Policy Patents (Class 726/1)
  • Patent number: 9942197
    Abstract: A system for web application security includes an interface and a processor. The interface of a web server is to receive a pending request made to the web server using an in-line request process. The processor of the web server is to provide information regarding the pending request to an agent process; and in the event that an instruction to block the pending request is received from the agent process at the in-line request process within a time constraint, block the pending request using the in-line request process.
    Type: Grant
    Filed: August 28, 2015
    Date of Patent: April 10, 2018
    Assignee: Signal Sciences Corporation
    Inventors: Nicholas Galbreath, Zane Lackey
  • Patent number: 9940181
    Abstract: A method for reacting to system calls made to a kernel of a computerized system, the method includes controlling an execution of at least one system call by the kernel in response to a result of a comparison between information of system calls mane to a kernal and between data structure elements (DEs) of a non-executable control data structure that includes fields that correspond to the system call type fields, to the system call initiator fields and to the system call request fields of the segments of the first control data structure. The method also includes (A) Receiving a first control data structure. The first control data includes multiple segments. Each segment includes a system call type field, at least one system call initiator field and at least one system call request field. And (B) Converting the first control data structure into the non-executable control data structure.
    Type: Grant
    Filed: January 4, 2011
    Date of Patent: April 10, 2018
    Assignee: NYOTRON INFORMATION SECURITY LTD.
    Inventor: Nir Gaist
  • Patent number: 9940554
    Abstract: Data analysis and management methods and systems for social networks are provided. First, specific data is received from a specific registered user of a social network system via a network. The specific data is processed with a data analysis procedure to obtain at least one contact information based on the specific data. Then, a connection with at least one target user who has not registered on the social network system is established according to the contact information.
    Type: Grant
    Filed: January 25, 2016
    Date of Patent: April 10, 2018
    Assignee: ZAPPOINT CORPORATION
    Inventor: Hsi-Tsun Chien
  • Patent number: 9938019
    Abstract: A network system of an aircraft implements a target system to attract, detect, log, and mitigate a potential breach by the malicious entities. The target system simulates the systems of the aircraft in order to attract a potential breach. The target system simulates the data, file structure, communications, etc., of the systems of the aircraft. The target system includes little, or no security or access controls in order to attract a potential breach and allow the malicious entity to gain access. Once a breach occurs, the target system can be configured to log, report, and/or mitigate the potential breach.
    Type: Grant
    Filed: May 21, 2015
    Date of Patent: April 10, 2018
    Assignee: THE BOEING COMPANY
    Inventors: David H. Floyd, Jason W. Shelton, John E. Bush
  • Patent number: 9934394
    Abstract: Provided are methods and systems for generating user-specific resource URIs for resources shared between users on the Internet. The user for whom the link was created and to whom the link was sent may use the link to access a shared resource; however, the link may not be used by any other user to do the same. No data needs to be created and/or stored on the server-side as a result of the link being provided to the user. Instead, by creating this customized/individualized link for the user, the particular user (and only the particular user) is being granted access to the shared resource. The methods and systems provided obviate the need to maintain any configuration data on the server side, thereby protecting against the possibility of the individualized URIs being forged by an intruder, while preserving the need for the accessing user to be authenticated.
    Type: Grant
    Filed: December 8, 2014
    Date of Patent: April 3, 2018
    Assignee: Google LLC
    Inventor: Alexei Stolboushkin
  • Patent number: 9935885
    Abstract: A device may receive a packet associated with a flow and may identify a capacity indicator associated with a flow table. The capacity indicator may indicate an available storage capacity associated with the flow table. The flow table may be stored by another device and may include entries for one or more flows and one or more corresponding actions to be taken in association with the one or more flows. The device may determine a service indicator that indicates a priority associated with the flow and may compare the capacity indicator and the service indicator. The device may selectively provide a message to the other device based on comparing the capacity indicator and the service indicator. The message may include an instruction for the other device to store an entry, associated with the flow, in the flow table.
    Type: Grant
    Filed: March 15, 2016
    Date of Patent: April 3, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Qiang Shen, Si Yuan Tong, Jianhua Gu, Guangsong Huang
  • Patent number: 9934399
    Abstract: A user interface is described, such as a graphical user interface (GUI), operable to receive a representation of a security policy expressed in a first policy language, where that security policy will be supported by policy evaluation engines (or other such components) that are configured to operate using security policies expressed using a second (different) policy language. The representation of the security policy is persisted in a data store in accordance with the first policy language. Subsequently, in response to receiving a request to access a resource, a second representation of the security policy is generated by translating the content of the security policy into a second policy language that is associated with the policy evaluation engine. The second representation of the security policy is then evaluated by the policy evaluation engine to grant or deny access to the resource.
