Patents Examined by Ka Shan Choy
-
Patent number: 11870919Abstract: An issuing authority (IA) may validate the identity of a user and issue a digital license to the user. IA may generate IA public-private key pair, and provide IA public key to the certification authority (CA). IA may sign the digital license with IA private key, and provision the signed digital license on the user device. IA may request CA to certify the digital license. CA may use IA public key to validate the digital license, and sign IA public key with CA private key, thereby generating a digital certificate associated with the issuing authority that is linked to the digital license. A relying party may use CA public key to validate the digital license. The relying party can retrieve the information from the digital license and trust that the retrieved information is legitimate.Type: GrantFiled: December 16, 2021Date of Patent: January 9, 2024Assignee: Visa International Service AssociationInventors: Andreas Aabye, Christopher McMillan, Adam Clark, Christian Aabye, Simon Hurry
-
Patent number: 11870792Abstract: An abnormal traffic analysis apparatus includes receiving means for receiving traffic from a device via any of a plurality of communication paths in which different communication methods are used, multiple communication management means for identifying a communication path through which the traffic is transmitted, analysis method determination means for determining an analysis algorithm for detecting abnormality of the traffic according to the communication path identified by the multiple communication management means, analysis means for analyzing whether or not the traffic is abnormal traffic by using the analysis algorithm determined by the analysis method determination means, and analysis result recording means for recording a result of analysis performed by the analysis means.Type: GrantFiled: March 8, 2019Date of Patent: January 9, 2024Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Takafumi Harada, Gembu Morohashi, Hiroki Ito
-
Patent number: 11863985Abstract: Methods and apparatus for detecting and handling evil twin access points (APs). The method and apparatus employ trusted beacons including security tokens that are broadcast by trusted APs. An Evil twin AP masquerades as a trusted AP by broadcasting beacons having the same SSID as the trusted AP, as well as other header field and information elements IE in the beacon frame body containing identical information. A sniffer on the trusted AP or in another AP that is part of a Trusted Wireless Environment (TWE) receives the beacons broadcasts by other APs in the TWE including potential evil twin APs. The content in the header and one or more IEs in received beacons are examined to determine whether a beacon is being broadcast by an evil twin.Type: GrantFiled: July 8, 2022Date of Patent: January 2, 2024Assignee: WatchGuard Technologies, Inc.Inventors: Scott Elliott, Jay Lindenauer
-
Patent number: 11863984Abstract: Methods and apparatus for detecting and handling evil twin access points (APs). The method and apparatus employ trusted beacons including security tokens that are broadcast by trusted APs. An Evil twin AP masquerades as a trusted AP by broadcasting beacons having the same SSID as the trusted AP, as well as other header field and information elements IE in the beacon frame body containing identical information. A sniffer on the trusted AP or in another AP that is part of a Trusted Wireless Environment (TWE) receives the beacons broadcasts by other APs in the TWE including potential evil twin APs. The content in the header and one or more IEs in received beacons are examined to determine whether a beacon is being broadcast by an evil twin.Type: GrantFiled: July 8, 2022Date of Patent: January 2, 2024Assignee: WatchGuard Technologies, Inc.Inventors: Scott Elliott, Jay Lindenauer
-
Patent number: 11847245Abstract: Systems as described herein may label data to preserve privacy. An annotation server may receive a document comprising a collection of text representing a plurality of confidential data from a first computing device. The annotation server may convert the document to a plurality of text embeddings. The annotation server may input the text embeddings into a machine learning model to generate a plurality of synthetic images, and receive a label for each of the plurality of synthetic images from a third-party labeler. Accordingly, the annotation server may send the confidential data and the corresponding labels to a second computing device.Type: GrantFiled: February 17, 2021Date of Patent: December 19, 2023Assignee: Capital One Services, LLCInventors: Anh Truong, Austin Walters, Jeremy Goodsitt, Vincent Pham, Reza Farivar, Galen Rafferty
-
Patent number: 11848947Abstract: A system and a method of providing security to an in-vehicle network are provided. The method efficiently operates multiple detection techniques to maintain robustness against malicious message detection while increasing overall detection efficiency.Type: GrantFiled: January 21, 2019Date of Patent: December 19, 2023Assignees: Hyundai Motor Company, Kia Motors CorporationInventors: Seung Wook Park, Seil Kim, Aram Cho
-
Patent number: 11843624Abstract: The technology disclosed relates to a method, system, and non-transitory computer-readable media that classifies cloud traffic between a client and cloud application as malicious command and control (C2) cloud traffic or benign cloud traffic. A cloud traffic classifier, in communication with a network security system, is provided intercepted cloud traffic as an input, and generate an output that classifies the cloud traffic as malicious command and control (C2) cloud traffic or benign cloud traffic. The classifier may use signals such as beaconing behavior, anomalous entity, anomalous agent, anomalous username, anomalous username, anomalous agent, cat's paw behavior of the client, anomalous hostname access patterns, and/or malicious task sequence execution.Type: GrantFiled: July 12, 2022Date of Patent: December 12, 2023Assignee: Netskope, Inc.Inventors: Colin Estep, Siying Yang, Jenko Hwong, Gustavo Palazolo Eiras, Yongxing Wang, Dagmawi Mulugeta, Raymond Joseph Canzanese, Jr.
