Abstract: Data stored on a data asset may be migrated to another data asset while maintaining compliance to applicable regulations. A data asset may experience a failure. Based on the type of data stored by that data asset and the applicable regulations, requirements, and/or restrictions that relate to a transfer of that type data from that data asset, a target data asset may be determined. The data stored on the data asset may then be transferred to the target data asset. The disclosed systems may use data models and/or data maps in determining the requirements for a data transfer and selecting target data assets.
Type:
Grant
Filed:
March 8, 2021
Date of Patent:
September 14, 2021
Assignee:
OneTrust, LLC
Inventors:
Arockia Gunasingam, Steven W. Finch, Saravanan Pitchaimani, Kevin Jones, Jonathan Blake Brannon
Abstract: A method and system are provided for managing cybersecurity vulnerabilities of resources within at least one network. The method includes collecting data including application risk rank and network location. The method further includes determining a vulnerability score for vulnerabilities of the resources and determining severity score based on the application risk rank and network location. The method additionally includes integrating the vulnerability score and the severity score to create a two-dimensional risk ranking.
Type:
Grant
Filed:
June 19, 2019
Date of Patent:
September 14, 2021
Assignee:
JPMORGAN CHASE BANK, N.A.
Inventors:
Bryan S. Inagaki, Martin Dawson, Andrew Graham, Ramiro Rodney Murgueytio, David J. Robinson, Ajay D. Vachhani, Travis Washburn
Abstract: A physically unclonable function (PUF) device is provided. The PUF device includes: a plurality of PUF cells configured to generate an output. Each of the plurality of cells includes a sense amplifier, a load circuit. The sense amplifier includes a first circuit and a second circuit configured to generate a bit line and a complementary bit line. The sense amplifier having a first circuit and a second circuit configured to generate a bit line and a complementary bit line. The first circuit generates an output at a first output node and the second circuit generates an output at the second output node. The load circuit having a first transistor and a second transistor configured to generate a bias to the sense amplifier to obtain a mask bit at a first output node and a second output node. The control terminal of the first transistor is controlled by a first selection bit, and a control terminal of the second transistor is controlled by a second selection bit.
Abstract: An apparatus and method for performing an operation which are secure against side-channel attack are provided. According to one embodiment of the present disclosure, the apparatus includes a first outputter configured to output a first output value corresponding to a seed value using a first parameter candidate value set, a second outputter configured to output a second output value using a second parameter candidate value set wherein the second output value corresponds to the seed value and is capable of being generated using the first output value, a third outputter configured to output a third output value using the seed value and the first output value, and a fourth outputter configured to output a fourth output value using the second output value and the third output value, wherein the fourth output value is capable of being generated using the seed value.
Type:
Grant
Filed:
October 15, 2018
Date of Patent:
August 24, 2021
Assignee:
SAMSUNG SDS CO., LTD.
Inventors:
Kyu-Young Choi, Duk-Jae Moon, Hyo-Jin Yoon, Ji-Hoon Cho
Abstract: Secure subscription based vehicle data services are provided. In one embodiment, a device comprises: a non-volatile memory comprising an embedded public key (EPK) that comprises a public key of a public-private key pair associated with a data service system not onboard the vehicle; a protocol that initiates a communication session that includes a session validation sequence that causes a processor to transmit a session request message and validate an authenticity of a session reply request using the EPK; the protocol includes a session initiation sequence that causes the processor to: transmit an initiation request message to the data service system that includes a key derivation key, and apply the key derivation key to a key derivation function to generate a message authentication key. The processor authenticates uplink messages exchanged with a host data service using the message authentication key.
Type:
Grant
Filed:
June 5, 2020
Date of Patent:
July 20, 2021
Assignee:
Honeywell International Inc.
Inventors:
Michael L. Olive, Xiaozhong He, Phani Ammi Raju Pothula
Abstract: A chat robot may be used to facilitate interaction with a user in the determination of whether to initiate and process a data subject access request (DSAR). At a DSAR submission webpage, the chatbot may interact with a user to determine the information the user is in need of and/or the actions that the user may take. The chatbot may provide the information desired by the user, avoiding the processing overhead of submission and fulfillment of a DSAR. The chatbot may also facilitate completion of a DSAR on behalf of the user when needed.
Type:
Grant
Filed:
July 10, 2020
Date of Patent:
July 6, 2021
Assignee:
OneTrust, LLC
Inventors:
Priya Malhotra, Bryan Patrick Kveen, Jonathan Blake Brannon
Abstract: A computer receives one or more security alerts. The computer selects a subset of the one or more security alerts for processing. The computer executes one or more queries automatically, based on the subset of the one or more security alerts. The computer identifies one or more related processes, wherein the one or more related processes are related to information contained within the subset of the one or more security alerts. The computer displays a full flow of a malware attack, wherein the full flow includes the information contained within the subset of the one or more security alerts and the one or more related processes.
