Patents Examined by Cheng-Feng Huang
  • Patent number: 11928221
    Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). For a first code segment, a first vulnerability finding has been classified as a real vulnerability, and a second vulnerability finding has been classified as a false positive by external review. The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor determines that the fingerprint for the first code segment matches the fingerprint for a second code segment and that the vulnerability findings for the first code segment match those for the second. In response, the processor automatically classifies a matching first vulnerability finding for the second code segment as the real vulnerability, and a matching second vulnerability finding for the second code segment as the false positive.
    Type: Grant
    Filed: November 29, 2021
    Date of Patent: March 12, 2024
    Assignee: Bank of America Corporation
    Inventors: Jack Lawson Bishop, III, Anthony Herron, Yao Houkpati, Carrie E. Gates
  • Patent number: 11924251
    Abstract: A system and method for cybersecurity reconnaissance, analysis, and scoring that uses distributed, cloud-based computing services to provide sufficient scalability for analysis of enterprise IT networks using only publicly available characterizations. The system and method comprise an in-memory associative array which manages a queue of vulnerability search tasks through a public-facing proxy network. The public-facing proxy network has search nodes configurable to present the network to search tools in a desired manner to control certain aspects of the search to obtain the desired results. A distributed data processing engine and cloud-based storage are used to provide scalable computing power and storage. Each of the cloud-based computing services is containerized and orchestrated for management and efficient scaling purposes.
    Type: Grant
    Filed: December 31, 2021
    Date of Patent: March 5, 2024
    Assignee: QOMPLX LLC
    Inventors: Jason Crabtree, Joe Gray, Michael James, Richard Kelley, Andrew Sellers, Farooq Shaikh
  • Patent number: 11916878
    Abstract: Disclosed are an apparatus and a method for Internet of Things (IoT) device security. The method includes unifying a port in a first IoT device for communication, receiving, by the first IoT device, a packet from a second IoT device through the port, identifying whether the packet in the first IoT device is in a preset packet form, verifying content of the packet in the first IoT device when the packet is in the preset packet form, and opening the port for providing a service in the first IoT device when the verifying of the packet content is successful.
    Type: Grant
    Filed: November 1, 2021
    Date of Patent: February 27, 2024
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Yun-Kyung Lee, Kyeong Tae Kim, Young Ho Kim, Jeong Nyeo Kim, Seon-Gyoung Sohn, Jae Deok Lim
  • Patent number: 11916941
    Abstract: A method by a security analysis server to generate a traffic monitoring rule. The method includes receiving, from a database agent because of a current configuration of the database agent, counts of an amount of traffic sent over a first set of one or more of the database connections being monitored by the database agent and generating a traffic monitoring rule that indicates database connections for which the database agent is to send counts of an amount of traffic, rather than all the traffic, sent over those database connections to the security analysis server because those database connections have been determined by the security analysis server to be of an application database connection type based on an analysis by the security analysis server of the counts. The method further includes applying the traffic monitoring rule by sending instructions to the database agent to alter the current configuration.
    Type: Grant
    Filed: May 3, 2021
    Date of Patent: February 27, 2024
    Assignee: Imperva, Inc.
    Inventors: Ehud Eshet, Ophir Bleiberg
  • Patent number: 11916883
    Abstract: In one embodiment, a computing platform features a controller, one or more transit virtual private cloud networks (VPCs), and a plurality of spoke VPCs. Communicatively coupled to the transit virtual VPCs, the spoke VPCs include (i) a first spoke VPC associated with a first security region and (ii) a second spoke VPC associated with a second security region. Herein, the first security region is configured to permit spoke gateways of the first spoke VPC to communicate with each other while precluding communications with spoke gateways associated with another security region absent a connectivity policy being a set of rules established by the administrator/user of the network concerning permitted connectivity between different security regions.
    Type: Grant
    Filed: July 6, 2021
    Date of Patent: February 27, 2024
    Assignee: Aviatrix Systems, Inc.
    Inventors: Xiaobo Sherry Wei, Shanshan Xu
  • Patent number: 11917071
    Abstract: A universal tag linked to the content of a data file for protecting the authenticity of the data file and/or the owner/creator of a digital file. The universal tag is linked to the content in the data file via one or more input keys/seeds that are used to generate the universal tag and rely on data associated with the content. Once generated, the universal tag is registered on a distributed ledger of at least on distributed trust computing network, which acts as a source of truth to validate the universal tag and, as such, validate (i) an authenticity of the data file, and/or (ii) the user associated with the data file (e.g., rightful possessor and/or creator of the digital file).
