Patents Examined by Jahangir Kabir
  • Patent number: 11658983
    Abstract: An authorization policy defines permissions that are exposed by a microservice. When a call is made to the microservice, it includes an access token. An application identifier uniquely identifying the calling application is extracted from the token. An access pattern, used by the calling application to obtain the access token and make the call to the microservice, is identified. Permissions that may be granted to the calling application are identified in the authorization policy based upon the application identifier and the access pattern that is identified. An authorization decision is made as to whether to authorize the call, based upon the granted permissions.
    Type: Grant
    Filed: February 7, 2020
    Date of Patent: May 23, 2023
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Matthias Leibmann, Grigory V. Kaplin, Vikas Ahuja, Kapil Kumar Jain, Qinxiao Zhou, Ran Cheng
  • Patent number: 11651707
    Abstract: The invention introduces an apparatus for encrypting and decrypting user data, including a memory, a bypass-flag writing circuit and a flash interface controller. The bypass-flag writing circuit writes a bypass flag in a remaining bit of space of the memory that is originally allocated for storing an End-to-End Data Path Protection (E2E DPP), where the bypass flag indicates whether user data has been encrypted. The flash interface controller reads the user data, the E2E DPP and the bypass flag from the memory and programs the user data, the E2E DPP and the bypass flag into the flash device.
    Type: Grant
    Filed: December 5, 2019
    Date of Patent: May 16, 2023
    Assignee: SILICON MOTION, INC.
    Inventor: An-Pang Li
  • Patent number: 11632360
    Abstract: An exemplary access control system controls access to a computing system such as a data storage system. For example, the exemplary access control system includes a cloud storage platform that authorizes a user to access the cloud storage platform. After access to the cloud storage platform is authorized, the cloud storage platform receives, from the user, a request to access, through the cloud storage platform, an application executing on a remote storage device. The cloud storage platform obtains an access token in response to receiving the request from the user. The cloud storage platform transmits the access token to the storage device for use by the storage device to validate the user and grant the user access, through the cloud storage platform, to the application executing on the storage device.
    Type: Grant
    Filed: June 7, 2019
    Date of Patent: April 18, 2023
    Assignee: Pure Storage, Inc.
    Inventors: Yu Tan, Shiva Ankam
  • Patent number: 11606349
    Abstract: Techniques are disclosed relating to authentication token refresh. In various embodiments, a first of a plurality of instances of an application executing on the server system receives a request to provide content to a browser of a client device. The first application instance determines that an authentication token useable to provide the content has expired. The authentication token is maintained in a storage accessible to the plurality of application instances. The first application instance sends a refresh request for the authentication token to an authentication service. In response to the authentication service denying the refresh request, the first application instance waits for a particular period of time before checking the storage to determine whether another instance of the plurality of instances of the application has refreshed the authentication token.
    Type: Grant
    Filed: June 2, 2020
    Date of Patent: March 14, 2023
    Assignee:, inc.
    Inventor: David Brainer
  • Patent number: 11606355
    Abstract: A biometrics hub may establish a first schedule for processing first biometric data of a user, establishing a second schedule for processing second biometric data of the user, storing the first biometric data that is received from a first biometric device via a first persistent session, and store the second biometric data that is received from a second biometric device via a second persistent session. The biometrics hub may further transmit at least one of the first biometric data or the second biometric data to an authorized remote device in accordance with the first schedule or the second schedule. In one example, the transmitting includes establishing a session with the authorized remote device, sending the at least one of the first biometric data or the second biometric data to the authorized remote device via the session with the authorized remote device, and closing the session with the authorized remote device.
    Type: Grant
    Filed: September 28, 2020
    Date of Patent: March 14, 2023
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Sangar Dowlatkhah, Venson Shaw
  • Patent number: 11601418
    Abstract: A system is provided for increasing authentication complexity for access to online systems. In particular, the system may use a hidden or obscured method for creating and enforcing a multi-factor authentication scheme. In this regard, the system may introduce authentication logic to a particular application in the network environment such that one or more “invalid” login credentials are generated by a local agent using a pre-shared key and/or algorithm. A back-end authentication system may be calculate its own set of “invalid” login credentials based on the same pre-shared key and/or algorithm, then subsequently compare the calculated incorrect credentials with the incorrect login credentials received from the local agent. If a match is detected, the system may permit a valid set of authentication credentials to be provided to authorize access to the target application and/or online system.
    Type: Grant
    Filed: October 14, 2020
    Date of Patent: March 7, 2023
    Inventor: Brandon Sloane
  • Patent number: 11595417
    Abstract: The present disclosure relates generally to the field of data processing and electronic messaging systems, and, more particularly, to systems and methods for mediating a user's access to a resource to thereby prevent potential security breaches, including phishing and impersonation, malware, and security issues, particularly with respect to websites and electronic communications.
    Type: Grant
    Filed: July 27, 2020
    Date of Patent: February 28, 2023
    Assignee: Mimecast Services Ltd.
