Patents Examined by Ellen Tran
  • Patent number: 11063960
    Abstract: According to one embodiment, a web application layer attack detector (AD) is coupled between an HTTP client and a web application server. Responsive to receipt of a set of packets from the HTTP client carrying a web application layer message that violates a condition of a security rule, the AD transmits an alert package to an automatic attribute value generation and rule feedback module (AVGRFM). The AVGRFM uses the alert package, and optionally other alert packages from the same AD or other ADs, to automatically generate a new set of attribute values for each of a set of attribute identifiers for use, by the AD or other ADs, in a different security rule than the violated security rule. The new set of attribute values may be used in an attack specific rule to detect a previously unknown web application layer attack.
    Type: Grant
    Filed: August 8, 2017
    Date of Patent: July 13, 2021
    Assignee: Imperva, Inc.
    Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman
  • Patent number: 11051162
    Abstract: A method for anonymously identifying a security module by a server. The method includes: receiving, from the module, a request for the address of a server managing subscription data of an operator, the request including a current identification value of the module, which depends on an identifier of the module and a current date; searching for the current identification value in at least one set of identification values, the set being associated with an operator and including, for a given module, a plurality of identification values, which are calculated depending on the identifier of the module and a date, the date varying for the plurality of identification values of the set between a start date and an end date; and sending, to the security module, the address of the server managing subscription data associated with the operator when the current identification value appears in the set of identification values.
    Type: Grant
    Filed: November 9, 2016
    Date of Patent: June 29, 2021
    Assignee: ORANGE
    Inventors: Amira Barki, Said Gharout, Jacques Traore, Laurent Coureau
  • Patent number: 11048706
    Abstract: Various systems and methods are provided that retrieve raw data from issuers, reorganize the raw data, analyze the reorganized data to determine whether the risky or malicious activity is occurring, and generate alerts to notify users of possible malicious activity. For example, the raw data is included in a plurality of tables. The system joins one or more tables to reorganize the data using several filtering techniques to reduce the processor load required to perform the join operation. Once the data is reorganized, the system executes one or more rules to analyze the reorganized data. Each rule is associated with a malicious activity. If any of the rules indicate that malicious activity is occurring, the system generates an alert for display to a user in an interactive user interface.
    Type: Grant
    Filed: May 23, 2019
    Date of Patent: June 29, 2021
    Assignee: Palantir Technologies Inc.
    Inventors: Craig Saperstein, Eric Schwartz, Hongjai Cho
  • Patent number: 11050790
    Abstract: A compliance checker to verify that a device complies with a policy is described. In one embodiment, the compliance checker comprises a compliance checker agent, to initiate the compliance check, in response to receiving the request, and an encryption checker to obtain an original data and a data stored on the storage. The system further comprising a comparator to determine whether known data read from the upper driver is identical to known data read from the lower driver. The compliance checker plug-in in one embodiment verifies the compliance status of the device, based on the data from the comparator.
    Type: Grant
    Filed: May 11, 2020
    Date of Patent: June 29, 2021
    Assignee: Alertsec, Inc.
    Inventors: Ebba Ulrika Margareta Blitz, Leif Olov Billstrom, Kurt Uno Lennartsson, Hans Fredrik Loevstedt, Erik Magnus Ahlberg
  • Patent number: 11032297
    Abstract: Techniques for Domain Generation Algorithm (DGA) behavior detection are provided. In some embodiments, a system, process, and/or computer program product for DGA behavior detection includes receiving passive Domain Name System (DNS) data that comprises a plurality of DNS responses at a security device; and applying a signature to the passive DNS data to detect DGA behavior, in which applying the signature to the passive DNS data to detect DGA behavior further comprises: parsing each of the plurality of DNS responses to determine whether one or more of the plurality of DNS responses correspond to a non-existent domain (NXDOMAIN) response.
