Patents Examined by Jayesh M Jhaveri
-
Patent number: 11977632Abstract: Disclosed are methods and apparatuses for classifier evaluation. The evaluation involves constructing a ground truth refinement having a degree of error within specified bounds from a malware reference dataset as an approximate ground truth refinement. The evaluation further involves using the approximate ground truth refinement to determine at least one of: a lower bound on precision or an upper bound on recall and accuracy. The evaluation further involves evaluating a classifier by evaluating at least one of a classification method or clustering method by examining changes to the upper bound and/or the lower bound produced by the approximate ground truth refinement.Type: GrantFiled: April 23, 2021Date of Patent: May 7, 2024Assignee: BOOZ ALLEN HAMILTON INC.Inventors: Robert J. Joyce, Edward Raff
-
Patent number: 11972027Abstract: Preserving web page functionality through dynamic analysis of host web pages. Web pages accessed by a user device may be monitored. The web browser may apply a blocking policy that blocks an external domain from loading functional content into the web page, which results in a breakage in the web page. The breakage in the web page may be identified through a dynamic analysis of the web page and correlated with the functional content from the blocked external domain. Once identified and correlated, the blocking policy may be modified to allow the external domain to load the functional content and reloading the web page.Type: GrantFiled: October 27, 2021Date of Patent: April 30, 2024Assignee: GEN DIGITAL INC.Inventors: Iskander Sanchez Rola, Johann Roturier, David Luz Silva
-
Patent number: 11968194Abstract: Computer systems and methods are provided for training a machine learning system to determine an authentication decision and explanation information corresponding to the authentication decision. First authentication information for a first authentication request including a first image is received. First validation information corresponding to the first image and including a first authentication decision and first explanation information is received. Data storage of a machine learning system stores the first image and the first validation information. The machine learning system updates an authentication model based on the stored first image and first validation information. Second authentication information for a second authentication request is received. The machine learning system determines second validation information, including second explanation information, based on the updated authentication model. The second explanation information is provided for display to a user device.Type: GrantFiled: April 6, 2021Date of Patent: April 23, 2024Assignee: Jumio CorporationInventor: Labhesh Patel
-
Patent number: 11954224Abstract: Embodiments of the present disclosure describe systems, methods, and computer program products for redacting sensitive data within a database. An example method can include receiving a masking policy for a column of a database, the masking policy identifying a category of sensitive data, examining a column of a database to identify a category of sensitive data in a first location of the column, and, in response to a data query accessing the column, the first location of the column exceeding a threshold probability of comprising sensitive data, executing a redaction operation to redact the category of sensitive data from the first location of the column to generate redacted data for a response to the data query.Type: GrantFiled: August 29, 2023Date of Patent: April 9, 2024Assignee: SNOWFLAKE INC.Inventors: Yimeng Li, Carl Yates Perry, Raghavendran Ramakrishnan, Frantisek Rolinek, Yunqiao Zhang
-
Patent number: 11949672Abstract: A solution is proposed for performing authentications. A corresponding method comprises storing a verification string corresponding to applying a one-way function iteratively starting from a secret string. An authentication request is received in association with an authentication string (or more) being generated by applying the one-way function iteratively starting from the secret string for a lower number of times. A result of the authentication request is determined by comparing the verification string with a comparison string being generated by applying the one-way function to the authentication string (or a few times iteratively). Corresponding computer programs and a computer program products for performing the method are also proposed. Moreover, corresponding systems for implementing the method are proposed.Type: GrantFiled: January 31, 2022Date of Patent: April 2, 2024Assignee: International Business Machines CorporationInventors: Roberto Ragusa, Remo Freddi, Chiara Conti, Alessandra Asaro
-
Patent number: 11934561Abstract: A predetermined credential system for remote administrative operating system (OS) authorization and policy control is disclosed. Administrative activities are packaged in single-use downloaded software. When executed, the administrative access to the OS is activated before completing the administrative activities. The admin credential is encrypted in a wrapped program. A payload program and administrative credentials are extracted from a wrapped program. The payload program adds functionality or affects policies and/or change update settings and configuration selected for an end user computer or a group of end user computers.Type: GrantFiled: January 13, 2023Date of Patent: March 19, 2024Assignee: Netskope, Inc.Inventors: Matthew D. Adams, Daniel F. Taylor
-
Patent number: 11934546Abstract: Disclosed is a method and apparatus for securely copying and pasting data between computer applications. The method includes generating alternative data from copied data from a first computer application. The method further includes adding the alternative data to a copy-paste clipboard and detecting an attempt by a user device to paste the copied data into a user interface. In response to the user interface being associated with a computer application from a predefined list of computer applications, the method further includes pasting, by a processing device, the copied data into the user interface. In response to the user interface being not associated with the computer application from the predefined list of computer applications, the method further includes pasting, by the processing device, the alternative data from the copy-paste clipboard into the user interface.Type: GrantFiled: November 7, 2023Date of Patent: March 19, 2024Assignee: OpenFin Inc.Inventors: Chuck Doerr, Gavin Lauchlan
