Patents Examined by Joseph P. Hirl
  • Patent number: 11507883
    Abstract: Fairness and output authenticity for secure distributed machine learning is provided by way of an encrypted output of a garbled circuit which is simultaneously provided to a garbler and an evaluator by an output discloser. Related systems, methods and articles of manufacture are also disclosed.
    Type: Grant
    Filed: December 3, 2019
    Date of Patent: November 22, 2022
    Assignee: SAP SE
    Inventor: Laurent Gomez
  • Patent number: 11507693
    Abstract: Disclosed is a system and method of de-identifying data. A method includes splitting, at a first entity, a byte of data of an original record into a first random portion and a second random portion, inserting first random bits into the first random portion to yield a first new byte and inserting second random bits into the second random portion to yield a second new byte. The method then includes transmitting the second new byte to a second entity, receiving, at the first entity, a first portion of an algorithm from the second entity and processing the first new byte by the first portion of the algorithm to yield a first partial result. The first partial result can be combined with a second partial result from the second entity processing the second new byte by a second portion of the algorithm.
    Type: Grant
    Filed: November 19, 2021
    Date of Patent: November 22, 2022
    Assignee: TripleBlind, Inc.
    Inventors: Greg Storm, Babak Poorebrahim Gilkalaye, Riddhiman Das
  • Patent number: 11507692
    Abstract: A computing system includes an anonymizer server. The anonymizer server is communicatively coupled to a data repository configured to store a personal identification information (PII) data. The anonymizer server is configured to perform operations including receiving an anonymized data request, and creating an anonymized data repository based on the anonymized data request. The anonymizer server is also configured to perform operations including anonymizing the PII data to create an anonymized data by applying a cluster-based process, and storing the anonymized data in the anonymized data repository.
    Type: Grant
    Filed: December 31, 2019
    Date of Patent: November 22, 2022
    Assignee: ServiceNow, Inc.
    Inventors: Anil Kumar Vemula, Amitav Mohanty, Sreenivas Durvasula
  • Patent number: 11509629
    Abstract: A network security system provides portals which enable automatic creation of a dynamic one-time port forwarding rule for an authorized user's current IP address following two factor authentication of the authorized user. Such a dynamic one-time port forwarding rule is utilized to set up a connection, at which point the dynamic one-time port forwarding rule is removed, preventing any attacker from subsequently taking advantage of it. Such a methodology is advantageous as compared to conventional port forwarding in that it is much more secure. Such a methodology is advantageous as compared to traditional port forwarding with access control both in that a user does not always have to utilize the same device with a static IP address, and in that the port forwarding rule representing or exposing a potential vulnerability is deleted after a connection is established.
    Type: Grant
    Filed: June 26, 2021
    Date of Patent: November 22, 2022
    Assignee: Calyptix Security Corporation
    Inventors: Lawrence Chin Shiun Teo, Aaron K. Bieber, Nicholas C. Pelone, Bryce Chidester, Benjamin A. Yarbrough
  • Patent number: 11503078
    Abstract: An apparatus comprises a processing device configured to receive, at a user interface of a trust platform configured to manage cloud assets operating in clouds of two or more cloud service providers, a specification of security and compliance controls to be implemented for workloads of a given entity running on a subset of the cloud assets. The processing device is also configured to obtain, utilizing application programming interfaces of the trust platform, information characterizing deployed security and compliance controls for the subset of the plurality of cloud assets from first and second pluralities of monitoring tools operating in tenant and management environments of the clouds.