    Type: Grant
    Filed: April 25, 2016
    Date of Patent: April 3, 2018
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Gregory Branchek Roth, Daniel Stephen Popick, Jonathan Weiss
  • Patent number: 9934221
    Abstract: A method and apparatus for document collaboration and management are disclosed. User devices associated with a user of a document management and collaboration system are identified. Documents associated with the user are downloaded to the user devices from the document management and collaboration system. A targeted denial of access to the downloaded documents is performed.
    Type: Grant
    Filed: September 29, 2014
    Date of Patent: April 3, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Kevin George Gillett, Stephen Joseph Oakley, Stefan Mathias Hutchison, Cynthia Zhang Taylor, Subha Narayanamurthi, Scott Anthony Plant, Robert Andrew Alexander
  • Patent number: 9935981
    Abstract: Embodiments of the present invention provide systems and methods for exchanging information. Communications between an intrusion prevention system (IPS) and at least one end-point are facilitated by controlling network traffic flow in an IPS and the at least one end-point and formation of an information plane. The formed information plane allows attributes of the IPS and the at least one end-point to reside in the formed information plane. A network access policy (NAP) works in conjunction with an IPS and leverages created customized network objects (CNOs). Upon analyzing data packets, the data packets may or may not be forwarded to the IPS.
    Type: Grant
    Filed: September 18, 2015
    Date of Patent: April 3, 2018
    Assignee: International Business Machines Corporation
    Inventors: Sheng-Tung Hsu, Cheng-Ta Lee, Joey H. Y. Tseng, Rick M. F. Wu
  • Patent number: 9935968
    Abstract: Embodiments disclosed herein provide systems and methods for recording for analyzing traffic at an edge of a communication network. In a particular embodiment, a method provides processing a first portion of data packets directed into the communication network from outside of the communication network to determine whether a first sampling policy adequately assesses risk to the communication network. Upon determining that the first sampling policy does not adequately assess the risk to the communication network, the method provides adjusting the first sampling policy. The method further provides identifying a second portion of the data packets based on the first sampling policy. An amount of data packets included in the first portion of the data packets is larger than or equal to an amount of data packets included in the second portion of the data packets.
    Type: Grant
    Filed: November 4, 2015
    Date of Patent: April 3, 2018
    Assignee: AVAYA, INC.
    Inventors: Biswajyoti Pal, Manish Chatterjee
  • Patent number: 9930070
    Abstract: A method for a managing security in a networked computing environment. The method included a processor detecting an unauthorized activity that is targeting a first computing resource. The method further includes a processor determining a first group of computing resources that includes the first computing resource. The method further includes a processor determining a first threat level for the detected unauthorized activity. The method further includes a processor identifying a first security policy of a plurality of security policies of a networked computing environment based at least in part on the determined first group of computing resources and the determined first threat level for the detected unauthorized activity.
    Type: Grant
    Filed: November 11, 2015
    Date of Patent: March 27, 2018
    Assignee: International Business Machines Corporation
    Inventors: Hao Feng, Shuo Li, Shengyan Sun, Jun Wang
  • Patent number: 9922194
    Abstract: In one embodiment, a system comprises: a processor including at least one core to execute instructions; a plurality of sensors, including a first sensor to determine location information regarding a location of the system; and a security engine to apply a security policy to the system. In this embodiment, the security engine includes a policy logic to determine one of a plurality of security policies to apply based at least in part on the location information, where the location information indicates a location different than locations associated with the plurality of security policies. Other embodiments are described and claimed.
    Type: Grant
    Filed: February 7, 2017
    Date of Patent: March 20, 2018
    Assignee: Intel Corporation
    Inventors: Nathaniel J. Goss, Nathan Heldt-Sheller, Kevin C. Wells, Micah J. Sheller, Sindhu Pandian, Ned M. Smith, Bernard N. Keany
  • Patent number: 9922123
    Abstract: Technology for optimizing policy evaluation is disclosed. A policy may include an ordered rule set. When evaluated, the highest priority rule in the order that does not skip may control the outcome of the policy. Rules within a policy may have associated costs and an associated probability of not skipping. The rules of a policy may not need to be executed in a particular order for a system to determine the correct evaluation of the policy and groups of rules, or “batches,” may be run simultaneously. Technology is disclosed to optimize policy evaluation by creating batches and orderings of those batches which have a lower expected cost than other ordered sets of batches. The expected cost for each ordered set of batches may be calculated based on: rule costs, probabilities associated with one or more rules, the organization of the rules into batches, and the ordering of batches within sets.
