Patents Examined by Ellen Tran
  • Patent number: 11032266
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identifying a digital certificate associated with data and assigning a reputation to the digital certificate, where the digital certificate is classified as trusted if the digital certificate is included in an entry in a whitelist and the digital certificate is classified as untrusted if the digital certificate is included in an entry in a blacklist.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: June 8, 2021
    Assignee: McAfee, LLC
    Inventors: James Bean, Joel R. Spurlock, Cedric Cochin, Aditya Kapoor, Ramnath Venugopalan
  • Patent number: 11032297
    Abstract: Techniques for Domain Generation Algorithm (DGA) behavior detection are provided. In some embodiments, a system, process, and/or computer program product for DGA behavior detection includes receiving passive Domain Name System (DNS) data that comprises a plurality of DNS responses at a security device; and applying a signature to the passive DNS data to detect DGA behavior, in which applying the signature to the passive DNS data to detect DGA behavior further comprises: parsing each of the plurality of DNS responses to determine whether one or more of the plurality of DNS responses correspond to a non-existent domain (NXDOMAIN) response.
    Type: Grant
    Filed: May 19, 2020
    Date of Patent: June 8, 2021
    Assignee: Palo Alto Networks, Inc.
    Inventors: Wei Xu, Xin Ouyang
  • Patent number: 11018853
    Abstract: Systems and methods as described herein may include creating and monitoring workflows in a blockchain network. A workflow may be implemented by using a smart contract or the steps in the workflow may be recorded in a distributed ledger in a blockchain network. Completion of a workflow step may be verified by identifying a blockchain transaction executed by the workflow step performer assigned to the workflow step. The blockchain transaction is associated with encryption keys of the workflow step performer assigned to the workflow step. The completion of the execution of a workflow may be verified by determining whether the status of the last workflow step is complete, and identifying a blockchain transaction associated with encryption keys of the workflow step performer assigned to the last workflow step.
    Type: Grant
    Filed: April 13, 2020
    Date of Patent: May 25, 2021
    Assignee: Capital One Services, LLC
    Inventors: Jayaraman Ganeshmani, Jacob Creech
  • Patent number: 11018869
    Abstract: A method, software, and system for a Digital Identity Management (DIM) system is discussed. The system facilitates the creation of a Public Key/Private Key pair based user credentials using the Trusted Execution Environment in mobile phones, and is protected by DIM app with the user's biometrics and/or a PIN code. Identity tokens representing identity attributes of the user are issued by Issuing Parties using Hardware Security Modules and stored in the DIM app on the mobile device.
    Type: Grant
    Filed: February 28, 2020
    Date of Patent: May 25, 2021
    Assignee: Workday, Inc.
    Inventors: Prakash Sundaresan, Lionello G. Lunesu, Antoine Cote
  • Patent number: 10992706
    Abstract: Response to incorrect passwords being entered for usernames in attempts to access a computing system, each incorrect password is one-way hashed. The hashed incorrect passwords are stored within a database. High-frequency hashed incorrect passwords are determined from the stored hashed incorrect passwords. Each high-frequency hashed incorrect password corresponds to an incorrect password that was entered more than a threshold number of the attempts, regardless of the username for which the incorrect password was entered in any attempt. That the computing system is being subjected to a cyber attack is detected based on the determined high-frequency hashed incorrect passwords.
    Type: Grant
    Filed: April 30, 2019
    Date of Patent: April 27, 2021
    Assignee: NETIQ CORPORATION
    Inventors: Lloyd Burch, Michael F. Angelo, Baha Masoud
  • Patent number: 10977383
    Abstract: A method for encrypting database data includes generating an encryption key for a first file stored in a data store, wherein a table in a database comprises an entry pointing to the first file. The method includes generating a second file by encrypting the data the first file in the data store using the encryption key without modifying the first file. The method includes, in response to generating the second file, modifying the entry in the table to point to the second file, wherein the modification of the entry is performed atomically. A process for rekeying from the first file to the second file may happen in the background without blocking, interfering, or otherwise obstructing user interaction with a database system.
    Type: Grant
    Filed: October 5, 2016
    Date of Patent: April 13, 2021
    Assignee: Snowflake Inc.
    Inventors: Benoit Dageville, Peter Povinec, Philipp Thomas Unterbrunner, Martin Hentschel
  • Patent number: 10979426
    Abstract: A method is disclosed. The method includes a server computer receiving, from a user device, a first encrypted biometric template, wherein the server computer stores a plurality of encrypted enrollment biometric templates, and a table comprising a plurality of encrypted match values and corresponding unencrypted match values. The server computer can then, for each of the plurality of encrypted enrollment biometric templates, input the first encrypted biometric template and an encrypted enrollment biometric template into a function to obtain an encrypted match value. The server computer can then, for each of the plurality of encrypted enrollment biometric templates, determine if the encrypted match value corresponds to an unencrypted match value using the table, wherein the unencrypted match value is greater than a threshold. The server computer can then provide a notification to the user device or another device associated with the unencrypted match value.
