Patents Examined by Kevin Bechtel
  • Patent number: 11991211
    Abstract: Systems and methods are provided for enforcing symmetric flows of cross-region network traffic through firewalls in multi-region network environments. Enforcement may be configured automatically by analyzing network policy data to identify cross-region traffic that is to be firewalled, and configuring gateway nodes in the various regions to implement symmetric bidirectional flows through any firewalls in the communication path. Beneficially, by enforcing symmetric bi-directional flows of traffic through any firewalls in a communication path, the firewalls may maintain the state of a given communication session even when the communication session is between endpoints in different regions that have different architectures.
    Type: Grant
    Filed: December 10, 2021
    Date of Patent: May 21, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Hrushikesh Jaibheem Gangur, Tomasz Jozef Adamski, Christian Elsen, Baihu Qian, Nick Matthews, Omer Hashmi, Bashuman Deb, Thomas Nguyen Spendley
  • Patent number: 11941132
    Abstract: Embodiments described herein provide a system and method for controlling access to electronic files by linking the files to a file access monitoring system, called the file access monitor in this application. The file access monitor then authorizes the use of the one or more files by performing one or more qualifying steps on the accessing computer system. The file access monitor may be a standalone program or an embedded logic within a closed system like an application, an operating system (O/S), an external device like a printer, a web browser or a web browsing application. Access to electronic files can include the exchange, modification, execution, printing, viewing, listening, copying and replication of these files to name a few. A given protected electronic file is transferred from a sending computer system to a receiving computer system for eventual access. The receiving computer may also become the accessing computer should a user on the receiving computer wish to access the transferred file.
    Type: Grant
    Filed: September 24, 2021
    Date of Patent: March 26, 2024
    Inventors: Gary Mousseau, Karima Bawa
  • Patent number: 11934543
    Abstract: Systems and methods for generating transient object references are provided. The systems and methods perform operations including establishing a session between a first entity and a second entity. The operations include identifying an object that the first entity is authorized to access according to a first set of access privileges. The operations include generating a reference associated with the object. The operations include temporarily authorizing the second entity to access the object using the reference according to a second set of access privileges, the second set of access privileges being derived from the first set of access privileges.
    Type: Grant
    Filed: November 17, 2022
    Date of Patent: March 19, 2024
    Assignee: Snowflake Inc.
    Inventors: Jennifer Wenjun Bi, Khalid Zaman Bijon, Damien Carru, Thierry Cruanes, Simon Holm Jensen, Daniel N. Meredith, Subramanian Muralidhar, Eric Robinson, David Schultz, Zixi Zhang
  • Patent number: 11874953
    Abstract: A method for runtime integrity check, performed by a security core including one or more processors includes storing a first output value, which is generated by using a one-way encryption algorithm based on first data and a first encryption key managed by an encryption key manager accessible by the security core, in a main memory that is a volatile memory in association with the first data, generating a second output value for the first data based on the first data and the first encryption key by using the one-way encryption algorithm, and checking for possible tampering of the first data stored in the main memory by comparing the first output value with the generated second output value.
    Type: Grant
    Filed: June 20, 2023
    Date of Patent: January 16, 2024
    Assignee: REBELLIONS INC.
    Inventors: Myunghoon Choi, Chang-Hyo Yu
  • Patent number: 11856027
    Abstract: A secure communication system enabling secure transport of information is disclosed. The system comprises a secure network with one or more packet processing units connected by links through an internal communication system. The secure network transports packets of information between credentialed and authenticated agents. Each packet is associated with a visa issued by a visa service. The visa specifies the procedures governing the processing of the packet by the packet processing units as it is transported along a compliant flow, between agents thorough the network, according to a set of policies specified in a network configuration. Packet processing units include docks and forwarders. Adaptors serving the agents communicate with the network through tie-ins to docks. The system also includes and admin service, accessible to one more admins, that facilitates configuration and management of the network.
    Type: Grant
    Filed: November 6, 2020
    Date of Patent: December 26, 2023
    Inventors: W. Daniel Hillis, David C. Douglas, Mathias Kolehmainen, Steven Willis, Frank Kastenholz, Michael Dubno
  • Patent number: 11848929
    Abstract: A chip set for a terminal comprises at least one secure processor, in which a one-time programmable memory is integrated. At least one terminal serial number of the terminal is stored in the chip set. Information for securing the terminal serial number against tampering is stored in the one-time programmable memory.
    Type: Grant
    Filed: December 17, 2020
    Date of Patent: December 19, 2023
    Inventors: Frank Götze, Claus Dietze, Jan Eichholz
  • Patent number: 11831764
    Abstract: Systems, devices, and methods are disclosed for instantaneously decrypting data in an end-to-end encrypted secure messaging session while maintaining forward secrecy and post-compromise security using a double ratchet communication protocol. Unique message keys can be generated in a predictable progression independently on each device, ratcheting keys for each message on an as-needed basis, and a seed key and state for the predictable progression can be updated based on an asymmetric key exchange between the devices, thereby serving as a second ratchet. Message keys can feed a pseudo-random number generator (PRG) to generate the next message key in a progression. A Continuous Key Agreement (CKA) engine can use an asymmetric key pair to generate a shared secret key to feed a Pseudo-Random Function (PRF-PRNG) to reset the state of the PRG and provide a refresh key to the PRG.