    Type: Grant
    Filed: January 10, 2014
    Date of Patent: March 20, 2018
    Assignee: Facebook, Inc.
    Inventors: Raylene Yung, Maria S. Pimenova, Daniel Schafer, Dwayne Reeves, Wendy Mu, Kendall Hopkins
  • Patent number: 9924354
    Abstract: Embodiments of the present invention disclose a key exchange method and apparatus, which relate to the communications field, and can enable user equipments establishing a D2D link to share a set of keys, and further, information security can be achieved when a user equipment transmits service data or a signaling message through a Ud interface. A specific solution is that: a network device acquires a first key, and sends a message including the first key to a second user equipment, so that the second user equipment uses, when communicating with a first user equipment by using a D2D link, the first key to protect transmitted information. The present invention is applicable to an exchange process of keys for protecting data on a D2D link.
    Type: Grant
    Filed: September 2, 2015
    Date of Patent: March 20, 2018
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Dongmei Zhang, Jing Chen
  • Patent number: 9922203
    Abstract: A method for providing access to objects associated with a particular client in a cloud storage system is disclosed. The method includes the steps of establishing a connection with a user, providing a client namespace associated with the client to the user, where the client namespace represents objects stored on the cloud storage system and objects stored on a private storage system apart from the cloud storage system, receiving a request from the user to access an object stored on the private storage system, and providing information to the user to facilitate access to the object stored on the private storage system by said user. Other systems and methods are also disclosed. Important advantages of the present invention are facilitated by separating the logic for user access (control plane) from the actual storage (Storage plane). Private file system access can still be managed from the cloud, while keeping the client data private.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: March 20, 2018
    Assignee: Egnyte, Inc.
    Inventors: Hakan Ancin, Xi Chen, Amrit Jassal, Daniel H. Jung, Gregory B. Neustaetter, Sean H. Puttergill, Ramakrishnan Sundararaj, Sanjay Vedanthan, Chandra Yalangi, Ramanathan Kavasseri, Ravi Wijayaratne, Shishir Sharma
  • Patent number: 9923765
    Abstract: Embodiments are directed towards managing computer applications. A configuration package may be provided to provision a cloud service stack on a cloud platform such that the cloud service stack corresponds to a main stack model. If a monitoring engine identifies inconsistencies between the cloud service stack and the main stack model, a deployment engine may be provided to traverse the main stack model such that the deployment engine may visit each of one or more stack model entities included in the main stack model. Then an updated configuration package may be provided for the cloud platform based on the traversal. And, the updated configuration package may be provided to the cloud platform to re-provision the cloud service stack.
    Type: Grant
    Filed: May 12, 2017
    Date of Patent: March 20, 2018
    Assignee: CloudCoreo, Inc.
    Inventor: Paul Dennis Allen
  • Patent number: 9923902
    Abstract: In an example implementation of the disclosed technology, a method includes accessing, by a management agent associated with a client device, a profile associated with a requested resource, wherein the profile comprises at least one profile criterion. The method also includes evaluating the profile criterion based, at least in part, on status information associated with the client device to determine any processing restrictions associated with the requested resource. The method also includes, responsive to receiving an indication that the resource is subject to a server-device processing restriction, requesting access to the resource from a remote server and receiving an instance of a user interface for interacting with the resource.
    Type: Grant
    Filed: June 15, 2017
    Date of Patent: March 20, 2018
    Assignee: AirWatch LLC
    Inventor: Erich Peter Stuntebeck
  • Patent number: 9923928
    Abstract: An access control rule authorizing communication between a plurality of managed servers within an administrative domain is determined. Communication information describing past communication between the plurality of managed servers is obtained. A subset of managed servers from the plurality of managed servers is identified by grouping the plurality of managed servers based on the obtained communication information. A group-level label set is determined to associate with the subset of managed servers. Role labels are determined for managed servers in the subset of managed servers. A managed server is associated with one role label. Based on the group-level label set and the role labels, an access control rule is generated authorizing communication between a first managed server of the subset of managed servers and a second managed server. The access control rule is stored as part of an administrative domain-wide management policy.
    Type: Grant
    Filed: October 3, 2016
    Date of Patent: March 20, 2018
    Assignee: Illumio, Inc.
    Inventors: Paul J. Kirner, Matthew K. Glenn, Mukesh Gupta, Roy N. Nakashima, Thukalan V. Verghese
  • Patent number: 9922204
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for a row-level security. One of the methods includes receiving a request for one or more objects. The method includes determining that a type of the one or more requested objects is associated with an object representative of instance level security. The method includes determining access is authorized to at least some of the one or more objects. Determining access includes obtaining a first access statement associated with the type of the one or more objects, obtaining a second access statement associated with the object representative of instance level security, combining at least the first access statement and the second access statement into a third access statement, and obtaining one or more objects using the third access statement. The method also includes providing the authorized subset of objects to the user.
