Patents Assigned to CA, Inc.
-
Publication number: 20250086292Abstract: The systems and methods described provide a seamless end-to-end email delivery between secure email clusters without reliance on prior sharing of encryption keys or protocol configurations. The solution can receive a request to transmit an email to a recipient identified by a domain of the recipient. The solution can transmit a first query to a domain name service (DNS) to fetch one or more records corresponding to the domain of the recipient. The one or more records can identify a key service. The solution can receive, from the key service responsive to a second query to the key service, a key for encrypting the email. The solution can encrypt at least a portion of the email based at least on the key and transmit the encrypted email to the recipient.Type: ApplicationFiled: September 12, 2023Publication date: March 13, 2025Applicant: CA, Inc.Inventor: Dhrubojyoti Biswas
-
Patent number: 12192083Abstract: Novel solutions for monitoring and analyzing networks in terms of the volatility of various devices. Some solutions consider a weighted set of metrics in determining such volatility. Evaluation of devices against peers in view of these factors can produce insight about network conditions.Type: GrantFiled: July 31, 2023Date of Patent: January 7, 2025Assignee: CA, Inc.Inventors: David Cosgrove, John Murdough, Jason Normandin, Tim Diep
-
Publication number: 20240406026Abstract: In some embodiments, a computing system includes a communication interface; and a processor that is coupled to the communication interface. In some embodiments, least one of the communication interface or the processor receives a network packet from the network via a network adapter port; encapsulates the received network packet with a tunnel header, wherein the tunnel header comprises network identifier information identifying the network adapter port; addresses, based on the network identifier information, an outer Internet protocol (IP) header of the encapsulated network packet with an outer IP address corresponding to a network function in a first computing device; and sends the encapsulated network packet toward the network function identified by the outer IP address.Type: ApplicationFiled: August 15, 2024Publication date: December 5, 2024Applicant: CA, INC.Inventors: Mark McConnaughay, Gary Tomic, Ron Frederick
-
Patent number: 12088430Abstract: In some embodiments, a computing system includes a communication interface; and a processor that is coupled to the communication interface. In some embodiments, least one of the communication interface or the processor receives a network packet from the network via a network adapter port; encapsulates the received network packet with a tunnel header, wherein the tunnel header comprises network identifier information identifying the network adapter port; addresses, based on the network identifier information, an outer Internet protocol (IP) header of the encapsulated network packet with an outer IP address corresponding to a network function in a first computing device; and sends the encapsulated network packet toward the network function identified by the outer IP address.Type: GrantFiled: May 17, 2021Date of Patent: September 10, 2024Assignee: CA, INC.Inventors: Mark McConnaughay, Gary Tomic, Ron Frederick
-
Publication number: 20240248968Abstract: A system and method for managing user identity information in a multi-tenant environment can perform operations including assigning a first address from an address pool for a first user session, storing first information for the first user session in the memory linked to the first address, and assigning a second address from the address pool for a second user session. The operations can also include storing second information for the second user session in the memory linked to the second address from the address pool for the second user session if the second address does not match a third address from the address pool for a third session in the memory, and forwarding communication data for the second user session after the second information has been stored.Type: ApplicationFiled: April 26, 2023Publication date: July 25, 2024Applicant: CA, Inc.Inventors: Wei Jen Yeh, Gary Tomic
-
Patent number: 11979292Abstract: Network rules established on a device can establish communication protocol between applications running on the device and interfaces connected to the device. For example, a network rule can establish which application(s) can access which interface(s), and when an application is not assigned to an interface, the application is not granted network access to the interface(s). In some instances, interfaces can be aggregated together to create an aggregation (e.g., link aggregation or a bridge aggregation), thus allowing the network rule to use the aggregation for multiple applications. An aggregation, such as a link aggregation, can be established as a shared rule that allows access to the interface by multiple applications. Alternatively, an aggregation, such as a bridge aggregation, can be established as a reserve rule that permits only a particular application, and no other application(s), access to the interface.Type: GrantFiled: December 14, 2022Date of Patent: May 7, 2024Assignee: CA, Inc.Inventors: Mark McConnaughay, Ronald Andrew Frederick, Szaniszlo Tyler Szepesi
-
Patent number: 11900251Abstract: Techniques are disclosed relating to increasing the amount of training data available to machine learning algorithms. A computer system may access an initial set of training data that specifies a plurality of sequences, each of which may define a set of data values. The computer system may amplify the initial set of training data to create a revised set of training data. The amplifying may include identifying sub-sequences of data values in ones of the plurality of sequences in the initial set of training data and using an inheritance algorithm to create a set of additional sequences of data values, where each one of the set of additional sequences may include sub-sequences of data values from at least two different sequences in the initial set of training data. The computer system may process the set of additional sequences using the machine learning algorithm to train a machine learning model.Type: GrantFiled: June 14, 2022Date of Patent: February 13, 2024Assignee: CA, INC.Inventors: Michael J. Cohen, Daniel David Sill
-
