Patents Examined by Quazi Farooqui
-
Patent number: 11880483Abstract: Systems, devices, and methods are provided for authorizing access to database management system (DBMS) resources using security policies managed by a service external to the DBMS. A DBMS may be provisioned to obtain a database request, identify one or more securable resources that from applications, determine a request context for the system call, and sends a request to an external policy management service. The policy management service may be used to perform a policy evaluation to determine whether to grant access to the securable resources. In some cases, policies are cached by the DBMS. In various examples, the DBMS and policy management service are both hosted on resources managed by a computing resource service provider on behalf of a customer to run mainframe workloads.Type: GrantFiled: December 3, 2021Date of Patent: January 23, 2024Assignee: Amazon Technologies, Inc.Inventors: Didier Germain Durand, Ilia Gilderman
-
Patent number: 11868477Abstract: Some storage systems are configured with VDL (valid data length) type controls that are implemented on a per cluster basis and, in some instances, on a sub-cluster basis, rather than simply a per file basis. In some instances, per-cluster VDL metadata for the storage clusters is stored and referenced at the edge data volume nodes of a distributed network for the storage system rather than, and/or without, storing or synchronizing the per-cluster VDL metadata at a master node that manages the corresponding storage clusters for the different data volume nodes. Sequence controls are also provided and managed by the master node and synchronized with the edge data volume nodes to further control access to data contained in the storage clusters.Type: GrantFiled: July 18, 2022Date of Patent: January 9, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Mathew George, Rajsekhar Das, Vladimir Petter
-
Patent number: 11868475Abstract: A new approach is proposed that contemplates systems and methods to support post reset fuse reload for latency reduction. First, values of fuses are read once and stored into one or more load registers on an electronic device, wherein the load registers are protected. Once the values of the fuse are loaded into the load registers, a valid indicator of the load registers is set indicating that the values have been successfully loaded into the load registers. When other components of the electronic device need to access these values, the other components will check the load registers first. If it is determined that the valid indicator of the load registers is set, the stored values are read from the load registers instead of from the fuses. If the valid indicator of the load registers is not set, the values are loaded again from the fuses into the load registers.Type: GrantFiled: October 31, 2020Date of Patent: January 9, 2024Assignee: Marvell Asia Pte LtdInventors: Ramacharan Sundararaman, Nithyananda Miyar, Martin Kovac, Avinash Sodani, Raghuveer Shivaraj
-
Patent number: 11868495Abstract: Cybersecurity active defense in data storage systems are disclosed herein. An example system includes a file system, and an architecture installed on the file system, the architecture being configured to protect the file system in a zero trust manner from a malicious attack by a source system, the architecture including a controller that is configured to determine file-level operations of files in the file system that are indicative of a malicious event, block a user account or machine address interacting with the files, prevent data exfiltration or data corruption of the files, and provide an alert to an administrator regarding the files.Type: GrantFiled: November 8, 2021Date of Patent: January 9, 2024Assignee: RackTop Systems, Inc.Inventors: Eric Bednash, Jonathan Halstuch, Nicholas Louis Mezei, Garrett Eugene D'Amore
-
Patent number: 11863556Abstract: A method operable by a computing device for configuring access for a limited user interface (UI) device to a network service via a local network access point is disclosed. The method comprises the steps of: obtaining from the limited UI device a device identifier via a first out-of-band channel. The device identifier is provided to the network service via a secure network link. A zero knowledge proof (ZKP) challenge is received from the network service. Configuration information is provided to the limited-UI device via a second out-of-band channel, the configuration information including information sufficient to enable the limited-UI device to connect to the local network access point. The ZKP challenge is provided to the limited-UI device via the second out-of-band channel.Type: GrantFiled: April 28, 2021Date of Patent: January 2, 2024Inventors: Peter Corcoran, Ilariu Raducan, Petronel Bigioi
-
Patent number: 11863669Abstract: Session resumption for cryptographic communications is provided. Session data and encrypted early data are received from a client. A key is derived using the session data and a one-time pad. The early data is decrypted using the derived key.Type: GrantFiled: March 28, 2022Date of Patent: January 2, 2024Assignee: International Business Machines CorporationInventor: Mark Duane Seaborn
-
Patent number: 11847220Abstract: There is disclosed in one example a hardware computing platform, including: a processor; a memory; a network interface; and a security module, including instructions to cause the processor to: receive a request to download a file via the network interface; download a first portion of the file into a buffer of the memory; analyze the first portion for malware characteristics; assign a security classification to the file according to the analysis of the first portion; and act on the security classification.Type: GrantFiled: February 5, 2021Date of Patent: December 19, 2023Assignee: McAfee, LLCInventors: Abhishek Tripathi, Mayur Arvind Bhole, Nithya Nadig Shikarpur, Tirumaleswar Reddy Konda, Mayank Bhatnagar
-
