Patents Examined by Kambiz Zand
  • Patent number: 11818145
    Abstract: An automated technique for security monitoring leverages a labeled semi-directed temporal graph derived from system-generated events. The temporal graph is mined to derive process-centric subgraphs, with each subgraph consisting of events related to a process. The subgraphs are then processed to identify atomic operations shared by the processes, wherein an atomic operation comprises a sequence of system-generated events that provide an objective context of interest. The temporal graph is then reconstructed by substituting the identified atomic operations derived from the subgraphs for the edges in the original temporal graph, thereby generating a reconstructed temporal graph. Using graph embedding, the reconstructed graph is converted into a representation suitable for further machine learning, e.g., using a deep neural network. The network is then trained to learn the intention underlying the temporal graph.
    Type: Grant
    Filed: December 9, 2019
    Date of Patent: November 14, 2023
    Assignee: International Business Machines Corporation
    Inventors: Xiaorui Pan, Xiaokui Shu, Dhilung Hang Kirat, Jiyong Jang, Marc Philippe Stoecklin
  • Patent number: 11818120
    Abstract: A mechanism for building decentralized computer applications that execute on a distributed computing system. The present technology works within a web browser, client application, or other software and provides access to decentralized computer applications through the browser. The present technology is non-custodial, wherein a public-private key pair, which represents user identity, is created on a client machine and then directly encrypted by a third-party platform without relying on one centralized computing system.
    Type: Grant
    Filed: December 30, 2022
    Date of Patent: November 14, 2023
    Assignee: Magic Labs, Inc.
    Inventors: Fei-Yang Jen, Yi Wei Chen, Jaemin Jin, Hanyu Xue, Wentao Liu, Shang Li
  • Patent number: 11818147
    Abstract: Systems, methods and computer program products for improving security of artificial intelligence systems. The system comprising processors for monitoring one or more transactions received by a machine learning decision model to determine a first score associated with a first transaction. The first transaction may be identified as likely adversarial, in response to the first score being lower than a certain score threshold and the first transaction having a low occurrence likelihood. A second score may be generated in association with the first transaction based on one or more adversarial latent features associated with the first transaction. At least one adversarial latent feature may be detected as being exploited by the first transaction, in response to determining that the second score falls above the certain score threshold. Accordingly, an abnormal volume of activations of adversarial latent features spanning across a plurality of transactions scored may be detected and blocked.
    Type: Grant
    Filed: November 23, 2020
    Date of Patent: November 14, 2023
    Assignee: Fair Isaac Corporation
    Inventors: Scott Michael Zoldi, Shafi Ur Rahman
  • Patent number: 11811807
    Abstract: Conditionally initiating a security measure in response to an estimated increase in risk imposed related to a particular user of a computing network. The risk is determined using a rolling time window. Accordingly, sudden increases in risk are quickly detected, allowing security measures to be taken quickly within that computing network. Thus, improper infiltration into a computing network is less likely to escalate or move laterally to other users or resources within the computing network. Furthermore, the security measure may be automatically initiated using settings pre-configured by the entity. Thus, the security measures go no further than what the entity instructed, thereby minimizing risk of overreaching with the security measure.
    Type: Grant
    Filed: May 27, 2021
    Date of Patent: November 7, 2023
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Itay Argoety, Michael Shlomo Navat, Idan Yehoshua Hen, Efrat Reef Guttman
  • Patent number: 11809537
    Abstract: A computer-implemented method for executing a user instruction may include obtaining identification data of a user via a device associated with the user, wherein the identification data comprises at least a password, a user name, and biometric data of the user; determining, via the one or more processors, a login status based on the identification data; demonstrating, to the user, historical account data based on the login status, wherein the historical account data comprises at least historical biometric data associated with one or more historical logins; receiving, via the one or more processors, the user instruction based on the historical account data, wherein the user instruction comprises at least one of revoking a historical login, changing password, or signing out a historical device associated with a historical login of the one or more historical logins; and executing, via the one or more processors, the user instruction.
    Type: Grant
    Filed: June 11, 2020
    Date of Patent: November 7, 2023
    Assignee: Capital One Services, LLC
    Inventors: Zainab Zaki, Jackson Cheek
  • Patent number: 11811949
    Abstract: Disclosed are various embodiments for validating documents using a blockchain data. Multiple documents can be included in the validation process using a merge and hash process and a summary terms document. Validation can be performed by hashing and merging operations, followed by comparing hash values.
    Type: Grant
    Filed: November 7, 2021
    Date of Patent: November 7, 2023
    Assignee: DocuSign, Inc.
    Inventors: Gregory J. Alger, Duane R. Wald, Andrew Mintner, Donald Grant Peterson, Taiga Matsumoto, Damon Dean, Drew Ashlock
  • Patent number: 11804971
    Abstract: Physical unclonable functions (PUFs) are described. The PUFs utilize intrinsic information to determine the confidence level of comparison values. The information about confidence levels may be used to simplify the process of recovering the PUF secret. Since the information about confidence levels may be intrinsic, and not know outside the PUF, the PUF may be secure.
