Patents Examined by Christopher C. Harris
  • Patent number: 11032298
    Abstract: A system and method for analyzing directory service environment attack paths for an enterprise may continuously collect data about the attack paths and provide alerts. The system and method may also analyze the nested object relationships within Directory Services alongside objects at risk for Credential Theft to calculate all possible attack paths within the environment.
    Type: Grant
    Filed: January 8, 2021
    Date of Patent: June 8, 2021
    Assignee: Specter Ops, Inc.
    Inventors: Andrew Robbins, Rohan Vazarkar, Ryan William Schroeder
  • Patent number: 11030288
    Abstract: A device and a method for authenticating using biometric information in an electronic device are provided. The electronic device includes a display, and at least one processor. The at least one processor detects an execution of an application which provides an authentication service based on biometric information, changes at least one biometric information recognition related variable, in response to detecting the execution of the application, and controls to display an application execution screen including at least one authentication guide image corresponding to the at least one biometric information recognition related variable. Other embodiments may also be possible.
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: June 8, 2021
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Sung-Jin Yoon
  • Patent number: 11032243
    Abstract: An API call filtering system filters responses to API call requests received, via a network, from UEs. The API call filtering system is configured to require personalized API call requests wherein each API call (except for some minor exceptions) includes a unique UE identifier (“UEIN”) of the UE making the request. Using the UEIN, the web service or other service protected by the API call filtering system can be secured against excessive request iterations from a set of rogue UEs while allowing for ordinary volumes of requests of requests the UEs, wherein one or more boundaries between what is deemed to be an ordinary volume of requests and what is deemed to be excessive request iterations are determined by predetermined criteria.
    Type: Grant
    Filed: August 27, 2019
    Date of Patent: June 8, 2021
    Assignee: SHAPE SECURITY, INC.
    Inventor: Marc Hansen
  • Patent number: 11025422
    Abstract: A cloud-native global file system in which a local filer creates objects and forward them to a cloud-based object store is augmented to include constant-time rekeying (CTR). At volume creation time on the filer, a random Intermediate Key (IK) is generated. The IK is encrypted using one or more public key(s) for the volume in question, and then stored in encrypted form in a volume metadata file (e.g., cloudvolume.xml) alongside the other volume information. Once created, the IK is treated like any other volume metadata. During startup of a volume manager on the filer, the one or more per-volume IK blobs (present) are decrypted using an appropriate secret key, and then cached in memory. All objects sent to the cloud are then symmetrically encrypted to the current IK for that volume. All objects read from the cloud are decrypted using the locally-cached IK.
    Type: Grant
    Filed: July 23, 2020
    Date of Patent: June 1, 2021
    Assignee: Nasuni Corporation
    Inventor: David M. Shaw
  • Patent number: 11025634
    Abstract: Embodiments for enhancing privacy and security of an image by a processor. Metadata associated with the image is configured with a usage designation, the usage designation having accompanying notification information for notifying an owner of the usage designation if a condition of the usage designation is met.
    Type: Grant
    Filed: August 8, 2016
    Date of Patent: June 1, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Swaminathan Balasubramanian, Radha M. De, Ashley D. Delport, Indrajit Poddar, Cheranellore Vasudevan
  • Patent number: 11023793
    Abstract: A communication apparatus accepts from a user a display setting regarding a two-dimensional code in which one or more parameters related to communication with a communication apparatus are encoded, and determines a parameter set that includes one or more parameters to be encoded in the two-dimensional code related to communication with the communication apparatus. When the accepted display setting is a first setting, a first two-dimensional code for a first application in which a first parameter set corresponding to the first setting is encoded is displayed, and when the accepted display setting is a second setting, a second two-dimensional code for a second application in which a second parameter set corresponding to the second setting is encoded and which is different from the first two-dimensional code is displayed, and wherein the first two-dimensional code includes a parameter that is not included in the second two-dimensional code.
    Type: Grant
    Filed: October 23, 2018
    Date of Patent: June 1, 2021
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Tsubasa Hirano
  • Patent number: 11017076
    Abstract: Certificate usage data is generated which identifies which processes or applications use which specific certificates. A certificate-specific usage model is generated based upon the certificate usage data and is used to detect anomalous usage of a certificate, by an application or process that has not previously used the certificate to authenticate itself to the computing system.
