Mwp:Patents

From Paddon.org
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Patents

Michael is an inventor on 42 patent families, with 89 patent grants.

  • Canada: 1
  • China: 15
  • Germany: 4
  • Europe: 7
  • Japan: 17
  • Korea: 14
  • Russia: 2
  • USA: 29

Method and apparatus for authentication in wireless communications

Gregory Rose, Michael Paddon, Philip Hawkes, James Semple

Priority: 2003-11-07
Applications: CA2544665A1 CN1894996A EP1683387A1 JP2007511172A KR20060110317A US20050100165A1 WO2005048638A1
Granted: CN1894996B DE602004011554D1 DE602004011554T2 EP1683387B1 KR100843524B1 US8229118B2

Systems and methods of securing wireless communications between a network and a subscriber station include inserting a marker denoting an encryption type within a random value used for authentication, calculating a first session key and a first response value as a function of the random value, then calculating a second session key and a second response value as a function of the random value, first session key and first response value. The two levels of session keys and response values may be used by upgraded subscriber stations and network access points to prevent attackers from intercepting authentication triplets.

Method and application for authentication of a wireless communication using an expiration marker

Michael Paddon, Gregory Rose, Philip Hawkes, James Semple

Priority: 2003-11-10
Applications: CA2544967A1 CN1879445A EP1685738A1 JP2007511184A KR20060110318A KR20080047632A US20050102517A1 US20080260164A1 WO2005048641A1
Granted: CN1879445B JP4768626B2 KR100920409B1 US7302060B2 US8064602B2

Systems and methods of securing wireless communications between a network and a subscriber station are disclosed. One embodiment creates authentication triplets due to expire after a certain amount of time such that they may not be used indefinitely by an attacker who intercepts them.

Stream cipher encryption and message authentication

Phillip Hawkes, Michael Paddon, Gregory Rose

Priority: 2004-02-17
Applications: US20050213752A1
Granted: US7623656B2

Stream cipher encryption and message authentication. Stream cipher encryption is performed by generating a keystream at the transmitting end from a state value, applying the keystream to plaintext to generate an encrypted message block having at least a portion of the plaintext converted to ciphertext, and updating the state value as a function of said at least a portion of the plaintext. Stream cipher decryption is performed by generating a keystream at the receiving end from the same state value, applying the keystream to the encrypted message block to convert the ciphertext to plaintext, and updating the state value as a function of the plaintext. Message authentication techniques are also described.

Efficient classification of network packets

Michael Paddon, Gregory Rose, Philip Hawkes

Priority: 2004-06-23
Applications: EP1762079A1 JP2008504737A JP2011054179A US20050286522A1 US20120042374A1 WO2006002215A1
Granted: JP5362669B2 US8027330B2 US8750285B2

Embodiments describe a system and/or method for efficient classification of network packets. According to an aspect a method includes describing a packet as a feature vector and mapping the feature vector to a feature space. The method can further include defining a feature prism, classifying the packet relative to the feature prism, and determining if the feature vector matches the feature prism. If the feature vector matches the feature prism the packet is passed to a data recipient, if not, the packet is blocked. Another embodiment is an apparatus that includes an identification component that defines at least one feature of a packet and a classification component that classifies the packet based at least in part upon the at least one defined feature.

Mutual authentication with modified message authentication code

James Semple, Gregory Rose, Michael Paddon, Philip Hawkes

Priority: 2004-09-08
Applications: CN101053273A EP1787489A2 EP2635060A1 US20060079205A1 WO2006029384A2 WO2006029384A3
Granted: CN101053273B US8260259B2

Methods and devices for instructing a subscriber identity module in a cellular communications network to process non-standard authentication information in a standard manner are disclosed. One embodiment of a method comprises receiving a first message authentication code (MAC) and an authentication management field (AMF) at a subscriber identity module as part of an authentication protocol, calculating a second MAC and determining whether the second MAC is equivalent to the first MAC. If the first and second MAC are not equivalent, the SIM calculates a third MAC and determines whether the first MAC is equivalent to the third MAC, and if so, the subscriber identity module processes the AMF in a predefined or standard manner.