    Type: Grant
    Filed: August 5, 2020
    Date of Patent: October 31, 2023
    Assignee: Analog Devices, Inc.
    Inventor: Chiraag Juvekar
  • Patent number: 11804958
    Abstract: A computer implemented method and system for secure initial secret delivery for collocated containers with shared resources techniques is disclosed. The method comprises providing an application type identifier and a token for accessing a secrets management service; creating asynchronously, a plurality of collocated containers with shared resources; initiating a request for a creation for an initial secret; validating the request, requesting an identity for the collocated containers; validating the identity; starting an application instance; and using the initial secret to retrieve other secrets for the application instance.
    Type: Grant
    Filed: December 30, 2020
    Date of Patent: October 31, 2023
    Assignee: Synchronoss Technologies, Inc
    Inventors: Ivan Skuliber, Ryan C. O'Hare, Michael A. Bellomo
  • Patent number: 11803648
    Abstract: A method, system, and computer program product for key in lockbox encrypted data deduplication are provided. The method collects a set of deduplication information by a host in communication with a storage system via a communications network. A fingerprint is generated for a data chunk to be stored on a storage system. The method encrypts the data chunk using a first encryption key to generate an encrypted data chunk. The fingerprint is encrypted with a second encryption key to generate an encrypted fingerprint. The method encrypts the first encryption key with a third encryption key to generate a first encrypted key. The method encrypts the first encryption key with a fourth encryption key to generate a second encryption key. A data package is generated for transmission to the storage system. The method transmits the data package to the storage system.
    Type: Grant
    Filed: December 9, 2020
    Date of Patent: October 31, 2023
    Assignee: International Business Machines Corporation
    Inventors: Steven Robert Hetzler, Wayne C. Hineman, John Stewart Best
  • Patent number: 11799902
    Abstract: Systems and methods for dynamically mitigating a DDOS attack. In an aspect, the technology relates to a computer-implemented method for dynamically mitigating a distributed-denial-of-service (DDOS) attack. The computer-implemented method may include detecting a DDOS attack directing malicious traffic to a target, identifying one or more source locations of the malicious traffic, and in response to detecting the DDOS attack, activating one or more scrub clusters in the identified one or more source locations of the malicious traffic. The method may further include directing traffic intended for the target to the to the activated one or more scrub clusters, detecting an end of the DDOS attack, and in response to detecting the end of the DDOS attack, deactivating the one or more scrub clusters to release hardware resources.
    Type: Grant
    Filed: April 6, 2021
    Date of Patent: October 24, 2023
    Assignee: Level 3 Communications, LLC
    Inventor: Michael Feldpusch
  • Patent number: 11799904
    Abstract: Inverse imbalance subspace searching techniques are used to detect potential malware among samples of network communication data. A large number of samples of network communication data, such as proxy log data and/or network flows, are received and analyzed by a malware detection system. A number of the samples are associated with known malware, while other unlabeled samples are either benign or may be associated with unknown malware. An inverse imbalance subspace search may be performed, in which the sample sets are divided into subsets based on random feature thresholds, and each subset is evaluated based on the ratio of known malware samples to unlabeled samples. Unlabeled samples within subsets having high malware sample ratios may be identified, aggregated, and processed as potential malware.
    Type: Grant
    Filed: December 10, 2020
    Date of Patent: October 24, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Tomas Komarek, Jan Brabec, Cenek Skarda
  • Patent number: 11792006
    Abstract: A method for electing a representative node device is performed at a blockchain system, including: obtaining voting transaction data from the node devices, the voting transaction data being used for voting for one or more node devices of the blockchain system as representative node devices; generating and storing the voting transaction data into a target blockchain of the blockchain system when a plurality of node devices of the blockchain system verify the voting transaction data by consensus; and when a quantity of blocks in the target blockchain generated using the voting transaction data reaches a preset quantity, determining an election result according to quantities of votes of the node devices determined from the voting transaction data, the election result identifying a plurality of representative node devices in the blockchain system being configured to generate new blocks for the target blockchain and perform verification on the new blocks by consensus.
    Type: Grant
    Filed: October 1, 2020
    Date of Patent: October 17, 2023
    Inventors: Rui Guo, Maocai Li, Zongyou Wang, Haitao Tu, Li Kong, Kaiban Zhou, Changqing Yang, Nan Wang, Yong Ding, Yifang Shi
  • Patent number: 11792228
    Abstract: Methods, systems, and computer readable media for network security are described. In some implementations, security tasks and roles can be allocated between an endpoint device and a firewall device based on tag information sent from the endpoint, the tag information including one or more characteristics of a traffic flow, information of resource availability, and/or reputation of a process associated with a traffic flow.