    Type: Grant
    Filed: December 30, 2020
    Date of Patent: November 15, 2022
    Assignee: Virtustream IP Holding Company LLC
    Inventors: Pritesh Parekh, Nicholas Kathmann, Qintao Zhao
  • Patent number: 11503063
    Abstract: Systems, methods, and non-transitory computer-readable storage media are disclosed for detecting, identifying, and/or assessing hidden vulnerabilities in an enterprise network. In one example, a device may have one or more memories storing computer-readable instructions and one or more processors configured to execute the computer-readable instructions to receive vulnerability data of network components within an enterprise network. The vulnerability data can include identification of one or more vulnerabilities detected within the enterprise network. The device can then determine a vulnerability frequency and a machine frequency associated with each of the one or more vulnerabilities. The device can then determine a vulnerability score for each of the one or more vulnerabilities based on the vulnerability frequency and an inverse of the machine frequency, to yield a plurality of vulnerability scores. The device can then rank the one or more vulnerabilities based on the plurality of vulnerability scores.
    Type: Grant
    Filed: August 5, 2020
    Date of Patent: November 15, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: Supreeth Hosur Nagesh Rao, Navindra Yadav, Prasannakumar Jobigenahally Malleshaiah, Ashok Kumar, Umamaheswaran Arumugam, Darshan Shrinath Purandare, Songlin Li, Hanlin He
  • Patent number: 11500985
    Abstract: Disclosed embodiments relate to systems and methods for correlating software pipeline events. Techniques include receiving first data representing at least one aspect of a first software pipeline event; identifying a value as a potential identifier of the first software pipeline event; storing the value in a data structure in an associative manner with the first software pipeline event; receiving second data representing at least one aspect of a second software pipeline event; identifying an additional value as a potential identifier of the second software pipeline event; comparing additional value to the value stored in the data structure; based on the comparison, determining whether a correlation exists between the first software pipeline event and the second software pipeline event; and based on a determination that a correlation exists, providing an indication of the correlation.
    Type: Grant
    Filed: April 28, 2022
    Date of Patent: November 15, 2022
    Assignee: CyberArk Software Ltd.
    Inventors: Michael Balber, Shai Dvash
  • Patent number: 11496494
    Abstract: The present disclosure is directed to a method of detecting anomalous behaviors based on a temporal profile. The method can include collecting, by a control system comprising a processor and memory, a set of network data communicated by a plurality of network nodes over a network during a time duration. The method can include identifying, by the control system, one or more seasonalities from the set of network data. The method can include generating, by the control system, a temporal profile based on the one or more identified seasonalities. The method can include detecting, by the control system and based on the temporal profile, an anomalous behavior performed by one of the plurality of network nodes. The method can include identifying, by the control system and based on the temporal profile, a root cause for the anomalous behavior.
    Type: Grant
    Filed: December 17, 2019
    Date of Patent: November 8, 2022
    Assignee: VMware, Inc.
    Inventors: Marco Cova, Corrado Leita, Luukas Larinkoski
  • Patent number: 11496502
    Abstract: Disclosed is an operation method for a dynamic analyzer for analyzing an execution state of a web application. The present invention comprises the steps of: analyzing an execution state of the web application on the basis of a final attack string including a parameter which indicates a particular operation to be executed through the web application; and performing an analysis of the execution state of the web application, wherein the final attack string is generated so as to avoid filtering logic which is designed to filter a raw attack string including a predefined parameter. Therefore, the present invention can detect a security vulnerability, which cannot be detected by the existing dynamic analyzer, through easy generation of a final attack string capable of bypassing filtering.
    Type: Grant
    Filed: July 28, 2016
    Date of Patent: November 8, 2022
    Assignee: Sparrow Co., Ltd.
    Inventors: Min Sik Jin, Jong Won Yoon, Jong Hwan Im
  • Patent number: 11496489
    Abstract: Knowledge-aware detection of attacks on a client device conducted with dual-use tools. A method may include obtaining dual-use tool data related to a plurality of dual-use tools; collecting from a client device, by the computing device, user input related to the use of a dual-use tool of the plurality of dual-use tools; determining that the user input contains a feature of the dual-use tool data; creating a behavioral index of the user input, the behavioral index stored on the client device; detecting new input on the client device; determining a similarity level between the user input and the new input; flagging a malicious attack on the client device based on determining that the similarity level does not satisfy a pre-determined threshold; and implementing a security action on the client device based on flagging the malicious attack.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: November 8, 2022
    Assignee: CA, Inc.
