Patents Examined by Alexander Lagor
-
Centralized request processing and security zone policy enforcement in a cloud infrastructure system
Patent number: 12261889Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a centralized application programming Interface (API) system and a security zone policy enforcement system in a cloud service provider infrastructure. The centralized API system receives an API request that identifies an operation to be performed on a resource in the CSPI. The system determines, from the API request, compartment information and context information associated with the resource. Responsive to determining the compartment information and the context information associated with the resource, the system determines that the resource resides in a compartment that is associated with a security zone. The system then processes the API request and transmits a result of processing of the API request to a user of the centralized API processing system.Type: GrantFiled: August 3, 2021Date of Patent: March 25, 2025Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Sreenivas Gattu, Qian Wei, Jonathan Jorge Nadal, Jun Tong, Thoulfekar Alrahem -
Patent number: 12248573Abstract: A Ransomware Activity Detection System (RADS) characterizes historic read/write IO activity on a storage volume, and also characterizes historic data characteristics of the storage volume, such as the percentage reducibility of the data held in the storage volume. The RADS monitors the storage volume to identify differences between current read/write IO activity and historic read/write IO activity, as well as difference between current data characteristics of the storage volume and historic data characteristics of the storage volume. When the RADS detects a significant difference in read/write IO activity on a storage volume, that is coupled with a significant changes to the data characteristics of the storage volume, the RADS protects the storage volume and generates an alert of the possible occurrence of a ransomware attack. Protection may occur prior in connection with any bulk read operation to proactively protect storage volumes against ransomware attacks.Type: GrantFiled: January 19, 2022Date of Patent: March 11, 2025Assignee: Dell Products, L.P.Inventors: John Madden, Jr., Benjamin A. F. Randolph, Jeremy O'Hare, Rong Yu
-
Patent number: 12231532Abstract: Examples herein describe a scalable tweak engine and prefetching tweak values. Regarding the scalable tweak engine, it can be designed to accommodate different bus widths of data. The scalable tweak engine described herein includes multiple tweak calculators that can be daisy chained together to output multiple tweak values every clock cycle. These tweak values can be sent to multiple encryption cores so that multiple data blocks can be encrypted in parallel. Regarding prefetching tweak values, previous encryption engines incur a delay as the tweak value (e.g., a metadata value) for a data block is calculated. In the embodiments herein, the encryption engine can include an independent metadata engine that determines the metadata value for a subsequent data block while the current data block is being encrypted.Type: GrantFiled: March 26, 2020Date of Patent: February 18, 2025Assignee: XILINX, INC.Inventors: Devanjan Maiti, Robert Bellarmin Susai, Jayaram Pvss
-
Patent number: 12223073Abstract: Methods, systems, and computer storage media provide a privacy compliance notification indicating a database's level of compliance with a privacy policy after restoring the database to the database's backup copy. The database is associated with a database management engine. The database supports privacy-based first-class data entities. The privacy-based first-class data entities are database entities having privacy system-level metadata properties associated with data operations in a database language syntax. The privacy compliance notification may be generated based on determining whether a privacy database operation associated with a database journal and a privacy journal has been executed on a database since the database was restored to a backup copy of the database.Type: GrantFiled: December 31, 2021Date of Patent: February 11, 2025Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Oron Golan, Aviram Fireberger, Aviad Pines, Adir Atias, Evgeny Lutsky
-
Patent number: 12216773Abstract: According to one embodiment, a memory system includes a nonvolatile memory and a controller. In response to receiving from a host a write request designating a first address for identifying data to be written, the controller encrypts the data with the first address and a first encryption key, and writes the encrypted data to the nonvolatile memory together with the first address. In response to receiving from the host a read request designating a physical address indicative of a physical storage location of the nonvolatile memory, the controller reads both the encrypted data and the first address from the nonvolatile memory on the basis of the physical address, and decrypts the read encrypted data with the first encryption key and the read first address.Type: GrantFiled: March 27, 2023Date of Patent: February 4, 2025Assignee: KIOXIA CORPORATIONInventor: Shinichi Kanno
