Patents Examined by Kristine L. Kincaid
  • Patent number: 10880292
    Abstract: The present disclosure relates generally to access control, and more particularly, to techniques for seamless transition between world wide web (WEB) resource access and application programming interface (API) resource access on an enterprise network with security restrictions. One technique includes receiving a request for access to a first resource, determining the first resource is a WEB resource, creating an authentication cookie and a bearer token that are tied together using a common identifier, and providing access to the WEB resource based on the authentication cookie. The technique may further include receiving a call for access to a second resource, where the call includes the bearer token in a header of the call, determining the second resource is an API resource, initiating a token exchange of the bearer token for an access token; and providing access to the API resource based on the access token.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: December 29, 2020
    Assignee: Oracle International Corporation
    Inventors: Vipin Anaparakkal Koottayi, Stephen Mathew
  • Patent number: 10872149
    Abstract: A computer program product, a computer-implemented method, and a computer system include a processor(s) that obtains side channel emanations from a device. The processor(s) analyzes the side channel emanations to identify distinct emanation patterns and timing characteristics, wherein the timing characteristics are associated with transitions between the distinct emanation patterns. The processor(s) generates a non-deterministic finite automaton (NFA) by correlating the distinct emanation patterns with states of the device, where the NFA captures states and state transitions of the device. The processor(s) identifies an anomaly in the device, based on deviation in emanations from the device.
    Type: Grant
    Filed: July 25, 2018
    Date of Patent: December 22, 2020
    Assignee: Perspecta Labs Inc.
    Inventors: Scott Alexander, Josephine Micallef, Joshua Morman, Euthimios Panagos, Marc Pucci, Simon Tsang
  • Patent number: 10873571
    Abstract: Techniques to pre-authenticate an identity for an electronic account are described and claimed by the present disclosure. The electronic account may enforce a multi-factor authentication procedure that involves a number of steps. In addition to the electronic account, a user may have other accounts requiring authentications. Successful authentications with respect to those other accounts may provide evidence of the user's identity. If sufficient evidence is present, one or more steps of the multi-factor authentication procedure may be bypassed. Other embodiments are described and claimed.
    Type: Grant
    Filed: July 18, 2019
    Date of Patent: December 22, 2020
    Assignee: Capital One Services, LLC
    Inventors: Abdelkader M'Hamed Benkreira, Joshua Edwards, Adam Vukich
  • Patent number: 10867020
    Abstract: A voiceprint certification method is provided. The method is applicable to an electronic device which records a plurality pieces of user information and a plurality of voiceprints of a plurality of verification words corresponding to each piece of user information. The method includes: receiving first user information among the plurality pieces of user information; selecting at least one first verification word from the verification words corresponding to the first user information and generating a random verification sentence including the at least one first verification word, to prompt a user to read the random verification sentence; and certifying the user by comparing a user input sentence with the random verification sentence and by determining whether a voiceprint corresponding to the first verification word in the user input sentence matches the voiceprint of the first verification word corresponding to the first user information recorded in the electronic device.
    Type: Grant
    Filed: June 20, 2018
    Date of Patent: December 15, 2020
    Assignee: Far EasTone Telecommunications Co., Ltd.
    Inventors: Wen-Shien Yu, Shih-Kai Shen
  • Patent number: 10862866
    Abstract: A method for multiple transaction capabilities application part (TCAP) operation code (opcode) screening includes receiving a first SS7 signaling message including multiple TCAP opcodes. The method further includes determining that the first SS7 signaling message requires further processing. The method further includes, in response to determining that the first SS7 signaling message requires further processing, decoding, from the first SS7 signaling message, N TCAP opcodes, where N is an integer of at least two. The method further includes, for each of the N TCAP opcodes, applying a filter and determining that one of the filters indicates that the opcode, alone or in combination with other parameters in the first SS7 signaling message, is not allowed. The method further includes, in response to determining that the one filter indicates that the opcode, alone or in combination with the other parameters is not allowed, performing an SS7 firewall action.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: December 8, 2020
    Inventors: Mark Allen Erickson, Vikram Mehta
  • Patent number: 10862881
    Abstract: A method of managing a file of a subscriber authenticating module embedded in a terminal device and a module for authenticating a subscriber by using the method. The method of managing the file includes configuring a file structure for one or more profiles and managing one or more files included in the file structure in response to a request. Thus, the method is efficient for a multiple-profile environment.
    Type: Grant
    Filed: September 6, 2017
    Date of Patent: December 8, 2020
    Inventors: Myoung Hee Seo, Jin Hyoung Lee, Kwan Lae Kim, Chui Hyun Park, Hyung Jin Lee
  • Patent number: 10862900
    Abstract: Embodiments provide methods and systems for detecting rogue endpoints on a device management bus. A communications controller configured as a bus owner initiates discovery of managed devices coupled to the bus and generate a unique identifier for each managed device. The communications controller transmits a bus configuration message to the managed devices, including the respective unique identifiers. The managed devices are configured as bus endpoints based on the bus configuration message. The managed devices also capture the bus address of the communications controller from the received bus configuration message. Messages received by a managed device are authenticated as originating from the communications controller if the messages include the unique identifier provided to that managed device. The messages may be further authenticated by comparing the bus address of the message sender against the captured bus address of the communications controller.
