Patents Examined by Joseph P. Hirl
  • Patent number: 11122053
    Abstract: An example method for assigning rights to utilize cloud resources associated with a service provider's computing hardware is provided. The example method can include defining a rights package including multiple rights pertaining to utilization of the cloud resources. The rights package can be assigned across multiple tenants of the service provider. The example method can also include defining a global role that includes potential rights, where the global role is assignable to individual tenant users of the tenant. The global roles can be made available to multiple tenants using the service provider. The method can further include provisioning filtered rights to utilize the cloud resources to a tenant user of the tenant, the tenant user being assigned the global role. The filtered rights can include rights present in both the potential rights defined for the global role and the rights defined for the rights package.
    Type: Grant
    Filed: January 18, 2019
    Date of Patent: September 14, 2021
    Assignee: VMWARE, INC.
    Inventors: Jeff Moroski, Ron Passerini, John Kilroy
  • Patent number: 11120148
    Abstract: Systems, methods, and apparatuses enable a security orchestrator to detect a virtual machine deployed in a virtual environment. The virtual machine includes a tag storing information associated with the virtual machine. The security orchestrator determines that the tag contains one or more security elements, the security elements indicating information for determining security settings and policies to be applied to the virtual machine. The security orchestrator determines the security settings and policies associated with the one or more security elements. The security orchestrator then assigns or applies the security settings and policies for the virtual machine based on values of the one or more security elements.
    Type: Grant
    Filed: January 10, 2019
    Date of Patent: September 14, 2021
    Assignee: Fortinet, Inc.
    Inventors: Rajiv Sreedhar, Ratinder Paul Singh Ahuja, Manuel Nedbal, Damodar Hegde, Jitendra Gaitonde, Manoj Ahluwalia, Stuart Gibson
  • Patent number: 11119806
    Abstract: Disclosed herein are systems and methods of selecting security virtual machines (SVMs) for a virtual machine (VM) in a virtual infrastructure. In one aspect, an exemplary method comprises, forming a list of SVMs, wherein SVM performs security tasks for the VM, and VM includes a security agent configured to interact with the SVM, determining restriction requirements of the security agent and removing from the list SVMs not conforming to restriction requirements on limits of interaction area of the security agent, polling SVMs remaining on the list to determine network accessibility of said SVMs and removing inaccessible SVMs, for each accessible SVM remaining on the list, determining whether a marker of the SVM matches that of the security agent of the VM and removing SVMs whose markers do not match the marker of the security agent, and providing the list of remaining SVMs to the security agent of the VM.
    Type: Grant
    Filed: July 16, 2019
    Date of Patent: September 14, 2021
    Assignee: AO Kaspersky Lab
    Inventors: Denis O. Vlaznev, Maxim E. Naumov, Maxim A. Vasilyev
  • Patent number: 11122062
    Abstract: Securing an autonomous vehicle against remote interference. Electronic communications are classified and rated according to communication port and package content. Communication ratings are processed to assess risk of remote interference. At-risk communications trigger interference response actions according to pre-defined ratings thresholds.
    Type: Grant
    Filed: March 26, 2019
    Date of Patent: September 14, 2021
    Assignee: International Business Machines Corporation
    Inventors: Cesar Augusto Rodriguez Bravo, David Jaramillo, Romelia H. Flores, Gregory J. Boss
  • Patent number: 11120145
    Abstract: The present technical solution refers to the area of arrangement of network data exchange schemes among a plurality of devices, particularly, for data exchange among devices of the Internet of things (IoT). The technical result is the increase of protection of the information exchange of data among devices by the method of arrangement of the trusted interaction environment and provision of each participant of the information exchange in the trusted environment with the protected security module in the environment of which all necessary operations are performed for implementation of data exchange with the use of a set of symmetrical access keys. The claimed solution is implemented by means of ensuring the trusted environment of data packets exchange among IoT devices in which each of IoT devices is equipped with the security module containing symmetrical sets of keys used for encryption, signing and check of the transmitted data packets.
    Type: Grant
    Filed: January 24, 2019
    Date of Patent: September 14, 2021
    Inventor: Oleg Dmitrievich Gurin
  • Patent number: 11122077
    Abstract: Embodiments can provide a computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for network protection, the method comprising determining, by the processor, if an incoming connection comprising one or more packets has a false latency larger than a trigger latency; determining, by the processor, if an attack is currently in progress; and if the attack is in progress, injecting, by the processor, at least one of the one or more packets of the incoming connection or one or more packets of an outgoing connection with a false latency.
