Patents Examined by J. Brant Murphy
  • Patent number: 11983264
    Abstract: Embodiments herein describe offloading encryption activities to a network interface controller/card (NIC) (e.g., a SmartNIC) which frees up server compute resources to focus on executing customer applications. In one embodiment, the smart NIC includes a system on a chip (SoC) implemented on an integrated circuit (IC) that includes an embedded processor. Instead of executing a transport layer security (TLS) stack entirely in the embedded processor, the embodiments herein offload certain TLS tasks to a Public Key Infrastructure (PKI) accelerator such as generating public-private key pairs.
    Type: Grant
    Filed: December 6, 2021
    Date of Patent: May 14, 2024
    Assignee: XILINX, INC.
    Inventors: Jaideep Dastidar, Aman Gupta, Krishnan Srinivasan, Sagheer Ahmad
  • Patent number: 11977635
    Abstract: A system is provided for protecting a computer system and/or control system against manipulation and functional anomalies. The system includes a monitoring module, which has at least a first interface, a second interface, and at least one memory. The system is configured to receive information characterizing the system state of the computer system and/or control system via the first interface, receive an encrypted request for system state via the second interface and decrypt it using a request key stored in the memory, and generate a response to the request from at least a portion of the information received via the first interface. The system is also configured to encrypt the response with a response key determined using the request and output it via the second interface, determine a new request key which is a shared secret also accessible to the sender of the request, and store this new request key in the memory.
    Type: Grant
    Filed: May 21, 2021
    Date of Patent: May 7, 2024
    Assignee: Basler Aktiengesellschaft
    Inventors: Sebastian Adank, Timm Von Der Mehden, Jens Dekarz
  • Patent number: 11973751
    Abstract: The subject matter of this specification generally relates to cloud-hosted certificate lifecycle management (CLM) to on-premises certificate authority (CA) communication. In some implementations, a method includes receiving a task request specifying a requested task and an identifier specifying a location for task execution, determining the requested task and that the location for task execution for the requested task is at an on-premises CA device, in response to determining the requested task and that the location of the task is at the on-premises CA device, storing a request task data entry that links the task request to the location for task execution, providing a notification to an on-premises CA gateway, and in response to the notification, providing the requested task for task execution. In some implementations, the remote CA gateway plug-in module maintains a constant communication connection with the on-premises CA gateway via a persistent client-initiated communication protocol.
    Type: Grant
    Filed: November 17, 2021
    Date of Patent: April 30, 2024
    Assignee: Keyfactor, Inc.
    Inventors: Jonathan Proch, Edward Shorter, Rex Edward Wheeler
  • Patent number: 11972007
    Abstract: Techniques for maintaining geographic-based data privacy rules in networked environments. An example method includes receiving a request from a user device; generating, based on the request, a query for data associated with fulfilling the request; transmitting, to a data controller, the query; transmitting, to the data controller, an indication of a geographic region in which at least one device implementing the entity is located; and receiving, from the data controller, a portion of the data associated with fulfilling the request.
    Type: Grant
    Filed: December 9, 2021
    Date of Patent: April 30, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Nancy Patricia Cam-Winget, Eric Voit
  • Patent number: 11971989
    Abstract: A computer-implemented method can be used for restoring a computer system following an infection event. The computer system can have a plurality of machines, in which a plurality of back-up copies are associated with each one of the plurality of machines, and in which each of the plurality of back-up copies associated with a particular machine is a different version back-up. The method can include searching the plurality of back-up copies to identify one or more clean-back-up copies that do not comprise a signature of the infection event and restoring one or more of the plurality of machines using a respective clean-back-up copy.
    Type: Grant
    Filed: February 2, 2021
    Date of Patent: April 30, 2024
    Assignee: Predatar Ltd
    Inventors: Neil Warwick, Anton James, Steve Miller, Richard Norgate
  • Patent number: 11973781
    Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.
    Type: Grant
    Filed: April 21, 2022
    Date of Patent: April 30, 2024
    Assignee: Sentinel Labs Israel Ltd.
    Inventors: Tomer Weingarten, Almog Cohen
  • Patent number: 11966460
    Abstract: Facilitating the generation of ephemeral credentials and verification thereof within a distributed storage system is provided herein. Based on a request for ephemeral credentials from a first account client to a first node of a first storage instance of a distributed system, generating the ephemeral credential comprising a session token and a secret session key for the first account client by a method that derives the secret session key using a first account private key and a first storage instance public key. This session token along with a signature generated using the secret session key of the ephemeral credential is subsequently used to make further requests to a second node of a second storage instance of the distributed system where the secret session key is independently derived using information in the request and the previously shared first account private key to verify the signature in the request.
