methods are disclosed for managing online advertising data secure sharing. One method includes receiving, at a server, a request for proprietary data from a data consumer, the request including a data consumer identifier; retrieving, from a database of proprietary data, proprietary data based on the request; determining, by the server, whether the retrieved proprietary data is at least one of: designated to be processed and designated to have privileges set; processing, by the server, the proprietary data when the server determines the proprietary data is designated to be processed; setting one or more privileges to the proprietary data using the certificate associated with the data consumer identifier when the server determines the proprietary data is designated to have privileges set; encrypting the proprietary data using the certificate associated with the data consumer identifier; and transmitting the encrypted proprietary data to the data consumer.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: April 24, 2018
    Assignee: OATH (AMERICAS) INC.
    Inventors: Matthew M. Patton, Seth Mitchell Demsey
  • Patent number: 9955352
    Abstract: A method is provided for evaluating the usage of a mobile communications device that itself provides access to a resource. In the method, a detected usage of the mobile communications device is compared to a stored usage pattern of an authorized user. When a measure associated with the difference between the detected usage and the stored usage pattern exceeds a threshold, it is concluded that the mobile communications device is being used by an unauthorized user. In response to this conclusion, a restriction is placed on an ability of the mobile communications device to access the resource.
    Type: Grant
    Filed: November 10, 2015
    Date of Patent: April 24, 2018
    Assignee: LOOKOUT, INC.
    Inventors: Kevin Patrick Mahaffey, John G. Hering, James David Burgess, Vance Grkov, David Luke Richardson, Ayan Mandal, Cherry Mangat, Brian James Buck, William Robinson
  • Patent number: 9954834
    Abstract: A computing device has a first application and a second application. The first application generates a data access application key for use by the second application to enable decryption of data that is stored in encrypted form on the computing device using the data access application key. In operation, the second application generates a public/private key pair. The second application sends a request to the first application for the first application to send the second application a data access application key, the request including the public key. The first application derives the requested data access application key as a function of at least the public key. The first application sends the derived data access application key to the second application.
    Type: Grant
    Filed: April 12, 2016
    Date of Patent: April 24, 2018
    Assignee: BlackBerry Limited
    Inventor: Sean Michael Quinlan
  • Patent number: 9954887
    Abstract: A device may receive usage information, associated with a group of client networks, including particular usage information associated with a particular client network. The device may receive threat information, associated with the group of client networks, including particular threat information associated with the particular client network. The device may determine a baseline based on the usage information. The device may determine a normalization function, associated with the particular client network, based on the baseline and the particular usage information. The device may determine normalized threat information, associated with the particular client network, based on the normalization function and the particular threat information. The device may determine overall normalized threat information associated with the group of client networks. The device may compare the normalized threat information and the overall normalized threat information.
    Type: Grant
    Filed: December 30, 2016
    Date of Patent: April 24, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Kyle Adams, Declan Conlon
  • Patent number: 9954888
    Abstract: Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.
    Type: Grant
    Filed: December 2, 2015
    Date of Patent: April 24, 2018
    Assignee: Phantom Cyber Corporation
    Inventors: Sourabh Satish, Oliver Friedrichs, Atif Mahadik, Govind Salinas
  • Patent number: 9948680
    Abstract: Systems and methods for converting a configuration file from a first language into a second language with policy optimization and auditing are provided. According to one embodiment, a network appliance configuration converter parses network security policies of an input configuration file of a first network appliance to intermediate representations. The network security policies of the input configuration file are in a first language and the intermediate representations are general data structures for describing network security policies. The network appliance configuration converter optimizes network security policies in the intermediate representations and converts the intermediate representations to security policies of an output configuration file in a second language.
    Type: Grant
    Filed: December 29, 2015
    Date of Patent: April 17, 2018
    Assignee: Fortinet, Inc.
    Inventors: Jianwen Zhang, Haixiang Gong
  • Patent number: 9948675
    Abstract: A network architecture that eliminates anonymous traffic, reduces a threat surface, and enforces policies is described herein. A method based on this network architecture includes receiving, by a processor, an IP packet entering a network, inserting, by the processor, an identity-based internet protocol (IBIP) shim between a header and a body of the IP packet and incorporating, by the processor, an identity of a source and a destination of the IP packet in the shim.
