Patents Examined by Hee K Song
-
Patent number: 11947638Abstract: This application relates to apparatus and methods for automatically determining and enforcing user permissions for applications and application features. In some embodiments, a system includes a server and a user device. The server may determine a user of the user device based on receiving login credential data. The server may further obtain user attributes for the user including, in some examples, a location of the user. The server may further obtain an attribute-based control policy that identifies relationships between a plurality of possible user attributes. For example, the control policy may identify attribute requirements that must be met for enablement of a particular application feature. Additionally, the server may determine user permissions for the user based on the control policy and the user attributes. The server may transmit the user permissions to the user device, and the user device configures the corresponding application according to the user permissions.Type: GrantFiled: January 19, 2023Date of Patent: April 2, 2024Assignee: Walmart Apollo, LLCInventors: Danika Alleen Goecke, Amanda Lamberti Ragone, David Chen, Bradley Wayne Norman
-
Patent number: 11943348Abstract: Cryptographic techniques are disclosed which employ at least a five-pass protocol (5PP) for a cryptographic exchange of a secret data matrix between two computer systems. This 5PP approach improves the functioning of the computer systems by making their encrypted communications more resistant to potential quantum computing-based attacks while still resisting brute-force attacks by eavesdroppers. For example, the 5PP approach can be used to improve public-key cryptography. The system may comprise a first computer system and a second computer system, where a secret data matrix is known by the first computer system but is not shared with the second computer system in unobscured form.Type: GrantFiled: December 11, 2020Date of Patent: March 26, 2024Assignee: Q-Net Security, Inc.Inventors: Jeremiah Cox O'Driscoll, Jerome R. Cox, Jr.
-
Patent number: 11924170Abstract: The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for Application Programming Interface (API) based flow control and API based security at the application layer of the networking protocol stack. The invention additionally provides an API deception environment to protect a server backend from threats, attacks and unauthorized access.Type: GrantFiled: July 14, 2021Date of Patent: March 5, 2024Assignee: Ping Identity CorporationInventors: Udayakumar Subbarayan, Bernard Harguindeguy, Anoop Krishnan Gopalakrishnan, Nagabhushana Angadi, Ashwani Kumar, Santosh Sahu, Abdu Raheem Poonthiruthi, Avinash Kumar Sahu, Yasar Kundottil
-
Patent number: 11924172Abstract: Methods for establishing a stateless extranet in a secure communication network include transmitting a consumer NHOP to a provider CPE from a consumer CPE in a control plane. The consumer NHOP is associated with at least one attribute of an NHOP, including an encryption key available with the consumer CPE, to establish a secure communication tunnel in a data plane. The consumer CPE receives a service definition over the control plane associated with a service available with the provider CPE. A service anchor point is created based on an identifier of the service definition. A network address translation (NAT) IP request is transmitted to the provider CPE. The consumer CPE receives a NAT IP from the provider CPE in response to the NAT IP request. The NAT IP is associated with the service anchor point of the consumer CPE. A stateless service is thereby instantiated on the consumer CPE.Type: GrantFiled: October 27, 2021Date of Patent: March 5, 2024Assignee: GRAPHIANT, INC.Inventors: Stefan Olofsson, Neale Ranns, Mandeep Rohilla, IJsbrand Wijnands, Cameron Ferdinands
-
Patent number: 11917051Abstract: A computer-implemented access method is provided. The method comprises the steps of: (i) providing a verification data item of a one-way function chain of data items; (ii) submitting, to a blockchain (such as the Bitcoin blockchain), an access blockchain transaction comprising a data item of the chain; (iii) applying the one-way function to the data item to provide an output; (iv) comparing the output of step (iii) to the verification item to provide an outcome; and (v) based on the outcome of step (iv): (a) allocating the output as a further verification data item for verifying a further data item of the chain; and (b) granting access to a resource associated with the data item.Type: GrantFiled: May 13, 2019Date of Patent: February 27, 2024Assignee: nChain Licensing AGInventor: Craig Steven Wright
-
Patent number: 11909759Abstract: Methods and systems for identifying assets for review. The methods described herein involve generating an organizational statistical model describing assets associated with a first organization and generating a report identifying a discrepancy between the organizational statistical model and an identified asset of the first type associated with the first organization.Type: GrantFiled: August 22, 2019Date of Patent: February 20, 2024Assignee: Rapid7, Inc.Inventors: Richard Tsang, Fatemeh Kazemeyni, Evgeniya Barkova
-
Patent number: 11907408Abstract: A device comprising a processing unit having a plurality of processors is provided. At least one encryption unit is provided as part of the device for encrypting data written by the processors to external storage and decrypting data read from that storage. The processors are divided into different sets, with state information held in the encryption unit for performing encryption/decryption operations for requests for different sets of processors. This enables interleaved read completions or write requests from different sets of processors to be handled by the encryption unit, since associated state information for each set of processors is independently maintained.Type: GrantFiled: March 29, 2021Date of Patent: February 20, 2024Assignee: GRAPHCORE LIMITEDInventors: Graham Cunningham, Daniel Wilkinson
-
