Patents Examined by Huan V Doan
  • Patent number: 11907365
    Abstract: An information processing device includes an element extraction unit that extracts elements relating to actions of an attacker from each input log, a generation unit that generates a parser based on definition information defining the actions of the attacker in a formal grammar, the parser detecting, from a log, a log string having a feature corresponding to an action defined by the definition information, a parsing unit that detects, from a log consisting of the elements extracted by the element extraction unit, log strings having features corresponding to the actions defined by the definition information by using the parser, and a reconstruction unit that reconstructs the log strings detected by the parsing unit, adds a label indicating an action defined by the definition information to each of the reconstructed log strings, and outputs the labeled log strings as a log corresponding to a series of actions of the attacker.
    Type: Grant
    Filed: May 20, 2019
    Date of Patent: February 20, 2024
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Nariyoshi Chida, Yo Kanemoto, Kazufumi Aoki
  • Patent number: 11910194
    Abstract: A method of authenticating a secondary communication device based on authentication of a primary mobile communication device is disclosed. Trust is established with the primary mobile communication device by a device authentication server (DAS). The DAS receives an authorization code request from a secondary application operating on the secondary communication device, and transmits an authorization code to the secondary communication device. The DAS receives the authorization code from a primary application operating on the primary mobile communication device. The DAS authorizes the secondary application based on the trust with the primary mobile communication device and the authorization code from the primary application. The DAS transmits a secondary token to the secondary application at the secondary communication device to allow initialization of a communication session from the secondary application on behalf of the primary mobile communication device.
    Type: Grant
    Filed: December 21, 2022
    Date of Patent: February 20, 2024
    Assignee: T-Mobile Innovations LLC
    Inventors: Ricky A. Hohler, Robin D. Katzer, Deepthi Kota, Brian D. Mauer
  • Patent number: 11900453
    Abstract: Disclosed herein is an identity network that provides a universal, digital identity for users to be authenticated by an identity provider for relying parties upon sign-in to the relying party. The identity network receives the sign-in request from a relying party for a user using a user device. The identity network can provide a session identifier to the relying party for the request and launch an identity provider application associated with the user via a software development kit in the relying party application. The user may sign-in to the identity provider via the software development kit, thereby authenticating the user for the relying party. Additionally, the identity provider may generate a risk validation score and provide it to the relying party that provides a confidence value that the user is validly using the user device and a risk score based on device activity on the identity network.
    Type: Grant
    Filed: August 31, 2022
    Date of Patent: February 13, 2024
    Assignee: Early Warning Services, LLC
    Inventors: Gregory Slowiak, Eric Woodward, Philip Lam, Jeff Shultz
  • Patent number: 11900179
    Abstract: A computer-implemented method includes receiving training data including a plurality of API requests from a plurality of client devices. The method includes generating a plurality of permissible API sessions based on the training data. The method includes applying a sequence embedding technique to the plurality of permissible API sessions to generate a plurality of embeddings. The method includes applying a dimensionality reduction technique to the plurality of embeddings to generate a plurality of compact embeddings. The method includes applying a clustering technique to the plurality of compact embeddings to determine a plurality of different clusters of the compact embeddings. The method includes generating a plurality of patterns based on the plurality of different clusters. Each of the plurality of patterns is descriptive of permissible API sessions associated with a corresponding cluster of the plurality of different clusters.
    Type: Grant
    Filed: July 13, 2023
    Date of Patent: February 13, 2024
    Assignee: Intuit, Inc.
    Inventors: Itsik Yizhak Mantin, Laetitia Kahn, Sapir Porat, Yaron Sheffer
  • Patent number: 11895114
    Abstract: Embodiments described herein provide for a satellite device that can be associated with a user account of a minor aged (e.g., child or adolescent) user that does not have a smartphone that can be used as a companion device to the satellite device. The satellite device can be configured to be used as a primary device, without reliance upon a paired smartphone. Certain information can be synchronized with the satellite device via the association with the family account. During initial configuration, a set of cryptographic keys can be generated to associate the account of the satellite device with the set of accounts in the family. The satellite device can then access calendars, media, or other data that is shared with user accounts within a family of user accounts.
    Type: Grant
    Filed: November 28, 2022
    Date of Patent: February 6, 2024
    Assignee: APPLE INC.