Patent number: 11841936Abstract: Aspects of the present disclosure include systems and methods for generating and managing user authentication rules of a computing device. In an example, a computing device may include a memory storing instructions and a processor communicatively coupled with the memory and configured to execute the instructions. The processor may determine a state of the computing device, wherein the state of the computing device is one of a locked state or an unlocked state. The processor may determine a user authentication rule corresponding to the state of the computing device. The processor may also identify whether a combination of signals associated with the user authentication rule of the computing device are received by the computing device. The processor may also change or maintain the state of the computing device based on the combination of signals being received.Type: GrantFiled: January 7, 2022Date of Patent: December 12, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Jing Zhang, Anshul Rawat, Craig Thomas McIntyre, Guillermo Enrique Rueda, Peter Gregory Davis, Nathan Jeffrey Ide, Ibrahim Mohammad Ismail, Pranav Kukreja
-
Patent number: 11843708Abstract: The present disclosure relates to a PUF apparatus for generating a persistent, random number. The random number is determined by selecting one or more PUF cells, each of which comprise a matched pair of capacitors that are of identical design, and determining a value that is accurately and reliably indicative of a random manufacturing difference between them, based in which the random number is generated. The random manufacturing differences between the capacitors creates the randomness in the generated random number. Furthermore, because the random manufacturing difference should be relatively stable over time, the generated random number should be persistent.Type: GrantFiled: January 7, 2022Date of Patent: December 12, 2023Assignee: Analog Devices International Unlimited CompanyInventor: Jonathan Ephraim David Hurwitz
-
Patent number: 11843703Abstract: In one example, a cloud printing server may include a processor and a memory coupled to the processor. The memory may include a blockchain management component to register an image forming apparatus with a blockchain associated with multiple entities of a blockchain network, create a distributed ledger relating to the blockchain, create a ledger entry including information indicating operational state and configuration data of the image forming apparatus in the distributed ledger, and transmit an instance of the distributed ledger to the multiple entities including the image forming apparatus.Type: GrantFiled: July 17, 2019Date of Patent: December 12, 2023Assignee: Hewlett-Packard Development Company, L.P.Inventors: Ranjeetha Venkatesh, Sudhindra Venkatesh Kulkarni
-
Patent number: 11829503Abstract: A term-based encrypted retrieval privacy (TERP) data retrieval system performs data retrieval from a data repository server. The system includes a client processor included with a data requesting client and a server processor included with the data repository server. The client processor determines a vector forest that is shared with the data repository server, which includes forest vectors assigned with a respective vector ID, and generates a query including an encrypted ciphertext table that cross-references the vector IDs with a corresponding ciphertext entry. The server processor receives the query, and selects a given document from the data repository server that has assigned thereto at least one nearest neighbor vector among the forest vectors. The server processor compares a nearest neighbor vector ID of the nearest neighbor vector to the vector IDs included in the encrypted ciphertext table, and generates an encoded search result based on the encrypted ciphertext entries.Type: GrantFiled: September 29, 2020Date of Patent: November 28, 2023Assignee: The Johns Hopkins UniversityInventors: Russell A. Fink, David R. Zaret, Paul McNamee
-
Patent number: 11822671Abstract: An information processing device (10) includes a selection receiving unit (110) that receives an input indicating selection of at least one countermeasure among a plurality of countermeasures applicable to a terminal, an operating information specifying unit (120) that specifies a type of operating information corresponding to the countermeasure applicable to the terminal, an operating information acquisition unit (130) that acquires operating information of the type specified by the operating information specifying unit (120), a remaining terminal specifying unit (140) that specifies remaining terminals where a security risk remains when the countermeasure received by the selection receiving unit (110) is applied based on terminal-specific countermeasure information indicating a countermeasure applicable to each terminal against the security risk, a prediction unit (150) that predicts the number of remaining terminals at a future time based on the operating information acquired by the operating information aType: GrantFiled: January 5, 2021Date of Patent: November 21, 2023Assignee: NEC CORPORATIONInventor: Yoshio Yasutome
-
Systems, apparatus, and methods for embedded opt-in permission for an artifical intelligence service
Patent number: 11822667Abstract: Methods that can embed opt-in permission for an artificial intelligence (AI) service are provided. One method includes implementing, by a processor, an access level of a plurality of access levels for user sensor data. The method further includes, based on the implemented access level, generating, from a set of raw sensor data received from a set of sensors, a set of sensor data for a user of an apparatus and gaining insight about the user of the apparatus via an AI service utilizing the set of sensor data. Here, implementing the access level provides to the user of the apparatus an embedded opt-in permission for the AI service. Systems and apparatus that can include, perform, and/or implement the methods are also provided.Type: GrantFiled: June 23, 2021Date of Patent: November 21, 2023Assignee: Lenovo (Singapore) Pte. Ltd.Inventors: John W. Nicholson, Daryl C. Cromer, Howard Locker, Mengnan Wang -
