Patents Examined by Eric W Shepperd
  • Patent number: 11032304
    Abstract: A mechanism is provided in a data processing system comprising at least one processor and at least one memory, the at least one memory comprising instructions executed by the at least one processor to cause the at least one processor to implement an ontology based persistent attack campaign detection engine. In response to a security incident, the mechanism sends the security incident to an incident model microservice executing within the persistent attack campaign detection engine. The incident model microservice extracts artifacts from the incident, maps the artifacts to a graph topology data structure, and stores the graph topology data structure in a graph data storage.
    Type: Grant
    Filed: December 4, 2018
    Date of Patent: June 8, 2021
    Assignee: International Business Machines Corporation
    Inventors: Olanrewaju O. Okunlola, Christopher C. Fraser, Matthew P. Ouellette
  • Patent number: 11019497
    Abstract: Disclosed is an apparatus for managing a risk of a malware behavior in a mobile operating system, which includes: a deducing unit configured to deduce characteristics of a malware from results of a static analysis on mobile malware data and a dynamic analysis thereon under a virtual environment by using a blacklist including an indicator of compromise (IOC) utilized in an existing mobile malware.
    Type: Grant
    Filed: December 18, 2018
    Date of Patent: May 25, 2021
    Inventors: Kyung Ho Lee, Dahee Choi, Won Park, Junhyoung Oh, Ju Hyeon Lee, Chang Yeon Kim, Youngin You
  • Patent number: 11017118
    Abstract: While managing private data in cognitive surveys, a method, system, and computer program product may deploy a set of gather agents. Access credentials for a plurality of participants may be obtained from an encrypted data store and verified. The set of gather agents may gather a set of target data associated with the plurality of participants, and the set of target data may be collected according to a set of policy criteria. It may be determined whether one or more participants of the plurality of participants has requested to review a subset of the target data, and those participants may be prompted to review the subset of target data. It may be determined whether the one or more participants rejected the subset of target data. The subset of target data may be filtered, and the filtered subset of target data may be posted to a results database.
    Type: Grant
    Filed: November 30, 2018
    Date of Patent: May 25, 2021
    Assignee: International Business Machines Corporation
    Inventors: John D. Curtis, Sheela Shetty, Charlotte C. Dye, Derek V. Duoba, Anup M. Patil, Walter L. Tucker
  • Patent number: 11012428
    Abstract: Data items such as files or database records associated with particular applications (such as messaging applications and other applications) can be stored in one or more remote locations, such as a cloud storage system, and synchronized with other devices. The remote storage can be configured such that each application executing on a client device can only view data items stored at the remote location to which the application has permission to access. An access manager on each client device enforces application specific access policies. Storage at the remote location can be secured for each application associated with a user or user account, for example, using isolated containers. The cloud storage of data can be anonymized and anonymous group data can be stored in the cloud storage.
    Type: Grant
    Filed: February 28, 2018
    Date of Patent: May 18, 2021
    Assignee: Apple Inc.
    Inventors: Gokul Thirumalai, Ori Herrnstadt, Roberto Garcia, Yannick Sierra
  • Patent number: 11010457
    Abstract: Techniques described herein relate to generating and managing digital credentials using a digital credential platform in communication with various digital credential template owners and digital credential issuers. In some embodiments, a digital credential platform server may receive and coordinate requests and responses between the digital credential template owners and a set of digital credential issuers, to determine which digital credential issuers are authorized to issue digital credential based on which digital credential templates. The digital credential platform server may provide the authorized issuers with access to particular digital credential templates and the functionality to issue digital credentials to users based on any of the particular digital credential templates. Additional techniques described herein relate to tracking, analyzing, and reporting data metrics for issued digital credentials.
    Type: Grant
    Filed: August 21, 2018
    Date of Patent: May 18, 2021
    Assignee: CREDLY, INC.
    Inventors: Mark Thomas Mercury, Kurt Jarin Schmidt
  • Patent number: 10986076
    Abstract: A multilevel security (MLS) network is disclosed. The MLS network includes untrusted nodes (UTN) capable of receiving messages en route from a source node to a destination node, each message having an unencrypted outer header, an encrypted inner header, and a data payload. UTNs route messages toward their destination as directed by the outer header. Global trusted nodes (GTN) decrypt a portion of the inner header to validate source and destination information before routing the message forward. GTNs further modify the outer header to obfuscate source and destination information from the UTNs. Local trusted nodes (LTN) serve as gateway nodes into a local network. LTNs also validate source and destination information to regulate admission to the local network. LTNs include an address manager which decrypts an additional portion of the inner header to read local address data and generates local messages for routing through the local network.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: April 20, 2021
    Assignee: Rockwell Collins, Inc.
