Patents Examined by Farid Homayounmehr
-
Patent number: 11171983Abstract: Embodiments are directed toward techniques to detect a first function associated with an address space initiating a call instruction to a second function in the address space, the first function to call the second function in a deprivileged mode of operation, and define accessible address ranges for segments of the address space for the second function, each segment to a have a different address range in the address space where the second function is permitted to access in the deprivileged mode of operation, Embodiments include switching to the stack associated with the second address space and the second function, and initiating execution of the second function in the deprivileged mode of operation.Type: GrantFiled: June 29, 2018Date of Patent: November 9, 2021Assignee: INTEL CORPORATIONInventors: Vadim Sukhomlinov, Kshitij Doshi, Michael Lemay, Dmitry Babokin, Areg Melik-Adamyan
-
Patent number: 11165826Abstract: An example operation may include one or more of generating a data block for a hash-linked chain of blocks stored on a distributed ledger and accessible to a plurality of computing nodes of a blockchain network, storing governance policies within the data block, the governance polices governing interaction with the hash-linked chain of blocks, and transmitting the generated data block with the encoded governance policies therein to a plurality of peer nodes of the distributed ledger.Type: GrantFiled: July 2, 2018Date of Patent: November 2, 2021Assignee: International Business Machines CorporationInventors: Meeta Vouk, Gari Singh, Jason K. Yellick, Gennaro A. Cuomo
-
Patent number: 11157601Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for obtaining identity verification information of a patient. Verifying the patient's identity by: obtaining an indication that the patient identification document is authentic, and verifying that the representation of a biometric of the patient corresponds to a biometric indicated on the patient identification document. Determining that a physical location of a computing device is proximate to a physical location of the patient. In response to verifying the patient and determining that the physical location of the computing device is proximate to the physical location of the patient, determining eligibility of the patient to receive services from the service provider.Type: GrantFiled: August 3, 2018Date of Patent: October 26, 2021Assignee: MorphoTrust USA, LLCInventor: Stephen Miu
-
Patent number: 11153085Abstract: Techniques are presented for (a) securely maintaining, by a computing device, a set of correspondences between encryption keys and key identifiers, (b) receiving, by the computing device, a cryptographic request from a remote device received across the network, the cryptographic request including credentials, data to be cryptographically processed, and a key identifier to be used for cryptographic processing, and (c) in response to successfully authenticating the cryptographic request: (1) obtaining, by the computing device with reference to the set of correspondences, an encryption key corresponding to the key identifier, (2) cryptographically processing, by the computing device, the received data using the obtained encryption key to generate cryptographically-processed data, and (3) sending the cryptographically-processed data from the computing device across the network to the remote device.Type: GrantFiled: October 30, 2018Date of Patent: October 19, 2021Assignee: EMC IP Holding Company LLCInventors: Sridhar Villapakkam, Ajit Bhagwat, Frank S. Caccavale
-
Patent number: 11144635Abstract: An embodiment of restricted command set management permits a storage controller to execute commands of a restricted command set if authorized. A command determined to be within the restricted command set is encrypted by a host prior to sending the encrypted command to a storage controller for execution. The command may be encrypted using a key shared between the host and the storage controller. The shared key may be generated by the host and encrypted by the host using a public key of a public-private key maintained by the storage controller. The encrypted shared key may be decrypted by the storage controller using the private key of the public-private key maintained by the storage controller. Execution of commands of the restricted command set is prevented absent proper decryption of the commands sent by the host. Other features and aspects may be realized, depending upon the particular application.Type: GrantFiled: November 6, 2018Date of Patent: October 12, 2021Assignee: International Business Machines CorporationInventors: Peter G. Sutton, Roger G. Hathorn, Harry M. Yudenfriend
-
Patent number: 11146543Abstract: Disclosed are various approaches for retrieving contacts from a plurality of federated services. A query is received from a client application executing on a client device, the query comprising a single sign-on token that identifies a user and a character string. A number of federated services that the user has permission to access are then identified. A plurality of authentication tokens are then retrieved from an authentication service, each of the plurality of authentication tokens identifying the user to a respective one of the plurality of federated services. Next, the authentication token and the character string are provided to a respective connector for each of the plurality of federated services that the user has permission to access. A plurality of responses are received, each of the plurality of responses being received from the respective connector corresponding to each of the plurality of federated services that the user has permission to access.Type: GrantFiled: July 12, 2018Date of Patent: October 12, 2021Assignee: VMware, Inc.Inventors: William Christian Pinner, David Shaw, Evan Hurst
-
Patent number: 11140136Abstract: The disclosed computer-implemented method for enhancing user privacy may include (i) intercepting, by a privacy-protecting network proxy, network traffic between a client device and a server device, the client device being protected by a network-based privacy solution that inhibits browser fingerprinting through the privacy-protecting network proxy, (ii) detecting, at the privacy-protecting network proxy, that the network traffic indicates an attempt by a browser fingerprinting service to perform browser fingerprinting on the client device, and (iii) modifying, at the privacy-protecting network proxy based on the detecting of the attempt to perform browser fingerprinting, the intercepted network traffic such that browser fingerprinting performed by the browser fingerprinting service is at least partially inhibited. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: August 30, 2020Date of Patent: October 5, 2021Assignee: NortonLifeLock Inc.Inventors: Qing Li, Chris Ciborowski
