Patents Examined by Amie C Lin
  • Patent number: 11463429
    Abstract: Network controls for application access secured by transport layer security (TLS) using single sign on (SSO) flow may be provided. An application access request for authenticating a user may be received in response to the user requesting an access to an application. User credentials associated with the user may be validated. In response to validating the user credentials, user attributes associated with the user may be determined. Network controls for a user session associated with the application access request may be determined based on the user attributes. The application access request may be redirected to a plain text user session. The plain text user session may comprise the network controls for the user session.
    Type: Grant
    Filed: October 14, 2020
    Date of Patent: October 4, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Syam Sundar Appala, Sanjay Kumar Hooda, Rex E. Fernando, Vikram Pendharkar
  • Patent number: 11457008
    Abstract: Techniques for using a single sign-on (SSO) service as a software defined networking (SDN) controller for a virtual private network environment. The techniques disclosed herein may include receiving, at a first authentication service, first data including a first request to authenticate a user of a client device to access an application. The techniques may also include sending, to the client device, second data representing a second request configured to prompt a second authentication service to authenticate the user of the client device. Additionally, the first authentication service may receive an indication that the user was authenticated by the second authentication service and determine, based at least in part on an attribute associated with at least one of the client device or the application, whether the client device is to access the application using an unsecured connection or, alternatively, access the application using a secured connection.
    Type: Grant
    Filed: October 13, 2020
    Date of Patent: September 27, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: Hendrikus G. P. Bosch, Alessandro Duminuco, Julien Barbot, Jeffrey Michael Napper, Sape Jurrien Mullender
  • Patent number: 11449619
    Abstract: A system for analyzing a computing system for potential breach points, the system comprising a memory device having executable instructions stored therein, and a processing device, in response to the executable instructions, configured to parse a breach scenario file, the breach scenario file comprising a graph including action component nodes connected by edges, determine a root node from the action component nodes, execute the root node with breach point data, generate a root node return value based on the execution of the root node, the root node return value including a modified copy of the breach point data, determine children nodes from the action component nodes connected to the root node, execute the children nodes wherein each execution of the children nodes produces children node return values for a subsequent one of the children nodes, and return a final return value from the execution of the children nodes.
    Type: Grant
    Filed: November 23, 2020
    Date of Patent: September 20, 2022
    Assignee: SAFEBREACH LTD.
    Inventors: Itzhak Kotler, Idan Livni, Dan Bar-Shalom, Guy Bejerano
  • Patent number: 11444934
    Abstract: An automation system includes at least one automation unit, multiple automation servers and a central management unit interconnected via a communication network, wherein the automation servers communicate with the automation unit using a pre validated certificate of the automation unit, where in order to validate the certificate, the automation servers check a chain of trust of the respective certificate and, by accessing a black list, the validity thereof, where communication of the respective chain of trust only occurs when corresponding chains of trust are revoked from all other automation servers beforehand, corresponding certificates are entered into the black list or the certificate is otherwise invalid.
    Type: Grant
    Filed: December 8, 2020
    Date of Patent: September 13, 2022
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Benjamin Lutz, Anna Palmin
  • Patent number: 11438387
    Abstract: Methods, systems, and computer storage media for providing detection of unsecure network policies in a network segment and automatically remediating the unsecure policies based on pre-defined network policies in a computing environment. In particular, a security maintenance manager of an access management system in the computing environment detects an unsecure network policy based on comparing an active configuration of the network segment to an expected configuration of the network segment and modifies the active configuration to at least restore restrictions of network policies of the expected configuration to the active configuration. In operation, the security maintenance manager periodically accesses an active configuration record for the network segment and compares the active configuration record to an expected configuration record for the network segment. Based on comparing the active configuration record to the expected configuration record, restrictions are remediated (e.g.
    Type: Grant
    Filed: October 21, 2019
    Date of Patent: September 6, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yanelis Lopez, Krupa Ravinath Tadepalli, Varun Sharma, Johnathon Paul Mohr
  • Patent number: 11438322
    Abstract: Some embodiments of the invention provide a method for a trusted (or originator) device to modify the security state of a target device (e.g., unlocking the device) based on a securing ranging operation (e.g., determining a distance, proximity, etc.). The method of some embodiments exchanges messages as a part of a ranging operation in order to determine whether the trusted and target devices are within a specified range of each other before allowing the trusted device to modify the security state of the target device. In some embodiments, the messages are derived by both devices based on a shared secret and are used to verify the source of ranging signals used for the ranging operation. In some embodiments, the method is performed using multiple different frequency bands.
    Type: Grant
    Filed: January 31, 2019
    Date of Patent: September 6, 2022
    Assignee: Apple Inc.