    Type: Grant
    Filed: September 24, 2018
    Date of Patent: April 13, 2021
    Assignee: Visa International Service Association
    Inventors: Kim Wagner, Sunpreet Singh Arora, Lacey Best-Rowden
  • Patent number: 10965695
    Abstract: Systems and methods for matching and scoring sameness. In some embodiments, a computer-implemented method is provided, comprising acts of: identifying a plurality of first-degree anchor values from the first digital interaction, wherein the plurality of first-degree anchor values comprise first-degree anchor values X and Y; accessing a profile of the first-degree anchor value X, wherein: the profile of the first-degree anchor value X comprises a plurality of sets of second-degree anchor values; and each set of the plurality of sets of second-degree anchor values corresponds to a respective anchor type and comprises one or more second-degree anchor values of that anchor type; determining how closely the first-degree anchor values X and Y are associated; and generating an association score indicative of how closely the plurality of first-degree anchors are associated, based at least in part on how closely the first-degree anchor values X and Y are associated.
    Type: Grant
    Filed: June 8, 2017
    Date of Patent: March 30, 2021
    Assignee: Mastercard Technologies Canada ULC
    Inventors: Christopher Everett Bailey, Randy Lukashuk, Gary Wayne Richardson
  • Patent number: 10956574
    Abstract: A system and method for securing an application through an application-aware runtime agent can include: acquiring a code profile, instrumenting the application with a runtime agent according to the code profile, enforcing the runtime agent on the execution of the application, and responding to the runtime agent. Enforcing the runtime agent on the execution of the application can include monitoring the execution flow, which comprises of monitoring the utilization of the controls through the execution of the application; detecting a threat, which comprises identifying a section of the execution flow as a potential security threat; and regulating the execution flow to prevent or ameliorate the security threat. Responding to the runtime agent can include responding to the security threat and providing a user interface that may output runtime agent diagnostics and trigger alerts.
    Type: Grant
    Filed: October 8, 2018
    Date of Patent: March 23, 2021
    Assignee: ShiftLeft Inc.
    Inventors: Chetan Conikee, Manish Gupta, Vlad A Ionescu, Ignacio del Valle Alles
  • Patent number: 10956611
    Abstract: Aspects of the disclosure provide for mechanisms data anonymization. A method of the disclosure includes: receiving, by a processing device, a user input initiating anonymization of a first electronic document, wherein the first electronic document comprises at least one first data item relating to personally identifiable information and at least one second data item not related to the personally identifiable information; in response to receiving the user input, generating a second electronic document, wherein the second electronic document comprises a digital fingerprint of the first electronic document and the at least one second data item; and transmitting, to a server, the second electronic document as an anonymized version of the first electronic document.
    Type: Grant
    Filed: October 5, 2018
    Date of Patent: March 23, 2021
    Inventor: John J. Reilly
  • Patent number: 10944722
    Abstract: A novel method for managing firewall configuration of a software defined data center is provided. Such a firewall configuration is divided into multiple sections that each contains a set of firewall rules. Each tenant of the software defined data center has a corresponding set of sections in the firewall configuration. The method allows each tenant to independently access and update/manage its own corresponding set of sections. Multiple tenants or users are allowed to make changes to the firewall configuration simultaneously.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: March 9, 2021
    Assignee: NICIRA, INC.
    Inventors: Radha Popuri, Shadab Shah, James Joseph Stabile, Sameer Kurkure, Kaushal Bansal
  • Patent number: 10938786
    Abstract: An application using a VPN is programmed to transmit proxy traffic to a remote proxy server. Traffic to the proxy server is intercepted, shifted to user space, and processed according to one or more options. Traffic may be terminated by a local proxy that resolves domain names in traffic and requests referenced content. Intercepted traffic may include plain text data in headers that is encrypted before forwarding to a different proxy server. Traffic may be evaluated, such as a User Agent string in order to determine routing choices, such as blocking, throttling, local termination, transmitting through a VPN, or other options. Multiple VPNs may operate on the same user computer and proxy traffic may be intercepted and processed by transmitting it through a VPN, bypassing all VPNs, or routing through a different VPN.
    Type: Grant
    Filed: August 8, 2018
    Date of Patent: March 2, 2021
    Assignee: TWINGATE INC.
    Inventors: Eugene Lapidous, Sean Ghiocel, Maxim Molchanov, Eduardo Panisset
  • Patent number: 10929522
    Abstract: A method for authentication related to a software client application within a client computing device includes: in a first step, an authentication-related command and/or module is invoked by the software client application, and a first group of application protocol data units is exchanged between the client computing device and a subscriber identity module entity; in a second step, a subscriber identity module applet is triggered—via the first group of application protocol data units—to contact a subscriber identity module toolkit and/or to trigger an event, so as to invoke a command of the subscriber identity module toolkit; and in a third step, a second group of application protocol data units are exchanged between the client computing device and the subscriber identity module entity, wherein the subscriber identity module toolkit thereby triggers the client computing device to request a user action from the user of the client computing device.
