Patents Examined by Alexander Lagor
  • Patent number: 12261889
    Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a centralized application programming Interface (API) system and a security zone policy enforcement system in a cloud service provider infrastructure. The centralized API system receives an API request that identifies an operation to be performed on a resource in the CSPI. The system determines, from the API request, compartment information and context information associated with the resource. Responsive to determining the compartment information and the context information associated with the resource, the system determines that the resource resides in a compartment that is associated with a security zone. The system then processes the API request and transmits a result of processing of the API request to a user of the centralized API processing system.
    Type: Grant
    Filed: August 3, 2021
    Date of Patent: March 25, 2025
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Sreenivas Gattu, Qian Wei, Jonathan Jorge Nadal, Jun Tong, Thoulfekar Alrahem
  • Patent number: 12248573
    Abstract: A Ransomware Activity Detection System (RADS) characterizes historic read/write IO activity on a storage volume, and also characterizes historic data characteristics of the storage volume, such as the percentage reducibility of the data held in the storage volume. The RADS monitors the storage volume to identify differences between current read/write IO activity and historic read/write IO activity, as well as difference between current data characteristics of the storage volume and historic data characteristics of the storage volume. When the RADS detects a significant difference in read/write IO activity on a storage volume, that is coupled with a significant changes to the data characteristics of the storage volume, the RADS protects the storage volume and generates an alert of the possible occurrence of a ransomware attack. Protection may occur prior in connection with any bulk read operation to proactively protect storage volumes against ransomware attacks.
    Type: Grant
    Filed: January 19, 2022
    Date of Patent: March 11, 2025
    Assignee: Dell Products, L.P.
    Inventors: John Madden, Jr., Benjamin A. F. Randolph, Jeremy O'Hare, Rong Yu
  • Patent number: 12231532
    Abstract: Examples herein describe a scalable tweak engine and prefetching tweak values. Regarding the scalable tweak engine, it can be designed to accommodate different bus widths of data. The scalable tweak engine described herein includes multiple tweak calculators that can be daisy chained together to output multiple tweak values every clock cycle. These tweak values can be sent to multiple encryption cores so that multiple data blocks can be encrypted in parallel. Regarding prefetching tweak values, previous encryption engines incur a delay as the tweak value (e.g., a metadata value) for a data block is calculated. In the embodiments herein, the encryption engine can include an independent metadata engine that determines the metadata value for a subsequent data block while the current data block is being encrypted.
    Type: Grant
    Filed: March 26, 2020
    Date of Patent: February 18, 2025
    Assignee: XILINX, INC.
    Inventors: Devanjan Maiti, Robert Bellarmin Susai, Jayaram Pvss
  • Patent number: 12223073
    Abstract: Methods, systems, and computer storage media provide a privacy compliance notification indicating a database's level of compliance with a privacy policy after restoring the database to the database's backup copy. The database is associated with a database management engine. The database supports privacy-based first-class data entities. The privacy-based first-class data entities are database entities having privacy system-level metadata properties associated with data operations in a database language syntax. The privacy compliance notification may be generated based on determining whether a privacy database operation associated with a database journal and a privacy journal has been executed on a database since the database was restored to a backup copy of the database.
    Type: Grant
    Filed: December 31, 2021
    Date of Patent: February 11, 2025
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Oron Golan, Aviram Fireberger, Aviad Pines, Adir Atias, Evgeny Lutsky
  • Patent number: 12216773
    Abstract: According to one embodiment, a memory system includes a nonvolatile memory and a controller. In response to receiving from a host a write request designating a first address for identifying data to be written, the controller encrypts the data with the first address and a first encryption key, and writes the encrypted data to the nonvolatile memory together with the first address. In response to receiving from the host a read request designating a physical address indicative of a physical storage location of the nonvolatile memory, the controller reads both the encrypted data and the first address from the nonvolatile memory on the basis of the physical address, and decrypts the read encrypted data with the first encryption key and the read first address.