    Type: Grant
    Filed: September 9, 2019
    Date of Patent: November 28, 2023
    Assignee: QRYPT, INC.
    Inventors: Denis Mandich, Yevgeniy Dodis
  • Patent number: 11821978
    Abstract: A method of secure wireless ranging between a verifier node and a prover node comprises performing a measurement procedure resulting in a two-way phase measurement and a round-trip time measurement between the verifier node and the prover node. The measurement procedure comprises the verifier node transmitting on the frequency a verifier packet, the prover node receiving the verifier packet and performing a phase measurement of a verifier carrier signal and a time-of-arrival measurement of a verifier frame delimiter, the prover node transmitting a prover packet, and the verifier node receiving the prover packet and performing a phase measurement of the prover carrier signal and a time-of-arrival measurement of the prover frame delimiter. The method further comprises calculating a distance between the verifier node and the prover node based on the two-way phase measurements and the round-trip time measurements for the plurality of frequencies.
    Type: Grant
    Filed: February 19, 2020
    Date of Patent: November 21, 2023
    Assignees: Katholieke Universiteit Leuven, Stichting IMEC Nederland
    Inventors: Mohieddine El Soussi, Jacobus Romme, Pepijn Boer, Roel Peeters
  • Patent number: 11792644
    Abstract: Methods, apparatus, and systems for session key generation for AV operation are disclosed. In an embodiment, a vehicle service subscriber system generates an entropy. The vehicle service subscriber system is associated with a vehicle service subscriber. The vehicle service subscriber system transmits a synchronization message to a vehicle service provider system associated with at least one vehicle. The synchronization message includes the entropy. The vehicle service subscriber system receives a salt from the vehicle service provider system. The vehicle service subscriber system verifies that the salt was generated using the entropy. The vehicle service subscriber system calculates session keys using the salt. The vehicle service subscriber system receives a protected message from the vehicle service provider system. The vehicle service subscriber system authenticates the protected message using the session keys. The protected message is used to provide a ride involving the at least one vehicle.
    Type: Grant
    Filed: June 21, 2021
    Date of Patent: October 17, 2023
    Assignee: Motional AD LLC
    Inventors: Michael Maass, Karl Robinson, Garth Scheidemantel
  • Patent number: 11783064
    Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to detect an access request to access a computing resource while in a system management mode (SMM), determine a bit of a lock register is set to enable access to a bitmap associated with the computing resource, the bitmap to indicate an access policy for the computing resource, and determine whether the access request violate the access policy set in the bitmap. Embodiments may also include performing the access request if the access request does not violate the access policy, and causing a fault if the access request does violate the access policy.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: October 10, 2023
    Inventors: Kirk D. Brannock, Barry E. Huntley
  • Patent number: 11777714
    Abstract: The foundation of Matrix Encryption is a discrete function called the Modified Combinatorial Batch Decimation Function (CBDF-Mod) and its asymmetric inverse (CBDI-Mod). Herein we disclose the nature of Matrix Encryption, an encryption technology built upon these two discrete functions, together with their shared, Secondary Variable Functions. Matrix Encryption implements a block encryption with arbitrary block size dependent upon the length of text to be encrypted, thereby allowing for keys of user desired length and for the surpassing of industry standards of security. A Master Key may be used to generate a Key Set containing keys of appropriate length for any data presented above a minimum length, up to a length corresponding to the length of a message for which the Master Key is appropriate. Matrix Encryption reads and writes numerically encrypted text to text files as designated by the user.
    Type: Grant
    Filed: December 17, 2021
    Date of Patent: October 3, 2023
    Inventor: Watson Knox Williams, Jr.
  • Patent number: 11768942
    Abstract: The disclosed embodiments relate to secure booting of memory device. The disclosed embodiments generate measurement data associated with a memory device. Next, the disclosed embodiments read a golden measurement from a secure location in the memory device, the golden measurement generated based on a version of the data associated with the memory device, and therefore it is unique to the device. The disclosed embodiments validate the golden measurement value using a public key and determine whether the golden measurement is equal to the measurement data. The golden measurement value can also be saved in a write protected area which can only be changed by a secure write command, therefore, it is imutable by others. Finally, the disclosed embodiments continue a boot process when the golden measurement is equal to the measurement data.
    Type: Grant
    Filed: May 18, 2021
    Date of Patent: September 26, 2023
    Assignee: Micron Technology, Inc.
    Inventor: Zhan Liu
  • Patent number: 11755786
    Abstract: An Information Handling System (IHS) includes at least one hardware device in communication with a Baseboard Management Controller (BMC). The hardware device includes executable instructions for establishing a secure communication channel with the BMC, and subsequently receiving a list of allowed commands from the BMC. When a command is received by the hardware device, it determines whether the command is included in the list such that when the command is in the list and the command is received within the secure communication channel, the hardware device performs the command. However, when the command is in the list and the command is received outside of the secure communication channel, the hardware device ignores the command.