    Type: Grant
    Filed: October 25, 2018
    Date of Patent: December 8, 2020
    Assignee: Dell Products, L.P.
    Inventors: Elie Antoun Jreij, Choudary Maddukuri, Ajeesh Kumar, Kala Sampathkumar, Pablo R. Arias, Rama Rao Bisa
  • Patent number: 10855666
    Abstract: The invention relates to providing alternate user communication based on user identification. A communication from a user may be received, and the communication may include an authentication credential from the user. When the user is determined to be an unauthorized user based on the authentication credential, the communication may be extended in order to capture more information from the unauthorized user, and to deter the unauthorized user from making other unauthorized access attempts. In addition to the extension of the communication with the unauthorized user, one or more additional alternate treatments may be presented to the unauthorized user in order to identify, track, and/or prevent access by the unauthorized user.
    Type: Grant
    Filed: June 1, 2018
    Date of Patent: December 1, 2020
    Inventors: Dharmender Kumar Satija, Eren Kursun
  • Patent number: 10853506
    Abstract: Systems and methods for preventing leakage of protected data to unsecured applications and documents may include determining that a first document is a protected document in a managed application, detecting a request to copy protected data from the first document to a system clipboard accessible by unprotected documents, redirecting the protected data to a secure clipboard, determining that a second document is an unprotected document, detecting a request to paste the protected data into the second document, and refraining from pasting the protected data into the second document. The secure clipboard may be implemented by a data leakage prevention (DLP) client. It may be separate from the system clipboard and inaccessible by unprotected documents. Dynamic-link library injection and API hooking may allow the DLP client to intercept clipboard related function calls made by managed applications into the operating system and to transparently change the behavior of the managed application.
    Type: Grant
    Filed: July 2, 2018
    Date of Patent: December 1, 2020
    Assignee: Dell Products L.P.
    Inventors: Ricardo Antonio Ruiz, Jonathan Nathan Yanez, Luis Antonio Valencia Reyes, Venkata Satya Narasimha Murthy Prayaga, James Darrell Testerman, Dongli Wu
  • Patent number: 10848512
    Abstract: A computer-implemented method, computer program product and computing system for: receiving updated threat event information concerning a computing platform; enabling the updated threat event information for use with one or more security-relevant subsystems within the computing platform; and retroactively applying the updated threat event information to previously-generated information associated with the one or more security-relevant subsystems.
    Type: Grant
    Filed: June 5, 2019
    Date of Patent: November 24, 2020
    Assignee: ReliaQuest Holdings, LLC
    Inventors: Brian P. Murphy, Joe Partlow, Colin O'Connor, Jason Pfeiffer
  • Patent number: 10848515
    Abstract: A stochastic model is described for cybersecurity using a host access attack graph to determine network security risk. The model uses Markov chains in conjunction with vulnerability metrics to analyze risks associated with a number of different types of computing devices in various types of networks. The model can be used to identify critical nodes in a host access attack graph where attackers may be most likely to focus. Based on that information, a network administrator can make appropriate, prioritized decisions for system patching. Further, a flexible risk ranking technique is described, where the decisions made by an attacker can be adjusted using a bias factor. The model can be generalized for use with complicated network environments.
    Type: Grant
    Filed: December 1, 2017
    Date of Patent: November 24, 2020
    Assignee: University of South Florida
    Inventors: Nawa Raj Pokhrel, Chris P. Tsokos
  • Patent number: 10834101
    Abstract: In an embodiment, a computer system configured to improve security of client computer interacting with server computers comprises one or more processors; a digital electronic memory storing a set of program instructions which when executed using the one or more processors cause the one or more processors to: process a first set of original instructions that produce a first set of outputs or effects; generate a first set of interpreter instructions that define a first interpreter; generate a first set of alternate instructions from the first set of original instructions, wherein the first set of alternate instructions is functionally equivalent to the first set of original instructions when the first set of alternate instructions is executed by the first interpreter; send, to the first client computer, the first set of alternate instructions and the first set of interpreter instructions.
    Type: Grant
    Filed: March 8, 2017
    Date of Patent: November 10, 2020
    Assignee: SHAPE SECURITY, INC.
    Inventors: Michael J. Ficarra, Kevin Gibbons
  • Patent number: 10826929
    Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for vulnerability assessment and hash generation for exterior data deployment. In this way, the system utilizes a vulnerability assessment to generate a permit to send approval for dissemination of data, files, or the like outside of the entity via an electronic communication. The vulnerability assessment determines a permit to send status for the communication. The system may then generate a hash for the communication and embed the hash within the data of the communication. Upon sending, the entity will only permit communications with a known hash embedded therein from being transmitted outside of the internal entity network.