Bootstrapping authentication using distinguished random challenges

James Semple, Gregory Rose, Michael Paddon, Philip Hawkes

Priority: 2004-09-08
Applications: CN101366299A EP1787486A1 JP2008512966A KR20070091266A US20060120531A1 WO2006036521A1
Granted: CN101366299B DE602005011639D1 EP1787486B1 JP4805935B2 KR100922906B1 US8611536B2

A communications system and method of bootstrapping mobile station authentication and establishing a secure encryption key are disclosed. In one embodiment of the communications network, a distinguished random challenge is reserved for generation of a secure encryption key, wherein the distinguished random challenge is not used for authentication of a mobile station. The distinguished random challenge is stored at a mobile station's mobile equipment and used to generate a secure encryption key, and a bootstrapping function in the network uses a normal random challenge to authenticate the mobile station and the distinguished random challenge to generate the secure encryption key.

Client assisted firewall configuration

Michael Paddon, Philip Hawkes, Gregory Rose

Priority: 2004-12-21
Applications: CA2591933A1 CN101124801A EP1829334A1 JP2008524970A KR20070087165A RU2007128045A US20060253900A1 WO2006069315A1 WO2006069315A8
Granted: CA2591933C CN101124801B JP4589405B2 KR100899903B1 RU2370903C2

Embodiments describe techniques in connection with configuring a firewall and/or reducing network traffic. According to an embodiment is a method for configuring a firewall to reduce unwanted network traffic. The method includes executing a web-server and detecting a passive socket has been created. The method also includes establishing contact with a firewall and requesting the firewall to permit flows directed to the passive socket. According to some embodiments, the method can include closing the web-server and destroying the passive socket. The firewall can be contacted with the destroyed passive socket information and can be sent a request to deny flows directed to the destroyed passive socket. If the passive socket is closed, the method can automatically revoke the request to the firewall to permit flows directed to the passive socket.

Context limited shared secret

Michael Paddon, Gregory Rose, James Semple, Philip Hawkes

Priority: 2005-02-11
Applications: CA2597763A1 CN101156346A EP1847063A2 JP2008530917A JP2011227905A JP2014150567A JP2016192768A KR20070102749A RU2007133798A US20070174613A1 WO2006086721A2 WO2006086721A3
Granted: CN101156346B JP6377669B2 KR100961087B1 RU2392754C2 US8726019B2

In a communication system in which two communication entities seek to have a private or confidential communication session, a trust relationship needs first be established. The trust relationship is based on the determination of a shared secret which in turn is generated from contextual information. The contextual information can be derived from the circumstances surrounding the communication session. For example, the contextual information can include topological information, time-based information, and transactional information. The shared secret may be self-generated or received from a third party. In either event, the shared secret may be used as key material for any cryptographic protocol used between the communication entities.

Multisigning - a protocol for robust multiple party digital signatures

Alexander Gantman, Aram Perez, Gregory Rose, Laurence Lundblade, Matthew Hohlfeld, Michael Paddon, Oliver Michaelis, Ricardo Lopez

Priority: 2005-03-31
Applications: US20060236098A1 US20110107107A1
Granted: US8321680B2

Embodiments describe a system and/or method for multiple party digital signatures. According to a first aspect a method comprises establishing a first validity range for a first key, establishing a first validity range for at least a second key, and determining if the validity range of the first key overlaps the first validity range of the at least a second key. A certificate is signed with the first validity range of the first key and the first validity range of the at least a second key if the validity ranges overlap. According to another embodiment, signage of the certificate is refused if the first validity range of the first key does not overlap with the first validity range of the at least a second key.

Multisigning - a protocol for robust multiple party digital signatures

Alexander Gantman, Aram Perez, Gregory Gordon Rose, Laurence Lundblade, Matthew Hohlfeld, Michael Paddon, Oliver Michaelis, Ricardo Jorge Lopez

Priority: 2005-03-31
Applications: CN101253725A EP1872518A2 JP2008544593A JP2011188521A KR20070118282A WO2006105498A2 WO2006105498A3
Granted: CN101253725B JP4938760B2 JP5694051B2 KR100966412B1

Embodiments describe a system and/or method for multiple party digital signatures. According to a first aspect a method comprises establishing a first validity range for a first key, establishing a first validity range for at least a second key, and determining if the validity range of the first key overlaps the first validity range of the at least a second key. A certificate is signed with the first validity range of the first key and the first validity range of the at least a second key if the validity ranges overlap. According to another embodiment, signage of the certificate is refused if the first validity range of the first key does not overlap with the first validity range of the at least a second key.