-
Patent number: 12212656Abstract: Decrypting data at a first storage system that has been encrypted at a second, separate, storage system includes the first storage system requesting a key that decrypts the data from the second storage system, the second storage system determining if the first storage system is authorized for the key, the second storage system providing the key to the first storage system in response to the first storage system being authorized, a host that is coupled to the first storage system obtaining the key from the first storage system, and the host using the key to decrypt and access the data at the first storage system. The host and the first storage system may provide failover functionality for a system that includes the second storage system. The host may obtain the key from the first storage system in response to a failure of the system that includes the second storage system.Type: GrantFiled: April 22, 2021Date of Patent: January 28, 2025Assignee: EMC IP Holding Company LLCInventors: Arieh Don, Tomer Shachar, Maxim Balin, Yevgeni Gehtman
-
Patent number: 12210633Abstract: A memory controller for improving data integrity and providing data security. The memory controller including a transmit data path to transmit write data to a memory device, the transmit data path comprising a scrambling component, wherein the scrambling component includes a scrambling logic and an exclusive OR logic, wherein the write data is divided into a first portion and a second portion, wherein input of the scrambling logic comprises the first portion of the write data and an address associated with the write data to generate a pseudo-random output, and wherein input of the exclusive OR logic comprises the second portion of the write data, the pseudo-random output and a fixed seed corresponding to the first portion of the write data to generate a scrambled data.Type: GrantFiled: February 18, 2021Date of Patent: January 28, 2025Assignee: SKYECHIP SDN BHDInventors: Yu Ying Ong, Muhamad Aidil Bin Jazmi, Soon Chieh Lim, Chee Hak Teh
-
Patent number: 12206767Abstract: A transmitter device for sending an encrypted message to a receiver device in an identity-based cryptosystem, the identity-based cryptosystem includes a transmitter trusted center connected to the transmitter device and a receiver trusted center connected to the receiver device. The transmitter device is configured to: receive, from the transmitter trusted center, two public authentication keys; check if a set of conditions related to a transmitter trusted center public key, to a receiver trusted center public key, and to a transmitter authentication key comprised in the two public authentication keys are satisfied; determine a ciphertext set comprising an encrypted message if the set of conditions are satisfied; send the ciphertext set to the receiver device.Type: GrantFiled: December 6, 2019Date of Patent: January 21, 2025Assignee: SECURE-IC SASInventors: Margaux Dugardin, Adrien Facon, Sylvain Guilley
-
Patent number: 12167236Abstract: A computer-implemented method for remote management of hardware security modules (HSMs) includes receiving a command request from a mobile device. The command request includes an encrypted key part and an encrypted signing key. The HSM decrypts the command request using a key associated with a security zone of the mobile device. The HSM decrypts the encrypted key part and the encrypted signing key. Decrypting the encrypted key part and the encrypted signing key includes using the key associated with the security zone of the mobile device and a key associated with a remote administrator associated with the mobile device. A command is generated for a domain with a target HSM. The command is generated using the decrypted key part and the decrypted signing key. The command is transmitted to the domain for execution by the target HSM. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: December 11, 2020Date of Patent: December 10, 2024Assignee: International Business Machines CorporationInventors: Garry Joseph Sullivan, James Richard Coon, Michael Joseph Jordan, Michael J. Young, Jessica Doherty, Christopher V. DeRobertis
-
Patent number: 12160504Abstract: A plurality of public encryption keys are distributed to a plurality of participants in a federated learning system, and a first plurality of responses is received from the plurality of participants, where each respective response of the first plurality of responses was generated based on training data local to a respective participant of the plurality of participants and is encrypted using a respective public encryption key of the plurality of public encryption keys. A first aggregation vector is generated based on the first plurality of responses, and a first private encryption key is retrieved using the first aggregation vector. An aggregated model is then generated based on the first private encryption key and the first plurality of responses.Type: GrantFiled: November 13, 2019Date of Patent: December 3, 2024Assignee: International Business Machines CorporationInventors: Runhua Xu, Nathalie Baracaldo Angel, Yi Zhou, Ali Anwar, Heiko H Ludwig