    Inventors: Dmitry V. Belov, Justin K. Bennett, David S. Clark, Kalyan C. Gopavarapu, David G. Knipp, Robert F. Lee, Sudhakar N. Mambakkam, Nagarjuna Thottempudi, Tyler D. Hawkins, Reed E. Olsen, Paul W. Salzman
  • Patent number: 11882149
    Abstract: For each network resource request received at a server of a cloud-based service, a determination of whether that request originated from a second network resource is made. For each such request where the network resource originated from the second network resource, a referrer indication is logged that indicates the second network resource is a referrer to that network resource. A network resource relevance dataset is generated based on the referrer indications of the second network resources. A relevance metric is associated with each second network resource based on a total number of referrer indications. A search request is received from a client device. Based at least in part on the network resource relevance dataset, search results are determined. The search results are transmitted to the client device.
    Type: Grant
    Filed: August 8, 2022
    Date of Patent: January 23, 2024
    Assignee: CLOUDFLARE, INC.
    Inventors: Marek Przemyslaw Majkowski, Maciej Biłas, David Paul Wragg
  • Patent number: 11880462
    Abstract: A method (600) for identifying malicious software includes receiving and executing a software application (210), identifying a plurality of uniform resource identifiers (220) the software application interacts with during execution of the software application, and generating a vector representation (260) for the software application using a feed-forward neural network (170) configured to receive the plurality of uniform resource identifiers as feature inputs. The method also includes determining similarity scores (262) for a pool of training applications, each similarity score associated with a corresponding training application and indicating a level of similarity between the vector representation for the software application and a respective vector representation for the corresponding training application.
    Type: Grant
    Filed: May 21, 2018
    Date of Patent: January 23, 2024
    Assignee: Google LLC
    Inventors: Richard Cannings, Sai Deep Tetali, Mo Yu, Salvador Mandujano
  • Patent number: 11870797
    Abstract: A server of a distributed cloud computing network receives, over a tunnel established between a customer-premises equipment and the compute server, traffic from an Internet-of-Things (IoT) device that is connected to the CPE. The server enforces an egress traffic policy to determine whether the traffic is permitted to be transmitted to the destination. If the traffic is not permitted to be transmitted to the destination, the server drops the traffic. If the traffic is permitted to be transmitted to the destination, the server transmits the traffic to the destination.
    Type: Grant
    Filed: October 10, 2022
    Date of Patent: January 9, 2024
    Assignee: CLOUDFLARE, INC.
    Inventors: Derek Chamorro, Molly Rose Cinnamon, Tom Paseka, Nicholas Wondra
  • Patent number: 11870794
    Abstract: An identifying device (10) includes a preprocessing (11) that extracts a communication connection pattern including a set of a communication source identifier and a communication destination identifier from traffic data, a comparing unit (131) that adds an ID to a communication connection pattern group including a new communication connection pattern not included in a whitelist when the new communication connection pattern is present in the communication connection pattern group, a graph feature amount generating unit (14) that generates a graph feature amount of the communication connection pattern group to which the ID has been added and adds this ID to the graph feature amount, an abnormality determining unit (16) that determines whether the generated graph feature amount is normal using a model (161) having learned the graph feature amount, and an identifying unit (132) that retrieves a new communication.
    Type: Grant
    Filed: May 23, 2019
    Date of Patent: January 9, 2024
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Hiroki Nagayama, Bo Hu, Kazunori Kamiya, Yukio Nagafuchi
  • Patent number: 11863582
    Abstract: A virtualized gateway for applications in a zero trust network access environment is managed from a cloud-based threat management facility for an enterprise network. In order to facilitate creation of a new, centrally managed gateway, a one-time passcode for registration of the gateway to the threat management facility is encoded onto a virtual disk and distributed to a host platform along with a base gateway image for the gateway. This advantageously permits the new gateway to boot and securely register with the threat management facility without further administrative intervention.
