Patents Examined by Longbit Chai
  • Patent number: 11516254
    Abstract: In some examples, a system includes a network managed by a service provider and configured to provide access to one or more objects to a set of tenants each having one or more users, the service provider and the set of tenants being part of a set of entities that form a hierarchy, and a controller having access to the network. The controller is configured to obtain data indicative of a set of parameters, where the data indicative of the set of parameters is associated with an owner entity of the set of entities, generate a rule which incorporates the set of parameters, where the rule enables the controller to control access to an object of the one or more objects, and add the rule to a rules database, wherein the rules database is accessible to the controller.
    Type: Grant
    Filed: June 20, 2019
    Date of Patent: November 29, 2022
    Assignee: JUNIPER NETWORKS, INC.
    Inventors: Gurminder Singh, Pei-Yu Yang, Rong Xie
  • Patent number: 11516256
    Abstract: A system for data processing, comprising a management controller operating on a processor and configured to load and execute one or more algorithms that provide the function of transmitting a request to a managed device using a Security Protocol and Data Model (SPDM) protocol and to receive a response from the managed device. A system management bus and security policy system operating on the processor is configured to execute one or more algorithms to process the response from the managed device to apply an SPDM security policy to the response.
    Type: Grant
    Filed: May 20, 2020
    Date of Patent: November 29, 2022
    Assignee: DELL PRODUCTS L.P.
    Inventors: Viswanath Ponnuru, Rama Rao Bisa, Chandrashekar Nelogal, Chandrasekhar Mugunda, Lee Eric Ballard
  • Patent number: 11516203
    Abstract: Systems and methods for embodiments of artificial intelligence systems for identity management are disclosed. Specifically, embodiments of an identity management system may provide identity management in association with cloud services used by an enterprise and, in particular, may provide identity management in association with cloud based services that may be accessed through federated access providers.
    Type: Grant
    Filed: July 29, 2020
    Date of Patent: November 29, 2022
    Assignee: SailPoint Technologies, Inc.
    Inventors: Brian Eric Rose, Nicholas Ryan Wellinghoff
  • Patent number: 11516219
    Abstract: Systems and methods for embodiments of a graph based artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may utilize a network graph approach to analyzing identities or entitlements of a distributed networked enterprise computing environment. Specifically, in certain embodiments, an artificial intelligence based identity management systems may utilize the peer grouping of an identity graph (or peer grouping of portions or subgraphs thereof) to identify roles from peer groups or the like.
    Type: Grant
    Filed: August 20, 2020
    Date of Patent: November 29, 2022
    Assignee: SailPoint Technologies, Inc.
    Inventors: Mohamed M. Badawy, Jostine Fei Ho
  • Patent number: 11516193
    Abstract: A key distribution host determines a trust level of a user authentication server, wherein the trust level is based, at least in part, on one or more attributes of the user authentication server and provides one or more authentication keys to the user authentication server only if the trust level of the user authentication server is above a threshold value.
    Type: Grant
    Filed: August 21, 2020
    Date of Patent: November 29, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Jasmeet Chhabra, Daniel Stephen Popick, Luke Edward Kennedy
  • Patent number: 11509486
    Abstract: A system and method of determining an attestation or identity score of a user of a communication device employs metadata stored in a plurality of client devices, such as IoT devices. A request for attestation, comprises a unique identifier associated with the communication device and an input or shared value. The unique identifier is used to identify, in a distributed ledger (blockchain), client devices that are paired with the communication device. Metadata stored in association with each of the client devices is retrieved and compared to the input or shared value, and a sub-identity score is determined based on the extent to which there is a match and the reliability of the client device. The sub-identity scores are combined to obtain an identity score reflecting a confidence level in the user and/or communication device.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: November 22, 2022
    Assignee: NXM LABS, INC.
    Inventors: Jay Fallah, Kristopher Byrne, Kevin John Oerton, Josef Zankowicz, Scott Rankine, Prathap Siddavaatam
  • Patent number: 11501013
    Abstract: An anomaly detection method includes receiving, at a processor, a request including a query that references a database. A plurality of attributes is identified based on the request. The processor concurrently processes the query to identify a result, and analyzes the plurality of attributes to identify an anomaly score. When the anomaly score exceeds a first predefined threshold, a signal representing a quarantine request is sent, and a signal representing the result is not sent. When the anomaly score is between the first predefined threshold and a second predefined threshold, a signal representing a notification and a signal representing the result are sent. When the anomaly score is below the second predefined threshold, a signal representing a quarantine request is sent, and a signal representing the result is not sent.
    Type: Grant
    Filed: July 8, 2022
    Date of Patent: November 15, 2022
    Assignee: Sotero, Inc.
    Inventors: Purandar Gururaj Das, Shanthi Boppana
  • Patent number: 11503022
    Abstract: A method for providing improved personalized security mechanisms for transferring electronic data is disclosed. In an embodiment, the method comprises generating, at a client computer, a user key pair, wherein the user key pair comprises a user private key and a user public key; transmitting the user public key from the client computer to a server computer; receiving, at the client computer, from the server computer, a user account public key; generating a virtual memory stick (“VMS”) file and including, in the VMS file, one or more keys and one or more passphrases; encrypting the VMS file with a protection passphrase to generate an encrypted VMS file; and transmitting the encrypted VMS file to the server computer.