Patent number: 11895124Abstract: There is provided data-efficient threat detection method in a computer network. The method can include: receiving raw data related to a network node, generating local 5 behaviour models related to the network node; generating at least one common model of normal behaviour on the basis of local behaviour models related to multiple network nodes; filtering input events by using a measure for estimating the likelihood that the input event is produced by the generated common model of normal behaviour and/or by the generated one or more local behaviour models, wherein only input events having a 10 likelihood below a predetermined threshold of being produced by any one of the models are passed through the filtering; and processing input events passed through the filtering for generating a security related decision.Type: GrantFiled: September 23, 2020Date of Patent: February 6, 2024Assignee: F-SECURE CORPORATIONInventor: Matti Aksela
-
Patent number: 11870891Abstract: A transmitter device for sending an encrypted message to a receiver device in an identity-based cryptosystem, the transmitter device being associated with a transmitter identifier. The transmitter device is configured to receive a transmitter partial private key from a trusted center, the transmitter device being configured to: send a request for two public session keys to the receiver device; receive from the receiver device a first ciphertext set, the first ciphertext set being derived from an encryption and authentication of two public session keys; decrypt and authenticate the two public session keys from the first ciphertext set using a receiver identifier and the transmitter partial private key; determine a second ciphertext set from the transmitter partial private key, from the receiver identifier, and from the two public session keys, the second ciphertext comprising an encrypted message; send the second ciphertext set to the receiver device.Type: GrantFiled: December 6, 2019Date of Patent: January 9, 2024Assignee: SECURE-IC SASInventors: Margaux Dugardin, Adrien Facon, Sylvain Guilley
-
Patent number: 11863577Abstract: Disclosed herein are methods, systems, and processes for generating, configuring, and implementing a data collection and analytics (DCA) pipeline to optimize the identification of anomalous or vulnerable computing assets and/or anomalous or vulnerable computing asset behavior in cybersecurity computing environments. Raw data from an agent executing on a computing asset is received. A baseline profile or a gold image associated with the computing asset is also received. A difference or delta between the raw data and the baseline profile or the gold image is identified, and an output providing context relating to the difference is generated. The difference relates to a keyed property that is common between the raw data and the base profile or the gold image, and the difference is further filtered to reduce noise in the output.Type: GrantFiled: February 24, 2020Date of Patent: January 2, 2024Assignee: Rapid7, Inc.Inventor: Paul-Andrew Joseph Miseiko
-
Patent number: 11861039Abstract: Various embodiments of a hierarchical system or method of identifying sensitive content in data is described. In some embodiments, sensitive data classifiers local to a data storage system can analyze a plurality of data items and classify at least some data items as potentially containing sensitive data. The sensitive data classifiers can provide the classified data items to a separate sensitive data discovery component. The sensitive data discovery component can, in some embodiments, obtain the classified data items, perform a sensitive data location analysis on the classified data items to identify a location of sensitive data within some of the classified data items, and generate location information for the sensitive data within the data items containing sensitive data. The sensitive data discovery component can provide to a destination this information, in some embodiments, where the destination might redact, tokenize, highlight, or perform other actions on the located sensitive data.Type: GrantFiled: September 28, 2020Date of Patent: January 2, 2024Assignee: Amazon Technologies, Inc.Inventors: Yahor Pushkin, Sravan Babu Bodapati, Sunil Mallya Kasaragod, Sameer Karnik, Abhinav Goyal, Yaser Al-Onaizan, Ravindra Manjunatha, Kalpit Dixit, Alok Kumar Parmesh, Syed Kashif Hussain Shah
-
Patent number: 11860738Abstract: Embodiments provide systems, methods, and computer program products for enabling user authorization to perform a file level recovery from an image level backup of a virtual machine without the need for access control by an administrator. Specifically, embodiments enable an access control mechanism for controlling access to stored image level backups of a virtual machine. In an embodiment, the virtual machine includes a backup application user interface that can be used to send a restoration request to a backup server. The restoration request can include a machine identifier and a user identifier of the user logged onto the virtual machine. The backup server includes a backup application that determines whether or not the machine identifier contained in the restoration request can be matched to a machine identifier of a virtual machine present in one of the virtual machine backups stored on the backup server.Type: GrantFiled: May 25, 2021Date of Patent: January 2, 2024Assignee: VEEAM SOFTWARE AGInventor: Anton Gostev
-
Patent number: 11861023Abstract: Embodiments of the invention include a computer-implemented method that uses a processor to access cryptographic-function constraints associated with an encrypted message. Based on a determination that the cryptographic-function constraints do not include mandatory cryptographic computing resource requirements, first resource-scaling operations are performed that include an analysis of cryptographic metrics associated with a processor. The cryptographic metrics include information associated with the encrypted message, along with performance measurements of cryptographic functions performed by the processor.Type: GrantFiled: August 25, 2021Date of Patent: January 2, 2024Assignee: International Business Machines CorporationInventors: Heng Wang, Wan Yue Chen, Chen Guang Liu, Jing Li, Xiao Ling Chen, Peng Hui Jiang
-
