Patents Examined by Catherine Thiaw
  • Patent number: 11509658
    Abstract: A set of parameters for a set of permissions are determined based at least in part on previous requests to access a set of resources by a principal or user. The set of permissions are updated based at least in part on the set of parameters such that the set of parameters cause different requests to have different authentication requirements. The updated set of permissions is enforced to control access to computing resources such as the set of resources.
    Type: Grant
    Filed: January 8, 2018
    Date of Patent: November 22, 2022
    Assignee: Amazon Technologies, Inc.
    Inventor: Harshad Vasant Kulkarni
  • Patent number: 11502820
    Abstract: A technique for computationally-efficient privacy-preserving homomorphic inferencing against a decision tree. Inferencing is carried out by a server against encrypted data points provided by a client. Fully homomorphic computation is enabled with respect to the decision tree by intelligently configuring the tree and the real number-valued features that are applied to the tree. To that end, and to the extent the decision tree is unbalanced, the server first balances the tree. A cryptographic packing scheme is then applied to the balanced decision tree and, in particular, to one or more entries in at least one of: an encrypted feature set, and a threshold data set, that are to be used during the decision tree evaluation process. Upon receipt of an encrypted data point, homomorphic inferencing on the configured decision tree is performed using a highly-accurate approximation comparator, which implements a “soft” membership recursive computation on real numbers, all in an oblivious manner.
    Type: Grant
    Filed: May 27, 2020
    Date of Patent: November 15, 2022
    Assignee: International Business Machines Corporation
    Inventors: Nalini K. Ratha, Kanthi Sarpatwar, Karthikeyan Shanmugam, Sharathchandra Pankanti, Karthik Nandakumar, Roman Vaculin
  • Patent number: 11483141
    Abstract: A key broker monitors network traffic metadata and determines which decryption keys are required at one or more packet brokers in order to decrypt relevant traffic required by various network monitoring devices. The key broker retrieves the required keys from a secure keystore distributes them, as needed, to the network packet brokers, and dynamically updates the decryption keys stored in the network packet brokers in response to changes in network traffic.
    Type: Grant
    Filed: June 3, 2020
    Date of Patent: October 25, 2022
    Assignee: Capital One Services, LLC
    Inventors: John Watson, Christopher Roosenraad, Peter P. Kofira, Travis Scheponik, Aaron Eppert
  • Patent number: 11483347
    Abstract: A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions (involving the transformation, conversion or transfer of information or value) are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. Each computing node typically is functionally-equivalent to all other nodes in the core.
    Type: Grant
    Filed: November 26, 2019
    Date of Patent: October 25, 2022
    Assignee: Akamai Technologies, Inc.
    Inventors: Samuel Erb, Mark A. Roman, Talmai Oliveira, David C. Carver
  • Patent number: 11475119
    Abstract: Aspects of the disclosure provide systems and methods for recognizing an assigned passenger. For instance, dispatching instructions to pick up a passenger at a pickup location are received. The instructions include authentication information for authenticating a client computing device associated with the passenger. A vehicle is maneuvered in an autonomous driving mode towards the pickup location. The client device is then authenticated. After authentication, a set of pedestrians within a predetermined distance of the vehicle are identified from sensor information generated by a sensor of the vehicle and location information is received over a period of time from the client device. The received location information is used to estimate a velocity of the passenger. This estimated velocity is used to identify a subset of set of pedestrians that is likely to be the passenger. The vehicle is stopped to allow the passenger to enter the vehicle based on the subset.
    Type: Grant
    Filed: November 20, 2020
    Date of Patent: October 18, 2022
    Assignee: Waymo LLC
    Inventors: John Wesley Dyer, Luis Torres, Michael Epstein, Yu-Hsin Chen
  • Patent number: 11477245
    Abstract: A system and method for the detection and mitigation of Kerberos golden ticket, silver ticket, and related identity-based cyberattacks by passively monitoring and analyzing Kerberos and authentication operations within the network. The system and method provide real-time detections of identity attacks using time-series data and data pipelines, and by transforming the stateless Kerberos protocol into stateful protocol. A packet capturing agent is deployed on the network where captured time-series Kerberos and related event and log information is processed in distributed computational graph (DCG) stages where declarative rules determine if an attack is being carried out and what type of attack it is.
    Type: Grant
    Filed: August 24, 2020
    Date of Patent: October 18, 2022
    Assignee: QOMPLX, INC.
    Inventors: Jason Crabtree, Andrew Sellers
  • Patent number: 11463449
    Abstract: Techniques for authentication for key access are described. In the described techniques, interaction between a client device and an assistant device is utilized to authenticate the client device for access to protected functionality and/or content. For instance, proximity between the client device and the assistant device, and physical authentication of a user with the assistant device, are leveraged for authenticating the client device for access to the protected functionality and/or content.