Composed message authentication code

Michael Paddon, Adrian Escott, Gregory G. Rose, Philip Hawkes

Priority: 2006-10-27
Applications: CN101529937A CN104955050A EP2087766A2 JP2010508719A KR20090085639A US20080104397A1 WO2008052137A2 WO2008052137A3
Granted: DE602007013795D1 EP2087766B1 KR101212103B1 US8949600B2

Prior to transmission, a message is divided into multiple transmission units. A sub-message authentication code is obtained for each of the transmission units. A composed message authentication code is obtained for the whole message based on the sub-message authentication codes of the multiple transmission units. The multiple transmission units and the composed message authentication code are then transmitted. A receiver of the message receives a plurality of transmission units corresponding to the message. A local sub-message authentication code is calculated by the receiver for each transmission unit. A local composed message authentication code is calculated by the receiver based on the local sub-message authentication codes for the plurality of transmission units. The local composed message authentication code is compared to a received composed message authentication code to determine the integrity and/or authenticity of the received message.

Resynchronization for push message security using secret keys

Philip Michael Hawkes, Andreas K. Wachter, Michael Paddon

Priority: 2007-06-11
Applications: US20090319792A1 WO2009058428A2 WO2009058428A3
Granted: US8625793B2

A method for a server to initiate resynchronization with an access terminal, when synchronization has been lost, that cannot be exploited by attackers is provided. The server may provide the access terminal with a secret key that is only known to the access terminal and the server. The access terminal may store the secret key in a secure storage device to prevent the secret key from being hacked. If the server determines that synchronization has been lost, the server may send a resynchronization message to the access terminal with the secret key attached. The access terminal retrieves the stored secret key from the secure memory device and compares it to the secret key attached to the resynchronization message. If there is a match, the access terminal may initiate a secure communication link with the server to reestablish synchronization.

Real world gaming framework

Gregory Gordon Rose, Miriam Wiggers De Vries, Michael Paddon, Philip Michael Hawkes

Priority: 2007-06-26
Applications: US20090005140A1 WO2009002879A1
Granted: US8675017B2

A virtual environment and real world environment are combined into a framework that facilitates large-scale social interaction in multi-player fantasy games played in both the real world and/or a virtual world. Such combination of real and virtual world features may blend geo-caching, orienteering, and other virtual gaming features to enable players to interact across the real and virtual environments. A real world player is also mapped into the virtual environment, thereby inserting the player's movements and actions into the virtual environment. Additionally, this feature enables interaction between players located in a real environment with characters found in a virtual environment. A player may use a mobile device that is configured to recognize the geo-location and orientation of the player and display a corresponding view of the virtual environment gaming landscape for the player.

Puzzle-based authentication between a token and verifiers

Gregory Gordon Rose, Alexander Gantman, Miriam Wiggers De Vries, Michael Paddon, Philip Michael Hawkes

Priority: 2008-05-09
Applications: CN102017578A EP2289220A1 JP2011521548A KR20110009222A US20090282243A1 WO2009137621A1
Granted: CN102017578B EP2289220B1 JP5345675B2 KR101237632B1 US8793497B2

A puzzle-based protocol is provided that allows a token and verifier to agree on a secure symmetric key for authentication between the token and verifier. A token stores a secret key and one or more puzzle-generating algorithms. The verifier independently obtains a plurality of puzzles associated with the token, pseudorandomly selects at least one of the puzzles, and solves it to obtain a puzzle secret and a puzzle identifier. The verifier generates a verifier key based on the puzzle secret. The verifier sends the puzzle identifier and an encoded version of the verifier key to the token. The token regenerates the puzzle secret using its puzzle-generating algorithms and the puzzle identifier. The token sends an encoded response to the verifier indicating that it knows the verifier key. The token and verifier may use the verifier key as a symmetric key for subsequent authentications.

Network helper for authentication between a token and verifiers

Gregory Gordon Rose, Alexander Gantman, Miriam Wiggers De Vries, Michael Paddon, Philip Michael Hawkes

Priority: 2008-05-09
Applications: US20090282253A1 WO2009137622A1
Granted: US8595501B2

A network helper is provided that assists verifiers in executing a puzzle-based protocol for authentication of a token. A token stores a secret key and one or more puzzle-generating algorithms. The helper stores a plurality of puzzles associated with a particular token. When requested to do so by a verifier, the helper provides a plurality of pseudorandomly selected puzzles for the token to a verifier. The puzzles are encoded with information that is used between the verifier and token to establish a secured symmetric key. The verifier selects one or a few of the encoded puzzles and breaks them by a brute force attack. Because the helper does not know which puzzles have been selected, it has to break all puzzles to attempt to figure out the symmetric key. However, if a large number of puzzles are utilized, say millions, then breaking all of them becomes a computationally prohibitive task.