    Type: Grant
    Filed: November 3, 2021
    Date of Patent: February 27, 2024
    Assignee: BANK OF AMERICA CORPORATION
    Inventor: Joseph Benjamin Castinado
  • Patent number: 11909742
    Abstract: Embodiments of the present disclosure relate to managing admin-controlled access of external resources to group-based communication interfaces associated with an organization, via a group-based communication system including APIs for improved external resource permissioning, provisioning, and access handling. Embodiments include methods, computer program products, apparatuses, and systems configured to receive an external resource access request, determine an organization identifier, obtain an admin response indication, set an external resource permission status for the external resource based on the admin response indication, and cause rendering of the requested group-based communication interface based on the admin response indication. Embodiments further relate to provisioning and handling requests for services associated with an external resource by managing one or more single-interface access tokens linked to a multi-interface access token.
    Type: Grant
    Filed: February 18, 2022
    Date of Patent: February 20, 2024
    Assignee: Salesforce, Inc.
    Inventors: Salman Suhail, Saurabh Sahni, Kefan Xie, Emilio Aurea, Shilpi Sanchetee, Nupur Goyal, Carly Robinson
  • Patent number: 11907403
    Abstract: Embodiments of the present disclosure provide hierarchical, differential privacy enhancements to federated, machine learning. Local machine learning models may be generated and/or trained by data owners participating in the federated learning framework based on their respective data sets. Noise corresponding to and satisfying a first privacy loss requirement are introduced to the data owners' respective data sets, and noise corresponding to and satisfying a first privacy loss requirement are introduced to the local models generated and/or trained by the data owners. The data owners transmit model data corresponding to their respective local models to a coordinator, which in turn aggregates the data owners' model data. After introducing noise corresponding to and satisfying a third privacy loss requirement to the aggregated model data, the coordinator transmits the aggregated model data to the data owners to facilitate updating and/or re-training on their respective machine learning models.
    Type: Grant
    Filed: June 10, 2021
    Date of Patent: February 20, 2024
    Assignee: Hong Kong Applied Science and Technology Research Institute Co., Ltd.
    Inventors: Jitao Ou, Jiazheng Yan, Wenjun Zhuang, Kam Hong Shum
  • Patent number: 11899812
    Abstract: A system, method and program product for implementing a compound security platform for providing secure access to private data in an encrypted storage area. A disclosed system includes an application configured to receive queries from application users requiring access to encrypted private data; a middle security layer callable from the application to facilitate predefined access to the encrypted private data; a root security layer configured to receive a decryption request from the middle security layer, perform decryption on specified encrypted private data, and return decrypted data to the middleware layer; a hashing system that generates a content hash of the middle security layer and root security layer to ensure integrity of the middle security layer and root security layer; and an auditing detection system that detects malicious auditing of parameters.
    Type: Grant
    Filed: June 10, 2021
    Date of Patent: February 13, 2024
    Assignee: JJD SOFTWARE LLC
    Inventor: Justin Donohoe
  • Patent number: 11899784
    Abstract: A computer implemented and electronic process is provided that uses artificial intelligence to detect unauthorized activity by an insider or hacker. Electronic systems that employ artificial intelligence and machine learning to detect unauthorized transaction activity by insiders or hackers for a computer network system are also provided. Hardware required for carrying out the invention typically include a plurality of networked computers. Specialized software and/or firmware is typically needed in connection with the hardware for carrying out the invention.
    Type: Grant
    Filed: February 25, 2021
    Date of Patent: February 13, 2024
    Assignee: Brighterion, Inc.
    Inventor: Akli Adjaoute
  • Patent number: 11895151
    Abstract: A computer-implemented method, executed by one or more email detection computers, receives from a computer network, a first email message from a first sender account to a first recipient account and having a plurality of attributes. The method determines that the first email message is a phishing email, extracts a subset of attributes, normalizes transformable attributes, and generates a hash representation from fixed attributes and the normalized transformable attributes, stores the hash representation in a database, receives a second email message, and determines that the second email message is a phishing email based on the stored hash representation.
    Type: Grant
    Filed: January 12, 2022
    Date of Patent: February 6, 2024
    Assignee: CLOUDFLARE, INC.
    Inventor: Javier Castro
  • Patent number: 11888840
    Abstract: To include a storage unit to store a plurality of server certificates different in subjects; and a communication unit to receive a connection request for communication established by using any one of the plurality of server certificates and to transmit a single server certificate selected out of the plurality of server certificates to a source of the connection request according to a source internet protocol (IP) address of the connection request.
    Type: Grant
    Filed: November 9, 2017
    Date of Patent: January 30, 2024
    Assignee: Mitsubishi Electric Corporation
    Inventor: Masanori Imagawa
  • Patent number: 11876900
    Abstract: A system includes a communication channel monitor configured to calculate a hash value of a first encrypted code segment based on a measurement. A security module may derive a first encryption key using a key decryption function operation from the hash value of the first encrypted code segment. A processor decrypts the first encrypted code segment with a seed key retrieved from a storage device, and if the decryption is successful then executes the first decrypted code segment. The processor may retrieve a second one of the encrypted code segments, wherein the second encrypted code segment is a next encrypted code segment for execution after the first encrypted code segment according to a sequence of execution, decrypt the second encrypted code segment with the first encryption key, and if the decryption is successful then execute the second decrypted code segment.
