Patents Examined by Ashokkumar B. Patel
-
Patent number: 11755735Abstract: Provided are a computer program product, system, and method for determining a frequency at which to execute trap code in an execution path of a process executing a program to generate a trap address range to detect potential malicious code. Trap code is executed in response to processing a specified type of command in application code to allocate a trap address range used to detect potentially malicious code. A determination is whether to modify a frequency of executing the trap code in response to processing a specified type of command. The frequency of executing the trap code is modified in response to processing the specified type of command in response to determining to determining to modify the frequency of executing the trap code.Type: GrantFiled: February 19, 2021Date of Patent: September 12, 2023Assignee: International Business Machines CorporationInventors: Lokesh M. Gupta, Matthew G. Borlick, Trung N. Nguyen, Micah Robison
-
Patent number: 11750376Abstract: A method of securing, by a managing node, communication in a network of member nodes including a first member node. Communication is secured using a (k, n1) secret sharing scheme during a first phase. The managing node announces a phase shift to a subsequent phase relative to the first phase. The managing node secures communication in the network during the subsequent phase using a (k+x, n2) secret sharing scheme. Each of the member nodes is previously in possession of exactly one corresponding unique share for the second key. The first member node is previously in possession of a first unique share for the second key. The managing node deletes the first member node from the subsequent phase by broadcasting the first unique share for the second key.Type: GrantFiled: May 26, 2022Date of Patent: September 5, 2023Assignee: The Boeing CompanyInventors: Mingyan Li, Douglas A. Stuart, Jai J. Choi, Joshua D. Cazalas
-
Patent number: 11736524Abstract: A network traffic sending method and apparatus, and a hybrid honeypot system are provided. The method includes receiving a first attack traffic flow; determining that a request type of the first attack traffic flow is a first request type and determining maturity of a virtual honeypot model for the first request type. Upon the maturity of the virtual honeypot model for the first request type being higher than a threshold set for the first request type, the method includes forwarding the first attack traffic flow to a virtual honeypot using the model, or forwarding the first attack traffic flow to a virtual honeypot using the model and a physical honeypot. Otherwise, it includes forwarding the first attack traffic flow to a physical honeypot. Therefore, a virtual honeypot using a virtual honeypot model of relatively high maturity is used to respond to an attack traffic flow.Type: GrantFiled: December 27, 2017Date of Patent: August 22, 2023Assignee: SIEMENS AKTIENGESELLSCHAFTInventors: Rui Li, Lin Qi
-
Patent number: 11734414Abstract: Example implementations include generating a guard service for a secure service at a secure region of a processing system by detecting a call to a secure service at a secure region of a processing device, obtaining a secure interface associated with the secure service, generating a guard interface based at least partially on the secure interface, generating a guard service based at least partially on the guard interface, locating the guard service at a secure region, and locating the guard interface at a secure address at the secure region.Type: GrantFiled: September 29, 2020Date of Patent: August 22, 2023Assignee: Renesas Electronics CorporationInventors: Kimberly Dinsmore, Brandon Hussey
-
Patent number: 11711362Abstract: The disclosed exemplary embodiments include computer-implemented devices, apparatuses, and processes that, among other things, perform dynamic biometric authentication based on distributed ledger data. For example, a device may compute a first hash value based on first biometric data captured by a sensor unit, and may transmit a request to, and receive a response from, a computing system across a communications network via the communications unit. The request may cause the computing system to execute instructions maintained within the distributed ledger data, and to extract second biometric data maintained within an element of the distributed ledger data. The second biometric data may include a second hash, which the computing system may incorporate into the response. The device may authenticate an identity associated with the device when the first hash value corresponds to the second hash value incorporated within the response.Type: GrantFiled: February 22, 2021Date of Patent: July 25, 2023Assignee: The Toronto-Dominion BankInventors: Arthur Carroll Chow, Anthony Haituyen Nguyen, Perry Aaron Jones Haldenby, Milos Dunjic, David Tax, John Jong-Suk Lee, Arun Victor Jagga
-