Patent number: 11853420Abstract: The innovation disclosed and claimed herein, in one or more aspects thereof, illustrates systems and methods for providing a technical control to a technically pervasive problem of inadvertent capture of items in a computing environment, returning control of what happens to such items in technical environments that have become widespread and intrusive. The innovation provides a system for users to control the types of items that pervasive computing environment elements may process without their express control and with technical countermeasures in a relatively unobtrusive manner.Type: GrantFiled: October 4, 2021Date of Patent: December 26, 2023Assignee: Wells Fargo Bank, N.A.Inventors: Nilotpol Bhattacharya, Priyankant Singh, Satish Babu S N
-
Patent number: 11836646Abstract: A model generator constructs a model for estimating selectivity of database operations by determining a number of training examples necessary for the model to achieve a target accuracy and by generating approximate selectivity labels for the training examples. The model generator may train the model on an initial number of training examples using cross-validation. The model generator may determine whether the model satisfies the target accuracy and iteratively and geometrically increase the number of training examples based on an optimized geometric step size (which may minimize model construction time) until the model achieves the target accuracy based on a defined confidence level. The model generator may generate labels using a subset of tuples from an intermediate query expression. The model generator may iteratively increase a size of the subset of tuples used until a relative error of the generated labels is below a target threshold.Type: GrantFiled: June 30, 2020Date of Patent: December 5, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Anshuman Dutt, Chi Wang, Vivek Ravindranath Narasayya, Surajit Chaudhuri
-
Patent number: 11836268Abstract: A request to perform a prediction using a machine learning model of a specific entity is received. A specific security key for the machine learning model of the specific entity is received. At least a portion of the machine learning model is obtained from a multi-tenant machine learning model storage. The machine learning model is unlocked using the specific security key and the requested prediction is performed. A result of the prediction is provided from a prediction server.Type: GrantFiled: October 2, 2020Date of Patent: December 5, 2023Assignee: ServiceNow, Inc.Inventors: Virendra Kumar Mehta, Sriram Palapudi
-
Patent number: 11829491Abstract: Methods and systems are disclosed herein for a media guidance application that allows access restrictions to be modified in a flexible manner based on a deviation in a user's projected location. Specifically, the media guidance application determines at an end of a first time period whether a user is in a projected location for a second time period. If the user is in a projected location for the second time period, the media guidance application sets a second level of media access restriction. However, if the media guidance application determines that the user is not in the projected location for the second time period, the media guidance application maintains the first level of media access restriction.Type: GrantFiled: April 21, 2021Date of Patent: November 28, 2023Assignee: Rovi Guides, Inc.Inventors: Michael R. Nichols, Sally Cook
-
Patent number: 11822656Abstract: Techniques are provided for detection of unauthorized encryption using one or more deduplication efficiency metrics. One method comprises obtaining a deduplication efficiency value for a deduplication operation in a storage system; evaluating the deduplication efficiency value for the deduplication operation relative to an expected deduplication efficiency value; and performing one or more automated remedial actions, such as generating an alert notification, in response to the evaluating satisfying one or more deduplication criteria. A count of a number of concurrent users may be compared to an expected number of concurrent users, and/or (ii) a count of a number of concurrent sessions for a given user may be compared to an expected number of concurrent sessions for the given user. A ransomware alert or an unauthorized encryption alert may be generated when the evaluating and/or the comparison satisfy predefined attack criteria.Type: GrantFiled: October 29, 2020Date of Patent: November 21, 2023Assignee: EMC IP Holding Company LLCInventors: Yevgeni Gehtman, Maxim Balin, Tomer Shachar
-
Patent number: 11824645Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor, a memory, and a network interface; and instructions encoded within the memory to instruct the processor to: receive an incoming packet via the network interface; extract from the incoming packet a source port and a source internet protocol (IP) address; correlate the source port and source IP to a device identifier (ID); receive a network policy for the device ID; and apply the network policy to the incoming packet.Type: GrantFiled: July 20, 2020Date of Patent: November 21, 2023Assignee: McAfee, LLCInventors: Harsha Ramamurthy Joshi, Tirumaleswar Reddy Konda, Shashank Jain, Piyush Pramod Joshi, Himanshu Srivastava
-
Patent number: 11824974Abstract: Aspects of the invention include channel key loading of a host bus adapter (HBA) based on a secure key exchange (SKE) authentication response by a responder node of a computing environment. A non-limiting example computer-implemented method includes receiving an authentication response message at an initiator channel on an initiator node from a responder channel on a responder node to establish a secure communication, the receiving at a local key manager (LKM) executing on the initiator node. A state check can be performed based on a security association of the initiator node and the responder node. An identifier of a selected encryption algorithm can be extracted from the authentication response message. The initiator channel can request to communicate with the responder channel based at least in part on a successful state check and the selected encryption algorithm.Type: GrantFiled: September 16, 2021Date of Patent: November 21, 2023Assignee: International Business Machines CorporationInventors: Mooheng Zee, Richard Mark Sczepczenski, John R. Flanagan, Christopher J. Colonna