Patents Examined by Jacob Lipman
  • Patent number: 10932311
    Abstract: This disclosure describes systems, methods, and apparatuses related to secure ad hoc network access. A device may identify a cryptographic key received from a second device. The device may cause to send a probe request for service information to the second device. The device may identify a probe response including an information element received in the service information from the second device. The device may cause to send a first discovery request seeking to provision the second device. The device may identify a first discovery response from the second device including a configuration method. The device may cause to form an ad hoc wireless network group based on the first discovery response. The device may cause to exchange one or more messages to provide an access for the second device to the ad hoc wireless network group based on the cryptographic key and one or more in-band attributes.
    Type: Grant
    Filed: June 23, 2020
    Date of Patent: February 23, 2021
    Assignee: Intel IP Corporation
    Inventors: Preston J. Hunt, Emily H. Qi
  • Patent number: 10931691
    Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that obtain a dictionary comprising a plurality of credentials and populate a probabilistic data structure based on the dictionary. A login request is received from a client and one or more credentials are extracted from the received login request. A determination of when the probabilistic data structure indicates that the extracted credentials are included in the dictionary is made. A mitigation action is initiated with respect to the client, when the determination indicates that the probabilistic data structure indicates that the extracted credentials are included in the dictionary. This technology more efficiently and effectively detects and mitigates brute force credential stuffing attacks advantageously using a reduced amount of resources.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: February 23, 2021
    Assignee: F5 Networks, Inc.
    Inventors: Michael Kapelevich, Tomer Zait, Maxim Zavodchik, Ron Talmor
  • Patent number: 10931689
    Abstract: A method for identifying malicious network traffic communicated via a computer network, the method including: evaluating a measure of a correlation fractal dimension for a portion of network traffic over a monitored network connection; comparing the measure of correlation fractal dimension with a reference measure of correlation fractal dimension for a corresponding portion of network traffic of a malicious network connection so as to determine if malicious network traffic is communicated over the monitored network connection.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: February 23, 2021
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, George Kallos
  • Patent number: 10931637
    Abstract: Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: February 23, 2021
    Assignee: Palo Alto Networks, Inc.
    Inventors: Ho Yu Lam, Robert Earle Ashley, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
  • Patent number: 10924276
    Abstract: In one embodiment, an apparatus includes: a hardware accelerator to execute cryptography operations including a Rivest Shamir Adleman (RSA) operation and an elliptic curve cryptography (ECC) operation. The hardware accelerator may include: a multiplier circuit comprising a parallel combinatorial multiplier; and an ECC circuit coupled to the multiplier circuit to execute the ECC operation. The ECC circuit may compute a prime field multiplication using the multiplier circuit and reduce a result of the prime field multiplication in a plurality of addition and subtraction operations for a first type of prime modulus. The hardware accelerator may execute the RSA operation using the multiplier circuit. Other embodiments are described and claimed.
    Type: Grant
    Filed: May 17, 2018
    Date of Patent: February 16, 2021
    Assignee: Intel Corporation
    Inventors: Santosh Ghosh, Andrew H. Reinders, Sudhir K. Satpathy, Manoj R. Sastry
  • Patent number: 10885194
    Abstract: An approach is provided for delivering a configuration based workflow in an IT system. A set of parameters and pre-configured conditions associated with a command initiated for execution are determined. Validation action(s) that validate the command and are included in the configuration based workflow are determined. The validation action(s) are specified by respective interaction(s) with external system(s). Validation action(s) included in the configuration based workflow are performed by completing the interaction(s) with the external system(s) using the set of parameters. It is determined whether the validation action(s) are successfully completed. If the validation action(s) are successfully completed, the execution of the command is continued. If at least one of the validation action(s) is not successfully completed, the execution of the command is discontinued.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: January 5, 2021
    Assignee: International Business Machines Corporation
    Inventors: Arun K. Gopinath, Sudheer Kumaramkandath, Ramesh Chandra Pathak, Suryanarayana Rao
  • Patent number: 10887319
    Abstract: A method comprises creating template limited-administration ontologies, the template limited-administration ontologies each identifying a plurality of different managers, each of the different managers having distinct and limited system access privileges. A request is received for a limited-administration server system, the request being associated with a client entity. A particular template limited-administration ontology of the template limited-administration ontologies is selected based on the request. A deployment ontology is generated based on the particular template limited-administration ontology and the request. A limited-administration server system deployment package is generated based on the deployment ontology.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: January 5, 2021
    Assignee: One-Simple U.S., LLC
    Inventor: Louisa H. Zezza
  • Patent number: 10880071
    Abstract: A programmable data storage device includes: a non-volatile memory; a storage controller configured to control the non-volatile memory; a network interface; and a field programmable gate array configured to: implement a blockchain algorithm; and store at least one block of a blockchain corresponding to the blockchain algorithm in the non-volatile memory via the storage controller; and a processor having memory coupled thereto, the memory having instructions stored thereon that, when executed by the processor, cause the processor to: send and receive one or more blocks of the blockchain via the network interface; and control the field programmable gate array to execute the blockchain algorithm on the one or more blocks of the blockchain.