    Inventors: Wade Benson, Marc J. Krochmal, Alexander R. Ledwith, John Iarocci, Jerrold V. Hauck, Michael Brouwer, Mitchell D. Adler, Yannick L. Sierra
  • Patent number: 11425112
    Abstract: Blockchain validation systems including a blockchain configured banking core (BCBC) hosted on a server, a blockchain configured component coupled to the BCBC, permitting transfer of data records to the BCBC for storage thereon, and a number of blockchain configured federation proxies facilitating identification of access rules and execution of blockchain validation mechanisms. Methods for blockchain validation involving permitting interaction amongst a plurality of external computing systems associated with a plurality of entities in a manner bypassing a BCBC hosted on a server, through a blockchain configured component accessible by the external computing systems, permitting data record transfer to the BCBC over an independent verification network, managing the data records using blockchain configured federation proxies, and selectively distributing data records to the entities.
    Type: Grant
    Filed: February 2, 2021
    Date of Patent: August 23, 2022
    Assignee: FINLINK, INC.
    Inventor: Vladimir Lounegov
  • Patent number: 11416637
    Abstract: The invention is a method for managing a tamper-proof device comprising a processor and an operating system able to handle a set of communication protocols with external entities. The operating system accesses a ruling data specifying for each communication protocol of the set whether Card Lock, Card Terminate and Final Application privileges as defined by GlobalPlatform Card Specification (V2.3) are authorized or forbidden. Upon receipt of a command from one of said external entities, the operating system uses the ruling data to deny or to authorize execution of the command based on the communication protocol used to convey the command.
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: August 16, 2022
    Assignee: THALES DIS FRANCE SAS
    Inventors: Fabien Courtiade, Florent Labourie, Denis Dubois, Syarif Ahmad, Jianrong Yang, Nopiga Pahala, Shier Loon Sharon Yong
  • Patent number: 11409914
    Abstract: The invention is a method for managing a tamper-proof device comprising a plurality of software containers and an operating system. The operating system is able to handle a set of communication protocols with external entities. The operating system accesses a pairing data in which each communication protocol of said set has been associated with a single software container and upon receipt of a message from one of the external entities, the operating system uses the pairing data to route the message to the software container associated with the communication protocol used to convey the message.
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: August 9, 2022
    Assignee: THALES DIS FRANCE SAS
    Inventors: Fabien Courtiade, Florent Labourie, Denis Dubois, Syarif Ahmad, Jianrong Yang, Nopiga Pahala, Shier Loon Sharon Yong
  • Patent number: 11403416
    Abstract: Provided are exemplary systems and methods for secure intelligent networked architecture, processing and execution. Exemplary embodiments include an intelligent networked architecture comprising an intelligent agent, a secure cloud of a plurality of specialized intelligent historical agents, a plurality of secure cloud based specialized insight servers configured to transform secure digital data into a scrubbed situational deployment trigger, and an intelligent operational agent configured to receive the scrubbed situational deployment trigger.
    Type: Grant
    Filed: October 30, 2020
    Date of Patent: August 2, 2022
    Assignee: Capitalogix IP Owner, LLC
    Inventors: Howard M. Getson, Sean Vallie, Robert Jump, Prince Modi, Derek Ainsworth, Daniel Hittler
  • Patent number: 11405392
    Abstract: A server system can include an internal computer network including at least one client server configured to establish a data transfer connection to an external computer network, and at least one proxy server system positioned between the internal computer network and the external computer network. The proxy server system can include a proxy server positioned between a first firewall and a second firewall, where the first firewall is positioned between the first proxy server and the internal computer network, and the second firewall is positioned between the proxy server and the external computer network. The server system can develop and maintain a proxy server system that includes a whitelist of sites deemed necessary and/or desirable for system operation. The whitelist can be updated as a user works with and uses the system. Such updates can take place continuously in real or near-real time or periodically as frequently as desired.
    Type: Grant
    Filed: September 10, 2019
    Date of Patent: August 2, 2022
    Assignee: AVEVA SOFTWARE, LLC
    Inventors: Ryan Benedict Saldanha, Vinay T. Kamath, Scott Alan Savino, Elliott Scott Middleton, Jr.
  • Patent number: 11397829
    Abstract: The present invention aims to improve data protection against illegal access by a strong differentiation of the security level specific on a type of data so that when the protection on a part of the data is violated, the remaining data are still inaccessible. A method for controlling access, via an open communication network, to user private data, comprising steps of: dividing the user private data into a plurality of categories, each category defining a privacy level of the data, encrypting the user private data of each category with a category key pertaining to the category of the data, attributing to a stakeholder an entity configured for accessing to at least one category of user private data, and authorizing the access to the at least one category of user private data for the entity of the stakeholder, by providing the stakeholder with the category keys required for decrypting the user private data of the corresponding category.
    Type: Grant
    Filed: October 7, 2020
    Date of Patent: July 26, 2022
    Assignee: Nagravision S.A.
    Inventor: Antoine Burckard
  • Patent number: 11381561
    Abstract: A relay apparatus, which is connected between an information terminal and at least one peripheral device communicatively connected to the information terminal and supplying information to the information terminal, is recognized as a peripheral device by the information terminal, and recognized as an information terminal by the peripheral device. The relay apparatus comprises authentication means for authenticating a user using the information terminal by operating the peripheral device and control means for controlling relaying of an operation signal of the peripheral device operated by the user to the information terminal, based on an authentication result of the user.