    Type: Grant
    Filed: July 19, 2017
    Date of Patent: March 20, 2018
    Assignee: Vinyl Development LLC
    Inventor: Thomas R. Kennedy, Jr.
  • Patent number: 9917862
    Abstract: Disclosed are various approaches for integrating application scanning into a mobile enterprise computing management system. A management service can add a first command to a command queue associated with a client device, wherein the first command instructs the client device to provide a unique device identifier associated with the client device to the management service and the unique device identifier uniquely identifies the client device with respect to at least one other client device. Then, the management service can receive a first request from the client device for the first command stored in the command queue. Later, the management service sends the first command to the client device. When the management service receives the unique device identifier from the client device, the management service sends the unique device identifier to a scanning service and a policy linked with the unique device identifier to the scanning service.
    Type: Grant
    Filed: April 14, 2016
    Date of Patent: March 13, 2018
    Assignee: AIRWATCH LLC
    Inventors: Shruti Phanse, Bhavesh Krishna Kumar
  • Patent number: 9916475
    Abstract: Methods, systems, and computer readable media for extending security of an application-based computer operating system are disclosed. One system includes a memory. The system also includes an application-based operating system security module bridge implemented using the memory. The application-based operating system security module bridge is for receiving, from a reference monitor, a registration for at least one security authorization hook, for receiving a callback when a protected event occurs, for communicating with the reference monitor that registered the at least one security authorization hook corresponding to the callback, and for receiving, from the reference monitor, an access control decision associated with the protected event.
    Type: Grant
    Filed: August 11, 2015
    Date of Patent: March 13, 2018
    Assignees: NORTH CAROLINA STATE UNIVERSITY, TECHNISCHE UNIVERSITAT DARMSTADT
    Inventors: William Harold Enck, Adwait Pravin Nadkarni, Ahmad-Reza Sadeghi, Stephan Heuser
  • Patent number: 9916446
    Abstract: Disclosed are various approaches for integrating application scanning into a mobile enterprise computing management system. A management service instructs the client device to provide a list of installed applications to the management serviceand receives the list of installed applications from the client device. The management service then adds the list of installed applications to an aggregate listing of applications representing a list of client applications installed on one or more client devices. Subsequently, the management service sends to a scanning service a policy comprising an identifier of a client application that is prohibited on the client device. The management service also sends the aggregate listing of applications to the scanning service. The management service then receives a notification from the scanning service that the prohibited client application is present in the aggregate listing of applications.
    Type: Grant
    Filed: April 14, 2016
    Date of Patent: March 13, 2018
    Assignee: AIRWATCH LLC
    Inventors: Shruti Phanse, Bhavesh Krishna Kumar
  • Patent number: 9917693
    Abstract: Systems, methods, and software can be used to provide security assurance information. In some aspects, a certificate request for a client process on a mobile device is received. A security assurance character for the client process is determined. Whether to grant the certificate request is determined based on the determined security assurance character. In response to determining to grant the certificate request, a certificate is generated.
    Type: Grant
    Filed: November 6, 2015
    Date of Patent: March 13, 2018
    Assignees: BlackBerry Limited, Certicom Corp.
    Inventors: Roger Paul Bowman, Catalin Visinescu, Ming Chee Tsang, Daniel Richard L. Brown, Ravi Singh, Thomas Stiemerling
  • Patent number: 9918346
    Abstract: A device includes a database, a controller, and a PVN router. The database is configured to store network settings information and tracks devices connected to a network. The controller is configured to control access of devices to one another after establishing a connection to the network. The PVN router is configured to receive a provisioning request from a requesting to connect to the network. The PVN router is further configured to transmit a provisioning response to the requesting device based on instantiation of a PVN template received from the database. The PVN template is generated based on the network settings information and further based on the control access determined by the controller. The provisioning response establishes a connection between the requesting device and the network. The requesting device is inaccessible by a subset of devices already connected in the network after the connection is established and vice versa.
    Type: Grant
    Filed: April 15, 2016
    Date of Patent: March 13, 2018
    Assignee: BARRACUDA NETWORKS, INC.
    Inventors: Michael Perone, Fleming Shi
  • Patent number: 9912701
    Abstract: A cloud infrastructure is enhanced to provide a context-based security assurance service to enable secure application deployment. The service inspects network and cloud topologies to identify potential security capabilities and needs. Preferably, these options are then surfaced to the user with easy-to-understand, pre-configured templates representing security assurance levels. When a template (e.g., representing a pre-configured assurance level) is selected by the user, the system then applies specific capabilities and controls to translate the user-selected generalized specification (e.g., “high security”) into granular requirements for a specific set of security resources. Preferably, the identification of these security resources is based on system configuration, administration, and information associated with the pre-configured template.