Patent number: 11822669Abstract: During factory provisioning of an Information Handling System (IHS), a key injection authorization certificate is stored that authorizes key injection by a renter of the IHS. An IHS owner retains capabilities for specifying the use of boot code of successive renters of the IHS. Upon a transfer of control or ownership of the IHS, a key injection request certificate provided by the renter is validated and use of the key injection request certificate is authorized for transferring cryptographic credentials to the IHS. The key injection authorization certificate specifies an identity of the IHS that is authorized for key injection by the renter and the key injection request certificate specifies an identity of the IHS that is requested for key injection by the renter. Transfer of credentials is authorized when the two certificates are both valid and the identity of the IHS specified in the two certificates is the same.Type: GrantFiled: July 12, 2021Date of Patent: November 21, 2023Assignee: Dell Products L.P.Inventors: Mukund P. Khatri, Eugene David Cho
-
Patent number: 11818243Abstract: An encryption device includes: a parameter generating circuit configured to generate an encryption parameter including a number of initial valid bits based on an operation scenario; an encryption circuit configured to generate a cipher text by encrypting a plain text received from the outside, based on the encryption parameter; an operation circuit configured to generate a final cipher text by performing a plurality of operations on the cipher text according to the operation scenario and tag, to the final cipher text, history information of the operations performed on the final cipher text; and a decryption circuit configured to generate a decrypted plain text by decrypting the final cipher text and output a number of reliable bits of the decrypted plain text based on the history information.Type: GrantFiled: June 9, 2021Date of Patent: November 14, 2023Inventors: Youngsik Moon, Wijik Lee, Hongrak Son
-
Patent number: 11818244Abstract: Cryptographic processor chips, systems and associated methods are disclosed. In one embodiment, a cryptographic processor is disclosed. The cryptographic processor includes a first cryptographic processing module to perform a first logic operation. The first cryptographic processing module includes first input circuitry to receive ciphertext input symbols. A first pipeline stage performs a first operation on the ciphertext input symbols and generates a first stage output. On-chip memory temporarily stores the first stage output and feeds the first stage output to a second pipeline stage in a pipelined manner. The second pipeline stage is configured to perform a second operation on the first stage output in a pipelined manner with respect to the first pipeline stage.Type: GrantFiled: December 14, 2022Date of Patent: November 14, 2023Assignee: THE GOVERNING COUNCIL OF THE UNIVERSITY OF TORONTOInventors: Shaveer Bajpeyi, Glenn Gulak
-
Patent number: 11818143Abstract: Systems and methods discussed herein are directed to a method within a wireless communication network that includes, based at least in part on sending a login associated with a phone number, receiving a code at an electronic device associated with the phone number. A hash code corresponding to the code at an app executing on the electronic device associated with the phone number is received and an input is received. Based at least in part on the input, the input is hashed to provide a hashed code. The hashed code is compared with the hash code and it is determined if the hashed code matches the hash code. Based at least in part on determining the hashed code matches the hash code, the hash code is forwarded to a location associated with the login. The location may comprise one of a website or an app.Type: GrantFiled: September 1, 2021Date of Patent: November 14, 2023Assignee: T-Mobile USA, Inc.Inventor: Keldon Beckley Fischer
-
Patent number: 11809569Abstract: Some storage systems are configured with VDL (valid data length) type controls that are implemented on a per cluster basis and, in some instances, on a sub-cluster basis, rather than simply a per file basis. In some instances, per-cluster VDL metadata for the storage clusters is stored and referenced at the edge data volume nodes of a distributed network for the storage system rather than, and/or without, storing or synchronizing the per-cluster VDL metadata at a master node that manages the corresponding storage clusters for the different data volume nodes. Sequence controls are also provided and managed by the master node and synchronized with the edge data volume nodes to further control access to data contained in the storage clusters.Type: GrantFiled: July 18, 2022Date of Patent: November 7, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Mathew George, Rajsekhar Das, Vladimir Petter
-
Patent number: 11799674Abstract: Systems and methods of correcting errors in encrypted communication between a server and client devices using keyless encryption schemes are disclosed. Client devices with arrays of physical-unclonable-function devices respond to challenges from a server. Characteristics of the arrays are stored by the server during a secure enrollment process. To send an encrypted message, the server generates a message digest, extracts data from the stored arrays on the basis of the message digest, applies error correction codes to the message, encrypts the message with the extracted data, and sends the message to a client. The server may receive a handshake containing all or part of the message digest, measures its PUF, and decrypts and decodes the message.Type: GrantFiled: December 3, 2021Date of Patent: October 24, 2023Assignee: ARIZONA BOARD OF REGENTS ON BEHALF OF NORTHERN ARIZONA UNVERSITYInventors: Bertrand F Cambou, Fatemeh Afghah, Sareh Assiri, Ashwija Korenda
-
Patent number: 11798001Abstract: Embodiments relate to progressively validating access token. In response to intercepting an initial call for a transaction for a service from a client, a token is validated for the initial call of the transaction for the service, the validating including contacting an authentication sever and locally storing a time to live received for the token. In response to intercepting at least one successive call for the transaction for the service from the client, it is determined that the token for the at least one successive call is valid based on the time to live locally saved. The at least one successive call for the transaction for the service is permitted to pass without contacting the authentication sever.Type: GrantFiled: September 20, 2021Date of Patent: October 24, 2023Assignee: International Business Machines CorporationInventors: Peng Hui Jiang, Xin Peng Liu, Wei Wu, Xiao Ling Chen