    Type: Grant
    Filed: May 18, 2022
    Date of Patent: January 16, 2024
    Assignee: Dell Products L.P.
    Inventors: Nicholas D. Grobelny, Richard M. Tonry, Balasingh P. Samuel
  • Patent number: 11870816
    Abstract: Custom policies are definable for use in a system that enforces policies. A user, for example, may author a policy using a policy language and transmit the system through an application programming interface call. The custom policies may specify conditions for computing environment attestations that are provided with requests to the system. When a custom policy applies to a request, the system may determine whether information in the attestation is sufficient for the request to be fulfilled.
    Type: Grant
    Filed: September 26, 2022
    Date of Patent: January 9, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine
  • Patent number: 11856405
    Abstract: An operator system of a wireless communication network operator sends, to a regulator system of a regulator, a record that includes information about administration of a subscription identifier associated with the wireless communication network operator. Responsive to sending the record to the regulator system, the operator system receives a response that indicates whether the regulator system approves of or rejects the record being added to a permissioned distributed database that is distributed at least in part between the regulator system and the operator system. The operator system adds or does not add the record to the permissioned distributed database depending on the response.
    Type: Grant
    Filed: August 16, 2022
    Date of Patent: December 26, 2023
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Ioannis Fikouras, Athanasios Karapantelakis, Qiang Li, Leonid Mokrushin, Konstantinos Vandikas
  • Patent number: 11848961
    Abstract: This disclosure provides for a network element (in the middle) to inject enrichments into SSL connections, and for taking them out. This network element is sometimes referred to herein as a “middle box.” In the context of layered software architecture, this solution preferably is implemented by a library that operates below the SSL layer and above the TCP sockets layer at the two endpoints of the SSL connection. Preferably, the SSL enrichments are implemented as SSL/TLS records.
    Type: Grant
    Filed: February 22, 2021
    Date of Patent: December 19, 2023
    Assignee: Akamai Technologies, Inc.
    Inventor: Mangesh Kasbekar
  • Patent number: 11848931
    Abstract: Disclosed are various embodiments for delegating authentication to certificate authorities. A connector service identifies a certificate request from a messenger service. The certificate request includes a credential identifier for a certificate authority. An authentication credential is retrieved using the credential identifier. A certificate request and the certificate authority authentication credential are transmitted to the certificate authority. A certificate is retrieved and provided as a response to the certificate request.
    Type: Grant
    Filed: October 6, 2021
    Date of Patent: December 19, 2023
    Assignee: VMWARE, INC.
    Inventors: Eugene Liderman, Rahul Parwani, Kiran Rohankar, Keith Robertson
  • Patent number: 11843580
    Abstract: A method for automatically managing a platform firewall using a network function (NF) repository function (NRF) or service communication proxy (SCP) includes receiving message relating to registering, updating, or deregistering an NF profile in an NF profiles database separate from a platform firewall. The method further includes determining that the registering, updating, or deregistering of the NF profile requires a change to a firewall rules configuration of the platform firewall. The method further includes, in response to determining that the registering, updating, or deregistering of the NF profile requires a change to the firewall rules configuration of the platform firewall, automatically updating, by the NRF or SCP, the firewall rules configuration of the platform firewall.
    Type: Grant
    Filed: May 4, 2021
    Date of Patent: December 12, 2023
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Jay Rajput, Virendra Singh, Ankit Srivastava
  • Patent number: 11824899
    Abstract: The disclosure relates generally to methods, systems, and apparatuses for managing network connections. An example method includes receiving one or more messages from a plurality of computing devices connected through a network, the one or more messages indicating actual connections among the plurality of computing devices. The example method further includes comparing, by one or more processors, the actual connections to a list of expected connections indicated by a connections master file that comprises connection information for the plurality of computing devices. The method further includes, responsive to detecting one or more differences between the list of expected connections and the actual connections, providing a notification indicating the one or more differences to a log file or a notification area of a user interface.
    Type: Grant
    Filed: October 20, 2022
    Date of Patent: November 21, 2023
    Assignee: Snowflake Inc.
    Inventors: James Calvin Armstrong, Jonathan Claybaugh
  • Patent number: 11811815
    Abstract: The present disclosure relates to an IP-based security control method and a system thereof. According to the present disclosure, the method comprises: selecting a target IP address that is an IP address of a security control target; generating IP monitoring information by scanning a port of the target IP address; determining an IP risk level of the target IP address by using the IP monitoring information; and generating a security report including at least one of an IP list determined by a preset IP risk level and IP monitoring information of an IP included in the IP list, wherein the IP monitoring information includes at least one of an IP address of the target IP address, banner information, application information, security vulnerability information, a malicious code, and a similar domain.
    Type: Grant
    Filed: August 23, 2021
    Date of Patent: November 7, 2023
    Assignee: AI SPERA INC.
    Inventor: Byung Tak Kang