Patents Examined by Kristine L. Kincaid
  • Patent number: 11727142
    Abstract: An improved computing tool performs an improved computing tool function to identify sensitive data risks in cloud-based deployments. A knowledge graph is built based on data schema information for a cloud-based computing environment, a set of parsed infrastructure logs, and a set of captured application queries. A set of sensitive flows in the knowledge graph are identified representing paths from a sensitive data element to an endpoint in the knowledge graph. The set of sensitive flows are scored based on a scoring algorithm and an alert is issued to an administrator in response to a score of a sensitive flow within the set of sensitive flows exceeding a threshold.
    Type: Grant
    Filed: April 8, 2021
    Date of Patent: August 15, 2023
    Assignee: International Business Machines Corporation
    Inventors: Julian James Stephen, Ted Augustus Habeck, Arjun Natarajan
  • Patent number: 11695563
    Abstract: A method for creating single-use authentication messages includes creating, at a consumer network function of a core network of a telecommunications network, a message hash of at least a subset of a request message. The method includes adding, at the consumer network function, the message hash to a client credentials assertion (CCA) token for the consumer network function. The method includes sending, from the consumer network function, the request message with the CCA token to a producer network function.
    Type: Grant
    Filed: May 7, 2021
    Date of Patent: July 4, 2023
    Inventors: Jay Rajput, Virendra Singh, John Nirmal Mohan Raj
  • Patent number: 11696127
    Abstract: A communication system for resuming a connection comprises a user equipment (UE) and network nodes. A first network node is configured to prepopulate a UE context, and send, to a second network node, the UE context. The second network node is configured to receive, from the first network node, the UE context, and send, to a UE, a resume request message including a freshness parameter and the UE context. The UE is configured to receive, from the second network node, a resume request message including the freshness parameter and the UE context, generate an authentication token based on the freshness parameter and the UE context, and send, to the second network node, a resume response message including the authentication token. The communication system provides a freshness parameter and a prepopulated UE context to secure and facilitate resume procedure against replay attacks.
    Type: Grant
    Filed: November 16, 2018
    Date of Patent: July 4, 2023
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Magnus Stattin, Gunnar Mildh, Dung Pham Van, Paul Schliwa-Bertling, Icaro L. J. Da Silva, Karl Norrman, Oscar Ohlsson
  • Patent number: 11657899
    Abstract: Genomics information such as DNA, RNA and proteins carry a wealth of sensitive information, the exposure of which risks compromising the privacy and/or business interest of individuals and companies. An apparatus, a system and methods are disclosed for protecting sensitive genomic information either as it is produced by a sequencing machine or immediately therafter, then throughout the whole genomic workflow. Raw genomic data (“reads”) is detected and classified according to sensitivity. Reads are decomposed by excising the number and type of detected sensitive base or base pairs in less sensitive or insensitive parts of the read. The genomic workflow processes the excised information locally or in a distributed fashion, preferably within trusted execution environments for increased security.
    Type: Grant
    Filed: September 26, 2018
    Date of Patent: May 23, 2023
    Assignee: Université du Luxembourg
    Inventors: Paulo Esteves-Veríssimo, Marcus Völp, Jérémie Decouchant, Maria Fernandes
  • Patent number: 11652638
    Abstract: Systems and methods are provided for managing user identities in networks. One exemplary method includes receiving, at a communication device, an API call request for a credential from a relying party. The communication device includes an application that incorporates an SDK. After receiving the API call request for the credential, the communication device authenticates a user associated with the communication device and identified in the API call request. After authentication of the user the communication device generates, via the SDK, a private-public key pair and stores the private key in memory. The communication device compiles, via the SDK, a credential packet include the public key and identity data associated with the user and transmits the credential packet to the relying party, whereby the relying party is registered to the SDK to request assertions of an identity of the user.
    Type: Grant
    Filed: July 10, 2019
    Date of Patent: May 16, 2023
    Inventors: Manash Bhattacharjee, Ashfaq Kamal, Rahul Deshpande
  • Patent number: 11627462
    Abstract: Methods, systems, and devices are provided that allow for access to a wireless computer network, such as a home or business network, via a communal device. The communal device retrieves network access information such as a PSK and provides a machine-readable code such as a QR code or bar code that automatically provides the access information to a user's device, thereby allowing access to the network with little or no user input required.
    Type: Grant
    Filed: October 14, 2020
    Date of Patent: April 11, 2023
    Assignee: Google LLC
    Inventors: Christopher Conover, Matthew Knapp
  • Patent number: 11604898
    Abstract: A method for secure online collaboration is provided. The method includes receiving, at a server of a cloud-based storage system, first encrypted data from a first client device. The cloud-based storage system stores a plurality of documents in an encrypted form. The method also includes determining a document of the plurality of documents that is associated with the first encrypted data. The document is not accessible to the server in a decrypted form. The first encrypted data represents an edit to a portion of the document. The method further includes determining a plurality of user accounts of collaborators of the document. The plurality of user accounts includes a first user account associated with the first client device. Moreover, the method includes providing the first encrypted data to one or more other client devices that are each associated with one of the plurality of user accounts, excluding the first user account.