    Type: Grant
    Filed: June 24, 2019
    Date of Patent: October 4, 2022
    Assignee: Motorola Mobility LLC
    Inventors: Rachid M. Alameh, Eric Le Roy Krenz, John J. Gorsica, IV, Jarrett K. Simerson
  • Patent number: 11463426
    Abstract: Various embodiments of the present technology use a combination of static and rotating access credentials to access target devices. Some embodiments start with a multi-factor authentication (MFA) token that can be used to log into the platform head-end. If approved, a landing page requesting login credentials can be presented to the user. The user can provide a username and password via landing page and select a PAM or CASB target. The system then issues a secondary access credential (e.g., a pin/token) that is unknown to the user and is placed into a vault. A dynamic credential can be dynamically generated at each request. The target device can use the static access credential from the vault and the dynamic access credential for access to the device. As such, even if the vault is comprised, the target device would be inaccessible without the dynamic token which constantly changing.
    Type: Grant
    Filed: January 25, 2019
    Date of Patent: October 4, 2022
    Assignee: SAILPOINT TECHNOLOGIES, INC.
    Inventors: Christopher Chad Wheeler, Ryan Privette, Cameron Williams, Cory Davies
  • Patent number: 11443028
    Abstract: A device implementing a digital credential revocation system includes at least one processor configured to maintain a valid digital credential list, a revocation list, and a synchronization counter value. The at least one processor is configured to transmit a request to synchronize the valid digital credential list with an electronic device, the request including the valid digital credential list and the revocation list.
    Type: Grant
    Filed: September 20, 2019
    Date of Patent: September 13, 2022
    Assignee: Apple Inc.
    Inventors: Matthias Lerch, Florian Galdo
  • Patent number: 11444940
    Abstract: Methods for authenticating a user utilizing a smart speaker system are presented, the methods including: requesting a user authentication by issuing a voice command to a smart speaker; playing a sonic one-time password (OTP) on the smart speaker received from an authentication server in response to the requesting a user authentication; receiving the sonic OTP by a mobile device of the user; transmitting an OTP decoded from the sonic OTP to the authentication server; and authorizing the user by the authentication server to execute a secure transaction using the smart speaker system.
    Type: Grant
    Filed: February 24, 2019
    Date of Patent: September 13, 2022
    Assignee: Certus Technology Systems, Inc.
    Inventor: Jack Wolosewicz
  • Patent number: 11423133
    Abstract: Maintaining information for a traveler includes creating a virtual travel credential containing information from a physical passport of the traveler and/or physical travel document(s) of the traveler, storing at least a portion of the virtual travel credential in a mobile device carried by the traveler, monitoring a location of the mobile device, and providing a signal in response to the mobile device transitioning from a first country/territory to a second country/territory. Monitoring the location of the mobile device may include detecting a cellular network in communication with the mobile device or using GPS functionality of the mobile device or receiving information that the traveler boarded a plane headed for the second country/territory. At least a portion of the virtual travel credential may be stored in a virtual travel credential server. The virtual travel credential server may communicate with the mobile device using a cellular network.
    Type: Grant
    Filed: December 27, 2017
    Date of Patent: August 23, 2022
    Assignee: ASSA ABLOY AB
    Inventors: Robert Haslam, Stephen Kelly, Philip Hoyer, Stephen Warne
  • Patent number: 11412369
    Abstract: A method for obtaining a command relating to a profile for a security module of the equipment to access a network by mobile equipment. The method includes: sending, to a first server, a request including an anonymous identifier of the security module based on a physical identifier of the module and a random variable; receiving, from the first server, an address of a second server, which prepared the command and associated the command with the anonymous identifier, a request of the command having been previously received from a third server via the second server; sending, to the second server, the physical identifier of the module and of the random variable; receiving, from the second server, the command when a verification by the second server that the anonymous identifier of the security module has been computed on the basis of the received physical identifier and of the random variable is positive.
    Type: Grant
    Filed: April 4, 2018
    Date of Patent: August 9, 2022
    Assignee: ORANGE
    Inventors: Said Gharout, Laurent Coureau
  • Patent number: 11394735
    Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. A computing device may receive account reconnaissance data identifying a first plurality of user accounts that have experienced at least one event associated with account security concern characteristics. The computing platform may analyze event history data associated with the first plurality of user accounts to identify one or more common interactions associated with a subset of the first plurality of user accounts. The computing platform may identify a point of compromise among the subset of the first plurality of user accounts. Subsequently, the computing platform may search enterprise user account records to identify a second plurality of user accounts that have at least one event associated with the point of compromise. The computing platform may add the second plurality of user accounts to an alert table.
    Type: Grant
    Filed: July 15, 2020
    Date of Patent: July 19, 2022
    Assignee: Bank of America Corporation
    Inventors: Amijo Bearley, Robert D. Jones, Kolt Bell, Craig Widmann
  • Patent number: 11392684
    Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for authentication of user activities based on establishing communication links between network devices. The invention is structured for dynamically authenticating transmitted activity processing data based on establishing seamless electronic communication handshake between network devices and without requiring user intervention. Specifically, the invention is structured to establish an operative communication link between the second networked device and the user device, wherein establishing the operative communication link comprises establishing a handshake between an entity intelligent platform associated with the second networked device and the multi-channel cognitive resource platform of the user device. Moreover, the invention is structured to authenticate the first activity for based on the identified code match.