    Type: Grant
    Filed: March 25, 2016
    Date of Patent: March 6, 2018
    Assignee: International Business Machines Corporation
    Inventors: Nataraj Nagaratnam, Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Sridhar R. Muppidi
  • Patent number: 9904780
    Abstract: Systems and methods for detection and prevention of Return-Oriented-Programming (ROP) attacks in one or more applications, including an attack detection device and a stack inspection device for performing stack inspection to detect ROP gadgets in a stack. The stack inspection includes stack walking from a stack frame at a top of the stack toward a bottom of the stack to detect one or more failure conditions, determining whether a valid stack frame and return code address is present; and determining a failure condition type if no valid stack frame and return code is present, with Type III failure conditions indicating an ROP attack. The ROP attack is contained using a containment device, and the ROP gadgets detected in the stack during the ROP attack are analyzed using an attack analysis device.
    Type: Grant
    Filed: July 29, 2015
    Date of Patent: February 27, 2018
    Assignee: NEC Corporation
    Inventors: Junghwan Rhee, Yangchun Fu, Zhenyu Wu, Hui Zhang, Zhichun Li, Guofei Jiang
  • Patent number: 9906534
    Abstract: Systems and techniques are provided for controlling requests for resources from remote computers. A remote computer's ability to access a resource is determined based upon the computer's operating environment. The computer or computers responsible for controlling access to a resource will interrogate the remote computer to ascertain its operating environment. The computer or computers responsible for controlling access to a resource may, for example, download one or more interrogator agents onto the remote computer to determine its operating environment. Based upon the interrogation results, the computer or computers responsible for controlling access to a resource will control the remote computer's access to the requested resource.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: February 27, 2018
    Assignee: SONICWALL INC.
    Inventors: Chris Hopen, Gary Tomlinson, Parvez Anandam, Brian Young, Alan Flagg, Jude Michael Dylan O'Reilley
  • Patent number: 9906526
    Abstract: Technology for a dynamic adaptive streaming over hypertext transfer protocol (HTTP) aware (DASH-aware) network application function (D-NAF) on a server is disclosed. In an example, the D-NAF can include a network application function (NAF) for authenticating a client and a DASH proxy for delivering DASH content and authentication information for the client.
    Type: Grant
    Filed: December 23, 2013
    Date of Patent: February 27, 2018
    Assignee: Intel IP Corporation
    Inventor: Ozgur Oyman
  • Patent number: 9906563
    Abstract: An information handling system includes a method for executing instructions for a content sharing system executing role-based policy settings for a plurality of remotely connected computing devices operatively connected to share content, detecting pre-paired wireless connectivity of remotely connected computing devices to a system hosting the content sharing system, implementing role-based policy settings to partially limit content sharing system operation based on a device role classification for the at least one of the plurality of remotely connected computing devices, auto-initiating navigation accessibility to the pre-paired remotely connected computing device via the content sharing system, and displaying a content sharing system desktop comprising a plurality of device environment-representative windows representing at least two of the plurality of remotely connected computing devices that devices function via different operating systems.
    Type: Grant
    Filed: November 25, 2016
    Date of Patent: February 27, 2018
    Assignee: Dell Products, LP
    Inventors: Erin K. Walline, Liam B. Quinn, Sean P. O'Neal
  • Patent number: 9898592
    Abstract: The subject matter of this specification can be embodied in, among other things, a method that includes receiving, by one or more servers associated with an application marketplace, a policy that includes data that identifies one or more users, and a restricted permission. A request is received, by the servers associated with the application marketplace, to access one or more applications that are distributed through the application marketplace, wherein the request includes data that identifies a particular one of the users. One or more of the applications that are associated with the restricted permission are identified by the servers associated with the application marketplace, and access by the particular user to the applications that are associated with the restricted permission is restricted by the servers associated with the application marketplace.
    Type: Grant
    Filed: June 29, 2017
    Date of Patent: February 20, 2018
    Assignee: Google LLC
    Inventor: Gabriel A. Cohen
  • Patent number: 9898319
    Abstract: A method for live migrating a virtual machine includes connecting to a virtual machine operated in a first host by a client; transmitting condition data of the virtual machine to a second host by the first host during a transmitting time, the first host and the second host being located at different net domains; transmitting a variance of condition data of the virtual machine generated in the transmitting time to the second host by the first host; providing a notification to the client to reconnect to the second host by the first host; modifying a network packets transmitting rule by the client based on the notification of the first host, and activating the virtual machine by the second host based on the condition data of the virtual machine and the variance of the condition data of the virtual machine thereby maintaining the connection between the client and the virtual machine.
