Patents Examined by Khoi V Le
  • Patent number: 11463414
    Abstract: A method for establishing a secure remote connection between a user device and a target device, wherein the target device has no direct internet connectivity. A first gateway receives a first connection request from the user device, the first connection request including an access token. The access token is validated in an identity and access management service, and, after successful validation, a first tunnel is established between the user device and the target device via one or more intermediate gateways. The target device receives a second connection request from the user device, the second connection request including the access token. A second tunnel is established between the target device and an identity and access management service via the one or more intermediate gateways, and the access token is validated in the identity and access management service via the second tunnel.
    Type: Grant
    Filed: March 27, 2020
    Date of Patent: October 4, 2022
    Assignee: ABB Schweiz AG
    Inventors: Mika Luotojärvi, Riku Hyttinen
  • Patent number: 11456859
    Abstract: An advancement over previous techniques uses push notifications to inform users of actions by a security appliance or network gateway. The network gateway provides network gateway services to a user device and enforces security policies on the communications to and from the user device. When a security policy blocks a communication, the user may know network traffic is being lost but does not know why. The user device can subscribe to a push server using a public encryption key provided by the security appliance. The security appliance can thereafter send push notifications via the push server to the user. The push notifications can inform the user of security policies being applied to communications to and from the user device.
    Type: Grant
    Filed: January 31, 2020
    Date of Patent: September 27, 2022
    Assignee: Versa Networks, Inc.
    Inventor: Sunil Ravi
  • Patent number: 11451542
    Abstract: A management apparatus managing access authority of a communication apparatus to access a resource, the management apparatus receives an authorization request for the access authority; transmits an authorization response generated based on information included in the authorization request; receives a verification request from a communication terminal obtained an operation transfer from the communication apparatus; transmits verification data to the communication terminal as a response to the verification request; accepts access by the communication terminal based on the verification data; and determines whether to permit or reject allocation of the access authority to the communication apparatus. In a case where a plurality of the verification requests are received, the verification data enabling collective instruction to allocate the access authority is transmit.
    Type: Grant
    Filed: January 16, 2020
    Date of Patent: September 20, 2022
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Hajime Iwase
  • Patent number: 11449626
    Abstract: Robust, computationally-efficient and secure systems, devices and automated processes are described for storing content on a disk drive or other storage device that is supplied to a media encoder or other host device. The user-supplied drive may be used, for example, to store content in a digital video recorder (DVR) or the like. The host device creates two separate digital identifiers that separately identify the host device and the user, respectively, so that subsequent pairing can be performed based upon either identifier. The two identifiers are stored on the storage device and rendered upon subsequent pairing for validation by the host device.
    Type: Grant
    Filed: September 9, 2019
    Date of Patent: September 20, 2022
    Assignee: Sling Media Pvt. Ltd.
    Inventors: Jayaprakash Narayanan Ramaraj, Lakshman Kishore Kondragunta, Preetham R. Kotian, Rakesh Eluvan Periyaeluvan
  • Patent number: 11443035
    Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including at least a processor and a memory; and a security agent including instructions encoded in the memory to instruct the processor to: monitor a user's operation of the computing apparatus over time, including determining whether a selected behavior is a security risk; provide a risk analysis of the user's operation based at least in part on the monitoring; select a scan sensitivity based at least in part on the risk analysis; and scan, with the selected sensitivity, one or more objects on the computing apparatus to determine if the one or more objects are a threat.
    Type: Grant
    Filed: April 12, 2019
    Date of Patent: September 13, 2022
    Assignee: McAfee, LLC
    Inventors: Nitin Chhabra, Prashanth Palasamudram Ramagopal, Ghanashyam Satpathy, Chakradhar Kotamraju, Rajat Saxena
  • Patent number: 11443024
    Abstract: A method, apparatus, and computer program for authenticating a client is disclosed. The method comprises determining a device to be used for the authentication of the client, receiving a parameter value of the device and an authentication value of the client, and authenticating the client based on the authentication value and the parameter value.
    Type: Grant
    Filed: February 22, 2017
    Date of Patent: September 13, 2022
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Gregory Liokumovich, Natalie Kather, Bernhard Michler
  • Patent number: 11438338
    Abstract: A computer-implemented method of providing nodes, such as data structures and devices, with access to a network is disclosed, and a corresponding network architecture. At least one core network access provider controls real time access to the network across the layers of a protocol stack for the network, and sequentially assigns a network communication address to the or each access-requesting node. The assigned network address is encoded with a unique parameter of the node and a unique parameter of the node user, in a sequential identifier ledger which is distributed in real time to all of the network-connected nodes. Each node processes the ledger to verify its sequential integrity and, upon determining a sequential integrity loss, the ledger record causing the loss is identified and an alert comprising the identified record is broadcast to the nodes across the network.
