Patents Examined by Fatoumata Traore
  • Patent number: 11070573
    Abstract: Information associated with a process is received. At least a portion of the received information is used to modify a Process Tree. Modifying the Process Tree includes at least one of: (1) adding a Tag to the Process Tree and (2) modifying a Tag in the Process Tree. An Alert is generated based at least in part in response to determining that a Strategy has been matched.
    Type: Grant
    Filed: November 27, 2019
    Date of Patent: July 20, 2021
    Assignee: Capsule8, Inc.
    Inventor: Brandon M. Edwards
  • Patent number: 11062034
    Abstract: The disclosed computer-implemented method for improving application analysis may include (i) configuring a computing environment to execute an application such that the computing environment spoofs a simulated geolocation that is detected by the application, (ii) performing a dynamic analysis of how the application behaves within the simulated geolocation, and (iii) generating a holistic security analysis of the application based on both a result of the dynamic analysis performed for the simulated geolocation and an additional result of at least one additional dynamic analysis performed for a second geolocation that is distinct from the simulated geolocation. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: August 28, 2020
    Date of Patent: July 13, 2021
    Assignee: NortonLifeLock Inc.
    Inventors: Qing Li, Brian Varner, Stan Kiefer, Samir Kapuria
  • Patent number: 11057198
    Abstract: In one or more embodiments, an encryption key of a device may be split into multiple segments. One of the segments may be retained by an owner of the device, and some of the segments may be distributed to multiple entities. For example, one of the segments may be provided to a service provider, and one of the segments may be provided to an escrow agent. The escrow agent may process its segment, provide information based on its segment to a public ledger, and destroy its segment. A proxy agent may retrieve, from the public ledger, the information based on the segment provided to the escrow agent and obtain compensation. When the proxy agent obtains the compensation, the public ledger exhibits information utilizable to obtain the segment provided to the escrow agent. With the segments provided to the escrow agent and the service provider, the encryption key may be obtained.
    Type: Grant
    Filed: March 1, 2017
    Date of Patent: July 6, 2021
    Assignee: Assured Enterprises, Inc.
    Inventor: Peter Robert Linder
  • Patent number: 11055420
    Abstract: An access control method for controlling access to data requested from an electronic information system. The method comprises receiving a request for the data, determining a user identity associated with the request; gathering the requested data from one or more data sources by an orchestrator for input to a cognitive engine; analyzing the requested data; based on results of analyzing the requested data, deciding on whether the user identity can be allowed to access the requested data; providing feedback by the user identity; and updating a learning module based on the feedback.
    Type: Grant
    Filed: February 5, 2018
    Date of Patent: July 6, 2021
    Assignee: International Business Machines Corporation
    Inventors: Rossella De Gaetano, Paolo Ottaviano, Gianluca Perreca, Antonio Bagarolo
  • Patent number: 11055417
    Abstract: Provided are systems, methods, and computer-readable medium for identifying security risks in applications executing in a cloud environment. In various implementations, a security monitoring and management system can obtain application data from a service provider system. The application data can include a record of actions performed by an application during use of the application by users associated with a tenant. The application executes in a service platform provided for the tenant by the service provider system. In various implementations, the application data is analyzed to identify an event associated with a security risk, where the event is identified from one or more actions performed by the application. The system can determine an action to perform in response to identifying the event. In various examples, an agent executing on the service platform can add instrumentation codes used by the application, where the instrumentation provides the application data.
    Type: Grant
    Filed: September 20, 2018
    Date of Patent: July 6, 2021
    Inventors: Gaurav Bhatia, Ganesh Kirti, Ramana Rao Satyasai Turlapati
  • Patent number: 11055430
    Abstract: A shared database platform implements dynamic masking on data shared between users where specific data is masked, transformed, or otherwise modified based on preconfigured functions that are associated with user roles. The shared database platform can implement the masking at runtime dynamically in response to users requesting access to a database object that is associated with one or more masking policies.
    Type: Grant
    Filed: October 30, 2020
    Date of Patent: July 6, 2021
    Assignee: Snowflake Inc.
    Inventors: Artin Avanes, Khalid Zaman Bijon, Damien Carru, Thierry Cruanes, Vikas Jain, Zheng Mi, Subramanian Muralidhar
  • Patent number: 11042658
    Abstract: A document management system includes a management apparatus and plural processing apparatuses. Each of the plural processing apparatuses includes an acquisition unit and a transmitter. The acquisition unit acquires a document and information on a destination to which the document is transmitted. The transmitter transmits metadata of the document to the management apparatus and transmits a protected document generated from the document to the destination. The metadata includes the information on the destination. The management apparatus includes a memory and a response unit. The memory stores metadata of documents received from the plural processing apparatuses. The response unit responds to a request for metadata corresponding to a document by returning metadata of the document which is stored in the memory.