    Inventors: John G. Bendickson, James A. Marek
  • Patent number: 10984115
    Abstract: Embodiments of the invention are directed to a system, method, or computer program product for triple format preserving encryption for activity data transmissions. In particular the invention provides a secure platform for transmission and storage of data based on multi-level compounded encryption while preserving native data format post-encryption to allow compatibility of post-encryption data with existing systems. In particular, the invention is configured for generating a plurality of encryption keys such that each of the encryption keys are structured to preserve pre-encryption data format, post-encryption. The invention is further configured for sequentially compounding encryption of native format data using the plurality of encryption keys.
    Type: Grant
    Filed: December 4, 2018
    Date of Patent: April 20, 2021
    Inventors: Shankar R. Iyer, Maria Dominique, Navanith Keerthi
  • Patent number: 10979226
    Abstract: A system for authenticating a user and his local device to a secured remote service with symmetrical keys, which utilizes a PIN from the user and a unique random value from the local device in such a way that prevents the remote service from ever learning the user's PIN, or a hash of that PIN. The system also provides mutual authentication, verifying to the user and local device that the correct remote service is being used. At the same time, the system protects against PIN guessing attacks by requiring communication with the said remote service in order to verify if the correct PIN is known. Also, the system works in such a way as to change the random value stored on the user's local device after each authentication session.
    Type: Grant
    Filed: April 16, 2019
    Date of Patent: April 13, 2021
    Assignee: CybrSecurity Corporation
    Inventors: Roger E. Billings, John A. Billings
  • Patent number: 10979529
    Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.
    Type: Grant
    Filed: August 13, 2019
    Date of Patent: April 13, 2021
    Assignee: Apple Inc.
    Inventors: Srinivas Vedula, Daniel P. Carter, Gianpaolo Fasoli, Augustin J. Farrugia, Eugene Jivotovski
  • Patent number: 10972276
    Abstract: Aspects define a union mixed secure virtual machine image to include an encrypted code virtualization machine for code machine instructions of a first retrieved package; and an unsecure virtualization hypervisor that includes a non-encrypted code virtualization machine for code machine instructions of a second retrieved package and a non-encrypted data storage device.
    Type: Grant
    Filed: August 9, 2019
    Date of Patent: April 6, 2021
    Assignee: International Business Machines Corporation
    Inventors: Juscelino Candido De Lima Junior, Breno H. Leitao, Fabio M. Tanada
  • Patent number: 10958639
    Abstract: Systems for providing secure access to systems are provided. A computing device may receive a request to access functionality which may include login credentials of a user. Upon receiving the request to access functionality, the computing device may execute a scan of an area surrounding the computing device to detect any wearable devices within proximity of the computing device that are linked to the computing device. The authenticating information and, in some examples, detected, linked wearable device, may be validated. Based on the validation, authentication response data may be generated and transmitted to an authentication computing platform which may cause the authentication computing platform to validate the authentication response data and cause the computing device to connect to a client interface computing platform.
    Type: Grant
    Filed: February 27, 2018
    Date of Patent: March 23, 2021
    Assignee: Bank of America Corporation
    Inventors: Michael Toth, Hitesh Shah
  • Patent number: 10958657
    Abstract: A computer system receives a first information detailing a TLS fingerprint. A computer system determines an amount of bad transactions associated with the TLS fingerprint, wherein a bad transaction is a transaction involved in one or more fraudulent activities. The computer system determines whether the amount of bad transactions associated with the TLS fingerprint exceeds a threshold amount.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: March 23, 2021
    Assignee: PayPal, Inc.
    Inventors: Yuval Arie Bercovich, Ido Kantor, Maayan Liat Zohar, Elad Bichman, Zahid Nasiruddin Shaikh
  • Patent number: 10951600
    Abstract: Various systems and methods for domain authentication are described herein. In an example, the method may include detecting a domain from a request of a tenant for access to a farm. The method may also include identifying a presence of a site ID from a database of the farm based on the domain. The method may also include sending an authentication request to a default site or a custom site, the authentication request managed through a site manager based on the identified presence of the site ID in the database of the farm. The method may also include routing traffic from the tenant to the farm in response to satisfaction of the authentication request.