Method for protecting sensitive data on a storage device having wear leveling

Michael W. Paddon, Craig M. Brown, Philip Michael Hawkes

Priority: 2009-03-31
Applications: CN102365644A EP2414981A1 JP2012523045A KR20120022848A US20100250835A1 WO2010117850A1
Granted: CN102365644B JP5536191B2 KR101365134B1 US8433843B2

Disclosed is a method for protecting sensitive data in a storage device having wear leveling. In the method, a write command, with an associated sensitive write signal indicating that sensitive data is associated with the write command, is received. The sensitive data is further associated with at least one address pointing to a storage location within an initial physical storage block. The write command is executed by writing to at least one storage location within an available physical storage block, pointing the at least one address to the at least one storage location within the available physical storage block, and erasing the initial physical storage block to complete execution of the write command.

Method and apparatus for the automatic predictive selection of input methods for web browsers

Michael Paddon

Priority: 2009-10-14
Applications: CN102577334A EP2489176A1 JP2013508817A KR20120082453A US20110087962A1 WO2011047057A1

A method and apparatus for predictively selecting an input method at a web browser. Once a user has entered information identifying a web page, contextual information at the web page is examined in order to automatically, predictively select an appropriate input method for the web page. Once the input method has been selected, a corresponding predictive typing program may be applied.

Emergency Override Of Battery Discharge Protection

Michael W. Paddon, Craig M. Brown, Craig W. Northway, Jessica M. Purser

Priority: 2010-09-29
Applications: CN103125060A EP2622706A2 JP2013539320A KR20130069822A US20120077454A1 WO2012050782A2 WO2012050782A3
Granted: CN103125060B EP2622706B1 JP5763773B2 KR101605237B1 US8886152B2

An apparatus, system and method for overriding battery discharge protection in a mobile communication device in the presence of an emergency communication. The method of overriding battery discharge protection in a mobile communication device comprises determining a measured battery voltage; determining an excess battery discharge condition, wherein further battery discharge will result in an impaired ability to recharge a battery; detecting an emergency communication state; disabling battery discharge protection in response to the emergency communication state; and continuing discharge of the battery.

Mobile Device Having An Emergency Mode

Philip Michael Hawkes, Miriam M. Wiggers De Vries, Craig M. Brown, Alexander Gantman, Jessica M. Purser, Cameron A. McDonald, Craig W. Northway, Michael W. Paddon

Priority: 2010-11-08
Applications: CN103181202A EP2638715A1 JP2014501069A KR20130096290A US20120115430A1 WO2012064374A1
Granted: CN103181202B EP2638715B1 JP5629833B2 KR101547408B1 US8886157B2

Disclosed is an apparatus and method to locate a mobile device in an emergency situation. The mobile device includes a display device, a user interface to receive an emergency mode request from a user, and a processor. The processor may be configured to execute instructions to implement an emergency mode process based upon the receipt of the emergency mode request from the user. The emergency mode process is implemented to: monitor received signals to locate a base station, wherein, once a base station is located, a short emergency message is transmitted to the base station including the location of the mobile device. The emergency mode process is further implemented to: monitor received signals to receive an acknowledgement signal from the base station; and reduce a plurality of first non-essential functions of the mobile device to reduce power consumption.

Method and Apparatus for Transmitting Bulk Emergency Data while Preserving User Privacy

Michael W. Paddon, Craig M. Brown, Craig W. Northway, Jessica M. Purser

Priority: 2011-05-04
Applications: CN103535055A EP2705677A1 JP2014517589A JP2016059055A KR20140006095A KR20160031049A US20120284511A1 WO2012151335A1
Granted: CN103535055B JP6204347B2 JP6272815B2 US9106623B2

Systems and methods are described for performing bulk transmissions of information (e.g., emergency information, etc.) while preserving user privacy. An example mobile device described herein includes an information aggregation module configured to compile first information associated with the device, the first information including location-related information, an encryption module communicatively coupled to the information aggregation module and configured to encrypt the first information using at least one session key, and a transmitter communicatively coupled to the encryption module and configured to transmit encrypted first information to at least one receiver prior to a triggering event and to transmit the at least one session key to the at least one receiver after the triggering event.