    Type: Grant
    Filed: June 9, 2015
    Date of Patent: February 20, 2018
    Assignee: National Central University
    Inventors: Fu-Hau Hsu, Tzung-Ting Lin, Wei-Tai Cai, Chia-Hao Lee
  • Patent number: 9900299
    Abstract: Embodiments of the invention provide techniques for receiving, authenticating, parsing, and storing operational status data (or telemetry data) from one or more hardware and software systems within an aggregated computing infrastructure. Operational status data may be transmitted over secure transmission channels and stored within secure data stores at a computing infrastructure analyzer. Additionally, some embodiments describe techniques for creating, storing, and retrieving operational risk rules that may apply to one or more computing infrastructures. Based on the operational risk rules, one or more determinations may be performed to identify data items for extraction from the received telemetry data of an aggregated computing infrastructure. Using the extracted telemetry data items, one or more operational risk rules may be evaluated with respect to the aggregated computing infrastructure.
    Type: Grant
    Filed: April 3, 2015
    Date of Patent: February 20, 2018
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Andrew Balt Oppenheim, Jr., Charles Stephen Melville, Nayan Patel
  • Patent number: 9898219
    Abstract: In one aspect, a method includes associating disk devices with containers based on a policy, allocating a disk device to a container based on the policy and allowing access to the disk device from the container. In another aspect, an apparatus includes electronic hardware circuitry configured to associate disk devices with containers based on a policy, allocate a disk device to a container based on the policy and allow access to the disk device from the container. In a further aspect, an article includes a non-transitory computer-readable medium that stores computer-executable instructions. The instructions cause a machine to associate disk devices with containers based on a policy, allocate a disk device to a container based on the policy and allow access to the disk device from the container.
    Type: Grant
    Filed: June 30, 2014
    Date of Patent: February 20, 2018
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Eron D. Wright, Jimmy K. Seto
  • Patent number: 9900757
    Abstract: A wearable device-based information transfer method and a related device where the method includes recording, by a first wearable device, a first event parameter corresponding to a social action when detecting that a first user wearing the first wearable device performs the social action, obtaining, by the first wearable device, a second event parameter released by a second wearable device, and determining, by the first wearable device, whether the first event parameter matches the second event parameter, and sending, by the first wearable device, first user-defined information to the second wearable device when the first event parameter matches the second event parameter. Hence, information transfer efficiency may be effectively improved.
    Type: Grant
    Filed: September 13, 2016
    Date of Patent: February 20, 2018
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Stephen Sui Luen Li, Bo Huang
  • Patent number: 9894086
    Abstract: Approaches for managing security breaches in a networked computing environment are provided. A method includes detecting, by at least one computer device, a breach of a production system in the networked computing environment, wherein the networked computing environment includes a decoy system interweaved with the production system. The method also includes receiving, by the at least one computer device, a communication after the detecting the breach. The method further includes determining, by the at least one computer device, the communication is associated with one of a valid user and a malicious user. The method additionally includes, based on the determining, routing the valid user to an element of the production system when the communication is associated with the valid user and routing the malicious user to a corresponding element of the decoy system when the communication is associated with the malicious user.
    Type: Grant
    Filed: August 30, 2016
    Date of Patent: February 13, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Gregory J. Boss, Rick A. Hamilton, II, Jeffrey R. Hoy, Agueda M. H. Magro
  • Patent number: 9892270
    Abstract: A system and method for programmably creating a security application via a graphical user interface. The method comprises: causing a display of a service stage GUI window including at least one security phase zone; receiving a selection of at least one security service including at least one security decision engine; causing a display of an event rule stage window including at least one event rule parameters zone; receiving a selection of at least one event rule related to the at least one SDE; causing a display of an event relationship stage GUI window including at least one rule selection zone; receiving a selection of at least one workflow rule and at least one action; and configuring the security application based on the selected at least one work rule and the selected at least one action.
    Type: Grant
    Filed: November 25, 2015
    Date of Patent: February 13, 2018
    Assignee: Empow Cyber Security Ltd.
    Inventor: Avi Chesla
  • Patent number: 9882909
    Abstract: A method includes a particular user application, without operating system kernel access, performing the operations of: identifying a set of applications that a user has permission to access, receiving a request to a access a particular application of the set of applications, and causing execution of the particular application.
    Type: Grant
    Filed: April 8, 2016
    Date of Patent: January 30, 2018
    Assignee: ARUBA NETWORKS, INC.