    Type: Grant
    Filed: August 8, 2018
    Date of Patent: May 25, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Nayantara Duttachoudhury, Kevin Lo
  • Patent number: 11017094
    Abstract: A method for generating a deserialization vulnerability report of a Java project, includes: determining, by a computing device, if interior knowledge of the Java project is available, and when the interior knowledge of the Java project isn't available, performing a black box analysis to generate the deserialization vulnerability report; and when the interior knowledge of the Java project is available, determining by the computing device if source code of the Java project is accessible, when the source code of the Java project is accessible, performing a white box analysis to generate the deserialization vulnerability report, and when the source code of the Java project isn't accessible, performing a gray box analysis to generate the deserialization vulnerability report.
    Type: Grant
    Filed: January 3, 2018
    Date of Patent: May 25, 2021
    Assignees: Beijing Jingdong Shangke Information Technology Co., Ltd., JD.com American Technologies Corporation
    Inventors: Fengguo Wei, Yueh-Hsun Lin
  • Patent number: 11003773
    Abstract: A method for generating rule recommendation utilized in a creation of malware detection rules is described. Meta-information associated with a plurality of events collected during a malware detection analysis of an object by a cybersecurity system is received and a first plurality of features is selected from the received meta-information. Machine learning (ML) models are applied to each of the first plurality of features to generate a score that represents a level of maliciousness for the feature and thereby a degree of usefulness of the feature in classifying the object as malicious or benign. Thereafter, a second plurality of features is selected as the salient features, which are used in creation of the malware detection rules in controlling subsequent operations of the cybersecurity system. The second plurality of features being lesser in number that the first plurality of features.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: May 11, 2021
    Assignee: FireEye, Inc.
    Inventors: Chunsheng Fang, Wei Quan, Richard Lai, Robert Venal, Benjamin Chang
  • Patent number: 10999258
    Abstract: Embodiments of the present disclosure may be used to securely transmit data between multiple computing devices. Among other things, this can greatly extend the range of data transmissions in comparison to fixed-position wireless beacons and access points.
    Type: Grant
    Filed: July 24, 2019
    Date of Patent: May 4, 2021
    Inventor: Emil Dides
  • Patent number: 10992674
    Abstract: A method for providing network access to a plurality of user entities through an access point, said access point comprising a LAN interface and a broadband network interface, the method comprising the following steps at a gateway device: establishing a second secure communication link with said access point; receiving an IP address allocation request from one of said plurality of user entities via said second secure communication link; accessing a AAA server to verify whether a successful authentication of said one of said plurality of user entities on the basis of data related to a mobile subscription associated with said one of said plurality of user entities has already taken place; and upon successful verification, completing an IP address allocation scheme with said one of said plurality of user entities and enabling relaying of data between said one of said plurality of user entities and a PDN; wherein said gateway device is adapted to aggregate a plurality of instances of second secure communication li
    Type: Grant
    Filed: June 4, 2012
    Date of Patent: April 27, 2021
    Assignee: Nokia Technologies Oy
    Inventors: Thierry Van De Velde, Wim Henderickx, Telemaco Melia
  • Patent number: 10986112
    Abstract: Disclosed herein are a method and system for collecting cyber threat intelligence (CTI) data. The system includes a management server that determines agent configuration values associated with an OSINT providing source, an agent that receives the agent configuration values from the management server, performs a data collection task for collecting the CTI data based on the agent configuration values, and transmits the CTI data and data collection status information to the management server, a threat information database where which the CTI data is logged, and a system database where the data collection status information is logged.
    Type: Grant
    Filed: October 29, 2018
    Date of Patent: April 20, 2021
    Assignee: KOREA INTERNET & SECURITY AGENCY
    Inventors: Nak Hyun Kim, Seul Gi Lee, Hyei Sun Cho, Byung Ik Kim, Jun Hyung Park
  • Patent number: 10986098
    Abstract: The current document is directed to reverse federated identity-management systems and to reverse-federated-identity-management methods employed by the reverse federated identity-management systems. The currently disclosed reverse-federated-identity-management systems automatically provision local proxy identities in distributed computers systems from which distributed resource-distribution systems allocate resources on behalf of users and clients of the distributed resource-distribution systems. In addition, the currently disclosed reverse-federated-identity-management systems automatically record associations of local proxy identities with users and clients of the distributed resource-distribution systems so that the users can be subsequently identified to auditing and monitoring organizations should the need for detailed auditing and monitoring subsequently arise.
    Type: Grant
    Filed: November 20, 2018
    Date of Patent: April 20, 2021
    Assignee: VMware, Inc.
    Inventors: Daniel James Beveridge, Anil Sharma
  • Patent number: 10965473
    Abstract: Methods, systems, and devices may be used for assigning names and bootstrapping of security credentials for Smart Objects inside a Digital Home environment. Methods, systems, and devices for identification and security bootstrapping of a smart object within a digital home environment may include automated assignment of a device level ID and security credential for each smart object in the home using a resource directory.
