Patents Examined by Khalil Naghdali
  • Patent number: 12015714
    Abstract: A computer implemented system for electronic verification of credentials including at least one processor and data storage is described in various embodiments. The system includes cryptographic mechanisms and electronic communication between one or more computing systems that in concert, provide verification of a prover's credentials in accordance to logical conditions of a verifier's policy without providing additional information to a verifier entity.
    Type: Grant
    Filed: October 25, 2021
    Date of Patent: June 18, 2024
    Inventors: Edison U. Ortiz, Arya Pourtabatabaie, Margaret Inez Salter
  • Patent number: 12008088
    Abstract: A method is disclosed. The method includes receiving a communication comprising a real credential from a communication device and providing the real credential to a token computer. The token computer generates a token and a cryptogram, and the cryptogram is formed using a resource provider initiated transaction indicator. The method includes receiving, from the token computer, the token and the cryptogram, and transmitting, to a processing computer, an authorization request message comprising the token, the cryptogram, a resource provider identifier, and a transaction amount for a first transaction. The processing computer validates the cryptogram, exchanges the token for the real credential, stores the resource provider identifier, and forwards the authorization request message including the real credential, and the transaction amount to an authorizing entity computer. The method also includes receiving an authorization response message from the authorizing entity computer.
    Type: Grant
    Filed: January 12, 2022
    Date of Patent: June 11, 2024
    Assignee: Visa International Service Association
    Inventor: Christopher Jones
  • Patent number: 11997126
    Abstract: Dynamic Software Defined Networking (DSDN) systems and methods provide secure and isolated subnetworks within a larger network. Each subnetwork may be formed with varied policies and communication restrictions based on at least device type, device grouping, and risk level. The DSDN systems and methods may also be applied to form a network, with or without subnetworks, of devices that are spatially separated, thereby reducing the attack surface of the DSDN-formed network.
    Type: Grant
    Filed: March 8, 2021
    Date of Patent: May 28, 2024
    Assignee: Cable Television Laboratories, Inc.
    Inventor: Michael Glenn
  • Patent number: 11989269
    Abstract: An association management system for establishing, maintaining, and monitoring associations between a personal identifier and an electronic device, includes a provider subsystem in operable communication with at least one of the personal identifier and the electronic device. The provider subsystem is configured to provision a person associated with the personal identifier, authenticate both of the personal identifier and the electronic device, and establish an association of the authenticated personal identifier to the authenticated electronic device. The system further includes a certificate authority subsystem for issuing at least one digital certificate to verify an identity of one or more digital entities operating on the management system, and a digital distributed ledger including a plurality of a consensus pool of participating processors. The digital distributed ledger is configured to verify, using the at least one digital certificate, transaction events of the association management system.
    Type: Grant
    Filed: April 19, 2021
    Date of Patent: May 21, 2024
    Assignee: Cable Television Laboratories, Inc.
    Inventors: Steven John Goeringer, Brian Alexander Scriber
  • Patent number: 11989336
    Abstract: One embodiment provides a method, including: identifying, on an information handling device, a security level associated with an application window displayed on a display screen of the information handling device; capturing, using a sensor associated with the information handling device, an image of an area in front of the display screen; identifying, based upon analysis of the image, that an individual is present in the image; determining, using a processor, whether the individual is authorized to view the application window based upon the security level; and activating, responsive to determining that the individual is not authorized to view the application window, a privacy filter that obscures content in the application window from the individual. Other aspects are described and claimed.
    Type: Grant
    Filed: February 25, 2021
    Date of Patent: May 21, 2024
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Robert James Kapinos, Scott Wentao Li, Robert James Norton, Jr., Russell Speight VanBlon
  • Patent number: 11983261
    Abstract: The techniques disclosed herein provide an enhanced single sign-on flow for secure computing resources, such as a virtual machine or hosted applications. In some configurations, the techniques process different types of security data, e.g., credentials, tokens, certificates, and reference objects at specific computing entities of a system to provide a single sign-on flow for providing access to secure computing resources from a client computing device. In one illustrative example, a select type of security data, such as a certificate, is generated from a token and a claim at a particular computing resource, such as an agent operating on a virtual machine. In another example, a signed version of the certificate can be stored and verified at the virtual machine. By generating certificates at such particular computing resources, the computing resource can verify a person's credentials using a secure single sign-on flow without requiring the person to provide credentials multiple times.
    Type: Grant
    Filed: April 23, 2021
    Date of Patent: May 14, 2024
    Inventors: Vladimir Kostadinov Stoyanov, Artem Belkine, Gustavo Hernando Catalano-Fonseca, Christian Cruz Montoya, David Belanger, Clark David Nicholson
  • Patent number: 11943209
    Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.