Patent number: 11853454Abstract: The disclosed computer-implemented method for preparing a secure search index for securely detecting personally identifiable information may include (i) receiving, at a computing device, a dataset including a record, where the record has a field including a value describing personally identifiable information and (ii) performing, at the computing device, a security action. The security action may include (i) generating, using a perfect hash function, a respective hashed key from the value and (ii) adding, to the secure search index (a) the respective hashed key or (b) a subsequent hashed key created from the respective hashed key. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: May 31, 2019Date of Patent: December 26, 2023Assignee: CA, Inc.Inventors: Yuval Tarsi, Stefano Emiliozzi
-
Patent number: 11777952Abstract: An authentication server can receive an electronic message transmitted by a sender. The electronic message can have an intended recipient and can include message data. A sender identification (“ID”) is embedded in the message data. The authentication server can generate a first message ID based on the message data that includes the sender ID. The first message ID can be determined to match a second message ID that is stored in a database. The sender ID can be determined to be different from an originator ID that is associated with the second message ID in the database. The authentication server can determine whether an originator associated with the originator ID has authorized the sender to transmit the message data and can determine whether to transmit the electronic message to the intended recipient based on whether the originator has authorized the sender to transmit the data.Type: GrantFiled: October 11, 2018Date of Patent: October 3, 2023Assignee: CA, Inc.Inventors: Krishna Chaithanya Kasibhatla, Satish Kumar Sharaf
-
Patent number: 11665171Abstract: Secure access to a corporate application with translation between an internal address and an external address. In some embodiments, a method may include receiving, at a secure access cloud point of delivery (PoD), from a client application on a client device, a request to access a corporate web application that is deployed in a corporate datacenter. The method may also include forwarding, from the secure access cloud PoD, to a connector that is also deployed in the corporate datacenter, the request to access the corporate web application. The method may further include brokering, by the connector and the secure access cloud PoD, authentication of a user, authorization of access by the user, and a secure communication session between the client application and the corporate web application by translating between an internal address of the corporate web application and an external address of the corporate web application.Type: GrantFiled: July 13, 2022Date of Patent: May 30, 2023Assignee: CA, Inc.Inventors: David Patimer, Lior Lev-Tov, Eldad Rudich, Leonid Belkind
-
Patent number: 11558383Abstract: A method for securing cloud applications is described. The method may include establishing a connection between a cloud application isolation portal, a cloud access security broker, and a cloud application based on an indication of the cloud application and a set of credentials associated with an end user of the cloud application, and managing, via the cloud application isolation portal and the cloud access security broker, a session between the cloud application and a computing device associated with the end user based on the connection between the cloud application isolation portal with the cloud access security broker and the cloud application.Type: GrantFiled: March 15, 2019Date of Patent: January 17, 2023Assignee: CA, Inc.Inventors: Alex Au Yeung, Amit Kanfer, Arunabha Saha, Manoj Kumar Sharma, Paul Kao, Prashanth Prabhu, Russell Daigle, Tobias Pischl, Yehoshua Chen
-
Patent number: 11551137Abstract: Machine learning adversarial campaign mitigation on a computing device. The method may include deploying an original machine learning model in a model environment associated with a client device; deploying a classification monitor in the model environment to monitor classification decision outputs in the machine learning model; detecting, by the classification monitor, a campaign of adversarial classification decision outputs in the machine learning model; applying a transformation function to the machine learning model in the model environment to transform the adversarial classification decision outputs to thwart the campaign of adversarial classification decision outputs; determining a malicious attack on the client device based in part on detecting the campaign of adversarial classification decision outputs; and implementing a security action to protect the computing device against the malicious attack.Type: GrantFiled: April 30, 2019Date of Patent: January 10, 2023Assignee: CA, Inc.Inventors: Javier Echauz, Andrew B. Gardner, John Keith Kenemer, Jasjeet Dhaliwal, Saurabh Shintre
-
Patent number: 11496489Abstract: Knowledge-aware detection of attacks on a client device conducted with dual-use tools. A method may include obtaining dual-use tool data related to a plurality of dual-use tools; collecting from a client device, by the computing device, user input related to the use of a dual-use tool of the plurality of dual-use tools; determining that the user input contains a feature of the dual-use tool data; creating a behavioral index of the user input, the behavioral index stored on the client device; detecting new input on the client device; determining a similarity level between the user input and the new input; flagging a malicious attack on the client device based on determining that the similarity level does not satisfy a pre-determined threshold; and implementing a security action on the client device based on flagging the malicious attack.Type: GrantFiled: March 28, 2019Date of Patent: November 8, 2022Assignee: CA, Inc.Inventors: Slawomir Grzonkowski, Johann Roturier, Pratyush Banerjee, David L. Silva
-