    Type: Grant
    Filed: March 21, 2019
    Date of Patent: March 30, 2021
    Assignee: Convida Wireless, LLC
    Inventors: Shamim Akbar Rahman, Dale N. Seed, Lijun Dong, Chonggang Wang, Quang Ly
  • Patent number: 10958427
    Abstract: In the embodiments of the present invention, a transmit optical signal includes a reference optical signal and a quantum optical signal, optical splitting processing and coherent coupling are performed on the transmit optical signal by using a local oscillator optical signal to obtain at least two coherently coupled optical signals, and then optical-to-electrical conversion and amplification are separately performed on a first coherently coupled optical signal that includes the reference optical signal and a second coherently coupled optical signal that includes the quantum optical signal, to obtain a first electrical signal and a second electrical signal. Then, phase frequency information between the local oscillator optical signal and the reference optical signal is obtained from the first electrical signal, and an original key is recovered from the second electrical signal based on the phase frequency information.
    Type: Grant
    Filed: August 29, 2018
    Date of Patent: March 23, 2021
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Changzheng Su
  • Patent number: 10931448
    Abstract: Applications executing on phones, tablets and other client devices can be designed to authenticate with network services, but reliably identifying a client device that is not previously known to the service can be difficult. A television receiver or other trusted device that is previously known to the service, however, can act as an intermediary for initially delivering the client's identifying data to the authentication service. After the authentication service has received reliable identifying information about the client from another trusted device, the service is able to directly authenticate the client device in subsequent transactions by requesting and verifying receipt of the same secret identifier.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: February 23, 2021
    Assignee: DISH Technologies L.L.C.
    Inventor: Vikal Kumar Jain
  • Patent number: 10931707
    Abstract: Automatic forensic investigation techniques to more effectively differentiate false positives from true positives. An incident is automatically investigated by a processor that communicates instructions to a device on a network and analyzes information received from the device in response to the instructions. In response to analyzing, the processor raises or lowers its level of confidence in the incident. If the processor's level of confidence in the incident is sufficiently high, the processor generates an output that indicates that the security of the network has been compromised. Otherwise, the processor ascertains that the incident is a false positive and may modify a criteria for alert generation.
    Type: Grant
    Filed: January 26, 2017
    Date of Patent: February 23, 2021
    Assignee: VERINT SYSTEMS LTD.
    Inventor: Vadim Pogulievsky
  • Patent number: 10911471
    Abstract: Systems and methods for network-based intrusion detection are provided. An anti-adversarial Hidden Markov Model can be used to effectively detect evasion patterns for network-based intrusion detection, using dynamic window and threshold techniques to achieve adaptive, anti-adversarial, and online learning abilities. The concepts of pattern entropy, pattern entropy reduction, window width, local optimal window width, and dynamic window can be used in the model.
    Type: Grant
    Filed: November 27, 2019
    Date of Patent: February 2, 2021
    Assignee: The Florida International University Board of Trustees
    Inventors: Chongya Song, Alexander Pons
  • Patent number: 10891357
    Abstract: A method and system for allowing an independent software vendor (ISV) access to proprietary software code for software of an organization has been developed. An ISV generates a login request that masquerades as a user of the software. A license management system that controls access to the software, is accessed and determines if two session IDs are present. The presence of two separate session IDs identifies the ISV and if detected, the ISV is allowed access to the proprietary software code. Finally, the organization is notified about the ISV's access to the proprietary software code.
    Type: Grant
    Filed: January 13, 2020
    Date of Patent: January 12, 2021
    Assignee: salesforce.com, inc.
    Inventors: Nicholas Chun Yuan Chen, Nathan Edward Lipke, David Ross Baker, Winston Chow, Jonathan Widjaja
  • Patent number: 10893466
    Abstract: The patent application is directed to a method for detecting a rogue device in a network including the step of providing an algorithm including predetermined criteria, executed by a processor, for identifying the rogue device. The method also includes a step of performing a cellular scan across the network. The method also includes a step of receiving, from the cellular scan, survey data including information of plural devices associated with the predetermined criteria. The method further includes a step of displaying, via a graphical user, a distribution curve including a calculated mean and a standard deviation based on the survey data for the predetermined criteria. The method also includes a step of comparing the information of one of the plural devices with statistically-calculated distribution curves.
    Type: Grant
    Filed: July 6, 2018
    Date of Patent: January 12, 2021
    Inventors: Jennifer Lynn Ryan, Ronald Lance Justin, Kerri Ann Stone