Patent number: 11704404Abstract: Embodiments of the present disclosure provide a method for control-flow integrity protection, including: changing preset bits of all legal target addresses of a current indirect branch instruction in a control flow of a program to be protected to be same; and rewriting preset bits of a current target address of the current indirect branch instruction to be same as the preset bits of the legal target addresses, so that the program to be protected terminates when the current target address is tampered with. By changing the preset bits of all the legal target addresses of the current indirect branch instruction to be same and rewriting the preset bits of the current target address to be consistent with the preset bits of the legal target addresses, traditional label comparison is replaced by the preset bit overlap operation, reducing performance overhead and improving attack defense efficiency.Type: GrantFiled: June 28, 2021Date of Patent: July 18, 2023Assignee: Institute of Informational Engineering, CACInventors: Dan Meng, Liwei Chen, Jinfeng Li, Cairui She, Gang Shi
-
Patent number: 11698966Abstract: A computer-implemented method for detecting a code injection threat may include: performing a search process on a memory of a computer system to identify property list files; in response to an identification of a property list file, retrieving the property list file; performing an analysis process on the property list file to identify a target identifier; in response to an identification of the target identifier in the property list file, determining whether the target identifier corresponds to an electronic application stored in the memory of the computer system; in response to determining that the target identifier corresponds to the electronic application, determining that the property list file is indicative of a code injection threat to the electronic application; and in response to the determination that the property list file is indicative of a code injection threat to the electronic application, performing a security action based on the property list.Type: GrantFiled: April 13, 2020Date of Patent: July 11, 2023Assignee: Capital One Services, LLCInventor: Jon Whitmore
-
Patent number: 11695549Abstract: Systems and methods for attesting an enclave in a network. A method includes receiving, by a first device, proof information from an application provider entity that the enclave is secure, wherein the proof information includes a public part, Ga, of information used by the enclave to derive a Diffie-Hellman key in a key generation process with the application provider entity, processing, by the first device, the proof information to verify that the enclave is secure and ensuring that Ga is authentic and/or valid, deriving, by the first device, a new Diffie-Hellman key, based on Ga and x, wherein x is a private part of information used by the first device to derive the new Diffie-Hellman key, and sending, by the first device, a message including Ga and a public part, Gx, of the information used by the first device to derive the new Diffie-Hellman key to the enclave.Type: GrantFiled: September 9, 2021Date of Patent: July 4, 2023Assignee: NEC CORPORATIONInventors: Ugo Damiano, Felix Klaedtke
-
Patent number: 11693950Abstract: Computing systems with dynamic architectures may be used to secure against code-injection attacks and other exploits. A system may generate multiple representations of instructions or other data associated with each of a set of configurations of the system. The system may periodically or randomly change configurations such that malicious code that is executable in one configuration cannot be executed in another configuration. A system may also detect malicious code by comparing code previously generated in one representation with different representations of the same code. If, during execution of a representation of a program code, the system determines that the representation specifies instructions that differ from other representations of the same program code, they system may stop executing the compromised program code, change its configuration, and continue to execute another representation of the program code that has not been compromised.Type: GrantFiled: June 19, 2020Date of Patent: July 4, 2023Assignee: ARIZONA BOARD OF REGENTS ON BEHALF OF NORTHERN ARIZONA UNIVERSITYInventors: Paul G Flikkema, Bertrand F Cambou, James D Palmer
-
Patent number: 11683168Abstract: Methods of half-duplex communication systems or full-duplex communication systems are provided. The half-duplex communication system includes n number user units-including a transmitting unit of transmitting units, wherein the transmitting unit including a channel estimation module, an identity update module and a modulation module; a receiving unit of receiving units including a demodulation module, a post-processing module and a reconciliation and verification module; a memory unit for storing prime identities, data to be transmitted and shared secret key; a control unit; an antenna connected to each of the transmitting units and each of the receiving units; and the methods are used for realizing a generation of shared secret keys, and an integrated identity verification and a data transmission using the half-duplex communication systems and the full-duplex communication systems.Type: GrantFiled: July 3, 2019Date of Patent: June 20, 2023Assignee: ISTANBUL TEKNIK UNIVERSITES!Inventors: Ufuk Altun, Semiha Tedik Basaran, Gunes Zeynep Karabulut Kurt, Enver Ozdemir