Wireless Device Secure Tracking

Michael W. Paddon, Joshua Rubin DAVIS, Craig W. Northway

Priority: 2011-07-20
Applications: US20130023280A1 WO2013013102A2 WO2013013102A3

A mobile device includes: a network interface configured to send messages toward, and receive messages from, a communication network wirelessly; and a message module independent of an OS and a BIOS of the mobile device, the message module being configured to produce and provide a location message to the network interface to be sent toward the communication network. The location message contains information that enables at least one of determination or estimation of a location of the mobile device and identification of the mobile device. The message module is configured to provide the location message to the transmitter without use of the operating system or the BIOS. The message module is configured to produce the location message based on a network communication message received at the mobile device through the network interface.

Method and apparatus for adjusting TCP RTO when transiting zones of high wireless connectivity

Michael W. Paddon, Craig M. Brown

Priority: 2011-09-06
Applications: CN103782623A EP2754315A1 JP2014529980A KR20140068155A US20130058231A1 WO2013036527A1
Granted: CN103782623B JP5856300B2 KR101571258B1 US9191862B2

Systems and methods for managing transmissions of a mobile device are described herein. An example of a mobile device described herein includes an environment monitor module configured to perform one or more observations of a local environment associated with the mobile device, a connectivity tracker module communicatively coupled to the environment monitor module and configured to determine whether the one or more observations indicate wireless connectivity of the mobile device has been restored, and a retransmit timeout (RTO) manager module communicatively coupled to the connectivity tracker module and configured to reset at least one RTO value of the mobile device if the wireless connectivity of the mobile device has been determined to be restored.

Method and Apparatus for Protecting a Single Sign-on Domain from Credential Leakage

Michael W. Paddon, Jessica M. Flanagan, Craig M. Brown

Priority: 2011-10-04
Applications: CN103843300A EP2764673A1 JP2014529156A KR20140084126A US20130086656A1 WO2013052693A1
Granted: CN103843300B EP2764673B1 JP5791814B2 KR101579801B1 US8943571B2

Disclosed is a method for protecting a single sign-on domain from credential leakage. In the method, an authentication server provides an authentication cookie to a browser client. The cookie has at least one user authentication credential for the domain, and is associated with an authentication subdomain of the domain. The server receives the cookie from the browser client. Upon authentication of the user authentication credential in the received cookie, the server responds to the access request by forwarding, to the browser client, a limited-use cookie for the domain. The server receives a request from the content server to validate a session identifier of the limited-use cookie received from the browser client. Upon validation of the session identifier of the limited-use cookie, the server provides a valid session message to the content server for enabling the content server to forward requested content to the browser client.

Multipath transport data and control signaling

Jessica M. Flanagan, Craig W. Northway, James S. Stewart, Craig Brown, Michael W. Paddon, James T. Ostrich

Priority: 2011-11-03
Applications: US20130113618A1 WO2013067393A1

An example of a method for illuminating intelligent road markers to identify the location of a road user according to the disclosure includes: receiving a position identification message at a first intelligent road marker from a position identification unit associated with a road user; selecting one or more intelligent road markers proximate to the road user in response to the position identification message; and illuminating the selected one or more intelligent road markers to identify the presence of the road user on the road.

Mobile device to detect unexpected behaviour

Michael William Paddon, Matthew C. Duggan, Jessica M. Flanagan

Priority: 2012-01-27
Applications: CN104094581A EP2807816A1 JP2015512186A KR20140127267A US20130196649A1 WO2013112977A1
Granted: CN104094581B JP6177801B2 US8774761B2

Disclosed is an apparatus and method for a mobile device to detect unexpected behavior associated with the mobile device. The mobile device may include a memory and a processor coupled to the memory. The processor may be configured to monitor at least one of physical conditions and/or device actions associated with the mobile device. If a call or a data transmission is requested, the processor may be configured to compare the monitored physical conditions and/or device actions to an anomaly threshold value and may execute an anomaly exception routine if the anomaly threshold value is exceeded.

Expeditious citation indexing

Craig M. Brown, Michael William Paddon, Guy Perry

Priority: 2013-01-05
Applications: US20140195540A1 WO2014107350A2 WO2014107350A3
Granted: US9251253B2

Methods and systems for indexing patent related prior art citations are disclosed. Electronic documents can be obtained from one or more patent information systems. An OCR process can be performed on some of the electronic documents. Citations within the documents can be identified and compared to a trusted records list. The citations can be associated with one or more predetermined categories. For example, citations can be categorized into groups such as when a reference is cited (e.g., with original filing, pre and post allowance), who provided the reference (e.g., cited by the applicant, or the examiner), and how the reference is characterized (e.g., statutory basis, combination of references). The citations and corresponding categories can be output to a user or made available for subsequent processing.