    Type: Grant
    Filed: May 16, 2018
    Date of Patent: December 29, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Rajinikanth Pandurangan, Vijay Balakrishnan
  • Patent number: 10873447
    Abstract: A method and system for performing a calculation of a privacy preserving scalar product are provided. A first party and a second party (e.g., a first computer and a second computer) possessing a first vector and a second vector respectively, can concurrently determine the scalar product of the two vectors, without revealing either vector to the other party. Each vector can be masked and then encrypted using a public key of an asymmetric key pair. Using homomorphic encryption operations, the scalar product of the vectors can be determined while the vectors are still encrypted. Each party can compare the scalar product, or a value derived from the scalar product against a predetermined threshold. As an example, two parties can perform the scalar product to compare two biometric templates expressed as vectors without revealing the biometric templates to one another, preserving the privacy of persons corresponding to those biometrics.
    Type: Grant
    Filed: May 31, 2019
    Date of Patent: December 22, 2020
    Assignee: Visa International Service Association
    Inventor: Kim Wagner
  • Patent number: 10872150
    Abstract: Virus scanning of container images can be managed. For example, container images can be received in a sequential order. The container images can then be analyzed to determine the contents of the container images. The container images can be arranged in a virus-scanning queue in an order that is different from the sequential order in which the container images were received based on the contents of the container images. The container images can then be scanned for viruses in the order in which the container images are arranged in the virus-scanning queue.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: December 22, 2020
    Assignee: Red Hat, Inc.
    Inventors: Huamin Chen, Dennis Keefe
  • Patent number: 10855656
    Abstract: Techniques for fine-grained firewall policy enforcement using session APP ID and endpoint process ID correlation are disclosed. In some embodiments, a system/process/computer program product for fine-grained firewall policy enforcement using session APP ID and endpoint process ID correlation includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process identification information identifies a process that is initiating a network session from the EP device on the enterprise network; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: December 1, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Robert Earle Ashley, Ho Yu Lam, Robert Tesh, Xuanyu Jin, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
  • Patent number: 10848324
    Abstract: An HEMS controller receives a certificate revocation list distributed from a certificate authority server and listing serial numbers of revoked electronic certificates. The serial number of the electronic certificate includes a first identifying part that indicates a value for identifying a type of a participation node maintaining the electronic certificate and a second identifying part that indicates a value for identifying an individual participation node. In the case the certificate revocation list includes a serial number in which the second identifying part is a predetermined value, the HEMS controller determines that the electronic certificate of a participation node that meets the type indicated by the first identifying part of the serial number is invalid.
    Type: Grant
    Filed: April 11, 2018
    Date of Patent: November 24, 2020
    Assignee: PANASONIC INTELLECTUAL PROPERTY MANAGEMENT CO., LTD.
    Inventors: Yoichi Masuda, Tomoki Takazoe
  • Patent number: 10839085
    Abstract: An example process includes: identifying, by one or more processing devices, candidate code in executable code based on a static analysis of the executable code, where the candidate code includes code that is vulnerable to attack or the candidate code being on a path to code that is vulnerable to attack, where information related to the attack is based, at least in part, on the candidate code; customizing, by one or more processing devices, a healing template based on the information to produce a customized healing template; and inserting, by one or more processing devices, the customized healing template into a version of the executable code at a location that is based on a location of the candidate code in the executable code, where the customized healing template includes code that is executable to inhibit the attack.
    Type: Grant
    Filed: February 11, 2019
    Date of Patent: November 17, 2020
    Assignee: BLUERISC, INC.
    Inventors: Csaba Andras Moritz, Kristopher Carver, Jeffry Gummeson
  • Patent number: 10841323
    Abstract: Methods, systems, and non-transitory computer readable storage media are disclosed for detecting robotic activity while monitoring Internet traffic across a plurality of domains. For example, the disclosed system identifies network session data for each domain of a plurality of domains, the network session data including network sessions comprising features that indicate human activity. In one or more embodiments, the disclosed system generates a classifier to output a probability that a network session at a domain includes human activity. In one or more embodiments, the disclosed system also generates a classifier to output a probability that a network session includes good robotic activity. Additionally, the disclosed system generates a domain-agnostic machine-learning model by combining models from a plurality of domains with network sessions including human activity.
    Type: Grant
    Filed: May 17, 2018
    Date of Patent: November 17, 2020
    Assignee: ADOBE INC.