    Type: Grant
    Filed: January 25, 2022
    Date of Patent: April 23, 2024
    Assignee: Dell Products, L.P.
    Inventors: Ananthakrishnan Balakrishnan, Peter Musial, Seema Tahaliyani, Yuanyuan Zhang, Sandesh Shivaram, Pavel Khlebnikov
  • Patent number: 11968312
    Abstract: Disclosed herein are an apparatus and method for processing vehicle data security based on a cloud.
    Type: Grant
    Filed: November 16, 2021
    Date of Patent: April 23, 2024
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Sang-Woo Lee, Dae-Won Kim, Jin-Yong Lee, Boo-Sun Jeon, Bo-Heung Chung, Hong-Il Ju, Joong-Yong Choi
  • Patent number: 11962580
    Abstract: A multi-factor authentication scheme uses an MFA authentication service and a browser extensionless phish-proof method to facilitate an MFA workflow. Phish-proof MFA verifies that the browser the user is in front of is actually visiting the authentic (real) site and not a phished site. This achieved by only allowing MFA to be initiated from a user trusted browser by verifying its authenticity through a signing operation using a key only it possesses, and then also verifying that the verified browser is visiting the authentic site. In a preferred embodiment, this latter check is carried out using an iframe postMessage owning domain check. In a variant embodiment, the browser is verified to be visiting the authentic site through an origin header check. By using the iframe-based or ORIGIN header-based check, the solution does not require a physical security key (such as a USB authenticator) or any browser extension or plug-in.
    Type: Grant
    Filed: November 17, 2021
    Date of Patent: April 16, 2024
    Assignee: Akamai Technologies, Inc.
    Inventor: Charles E. Gero
  • Patent number: 11956631
    Abstract: Techniques for securing data are disclosed. A security device includes: one or more processors; one or more authentication components including one or more of a biometric reader, a positioning system, and a wireless receiver; and one or more non-transitory computer-readable media storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including securing data on a storage device that is external to the security device, using multiple authentication factors obtained using the one or more authentication components.
    Type: Grant
    Filed: December 29, 2021
    Date of Patent: April 9, 2024
    Assignee: DERRY TECHNOLOGICAL SERVICES, INC.
    Inventors: Patrick Joseph Hynds, Duane Leo Laflotte
  • Patent number: 11947684
    Abstract: Disclosed are various embodiments for searching encrypted data. A search query containing a plaintext key can be received from a client device or other application. A request can then be sent to a storage engine for a ciphertext key of a node of a binary tree, the node representing an encrypted key-value pair that includes the ciphertext key. The ciphertext key can be decrypted using a cryptographic key to generate a decrypted ciphertext key. Then, the decrypted ciphertext key can be compared to the plaintext key. A determination can then be made as to whether the encrypted key-value pair represented by the node of the binary tree satisfies the search query based at least in part on a comparison of the decrypted ciphertext key to the plaintext key.
    Type: Grant
    Filed: April 6, 2023
    Date of Patent: April 2, 2024
    Assignee: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.
    Inventor: John Orlando Keleshian Moxley
  • Patent number: 11949681
    Abstract: Methods and systems are provided for improving user authentication and access control by a network file system service in a multi-tenant public cloud environment by receiving a request for a connection to a file system from a file system client (client), sending an identification request for identification authentication of the client to a control system, receiving a response from the control system, establishing the connection to the file system upon determining that the connection to the file system is allowed based on cloud tenant information associated with the client, receiving an attempt to access the file system from the client by a sub-user, authenticating the sub-user based on the cloud tenant information, issuing a security token including a globally unique sub-user identifier of the sub-user, and using the security token to determine access rights of the sub-user to the file system for a subsequent request.
    Type: Grant
    Filed: October 10, 2018
    Date of Patent: April 2, 2024
    Assignee: Alibaba Group Holding Limited
    Inventors: Qingda Lu, Junpu Chen, Qinghua Ye, Lei Wang, Zhiyong Lin, Liping Bao, Jiesheng Wu, Li Xu, Xiaohui Pei, Feng Zhang, Leilei Tian
  • Patent number: 11950100
    Abstract: A method to determine a jitter attack on authorization system granting permission using a resource comprising: receiving at least three subcarrier signals from an authentication device, determining a relative phase deviation from an expected relative phase behavior for the at least three subcarrier signals, and concluding on a jitter attack if the relative phase deviation fulfills a predetermined criterion.
    Type: Grant
    Filed: June 7, 2019
    Date of Patent: April 2, 2024
    Assignee: Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V.