User generated rating by machine classification of entity

Michael William Paddon

Priority: 2013-01-13
Applications: US20140201271A1 WO2014109781A1

Methods and systems for improving user generated ratings by machine classification of an entity are disclosed. Customer rating systems can be analyzed and the corresponding entity interaction on social media networks can be observed. A humanness rating (H value) can be assigned to an entity. The humanness rating can be determined from a multivariate function. The function's variables can be measurements of the entity's behavior on one or more social networks. The variables can be intrinsic to the entity. The variables can be based on account activity information. The variables can be based on social network information. The multivariate function can be implemented as a Bayesian classifier. The multivariate function can be implemented as a neural net. A calculated H value can be used to weigh ratings by an entity.

Method and apparatus for determining a change in position of a location marker

Craig M. Brown, Michael W. Paddon, James A. Christopher, Anthony D. Moriarty

Priority: 2013-02-15
Applications: CN104956235A EP2956791A1 JP2016514253A KR20150119102A US20140235263A1 WO2014127240A1
Granted: US9541630B2

The disclosure is directed to determining a change in position of a location marker. In an aspect, it is determined whether the location marker is in a motion state or a static state using sensors integrated into the location marker, in response to the determining, one or more reachable nodes are discovered, and distance measurements are calculated from the location marker to each of the one or more reachable nodes.

Method and apparatus for wireless device countermeasures against malicious infrastructure

Matthew C. Duggan, Michael William Paddon, Kento TARUI

Priority: 2013-03-13
Applications: CN105009510A EP2974130A1 JP2016511614A KR20150129310A US20140273949A1 WO2014164356A1
Granted: JP6203373B2 KR101836590B1 US9578508B2

System, apparatus, and methods are provided for protecting against malicious infrastructure in a wireless communication network. A system determines a trust metric for an access point and decides to avoid communication with the access point based on the trust metric for the access point. The trust metric may, for example, be a numeric value such as a probability of trustworthiness or a categorization of trustworthiness. The system may determine the trust metric by receiving a list of access points and their corresponding trust metrics and matching a potential access point to its listed trust metric. The system may try to avoid using an untrustworthy access point's services unless it deems the services important enough to risk the communication.

Methods and systems for providing resources for cloud storage

Craig Matthew Brown, Michael William Paddon

Priority: 2013-03-14
Applications: US20140280668A1 WO2014159252A2 WO2014159252A3
Granted: US9459807B2

Methods and apparatus for providing resources for cloud storage may include accessing physical storage capacity on a device, connected to a network cloud, including a virtual primary storage disk and at least one virtual secondary storage disk having access to the physical storage capacity. In addition, the methods and apparatus may include dynamically updating the available storage capacity of the virtual secondary storage disk for network cloud storage based upon usage of the physical storage capacity by the virtual primary storage disk and the virtual secondary storage disk.

Handling inappropriate input method use

Michael William Paddon, Matthew Christian Duggan, Kento TARUI

Priority: 2013-03-15
Applications: US20140267047A1 WO2014144388A1

Methods, systems and devices for handling an inappropriate input method used on a text input device receiving a user input entered with a first input method active in the form of a first set of discrete interactions with the device. The text input device may receive the first user input through the first input method and a second input method. At least one of the first and second input methods provides a conversion of the first user input to a symbol associated with a character set not shown on the text input device. A first orthographical incompatibility between the first user input and at least one of the first input method and the second input method may be determined. An indication may be output that an inappropriate input method was used based on the orthographical incompatibility.

Efficient hardware dispatching of concurrent functions in multicore processors, and related processor systems, methods, and computer-readable media

Michael William Paddon, Erik Asmussen de Castro Lopo, Matthew Christian Duggan, Kento TARUI, Craig Matthew Brown

Priority: 2013-11-01
Applications: CA2926980A1 CN105683905A EP3063623A1 JP2016535887A KR20160082685A US20150127927A1 WO2015066412A1

Embodiments of the disclosure provide efficient hardware dispatching of concurrent functions in multicore processors, and related processor systems, methods, and computer-readable media. In one embodiment, a first instruction indicating an operation requesting a concurrent transfer of program control is detected in a first hardware thread of a multicore processor. A request for the concurrent transfer of program control is enqueued in a hardware first-in-first-out (FIFO) queue. A second instruction indicating an operation dispatching the request for the concurrent transfer of program control in the hardware FIFO queue is detected in a second hardware thread of the multicore processor. The request for the concurrent transfer of program control is dequeued from the hardware FIFO queue, and the concurrent transfer of program control is executed in the second hardware thread. In this manner, functions may be efficiently and concurrently dispatched in context of multiple hardware threads, while minimizing contention management overhead.

