Patents Examined by Eleni Shiferaw
  • Patent number: 11075949
    Abstract: Certain embodiments described herein are generally directed to allocating security parameter index (“SPI”) values to a plurality of endpoints in a network. The SPI values may be derived using an SPI derivation formula and a plurality of parameters. In some embodiments, the SPI values may be derived by an endpoint and in other embodiments by a server. Using the SPI derivation formula and the plurality of parameters enables endpoints and servers to instantaneously derive SPI values without the need for servers to store them.
    Type: Grant
    Filed: February 2, 2017
    Date of Patent: July 27, 2021
    Assignee: Nicira, Inc.
    Inventors: Amit Chopra, Chen Li, Ganesan Chandrashekhar, Jinqiang Yang, Sanal Pillai, Bin Qian
  • Patent number: 11062031
    Abstract: According to one embodiment, an electronic device executes a specified software. The electronic device includes a first storage that stores the specified software, and a firmware that controls a hardware included in the electronic device. The firmware is started after the electronic device is powered on and before the specified software is executed. The firmware invalidates a password authentication when the electronic device is in a particular environment, and validates the password authentication when the electronic device is out of the particular environment.
    Type: Grant
    Filed: August 28, 2018
    Date of Patent: July 13, 2021
    Assignee: Toshiba Client Solutions CO., LTD.
    Inventor: Naoyuki Aizawa
  • Patent number: 11063906
    Abstract: The present invention relates to a method for managing IoT devices by a security fabric. A method is provided for managing IoT devices includes collecting, by analyzing tier, data of Internet of Things (IoT) devices from a plurality of data sources, abstracting, by analyzing tier, profiled element baselines (PEBs) of IoT devices from the data, wherein each PEB includes characteristics of IoT devices; retrieving, by executing tier, the PEBs from the analyzing tier, wherein the executing tier is configured to control network traffic of IoT devices of a private network; generating, by the executing tier, security policies for IoT devices from PEBs of the IoT devices; and controlling, by the executing tier, network traffic of the IoT devices of the private network to comply with the security policies.
    Type: Grant
    Filed: December 31, 2016
    Date of Patent: July 13, 2021
    Assignee: Fortinet, Inc.
    Inventors: John Lunsford Gregory Whittle, Jonathan Q. Nguyen-Duy, Michael Craig Woolfe
  • Patent number: 11057345
    Abstract: The present invention relates to methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the same type from PEBs. The executing tier controls network traffic of the IoT devices of the private network to comply with the security policies.
    Type: Grant
    Filed: December 31, 2016
    Date of Patent: July 6, 2021
    Assignee: Fortinet, Inc.
    Inventors: John Lunsford Gregory Whittle, Jonathan Q. Nguyen-Duy, Michael Craig Woolfe
  • Patent number: 11057344
    Abstract: The present invention relates to a methods, systems and non-transitory computer-readable storage medium for managing IoT devices by a security fabric. According to one embodiment, an analyzing tier collects data of Internet of Things (IoT) devices from a plurality of data sources and abstracts profiled element baselines (PEBs) of IoT devices of the same type from the data. An executing tier retrieves the PEBs from the analyzing tier and generates security policies for IoT devices of the same type from PEBs. The executing tier controls network traffic of the IoT devices of the private network to comply with the security policies.
    Type: Grant
    Filed: December 30, 2016
    Date of Patent: July 6, 2021
    Assignee: Fortinet, Inc.
    Inventors: John Lunsford Gregory Whittle, Jonathan Q. Nguyen-Duy, Michael Craig Woolfe
  • Patent number: 11055444
    Abstract: The disclosed computer-implemented method for controlling access to a peripheral device may include receiving an input/output request related to a process attempting to access the peripheral device. The method can also include determining an access state for the process indicative of whether the process will be allowed to gain access to the peripheral device. The access state can be based on a context property of the process. The method can further include responding to the input/output request with initiation of a virtual peripheral output from a virtual peripheral device if the access state is indicative of the process not being allowed access to the peripheral device. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: June 20, 2018
    Date of Patent: July 6, 2021
    Assignee: NortonLifeLock Inc.
    Inventor: Boovaragavan Dasarathan
  • Patent number: 11051126
    Abstract: This disclosure focuses on providing a technology framework for creating secure, location-based applications. The disclosure details a technology solution that can allow users to access secure information on commodity computation devices (e.g., tablets and smartphones) without a heavy infrastructure burden. The technology consists of a collection of software services that run on end-user devices, services on network accessible servers (e.g., cloud), and a specialized device that provides high-assurance location services atop a tamper resistant, trusted computation platform.