    Type: Grant
    Filed: April 4, 2013
    Date of Patent: April 17, 2018
    Assignee: THE MITRE CORPORATION
    Inventors: Shu Nakamoto, Robert C. Durst, Randy Quang, David Pisano, Jiemei Ma, Jason R. Andresen, Nirav Trivedi, Christopher C. Growney, Jerod M. Parker
  • Patent number: 9946859
    Abstract: A method of enabling a lock screen of an electronic device operating an electronic device that includes an electronic processor and a display screen. The method includes receiving, by the electronic processor, a request to unlock the electronic device. The method further includes determining, by the electronic processor, an authentication state for the electronic device. The method further includes, determining, by the electronic processor, a lock screen authentication mode based on the authentication state, and displaying, on the display screen, a lock screen including the lock screen authentication mode. The electronic device includes a display screen and an electronic processor. The electronic processor is configured to receive a request to unlock the electronic device.
    Type: Grant
    Filed: November 4, 2015
    Date of Patent: April 17, 2018
    Assignee: MOTOROLA SOLUTIONS, INC.
    Inventors: Katrin Reitsma, Adam C. Lewis, Shanthi E. Thomas
  • Patent number: 9948616
    Abstract: An apparatus for providing security services based on virtualization, the apparatus including: a host virtual machine in which a host operating system that controls a general execution environment is operated; a secure virtual machine, which is separated from the host virtual machine, and in which a secure operating system operates independently of the host operating system; and a virtual machine monitor portion configured to allocate the host virtual machine and the secure virtual machine by virtualization, in which the host virtual machine and the secure virtual machine may access system resources only through the virtual machine monitor portion, and the virtual machine monitor portion classifies user input signals received from a user, and transmits the received user input signals to the host virtual machine and the secure virtual machine.
    Type: Grant
    Filed: April 7, 2016
    Date of Patent: April 17, 2018
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventor: Young Woo Jung
  • Patent number: 9948607
    Abstract: Systems and methods for securing a dynamic virtualized network are provided. According to one embodiment, a network policy of a dynamic virtualized network is received by an SDN controller of the dynamic virtualized network. The network policy includes network policy elements which each identify (i) an authorized endpoint, (ii) a network access device, and (iii) a port of the network access device with which the authorized endpoint is associated. A security policy for the dynamic virtualized network is generated based on the network policy, by, for each network access device, creating a set of appropriate security measures for the network access device. Each security measure specifies how network traffic in the dynamic virtualized network is to be processed by a port of the network access device. Finally, the security policy is applied to each affected network access device.
    Type: Grant
    Filed: March 7, 2017
    Date of Patent: April 17, 2018
    Assignee: Fortinet, Inc.
    Inventors: Kelly Wanser, Andreas Markso Antonopoulos
  • Patent number: 9940181
    Abstract: A method for reacting to system calls made to a kernel of a computerized system, the method includes controlling an execution of at least one system call by the kernel in response to a result of a comparison between information of system calls mane to a kernal and between data structure elements (DEs) of a non-executable control data structure that includes fields that correspond to the system call type fields, to the system call initiator fields and to the system call request fields of the segments of the first control data structure. The method also includes (A) Receiving a first control data structure. The first control data includes multiple segments. Each segment includes a system call type field, at least one system call initiator field and at least one system call request field. And (B) Converting the first control data structure into the non-executable control data structure.
    Type: Grant
    Filed: January 4, 2011
    Date of Patent: April 10, 2018
    Assignee: NYOTRON INFORMATION SECURITY LTD.
    Inventor: Nir Gaist
  • Patent number: 9942197
    Abstract: A system for web application security includes an interface and a processor. The interface of a web server is to receive a pending request made to the web server using an in-line request process. The processor of the web server is to provide information regarding the pending request to an agent process; and in the event that an instruction to block the pending request is received from the agent process at the in-line request process within a time constraint, block the pending request using the in-line request process.
    Type: Grant
    Filed: August 28, 2015
    Date of Patent: April 10, 2018
    Assignee: Signal Sciences Corporation
    Inventors: Nicholas Galbreath, Zane Lackey