    Type: Grant
    Filed: December 1, 2017
    Date of Patent: July 5, 2022
    Assignee: NEC CORPORATION
    Inventor: Kayato Sekiya
  • Patent number: 11381593
    Abstract: A system and method for generating insights on distributed denial of service (DDoS) attacks are provided. The method includes receiving a plurality of data feeds from a plurality of data sources; processing the plurality of received data feeds to generate enriched data sets; and analyzing the enriched data sets to generate insights information about a DDoS attack that have been participated in at least one DDoS attack.
    Type: Grant
    Filed: December 11, 2018
    Date of Patent: July 5, 2022
    Assignee: Radware, Ltd.
    Inventors: Ehud Doron, Yotam Ben Ezra, David Aviv
  • Patent number: 11366789
    Abstract: A computing device is described which has at least one application access record storing references to content items stored at the computing device. At least one local store stores other content items. A processor of the computing device executes at least one application, the application having ability to access the content items referenced in the application access record and restricted from accessing the other content items. An operating system of the computing device is configured to search the local store to identify at least one of the other content items on the basis of criteria, and to suggest the identified other content item(s) to a user of the computing device for access by the application.
    Type: Grant
    Filed: June 29, 2017
    Date of Patent: June 21, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Johannes Fredrik Strömberg, Henrik Jersling, Tor Andrae
  • Patent number: 11354388
    Abstract: A method for detecting bots in a user network (R), the method comprising the following steps: receiving (102) by a user terminal (2) an identifier (ID) associated with a network user account; transmitting (104), by the user terminal (2), the identifier (ID) to an access control system (3) configured to determine whether or not a mobile terminal owner has the right to access an area or service, the area or service being independent of the user network (R); transmitting (106), by the access control system (3) to the server (1), a representative data element supporting that the identifier (ID) has been received by the access control system (3); and using (108) by the server (1) the representative data element to determine whether the user of the account associated with the identifier (ID) is a bot or not.
    Type: Grant
    Filed: March 23, 2020
    Date of Patent: June 7, 2022
    Assignee: IDEMIA IDENTITY & SECURITY FRANCE
    Inventors: Hervé Chabanne, Vincent Bouatou
  • Patent number: 11347862
    Abstract: A credential management system for an information handling system dynamically determines an available set of authentication techniques based on a system configuration. The dynamic configuration may be based on devices connected to the information handling system, such as keyboard, fingerprint reader, and facial recognition. The dynamic configuration may also be based on a dynamic posture of the information handling system, such as whether a devices is in an open-lid, closed-lid, tent-shape, tablet-mode, or docked configuration.
    Type: Grant
    Filed: January 9, 2020
    Date of Patent: May 31, 2022
    Assignee: Dell Products L.P.
    Inventors: Daniel Lawrence Hamlin, Charles Delbert Robison, Jr.
  • Patent number: 11343238
    Abstract: Provided is a computer-implemented method for verifying a user identity, including: receiving, from a user device, authentication data for a user, the authentication data including an account identifier corresponding to an account with a first issuer institution; generating, with at least one processor and based at least partially on the authentication data, a passcode; communicating the passcode to the user device or a second device associated with the user; receiving, with at least one processor, a verification request comprising the passcode; and verifying, with at least one processor, an identity of the user based on validating the passcode.
    Type: Grant
    Filed: October 9, 2018
    Date of Patent: May 24, 2022
    Assignee: Visa International Service Association
    Inventors: Abhishek Ravi, Wei Ying Yap, Francois Hribovsek, Kok Seng Chew
  • Patent number: 11336623
    Abstract: There is disclosed a method of processing a data packet received by a packet sniffer, the packet containing an associated identifier, the method including transmitting the packet to a recipient, determining if the identifier corresponds to a particular network, wherein if the identifier is determined to correspond to the particular network, the identifier is provided to the recipient; and if the identifier is determined to not correspond to the particular network, the identifier is withheld from the recipient.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: May 17, 2022
    Assignee: British Telecommunications Public Limited Company
    Inventors: Simon Ringland, Francis Scahill, Timothy Twell
  • Patent number: 11329986
    Abstract: A system for processing communications is provided. The system includes a trusted receiver device configured to receive a communication directed to a known trusted receiver address, a message handler device configured to interface with the trusted receiver device and create a thumbprint of select portions of the communication, an analysis device configured to analyze the communication based on the communication and the thumbprint, and a metadata storage device connected to the trusted receiver device configured to receive and store metadata associated with each verified communication received. The communication comprises information identifiable to the system in a particular field of the communication intended to be invisible to unauthorized recipients, and the communication is verified and transmitted to the sender and intended recipient. Any entity can verify a communication received by the system.
    Type: Grant
    Filed: December 5, 2019
    Date of Patent: May 10, 2022
    Assignee: Digital Minion LLC
    Inventors: Austin Leahy, Jeremy Nelson