    Type: Grant
    Filed: July 9, 2020
    Date of Patent: July 19, 2022
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Udaya Kumar Raju Ratnakaram, Puneetha Polasa
  • Patent number: 11386230
    Abstract: Systems and methods are described for modifying input and output (I/O) to an object storage service by implementing one or more owner-specified functions to I/O requests. A function can implement a data manipulation, such as filtering out sensitive data before reading or writing the data. The functions can be applied prior to implementing a request method (e.g., GET or PUT) specified within the I/O request, such that the data to which the method is applied my not match the object specified within the request. For example, a user may request to obtain (e.g., GET) a data set. The data set may be passed to a function that filters sensitive data to the data set, and the GET request method may then be applied to the output of the function. In this manner, owners of objects on an object storage service are provided with greater control of objects stored or retrieved from the service.
    Type: Grant
    Filed: September 27, 2019
    Date of Patent: July 12, 2022
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Ramyanshu Datta, Timothy Lawrence Harris, Kevin C. Miller
  • Patent number: 11387981
    Abstract: Implementations include actions of providing a first transaction hash including a digital representation of a digital record between a first peer and a second peer within a digital records platform, the platform provided by the first peer as a host peer, and the transaction hash being generated based on one or more documents underlying the digital record, receiving one or more edits to at least one document from the second peer, updating the first transaction hash to provide: a second transaction hash, and a transaction hash history including the first transaction hash and the second transaction hash, receiving approval of the digital record from each of the first peer and the second peer, and executing a consensus protocol by a notary service of a third node to update transaction objects across the first node and the second node, the updating indicating that the transaction objects are consistent.
    Type: Grant
    Filed: February 13, 2019
    Date of Patent: July 12, 2022
    Assignee: Accenture Global Solutions Limited
    Inventors: David Treat, Shane R. Marshall
  • Patent number: 11374764
    Abstract: A request for a transaction between a client system and a server system may be processed. The transaction may be associated with transmission of data between the client system and the server system. The data may be encrypted using a transient encryption key to form encrypted data. The transient encryption key may be a synced-clock random number configured to automatically change when a designated time interval elapses. The encrypted data may be transmitted between the client system and the server system.
    Type: Grant
    Filed: August 2, 2019
    Date of Patent: June 28, 2022
    Assignee: salesforce.com, Inc.
    Inventors: Prashanth Kannan, Prabhjot Singh
  • Patent number: 11374957
    Abstract: Introduced here are security management platforms configured to estimate the risk posed by a public communication activity that involves an internal Internet Protocol (IP) address that resides on an internal network. Initially, a security management platform can examine network data to detect a public communication activity involving an internal IP address and an external IP address. Thereafter, the security management platform can probe the external IP address by transmitting a query designed to elicit a response, and then evaluate a risk posed by the public communication activity by analyzing response(s) received from the external IP address, if any, responsive to the query. For example, the security management platform may be able to determine whether a service determined to be vulnerable to unauthorized access is running on the external IP address.
    Type: Grant
    Filed: October 22, 2018
    Date of Patent: June 28, 2022
    Assignee: Palo Alto Networks, Inc.
    Inventors: Matthew Kraning, Gregory Heon, Pamela Toman
  • Patent number: 11368487
    Abstract: A computer system applies security policies to web traffic while maintaining privacy. A network security agent is authenticated by a client application to dynamically obtain one or more security policies, wherein the client application and the network security agent are configured to execute on a device and the network security agent is capable of communicating with a source of security policies. Connection information is obtained that includes a request to initiate an encrypted connection with a destination entity. The client application determines whether the encrypted connection between the client application and the destination entity is permitted according to the security policy and based on the connection information. The encrypted connection between the client and the destination entity is established in response to determining that the encrypted connection is permitted. Embodiments may further include a method and computer program product for applying security policies to web traffic.
    Type: Grant
    Filed: May 20, 2019
    Date of Patent: June 21, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Panagiotis Theodorou Kampanakis, David Arthur McGrew, Richard Lee Barnes, II
  • Patent number: 11361099
    Abstract: A computer implemented method of applying a unified search for a match of one or more features in a plurality of encrypted records, comprising using one or more processors of a server associated with a database comprising a plurality of encrypted records. The processor(s) is adapted for receiving a query for searching one or more plaintext features in the plurality of encrypted, searching for a match of the one or more plaintext features using a first search methodology and a second search methodology and outputting an indication of matching encrypted records according to the match. Wherein the second search methodology is asymptotically faster than the first search methodology and wherein the first search methodology is used for searching a subset of the plurality of encrypted records selected based on status indication associated with each encrypted record.
    Type: Grant
    Filed: August 22, 2019
    Date of Patent: June 14, 2022
    Assignee: RingCentral, Inc.
    Inventors: Aviad Lahav, Lev Rosenblit