    Type: Grant
    Filed: November 7, 2022
    Date of Patent: January 2, 2024
    Assignee: Sophos Limited
    Inventors: Prashil Rakeshkumar Gupta, Biju Ramachandra Kaimal, Venkata Suresh Reddy Obulareddy
  • Patent number: 11856084
    Abstract: Embodiments facilitate interoperability and secure determination of healthcare costs. An entity may receive a first Electronic Health Record (EHR) sub-block with patient medical coverage information and first treatments and may transmit a first Device Drug Information (DIR) sub-block comprising first treatment classes corresponding to each first treatment, first treatment class members corresponding to each first treatment class, and corresponding first treatment class member cost information. In response, the entity may receive a second EHR sub-block comprising second treatments each: associated with a corresponding first treatment, and selected from corresponding first treatment class members. Upon receipt of a transaction confirmation, the entity may augment a multi-dimensional blockchain with a multi-dimensional block formed by linking: a DIR block including second treatment information, an EHR block including information based on the second EHR sub-block and a transaction block.
    Type: Grant
    Filed: December 15, 2022
    Date of Patent: December 26, 2023
    Assignee: Janssen Pharmaceutica NV
    Inventors: Jessica Lee, Jun Morimura, Michael Moschetti, John Vig, Marvin Quesada, Andrew Thomson
  • Patent number: 11855984
    Abstract: A system and method are disclosed for providing secure access to a cloud service. In one embodiment, the method includes: receiving a request to access a cloud service hosted on a cloud computing system from a tenant device of a tenant; authenticating the tenant to access the requested cloud service via the application based on a tenant identifier and unique identifier associated with the cloud service; generating a ticket indicating that the tenant is authorized to access the application, wherein the ticket includes a unique identifier associated with the application associated with the requested cloud service; transmitting the ticket to the third-party server communicatively coupled to the cloud computing system; and providing access to the cloud service to the tenant via the application hosted on the third-party server in response to successful validation of the ticket by the third-party server.
    Type: Grant
    Filed: December 18, 2020
    Date of Patent: December 26, 2023
    Assignee: Siemens Aktiengesellschaft
    Inventors: Philipp Bender, Heiko Osigus, Sven Selle
  • Patent number: 11848080
    Abstract: Embodiments facilitate interoperability and secure patient selection for clinical trials and drug/device deployments. An entity may obtain a first set of health parameters and collective demographic information associated with one or more population segments and receive Electronic Health Record (EHR) sub-blocks with patient profile information and corresponding patient medical histories for patients. The entity may determine a subset of eligible candidate patients for a treatment based on information in the EHR sub-blocks and eligibility criteria for the treatment, which may be based the first set of health parameters, and/or the collective demographic information.
    Type: Grant
    Filed: December 15, 2022
    Date of Patent: December 19, 2023
    Assignee: Janssen Pharmaceutica NV
    Inventors: Jessica Lee, Jun Morimura, Michael Moschetti, John Vig, Marvin Quesada, Andrew Thomson
  • Patent number: 11831636
    Abstract: Techniques described herein are directed to a system and methods for enabling a transfer of access rights for an electronic device between users. In embodiments of the system, a first user (e.g., a transferor) may, upon determining that access rights should be granted to a second user (e.g., a transferee), generate a transaction record. The transaction record may then be provided to a registry network, which may verify a digital signature of the transaction record as well as a current ownership status. Upon verification, the transaction record may be written to an ownership registry and a mobile application server may be notified of the transaction. Once notified, the mobile application server may transmit a device key to a user device associated with the transferee. Once the device key has been received at the transferee user device, it may be used to issue commands to the electronic device.
    Type: Grant
    Filed: June 22, 2022
    Date of Patent: November 28, 2023
    Assignee: Lowe's Companies, Inc.
    Inventors: Mason E. Sheffield, Jonothon Frederick Douglas, Paul Michael Sisneros, Joseph Ygona Laurino
  • Patent number: 11818128
    Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that when executed by the processor, may cause the processor to identify configuration information to be used by an on-premise access management service to provide authentication services to applications by users. The processor may also transform the identified configuration information into a transformed set of configuration information to be used by a cloud-based access management service to provide authentication services to the applications by users. In addition, the processor may store the transformed set of configuration information for use by the cloud-based access management service to provide authentication services to the applications by users to migrate authentication of the users from the on-premise access management service to the cloud-based access management service.