Secure Current Movement Indicator

Craig Matthew Brown, Joel Benjamin Linsky, Michael William Paddon, Craig William Northway

Priority: 2014-06-04
Applications: CN106465115A EP3152939A1 JP2017524172A KR20170013263A US20150356289A1 WO2015187608A1
Granted: US9424417B2

Methods, devices, systems, and non-transitory processor-readable storage media for authenticating a computing device to access functionalities. An embodiment method may include operations for receiving in the computing device a signal from a proximity beacon device, obtaining from the received signal information that indicates whether the proximity beacon device has detected movement, determining whether the obtained information matches stored data corresponding to the proximity beacon device, performing an abbreviated authentication operations for the computing device to access the functionalities when it is determined that the obtained information from the received signal matches the stored data, and performing a normal authentication operations for the computing device to access the functionalities when it is determined that the obtained information from the received signal does not match the stored data.

Gesture recognition using gesture elements

Yoshihisa Maruya, Michael William Paddon, Matthew Christian Duggan, Kento TARUI

Priority: 2014-10-29
Applications: CN107111357A US20160124512A1 WO2016069217A1
Granted: US9746929B2

Aspects of the present disclosure provide a gesture recognition method and an apparatus for capturing gesture. The apparatus categorizes the raw data of a gesture into gesture elements, and utilizes the contextual dependency between the gesture elements to perform gesture recognition with a high degree of accuracy and small data size. A gesture may be formed by a sequence of one or more gesture elements.

Mechanism for tracking tainted data

Michael William Paddon, Matthew Christian Duggan, Craig Brown, Kento TARUI

Priority: 2015-02-05
Applications: CN107209827A EP3254221A1 JP2018508883A US20160232346A1 WO2016126382A1

The disclosure relates in some aspects to protecting systems and data from maliciously caused destruction. Data integrity is maintained by monitoring data to detect and prevent potential attacks. A mechanism for tracking whether data is tainted is implemented in a Data Flow computer architecture or some other suitable architecture. In some aspects, a taint checking mechanism is implemented within a register file, memory management, and an instruction set of such an architecture. To this end, an indication of whether the data stored in a given physical memory location is tainted is stored along with the physical memory location. For example, a register can include a bit for a corresponding taint flag, a memory page can include a bit for a corresponding taint flag, and an input/output (I/O) port can include a bit for a corresponding taint flag.

Collecting data from a statistically significant group of mobile devices

Guilherme Luiz Karnas Hoefel, Brian Fink, Michael William Paddon, Craig Brown, Vitor CARVALHO

Priority: 2015-05-22
Applications: US20160345165A1 WO2016190963A1

Methods, systems, and devices are described for wireless communication to enable data collection from wireless devices in an efficient manner. An aspect of the data collection approaches described herein may involve determining a smaller group of wireless devices from which to collect data. Determining the group may be performed such that the data collected is representative of the wireless devices as a whole. For example, a statistically significant group of wireless devices may be selected to be statistically representative of the wireless devices of the network. Various criteria may be identified for selecting the group. Such criteria may include a specified technique for selecting wireless devices for the group.

Executing a faceted search within a semi-structured database using a bloom filter

Michael William Paddon, Xavier Claude FRANC, Craig Matthew Brown, Matthew Christian Duggan

Priority: 2015-06-17
Applications: US20160371339A1

In an embodiment, a server executes a first query in a semi-structured database to determine a first list of nodes that each include at least one node-specific data entry that satisfies the first query. The server initializes a Bloom filter with the first list of nodes. The server filters a list of candidate nodes for a second query based on the Bloom filter. The server executes, in conjunction with a faceted search procedure of a set of documents in the semi-structured database, a second query that uses the filtered list of candidate nodes as a facet to determine a second list of nodes that each includes one or more node-specific data entries from the facet that satisfy the second query.