    Type: Grant
    Filed: July 21, 2021
    Date of Patent: September 12, 2023
    Assignee: Dell Products, L.P.
    Inventors: Chandrasekhar Mugunda, Chandrashekar Nelogal, Rama Rao Bisa, Vineeth Radhakrishnan, Dharma Bhushan Ramaiah, Viswanath Ponnuru, Shinose Abdul Rahiman
  • Patent number: 11748497
    Abstract: Examples associated with BIOS access are described. One example device includes receiving data associated with a basic input/output system (BIOS) access request. The data may be received by a print device. The access request may be for a computing device. The method also includes printing a set of instructions for accessing the BIOS of the computing device.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: September 5, 2023
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Alexander Thayer, Mary G. Baker
  • Patent number: 11748275
    Abstract: A method for securely updating a control unit. The control unit includes a host configured to execute an update program and at least one application program, a memory, which contains the programs and data, and a hardware security module (HSM) which is configured to block and to unblock a write access to the memory. The method includes starting the host and the HSM; blocking the write access by the HSM; starting the update program; determining by the update program whether a request of a caller to carry out an update is present; if a request is present, checking an authorization of the caller by the HSM to carry out an update, the authorization of the caller being confirmed by a confirmation unit differing from the control unit; and if the caller is authorized, unblocking the write access and rewriting at least a portion of the memory by the update program.
    Type: Grant
    Filed: June 24, 2021
    Date of Patent: September 5, 2023
    Inventors: Andreas Soenkens, Bjoern Kasper, Jens Schmuelling, Thorsten Schwepp
  • Patent number: 11736529
    Abstract: Disclosed are various examples that relate to adjusting a stringency of offline policy restrictions based on a situational context of a computing device. In one example, a system can receive an offline restriction policy for an application. The system can identify a request to execute an application during the offline period of time. A situational context of the computing device can be determined. A first application restriction can be enforced for the application on the computing device based on the identification of the computing device being in the offline period of time and the situational context. A change in the situational context of the computing device can be identified during the offline period of time based on a detection of a second condition. A second application restriction can be enforced for the application on the computing device during the offline period of time.
    Type: Grant
    Filed: May 27, 2021
    Date of Patent: August 22, 2023
    Assignee: VMware, Inc.
    Inventors: Eugene Liderman, Stephen Turner, Simon Brooks
  • Patent number: 11727153
    Abstract: A System on Chip includes at least two hardware masters, a security circuit, and a communication infrastructure for communication between the hardware masters and the security circuit, the communication infrastructure being based on a given interface communication protocol. Each hardware master is configured to send a request to the security circuit for execution of the request by the security circuit through the communication infrastructure, each request comprising at least one service identifier identifying a service.
    Type: Grant
    Filed: May 24, 2019
    Date of Patent: August 15, 2023
    Assignee: SECURE-IC SAS
    Inventors: Rachid Dafali, Freddy David, Michel Le Rolland, Karine Lorvellec
  • Patent number: 11729144
    Abstract: Methods, systems, and computer-readable media for efficiently detecting threat incidents for cyber threat analysis are described herein. In various embodiments, a computing device, which may be located at a boundary between a protected network associated with the enterprise and an unprotected network, may combine one or more threat indicators received from one or more threat intelligence providers; may generate one or more packet capture and packet filtering rules based on the combined threat indicators; and, may capture or filter, on a packet-by-packet basis, at least one packet based on the generated rules. In other embodiments, a computing device may generate a packet capture file comprising raw packet content and corresponding threat context information, wherein the threat context information may comprise a filtering rule and an associated threat indicator that caused the packet to be captured.
    Type: Grant
    Filed: December 19, 2016
    Date of Patent: August 15, 2023
    Assignee: Centripetal Networks, LLC
    Inventors: David K. Ahn, Sean Moore
  • Patent number: 11720802
    Abstract: Embodiments may provide techniques that that may automatically generate a customized SOC rule set for an organization. For example, in an embodiment, a method may be implemented in a computer comprising a processor, memory accessible by the processor, and computer program instructions stored in the memory and executable by the processor, the method may comprise simulating operation of a security incident and event management system by running a plurality of rules of the system on labeled data, determining fitness metrics of the plurality of rules, selecting at least one rule of the plurality of rules based on the determined fitness metrics; modifying the selected rule to form an updated rule, and repeating running the updated rule on the labeled data, determining fitness metrics of the updated rule, and mutating the updated rule.
    Type: Grant
    Filed: February 26, 2020
    Date of Patent: August 8, 2023
    Inventors: Fady Copty, Benjamin Zeltser
  • Patent number: 11704403
    Abstract: Input data for an operating system command of an automation process is received. The operating system command is generated based on the received input data. The generated operating system command is parsed to identify one or more metrics. The identified one or more metrics are automatically evaluated to determine a security risk associated with the generated operating system command.
    Type: Grant
    Filed: November 18, 2020
    Date of Patent: July 18, 2023
    Assignee: ServiceNow, Inc.
    Inventor: Mohamed Sofiane Talmat