    Type: Grant
    Filed: May 17, 2021
    Date of Patent: March 26, 2024
    Inventors: Sandeep Kampati, Bharath Soma Satya Meduri, Dharmanandana Reddy Pothula, De Sheng
  • Patent number: 11936634
    Abstract: The messages established on a communication path between two nodes are increasingly encrypted. However, the devices present on the communication path may intervene to transport the messages and to read, edit or add data in the messages. It may also be desirable that only “authorized” devices can carry out these actions. In order to intervene on these data, it would be necessary that the devices on the communication path have available all the keys used by the nodes to encrypt and decrypt the data of the messages, which is difficult to envisage. A modification method enables a device, capable of intercepting a data message on a communication path between two nodes, to edit the data under the control of the nodes, while ensuring that a device cannot access the data edited by another device on the path.
    Type: Grant
    Filed: June 14, 2019
    Date of Patent: March 19, 2024
    Assignee: ORANGE
    Inventors: Emile Stephan, Frédéric Fieau, Gaël Fromentoux
  • Patent number: 11936642
    Abstract: Embodiments herein include an intelligent electronic device (IED) by employing a multi-factor authentication process. In some embodiments, to change the access level of the IED, the user may use the password and additional inputs such as an off-site operator sending a command, or the user engaging a push button or switch local to the IED.
    Type: Grant
    Filed: April 15, 2021
    Date of Patent: March 19, 2024
    Assignee: Schweitzer Engineering Laboratories, Inc.
    Inventors: David J. Bowen, David J. Dolezilek
  • Patent number: 11916880
    Abstract: Techniques for compiling firewall rules into byte code or assembly code that can be loaded into cache memory of a processor and executed to evaluate received data packets. Rather than representing firewall rules in mid- or high-level languages stored in main memory, the techniques described herein include compiling the firewall rules into bytecode or assembly code, and distributing the code to the data plane. A packet-processing device may load the code representing the firewall rules into instruction cache of the processor. Further, the packet-processing device receives a data packet and extracts packet context data indicating attributes of the packet, and load the packet context data into a data cache of the processor. The processor can then execute the byte code or assembly code representing the firewall rules to evaluate the packet context data without having to access main memory to determine whether allow or block the data packet.
    Type: Grant
    Filed: June 21, 2019
    Date of Patent: February 27, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Stewart Allen, Dheerendra Talur, Venkat Maithreya Paritala, Joseph Magerramov, Anthony Liguori
  • Patent number: 11909749
    Abstract: A risk analysis system configures the decision engine to detect anomalous online activities by analyzing usage patterns associated with one or more user accounts across multiple frequencies. The risk analysis system obtains transaction log data representing transactions associated with one or more accounts, and extracts data from the transaction log data to generate time-series data along a time dimension. The time-series data may represent usage characteristics of one or more user accounts over a period of time. The risk analysis system derives pattern data representing usage patterns across multiple different frequencies based on the time-series data. The risk analysis system then configures the decision engine to detect anomalous account activities based on the derived pattern data.
    Type: Grant
    Filed: March 29, 2021
    Date of Patent: February 20, 2024
    Assignee: PayPal, Inc.
    Inventors: Zhen Xie, Kasra Vakilinia, Yang Chen, Hagar Oppenheim, Xing Ji
  • Patent number: 11907369
    Abstract: An out-of-order and speculative execution microprocessor that mitigates side channel attacks includes a cache memory and fill request generation logic that generates a request to fill the cache memory with a cache line implicated by a memory address that misses in the cache memory. At least one execution pipeline receives first and second load operations, detects a condition in which the first load generates a need for an architectural exception, the second load misses in the cache memory, and the second load is newer in program order than the first load, and prevents state of the cache memory from being affected by the miss of the second load by inhibiting the fill request generation logic from generating a fill request for the second load or by canceling the fill request for the second load if the fill request generation logic has already generated the fill request for the second load.
    Type: Grant
    Filed: August 27, 2020
    Date of Patent: February 20, 2024
    Assignee: Ventana Micro Systems Inc.
    Inventors: John G. Favor, Srivatsan Srinivasan
  • Patent number: 11902454
    Abstract: An information processing method is executed by a processor of an apparatus, and includes a step of generating a public key of the apparatus based on a private key of the apparatus (S2), a step of generating a hash value based on the public key and a predetermined hash function (S3), and a step of determining an IP address of the apparatus based on the hash value (S6).
    Type: Grant
    Filed: February 15, 2019
    Date of Patent: February 13, 2024
    Inventor: Kristopher Andrew Tate
  • Patent number: 11902250
    Abstract: The attack vectors for some denial-of-service cyber attacks on the Internet's Domain Name System (DNS) are bad, bogus, or unregistered domain name DNS requests to resolve domain names that are not registered in the DNS. Some other cyber attacks steal sensitive data by encoding the data in bogus domain names, or domain names otherwise not registered in the DNS, that are transferred across networks in bogus DNS requests. A DNS gatekeeper may filter in-transit packets containing DNS requests and may efficiently determine if a request's domain name is registered in the DNS. When the domain name is not registered in the DNS, the DNS gatekeeper may take one of a plurality of protective actions. The DNS gatekeeper drops requests determined not to be legitimate, which may prevent an attack.