    Type: Grant
    Filed: June 29, 2021
    Date of Patent: November 14, 2023
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Luis Carlos Leon Plata, Rama Mohan Rao Dintakurthi, Xin Yu Chong, Sushant Choudhary, Ramiro Calderon Romero, David Alan Gregory
  • Patent number: 11809578
    Abstract: It is detected whether a next-to-last raw data block in a raw data segment has been written into an input buffer. If so, the next-to-last raw data block is read from the input buffer for encryption immediately after a current raw data block is read from the input buffer for encryption. Reading continues for a subsequent raw data block after the current raw data block is read from the input buffer for encryption, after the next-to-last raw data block is read from the input buffer for encryption. Encryption is performed, using Advanced Encryption Standard (AES) processing and a CipherText Stealing (XTS) working mode, on a last raw data block in the raw data segment by providing an intermediate encrypted data block, where the intermediate encrypted data block is obtained by encrypting the next-to-last raw data block, and the last raw data block is read from the input buffer.
    Type: Grant
    Filed: December 22, 2022
    Date of Patent: November 7, 2023
    Inventors: Xiaojun Ding, Zhikai Chen
  • Patent number: 11809587
    Abstract: A method of the present disclosure includes a host system authenticating a user of the user device to access secure host information associated with the user in a database. A request may be transmitted to a third-party system to access secure third-party information stored by the third party based on third-party authentication information. The host system may receive the secure third-party information and store the secure third-party information in a memory location of the database that is associated with a different memory location including the secure host information. The memory location and the different memory location may be associated in the database based on a common information type. The host system may generate a graphical user interface that positions the secure host information and the secure third-party information in the graphical user interface based on their respective location in the database.
    Type: Grant
    Filed: February 10, 2023
    Date of Patent: November 7, 2023
    Assignee: Truist Bank
    Inventors: Candice Roberts, Alisha Belk, Bhavani Konuru
  • Patent number: 11811732
    Abstract: A method including configuring a security device to receive, from a user device, a transmission packet; configuring the security device to determine, based on a destination IP address, whether the user device is permitted to transmit the transmission packet; configuring the security device to determine, based on determining that the user device is permitted to transmit the transmission packet, whether the user device is permitted to transmit to a port associated with the destination IP address; configuring the security device to determine, based on determining that the user device is permitted to transmit to the port, whether the user device is permitted to utilize a protocol utilized by the user device; and configuring the security device to determine, based on determining that the user device is permitted to utilize the protocol, whether the user device is permitted to utilize a web application utilized by the user device is disclosed.
    Type: Grant
    Filed: September 27, 2022
    Date of Patent: November 7, 2023
    Assignee: UAB 360 IT
    Inventors: Juta Gurinaviciute, Carlos Eliseo Salas Lumbreras
  • Patent number: 11799828
    Abstract: A method including receiving, by a security device, registration information indicating groups to which user devices belong; receiving, by the security device, policy information indicating respective filtering policies for each group of user devices; receiving, from a user device, a transmission packet for transmission to a destination device over an open Internet; determining, by the security device based on the registration information, the group of user devices to which the user device belongs; determining, by the security device based on the policy information and on determining the group of user devices to which the user device belongs, whether the user device is permitted to transmit the transmission packet to the destination device; and selectively blocking, by the security device, transmission of the transmission packet on determining whether the user device is permitted to transmit the transmission packet to the destination device is disclosed. Various other aspects are contemplated.
    Type: Grant
    Filed: September 27, 2022
    Date of Patent: October 24, 2023
    Assignee: UAB 360 IT
    Inventors: Juta Gurinaviciute, Carlos Eliseo Salas Lumbreras
  • Patent number: 11799829
    Abstract: A method including configuring a security device to receive registration information indicating groups of user devices; configuring the security device to receive policy information indicating respective filtering policies for each group of user devices; configuring the security device to receive a transmission packet for transmission to a destination device over an open internet; configuring the security device to determine, based on the registration information, the group of user devices to which the user device belongs; configuring the security device to determine, based on the policy information and on determining the group to which the user device belongs, whether the user device is permitted to transmit the transmission packet; and configuring the security device to selectively block transmission of the transmission packet based on determining whether the user device is permitted to transmit the transmission packet is disclosed.
    Type: Grant
    Filed: September 27, 2022
    Date of Patent: October 24, 2023
    Assignee: UAB 360 IT
    Inventors: Juta Gurinaviciute, Carlos Eliseo Salas Lumbreras