Patent number: 11461462Abstract: The disclosed computer-implemented method for producing adjustments to malware-detecting services may include (1) receiving, from a plurality of malware-detecting services executing on a plurality of client computing devices, a respective plurality of probability scores with corresponding model identifiers for an analyzed file and a plurality of respective identifiers describing the malware-detecting services, (2) building a training dataset from at least a portion of the received plurality of probability scores with corresponding model identifiers, and (3) performing a security action including (A) training, with the training dataset, a malware-detecting linear regression ensemble machine learning model that is specific to an identifier in the plurality of identifiers and (B) sending the trained linear regression ensemble machine learning model to one of the plurality of malware-detecting services executing on one of the client computing devices.Type: GrantFiled: September 21, 2018Date of Patent: October 4, 2022Assignee: CA, Inc.Inventors: Qichao Lan, Junda Zhu, Shaolong Shu, Tao Cheng, Rudy Senstad
-
Patent number: 11444925Abstract: Secure access to a corporate application in an SSH session using a transparent SSH proxy. In some embodiments, a method may include receiving, at a secure access cloud point of delivery (PoD), from a client application on a client device, a request to access a corporate application that is deployed in a corporate datacenter. The method may also include forwarding, from the secure access cloud PoD, to a connector that is also deployed in the corporate datacenter, the request. The method may further include brokering, by the connector and the secure access cloud PoD, authentication of a user, authorization of access by the user, and an SSH session between the client application and the corporate application using a transparent SSH proxy, with the client application being unaware that the SSH session is brokered by the connector and the secure access cloud PoD.Type: GrantFiled: October 2, 2019Date of Patent: September 13, 2022Assignee: CA, Inc.Inventors: David Patimer, Lior Lev-Tov, Eldad Rudich, Leonid Belkind
-
Patent number: 11442755Abstract: Secure access to a corporate application using a facade. In some embodiments, a method may include receiving, at a secure access cloud point of delivery (PoD), from a client application on a client device, a request to access a corporate application that is deployed in a corporate datacenter. The method may also include creating, at the secure access cloud PoD, a facade representing the corporate application. The method may further include forwarding, from the facade, to a connector that is also deployed in the corporate datacenter, the request. The method may also include brokering, by the connector and the facade, authentication of a user, authorization of access by the user, and a secure communication session between the client application and the corporate application via the facade, with the client application being unaware that the secure communication session is brokered by the connector and the facade.Type: GrantFiled: October 2, 2019Date of Patent: September 13, 2022Assignee: CA, Inc.Inventors: David Patimer, Lior Lev-Tov, Eldad Rudich, Leonid Belkind
-
Patent number: 11429823Abstract: The disclosed computer-implemented method for dynamically augmenting machine learning models based on contextual factors associated with execution environments may include (1) generating a base machine learning model and a supplemental set of machine learning models, (2) determining at least one contextual factor associated with an execution environment of a machine learning system that is configured to make predictions regarding a set of input data using at least the base machine learning model, (3) selecting, based on the contextual factor, a continuation set of machine learning models from the supplemental set of machine learning models, and (4) directing the machine learning system to utilize both the base machine learning model and the continuation set of machine learning models when making predictions regarding the set of input data. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: March 15, 2018Date of Patent: August 30, 2022Assignee: CA, INC.Inventors: Qichao Lan, XueFeng Tian, Tao Cheng, Rudy Senstad
-
Patent number: 11429846Abstract: A platform that integrates and collates the data points from students, employers, schools, and industry into an ecosystem which allows for customers (students, employers, schools, and industry) to model ‘what-if’ scenarios based on their industry parameters. By using a design algorithm based on automated reasoning, game theory, and knowledge mining, within a neural network, the platform can predict, model, and build the journey. The decision modeling neural learning platform may be used to augment or replace the need for guidance counselors in schools, along with assisting industry and immigration liaisons.Type: GrantFiled: January 22, 2019Date of Patent: August 30, 2022Assignee: KLIQ.CA Inc.Inventor: Kashif Siddiqui
-
Patent number: 11425134Abstract: Secure access to a corporate application with translation between an internal address and an external address. In some embodiments, a method may include receiving, at a secure access cloud point of delivery (PoD), from a client application on a client device, a request to access a corporate web application that is deployed in a corporate datacenter. The method may also include forwarding, from the secure access cloud PoD, to a connector that is also deployed in the corporate datacenter, the request to access the corporate web application. The method may further include brokering, by the connector and the secure access cloud PoD, authentication of a user, authorization of access by the user, and a secure communication session between the client application and the corporate web application by translating between an internal address of the corporate web application and an external address of the corporate web application.Type: GrantFiled: October 2, 2019Date of Patent: August 23, 2022Assignee: CA, Inc.Inventors: David Patimer, Lior Lev-Tov, Eldad Rudich, Leonid Belkind
-
Patent number: 11411968Abstract: The disclosed computer-implemented method for protecting a cloud computing device from malware may include (i) intercepting, at a computing device, a malicious attempt by the malware to (A) access sensitive information in an encrypted file stored on the computing device and (B) send the sensitive information to the cloud computing device and (ii) performing, responsive to the attempt to access the encrypted file, a security action. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: September 18, 2019Date of Patent: August 9, 2022Assignee: CA, INC.Inventors: Ashok Banerjee, Susan Hassall