-
Patent number: 11138313Abstract: A device may receive a file that has been downloaded, or is to be downloaded, to a user device, and that is to be subject to a malware detection procedure. The device may obtain, based on one or more file identification properties of the file, metadata identifying user interactions associated with the file. The metadata may include a first group of user interactions performed when the file was accessed on the user device or a second group of user interactions performed when the file was accessed on one or more other user devices. The device may test the file in a sandbox environment to obtain a result by performing the user interactions identified by the metadata and executing the malware detection procedure to determine whether the file is malware. The device may provide a notification to cause the user device to perform actions when the file is malware.Type: GrantFiled: August 13, 2018Date of Patent: October 5, 2021Assignee: Juniper Networks, Inc.Inventors: Krishna Sathyanarayana, Anoop Wilbur Saldanha, Abhijit Mohanta
-
Patent number: 11140200Abstract: A device may receive a network policy, the network policy specifying: a matching criteria and an action to be performed on network traffic that matches the matching criteria. The device may generate type-length-value (TLV) data based on the network policy, a value portion of the TLV data including data specifying the network policy. In addition, the device may add the TLV data to a Connectivity Fault Management (CFM) packet and transmit the CFM packet to a separate device to cause the network policy to be implemented on the separate device.Type: GrantFiled: February 7, 2018Date of Patent: October 5, 2021Assignee: Juniper Networks, Inc.Inventors: Vamsi Krishna A, Paleti Venkata Ramana, Prabhu Raj V. K., Viswanath K J
-
Patent number: 11140194Abstract: Disclosed embodiments relate to systems and methods for measuring and comparing security efficiency and importance in virtualized environments. Techniques include identifying a plurality of virtualized computing environments and calculating, for a first of the plurality of virtualized computing environments, a security-sensitivity status, the security-sensitivity status being based on at least: a size attribute of the first virtualized computing environment; an activity level of the first virtualized computing environment; a sensitivity level of the first virtualized computing environment; and a security level of the first virtualized computing environment. Further techniques include accessing a reference security-sensitivity status corresponding to the first virtualized computing environment; comparing the security-sensitivity status of the first virtualized computing environment with the reference security-sensitivity status; and identifying, based on the comparing, a security-sensitivity status gap.Type: GrantFiled: June 15, 2020Date of Patent: October 5, 2021Assignee: CyberArk Software Ltd.Inventors: Asaf Hecht, Tal Kandel
-
Patent number: 11133941Abstract: Methods and apparatus for hardware based file/document expiry timer enforcement is disclosed. An example method includes instructing, by executing an instruction with a processor, a trusted execution environment to generate an encryption key and a certificate for a document, the certificate including expiry information for the document, the certificate associated with identification information of the document, and the expiry information indicative of a time period for which the encryption key is valid to decrypt the document; encrypting, by executing an instruction with the processor, the document using the encryption key; transmitting the certificate to a first remote network storage device; and transmitting the document to a second remote network storage device.Type: GrantFiled: January 29, 2020Date of Patent: September 28, 2021Assignee: MCAFEE, LLCInventors: Hormuzd M. Khosravi, Alex Nayshtut, Igor Muttik
-
Patent number: 11128626Abstract: Particular embodiments described herein provide for a network element that can be configured to receive, from an electronic device, a request to access a network service. In response to the request, the network element can send data related to the network service to the electronic device and add a test link to the data related to the network service. The network element can also be configured to determine if the test link was successfully executed and classify the electronic device as untrusted if the test link was not successfully executed.Type: GrantFiled: December 23, 2019Date of Patent: September 21, 2021Assignee: McAfee, LLCInventors: Martin Stecher, Andre Sabban
-
Patent number: 11128622Abstract: A method for processing a data request is performed by an access device, and includes receiving, from a user terminal, the data request including data information of target data, obtaining the data information from the data request, searching for a storage device identifier and first authentication information, based on the data information, and sending the first authentication information and the data information, to a storage device corresponding to the storage device identifier, to enable the storage device to perform authentication on the first authentication information, and to enable the storage device to, in response to the authentication succeeding, obtain the target data indicated by the data information. The method further includes receiving, from the storage device, the target data, and sending the target data to the user terminal, to respond to the data request.Type: GrantFiled: June 26, 2018Date of Patent: September 21, 2021Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITEDInventors: Yong Dong Wu, Feiling Fu
-