    Inventors: Niels Hadaschik, Marc Fassbinder
  • Patent number: 11943343
    Abstract: A server can receive a device public key and forward the device public key to a key server. The key server can perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using the device public key and a network private key to derive a secret X1. The key server can send the secret X1 to the server. The server can derive an ECC PKI key pair and send to the device the server public key. The server can conduct a second ECDH key exchange using the derived server secret key and the device public key to derive a secret X2. The server can perform an ECC point addition using the secret X1 and secret X2 to derive a secret X3. The device can derive the secret X3 using (i) the server public key, a network public key, and the device private key and (ii) a third ECDH key exchange.
    Type: Grant
    Filed: June 16, 2023
    Date of Patent: March 26, 2024
    Assignee: IoT and M2M Technologies, LLC
    Inventor: John A. Nix
  • Patent number: 11941103
    Abstract: Method, apparatus and computer program product for multi-device user authentication are described herein. For example, the apparatus includes at least one processor and at least one non-transitory memory including program code.
    Type: Grant
    Filed: October 25, 2022
    Date of Patent: March 26, 2024
    Assignee: Salesforce, Inc.
    Inventors: Faisal Yaqub, Chase Rutherford-Jenkins, Graham Hicks
  • Patent number: 11941143
    Abstract: A secure cloud-based node-locking service with built-in attack detection to eliminate fuzzing, cloning and other attacks is disclosed. White-box base files are securely stored on the cloud service and are not vulnerable to accidental leakage. A secure cloud-based dynamic secret encoding service reduces the risk of exposure of unprotected secrets and other sensitive data.
    Type: Grant
    Filed: February 17, 2023
    Date of Patent: March 26, 2024
    Assignee: ARRIS Enterprises LLC
    Inventors: Lex Aaron Anderson, Rafie Shamsaasef, Alexander Medvinsky
  • Patent number: 11934501
    Abstract: One or more computer processors detect a computing device within a proximity to a rollable device. The one or more computer processors determine a location and an orientation of the rollable device relative to the computing device. The one or more computer processors attach the rollable device to the computing device utilizing the set of biometric locks engaged programmatically such that at least one side of the rollable device is locked and hinged to the computing device. The one or more computer processors responsive to the rollable device attached to a side of the computing device, extend a display area of the computing device to the rollable device.
    Type: Grant
    Filed: September 22, 2021
    Date of Patent: March 19, 2024
    Assignee: International Business Machines Corporation
    Inventors: Sarbajit K. Rakshit, Craig M. Trim, Martin G. Keen, John M. Ganci, Jr.
  • Patent number: 11936641
    Abstract: The subject matter of this specification generally relates to cloud-hosted certificate lifecycle management (CLM) to on-premises certificate authority (CA) communication. In some implementations, a method includes receiving a task request specifying a requested task and an identifier specifying a location for task execution, determining the requested task and that the location for task execution for the requested task is at an on-premises CA device, in response to determining the requested task and that the location of the task is at the on-premises CA device, storing a request task data entry that links the task request to the location for task execution, providing a notification to an on-premises CA gateway, and in response to the notification, providing the requested task for task execution. In some implementations, the remote CA gateway plug-in module maintains a constant communication connection with the on-premises CA gateway via a persistent client-initiated communication protocol.
    Type: Grant
    Filed: November 17, 2021
    Date of Patent: March 19, 2024
    Assignee: Keyfactor, Inc.
    Inventors: Jonathan Proch, Edward Shorter, Rex Edward Wheeler
  • Patent number: 11930001
    Abstract: Disclosed are various approaches for polling federated services for notifications. A request for an access token for a federated service is sent to an authentication service. The access token for the federated service is received from the authentication service. A query is sent to the federated service for a notification, the query comprising the access token. The notification is received from the federated service.
    Type: Grant
    Filed: November 30, 2020
    Date of Patent: March 12, 2024
    Assignee: VMware, Inc.
    Inventors: David Shaw, Daniel E. Zeck, Robert Worsnop
  • Patent number: 11928247
    Abstract: An encryption and signature device for AI model protection is provided. The encryption and signature device for AI model protection includes a key derivation unit, a model encryption unit, a model password encryption unit, an image generation unit and a signature unit. The key derivation unit is configured to derive a model key according to a model password and a derivation function. The model encryption unit is configured to encrypt an AI model according to the model key to generate an encrypted AI model. The model password encryption unit is configured to encrypt the model password to generate an encrypted model password. The image generation unit is configured to generate an image file according to the encrypted model password and the encrypted AI model. The signature unit is configured to sign the image file according to a private key to obtain a signed image file.
    Type: Grant
    Filed: November 1, 2021
    Date of Patent: March 12, 2024
    Assignee: CVITEK CO. LTD.
    Inventors: Tsung-Hsien Lin, Jen-Shi Wu, Hsiao-Ming Chang