-
Patent number: 12147561Abstract: Systems and methods of the present disclosure enable the automated provisioning of security and compliance policies and onboarding to identity governance solutions. The systems and methods include processors to receive a database provisioning request associated with at least one entity and accessing at least one identity data record via an identity management mechanism associated with the at least one entity. The processors automatically access the database via a secured port; automatically cause to generate in the database, at least one privilege account and at least one access credential rule based on the at least one identity data record. The database is configured to utilize the at least one access credential rule to automatically manage access credentials for accessing the database via the at least one privilege account. The processors automatically disconnect from the secured port of the database.Type: GrantFiled: February 19, 2021Date of Patent: November 19, 2024Assignee: Capital One Services, LLCInventors: Nagesh Gummadivalli, Aniket Sinkar, Arindam Chakraborty, Norflet Bailey, Clayton Mottley, Arthur Maltson, Elijah Sattler, Gregory Moczygemba, Nitin Sharma, Empress Marcelin, Bryan Barton
-
Patent number: 12149629Abstract: Managing a software multi-ownership account including operations of registering software, setting a usage authority, and transferring a usage authority. The operation of registering the software includes the operations of: receiving, by a reception unit of a management server, a software registration request from a software manufacturer server; checking whether an authentication unit of the management server is a pre-approved manufacturer; and generating a smart contract transaction using time information at which the authentication unit of the management server is requested to register the software and string information of a software name. An authority can be effectively transferred to use software between users to another person by using a sub-access token interworked to a system user account, and by additionally issuing a sub-access token for multiple access authorities for one piece of software, a user is able to have multiple access authorities, thereby broadening the scope of software utilization.Type: GrantFiled: December 20, 2021Date of Patent: November 19, 2024Inventor: Kyung Woon Cha
-
Patent number: 12132818Abstract: Malicious website detection has been very crucial in timely manner to avoid phishing. User privacy also needs to be maintained at the same time. A system and method for classifying a website URL have been provided. The system is configured to achieve end-to-end privacy for machine learning based malicious URL detection. The system provides privacy preserving malicious URL detection models based on Fully Homomorphic Encryption (FHE) approach either using deep neural network (DNN), using logistic regression or using a hybrid approach of both. The system is utilizing a split architecture (client-server) where-in feature extraction is done by a client machine and classification is done by a server. The client machine encrypts the query using FHE and sends it to the server which hosts machine learning model. During this process, the server doesn't learn any information about the query.Type: GrantFiled: February 18, 2021Date of Patent: October 29, 2024Assignee: Tata Consultancy Services LimitedInventors: Nitesh Emmadi, Harika Narumanchi, Imtiyazuddin Shaik, Rajan Mindigal Alasingara Bhattachar, Harshal Tupsamudre
-
Patent number: 12124559Abstract: Devices and techniques are generally described for peer-based anomalous rights detection. In various examples, a rights vector may be determined for a first individual, the rights vector representing rights held by the first individual. A nearest neighbor algorithm may be used to determine a set of individuals having similar rights to the first individual. In various examples, a category label associated with the first individual may be determined. In some examples, a number of individuals of the set of individuals having the category label may be determined. In some examples, a determination may be made that the rights held by the first individual are anomalous based at least in part on the number. In some cases, alert data indicating that the rights held by the first individual are anomalous may be generated.Type: GrantFiled: June 24, 2021Date of Patent: October 22, 2024Assignee: AMAZON TECHNOLOGIES, INC.Inventors: Brendan Cruz Colon, Matthew Michael Sommer, Christopher Miller
-