-
Patent number: 11669645Abstract: An information handling system may include a management controller; and a plurality of target information handling systems each including a target management controller that is communicatively coupled to the management controller. The information handling system may be configured to: receive, at a particular target management controller and from a client information handling system, a request for management associated with the particular target management controller; perform, at the management controller, validation of a token associated with the request; and based on the validation, cause the particular target management controller to service the request.Type: GrantFiled: July 27, 2021Date of Patent: June 6, 2023Assignee: Dell Products L.P.Inventors: Divya Vijayvargiya, Joshua M. Pennell, Farhan Mohammed Syed
-
Patent number: 11651097Abstract: A method of providing, by a computing device, access to a user of sections of an electronic document. The method includes receiving, by a computing device, a computerized image of a user accessing an electronic document. The computing device further accesses a facial recognition database and compares the computerized image to one or more entries in the facial recognition database to determine an identity of the user. The user is provided access to one or more sections of the electronic document based upon the identity of the user.Type: GrantFiled: March 5, 2020Date of Patent: May 16, 2023Assignee: International Business Machines CorporationInventors: Mauro Martino, Steven I. Ross, Fang Lu, Uri Kartoun
-
Patent number: 11630883Abstract: A method is provided that determines whether to allow an application (app) for use or restrict the app on a set top box (STB). The method includes the steps of measuring at the STB, one or more resources used by the app; comparing at the STB, one or more thresholds set by an operator; and determining if the one or more resources used by the app exceed one or more thresholds set by the operator. Another method is provided that monitors applications (apps) that are installed a set top box (STB) for illegal or harmful activity by a policy manager. This method includes downloading and copying an app from an external source; installing or uninstalling the app into an application folder; providing a notification informing the policy manager of the installing or uninstalling of the app; and evaluating the app be installed or uninstalled.Type: GrantFiled: May 6, 2019Date of Patent: April 18, 2023Assignee: ARRIS Enterprises LLCInventors: Paul Moroney, Cesar A. Moreno, Gopalkrishna V. Mudaliar, Arpan Kumar Kaushal
-
Patent number: 11620382Abstract: Methods, computer-readable media, and devices for auditing digital content to validate that the digital content is authentic, secure, and reaching the intended audience are disclosed. In one example, a method performed by a processing system including at least one processor includes launching a web browser application, wherein the launching includes instantiating a simulated user profile, and wherein the simulated user profile includes a simulated web browsing history, detecting, by the processing system, an item of digital content that is presented to the web browser application in response to the simulated user profile, determining, by the processing system, a relevance of the item of digital content to the simulated user profile, and generating, by the processing system, a report that indicates the relevance of the item of digital content to the user profile.Type: GrantFiled: February 18, 2020Date of Patent: April 4, 2023Assignee: AT&T Technical Services Company, Inc.Inventor: Fred Stringer
-
Patent number: 11620413Abstract: An apparatus and method for detecting a change in electrical properties in a system is disclosed. Embodiments of the disclosure enable the detection of a change in electrical properties in a system by, in response to a load generated on a power delivery network power in at least part of the system, measuring noise induced in the power delivery network in response to the load. Based on the measured noise, a dynamic-response property of the power delivery network is determined and the dynamic-response property is compared to a stored reference dynamic-response property of the power delivery network based on a predetermined load. In the event of a difference between the dynamic-response property and the reference dynamic-response property, a response to the event is triggered to indicate tampering with the power delivery network.Type: GrantFiled: April 18, 2019Date of Patent: April 4, 2023Assignee: Arm LimitedInventors: Hugo John Martin Vincent, Shidhartha Das, Milosch Meriac, Vasileios Tenentes