    Type: Grant
    Filed: December 1, 2017
    Date of Patent: November 3, 2020
    Inventors: William R. Overhultz, Jr., Michael Jacob Richardson
  • Patent number: 10819734
    Abstract: The disclosure is directed to a system for improving security of SSL communications. The system can include an device intermediary between one or more servers, one or more clients, a plurality of agents, and a web service. The servers can be configured to receive SSL connections and issue SSL certificates. The device can include a virtual server associated with a respective one of the servers, such that the SSL certificate of the respective server is transmitted through the device. The device can generate service fingerprints for the one or more servers. Each service fingerprint can include information corresponding to an SSL certificate of the virtual server, one or more DNS aliases for a virtual IP address of the respective virtual server, one or more port numbers serving the SSL certificate, and an IP address serviced by the device. The device also can transmit the service fingerprints to a web service.
    Type: Grant
    Filed: February 4, 2019
    Date of Patent: October 27, 2020
    Assignee: Citrix Systems, Inc.
    Inventors: Anoop Reddy, Kenneth Bell, Georgios Oikonomou, Kurt Roemer
  • Patent number: 10795998
    Abstract: A method for selecting either a first malware analysis system or a second malware analysis system to analyze a file is disclosed. The method includes obtaining, at a network security element, a file sent between a first device and a second device, the file having one or more associated attributes; analyzing, at the network security element, the one or more attributes of the file; selecting, based on the analyzing, either the first malware analysis system or the second malware analysis system as a selected malware analysis system for malware analysis of the file; and providing the file to the selected malware analysis system.
    Type: Grant
    Filed: March 2, 2018
    Date of Patent: October 6, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Aaron T. Woland, Vivek Santuka, Moses Hernandez, Steven H. Chimes, Andrew E. Ossipov
  • Patent number: 10798072
    Abstract: The present disclosure provides a password management process and system. The updating of the password data in the process and system is performed based, at least in part, on the functional account data and corresponding scheduling data, said scheduling data representing criteria for updating the password of, at least, the particular functional account.
    Type: Grant
    Filed: December 1, 2017
    Date of Patent: October 6, 2020
    Inventors: Siddhesh Pangam, Karabi Ghanta, Tushar Uddhav Gaikar
  • Patent number: 10795989
    Abstract: A method of securely executing a Just-In-Time (JIT) compiled code in a runtime environment, comprising using one or more processors for receiving from a JIT executing process a request to compile in runtime a code segment, initiating a JIT compiling process to compile the code segment in order to generate an executable code segment, storing the executable code segment in a shared memory and providing to the JIT executing process a pointer to the executable code segment in the shared memory. Wherein the JIT executing process having read-execute access rights to the shared memory and the JIT executing process and the JIT compiling process are different processes.
    Type: Grant
    Filed: March 5, 2017
    Date of Patent: October 6, 2020
    Assignee: Fortinet, Inc.
    Inventor: Udi Yavo
  • Patent number: 10798124
    Abstract: A system and computer-implemented method to detect a slowloris-type network attack, wherein the method includes receiving data gathered by a server of a network over time, the data received including data about timing of requests from a plurality of clients received by the server, tracking the data about timing of requests over time, determining one or more characteristics about distribution of the data tracked, tracking the one or more characteristics to determine whether there is an increase in time for reading, by the server, a larger portion of requests tracked, identifying a change in the characteristics that indicates the presence of a slowloris-type network attack, and performing an action, in response to the change, to at least one of generate an alert about the slowloris-type network attack, request mitigation of the slowloris-type network attack, and mitigate the slowloris-type network attack.
    Type: Grant
    Filed: April 25, 2018
    Date of Patent: October 6, 2020
    Assignee: Arbor Networks, Inc.
    Inventor: Sean O'Hara
  • Patent number: 10785257
    Abstract: Aspects of the present disclosure involve systems, methods, computer program products, and the like, for data center redundancy in relation to a computer network. In particular, the present disclosure provides for one or more available redundant data centers, or bunkers, associated with a computer network. In one embodiment, the bunker data centers are configured to absorb traffic intended for an application operating on a data center when the traffic threatens to overwhelm the application. For example, during a distributed denial of service (DDOS) attack, the bunker data centers are configured to absorb some of the traffic from the DDOS attack to prevent the application that is the target of the attack from being overwhelmed.
    Type: Grant
    Filed: July 30, 2018
    Date of Patent: September 22, 2020
    Assignee: Level 3 Communications, LLC
    Inventors: Andrew Dugan, John F. Waters, Jr., Salvador Paredes, Nasser Nabih El-Aawar
  • Patent number: 10783263
    Abstract: A method is provided for generating an encrypted database. The method includes: receiving a plaintext database having plaintext data entries in one or more columns; augmenting the received plaintext database to generate an augmented plaintext database, the augmenting including the addition of one or more columns to the received plaintext database, each added column corresponding to an attribute which is to be made available for conditional queries; and encrypting the augmented plaintext database to generate the encrypted database including encrypted data entries. The encrypted database supports at least one form of conditional query for those attributes corresponding to the added columns, the at least one form of conditional query being computed on the encrypted data entries without the decryption thereof to produce an encrypted result.
    Type: Grant
    Filed: August 11, 2017
    Date of Patent: September 22, 2020
    Assignee: Palo Alto Research Center Incorporated
    Inventors: Shantanu Rane, Vincent Bindschaedler, Alejandro E. Brito, Ersin Uzun, Vanishree Rao