    Type: Grant
    Filed: March 27, 2023
    Date of Patent: February 4, 2025
    Assignee: KIOXIA CORPORATION
    Inventor: Shinichi Kanno
  • Patent number: 12212656
    Abstract: Decrypting data at a first storage system that has been encrypted at a second, separate, storage system includes the first storage system requesting a key that decrypts the data from the second storage system, the second storage system determining if the first storage system is authorized for the key, the second storage system providing the key to the first storage system in response to the first storage system being authorized, a host that is coupled to the first storage system obtaining the key from the first storage system, and the host using the key to decrypt and access the data at the first storage system. The host and the first storage system may provide failover functionality for a system that includes the second storage system. The host may obtain the key from the first storage system in response to a failure of the system that includes the second storage system.
    Type: Grant
    Filed: April 22, 2021
    Date of Patent: January 28, 2025
    Assignee: EMC IP Holding Company LLC
    Inventors: Arieh Don, Tomer Shachar, Maxim Balin, Yevgeni Gehtman
  • Patent number: 12210633
    Abstract: A memory controller for improving data integrity and providing data security. The memory controller including a transmit data path to transmit write data to a memory device, the transmit data path comprising a scrambling component, wherein the scrambling component includes a scrambling logic and an exclusive OR logic, wherein the write data is divided into a first portion and a second portion, wherein input of the scrambling logic comprises the first portion of the write data and an address associated with the write data to generate a pseudo-random output, and wherein input of the exclusive OR logic comprises the second portion of the write data, the pseudo-random output and a fixed seed corresponding to the first portion of the write data to generate a scrambled data.
    Type: Grant
    Filed: February 18, 2021
    Date of Patent: January 28, 2025
    Assignee: SKYECHIP SDN BHD
    Inventors: Yu Ying Ong, Muhamad Aidil Bin Jazmi, Soon Chieh Lim, Chee Hak Teh
  • Patent number: 12206767
    Abstract: A transmitter device for sending an encrypted message to a receiver device in an identity-based cryptosystem, the identity-based cryptosystem includes a transmitter trusted center connected to the transmitter device and a receiver trusted center connected to the receiver device. The transmitter device is configured to: receive, from the transmitter trusted center, two public authentication keys; check if a set of conditions related to a transmitter trusted center public key, to a receiver trusted center public key, and to a transmitter authentication key comprised in the two public authentication keys are satisfied; determine a ciphertext set comprising an encrypted message if the set of conditions are satisfied; send the ciphertext set to the receiver device.
    Type: Grant
    Filed: December 6, 2019
    Date of Patent: January 21, 2025
    Assignee: SECURE-IC SAS
    Inventors: Margaux Dugardin, Adrien Facon, Sylvain Guilley
  • Patent number: 12167236
    Abstract: A computer-implemented method for remote management of hardware security modules (HSMs) includes receiving a command request from a mobile device. The command request includes an encrypted key part and an encrypted signing key. The HSM decrypts the command request using a key associated with a security zone of the mobile device. The HSM decrypts the encrypted key part and the encrypted signing key. Decrypting the encrypted key part and the encrypted signing key includes using the key associated with the security zone of the mobile device and a key associated with a remote administrator associated with the mobile device. A command is generated for a domain with a target HSM. The command is generated using the decrypted key part and the decrypted signing key. The command is transmitted to the domain for execution by the target HSM. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 11, 2020
    Date of Patent: December 10, 2024
    Assignee: International Business Machines Corporation
    Inventors: Garry Joseph Sullivan, James Richard Coon, Michael Joseph Jordan, Michael J. Young, Jessica Doherty, Christopher V. DeRobertis
  • Patent number: 12160504
    Abstract: A plurality of public encryption keys are distributed to a plurality of participants in a federated learning system, and a first plurality of responses is received from the plurality of participants, where each respective response of the first plurality of responses was generated based on training data local to a respective participant of the plurality of participants and is encrypted using a respective public encryption key of the plurality of public encryption keys. A first aggregation vector is generated based on the first plurality of responses, and a first private encryption key is retrieved using the first aggregation vector. An aggregated model is then generated based on the first private encryption key and the first plurality of responses.