    Type: Grant
    Filed: May 2, 2017
    Date of Patent: June 29, 2021
    Assignee: FUJI XEROX CO., LTD.
    Inventors: Jacob Biehl, Adam Joseph Lee, Gerald Filby
  • Patent number: 11050789
    Abstract: Techniques for location based security in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. A system/process/computer program product for location based security in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a location for a new session; associating the location with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the location.
    Type: Grant
    Filed: June 15, 2017
    Date of Patent: June 29, 2021
    Assignee: Palo Alto Networks, Inc.
    Inventors: Sachin Verma, Leonid Burakovsky, Jesse C. Shu, Chang Li
  • Patent number: 11043299
    Abstract: Systems, methods, and software can be used to reduce network security risks in a medical care network. In some aspects, a method includes detecting, at a medical equipment monitor located in a network, an electronic device that is connected to the network; determining, by the medical equipment monitor, that the electronic device comprises a medical equipment; associating, by the medical equipment monitor, a security profile with the medical equipment, wherein the security profile includes one or more security parameters; detecting, by the medical equipment monitor, a conflict between a data transmission activity from the medical equipment and at least one security parameter in the security profile; and in response to detecting the conflict, transmitting, from the medical equipment monitor, a notification of the conflict to a medical equipment controller.
    Type: Grant
    Filed: October 31, 2017
    Date of Patent: June 22, 2021
    Assignee: BlackBerry Limited
    Inventor: Nader Saad Henein
  • Patent number: 11044764
    Abstract: A mobile computing device includes one or more interfaces to connect to one or more devices, and one or more processing devices, connected with the one or more interfaces. The one or more processing devices are to establish a first wireless connection with a first device. The first device lacks resources to connect to a cloud service directly. The one or more processing devices are also to receive data from the first device, provide the data to the cloud service, and in response to detecting a migration condition, disconnect the first wireless connection to allow establishment of a second wireless connection between the first device and a second device such that the second device receives subsequent data from the first device and provides the subsequent data to the cloud service.
    Type: Grant
    Filed: October 31, 2017
    Date of Patent: June 22, 2021
    Assignee: Ayla Networks, Inc.
    Inventors: Daniel J. Myers, III, Peter Hunt, Pankaj K. Gupta, Yipei Wang
  • Patent number: 11039213
    Abstract: Provided are a system and method for media content rights negotiation based on defined protocol for management of media content rights using distributed media rights transaction ledger. An initiating node determines acquisition requirement and/or receive request on behalf of other participant for media content rights of requested media content and traverses associated instance of distributed media rights transaction ledger to identify receiving entity node that has media content rights available for negotiation. Accordingly, initial media content rights negotiation transaction is issued, which includes offer for corresponding media content rights. The receiving entity node verifies an identity and signature of initiating entity from initial media content rights negotiation transaction, issues new media content rights negotiation transaction based on verification, evaluation, and/or acceptance of offer.
    Type: Grant
    Filed: January 11, 2019
    Date of Patent: June 15, 2021
    Assignee: Turner Broadcasting System, Inc.
    Inventors: Nicolas Paul Webb, Nishith Kumar Sinha
  • Patent number: 11038872
    Abstract: A network device includes a plurality of network interfaces respectively connected to a plurality of authentication servers that reside on different communication networks; and circuitry to: in response to reception of an authentication request from an information processing apparatus, select one of the plurality of authentication servers to be a transmission destination of the authentication request, based on condition information associated with the plurality of network interfaces; transmit the authentication request to the selected authentication server using one of the plurality of networks associated with the selected authentication server, and control transmission of authentication information to the information processing apparatus, based on an authentication result received from the selected authentication server in response to the authentication request.
    Type: Grant
    Filed: August 31, 2018
    Date of Patent: June 15, 2021
    Assignee: RICOH COMPANY, LTD.
    Inventor: Shinya Iwashita
  • Patent number: 11032302
    Abstract: A method, computer system, and computer program product that generates a whitelist for each subject device in a field area network (FAN). The whitelist includes one or more whitelist entries corresponding to one or more peer devices in the same FAN communicating with the subject device. Each whitelist entry includes one or more attribute values expected in respective traffic between the subject device and each peer device that is represented by a respective whitelist entry. The traffic in the FAN is monitored at one or more points of the FAN for anomaly by use of the whitelist.
    Type: Grant
    Filed: July 30, 2018
    Date of Patent: June 8, 2021
    Assignee: PERSPECTA LABS INC.
