Roger L Khazan

20050108562, May 19, 2005

Jun 18, 2003

10/464828

Roger Khazan - Somerville MA, US
Jesse Rabek - Boston MA, US
Scott Lewandowski - Reading MA, US
Robert Cunningham - Lexington MA, US

G06F011/30

713200000

Described are techniques used for automatic detection of malicious code by verifying that an application executes in accordance with a model defined using calls to a predetermined set of targets, such as external routines. A model is constructed using a static analysis of a binary form of the application, and is comprised of a list of calls to targets, their invocation and target locations, and possibly other call-related information. When the application is executed, dynamic analysis is used to intercept calls to targets and verify them against the model. The verification may involve comparing the invocation and target location, as well as other call-related information, available at the time of call interception to the corresponding information identified by static analysis. A failed verification determines that the application includes malicious code. As an option, once detected, the malicious code may be allowed to execute to gather information about its behavior.

20120237028, Sep 20, 2012

Mar 17, 2011

13/050323

Roger Khazan - Arlington MA, US
Adam Shawn Petcher - Billerica MA, US
Daniil M. Utin - Newton MA, US

Massachusetts Institute of Technology - Cambridge MA

H04K 1/00
H04N 7/12

380201, 380258

In an aspect, the invention features a method for mission planning The method includes displaying a graphical representation of a geographical area and displaying a graphical representation of one or more regions within the geographical area. The method also includes accepting a specification of geographical regions from a user, accepting a specification of a set of one or more receivers from the user, and accepting a specification of resource access rights associated with the specific one of the geographical regions from the user. The method also includes remotely causing access to a vehicle's resources to be provided or denied to the specified set of one or more receivers based on their association with the specific one of the geographical regions specified by the user when the vehicle is within the specific one of the geographical regions specified by the user.

20140010371, Jan 9, 2014

Jul 9, 2013

13/937919

Roger I. Khazan - Arlington MA, US
Joshua Kramer - Burlington MA, US
Daniil M. Utin - Waban MA, US
Mankuan Michael Vai - Sudbury MA, US
David Whelihan - Framingham MA, US

H04L 9/08

380278

A method for operating a secure device having a plurality of mutually exclusive circuit zones, including a first circuit zone having a first level of security and a second circuit zone having a second level of security less than the first level of security, the method including unpacking a key exchange package including receiving a key exchange package in the second circuit zone, the key exchange package including encrypted key data and processing the encrypted key data using a content key in the first circuit zone to generate decrypted key data and storing the decrypted key data in the first circuit zone without disclosing the decrypted key data into the second circuit zone.

20140013123, Jan 9, 2014

Jul 9, 2013

13/937884

Roger I. Khazan - Arlington MA, US
Joshua Kramer - Burlington MA, US
Daniil M. Utin - Waban MA, US
Mankuan Michael Vai - Sudbury MA, US
David Whelihan - Framingham MA, US

G06F 21/60

713189

A circuit for secure operation includes a plurality of mutually exclusive circuit zones including a first circuit zone having a first level of security and a second circuit zone having a second level of security less than the first level of security and one or more gate circuits each providing limited transfer of data between the circuit zones, the gate circuits providing all data connectivity between the first circuit zone and the second circuit zone and statically configured to prevent unmodified transfer of data from the first circuit zone to the second circuit zone.

20180268172, Sep 20, 2018

Mar 14, 2017

15/458083

- Cambridge MA, US
Lauren E. Milechin - Acton MA, US
Mankuan Michael Vai - Sudbury MA, US
Roger I. Khazan - Arlington MA, US

G06F 21/70
G06K 9/00
G06K 9/62

A method for determining an authenticity of a configurable electronic device includes configuring the configurable electronic device according to stimulus data, measuring one or more side-effects of operation of the configurable electronic device after configuration of the electronic device to generate representations of the one or more side-effects, processing the representations of the side-effects using a feature extraction module to determine one or more features characterizing the representations of the side-effects, and processing the one or more features characterizing the representations of the side-effects using an authentication module to determine a degree of authenticity of the configurable electronic device.

20170019381, Jan 19, 2017

May 6, 2016

15/148327

Roger I. Khazan - Arlington MA, US
Daniil M. Utin - Waban MA, US

H04L 29/06
H04W 12/04
H04L 9/32
H04W 12/06
H04L 9/14
H04L 9/30

A method for establishing a secure communication session over communication paths between one or more client devices and one or more server computers according to a communication protocol includes initiating the session including passing communication through a proxy on a device on the communication paths, passing session initiation information between the client devices and the server computers via the proxy, passing encrypted content between the client devices and the server computers over secure communication sessions, each established for exclusive access from one client device and one server computer based on the exchanged session initiation information between said client device and said server computer whereby the proxy does not have access to the content, and modifying, using the proxy, at least some information passing between a client device and a server computer such that the communication to and from the server computer adheres to the communication protocol.

20160119287, Apr 28, 2016

Jun 17, 2013

13/919596

Roger I. Khazan - Arlington MA, US
Daniil M. Utin - Waban MA, US

H04L 29/06

A method for establishing a secure communication session over communication paths between one or more client devices and one or more server computers according to a communication protocol includes initiating the session including passing communication through a proxy on a device on the communication paths, passing session initiation information between the client devices and the server computers via the proxy, passing encrypted content between the client devices and the server computers over secure communication sessions, each established for exclusive access from one client device and one server computer based on the exchanged session initiation information between said client device and said server computer whereby the proxy does not have access to the content, and modifying, using the proxy, at least some information passing between a client device and a server computer such that the communication to and from the server computer adheres to the communication protocol.

20140222250, Aug 7, 2014

Feb 4, 2014

14/172306

Roger Khazan - Arlington MA, US
Adam Shawn Petcher - Billerica MA, US
Daniil M. Utin - Newton MA, US

G05D 1/00

701 2

A method for transportation of material includes operating a material transportation vehicle according to a material transportation plan. The plan includes a representation of one or more regions within a geographical area, each of the regions being associated with a group of one or more communication stations and a representation of a route of travel within the geographical area. The route of travel traverses a first region of the one or more regions within the geographical area. The operating includes causing the vehicle to travel along the route of travel including causing the vehicle to enter the first region, accepting control information originating from a first communication station of the communication stations associated with the first region, the first communication station being authorized to control a material transportation resource of the vehicle in the first region, and causing an exchange of the material according to the accepted control information.