    Inventors: Slawomir Grzonkowski, Johann Roturier, Pratyush Banerjee, David L. Silva
  • Patent number: 11496898
    Abstract: A method includes generating, at a first station, a security key that is usable for authentication with an access point associated with a wireless network. The method includes switching from an infrastructure mode to an ad hoc communication mode, and while in the ad hoc communication mode, broadcasting a beacon frame and receiving a request, from a second station, to join the wireless network. The method includes determining that the second station is an approved device and sending a first authentication request to the access point on behalf of the second station. The method includes receiving a first authentication response, including challenge text, from the access point. The method includes encrypting the challenge text based on the security key and sending the encrypted challenge text as part of a second authentication request to the access point to authenticate the second station with the access point.
    Type: Grant
    Filed: June 2, 2020
    Date of Patent: November 8, 2022
    Inventors: Christopher Michael Scurry, Roman-Wark Belachew Scurry
  • Patent number: 11496452
    Abstract: User data is aggregated across a plurality of electronic communication channels and domains. An online system initially authenticates a user for access to the online system over a network. The online system provides a user identifier for the user to an authentication service. The authentication service generates a non-repeatable challenge from the aggregated user data for the user identifier and provides the non-repeatable challenge to the online system. The online system provides the challenge to the user and receives a response from the user. The online system provides the response to the authentication service and the authentication sends a success or failure back to the online system based on the response to the challenge, and based on the success or failure the online system makes a final determination for authenticating the user for accessing to the online system.
    Type: Grant
    Filed: July 26, 2018
    Date of Patent: November 8, 2022
    Assignee: NCR Corporation
    Inventors: Yehoshua Zvi Licht, Joseph Arnold White
  • Patent number: 11489693
    Abstract: A computer implemented method of a network access point for secure network access by a mobile computing device, the mobile device being associated with the access point by a digitally signed record in a blockchain wherein the blockchain is accessible via a network and includes a plurality of records validated by miner computing components, the method including receiving a request from another network access point to associate the mobile device with the other access point, the request having associated identification information for the mobile device; responsive to a verification of an entitlement of the mobile device to access the network, generating a new record for storage in the blockchain, the new record associating the mobile device with the other access point and being validated by the miner components such that the other access point provides access to the network for the mobile device based on the validation of the new record, wherein the network access point provides access to a local network inacces
    Type: Grant
    Filed: June 8, 2018
    Date of Patent: November 1, 2022
    Inventors: Joshua Daniel, Paul Kearney
  • Patent number: 11483318
    Abstract: A method to secure a production environment in a network begins by associating a set of resources into a simulated environment layer configured to simulate at least a portion of the production environment. A preferred approach to building the simulated environment layer utilizes generative adversarial network (GAN) machine learning modeling. Upon detecting a suspect user attempting to interact with the production environment, one or more requests received from the suspect user are routed to the simulated environment layer as opposed to the production environment. At least one behavior of the simulated environment layer is then modified as the suspect user interacts within the simulated environment layer. The modified behavior facilitates that an attack initiated by the suspect user can proceed. Information (such as the user's tactics, techniques and procedures (TPPs), or other Indicators of Compromise (IoCs) associated with the attack is captured for analysis and subsequent action.
    Type: Grant
    Filed: January 7, 2020
    Date of Patent: October 25, 2022
    Assignee: International Business Machines Corporation
    Inventors: Craig M. Trim, Joseph B. Ries, Adam Lee Griffin, Jennifer L. Szkatulski, Shikhar Kwatra
  • Patent number: 11483709
    Abstract: Authentication processes to counter subscriber identity module swapping fraud attacks is disclosed. A method can comprise receiving location data representative of a tower device of a group of tower devices; receiving duration data representing a time period during which the mobile device has been traversing through a transmission region monitored by the tower device; as a function of the identification data, the location data, and the duration data, formulating a challenge query for the mobile device to answer; and sending the challenge query to the tower device.