    Type: Grant
    Filed: August 20, 2019
    Date of Patent: March 14, 2023
    Assignee: Google LLC
    Inventor: Luke Ernest Camery
  • Patent number: 11599623
    Abstract: Global identity contexts are established for unique constituents to interact with a cloud architecture through a variety of relationships. The global identity context enables a particular constituent to access services from different cloud-service providers in a secure and simplified manner. Authenticating one account can provide access to services associated with other accounts linked to the global identity context for the authenticated account. In some embodiments, the global identity platform includes an account management application and an identity management application. The account management application is configured to register one or more accounts for each constituent. The identity management application is configured to perform individualization to establish an individual identifier for each unique constituent and map each account to a particular individual identifier and one or more local identifiers.
    Type: Grant
    Filed: December 3, 2019
    Date of Patent: March 7, 2023
    Assignee: Aetna Inc.
    Inventors: Claus T. Jensen, Paul Kniskern, Joseph Arnold
  • Patent number: 11595185
    Abstract: Computation efficiency of distributed secure implementation of the computation of a (sum of) products of values Vi, Wi from different servers on a distributed computing system is improved by generation of coefficients of a first and second polynomials P, Q by a first server. The first polynomial P has all numbers Xi from a first data set on the first server as roots. The second polynomial Q has values Q(Xi)=Vi for the numbers Xi from the first data set. The first server transmits coefficients of the polynomials to a second server in encrypted form. The second sever computes encrypted values <P(Xi?)> and <Q(Xi?)> of the polynomials for a number Xi? in a second set from the encrypted coefficients. The second server computes an encrypted binary value <di> from the encrypted value <p(Xi?) of the first polynomial p and computes an encrypted value of a product <di Q(Xi?) Wi>.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: February 28, 2023
    Assignee: Nederlandse Organisatie voor toegepast-natuurwetenschappelijk onderzoek TNO
    Inventor: Peter Joannes Mathias Veugen
  • Patent number: 11586764
    Abstract: An application (App)-BOT, scans a context of a user of an application and obtains current scanned user data. The App BOT determines a set of user information entities from the scanned user data containing current information about the user. In a negotiation phase, the App BOT a data access request offer from a mixed reality data (MRD)-BOT. A privacy leak score is estimated that represents a user value attributed to the permission to access the labelled user information entity based on the data access request offer. Responsive to determining that the privacy leak score exceeds a privacy leak score threshold, an acceptance of the data access request offer is sent to the MRD BOT and providing access requested by the data access request. Otherwise, a counteroffer is sent to the offer to the MRD BOT.
    Type: Grant
    Filed: September 29, 2020
    Date of Patent: February 21, 2023
    Assignee: International Business Machines Corporation
    Inventors: Timo Kussmaul, Uwe Karl Hansmann, Vijay Ekambaram, Padmanabha Venkatagiri Seshadri
  • Patent number: 11580255
    Abstract: An apparatus includes a memory and a hardware processor. The memory stores a plurality of logging rules. Each logging rule assigned to a tier of a multi-tier platform. The processor receives source code for an application configured to execute on a plurality of tiers of the multi-tier platform and detects, within the source code, an entry point and an exit point for a tier of the plurality of tiers. The processor determines, based on the plurality of logging rules, a first attribute that is to be logged during execution in the tier and a second attribute that is not to be logged during execution in the tier and inserts, between the entry point and the exit point in the source code, logging code that, when executed, logs the first attribute and hides the second attribute.
    Type: Grant
    Filed: November 11, 2019
    Date of Patent: February 14, 2023
    Assignee: Bank of America Corporation
    Inventors: Savitri Jaganath Podal, Jyotiranjan Mohapatra, Vishal Patangia
  • Patent number: 11580506
    Abstract: The present application discloses a method of issuing pseudonymous authorisation tickets to nodes of a cooperative ITS, for signing messages, comprising: receiving a ticket request from a node in an authorisation server, and sending a validation request to an enrolment server, conducting a validity check in the enrolment server, and, when the validity check is passed, incrementing a counter value of a counter assigned to an account at an account server enrolled with the enrolment server for the requesting node, sending a validation message to the authorisation server, and issuing a pseudonymous authorisation ticket from the authorisation server to the requesting node, repeating the aforementioned steps until a predetermined charging period expires, and, upon expiry, sending, from the enrolment server to the authorisation server, said counter value, and sending a charging request calculated from said counter value from the authorisation server to the account server for charging said account.
    Type: Grant
    Filed: January 7, 2020
    Date of Patent: February 14, 2023
    Assignee: Kapsch TrafficCom AG
    Inventors: Jasja Tijink, Refi-Tugrul Güner
  • Patent number: 11582204
    Abstract: The disclosure relates to systems, methods and computer readable for generating double encryption of data through discrete modules that are air gapped at every stage. Furthermore, the transceivers disclosed can operate in “off-line” mode which can be adapted to communicate with any network access terminal regardless of the intermediate connecting network.