    Type: Grant
    Filed: May 19, 2020
    Date of Patent: June 8, 2021
    Assignee: Palo Alto Networks, Inc.
    Inventors: Wei Xu, Xin Ouyang
  • Patent number: 11032266
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identifying a digital certificate associated with data and assigning a reputation to the digital certificate, where the digital certificate is classified as trusted if the digital certificate is included in an entry in a whitelist and the digital certificate is classified as untrusted if the digital certificate is included in an entry in a blacklist.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: June 8, 2021
    Assignee: McAfee, LLC
    Inventors: James Bean, Joel R. Spurlock, Cedric Cochin, Aditya Kapoor, Ramnath Venugopalan
  • Patent number: 11018869
    Abstract: A method, software, and system for a Digital Identity Management (DIM) system is discussed. The system facilitates the creation of a Public Key/Private Key pair based user credentials using the Trusted Execution Environment in mobile phones, and is protected by DIM app with the user's biometrics and/or a PIN code. Identity tokens representing identity attributes of the user are issued by Issuing Parties using Hardware Security Modules and stored in the DIM app on the mobile device.
    Type: Grant
    Filed: February 28, 2020
    Date of Patent: May 25, 2021
    Assignee: Workday, Inc.
    Inventors: Prakash Sundaresan, Lionello G. Lunesu, Antoine Cote
  • Patent number: 11018853
    Abstract: Systems and methods as described herein may include creating and monitoring workflows in a blockchain network. A workflow may be implemented by using a smart contract or the steps in the workflow may be recorded in a distributed ledger in a blockchain network. Completion of a workflow step may be verified by identifying a blockchain transaction executed by the workflow step performer assigned to the workflow step. The blockchain transaction is associated with encryption keys of the workflow step performer assigned to the workflow step. The completion of the execution of a workflow may be verified by determining whether the status of the last workflow step is complete, and identifying a blockchain transaction associated with encryption keys of the workflow step performer assigned to the last workflow step.
    Type: Grant
    Filed: April 13, 2020
    Date of Patent: May 25, 2021
    Assignee: Capital One Services, LLC
    Inventors: Jayaraman Ganeshmani, Jacob Creech
  • Patent number: 10992706
    Abstract: Response to incorrect passwords being entered for usernames in attempts to access a computing system, each incorrect password is one-way hashed. The hashed incorrect passwords are stored within a database. High-frequency hashed incorrect passwords are determined from the stored hashed incorrect passwords. Each high-frequency hashed incorrect password corresponds to an incorrect password that was entered more than a threshold number of the attempts, regardless of the username for which the incorrect password was entered in any attempt. That the computing system is being subjected to a cyber attack is detected based on the determined high-frequency hashed incorrect passwords.
    Type: Grant
    Filed: April 30, 2019
    Date of Patent: April 27, 2021
    Assignee: NETIQ CORPORATION
    Inventors: Lloyd Burch, Michael F. Angelo, Baha Masoud
  • Patent number: 10979426
    Abstract: A method is disclosed. The method includes a server computer receiving, from a user device, a first encrypted biometric template, wherein the server computer stores a plurality of encrypted enrollment biometric templates, and a table comprising a plurality of encrypted match values and corresponding unencrypted match values. The server computer can then, for each of the plurality of encrypted enrollment biometric templates, input the first encrypted biometric template and an encrypted enrollment biometric template into a function to obtain an encrypted match value. The server computer can then, for each of the plurality of encrypted enrollment biometric templates, determine if the encrypted match value corresponds to an unencrypted match value using the table, wherein the unencrypted match value is greater than a threshold. The server computer can then provide a notification to the user device or another device associated with the unencrypted match value.