    Inventors: Asif Awan, Shekhar Kshirsagar, Chetan Kumar, Deepak Agarwal, Suman Maradani, Sunil G. V. Babu
  • Patent number: 9881304
    Abstract: An API transaction risk assessment equipment is disclosed that receives an API transaction request through a data network from an application processed by a source node, and generates a risk assessment score based on context information that characterizes the API transaction request. The risk assessment score indicates a level of trustworthiness of the API transaction request for processing by an application on a destination node. The API transaction risk assessment equipment then controls deliverability of the API transaction request through the data network to the destination node for processing based on the risk assessment score. Corresponding methods by API transaction risk assessment equipment are disclosed.
    Type: Grant
    Filed: January 24, 2014
    Date of Patent: January 30, 2018
    Assignee: CA, Inc.
    Inventors: Kenneth William Scott Morrison, Thomas E. Hamilton, III, James D. Reno
  • Patent number: 9882887
    Abstract: Disclosed are various examples for providing a single sign-on experience for managed mobile devices. A management application executed in a computing device receives a single sign-on request from a managed client application executed by the same computing device. The management application determines that the client application is permitted to access a management credential for single sign-on use. The management application provides the management credential to the client application in response to the single sign-on request.
    Type: Grant
    Filed: June 15, 2015
    Date of Patent: January 30, 2018
    Assignee: AirWatch LLC
    Inventors: Adam Rykowski, Ashish Jain, Dale Robert Olds, Emily Hong Xu, Kabir Barday, Kyle Austin, Sridhara Babu Kommireddy, Jonathan Blake Brannon, Camilo Lotero
  • Patent number: 9882912
    Abstract: A system and method for providing authentication service for IoT security are disclosed herein. The system for providing authentication service for IoT security includes an Internet of Things (IoT) service server, and an IoT gateway node. The IoT service server supports an IoT communication service in accordance with an IoT communication service policy. The IoT gateway node receives an IoT service request from a terminal attempting to control an IoT device that supports the IoT communication service while operating in conjunction with the IoT service server, identifies whether the terminal attempting to control the IoT device is a normal user based on profile information, collected from the terminal via the IoT service request, via the IoT service server, and performs the security authentication of the IoT device.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: January 30, 2018
    Assignee: WINS CO., LTD.
    Inventor: Eun Young Joo
  • Patent number: 9876824
    Abstract: Presented herein are techniques for adding a secure control layer to a distributed communication fabric that supports publish-subscribe (pub-sub) and direct query (synchronization) communication. The secure control layer is configured to perform policy-based authentication techniques to securely manage the exchange of data/information within the communication fabric and enable registration/discovery of new capabilities.
    Type: Grant
    Filed: November 2, 2015
    Date of Patent: January 23, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Nancy Cam-Winget, Allan Thomson, Pok Wong, Vanaja Ravi
  • Patent number: 9876822
    Abstract: A cloud infrastructure is enhanced to provide a context-based security assurance service to enable secure application deployment. The service inspects network and cloud topologies to identify potential security capabilities and needs. Preferably, these options are then surfaced to the user with easy-to-understand, pre-configured templates representing security assurance levels. When a template (e.g., representing a pre-configured assurance level) is selected by the user, the system then applies specific capabilities and controls to translate the user-selected generalized specification (e.g., “high security”) into granular requirements for a specific set of security resources. Preferably, the identification of these security resources is based on system configuration, administration, and information associated with the pre-configured template.
    Type: Grant
    Filed: November 28, 2014
    Date of Patent: January 23, 2018
    Assignee: International Business Machines Corporation
    Inventors: Nataraj Nagaratnam, Jeffrey Robert Hoy, Sreekanth Ramakrishna Iyer, Sridhar R. Muppidi
  • Patent number: 9871798
    Abstract: A mail server operative to communicate with external recipients via a gateway to external communication network/s; and to communicate with internal recipient/s including pupil end-users via an internal secured network. Associations between individual parents who are nodes in external communication network/s and pupil end-users; and white-lists of authorized communicants for individual pupil end-users, are stored. A whitelist provided to memory for a first pupil end-user includes a second pupil, if and only if the first and second pupils' parents have both, via respective parent user-interfaces, authorized communication between the first and second pupils.
    Type: Grant
    Filed: June 16, 2016
    Date of Patent: January 16, 2018
    Assignee: GOOGALE (2009) LTD.