    Type: Grant
    Filed: March 14, 2019
    Date of Patent: October 25, 2022
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: Joseph Soryal
  • Patent number: 11483339
    Abstract: Attacks on a network device, e.g. an IoT device, are detected by analyzing network traffic and subsequently quarantining or blocking the network device on the network to prevent lateral movement of malware. The techniques described herein relate to developing a baseline of network device activity corresponding with a network device during a learning period and comparing the baseline of network device activity with new network activity by the network device in order to identify potentially unusual network device activity by the network device. If unusual network activity is found, remedial actions such as quarantining the network device or restricting some access to a network may be initiated.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: October 25, 2022
    Assignee: Pulse Secure, LLC
    Inventors: Biju Kaimal, Bandam Radha Shravan, Thiyagu Rajendran, Clifford E. Kahn
  • Patent number: 11483706
    Abstract: A wireless network transfers UE information to an authorization server. The authorization server generates an expected result based on a random number and secret key in response to the UE information. The authorization server transfers the expected result and the random number to the wireless network which transfers the random number to the UE. The wireless network receives an authentication result from the UE and authenticates the UE by matching the authentication result to the expected result. In response to network authentication, the wireless network transfers the expected result to a conferencing server. The conferencing server receives the authentication result from the UE and registers the UE by matching the authentication result to the expected result. The conferencing server establishes media conferences for the UE. The wireless network exchanges media for the UE.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: October 25, 2022
    Assignee: Sprint Communications Company L.P.
    Inventors: Sathyanarayanan Raghunathan, Muthukumaraswamy Sekar, Maheswaran Vijayakumar, Suresh Majjara
  • Patent number: 11477284
    Abstract: A programmable network architecture that employs a software based, modular functional infrastructure with standard interfaces is utilized for mobile core networks. In one aspect, network services and/or functions can be built and addressed as resources that are configured and/or accessed with standard and/or open application program interfaces (APIs). The disclosed network architecture provides real-time and on-demand network configurations and dynamic service provisioning.
    Type: Grant
    Filed: July 21, 2020
    Date of Patent: October 18, 2022
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Qingmin Hu, Brian Daly
  • Patent number: 11477231
    Abstract: A method may include obtaining internal vulnerability data and external vulnerability data regarding various security vulnerabilities among various network elements for a predetermined organization. The method may include determining various exploitability levels for the security vulnerabilities using a model, the external vulnerability data, and the internal vulnerability data. The model may be generated using a machine-learning algorithm. The method may include determining a vulnerability priority for the plurality of security vulnerabilities using the plurality of exploitability levels and organization-specific criteria. The vulnerability priority may describe a sequence that the security vulnerabilities are remediated. The method may further include transmitting a remediation command to one of the network elements. The remediation command may initiate a remediation procedure at the network element to address the security vulnerability.
    Type: Grant
    Filed: June 10, 2020
    Date of Patent: October 18, 2022
    Assignee: SAUDI ARABIAN OIL COMPANY
    Inventors: Mariam Fahad Bubshait, Mashael Hassan Alkhalis
  • Patent number: 11477223
    Abstract: Methods and systems for the detection, identification, analysis of cybersecurity events in order to support prevention of the persistence of threats, malware or other harmful events are provided. The methods and systems of the present invention enable a user to find similar anomalous network traffic within a single network or across multiple networks. The methods and systems identify and correlate activity in order to analyze potential threats within a network by providing broader contextual information about how those threats relate to other activity within the network or across a sector or country.
    Type: Grant
    Filed: January 15, 2020
    Date of Patent: October 18, 2022
    Assignee: IronNet Cybersecurity, Inc.
    Inventors: Michael Lowney, Phillip Baker Schafer, Alexander Michael Conn, Patrick Collard, Stephen Kinser