    Inventors: Jackie Anne Maylor, Simon Paul Tyler, Steven Malone, Wayne Van Ry, Francisco Ribeiro, Nathaniel S. Borenstein, Paul Sowden
  • Patent number: 11593350
    Abstract: Aspects of the subject disclosure may include, for example, a method for providing temporary shared cloud-based storage, where access to the shared storage is time-limited, location-limited and anonymous. The method includes receiving a request for storage accessible to a plurality of user devices. A storage account is initiated in response to the request; a password and a time period are associated with the storage account. User devices obtain access to the storage account using only the password provided and without users' personal credentials; access is also according to location within a geographic area defined in the request. Any of the data items is available to each user device having access to the storage account. Upon expiration of the time period, the storage account is disabled and the data items are deleted. Other embodiments are disclosed.
    Type: Grant
    Filed: September 11, 2020
    Date of Patent: February 28, 2023
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Joseph Soryal, Tony L. Hansen, Naila Jaoude, Lalita Rao, Cristina Serban
  • Patent number: 11575664
    Abstract: Embodiments of information handling systems (IHSs) and methods are provided herein for managing tickets based on contextual information and ticket management policy. Although not strictly limited to such, the embodiments disclosed herein may be used to manage tickets, which are issued by a network authentication service and stored within a key store of an IHS. In one embodiment, tickets are managed by receiving user presence information and system state information, comparing the user presence information and system state information to policies contained within a ticket management policy database, and performing one or more actions specified in the policies if the user presence information or the system state information is not compliant with at least one of the policies. The one or more actions specified in the policies may include actions for managing the tickets stored within the key store and/or actions for controlling a power state of the IHS.
    Type: Grant
    Filed: October 25, 2019
    Date of Patent: February 7, 2023
    Assignee: Dell Products L.P.
    Inventors: Vivek Viswanathan Iyer, Daniel L. Hamlin
  • Patent number: 11575661
    Abstract: Described herein are systems, methods, and software to manage private networks for computing elements. In one example, a computing element may obtain credential information associated with a user and generate a public-private key pair for the computing element. The computing element may further communicate the public key from the pair with metadata to a coordination service to register the computing element at the coordination service. Once registered, the computing element may receive communication information associated with one or more other computing elements that permit the computing element to communicate with the other computing elements.
    Type: Grant
    Filed: July 22, 2020
    Date of Patent: February 7, 2023
    Assignee: Tailscale Inc.
    Inventors: David F. Carney, Avery Pennarun, David J. Crawshaw
  • Patent number: 11563556
    Abstract: A processor of an aspect is to perform a Single Instruction Multiple Data (SIMD) instruction. The SIMD instruction is to indicate a source register storing input data to be processed by a round of AES and is to indicate a source of a round key to be used for the round of AES. The processor is to perform the SIMD instruction to perform the round of AES on the input data using the round key and store a result of the round of AES in a destination. In one aspect, the SIMD instruction is to provide a parameter to specify whether or not a round of AES to be performed is a last round. Other instructions, processors, methods, and systems are described.
    Type: Grant
    Filed: April 6, 2020
    Date of Patent: January 24, 2023
    Inventors: Shay Gueron, Wajdi K. Feghali, Vinodh Gopal
  • Patent number: 11546322
    Abstract: Techniques are described for using a decentralized group of authentication server nodes to prevent singular dependence upon any given online platform for authenticating avatars. For each epoch duration of time, a consensus protocol operating on a blockchain is used to elect an authentication server node. The elected node can then act as an authentication server on behalf of the online platform for that fixed epoch duration of time. Within this epoch of time, a client device (e.g., used by a user to access an online platform) performs a periodic heartbeat authentication with the elected authentication server node using an efficient authentication protocol that relies on a keyed-hashing mechanism. A client device can use the described system and authentication methods concurrently with multiple different online platforms (e.g., separate metaverses or other virtual worlds).
    Type: Grant
    Filed: June 24, 2022
    Date of Patent: January 3, 2023
    Inventors: Thomas P. Hardjono, Marsha Lipton
  • Patent number: 11546342
    Abstract: An information processing apparatus includes a first port, a second port, a storage device, and a determining unit. The first port is to be connected to a first network having a first security level. The second port is to be connected to a second network having a second security level. The second security level is lower than the first security level. The storage device holds first setting information for connection to the first network and second setting information for connection to the second network. The determining unit makes network connection to at least the first port in accordance with the second setting information and determines, on the basis of a result from the network connection to at least the first port in accordance with the second setting information, whether the network connection to the first port is made properly.
    Type: Grant
    Filed: March 10, 2020
    Date of Patent: January 3, 2023
    Inventor: Yohei Ogawa
  • Patent number: 11538129
    Abstract: A device includes memory and a processor. The device receives biometric information. The device receives location information. The device analyzes the received biometric information with stored biometric information. The device analyzes the received location information with stored location information. The device determines whether the received biometric information matches the stored biometric information. The device determines whether the received location information matches the stored location information. The device sends an electronic communication that indicates whether the received biometric information matches the stored biometric information and whether the received local information matches stored geographic location that is not within a particular distance of another geographic location.