    Type: Grant
    Filed: November 13, 2019
    Date of Patent: December 3, 2024
    Assignee: International Business Machines Corporation
    Inventors: Runhua Xu, Nathalie Baracaldo Angel, Yi Zhou, Ali Anwar, Heiko H Ludwig
  • Patent number: 12147561
    Abstract: Systems and methods of the present disclosure enable the automated provisioning of security and compliance policies and onboarding to identity governance solutions. The systems and methods include processors to receive a database provisioning request associated with at least one entity and accessing at least one identity data record via an identity management mechanism associated with the at least one entity. The processors automatically access the database via a secured port; automatically cause to generate in the database, at least one privilege account and at least one access credential rule based on the at least one identity data record. The database is configured to utilize the at least one access credential rule to automatically manage access credentials for accessing the database via the at least one privilege account. The processors automatically disconnect from the secured port of the database.
    Type: Grant
    Filed: February 19, 2021
    Date of Patent: November 19, 2024
    Assignee: Capital One Services, LLC
    Inventors: Nagesh Gummadivalli, Aniket Sinkar, Arindam Chakraborty, Norflet Bailey, Clayton Mottley, Arthur Maltson, Elijah Sattler, Gregory Moczygemba, Nitin Sharma, Empress Marcelin, Bryan Barton
  • Patent number: 12149629
    Abstract: Managing a software multi-ownership account including operations of registering software, setting a usage authority, and transferring a usage authority. The operation of registering the software includes the operations of: receiving, by a reception unit of a management server, a software registration request from a software manufacturer server; checking whether an authentication unit of the management server is a pre-approved manufacturer; and generating a smart contract transaction using time information at which the authentication unit of the management server is requested to register the software and string information of a software name. An authority can be effectively transferred to use software between users to another person by using a sub-access token interworked to a system user account, and by additionally issuing a sub-access token for multiple access authorities for one piece of software, a user is able to have multiple access authorities, thereby broadening the scope of software utilization.
    Type: Grant
    Filed: December 20, 2021
    Date of Patent: November 19, 2024
    Inventor: Kyung Woon Cha
  • Patent number: 12132818
    Abstract: Malicious website detection has been very crucial in timely manner to avoid phishing. User privacy also needs to be maintained at the same time. A system and method for classifying a website URL have been provided. The system is configured to achieve end-to-end privacy for machine learning based malicious URL detection. The system provides privacy preserving malicious URL detection models based on Fully Homomorphic Encryption (FHE) approach either using deep neural network (DNN), using logistic regression or using a hybrid approach of both. The system is utilizing a split architecture (client-server) where-in feature extraction is done by a client machine and classification is done by a server. The client machine encrypts the query using FHE and sends it to the server which hosts machine learning model. During this process, the server doesn't learn any information about the query.
    Type: Grant
    Filed: February 18, 2021
    Date of Patent: October 29, 2024
    Assignee: Tata Consultancy Services Limited
    Inventors: Nitesh Emmadi, Harika Narumanchi, Imtiyazuddin Shaik, Rajan Mindigal Alasingara Bhattachar, Harshal Tupsamudre
  • Patent number: 12124559
    Abstract: Devices and techniques are generally described for peer-based anomalous rights detection. In various examples, a rights vector may be determined for a first individual, the rights vector representing rights held by the first individual. A nearest neighbor algorithm may be used to determine a set of individuals having similar rights to the first individual. In various examples, a category label associated with the first individual may be determined. In some examples, a number of individuals of the set of individuals having the category label may be determined. In some examples, a determination may be made that the rights held by the first individual are anomalous based at least in part on the number. In some cases, alert data indicating that the rights held by the first individual are anomalous may be generated.
    Type: Grant
    Filed: June 24, 2021
    Date of Patent: October 22, 2024
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Brendan Cruz Colon, Matthew Michael Sommer, Christopher Miller
  • Patent number: 12113785
    Abstract: In one embodiment, a method comprises: establishing, by a first executable resource in a network device having joined a secure peer-to-peer data network, a registry providing a mapping between one or more network entities associated with a tag object by an identified user entity, each network entity represented by a federation identifier of a user entity or a corresponding data object; receiving a search request for one or more identified network entities having been tagged with the tag object, and in response generating a search result based on identifying the network entities having been mapped relative to tag object, the search result identifying one or more of an identified federation identifier or an identified unique identifier for the identified network entities; and providing the search result by the first executable resource, the search result causing an endpoint device to attract the identified network entities for presentation by the endpoint device.