    Type: Grant
    Filed: December 19, 2018
    Date of Patent: February 14, 2023
    Assignee: Mobulus Net. Ltd
    Inventor: Oleg Vaisband
  • Patent number: 11582020
    Abstract: Disclosed are systems, methods, devices, and computer-readable media for offloading lattice-based cryptographic operations to hybrid cloud computing system. In one embodiment, a method is disclosed comprising receiving a first network request from a client device via a secure application programming interface (API), the request including unencrypted data; encrypting the unencrypted data using an algorithm that generates homomorphically encrypted data; issuing a second network request to a second API of a cloud platform, the second network request including the encrypted data; receiving a response from the cloud platform in response to the second network request; and transmitting, in response to the first network request, a result to the client device based on the response, the result obtained by decrypting an encrypted output returned by the cloud platform.
    Type: Grant
    Filed: December 2, 2020
    Date of Patent: February 14, 2023
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Ashish Sardesai, Paritosh Tyagi, Venkata Josyula
  • Patent number: 11575658
    Abstract: The present disclosure provides in various aspects an encryption device (100), a communication system and a method of exchanging encrypted data in such a network. In accordance with some illustrative embodiments of an aspect, the encryption device (100) comprises a communication interface (110), a variable key generator (120) configured to generate at least two keys, a memory (130) configured to store keys that are either generated by the variable key generator (120) and/or received at the communication interface (110), and an encryption/decryption component (140) configured to successively use keys stored in the memory (130) for encrypting a plaintext received at the communication interface (110) and for decrypting a ciphertext received at the communication interface (110), wherein the communication interface (110) is configured to communicate with an associated separate communication device which is used by a user of the encryption device (100) for communicating in a communication network.
    Type: Grant
    Filed: June 8, 2018
    Date of Patent: February 7, 2023
    Inventor: Stephan Radke
  • Patent number: 11563776
    Abstract: Systems, methods, and related technologies for device compliance monitoring are described. In certain aspects, one or more compliance rules associated with a device classification are used to determine a compliance level of a device. The one or more compliance rules may be based on a standard. An action can be initiated based on the compliance level.
    Type: Grant
    Filed: April 9, 2020
    Date of Patent: January 24, 2023
    Inventors: Anderson Lam, Kevin Benjamin Mayer, Yuri Mikhel, Gilad Walden
  • Patent number: 11558174
    Abstract: Embodiments of this application provide a hybrid-cloud data storage method and apparatus, a related device, and a cloud system. The data storage method includes: obtaining, by a gateway of a private cloud, to-be-stored data; determining partial data to be encrypted in the to-be-stored data, to obtain first target data; obtaining a first ciphertext obtained after the first target data is encrypted, the first target data being encrypted according to a first key provided by an encryption chip connected to the gateway; generating second target data including the first ciphertext according to the first ciphertext; generating a data slice corresponding to the second target data according to the second target data; and transmitting the data slice corresponding to the second target data to a public cloud for storage.
    Type: Grant
    Filed: January 15, 2020
    Date of Patent: January 17, 2023
    Inventors: Bin Sun, Jian Wang, Jie Li, Xianbin Wu, Yupeng Qu, Ailing Wei, Shu Cai, Youlan Gong, Lihu Wang
  • Patent number: 11558741
    Abstract: A method is disclosed. The method includes receiving a broadcast signal from a beacon device, the broadcast signal encoding a first credential associated with a first entity. In response to receipt of the broadcast signal, the mobile communication device transmits the received first credential to an authentication system. The authentication system determines if the first entity associated with the broadcast signal is authentic and generates a confirmation message confirming the authenticity of the first entity. The mobile communication device then receives the confirmation message indicating that the first entity is authentic. The mobile communication thereafter receives and transmits a second credential for the mobile communication device to the beacon device, which transmits the second credential to the authentication system. The authentication system then confirms the authenticity of the mobile communication device.
    Type: Grant
    Filed: September 20, 2017
    Date of Patent: January 17, 2023
    Inventors: Quan Wang, Kyle Crouse
  • Patent number: 11537748
    Abstract: A method and apparatus for identifying personally identifiable information (PII) and protected health information (PHI) within unstructured data, removing the PII and PHI from the unstructured data, and replacing the removed information with case-type tags that allows the user to understand what information was removed and to tune the level of information removal in future data sets.
    Type: Grant
    Filed: January 23, 2019
    Date of Patent: December 27, 2022
    Assignee: Datavant, Inc.
    Inventors: Joseph Austin, Shahir Kassam-Adams, Jason A. LaBonte, Paul J. Bayless
  • Patent number: 11537743
    Abstract: An equipment management system comprises a first database configured to store equipment information about an equipment, a second database configured to store user information about a user, and a controller configured to collect the equipment information from a control apparatus controlling the equipment. The controller is configured to allow access to the first database from the control apparatus. The controller is configured to prohibit access to the second database from the control apparatus.
    Type: Grant
    Filed: September 25, 2018
    Date of Patent: December 27, 2022
    Inventor: Hiroyuki Hidaka