Patent number: 11128448Abstract: In a storage system that includes a plurality of storage devices configured into one or more write groups, quorum-aware secret sharing may include: encrypting a device key for each storage device using a master secret; generating a plurality of shares from the master secret such that a minimum number of storage devices required from each write group for a quorum to boot the storage system is not less than a minimum number of shares required to reconstruct the master secret; and storing the encrypted device key and a separate share of the plurality of shares in each storage device.Type: GrantFiled: October 23, 2018Date of Patent: September 21, 2021Assignee: Pure Storage, Inc.Inventors: Andrew Bernat, Ethan Miller
-
Patent number: 11113372Abstract: Systems and methods of the present disclosure enable for a delayed, two-factor authentication to occur in networked devices. The system and methods can enable the immediate delivery of digital components, which results in fewer abandoned requests, and saves network resources. The system and methods can enable the authorization of data transmissions in networked computer devices that include limited user interfaces, such as voice-based interfaces.Type: GrantFiled: July 18, 2018Date of Patent: September 7, 2021Assignee: Google LLCInventors: Justin Lewis, Ruxandra Davies
-
Patent number: 11115456Abstract: Methods and apparatus, including computer program products, are provided for processing analyte data. In some example implementations, a method may include receiving, at a first processing system including a user interface, an installation package including a plug-in and code configured to provide at the first processing system an interface between a sensor system configured to measure an analyte concentration level in a host and a second processing system; storing, by the first processing system, the installation package in a location based on a role of a user initiating the installation of the code; installing the plug-in for the user interface to enable the plug-in to control one or more aspects of an installation of the code; and initiating, by at least the plug-in, the installation of the code at the first processing system to provide the interface. Related systems, methods, and articles of manufacture are also disclosed.Type: GrantFiled: May 22, 2018Date of Patent: September 7, 2021Assignee: DexCom, Inc.Inventors: Daniel N. Root, Justin E. Schumacher, Adam R. Greene, Stewart Alan Shields
-
Patent number: 11106790Abstract: In one aspect, a computer-implemented method is disclosed. The computer-implemented method may include determining a sketch matrix that approximates a matrix representative of a reference dataset. The reference dataset may include at least one computer program having a predetermined classification. A reduced dimension representation of the reference dataset may be generated based at least on the sketch matrix. The reduced dimension representation may have a fewer quantity of features than the reference dataset. A target computer program may be classified based on the reduced dimension representation. The target computer program may be classified to determine whether the target computer program is malicious. Related systems and articles of manufacture, including computer program products, are also disclosed.Type: GrantFiled: April 21, 2017Date of Patent: August 31, 2021Assignee: Cylance Inc.Inventors: Michael Wojnowicz, Dinh Huu Nguyen, Andrew Davis, Glenn Chisholm, Matthew Wolff
-
Patent number: 11106856Abstract: A document production system may construct a document from fragments based on a theme associated with the document. The theme may contain section(s), each section having an access control list (ACL) associated therewith. The ACL may specify role-based user group(s) and permission(s) for the role-based user group(s). The system may evaluable rules applicable to the document. At least one rule may pertain to the ACL(s). The evaluation may include, at least in part, utilizing user login information received over a network from a client device. In constructing the document, the system may assemble the document in accordance with the rules and utilizing the fragments and meta information that describes the document. The system may render the document thus assembled utilizing the ACL, generate a view of the document, and communicate the view of the document over the network to the client device for presentation on the client device.Type: GrantFiled: February 21, 2020Date of Patent: August 31, 2021Assignee: OPEN TEXT SA ULCInventors: Johan Lorensson, Christian Wessman, Sverker Wendelöv, Robert Smith
-
Patent number: 11108915Abstract: Apparatus, system, methods, and articles of manufacture are disclosed to identify media using hash keys. An example system includes a hybrid hash key analyzer to access a metered hash key of an exposure record obtained from a meter, access reference records representative of respective portions of a plurality of media, and determine reference confirmation data candidates from respective ones of the reference records that include hash keys matching the metered hash key. The example system includes an impression logger to, when first confirmation data associated with the exposure record matches one of the reference confirmation data candidates, store an impression record that associates the media identification data associated with the matching one of the reference confirmation data candidates with a meter identifier of the exposure record. The impression logger also is to credit at least a portion of the media corresponding to the media identification data with an exposure credit.Type: GrantFiled: December 20, 2018Date of Patent: August 31, 2021Assignee: The Nielsen Company, (US) LLCInventors: Daniel Nelson, Donald Miner
-
Patent number: 11095478Abstract: The present invention discloses an access control method, apparatus, and system, and belongs to the communications field. The method includes: receiving a virtual extensible local area network VXLAN request packet sent by an access device; parsing the VXLAN request packet to obtain an IP address of the access device and authentication information of a user; sending the IP address of the access device and the authentication information of the user to an authentication server, so that the authentication server authenticates the user; receiving an authentication result sent by the authentication server; and controlling the user according to the authentication result. According to the present invention, the user is authenticated according to access information of the user in a VXLAN scenario.Type: GrantFiled: August 23, 2018Date of Patent: August 17, 2021Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: Ying Xie, Xin Wang