    Type: Grant
    Filed: January 14, 2020
    Date of Patent: September 14, 2021
    Assignee: International Business Machines Corporation
    Inventors: Chih-Hung Chou, Cheng-ta Lee, Yin Lee, Chun-Shuo Lin
  • Patent number: 11122061
    Abstract: There is disclosed a method for determining malicious files in a network traffic, the method executable by a server. The method comprises: receiving the network traffic from a data communication network, retrieving a plurality of files from the network traffic, analyzing the plurality of files in order to detect at least one suspicious file, running the at least one suspicious file in at least one virtual machine, the at least one virtual machine associated with a set of the status parameters, determining changes in the set of the status parameters of the at least of one virtual machine, analyzing the changes in the set of status parameters using a set of the analysis rules such that to classify the at least one suspicious file as a malicious file based on the changes in the set of status parameters being indicative of the at least one file being the malicious file.
    Type: Grant
    Filed: January 16, 2019
    Date of Patent: September 14, 2021
    Assignee: GROUP IB TDS, LTD
    Inventors: Nikita Igorevich Kislitsin, Nikolay Nikolaevich Andreev
  • Patent number: 11113156
    Abstract: A method for automated ransomware identification includes receiving a first series of data items for backup from a host system, identifying, using a heuristic, a first characteristic of the first series of data items, receiving a second series of data items for backup from the host system, identifying, using the heuristic, a second characteristic of the second series of data items, detecting that the second characteristic differs from the first characteristic in a manner consistent with a ransomware infection, and invoking a recovery procedure responsive to the detecting.
    Type: Grant
    Filed: January 10, 2019
    Date of Patent: September 7, 2021
    Assignee: KASEYA US LLC
    Inventors: Karl Edward Brewer, Oscar Rudolph McNeese, Jr., Sameer Prakash Kamat
  • Patent number: 11113409
    Abstract: A method of efficient rekey in a transparent decrypting storage array includes receiving an instruction to rekey data on a storage array, wherein the instruction identifies first encryption information and second encryption information. The method further includes decrypting, by a processing device of a storage array controller, the data using the first encryption information to generate decrypted data. The method further includes encrypting the decrypted data using the second encryption information to generate encrypted data.
    Type: Grant
    Filed: October 26, 2018
    Date of Patent: September 7, 2021
    Assignee: Pure Storage, Inc.
    Inventors: Constantine P. Sapuntzakis, Kiron Vijayasankar, Yuval Frandzel
  • Patent number: 11115430
    Abstract: A method, apparatus and computer-readable medium for testing a target device. A fuzzer and a monitor are connected to the target device via a tactical bus. The fuzzer records messages sent from a source device to the target device over the tactical bus, creates a first fuzzed message having a data structure of the recorded message, and sends the first fuzzed message to the target device over the tactical bus. A fuzzer monitor monitors the target device for an anomalous response to the first fuzzed message, and determines a vulnerability of the target device from the response to the first fuzzed message.
    Type: Grant
    Filed: June 9, 2017
    Date of Patent: September 7, 2021
    Assignee: RAYTHEON COMPANY
    Inventors: Brandon Woolley, Ross MacKinnon, Eric Rammelsberg
  • Patent number: 11115400
    Abstract: In a control terminal device for controlling a plurality of devices, when account information is registered in a first device which is one of the plurality of devices, after completion of registration of account information in the first device, a second device in which the account information is not registered is searched, and the account information is registered in the searched second device.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: September 7, 2021
    Assignee: Yamaha Corporation
    Inventors: Kazuya Mushikabe, Akihiko Suyama, Keisuke Tsukada
  • Patent number: 11115384
    Abstract: A walled garden system includes a firewall controlling access between a first network and a second network at least by allowing connection requests originating from a user device on the first network to a destination IP address on the second network in response to determining that the destination IP address matches a cleared IP address on a cleared IP addresses list. A controller receives a domain name service (DNS) reply from a DNS server on the second network, and determines whether a domain name specified within the DNS reply matches a cleared domain name on a cleared domain names list. In response to determining that the domain name specified within the DNS reply matches the cleared domain name on the cleared domain names list, the controller adds a resolved IP address specified in the DNS reply to the cleared IP addresses list as a new cleared IP address.
    Type: Grant
    Filed: October 27, 2017
    Date of Patent: September 7, 2021
    Assignee: Guest Tek Interactive Entertainment Ltd.
    Inventor: David T. Ong
  • Patent number: 11106789
    Abstract: Anomalous sequences are detected by approximating user sessions with heuristically extracted event sequences, allowing behavior analysis even without user identification or session identifiers. Extraction delimiters may include event count or event timing constraints. Event sequences extracted from logs or other event lists are vectorized and embedded in a vector space. A machine learning model similarity function measures anomalousness of a candidate sequence relative to a specified history, thus computing an anomaly score. Restrictions may be placed on the history to focus on a particular IP address or time frame, without retraining the model. Anomalous sequences may generate alerts, prompt investigations by security personnel, trigger automatic mitigation, trigger automatic acceptance, trigger tool configuration actions, or result in other cybersecurity actions.