    Type: Grant
    Filed: March 8, 2018
    Date of Patent: September 6, 2022
    Inventor: Magnus Skraastad Gulbrandsen
  • Patent number: 11438373
    Abstract: Method, product and apparatus for monitoring for security threats from lateral movements. A method comprises obtaining a graph of network lateral movements, that comprises nodes, representing network assets, and directed edges, representing a network lateral movement from a source asset to a target asset. An event that affects the graph of network lateral movements is detected. The event affects at least one of: the payload utility of the node and the probability of penetration to the node. The graph of network lateral movements is updated based on the event. The updated graph is analyzed to determine one or more mitigation actions to be applied. The one or more mitigation actions are applied automatically, manually or the like.
    Type: Grant
    Filed: January 9, 2020
    Date of Patent: September 6, 2022
    Assignee: CYMULATE LTD.
    Inventors: Avihai Ben-Yosef, Eyal Aharoni, Shmuel Ur
  • Patent number: 11416626
    Abstract: A method comprises: maintaining a database (120, 130) of access control events; dividing a portion (138) of the database into shares (140A, 140B, 140C); passing the respective shares to respective third party servers (44A, 44B, 44C); processing the shares in the respective third party servers; passing output of the processing to a further server (40) in common; and processing the output on the further server.
    Type: Grant
    Filed: April 12, 2019
    Date of Patent: August 16, 2022
    Assignee: Carrier Corporation
    Inventors: Shaunak D. Bopardikar, Alberto Speranzon, Marina V. Blanton
  • Patent number: 11409870
    Abstract: In example embodiments, systems and methods extract a model of a computer application during load time and store the model in memory. Embodiments may insert instructions into the computer application at run time to collect runtime state of the application, and analyze the collected data against the stored model to perform detection of security events. Embodiments may also instrument an exception handler to detect the security events based on unhandled memory access violations. Embodiments may, based upon the detection of the security events, dynamically respond, such as by modify a computer routine associated with an active process of the computer application. Modification may include installing or verifying an individual patch in memory associated with the computer application.
    Type: Grant
    Filed: June 16, 2017
    Date of Patent: August 9, 2022
    Assignee: Virsec Systems, Inc.
    Inventor: Satya Vrat Gupta
  • Patent number: 11405187
    Abstract: Extending the useful life of finite lifetime asymmetric cryptographic keys by referencing the number of uses of the keys in conjunction with or instead of the elapsed time since generation of the finite lifetime keys. By integrating asymmetric cryptographic keys into a limited use security scheme, the lifetime of finite lifetime asymmetric cryptographic keys is based on the practical risk of security breach during use rather than an arbitrary duration in which the keys are valid.
    Type: Grant
    Filed: April 29, 2020
    Date of Patent: August 2, 2022
    Assignee: International Business Machines Corporation
    Inventors: Narayana Aditya Madineni, Peter T. Waltenberg, Simon D. McMahon
  • Patent number: 11405374
    Abstract: Systems and methods of mitigating leakage of credentials of a user of a computer network, including monitoring at least one data source to scrape data that is compatible with credential data, applying a machine learning algorithm to the scraped data to identify at least one potential leaked credential, wherein the at least one potential leaked credential is identified using at least one neural network, authenticating the identified at least one potential leaked credential by a database of valid credentials of the computer network, and replacing credentials corresponding to the at least one leaked credential.
    Type: Grant
    Filed: March 13, 2019
    Date of Patent: August 2, 2022
    Assignee: IntSights Cyber Intelligence Ltd.
    Inventors: Gal Ben David, Amir Hozez, Alon Arvatz, Guy Nizan
  • Patent number: 11403383
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for authenticating a user based on passive affective and knowledge-based authentication (AKBA). In one aspect, a method includes data associated with eye movements and ocular dynamics of the user are captured with a camera as the user looks at a graphical user interface (GUI) of a device; an AKBA signature of the user is determined based on the captured data; the user is authenticated based on a comparison of the AKBA signature with an AKBA template associated with the user; and an access to a subset of functions of an application is granted.