Facilitating searches in a semi-structured database

Craig Matthew Brown, Michael William Paddon, Matthew Christian Duggan, Kento TARUI, Xavier Claude FRANC, Lei Ni, Louis Pan, Joel Timothy Beach

Priority: 2015-06-17
Applications: US20160371368A1

In an embodiment, search parameters in a series of search queries directed to a target node of a semi-structured database are categorized as frequently recurring parameters. A partial search query template is populated with shortcut information related to the search parameters, and then used to facilitate execution of a new search query that includes the same search parameters. In another embodiment, an index is generated that links search parameters that return intermediate search result values to search result values that are configured to be obtained when a search is conducted on the intermediate search result values. The index can be generated based upon monitoring of actual searches within the semi-structured database, or alternatively based upon an inspection of the semi-structured database itself.

Caching search-related data in a semi-structured database

Craig Matthew Brown, Michael William Paddon, Xavier Claude FRANC, Louis Pan, Joel Timothy Beach

Priority: 2015-06-17
Applications: US20160371391A1

In an embodiment, a server detects a threshold number of search queries for which the same value at a target node for a document in a semi-structured database is returned as a search result. The server caches the value based on the detection. In another embodiment, the server detects a threshold number of search queries that result in values being returned as search results from a target node. The server caches values at the target node based on the detection. In another embodiment, the server records search result heuristics that indicate a degree to which search results are expected from a set of search queries. The server obtains a merge query and establishes an order in which search queries in the merge query are to be executed based on the recorded search result heuristics.

Selectively indexing data entries within a semi-structured database

Craig Matthew Brown, Xavier Claude FRANC, Michael William Paddon, Matthew Christian Duggan, Kento TARUI

Priority: 2015-06-17
Applications: US20160371392A1

In an embodiment, a server indexes, in a label-path indexed database, a first data entry at a first target node with a given node identifier in accordance with a label-path indexing protocol. After determining that a number of paths from the root node to non-root nodes that share the given node identifier exceeds a threshold, the server indexes a second data entry at a second target node with the given node identifier in a flat-indexed database in accordance with a flat indexing protocol. In an alternative embodiment, the server indexes the first data entry redundantly in both the label-path indexed database and the flat-indexed database while the path number does not exceed the threshold. When the path number exceeds the threshold, the second data entry is indexed in the flat-indexed database only.

Devices and methods for facilitating generation of cryptographic keys from a biometric

Michael William Paddon, Miriam Wiggers De Vries, Philip Michael Hawkes, Craig Brown, Guilherme Luiz Karnas Hoefel, Craig William Northway

Priority: 2015-07-02
Applications: CN107852325A US20170005794A1 WO2017030630A1 WO2017030631A1
Granted: US10069627B2

Electronic devices are adapted to generate cryptographic keys from one or more biometrics. According to one examples, an electronic device can obtain a non-encoded bit string associated with biometric information for an individual. The non-encoded bit string can be treated as if it were encoded and a decoding operation may be applied to the bit string, resulting in a modified bit string. One or more cryptographic keys can then be generated based at least in part on the modified bit string. Other aspects, embodiments, and features are also included.

Determination of nutritional factors

Matthew Christian Duggan, Michael William Paddon

Priority: 2015-09-24
Applications: CN108028073A EP3353693A1 US20170091420A1 WO2017052752A1

A method, an apparatus, and a computer program product for wireless communication are provided. The apparatus can collect a plurality of environmental factors. The apparatus can refine a list of potential items being consumed by a user each time one of the plurality of environmental factors is collected until a confidence threshold is reached. The apparatus can select an item from the list of potential items being consumed by the user once the confidence threshold is reached. The apparatus can determine a set of nutritional factors associated with the item selected from the list of potential items being consumed by the user.

Defensive Publications

Generating cryptographic initialization vectors from SSD wear metrics

Michael William Paddon

Published: 2018-12-03
Text: Technical Disclosure Commons Defensive Publication 1739

Data encryption on storage devices is achieved by the application of a suitable cipher mode. Many commonly used cipher modes require an initialization vector (IV). An IV is not secret, yet it must not be reused with the same encryption key in order to preserve confidentiality. A storage device can generate and store a unique IV alongside each encrypted block; however, this capability is not commonly available in mass market implementations. Instead, encrypted storage devices commonly use cipher modes that don’t require an IV, e.g., XTS. However, these have well-known vulnerabilities. This disclosure presents techniques that deterministically derive IVs for block encryption such that they are not stored, yet preserve the property of never being reused.