    Inventor: Nir Michalowitz
  • Patent number: 9871888
    Abstract: A mobile device includes a processor and a non-transitory computer-readable medium storing instructions. The instructions include, in response to a state of a first application being instantiated from a first state template of the first application, selecting a first function module identifier from a plurality of predetermined function module identifiers. Each predetermined function module identifier corresponds to a first function offered by the first state template. The instructions include transmitting a function module request to a developer exchange system using a wireless transceiver. The function module request includes the first function module identifier, which uniquely identifies a first function module. The instructions include receiving the first function module from the developer exchange system, storing and executing the first function module, and presenting display data generated by execution of the first function module.
    Type: Grant
    Filed: August 24, 2016
    Date of Patent: January 16, 2018
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Manikandan Sankaranarasimhan, Kalyan Desineni
  • Patent number: 9871802
    Abstract: A social networking system maintains a limited user profile associated with a user of the social networking system who does not satisfy one or more criteria for the social networking system to maintain a user profile. The limited user profile includes information describing the user and allows the user to be associated with limited types of interactions with the social networking system. An administrator is associated with the limited user profile and may modify information associated with the limited user profile as well as authorize or deny interactions involving the limited user profile. When the user satisfies criteria for the social networking system maintaining a user profile, the social networking system generates a user profile based on information in the limited user profile and prior interactions involving the limited user profile.
    Type: Grant
    Filed: September 27, 2016
    Date of Patent: January 16, 2018
    Assignee: Facebook, Inc.
    Inventors: Benjamin Michael Holson, Dan Barak
  • Patent number: 9870477
    Abstract: The presenting invention relates to techniques for implementing a secure operating environment for the execution of applications on a computing devices (e.g., a mobile phone). In The secure operating environment may provide a trusted environment with dedicated computing resources to manage security and integrity of processing and data for the applications. The applications may be provided with a variety of security services and/or functions to meet different levels of security demanded by an application. The secure operating environment may include a security engine that enumerates and/or determines the security capabilities of the secure operating environment and the computing device, e.g., the hardware, the software, and/or the firmware of the computing device. The security engine may provide security services desired by applications by choosing from the security capabilities that are supported by the secure operating environment and the computing device.
    Type: Grant
    Filed: July 26, 2016
    Date of Patent: January 16, 2018
    Assignee: Visa International Service Association
    Inventors: Selim Aissi, Taeho Kgil, Gyan Prakash
  • Patent number: 9871765
    Abstract: Various exemplary embodiments relate to a method performed by a DIAMETER network node, the method including: receiving a first DIAMETER message; determining that the first DIAMETER message is not trusted; and rejecting the first DIAMETER message.
    Type: Grant
    Filed: September 4, 2012
    Date of Patent: January 16, 2018
    Assignee: Alcatel Lucent
    Inventors: Robert A. Mann, Eric Colaviti
  • Patent number: 9866603
    Abstract: In an example, a processing device is provided. The processing device may be configured to determine whether to send a first version of a stream manifest corresponding to a received a selection of one of a plurality of stream variants of a video content asset. The processing device may be configured to, in response to determining to not send the first version, send a second different version of the stream manifest. In an example, the first version includes only a subset of a plurality of entries included in the second version and/or a bootstrap current media time that is different than an actual current media time.
    Type: Grant
    Filed: March 24, 2014
    Date of Patent: January 9, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Gary Thomas Hertel, Greg Kenneth Truax, Michael Vidyadhar Kale
  • Patent number: 9860137
    Abstract: A method and corresponding system to help facilitate the application of service policy rules for client devices while reducing the amount of signaling between network entities is disclosed. In accordance with one example, the wireless network may evaluate the extent to which the service policy rules defined by the UE's service profile have been applied by the wireless network. Based on this evaluating, the network may identify a subset of service policy rules that have been applied to greater than a threshold extent by the network for the given UE. And in response to this identifying, the network may cause the PDP to provision the PEP, with the subset of service policy rules, rather than provision the PEP with every possible service policy rule. As a result, the PDP and PEP may refrain from engaging in excess signaling, and the wireless network, in turn, may enjoy reduced congestion.
    Type: Grant
    Filed: December 9, 2015
    Date of Patent: January 2, 2018
    Assignee: Sprint Spectrum L.P.
    Inventors: Lyle T. Bertz, Mark Bales
  • Patent number: 9858431
    Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include defining, for a data masking engine executing in a platform as a service (PaaS) based software environment, one or more data masking rules. Upon detecting, by the data masking engine, data processed by a software application executing within the PaaS based software environment and in accordance with a given data masking rule, the data masking engine can perform a data masking operation on the data.
    Type: Grant
    Filed: November 1, 2015
    Date of Patent: January 2, 2018
    Assignee: International Business Machines Coporation
    Inventors: Ariel Farkash, Igor Gokhman, Abigail Goldsteen, Micha Moffie