    Type: Grant
    Filed: April 1, 2021
    Date of Patent: February 13, 2024
    Assignee: Centripetal Networks, LLC
    Inventors: Sean Moore, Jonathan R. Rogers, Steven Rogers
  • Patent number: 11888828
    Abstract: Embodiments relate to a method for secure domain name system, DNS, queries. The method is performed in a DNS client, and the method includes obtaining an encryption key and internet protocol, IP, address for a final DNS resolver, creating a session key, encrypting a DNS query and the created session key with the obtained encryption key, and sending a DNS message containing the encrypted DNS query and the created session key to an intermediate DNS resolver, different from the final DNS resolver, together with the obtained IP address for the final DNS resolver. Methods, nodes, computer programs, and a computer program product for secure DNS queries are also presented.
    Type: Grant
    Filed: November 26, 2018
    Date of Patent: January 30, 2024
    Assignee: Telefonaktiebolaget LM Ericsson (Publ)
    Inventors: Niilo Lehtikuja, Patrik Salmela
  • Patent number: 11874916
    Abstract: A method involves receiving authentication module configuration data at a user device from a remote management platform. User credentials are received at the authentication module of the user device using a graphical user interface. The user credentials are transmitted to a remote identity provider service. Upon receiving a response indicating that the user credentials are authenticated by the remote identity provider service, the user credentials are transmitted to an operating system authentication module at the user device. Upon receiving a response indicating that the user credentials are not authenticated by the operating system authentication module, previously-stored user credentials are retrieved from an encrypted credential database at the user device. The user credentials are stored at an operating system credential database using the previously-stored user credentials. The user credentials are retransmitted to the operating system authentication module to authenticate the user at the user device.
    Type: Grant
    Filed: September 14, 2022
    Date of Patent: January 16, 2024
    Assignee: Kandji, Inc.
    Inventors: Adam Pettit, Wesley Pettit, Mark Daughters, Brandon Modesitt, Nicholas McDonald
  • Patent number: 11868493
    Abstract: Working from home is becoming more and more commonplace. Ensuring that remote workers are following prescribed data protection measures becomes more important, and challenging. Safe and Secure Remote Working Environment (SSRWE) monitors an environment and determines if a non-compliant element is present. For example, a condition of working from home may be that no notetaking or electronic devices, especially ones comprising a camera, be visible to a system camera capturing the field of view in front of a display. If a non-compliant situation is discovered, the display may be redacted and/or other action taken to protect sensitive information.
    Type: Grant
    Filed: September 4, 2020
    Date of Patent: January 9, 2024
    Assignee: Avaya Management L.P.
    Inventors: John A. Young, Harsh V. Mendiratta, David Chavez
  • Patent number: 11868469
    Abstract: A microprocessor that mitigates side channel attacks includes a front end that processes instructions in program order and a back end that performs speculative execution of instructions out of program order in a superscalar fashion. Producing execution units produce architectural register results during execution of instructions. Consuming execution units consume the produced architectural register results during execution of instructions. The producing and consuming execution units may be the same or different execution units. Control logic detects that, during execution by a producing execution unit, an architectural register result producing instruction causes a need for an architectural exception and consequent flush of all instructions younger in program order than the producing instruction and prevents all instructions within the back end that are dependent upon the producing instruction from consuming the architectural register result produced by the producing instruction.
    Type: Grant
    Filed: March 17, 2021
    Date of Patent: January 9, 2024
    Assignee: Ventana Micro Systems Inc.
    Inventors: John G. Favor, Srivatsan Srinivasan
  • Patent number: 11863589
    Abstract: The present disclosure provides for enterprise security in intelligent electronic devices such as electric power meters. In accordance with the present disclosure, enterprise security is a security system in which each individual device, instead of configuring and storing security configurations locally, use a security server for security verifications. Such a security server of the present disclosure may be a dedicated computer on a network, that is used to manage the security configuration for all users. This makes it simpler for administrators to configure users and devices, which in turn improves security by encouraging security to be properly configured.
    Type: Grant
    Filed: June 8, 2020
    Date of Patent: January 2, 2024
    Inventors: Luna A. Koval, Erran Kagan
  • Patent number: 11856007
    Abstract: A system and a method are disclosed for determining that a first electronic communication, received in a first private repository of a user, has been identified (e.g., flagged) as including a threat, and determining a probability that the first electronic communication includes the threat. In response to determining that the probability exceeds a threshold probability, the system monitors monitoring for a second electronic communication, received in a second private repository, that includes contents that match the contents of the first electronic communication.
    Type: Grant
    Filed: December 7, 2020
    Date of Patent: December 26, 2023
    Assignee: Material Security Inc.
    Inventors: Ryan M. Noon, Abhishek Agrawal, Christopher J. Park