    Type: Grant
    Filed: January 21, 2021
    Date of Patent: October 17, 2023
    Assignee: Sophos Limited
    Inventors: Andy Thomas, Nishit Shah, Daniel Stutz
  • Patent number: 11792234
    Abstract: A policy-based browser system for managing browser extensions used to access functionalities on a web browser in a cloud-based multi-tenant system. The policy-based browser system includes a client device, a web server configured to provide the functionality of the browser extension on a web browser of the client device, and a mid-link server. The network traffic from the client device is monitored to identify traffic patterns, risk is determined associated with the browser extension based on the traffic patterns, and a correlation of the browser extension with a plurality of browser extensions. A policy for the browser extension is identified based on the risk. The policies specify access to the browser extensions based on the risk associated with the browser extensions. The browser extensions are categorized based on the policies and the risk. An authorization corresponding to the browser extension is determined based on the policy.
    Type: Grant
    Filed: November 11, 2022
    Date of Patent: October 17, 2023
    Assignee: Netskope, Inc.
    Inventor: James S. Robinson
  • Patent number: 11784810
    Abstract: Provided are a computer program product, system, and method for determining key server type and key server redundancy information to enable encryption. A first key server type for a first protocol is indicated in a key server type field in response to determining a current protocol used to communicate with the key server comprises the first protocol. A query information request is submitted to the key server to determine a key server type in response to determining that the current protocol comprises the second protocol. The second key server type indicated in the response to the query information request is indicated in the key server type field in response to the response indicating the second key server type. The first or second type of key server indicated in the key server type field is used to determine information to include in a key retrieval request.
    Type: Grant
    Filed: May 25, 2022
    Date of Patent: October 10, 2023
    Inventors: Jacob Lee Sheppard, Roger G. Hathorn, Igor Popov
  • Patent number: 11784792
    Abstract: A system may include a first processing component arranged in a secure domain of the system. The system may include a second processing component arranged outside of the secure domain of the system. The system may include one or more hardware accelerators to perform operations in association with providing communication security for the system. The one or more hardware accelerators may be accessible by the first processing component via a channel in the secure domain. The one or more hardware accelerators may be accessible by at least the second processing component via a channel outside of the secure domain.
    Type: Grant
    Filed: September 29, 2020
    Date of Patent: October 10, 2023
    Assignee: Infineon Technologies AG
    Inventors: Manuela Meier, Andreas Graefe
  • Patent number: 11785024
    Abstract: In some implementation, a system for identifying malicious attacks on a convolutional neural network (CNN) model includes a target computing system that performs classification of objects using a CNN model, and an attack identification computing system that identifies an injected neural attack. The attack identification computing system can be configured to generate, based on the CNN model and associated parameters, an ecosystem of CNN models by modifying original weights of the parameters associated with the CNN model; update the original weights of the parameters with the modified weights; store, in a secure data store, the updated weights of the parameters; generate, based on the updated weights, an update file for the CNN model; update, using the update file, the CNN model; and transmit the updated CNN model to a targeting computing system configured to detect neural attacks by an attacker computing system based on the updated CNN model.
    Type: Grant
    Filed: March 22, 2021
    Date of Patent: October 10, 2023
    Assignee: University of South Florida
    Inventors: Robert Anthony Karam, Brooks Allen Olney
  • Patent number: 11785453
    Abstract: The present disclosure relates to a wireless token capable of representing a user network, the token being used to automatically provision an IoT enabled device to connect to the user network. Functions required to achieve this include: authenticate the token with the user network, and responsive to said authentication, obtain and store configuration information for enabling the token to communicatively couple one or more devices at or within a defined proximity to the token, with the user network; responsive to a wireless signal received from a given device among the one or more devices, establish a temporary secure communication channel between the given device and the token; and provide the configuration information from the token to the given device using the temporary secure communication channel, wherein the configuration information enables the given device to establish a connection with and operate in the user network based on the obtained configuration information.
    Type: Grant
    Filed: June 26, 2019
    Date of Patent: October 10, 2023
    Assignee: NAGRAVISION S.A.
    Inventor: Jean-Bernard Fischer
  • Patent number: 11783081
    Abstract: In a method to utilize a secure public cloud, a computer receives a domain manager image and memory position-dependent address information in response to requesting a service from a cloud services provider. The computer also verifies the domain manager image and identifies a key domain key to be used to encrypt data stored in a key domain of a key domain-capable server. The computer also uses the key domain key and the memory-position dependent address information to encrypt a domain launch image such that the encrypted domain launch image is cryptographically bound to at least one memory location of the key domain. The computer also encrypts the key domain key and sends the encrypted domain launch image and the encrypted key domain key to the key domain-capable server, to cause a processor of the key domain-capable server to create the key domain. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 16, 2020
    Date of Patent: October 10, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Ravi L. Sahita, Barry E. Huntley, Nikhil M. Deshpande
  • Patent number: 11785031
    Abstract: Disclosed are techniques for performing forensic analysis of computer systems in a cloud network. The techniques can include using a scalable, cloud-based, specialized computer architecture for performing the forensic analysis of computer systems.
    Type: Grant
    Filed: February 10, 2021
    Date of Patent: October 10, 2023
    Assignee: Cado Security Ltd
    Inventors: James Campbell, Christopher Doman