    Type: Grant
    Filed: October 4, 2017
    Date of Patent: June 22, 2021
    Inventors: Shigeki Kamiya, Tetsuo Iyoda
  • Patent number: 11017103
    Abstract: A group of processors in a processor pool comprise a secure “enclave” in which user code is executable and user data is readable solely with the enclave. This is facilitated through the key management scheme described that includes two sets of key-pairs, namely: a processor group key-pair, and a separate user key-pair (typically one per-user, although a user may have multiple such key-pairs). The processor group key-pair is associated with all (or some define subset of) the processors in the group. This key-pair is used to securely communicate a user private key among the processors. The user private key, however, is not transmitted to non-members of the group. Further, preferably the user private key is refreshed periodically or upon any membership change (in the group) to ensure that non-members or ex-members cannot decipher the encrypted user key.
    Type: Grant
    Filed: November 29, 2018
    Date of Patent: May 25, 2021
    Inventors: HariGovind V. Ramasamy, John A. Bivens, Ruchi Mahindru, Valentina Salapura, Min Li, Yaoping Ruan, Eugen Schenfeld
  • Patent number: 11017087
    Abstract: System, method and medium for securely transferring untrusted files from a portable storage medium to a computer. The invention can filter, scan and detonate untrusted files to be transferred to a computer from a portable storage medium. First, the types of files which are eligible to be selected for transfer are limited, by file type and/or content. Second, each file selected for transfer is scanned against a collection of signatures of known malware. Thus, files contain malware which has been previously identified as such can be blocked from ever being transferred to the computer. Finally, each file to be transferred is detonated by opening it in a controlled, sterile environment to determine if it adversely impact the operation of that sterile environment. Malware detected in this way can then be added to the collection of malware that can be detected by the second step.
    Type: Grant
    Filed: May 25, 2018
    Date of Patent: May 25, 2021
    Assignee: HRB Innovations, Inc.
    Inventor: Mani Jaman
  • Patent number: 11012424
    Abstract: An authentication system and method are provided. According to the embodiments of the present disclosure, it is possible to provide a secure authentication service capable of maintaining personal privacy by enabling authentication while preventing personal information used for personal authentication, such as biometric information, from being exposed in the authentication process.
    Type: Grant
    Filed: October 26, 2018
    Date of Patent: May 18, 2021
    Assignee: SAMSUNG SDS CO., LTD.
    Inventors: Kyu-Young Choi, Ji-Hoon Cho, Hyo-Jin Yoon, Duk-Jae Moon
  • Patent number: 11003788
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for a row-level security. One of the methods includes receiving a request for one or more objects. The method includes determining that a type of the one or more requested objects is associated with an object representative of instance level security. The method includes determining access is authorized to at least some of the one or more objects. Determining access includes obtaining a first access statement associated with the type of the one or more objects, obtaining a second access statement associated with the object representative of instance level security, combining at least the first access statement and the second access statement into a third access statement, and obtaining one or more objects using the third access statement. The method also includes providing the authorized subset of objects to the user.
    Type: Grant
    Filed: March 19, 2018
    Date of Patent: May 11, 2021
    Assignee: Vinyl Development LLC
    Inventor: Thomas R. Kennedy, Jr.
  • Patent number: 10984131
    Abstract: A method for providing personal information of a user requested by a given online service. The method includes, by a security server of a mobile terminal operator of be user: (a) receiving a request for the personal information, including comprising a unique identifier of the user and an identifier of the online service; (b) sending, to the mobile terminal, a response authorisation request; (c) if a response authorisation confirmation is received, sending data, which is associated in a database with the unique identifier and the identifier of the online service. Each pair of a unique identifier and an online service identifier is also associated in the database with a parameter representative of a level of security required in order to confirm the response authorisation on the mobile terminal. The step (b) includes: determining the value of the parameter; and integrating the determined value in the response authorisation request.
    Type: Grant
    Filed: May 24, 2017
    Date of Patent: April 20, 2021
    Assignee: ORANGE
    Inventors: Pierre-Francois Dubois, Javier Polo Moragon, Serge Llorente
  • Patent number: 10979906
    Abstract: Various embodiments include systems and methods of determining whether media access control (MAC) address spoofing is present in a network by a wireless communication device. A processor of the wireless communication device may determine an anticipated coherence interval based on a beacon frame received from an access point. The processor may schedule an active scan request and may determine whether a response frame corresponding to the scheduled active request is received within the anticipated coherence interval. The processor may calculate a first correlation coefficient in response to the response frame being received within the anticipated coherence interval and may determine that MAC address spoofing is not present in the network when the first correlation coefficient is greater than a first predetermined threshold.