    Type: Grant
    Filed: July 2, 2021
    Date of Patent: August 2, 2022
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Reza R. Derakhshani, Sashi Kanth Saripalle
  • Patent number: 11381558
    Abstract: Providing a blockchain device enrollment service includes creating an enrollment smart contract that controls access to a service by the device; creating a pools smart contract associated with managing a plurality of different endpoints, wherein the pools smart contract is registered with the enrollment smart contract; registering and configuring a manufacturer smart contract with the enrollment smart contract; and registering and configuring a service provider smart contract with the enrollment smart contract.
    Type: Grant
    Filed: October 18, 2019
    Date of Patent: July 5, 2022
    Assignee: Avaya Inc.
    Inventors: Rifaat Shekh-Yusef, John A. Young
  • Patent number: 11381575
    Abstract: Systems and methods for controlling an edge computing device. The method includes, receiving a user input requesting access to a resource of the edge computing device, determining whether the user has privileges to access the resource by: formulating a claims request which requests claims based on the determined identity of the user, sending the claims request to a local claims provider agent executed by a processor of the edge computing device, determining, based on claim request handling factors, whether the local claims provider agent can generate a token including the requested claims, and if so, generating the token with the requested claims; if not, a request may be sent to a cloud service-side claims provider to receive the token. The method includes authorizing access to the resource based on a predetermined policy that specifies the presence of a predefined resource parameter in the requested claims is sufficient.
    Type: Grant
    Filed: July 12, 2019
    Date of Patent: July 5, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Kevin Thomas Damour, David Michael Sauntry, Peter Gregg Miller, Sindhura Tokala, Tara Sanathanan Prakriya, Bhawandeep Singh Panesar, Lawrence Brozak Sullivan, Jr.
  • Patent number: 11374747
    Abstract: A vehicular system includes a first electronic control device that manages an encryption key, and a second electronic control device that uses the encryption key. The first electronic control device is configured to create the encryption key in response to that an owner of a vehicle has changed, and output the encryption key to the second electronic control device. The second electronic control device is configured to store a first encryption key and a third encryption key, receive a second encryption key, switch the encryption key being used, and update the first encryption key to the second encryption key.
    Type: Grant
    Filed: October 24, 2019
    Date of Patent: June 28, 2022
    Assignee: DENSO CORPORATION
    Inventor: Yasuharu Sugano
  • Patent number: 11356460
    Abstract: In some aspects, a computing system can control access of a user computing device to a resource. The computing system can obtain an access request submitted by a user computing device. The computing system can verify permission information in the access request to determine that the access request is valid. If the access request is valid, the computing system submits an authentication request to request an authentication system to authenticate the user and obtains authentication results generated by the authentication system. The computing system further provides, based on the authentication results, an access control decision for the access request.
    Type: Grant
    Filed: December 31, 2019
    Date of Patent: June 7, 2022
    Assignee: EQUIFAX INC.
    Inventors: Rajkumar Bondugula, Piyush Patel, Samiyuru Geethanjana Senarathne Menik Hitihami Mudiyanselage
  • Patent number: 11356455
    Abstract: Methods and systems for authenticating users based on user application activities are described herein. One or more questions and one or more answers may be generated and stored based on a history of user application activities associated with a user. The one or more questions and one or more answers may be generated randomly, and may relate to one or more other users. A request for access to a service may be received. Based on the request, a question associated with the history of user application activity may be selected and presented to the user. A candidate answer may be received from the user, and the user may be authenticated based on comparing the candidate answer to an answer associated with the question presented.
    Type: Grant
    Filed: December 3, 2019
    Date of Patent: June 7, 2022
    Assignee: Citrix Systems, Inc.
    Inventors: Fei Su, Zheng Chai
  • Patent number: 11354826
    Abstract: In some aspects, the disclosure is directed to methods and systems for generating an augmented reality environment. An application executing on a computing device may receive a real-time video feed. The application may present the real-time video feed on a display of the computing device. The application may identify an image on a physical token from the real-time video feed. The application may select an animation from a set of one or more animations based on the identified image. The application may add the animation to the real-time video feed at an animation position above the physical token. The application may present the real-time video feed with the added animation.
    Type: Grant
    Filed: September 1, 2021
    Date of Patent: June 7, 2022
    Inventor: Daniel Choi
  • Patent number: 11343256
    Abstract: A method for controlling third-party access of a protected resource is disclosed.
    Type: Grant
    Filed: September 5, 2019
    Date of Patent: May 24, 2022
    Assignee: The Toronto-Dominion Bank
    Inventors: Milos Dunjic, David Samuel Tax, Gregory Albert Kliewer