-
Patent number: 11838307Abstract: Implementations include evaluating a first sub-set of rules based on a first sub-set of facts to provide a first set of impacts, evaluating including applying the first sub-set of facts to each rule using a hash join operation to determine whether a rule results in an impact, indexes of arguments of facts being used in a probe phase of the hash join operation, evaluating a second sub-set of rules using impacts of the first set of impacts to provide a second set of impacts, determining whether each goal in a set of goals has been achieved using the first set of impacts and the second set of impacts, each goal being provided as an impact, in response to determining that each goal in the set of goals has been achieved, removing paths of the AAG, each of the paths resulting in an impact that is not a goal.Type: GrantFiled: July 1, 2022Date of Patent: December 5, 2023Assignee: Accenture Global Solutions LimitedInventors: Alexander Basovskiy, Dmitry Kravchenko, Avraham Dayan, Moshe Hadad
-
Patent number: 11836244Abstract: A method for detecting a trusted execution environment (TEE) clone application operating on a computing device includes measuring a plurality of read time periods associated with a plurality of monitored cache sets within a memory cache based on executing a first auxiliary thread of a TEE application on the computing device. Each of the read time periods indicating a time period that is used to read data within one of the monitored cache sets. The read time periods are compared with a time threshold to determine one or more cache misses. The TEE clone application is detected as operating on the computing device based on the determined cache misses.Type: GrantFiled: June 2, 2021Date of Patent: December 5, 2023Assignee: NEC CORPORATIONInventors: Samira Briongos, Claudio Soriente, Ghassan Karame
-
Patent number: 11832101Abstract: In some embodiments, an exemplary access controlling network architecture may include: a computer platform configured to: receive, from an online entity, an action performance request; request, from an access controlling platform, an expected access control digital key to be presented to the online entity; receive the expected access control digital key; instruct to display the expected access control digital key at a computing device; cause a mobile originating communication, having the expected access control digital key and an identity linked to the computing device; determine a lack of a receipt of the access authentication indicator associated with the online entity from the access controlling platform; and perform, due to, for example, the online entity being a BOT, one of: modifying a visual schema of the online entity, disabling the online entity, or suspending one of: a performance of the online entity or the performance of the action by the online entity.Type: GrantFiled: December 19, 2022Date of Patent: November 28, 2023Assignee: STARKEYS LLCInventor: Ari Kahn
-
Patent number: 11831662Abstract: Extensive deployment of interoperable distributed energy resources (DER) on power systems is increasing the power system cybersecurity attack surface. National and jurisdictional interconnection standards require DER to include a range of autonomous and commanded grid-support functions which can drastically influence power quality, voltage, and the generation-load balance. Investigations of the impact to the power system in scenarios where communications and operations of DER are controlled by an adversary show that each grid-support function exposes the power system to distinct types and magnitudes of risk. The invention provides methods for minimizing the risks to distribution and transmission systems using an engineered control system which detects and mitigates unsafe control commands.Type: GrantFiled: June 10, 2022Date of Patent: November 28, 2023Assignee: National Technology & Engineering Solutions of Sandia, LLCInventor: Jay Tillay Johnson
-
Patent number: 11824875Abstract: A threat intelligence gateway (TIG) may protect TCP/IP networks from network (e.g., Internet) threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies may be composed of packet filtering rules with packet-matching criteria derived from cyber threat intelligence (CTI) associated with Internet threats. These CTI-derived packet-filtering rules may be created offline by policy creation and management servers, which may distribute the policies to subscribing TIGs that subsequently enforce the policies on in-transit packets. Each packet filtering rule may specify a disposition that may be applied to a matching in-transit packet, such as deny/block/drop the in-transit packet or pass/allow/forward the in-transit packet, and also may specify directives that may be applied to a matching in-transit packet, such as log, capture, spoof-tcp-rst, etc.Type: GrantFiled: December 19, 2022Date of Patent: November 21, 2023Assignee: Centripetal Networks, LLCInventors: Sean Moore, Jonathan R. Rogers, Vincent Mutolo, Peter P. Geremia
-
Patent number: 11822638Abstract: Embodiments described herein disclose technology for authenticating a user. In some embodiments, a smart card or other similar authentication device can be associated with a user profile. When a request to interact is received via an application associated with a device, the system prompts the user to waive the smart card within a threshold proximity of the device. In response to the smart card being placed within the proximity, the system collects information from the smart card and verifies that the smart card is associated with the user profile of the user. In response to verifying the information from the smart card, the system authenticates the user and allows the user to interact.Type: GrantFiled: May 31, 2022Date of Patent: November 21, 2023Assignee: United Services Automobile AssociationInventor: John R. Clowe
-