    Type: Grant
    Filed: March 5, 2019
    Date of Patent: August 31, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Naama Kraus, Roy Levin, Andrey Karpovsky, Tamer Salman
  • Patent number: 11108799
    Abstract: Systems, methods, and related technologies for analyzing traffic based on naming information are described. In certain aspects, name information and address information from a name translation response are stored. The name information is associated with a device based on the device sending a communication to an address associated with the name information.
    Type: Grant
    Filed: January 24, 2020
    Date of Patent: August 31, 2021
    Assignee: FORESCOUT TECHNOLOGIES, INC.
    Inventors: Oded Comay, Oren Nechushtan
  • Patent number: 11108810
    Abstract: In one embodiment, a device in a network receives certificate data for an encrypted traffic flow associated with a client node in the network. The device determines one or more data features from the certificate data. The device determines one or more flow characteristics of the encrypted traffic flow. The device performs a classification of an application executed by the client node and associated with the encrypted traffic flow by using a machine learning-based classifier to assess the one or more data features from the certificate data and the one or more flow characteristics of the traffic flow. The device causes performance of a network action based on a result of the classification of the application.
    Type: Grant
    Filed: May 8, 2020
    Date of Patent: August 31, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Blake Harrell Anderson, David McGrew, Subharthi Paul, Ivan Nikolaev, Martin Grill
  • Patent number: 11108813
    Abstract: The disclosed embodiments provide a system for mitigating a distributed denial-of-service (DDoS) attack. During operation, the system analyzes application layer data in historical traffic to an online system to determine a historical volume of member traffic from an Internet Protocol (IP) address to the online system, wherein the member traffic is generated by members of the online system. Next, the system calculates a rate limit for a set of requests from the IP address to the online system based on the historical volume of member traffic from the IP address. During a DDoS attack, the system outputs the rate limit for use in blocking a subset of the requests from the IP address to the online system.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: August 31, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Shoufu Luo, Jie Zhang
  • Patent number: 11109231
    Abstract: The present invention provides an approach for granting access and respectively denying access to an instruction set of a device. The technical teaching provides the advantage that unauthorized access can be effectively prevented. Hence, maintenance work can be performed by specialized staff and security sensitive parts of the instruction sets are secured.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: August 31, 2021
    Assignee: ABB Schweiz AG
    Inventors: Matus Harvan, Roman Schlegel, Sebastian Obermeier, Thomas Locher
  • Patent number: 11108556
    Abstract: Aspects of secure inter-application data communications are described. In one example, a first application executing on a computing device obtains an identity certificate. The identity certificate can include a unique identifier of the computing device and a public key of the first application. To obtain the public keys of other applications executing on the computing device, the first application can query a management computing environment using the identity certificate. Once the computing device is authenticated by the management computing environment, the management computing environment can store the public key of the first application and return any public keys of other applications executing on the computing device. Once the public keys have been exchanged between the applications, the applications can encrypt and sign data packages for secure data communications between each other.
    Type: Grant
    Filed: June 8, 2018
    Date of Patent: August 31, 2021
    Assignee: VMware, Inc.
    Inventors: Eugene Liderman, Stephen Louis Turner, Simon Brooks
  • Patent number: 11102246
    Abstract: Methods, non-transitory computer readable media, security management apparatuses, and network traffic management systems are disclosed that improve network security via input field obfuscation are disclosed. With this technology, a script is injected into source code of a web page received from a server. The source code is then sent to a requesting client. The script is configured to remove an event listener attached to a protected input field of the web page to provide a script secured input field. An application layer message that is received from the client is subsequently sent to the server. The application layer message includes data submitted via the script secured input field that prevented one or more keystrokes corresponding to the data from being observed by a source of the event listener.
    Type: Grant
    Filed: October 23, 2019
    Date of Patent: August 24, 2021
    Assignee: VERSAFE LTD.
    Inventors: Uri Chandler, Avihai Sitbon
  • Patent number: 11100207
    Abstract: Provided is a user authentication method including reproducing sound data of which a sound source in a first position of a space around a user is virtually localized using a Head-Related Transfer Function (HRTF) of the user toward the user, acquiring a second position of the space around the user, the second position being estimated by the user who has listened to the reproduced sound data as a position of the sound source; and authenticating the user according to a coincidence between the first position and the second position.
    Type: Grant
    Filed: September 9, 2019
    Date of Patent: August 24, 2021
    Assignee: SONY CORPORATION
    Inventor: Kosei Yamashita