Type:
Grant
Filed:
November 30, 2018
Date of Patent:
July 6, 2021
Assignee:
International Business Machines Corporation
Abstract: Aspects of the disclosure relate to a system and method for securely authenticating a device via token(s) and/or verification computing device(s). A verification computing device may generate a pseudorandom number or sequence. Based on the pseudorandom number or sequence, the verification computing device may select a first plurality of parameters associated with a user of a device to be authenticated. The verification computing device may transmit, to the device, the pseudorandom number or sequence, and the device may select a second plurality of parameters. The device may generate a token based on the second plurality of parameters. The device may send the token to another device, and the other device may send the token to the verification computing device. The verification computing device may authenticate the device based on the token.
Type:
Grant
Filed:
September 18, 2018
Date of Patent:
June 22, 2021
Assignee:
Allstate Insurance Company
Inventors:
John Parkinson, Jason Park, David Harris
Abstract: Systems and methods are described herein for configuring vehicles and infrastructure (e.g., buildings, smart homes, traffic devices, utilities and associated systems, emergency response systems, and so on) to include blockchain nodes, so a smart city or area of the various devices can be supported by a blockchain network, with some or all devices and systems provisioned with nodes acting as distributed nodes for the blockchain network.
Abstract: A messaging server receives a network packet that encapsulates a user packet that indicates a source domain and a destination domain. The user packet encapsulates a data message that indicates a code and comprises encrypted data. The messaging server transfers the user packet to a distributed ledger. The distributed ledger executes a distributed ledger transaction with the domains and the code to determine a receiving device. The distributed ledger commits the user packet and device identifiers to distributed ledger memory and transfers the user packet and the receiving device identifier to the messaging server. The messaging server encapsulates the user packet in a network packet for delivery to the receiving device. The user packet encapsulates that data message that indicates the code and comprises the encrypted user data.
Type:
Grant
Filed:
February 14, 2019
Date of Patent:
June 15, 2021
Assignee:
Sprint Communications Company L.P.
Inventors:
Lyle Walter Paczkowski, Ronald R. Marquardt, Ivo Rook
Abstract: Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.
Type:
Grant
Filed:
May 28, 2020
Date of Patent:
May 25, 2021
Assignee:
SPLUNK INC.
Inventors:
Robert Winslow Pratt, Ravi Prasad Bulusu
Abstract: Disclosed is an authentication method and system for a device using a Bluetooth technology. A method for performing authentication by a first device, using Bluetooth low energy (LE), according to an embodiment of the present invention comprises: authenticating a user on the basis of ID information of the user; and authenticating a device by comparing information acquired from a user input with information acquired using an exchanged public key. The authentication scheme for a device is determined according to the input/output capability of the device.
Abstract: Described herein are systems and methods for matching clicks of links on a webpage with page views by a user. The method may comprise identifying a link on a webpage requested by a client device, generating a link identifier for the link and attaching the link identifier to the link. Upon receiving a request for data associated with the link, the link identifier is stored in a log file.
Type:
Grant
Filed:
January 30, 2018
Date of Patent:
April 27, 2021
Assignee:
Verizon Media Inc.
Inventors:
Sunil Nagaraj, Nanda Kumar Jayakumar, Kian-Tat Lim, George Goldenberg
Abstract: A computer-implemented method includes: receiving, by a computer device, biometric data scanned from a guardian and biometric data scanned from a ward; receiving, by the computer device, data defining a relationship between the guardian and the ward; storing, by the computer device, the biometric data scanned from the guardian, the biometric data scanned from the ward, and the data defining the relationship in a record in a secure database; receiving, by the computer device, a request for validation including scanned biometric data; determining, by the computer device, the scanned biometric data matches the record in the secure database; and transmitting, by the computer device and in response to the determining, data defining an authorization based on the relationship.
Type:
Grant
Filed:
September 18, 2018
Date of Patent:
April 13, 2021
Assignee:
INTERNATIONAL BUSINESS MACHINES CORPORATION
Inventors:
Michael Bender, Rhonda L. Childress, Todd R. Palmer, Manjari Roy
Abstract: A method of performing authentication and authorization in Proximity based Service (ProSe) communication by a requesting device which sends a request of a communication and a receiving device which receives the request from the requesting device, the method including deriving session keys Kpc and Kpi from an unique key Kp at the requesting and receiving devices, using the session keys Kpc and Kpi for ProSe communication setup and direct communication between the requesting and receiving devices, starting the direct communication with the requesting and receiving devices. The key Kpc is confidentiality key and the key Kpi is integrity protection key.
Abstract: A method and apparatus prevents hacker code from infecting an application program by requiring decryption of the application program prior to running the application program on a computer. The method includes steps of: providing a storage device that is a separate unit from components necessary to operate the computer; storing a symmetric private key on the storage device; using the symmetric private key to produce an encrypted application program upon first installation; thereafter decrypting that part of the encrypted application program needed implement a command to run the application program; precluding the computer from running any part of the application program that has not been first encrypted with the symmetric private key; and, decrypting, on the fly, only those follow-on parts of the encrypted application program needed to perform functions called for during operation of the application program.
Abstract: A system and method for secure authentication of user entity and user entity device identity. The system and method described herein allows an identity to be continuously proven because of user entity's behavior and their biometrics. With all the fraud and risk that exists today, if someone has a user entity's driver's license they can do a lot of harm. A primary identity provider receives user contextual and behavioral information from third party secondary identity providers to allow risk based continuous authentication and step up post-authorization authentication or termination of session as required upon detection of an anomaly by third party identity provider.