    Type: Grant
    Filed: September 24, 2018
    Date of Patent: April 13, 2021
    Assignee: Visa International Service Association
    Inventors: Kim Wagner, Sunpreet Singh Arora, Lacey Best-Rowden
  • Patent number: 10977383
    Abstract: A method for encrypting database data includes generating an encryption key for a first file stored in a data store, wherein a table in a database comprises an entry pointing to the first file. The method includes generating a second file by encrypting the data the first file in the data store using the encryption key without modifying the first file. The method includes, in response to generating the second file, modifying the entry in the table to point to the second file, wherein the modification of the entry is performed atomically. A process for rekeying from the first file to the second file may happen in the background without blocking, interfering, or otherwise obstructing user interaction with a database system.
    Type: Grant
    Filed: October 5, 2016
    Date of Patent: April 13, 2021
    Assignee: Snowflake Inc.
    Inventors: Benoit Dageville, Peter Povinec, Philipp Thomas Unterbrunner, Martin Hentschel
  • Patent number: 10965695
    Abstract: Systems and methods for matching and scoring sameness. In some embodiments, a computer-implemented method is provided, comprising acts of: identifying a plurality of first-degree anchor values from the first digital interaction, wherein the plurality of first-degree anchor values comprise first-degree anchor values X and Y; accessing a profile of the first-degree anchor value X, wherein: the profile of the first-degree anchor value X comprises a plurality of sets of second-degree anchor values; and each set of the plurality of sets of second-degree anchor values corresponds to a respective anchor type and comprises one or more second-degree anchor values of that anchor type; determining how closely the first-degree anchor values X and Y are associated; and generating an association score indicative of how closely the plurality of first-degree anchors are associated, based at least in part on how closely the first-degree anchor values X and Y are associated.
    Type: Grant
    Filed: June 8, 2017
    Date of Patent: March 30, 2021
    Assignee: Mastercard Technologies Canada ULC
    Inventors: Christopher Everett Bailey, Randy Lukashuk, Gary Wayne Richardson
  • Patent number: 10956611
    Abstract: Aspects of the disclosure provide for mechanisms data anonymization. A method of the disclosure includes: receiving, by a processing device, a user input initiating anonymization of a first electronic document, wherein the first electronic document comprises at least one first data item relating to personally identifiable information and at least one second data item not related to the personally identifiable information; in response to receiving the user input, generating a second electronic document, wherein the second electronic document comprises a digital fingerprint of the first electronic document and the at least one second data item; and transmitting, to a server, the second electronic document as an anonymized version of the first electronic document.
    Type: Grant
    Filed: October 5, 2018
    Date of Patent: March 23, 2021
    Inventor: John J. Reilly
  • Patent number: 10956574
    Abstract: A system and method for securing an application through an application-aware runtime agent can include: acquiring a code profile, instrumenting the application with a runtime agent according to the code profile, enforcing the runtime agent on the execution of the application, and responding to the runtime agent. Enforcing the runtime agent on the execution of the application can include monitoring the execution flow, which comprises of monitoring the utilization of the controls through the execution of the application; detecting a threat, which comprises identifying a section of the execution flow as a potential security threat; and regulating the execution flow to prevent or ameliorate the security threat. Responding to the runtime agent can include responding to the security threat and providing a user interface that may output runtime agent diagnostics and trigger alerts.
    Type: Grant
    Filed: October 8, 2018
    Date of Patent: March 23, 2021
    Assignee: ShiftLeft Inc.
    Inventors: Chetan Conikee, Manish Gupta, Vlad A Ionescu, Ignacio del Valle Alles
  • Patent number: 10944722
    Abstract: A novel method for managing firewall configuration of a software defined data center is provided. Such a firewall configuration is divided into multiple sections that each contains a set of firewall rules. Each tenant of the software defined data center has a corresponding set of sections in the firewall configuration. The method allows each tenant to independently access and update/manage its own corresponding set of sections. Multiple tenants or users are allowed to make changes to the firewall configuration simultaneously.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: March 9, 2021
    Assignee: NICIRA, INC.