    Inventors: Ritwik Sinha, Vishwa Vinay, Sunny Dhamnani, Margarita Savova, Lilly Kumari, David Weinstein
  • Patent number: 10839078
    Abstract: Client devices detect malware based on a ruleset received from a security server. To evaluate a current ruleset, an administrative client device initiates a ruleset evaluation of the malware detection ruleset. A security server partitions stored malware samples into a group of evaluation lists based on an evaluation policy. The security server then creates scanning nodes on an evaluation server according to the evaluation policy. The scanning nodes scan the malware samples of the evaluation lists using the rulesets and associate each malware sample with a rule of the ruleset based on the detections, if any. The security server analyzes the associations and optimizes the ruleset and stored malware samples. The security server sends the optimized ruleset to client devices such that they more efficiently detect malware samples.
    Type: Grant
    Filed: November 11, 2019
    Date of Patent: November 17, 2020
    Assignee: MALWAREBYTES INC.
    Inventors: Sunil Mathew Thomas, Michael Graham Malone
  • Patent number: 10825014
    Abstract: An apparatus for controlling running of multiple security software applications, including: a secure element and at least one central processing unit coupled to the secure element, where the secure element includes a processor and a first random access memory; the processor is configured to: run secure operating system software and at least one security software application based on the secure operating system software; when it is required to run a second security software application, suspend running of a first security software application in the at least one security software application, control migrating first temporary data generated during running of the first security software application from the first random access memory to a storage device disposed outside the secure element, and based on the secure operating system software, run the second security software application.
    Type: Grant
    Filed: October 12, 2018
    Date of Patent: November 3, 2020
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Shilin Pan
  • Patent number: 10818202
    Abstract: The disclosure discloses a method and apparatus for encrypting data, and a method and apparatus for decrypting data. The method for encrypting data includes: acquiring a to-be-encrypted data block; executing a first encryption on the to-be-encrypted data block to obtain a data ciphertext; executing a hash operation on the to-be-encrypted data block to obtain an index key; designating a last ciphertext block as a first target ciphertext block, and decrypting the first target ciphertext block to acquire an index value of the first target ciphertext block; executing a preset operation on the index value of the first target ciphertext block to obtain the index value of the to-be-encrypted data block, and executing a second encryption on the index value of the to-be-encrypted data block based on the index key to generate an index ciphertext; and combining the data ciphertext and the index ciphertext to generate a ciphertext block.
    Type: Grant
    Filed: July 3, 2018
    Date of Patent: October 27, 2020
    Assignee: BAIDU ONLINE NETWORK TECHNOLOGY (BEIJING) CO., LTD.
    Inventors: Yuepeng Liu, Peng Yun
  • Patent number: 10812271
    Abstract: A method, system and computer program product for privacy control. A unique identifier for each data element of a group of data elements (e.g., driver's license contains a group of data elements, such as name, driver's license number) is created. These identifiers may be stored along with documentation (e.g., label) of the associated data elements in a manifest file. Alternatively, the identifiers may be stored in a file outside of the manifest file. In this manner, by utilizing a data element identifier which corresponds to a random number, security of privacy information is improved as one would only be able to obtain such sensitive information by obtaining such an identifier. Furthermore, the user only needs to send the requested data elements, as opposed to all the data elements of the group of data elements, to the challenger. In this manner, the user is preserving the security of other privacy information.
    Type: Grant
    Filed: May 17, 2019
    Date of Patent: October 20, 2020
    Assignee: International Business Machines Corporation
    Inventors: William F. Abt, Jr., Daniel A. Gisolfi, Richard Redpath
  • Patent number: 10802834
    Abstract: A computing system is configured to securely boot different operating systems. The computing system includes one or more processors, a first memory device storing a first firmware element for booting a first operating system, a second memory device storing a second firmware element for booting a second operating system, a first security module configured to provide authentication for booting the first operating system, and a second security module configured to provide authentication for booting the second operating system. The computing system is configured such that, when the first security module is connected to the one or more processors, either the first operating system or the second operating system is selected for booting based on a selection signal, and when the first security module is not connected to the one or more processors, the second operating system is selected for booting.
    Type: Grant
    Filed: June 11, 2018
    Date of Patent: October 13, 2020
    Assignee: GOOGLE LLC
    Inventors: Puneet Kumar, Mark Hayter, Willis Calkins, Duncan Laurie
  • Patent number: 10803193
    Abstract: A data management and storage (DMS) duster of peer DMS nodes manages resources of a multi-tenant environment. The DMS cluster provides an authorization framework that provides user access which is scoped to the resources within a tenant organization and the privileges of the user within the organization. To authorize an action on a resource by a user, the DMS cluster determines determine user authorizations associated with the user defining privileges of the user on the resources of the multi-tenant environment, and organization authorizations associated defining resources of the multi-tenant environment that belong to the organization. The DMS cluster authorizes the action when the user authorizations and organizations authorized indicate that the action on the resource is authorized.
    Type: Grant
    Filed: April 24, 2019
    Date of Patent: October 13, 2020
    Assignee: Rubrik, Inc.
    Inventors: Matthew Edward Noe, Seungyeop Han, Arohi Kumar