    Type: Grant
    Filed: May 8, 2017
    Date of Patent: March 16, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Kalyan K. Kona, Patrick J. Simek, Le Chang, Roshane Silva, Prashant Gaurav
  • Patent number: 10938806
    Abstract: The present disclosure provides a communication method and device. The method includes that: when an instruction for instructing transmitting user data via a direct communication connection is received, user verification information is acquired, the user verification information including verification data input through a first terminal; the user verification information is sent to a second terminal; when verification success information is received from the second terminal, a first direct communication connection is established with the second terminal; and the user data is sent to the second terminal via the first direct communication connection.
    Type: Grant
    Filed: November 13, 2017
    Date of Patent: March 2, 2021
    Inventor: Haiquan Li
  • Patent number: 10938788
    Abstract: Some embodiments provide a method for configuring a gateway datapath that processes data messages between a logical network implemented in a datacenter and an external network. The method receives configuration data including security policy rules for a logical router implemented by the datapath that indicate whether to apply a security protocol to certain data messages transmitted from a particular interface of the logical router. The method identifies a particular security policy rule that applies to data messages that (i) have a destination address in a set of destination addresses and (ii) meet at least one additional criteria. The method generates a static route, for a routing table used by the datapath to implement the logical router, that routes data messages with destination addresses in the set of destination addresses to the particular interface. The datapath applies the security policy rules for data messages transmitted from the particular interface.
    Type: Grant
    Filed: December 12, 2018
    Date of Patent: March 2, 2021
    Assignee: VMWARE, INC.
    Inventors: Yong Wang, Xinhua Hong, David J. Leroy, Kai-Wei Fan
  • Patent number: 10931453
    Abstract: Authentication of tokens and associated are used to provide a just-in-time key synchronization for user access to a service in a cloud computing environment which includes a plurality of availability zones with an identity service, a storage system, and a keystore. The encryption keys are distributed by the storage system based on a user access request containing a token with a payload and a current user cryptographic key. The token is then sent to the keystore to authenticate the user. The keystore authenticates the user and sends the token with the current cryptographic key to the storage system. The storage system receives the token with the current cryptographic key and grants access to the user for the service.
    Type: Grant
    Filed: March 5, 2018
    Date of Patent: February 23, 2021
    Assignee: International Business Machines Corporation
    Inventors: Fernando J. Diaz, Shawn P. Mullen, Michael Perng, Karen Mariela Siles, Elvin Dalipe Tubillara
  • Patent number: 10924480
    Abstract: In one embodiment, an IoT server includes: processing circuitry, an I/O module operative to communicate with at least an IoT device and a vendor network server, and an onboarding application and operative to at least: receive an onboarding request from the IoT device via the I/O module, send a confirmation request to the vendor network server via the I/O module, where the confirmation request indicates a request to confirm an identity of the IoT device according to a connection to a network device authenticated by the vendor network server, receive a confirmation response from the vendor network server via the I/O module, where the confirmation response indicates whether the IoT device is connected to the network device, and if the confirmation response is a positive confirmation response that indicates that the IoT device is connected to the network device, onboard the IoT device for participation in an IoT-based system.
    Type: Grant
    Filed: February 28, 2018
    Date of Patent: February 16, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Santosh Ramrao Patil, Gangadharan Byju Pularikkal, Sourav Chakraborty, Madhusudan Nanjanagud
  • Patent number: 10911956
    Abstract: Methods, systems, and apparatuses are described for identifying unauthorized (e.g., rogue) access points. Authorized access points can detect the presence of rogue access points by determining signal strengths associated with other access points. A detected variance from an expected signal strength can indicate a presence of a rogue access point.
    Type: Grant
    Filed: November 10, 2017
    Date of Patent: February 2, 2021
    Inventors: Ryan Van Antwerp, James Bradley Hein
  • Patent number: 10902242
    Abstract: Methods and systems are described for creating irrefutable binding data for a data file. An input sequence of data elements is derived based on information from the data file. A graphical representation of input regions corresponding to the input sequence of data elements is output on a display, superimposed on captured image data including a visible feature of a user associated with the data file. User input of each data element of the input sequence is captured by tracking the visible feature through the corresponding input regions, and the binding data is created from the captured images as the visible feature is tracked through the input regions.
    Type: Grant
    Filed: October 11, 2019
    Date of Patent: January 26, 2021
    Inventors: Martin Tomlinson, Cen Jung Tjhai, Andersen Cheng
  • Patent number: 10891360
    Abstract: Certain implementations include systems and methods for improving knowledge-based-authentication (KBA) identity authentication questions.
    Type: Grant
    Filed: November 6, 2019
    Date of Patent: January 12, 2021
    Assignee: LexisNexis Risk Solutions Inc.
    Inventors: Tamir Nygate, Benny Rotem, Elina Yaakobovich