    Type: Grant
    Filed: July 26, 2017
    Date of Patent: February 23, 2021
    Assignee: DEUTSCHE TELEKOM AG
    Inventors: Ruediger Jaensch, Michael Dupre
  • Patent number: 10929569
    Abstract: An intrusion detection and recovery system includes a copying module that creates a point-in-time copy of a storage level logical unit, the point-in-time copy including a volume copy of the storage level logical unit and a signature of the storage level logical unit, a comparison module that compares at least a portion of the point-in-time copy with a previous copy of the storage level logical unit, a judging module that, based on results of the comparison module, judges if a modification has occurred. A signature of the point-in-time copy is compared with a signature of the previous copy to detect a sign of an intrusion.
    Type: Grant
    Filed: May 20, 2019
    Date of Patent: February 23, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Bulent Abali, Mohammad Banikazemi, Dan Edward Poff
  • Patent number: 10924475
    Abstract: An authentication device is used to create a secure connection between an Internet of Things (IoT) device and a service provider, so that the IoT device is not limited to only the services of one specific provider or the specific services of the provider of the IoT device. In addition, multiple IoT devices purchased from several different providers can all be connected to the same service provider.
    Type: Grant
    Filed: November 30, 2015
    Date of Patent: February 16, 2021
    Assignees: ARM LIMITED, ARM IP LIMITED
    Inventors: Hannes Tschofenig, Remy Pottier
  • Patent number: 10917384
    Abstract: Methods, systems, and media for modifying firewall rules based on dynamic Internet Protocol (IP) addresses are provided. In some embodiments, the method comprises: receiving, from a database server, a request to modify a firewall rule of a firewall protecting a remote computer, wherein the request includes an IP address of a user device initiating a connection to the remote computer, and wherein the firewall rule indicates IP addresses of devices allowed to establish connections to the remote computer; determining whether the IP address of the user device is to be added to the firewall rule; and in response to determining that the IP address of the user device is to be added to the firewall rule, adding the current IP address to the firewall rule.
    Type: Grant
    Filed: September 12, 2017
    Date of Patent: February 9, 2021
    Assignees: Synergex Group, Pham Holdings, Inc.
    Inventor: Thien Van Pham
  • Patent number: 10917407
    Abstract: A method for providing extended control of media displayed on individual and groups of digital signs for use in near realtime scenarios by leveraging the short message service (SMS) as a transport mechanism to enable immediate temporary or permanent changes to displayed media shown on digital signage. Each SMS message utilizes command codes and variable arguments to query for information to be returned or indicate actions to be performed, providing a subset of the data and control mechanisms exposed by the digital signage management service. SMS endpoints are authenticated against a whitelist also containing a list of valid digital signage management groups with associated message routing information. Data requests require no additional validation, while action requests include a secondary verification as a protection against caller ID spoofing.
    Type: Grant
    Filed: November 14, 2018
    Date of Patent: February 9, 2021
    Assignee: XpoNet
    Inventors: Joshua Cohen, Michael Coupet, Gabriel Gilligan
  • Patent number: 10904214
    Abstract: A method includes, for a storage unit of a set of storage units of the DSN, performing at least one of determining whether a data access request for the storage unit is atypical, determining whether an error rate for the storage unit is atypical, and determining whether a response rate for the storage unit is atypical. When the at least one of the data access request, the error rate, and the response rate for the storage unit is atypical, the method continues by identifying the storage unit as having a security risk. The method continues by executing a security response for the storage unit based on the security risk.
    Type: Grant
    Filed: May 10, 2019
    Date of Patent: January 26, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Bart R. Cilfone
  • Patent number: 10896260
    Abstract: A system for determining vulnerability of an application container is provided. The system receives a report associating a first version of a software package with a vulnerability and a second version of the software package as being an update that fixes the vulnerability. The system receives the first version and the second version of the software package. The second version has one or more files that correspond to files in the first version. The system identifies a changed file in the first version of the software package that is different from a corresponding file in the second version of the software package. The system identifies a container file in an application container that matches the changed file in the first version of the software package. The system associates the identified container file with the vulnerability.
    Type: Grant
    Filed: October 16, 2018
    Date of Patent: January 19, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Shripad Nadgowda, Sastry Duri
  • Patent number: 10880278
    Abstract: In some aspects, a key establishment protocol is executed to generate a shared secret. A first entity calculates a first image curve EB representing an image of an elliptic curve E under a first isogeny ?B; calculates the shared secret based on the first image curve EB; receives a second image curve EA and a first pair of elliptic curve points {?A(PB), ?A(QB)} and from a second entity; obtains a basis {R, S}; calculates a third image curve EBA representing an image of the second image curve EA under a second isogeny ?B; calculates a third pair of elliptic curve points {?B(R), ?B(S)}; and sends the third image curve EBA and the third pair of elliptic curve points {?B(R), ?B(S)} to the second entity, wherein the third image curve EBA and the third pair of elliptic curve points {?B(R), ?B(S)} enable the second entity to compute the shared secret.
    Type: Grant
    Filed: October 3, 2019
    Date of Patent: December 29, 2020
    Assignee: ISARA Corporation
    Inventors: Victoria de Quehen, Edward William Eaton, Gustav Michael Gutoski, Christopher Leonardi