    Inventors: Radha Popuri, Shadab Shah, James Joseph Stabile, Sameer Kurkure, Kaushal Bansal
  • Patent number: 10938786
    Abstract: An application using a VPN is programmed to transmit proxy traffic to a remote proxy server. Traffic to the proxy server is intercepted, shifted to user space, and processed according to one or more options. Traffic may be terminated by a local proxy that resolves domain names in traffic and requests referenced content. Intercepted traffic may include plain text data in headers that is encrypted before forwarding to a different proxy server. Traffic may be evaluated, such as a User Agent string in order to determine routing choices, such as blocking, throttling, local termination, transmitting through a VPN, or other options. Multiple VPNs may operate on the same user computer and proxy traffic may be intercepted and processed by transmitting it through a VPN, bypassing all VPNs, or routing through a different VPN.
    Type: Grant
    Filed: August 8, 2018
    Date of Patent: March 2, 2021
    Assignee: TWINGATE INC.
    Inventors: Eugene Lapidous, Sean Ghiocel, Maxim Molchanov, Eduardo Panisset
  • Patent number: 10929522
    Abstract: A method for authentication related to a software client application within a client computing device includes: in a first step, an authentication-related command and/or module is invoked by the software client application, and a first group of application protocol data units is exchanged between the client computing device and a subscriber identity module entity; in a second step, a subscriber identity module applet is triggered—via the first group of application protocol data units—to contact a subscriber identity module toolkit and/or to trigger an event, so as to invoke a command of the subscriber identity module toolkit; and in a third step, a second group of application protocol data units are exchanged between the client computing device and the subscriber identity module entity, wherein the subscriber identity module toolkit thereby triggers the client computing device to request a user action from the user of the client computing device.
    Type: Grant
    Filed: July 26, 2017
    Date of Patent: February 23, 2021
    Assignee: DEUTSCHE TELEKOM AG
    Inventors: Ruediger Jaensch, Michael Dupre
  • Patent number: 10929569
    Abstract: An intrusion detection and recovery system includes a copying module that creates a point-in-time copy of a storage level logical unit, the point-in-time copy including a volume copy of the storage level logical unit and a signature of the storage level logical unit, a comparison module that compares at least a portion of the point-in-time copy with a previous copy of the storage level logical unit, a judging module that, based on results of the comparison module, judges if a modification has occurred. A signature of the point-in-time copy is compared with a signature of the previous copy to detect a sign of an intrusion.
    Type: Grant
    Filed: May 20, 2019
    Date of Patent: February 23, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Bulent Abali, Mohammad Banikazemi, Dan Edward Poff
  • Patent number: 10924475
    Abstract: An authentication device is used to create a secure connection between an Internet of Things (IoT) device and a service provider, so that the IoT device is not limited to only the services of one specific provider or the specific services of the provider of the IoT device. In addition, multiple IoT devices purchased from several different providers can all be connected to the same service provider.
    Type: Grant
    Filed: November 30, 2015
    Date of Patent: February 16, 2021
    Assignees: ARM LIMITED, ARM IP LIMITED
    Inventors: Hannes Tschofenig, Remy Pottier
  • Patent number: 10917407
    Abstract: A method for providing extended control of media displayed on individual and groups of digital signs for use in near realtime scenarios by leveraging the short message service (SMS) as a transport mechanism to enable immediate temporary or permanent changes to displayed media shown on digital signage. Each SMS message utilizes command codes and variable arguments to query for information to be returned or indicate actions to be performed, providing a subset of the data and control mechanisms exposed by the digital signage management service. SMS endpoints are authenticated against a whitelist also containing a list of valid digital signage management groups with associated message routing information. Data requests require no additional validation, while action requests include a secondary verification as a protection against caller ID spoofing.
    Type: Grant
    Filed: November 14, 2018
    Date of Patent: February 9, 2021
    Assignee: XpoNet
    Inventors: Joshua Cohen, Michael Coupet, Gabriel Gilligan