    Type: Grant
    Filed: July 12, 2021
    Date of Patent: October 8, 2024
    Assignee: WhiteStar Communications, Inc.
    Inventor: Billy Gayle Moon
  • Patent number: 12069102
    Abstract: Some network architectures include perimeter or edge devices which perform network address translation or otherwise modify data in a network traffic packet header, such as the source address. The modification of the source address prevents downstream devices from knowing the true or original source address from which the traffic originated. To address this issue, perimeter devices can insert the original source address in an X-Forwarded-For field of the packet header. Firewalls and related security services can be programmed to record the original source address in the XFF field in addition to the other packet information and to consider the original source address during security analysis. Using the original source address in the XFF field, services can determine additional characteristics about the traffic, such as geographic origin or associated user accounts, and use these characteristics to identify applicable rules or policies.
    Type: Grant
    Filed: January 3, 2022
    Date of Patent: August 20, 2024
    Assignee: Palo Alto Networks, Inc.
    Inventors: Thomas Arthur Warburton, Ashwath Sreenivasa Murthy, Jeffrey James Fitz-Gerald, Jr.
  • Patent number: 12050694
    Abstract: A rule generation apparatus 100 is an apparatus that automatically generates rules used to analyze an attack, and includes a collection unit 200, an attack success condition generation unit 300, an attack-time history generation unit 400, and a rule generation unit 500.
    Type: Grant
    Filed: May 18, 2020
    Date of Patent: July 30, 2024
    Assignee: NEC CORPORATION
    Inventor: Tomohiko Yagyu
  • Patent number: 12045329
    Abstract: A smart card is provided. The smart card includes a peripheral circuit configured to control a fingerprint sensing array and generate a raw image, an authentication information processing module configured to process the raw image into fingerprint information for verification, a security module configured to determine whether the fingerprint information for verification matches registered fingerprint information to determine usage approval or disapproval for a payment request, and an active shield overlapping the security module. The peripheral circuit, the authentication information processing module, and the security module are integrated into one chip.
    Type: Grant
    Filed: April 13, 2021
    Date of Patent: July 23, 2024
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Gi Jin Kang, Sung Ung Kwak, Ji-Soo Chang
  • Patent number: 12035133
    Abstract: A communication device and method are provided for communicating data, such as a cryptographic key, wirelessly to another communication device. The communication device and the other device each include an oscillator circuit portion, an inverter, a non-inverting buffer, and a switch for switching between the inverter and non-inverting buffer. A circular loop is formed wirelessly between the oscillator circuit portions of both devices by placing both communication devices near each other. A control circuit in each device measures a parameter such as frequency or waveform pattern of the circulating signal to determine how to position the switches. The oscillator circuit portions may be portions of the same oscillator distributed between the devices, such as a delay line-controlled oscillator or a chaotic oscillator. Inverting and not inverting the circulated signal changes the parameter of the signal so that it is difficult for an eavesdropper to learn the communication.
    Type: Grant
    Filed: April 1, 2021
    Date of Patent: July 9, 2024
    Assignee: NXP B.V.
    Inventor: Jan-Peter Schat
  • Patent number: 12019738
    Abstract: Disclosed is a fault injection attack method including determining a trigger start point in time based on an input signal for a crypto device; determining a trigger end point in time based on an output signal of the crypto device; setting a trigger based on the trigger start point in time and the trigger end point in time; and performing a fault injection attack based on the set trigger.
    Type: Grant
    Filed: October 28, 2021
    Date of Patent: June 25, 2024
    Assignee: KOOKMIN UNIVERSITY INDUSTRY ACADEMY COOPERATION FOUNDATION
    Inventors: Han Sup Lim, Jong Hyeok Lee, Dong Guk Han