    Inventors: Federico Jose Garcia, Aditya Naidu, Stanley Pietrowicz
  • Patent number: 11025992
    Abstract: A system for validating an authorization request to facilitate controlling access to content or computer commands, in which the access is requested by multiple entities operated on discrete computing environments. The techniques make use of a system including a switchboard and a rule engine that collect parameter sets required for validation from the entities and dynamically generate a lock and key combination based on the collected parameter sets. The key of the lock and key combination allows the system to validate each entity independently regardless of the required parameters specified in the lock and key combination.
    Type: Grant
    Filed: September 16, 2015
    Date of Patent: June 1, 2021
    Assignee: TOUCHSTREAM TECHNOLOGIES, INC.
    Inventor: David Strober
  • Patent number: 11023621
    Abstract: The invention relates to a license-verification circuit for selectively activating one or more protected circuits (206) of a device (102) the license-verification circuit being capable of: deducing a device key from an identifier associated with the device (102); receiving a first license; decrypting the first license using the device key in order to extract a first verification code activating a first protected circuit by loading an activation code in an activation log (212) associated with the first protected circuit on the basis of a verification of the first verification code.
    Type: Grant
    Filed: July 6, 2016
    Date of Patent: June 1, 2021
    Assignees: Universite de Montpellier, Centre National de la Recherche Scientifique
    Inventors: Lionel Torres, Jérôme Rampon, Gaël Paul
  • Patent number: 11017089
    Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.
    Type: Grant
    Filed: October 24, 2019
    Date of Patent: May 25, 2021
    Assignee: Advanced Elemental Technologies, Inc.
    Inventors: Victor Henry Shear, Peter Robert Williams, Jaisook Rho, Timothy St. John Redmond
  • Patent number: 11012452
    Abstract: The disclosed computer-implemented method for establishing restricted interfaces for database applications may include analyzing, by a computing device, query behavior of an application for query requests from the application to a remote database in a computer system and identifying, based on the analysis, an expected query behavior for the application. The method may include establishing, between the application and the remote database, a restricted interface. The method may include receiving, at the restricted interface, a query request from the application to the remote database and limiting, by the restricted interface, the query request from the application to the remote database based on the expected query behavior. The method may include determining, by checking the query request against the expected query behavior, that the query request is anomalous query behavior and performing a security action with respect to the computer system.
    Type: Grant
    Filed: January 9, 2018
    Date of Patent: May 18, 2021
    Assignee: NortonLifeLock, Inc.
    Inventors: Daniel Kats, Daniel Marino
  • Patent number: 11012455
    Abstract: A method for modifying a user session lifecycle is provided. The method may include verifying a user session on a cloud service provider is valid. The method may also include monitoring a plurality of user behaviors exhibited during the verified user session. The method may further include determining a plurality of session data within an identity provider should be updated based on the monitored plurality of user behaviors and a policy within a database. The method may also include modifying the determined plurality of session data.
    Type: Grant
    Filed: April 3, 2019
    Date of Patent: May 18, 2021
    Assignee: International Business Machines Corporation
    Inventors: Shahnawaz Backer, Christopher J. Hockings, Codur S. Pranam, Rohit U. Satyanarayana
  • Patent number: 11010464
    Abstract: In illustrative implementations, shape is used to encode computer passwords or other information. The passwords may be easy for a human to remember—and yet have an extremely high number of permutations (e.g., in some cases, greater than 1030 permutations, or greater than 10261 permutations, or greater than 106264 permutations). This combination of a password being easy for a human to remember—yet having a large number of permutations—offers many practical benefits. Among other things, the huge number of permutations makes the password extremely resistant to guessing attacks. In addition, in some cases, the passwords that are created with the shapes are highly resistant to attacks by keystroke logging, mouse logging, touch-gesture logging, screen logging, shoulder surfing, phishing, and social engineering. Alternatively, the shapes may be used to encode other information, such as information that uniquely identifies a product or a machine part.
    Type: Grant
    Filed: August 13, 2020
    Date of Patent: May 18, 2021
    Inventor: Jonathan Cramer
  • Patent number: 11005843
    Abstract: A means and system is designed to distinguish human users from bots (automated programs to generate posts or interactions) in social media (including microblogging services and social networking services) by assigning a likelihood score to each user for being a human or a bot. The bot score assigned to each user is computed from statistical, temporal and text features that are detected in user's social media interactions (relative indicators specific to a given social media data set) and user's historical profile information.
    Type: Grant
    Filed: October 30, 2019
    Date of Patent: May 11, 2021
    Assignee: Intelligent Automation, Inc.
    Inventors: Yalin Evren Sagduyu, Ziad El-Jamous, Min Ding, Vikram Manikonda, Yi Shi