-
Patent number: 11916958Abstract: Described herein are example implementations for handling of phishing attempts. A system receives a request to perform an electronic transaction, with the request including information regarding a user account. The system generates one or more probabilities of the request being valid based on the request and processing of a plurality of electronic transactions associated with one or more user accounts, identifies whether the request is valid based on the one or more probabilities, and in response to identifying that the request is not valid, provides an indication that the request is not valid.Type: GrantFiled: January 11, 2022Date of Patent: February 27, 2024Assignee: Intuit Inc.Inventors: Yair Horesh, Aviv Ben Arie
-
Patent number: 11914690Abstract: Disclosed herein are methods, devices, and systems for provide a new two-factor or user authentication procedure. In a scenario in which a user is enrolled in the verification system, a method can include receiving, at a network-based server, a unique identifier associated with a user that desires to access a service from an application or a website, identifying a typing profile associated with the unique identifier and presenting a reference text on a user device of the user. The method can include receiving a typing pattern of the user and determining whether there is a match between the typing pattern and one or more previously recorded typing patterns for the user. When the determination indicates that the user is verified, the method includes presenting a one-time password on a display of the user device. The user enters the one-time password into an input field and validating, via the network-based server, the one-time password.Type: GrantFiled: June 2, 2021Date of Patent: February 27, 2024Assignee: TYPINGDNA INC.Inventors: Raul-Laviniu Popa, Kyle Hunt
-
Patent number: 11915327Abstract: Disclosed herein is a time-based leaderboard that ranks users based on a length of time each user has controlled or possessed a given digital object. The leaderboard includes customization options for purposes of user identification and identity connected to social network objects. The leaderboard further uses a staking feature where users provide their digital objects to universal wallets to hold for a predetermined period based on smart contract limitations. Staking improves leaderboard position. The leaderboard further enables expression and displayed of staked digital objects despite the user no longer having actual possession of the digital object. A digital object generator builds unique digital objects based on the user specific input. The unique digital objects are part of a graphic presentation to users.Type: GrantFiled: June 30, 2022Date of Patent: February 27, 2024Assignee: EMOJI ID, LLCInventors: Naveen Kumar Jain, Riccardo Paolo Spagni, Tal Flanchraych, Shradha Rao, Karim Balaa
-
Patent number: 11909761Abstract: Systems and methods for mitigating the impact of malware by reversing malware related modifications in a computing device are provided. According to an embodiment, a sandbox service running within a network security platform protecting an enterprise network receives a file containing malware and associated contextual information from an endpoint security solution running on an endpoint device, which has been infected by the malware. The sandbox service captures information regarding a first series of actions performed by the malware and based on the first series of actions generates a remediation script specifying a second series of actions that are configured to restore the endpoint device to a pre-infected state. The network security platform causes the endpoint device to be returned to the pre-infected state by causing the endpoint security solution to execute the remediation script on the endpoint device.Type: GrantFiled: February 2, 2022Date of Patent: February 20, 2024Assignee: Fortinet, Inc.Inventors: Udi Yavo, Roy Katmor, Ido Kelson
-
Patent number: 11907395Abstract: Techniques for identity resolution and data enrichment include configuring, during an onboarding process at an account of a data provider, at least one parameter associated with access to identity resolution functions by an account of a data consumer. A first shared data object is generated at the account of the data provider. The first shared data object corresponds to a second shared data object at the account of the data consumer. The second shared data object at the account of the data consumer is enabled for sharing of log data associated with an application executing at the account of the data consumer. The application is enabled for an identity resolution process based on the detecting of the second shared data object. Source data associated with the identity resolution functions is encoded for communication to the application at the account of the data consumer based on the enabling.Type: GrantFiled: January 31, 2023Date of Patent: February 20, 2024Assignee: Snowflake Inc.Inventors: Marcus A. Henderson, Justin Langseth
-
Patent number: 11902251Abstract: A computer-implemented method for building socket transferring between containers in cloud-native environments by using kernel tracing techniques is provided including probing a connection-relevant system call event by using an eBPF to collect and filter data at a router, creating a mirror call at a host namespace with a dummy server and dummy client by creating the dummy server with mirror listening parameters, sending a server host address mapping to overlay the server host address to the client coordinator in an overlay process, and creating and connecting the dummy client to return a client host address to the server coordinator. The method further includes transferring mirror connections to the overlay process via a forwarder by temporary namespaces entering and injecting socket system calls and probing a transfer call event to map an overlay socket with a transferred dummy socket to activate duplication when the overlay socket is not locked.Type: GrantFiled: January 24, 2023Date of Patent: February 13, 2024Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Sunyanan Choochotkaew, Tatsuhiro Chiba