-
Patent number: 11617080Abstract: There is a system for controlling access to an electronic device. This system can comprise at least one server having at least one microprocessor. There can be at least one remote device having at least one microprocessor, and at least one GPS location device, wherein the one remote device is configured to communicate a location of the at least one remote device. This remote device further comprises any one of at least one transceiver configured to communicate wirelessly, at least one biometric reader configured to read a biometric of a user and/or at least one hardware reader configured to read an identification piece. Thus, the electronic device is selectively unlocked via either an internal lock or via the server authenticating a location of the remote device, a Wifi signal of the remote device, a biometric reading of the remote device and a reading of the hardware reader of the remote device.Type: GrantFiled: December 17, 2019Date of Patent: March 28, 2023Inventor: Avinash Vijai Singh
-
Patent number: 11615204Abstract: A method of validating the contents of an electronic file. The method comprises requesting an electronic file by an application executing on a computer system by providing a multi-segment filename, wherein the multi-segment filename comprises a unique delimiter between each of the segments of the multi-segment filename and one of the segments of the multi-segment filename is a hash of a content of the electronic file referenced by the multi-segment filename, receiving by the application the electronic file referenced by the multi-segment filename, determining a hash over the content of the electronic file by the application, comparing by the application the hash determined by the application to the hash of the content stored in the one of the segments of the multi-segment filename, and, based on the two hashes agreeing, opening by the application the contents of the electronic file for use.Type: GrantFiled: February 12, 2020Date of Patent: March 28, 2023Assignee: T-MOBILE INNOVATIONS LLCInventors: Lyle W. Paczkowski, William M. Parsel
-
Patent number: 11611874Abstract: A computing device determines an onboarding algorithm to use for onboarding a wireless device. The computing device determines, based on the onboarding algorithm, a first set of predefined information and a second set of dynamically generated information to use as inputs to the onboarding algorithm. The computing device generates, via the onboarding algorithm, a set of credentials based on the first set of predefined information and the second set of dynamically generated information, and uses the set of credentials to secure a connection for onboarding the wireless device.Type: GrantFiled: October 29, 2019Date of Patent: March 21, 2023Assignee: Cisco Technology, Inc.Inventors: Tak Ming F. Pang, Ashish Sood, Jie C. Jiang
-
Patent number: 11595194Abstract: An aggregate sum is efficiently obtained while keeping confidentiality. A prefix-sum part computes a prefix-sum from a share of a sorted value attribute. A flag converting part converts a format of a share of a flag representing the last element of a group. A flag applying part generates a share of a vector in which a prefix-sum is set when a flag representing the last element of a group is true, and a sum of the whole is set when the flag is false. A sorting part generates a share of a sorted vector obtained by sorting a vector with a permutation which moves elements so that the last elements of each group are sequentially arranged from beginning. A sum computing part generates a share of a vector representing a sum for each group.Type: GrantFiled: April 22, 2019Date of Patent: February 28, 2023Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventor: Dai Ikarashi
-
Patent number: 11586726Abstract: There is disclosed a method of preventing privileged web browser extensions installed in a web browser from interfering in interactions between a user of the web browser and a web application server accessible via the web browser, the method including transmitting a web browser-intelligible file to the web browser (including a custom element designating an enclave portion); creating a sandboxed page; copying at least part of the enclave portion to the sandboxed page to create a local enclave; embedding the sandboxed page in a first iframe for rendering; embedding the first iframe in a second iframe; providing an API for the local enclave using web-accessible resources for access to entities outside the local enclave; providing a software agent in the second iframe to act as a proxy between the first iframe and external entities; and encapsulating the second iframe in a shadow document object model associated with a host page.Type: GrantFiled: June 24, 2021Date of Patent: February 21, 2023Assignee: CITY UNIVERSITY OF HONG KONGInventors: Cong Wang, Xinyu Wang, Yuefeng Du