    Type: Grant
    Filed: March 15, 2020
    Date of Patent: December 27, 2022
    Assignee: Visitlock LLC
    Inventor: Kevin Robert Phillips
  • Patent number: 11539692
    Abstract: Methods and apparatuses related to settings based access to data stored in quarantined memory media are described. Memory systems can include multiple types of memory media (e.g., volatile and/or non-volatile) and data (e.g., information included in) stored in the memory media are subject to risks of the data being undesirably exposed and/or viewable to the public. According to embodiments of the present disclosure, a particular portion and/or location in the memory media can provide a data protection scheme, and a setting associated with the data can include security protocols that can control the accessibility to the stored data. For example, a setting can be associated with data to be stored in a particular location of the memory media, and responsive to a request to access the data, the setting can initiate an authentication of the request.
    Type: Grant
    Filed: August 18, 2020
    Date of Patent: December 27, 2022
    Assignee: Micron Technology, Inc.
    Inventors: Bhumika Chhabra, Carla L. Christensen, Zahra Hosseinimakarem, Radhika Viswanathan
  • Patent number: 11539750
    Abstract: The present disclosure describes systems and methods for reducing rule set sizes via statistical redistribution throughout a plurality of network security appliances. A rule set may be generated for each security appliance that includes (i) a first set of rules based on known attacks, identified as rules for mandatory inclusion in the rule set; and (ii) a subset of the second set of rules, identified as rules for potential inclusion in the rule set, selected randomly according to a distribution percentage, score, or weight for each potentially included rule. Higher scored rules, which may be more likely vectors for potential attack, may be distributed to a greater number of appliances; while lower scored rules that may be less likely or represent more speculative attacks may be distributed to fewer appliances.
    Type: Grant
    Filed: September 24, 2019
    Date of Patent: December 27, 2022
    Assignee: Fortress Cyber Security, LLC
    Inventor: Dejan Nenov
  • Patent number: 11532198
    Abstract: A re-locatable safety deposit box facility that allows for 24/7 access by authorized personnel to their safety deposit boxes without the need for any attendants at the facility. The facility is self-contained and re-locatable, such that it can be moved from one location to another location. In some embodiments, the facility may be, for example, a standard size shipping container. It has interior dimensions that are sufficient to house an array of safety deposit boxes. The container may also be equipped with devices that may be used to lift the entire container up so that it may be moved to another location.
    Type: Grant
    Filed: March 27, 2020
    Date of Patent: December 20, 2022
    Assignee: United Services Automobile Association (USAA)
    Inventors: Ruthie D. Lyle, Chi-Hsuan Lai, Ravi Durairaj, Jo Anne Yau, Sean Carl Mitchem, Stacy Callaway Huggar, David Patrick Dixon
  • Patent number: 11526584
    Abstract: Methods that can assign access permission to social media are disclosed herein. One method includes determining, by a processor, an impact of a plurality of impacts on an owner of a social media post, the impact based on a follower of the social media post, and assigning a permission of a plurality of permissions to the follower for accessing the social media post based on the determined impact. Apparatus, systems, and computer program products that can include, perform, and/or implement the methods are also disclosed herein.
    Type: Grant
    Filed: October 14, 2019
    Date of Patent: December 13, 2022
    Assignee: International Business Machines Corporation
    Inventors: Abhishek Jain, Sasikanth Eda, Sandeep Ramesh Patil, Sachin Chandrakant Punadikar
  • Patent number: 11520939
    Abstract: USB traffic is intercepted between a USB device and a computer system. It is determined whether the USB device has previously had a policy associated with it as to whether USB traffic from the device should be blocked, allowed, or sanitized. In response to not having a previous policy for the USB device, a request is made for a user to be prompted to provide a policy of one of block, allow, or sanitize for the USB device. In response to a user-provided-policy, one of the following are performed: blocking the traffic, allowing the traffic, or sanitizing the traffic between the USB device and the computer system. Apparatus, methods, and computer program products are disclosed.
    Type: Grant
    Filed: March 17, 2017
    Date of Patent: December 6, 2022
    Assignee: International Business Machines Corporation
    Inventors: Anton Beitler, Jiyong Jang, Dhilung Hang Kirat, Anil Kurmus, Matthias Neugschwandtner, Marc Philippe Stoecklin
  • Patent number: 11520873
    Abstract: A method for enrolling a device in a secure network to which an information system is connected, the method comprising the steps, implemented by a trusted device connected to the secure network, of: a) receiving from a user terminal, distinct from the device to be enrolled, an authorization to connect to the device to be enrolled, b) generating cryptographic keys intended for the device to be enrolled to access the secure network, and c) transmitting the cryptographic keys to the device to be enrolled.
    Type: Grant
    Filed: July 19, 2018
    Date of Patent: December 6, 2022
    Inventors: Paul Lajoie-Mazenc, Alexandre Michon, Gautier Delis, Florent Cardolaccia