-
Patent number: 11886610Abstract: The technology disclosed relates to analysis of security posture of a cloud environment. In particular, the disclosed technology relates to a system and method that detects a triggering criterion and, in response to the triggering criterion, automatically discovers a plurality of databases in the cloud environment. An orchestration engine is configured to deploy a plurality of log analyzer microservices on the plurality of databases, each log analyzer microservice, of the plurality of log analyzer microservices, being configured to scan a respective database log that represents database activities on a respective database of the plurality of databases. Analysis results are received from the plurality of log analyzer microservices, the analysis results represent detection of at least one of a performance criterion or a security criterion in one or more databases of the plurality of databases. An action signal representing the analysis results is generated.Type: GrantFiled: June 8, 2023Date of Patent: January 30, 2024Assignee: Normalyze, Inc.Inventors: Ajay Agrawal, Yang Zhang
-
Patent number: 11886584Abstract: Disclosed herein are systems and methods for detecting potentially malicious changes in an application. In one aspect, an exemplary method comprises, selecting a first file to be analyzed and at least one second file similar to the first file, for each of the at least one second file, calculating at least one set of features, identifying a set of distinguishing features of the first file by finding, for each of the at least one second file, a difference between a set of features of the first file and the calculated at least one set of features of the second file, and detecting a presence of potentially malicious changes in the identified set of distinguishing features of the first file.Type: GrantFiled: November 17, 2021Date of Patent: January 30, 2024Assignee: AO KASPERSKY LABInventors: Anton A Kivva, Lev V Pikman, Igor A Golovin
-
Patent number: 11880459Abstract: Various embodiments include a mobile storage device control system. The system may include an independently operating scanning apparatus configured to: detect insertion of a mobile storage device, scan the mobile storage device to determine whether the mobile storage device poses a security threat, perform a specific operation on the mobile storage device so the specific operation is recorded in a file system log of the mobile storage device, and the record of the specific operation is used to mark whether the mobile storage device has been modified after being scanned. The system may include a control apparatus configured to: detect insertion of the mobile storage device, check whether the last record in the file system log in the mobile storage device is the record of the specific operation, if so, permit a user to access the mobile storage device and otherwise prohibit the user from accessing the mobile storage device.Type: GrantFiled: April 30, 2020Date of Patent: January 23, 2024Assignee: SIEMENS AKTIENGESELLSCHAFTInventors: Zhe Wang, Yong Ji Gao
-
Patent number: 11880460Abstract: Systems and methods for malware filtering are provided herein. In some embodiments, a system having one or more processors is configured to: retrieve a file downloaded to a user device; break the downloaded file into a plurality of chunks; scan the plurality of chunks to identify potentially malicious chunks; predict whether the downloaded file is malicious based on the scan of the plurality of chunks; and determine whether the downloaded file is malicious based on the prediction.Type: GrantFiled: November 21, 2022Date of Patent: January 23, 2024Assignee: UAB 360 ITInventors: Aleksandr Sevcenko, Mantas Briliauskas
-
Patent number: 11876828Abstract: Systems and methods are described for using a template for simulated phishing campaigns based on predetermined date from a date associated with a user. The predetermined date may by an event, an anniversary or a milestone associated with employment of the user with a company. The campaign controller may identify a date associated with the user and based on the identification of the date associated with the user, the campaign controller may select one or more templates for one or more simulated phishing campaigns to be triggered by a predetermined date related to the date associated with the user.Type: GrantFiled: September 26, 2022Date of Patent: January 16, 2024Assignee: KnowBe4, Inc.Inventor: Greg Kras
-
Patent number: 11870915Abstract: A secure programming system can receive a job control package having a security kernel and a target payload of content for programming into a pre-defined set of trusted devices. A device programmer can install a security kernel on the trusted devices and reboot the trusted devices using the security kernel to validate the proper operation of the security kernel. The target payload can then be securely installed on the trusted devices and validated.Type: GrantFiled: June 28, 2022Date of Patent: January 9, 2024Assignee: Data I/O CorporationInventors: Rajeev Gulati, David R. Christie, Edwin R. Musch, Benjamin M. Deagen
-
Patent number: 11861033Abstract: Techniques for identity resolution and data enrichment include configuring, at an account of a data consumer, an outbound share. The outbound share is designating a share at an account of a data provider as a receiving share. An identity resolution application is instantiated at the account of the data consumer. An instruction originating from the account of the data provider is decoded at the account of the data consumer. The instruction is generated based on the configuring of the outbound share. The instruction enables the identity resolution application for an identity resolution process. Source data is retrieved from the account of the data provider at the account of the data consumer. The source data is associated with the identity resolution process.Type: GrantFiled: May 23, 2023Date of Patent: January 2, 2024Assignee: Snowflake Inc.Inventors: Marcus A. Henderson, Justin Langseth