    Type: Grant
    Filed: April 11, 2017
    Date of Patent: April 13, 2021
    Assignee: QUALCOMM Incorporated
    Inventors: Sriram Nandha Premnath, Seyed Ali Ahmadzadeh, Saumitra Mohan Das
  • Patent number: 10965651
    Abstract: Described herein are systems, methods, and software to enhance secure communications between computing systems. In one implementation, a private domain name system (DNS) receives a DNS lookup request from a computing system of a plurality of computing systems associated with a private communication group, and forwards the DNS lookup request to a public DNS. The private DNS further receives a public address associated with the DNS lookup request from the public DNS, translates the public address to a private address, and transfers the private address to the requesting computing system.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: March 30, 2021
    Assignee: COLORTOKENS, INC.
    Inventors: Anoop Kapoor, Ryan Farjadi, Pankaj Parekh, Ashish Trivedi, Satyam Tyagi, Harish Magganmane, Deepak Mohanty, Ravi Voleti
  • Patent number: 10958664
    Abstract: An encryption security protocol-based communication method of supporting integrity verification between a client and a server includes receiving, by the server, a first message from the client, the first message including a request for a first integrity verification of the client so as to start a handshake of a transport layer security (TLS) connection, transmitting, by the server, a second message to the client, the second message including a request for first verification information for the first integrity verification, receiving, by the server, the first verification information from the client, and performing the first integrity verification by using the first verification information, and finishing the handshake and performing data communication between the client and the server based on a result of the first integrity verification.
    Type: Grant
    Filed: September 19, 2018
    Date of Patent: March 23, 2021
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Sang-hoon Jeon, Won-jae Lee, Hyung-sup Kim
  • Patent number: 10958418
    Abstract: A blockchain is configured with a public mainchain connected to a plurality of private sidechains. Access is controlled to the private sidechains through an access controller allowing transactions in the sidechain to be trusted implicitly. Data parity may be maintained between the mainchain and sidechains through the use of a parity controller configured by a user.
    Type: Grant
    Filed: October 10, 2018
    Date of Patent: March 23, 2021
    Assignee: Chromata Corporation
    Inventor: Atul Ajoy
  • Patent number: 10944728
    Abstract: A surgical hub is configured to transmit generator data associated with a surgical procedure from a generator of the surgical hub to a cloud-based system. The surgical hub comprises a processor and a memory storing instructions executable by the processor to: receive generator data; encrypt the generator data; generate a message authentication code based on the generator data; generate a datagram comprising: the encrypted generator data, the generated message authentication code, a source identifier and a destination identifier; and transmit the datagram to the cloud-based system. The datagram allows for the cloud-based system to: decrypt the encrypted generator data; verify the integrity of the generator data based on the message authentication code; authenticate the surgical hub as the source of the datagram; and validate a transmission path followed by the datagram between the surgical hub and the cloud based system.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: March 9, 2021
    Assignee: Ethicon LLC
    Inventors: Eitan T. Wiener, Frederick E. Shelton, IV, David C. Yates
  • Patent number: 10938851
    Abstract: A method and system for detecting and mitigation recursive domain name system (DNS) cyber-attacks are disclosed. The method includes receiving DNS queries directed to a DNS resolver, wherein the DNS resolver is communicatively connected between at least one client and at least one name server; parsing each received DNS query to extract a hostname identified therein; updating at least one array of Bloom filters using the extracted hostname; computing a ratio of an unrecognized hostnames per sample (UPS) based on the contents of the at least one array; and determining if the UPS ratio is abnormal, wherein an abnormal UPS ratio is an indication of an attack.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: March 2, 2021
    Assignee: Radware, Ltd.
    Inventors: Lev Medvedovsky, David Aviv
  • Patent number: 10931692
    Abstract: In one embodiment, a device in a network receives information regarding a network anomaly detected by an anomaly detector deployed in the network. The device identifies the detected network anomaly as a false positive based on the information regarding the network anomaly. The device generates an output filter for the anomaly detector, in response to identifying the detected network anomaly as a false positive. The output filter is configured to filter an output of the anomaly detector associated with the false positive. The device causes the generated output filter to be installed at the anomaly detector.
    Type: Grant
    Filed: January 20, 2016
    Date of Patent: February 23, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Javier Cruz Mota, Jean-Philippe Vasseur, Grégory Mermoud, Andrea Di Pietro
  • Patent number: 10931661
    Abstract: SSL/TLS certificate filtering devices, systems and processes may filter packets based on risk associated with each packet. A risk score may be determined for each packet based on associated threats and risks. Risk scores may be determined based on certificates, certificate authorities, and/or end users associated with each packet. The certificates may be scored and/or categorized by threats and risk.
    Type: Grant
    Filed: March 5, 2019
    Date of Patent: February 23, 2021
    Assignee: Centripetal Networks
    Inventors: Sean Moore, David K. Ahn