Patent number: 12113785Abstract: In one embodiment, a method comprises: establishing, by a first executable resource in a network device having joined a secure peer-to-peer data network, a registry providing a mapping between one or more network entities associated with a tag object by an identified user entity, each network entity represented by a federation identifier of a user entity or a corresponding data object; receiving a search request for one or more identified network entities having been tagged with the tag object, and in response generating a search result based on identifying the network entities having been mapped relative to tag object, the search result identifying one or more of an identified federation identifier or an identified unique identifier for the identified network entities; and providing the search result by the first executable resource, the search result causing an endpoint device to attract the identified network entities for presentation by the endpoint device.Type: GrantFiled: July 12, 2021Date of Patent: October 8, 2024Assignee: WhiteStar Communications, Inc.Inventor: Billy Gayle Moon
-
Patent number: 12069102Abstract: Some network architectures include perimeter or edge devices which perform network address translation or otherwise modify data in a network traffic packet header, such as the source address. The modification of the source address prevents downstream devices from knowing the true or original source address from which the traffic originated. To address this issue, perimeter devices can insert the original source address in an X-Forwarded-For field of the packet header. Firewalls and related security services can be programmed to record the original source address in the XFF field in addition to the other packet information and to consider the original source address during security analysis. Using the original source address in the XFF field, services can determine additional characteristics about the traffic, such as geographic origin or associated user accounts, and use these characteristics to identify applicable rules or policies.Type: GrantFiled: January 3, 2022Date of Patent: August 20, 2024Assignee: Palo Alto Networks, Inc.Inventors: Thomas Arthur Warburton, Ashwath Sreenivasa Murthy, Jeffrey James Fitz-Gerald, Jr.
-
Patent number: 12050694Abstract: A rule generation apparatus 100 is an apparatus that automatically generates rules used to analyze an attack, and includes a collection unit 200, an attack success condition generation unit 300, an attack-time history generation unit 400, and a rule generation unit 500.Type: GrantFiled: May 18, 2020Date of Patent: July 30, 2024Assignee: NEC CORPORATIONInventor: Tomohiko Yagyu
-
Patent number: 12045329Abstract: A smart card is provided. The smart card includes a peripheral circuit configured to control a fingerprint sensing array and generate a raw image, an authentication information processing module configured to process the raw image into fingerprint information for verification, a security module configured to determine whether the fingerprint information for verification matches registered fingerprint information to determine usage approval or disapproval for a payment request, and an active shield overlapping the security module. The peripheral circuit, the authentication information processing module, and the security module are integrated into one chip.Type: GrantFiled: April 13, 2021Date of Patent: July 23, 2024Assignee: Samsung Electronics Co., Ltd.Inventors: Gi Jin Kang, Sung Ung Kwak, Ji-Soo Chang
-
Patent number: 12035133Abstract: A communication device and method are provided for communicating data, such as a cryptographic key, wirelessly to another communication device. The communication device and the other device each include an oscillator circuit portion, an inverter, a non-inverting buffer, and a switch for switching between the inverter and non-inverting buffer. A circular loop is formed wirelessly between the oscillator circuit portions of both devices by placing both communication devices near each other. A control circuit in each device measures a parameter such as frequency or waveform pattern of the circulating signal to determine how to position the switches. The oscillator circuit portions may be portions of the same oscillator distributed between the devices, such as a delay line-controlled oscillator or a chaotic oscillator. Inverting and not inverting the circulated signal changes the parameter of the signal so that it is difficult for an eavesdropper to learn the communication.Type: GrantFiled: April 1, 2021Date of Patent: July 9, 2024Assignee: NXP B.V.Inventor: Jan-Peter Schat
-
Patent number: 12019738Abstract: Disclosed is a fault injection attack method including determining a trigger start point in time based on an input signal for a crypto device; determining a trigger end point in time based on an output signal of the crypto device; setting a trigger based on the trigger start point in time and the trigger end point in time; and performing a fault injection attack based on the set trigger.Type: GrantFiled: October 28, 2021Date of Patent: June 25, 2024Assignee: KOOKMIN UNIVERSITY INDUSTRY ACADEMY COOPERATION FOUNDATIONInventors: Han Sup Lim, Jong Hyeok Lee, Dong Guk Han