Patent number: 11822901Abstract: Cryptographic methods and systems are described. Certain examples relate to performing cryptographic operations by updating a cryptographic state. The methods and systems may be used to provide cryptographic functions such as hashing, encryption, decryption and random number generation. In one example, a non-linear feedback shift register or expander sequence is defined. The non-linear feedback shift register or expander sequence has a plurality of stages to receive the cryptographic state, wherein at least one of the plurality of stages is updated as a non-linear function of one or more other stages. In certain examples, a cryptographic state is updated over a plurality of rounds. Examples adapted for authenticated encryption and decryption, hashing, and number generation are described.Type: GrantFiled: September 17, 2021Date of Patent: November 21, 2023Assignee: PQShield Ltd.Inventor: Markku-Juhani Olavi Saarinen
-
Patent number: 11818176Abstract: The technology disclosed relates to configuring IoT devices for policy enforcement. In particular, the technology disclosed relates to configuring a plurality of special-purpose devices on a network segment of a network to steer outbound network traffic to an inline secure forwarder on the network segment instead of a default gateway on the network segment. The inline secure forwarder is configured to route the outbound network traffic to a policy enforcement point for a policy enforcement.Type: GrantFiled: August 12, 2022Date of Patent: November 14, 2023Assignee: Netskope, Inc.Inventors: David Tze-Si Wu, Siying Yang, Krishna Narayanaswamy
-
Patent number: 11816670Abstract: Various embodiments of the present invention set forth techniques for monitoring risk in a computing system. The technique includes creating one or more risk objects, where each risk object of the one or more risk objects has a corresponding stored risk definition, the stored risk definition associating the risk object with raw machine data pertaining to the risk object, the raw machine data reflecting activity in an information technology (IT) environment. The technique further includes receiving a selection of a first risk object included in the one or more risk objects and receiving a first risk definition that corresponds to the first risk object. The technique further includes performing a search of the raw machine data according to the first risk definition, wherein a risk is identified based on the search of the raw machine data and performing an action based on identifying the risk.Type: GrantFiled: May 31, 2022Date of Patent: November 14, 2023Assignee: SPLUNK INC.Inventor: Gleb Esman
-
Patent number: 11799892Abstract: Methods, non-transitory computer readable media, and database activity monitor devices that deploy a monitoring proxy into a virtual private cloud (VPC) network hosted by a first public cloud network following detection in the VPC network of a new database associated with an entity. The monitoring proxy is configured to obtain and report the activity data based on a first database type of the cloud database. A determination is made when at least one security check defined in at least one security policy is violated based on an analysis of the activity data. An alert is automatically output via a communication network, when the determination indicates the security check is violated. One or more interactive dashboards are generated and output based on the activity data. The interactive dashboards comprise a historical database activity report for the entity.Type: GrantFiled: January 28, 2021Date of Patent: October 24, 2023Assignee: CLOUD STORAGE SECURITYInventors: Aaron Newman, Jason Ruckman, Angus Davis
-
Patent number: 11797692Abstract: Disclosed are systems and methods for generating security policies for containers. An example method comprises identifying a virtualized execution environment running on a computer system, parsing metadata associated with the virtualized execution environment to identify resources of the computer system to be used by the virtualized execution environment, generating a set of access rules providing access to the resources, and creating a security policy in view of the set of access rules.Type: GrantFiled: February 18, 2022Date of Patent: October 24, 2023Assignee: Red Hat, Inc.Inventors: Lukas Vrabec, Petr Lautrbach
-
Patent number: 11792214Abstract: A first dataset that includes an indication of a plurality of network events associated with a time-period is received. For each time sub-period from a plurality of time sub-periods that together span the time-period and to generate a second dataset, a value for each network event from the plurality of network events that occur within that time sub-period is summed. A discrete Fourier transform is performed based on the second dataset to generate a third dataset that includes an indication of a plurality of frequency ranges and a plurality of magnitude values for the plurality of frequency ranges. Each frequency from the plurality of frequencies ranges is associated with a magnitude value from the plurality of magnitude values. A set of candidate frequencies from the plurality of frequencies determined to potentially cause periodic behavior is identified based on the plurality of frequency ranges and the plurality of magnitude values.Type: GrantFiled: November 18, 2022Date of Patent: October 17, 2023Assignee: Arctic Wolf Networks, Inc.Inventors: Geoffrey Ryan Salmon, Hazem Mohamed Ahmed Soliman, Mohan Rao
-
Patent number: 11792164Abstract: Systems described herein may dynamically add one or more proxy data protection agents to a cloud data storage system to process a data protection job. Upon completion of the job or at some other appropriate interval, the system can power down and decommission the proxy data protection agents and/or the virtual machines on which the data protection proxies reside according to a cleanup schedule (e.g., at hourly or minute intervals). In order to improve the allocation of computing resources, the system takes into account currently existing proxies or virtual machines when processing a backup request to determine the need for new proxies to service the backup request. In this manner the system can save costs and computing resources through efficient virtual machine deployment and retirement.Type: GrantFiled: November 30, 2021Date of Patent: October 17, 2023Assignee: Commvault Systems, Inc.Inventors: Rajesh Polimera, Supreeth Sanur, Henry Wallace Dornemann, Prasanna Kumar Thoppe Ravindran