    Type: Grant
    Filed: June 24, 2020
    Date of Patent: November 15, 2022
    Assignee: Verum Securitas, Inc.
    Inventors: Kris Durski, Gustav Metkowski
  • Patent number: 11501000
    Abstract: A method for automatically enhancing security and fixing security vulnerabilities in the source code of a computer program in an object oriented run time environment includes evaluating the source code file of a monitored computer program. The source code file includes a plurality of class files. Each session includes two or more session segments. A security assessment on each of the plurality of class files is performed to identify one or more potential security issues associated with the plurality of class files. One or more security controls configured to address the identified potential security issues are automatically injected into a source code of one or more class files identified as having potential security issues. The automatically modified source code file of the monitored computer program is deployed to the run-time environment.
    Type: Grant
    Filed: February 4, 2020
    Date of Patent: November 15, 2022
    Assignee: SHADOW-SOFT, LLC
    Inventors: Tony Stafford, Derrick Sutherland
  • Patent number: 11483324
    Abstract: Techniques are provided for detection of malicious activity using behavior data. A behavior model is trained with behavior data generated in association with a plurality of requests. Data is received that describes a particular request from a particular client device to a server system hosting a website. The data includes particular behavior data generated at the particular client device in association with the particular request. The particular behavior data is analyzed using the behavior model to generate a behavior model result. An automation determination for the particular request is generated based on the behavior model result. The particular request is handled based on the automation determination for the particular request.
    Type: Grant
    Filed: May 22, 2018
    Date of Patent: October 25, 2022
    Assignee: SHAPE SECURITY, INC.
    Inventors: Ye Xu, Yao Zhao, Xinran Wang, Jarrod Overson
  • Patent number: 11483285
    Abstract: An access control device provides a secure access control mechanism for a system being remotely accessed. An embodiment of the access control device includes a front-end firewall to provide a first network port to connect a computer to remotely access the system; a bastion host connected with the front-end firewall; and a back-end firewall, connected with the bastion host, to provide a second network port to connect the system. The back-end firewall determines remotely accessible resources in the system and determines resources remotely accessible by the computer, among the remotely accessible resources in the system, according to remote access control policies. The bastion host provides the computer with information provided by the back-end firewall about the resources remotely accessible by the computer through the first network port of the front-end firewall, to permit the resources to be remotely accessible by the computer. Advantages may include security, simplicity and plug-and-play.
    Type: Grant
    Filed: June 27, 2019
    Date of Patent: October 25, 2022
    Assignee: Siemens Aktiengesellschaft
    Inventor: Wen Tang
  • Patent number: 11483305
    Abstract: An illustrative embodiment disclosed herein is an apparatus including a processor with programmed instructions to receive, from a user device and via a network, encrypted credentials for logging on a user associated with the user device to a virtual machine. The processor is coupled to the virtual machine via a hypervisor. The processor has programmed instructions to decrypt the credentials, send, to an operating system of the virtual machine, the decrypted credentials, and cause the operating system to log the user on to the virtual machine.
    Type: Grant
    Filed: July 30, 2020
    Date of Patent: October 25, 2022
    Assignee: Nutanix, Inc.
    Inventors: Darko Ilic, Marko Zivanovic
  • Patent number: 11483290
    Abstract: Systems and methods are provided for receiving, at a network device, a first set of rules from a security controller of an enterprise network, the first set of rules being different from a second set of rules provided to a firewall by the security controller, implementing, at the network device, the first set of rules received from the security controller, generating, at the network device, a first log including metadata based on the first set of rules, the first log being generated on a per flow basis, notifying, at the network device, a NetFlow of the first log including the metadata of the first set of rules, and providing, from the network device, the first log to a cloud-log store by the NetFlow of the network device, the cloud-log store receiving the first log from the network device and a second log from the firewall.
    Type: Grant
    Filed: August 5, 2020
    Date of Patent: October 25, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Saravanan Radhakrishnan, Anand Oswal, Ashwin Kumar, Paul Wayne Bigbee, Darrin Joseph Miller
  • Patent number: 11477010
    Abstract: The present embodiments relate to systems and methods for using a blockchain to record information related to the lifecycle of a vehicle associated with a Vehicle Identification Number (VIN). For example, the VIN lifecycle process may be used to develop safety-feature based insurance models. The systems and methods may include calculating a safety rating for a safety feature based upon data accessed at a blockchain. The safety rating may be used to generate a product associated with a new vehicle type, such as an insurance product covering the new vehicle type. The systems and methods described herein may allow for using a blockchain which gives the option for private information, and permissioned participants in the blockchain. In particular, the systems and methods may allow for a distributed consensus amongst businesses, consumers, and authorities, as to the validity of information and transactions stored on the blockchain.
    Type: Grant
    Filed: September 11, 2020
    Date of Patent: October 18, 2022
    Assignee: STATE FARM MUTUAL AUTOMOBILE INSURANCE COMPANY
    Inventors: William J. Leise, Douglas A. Graff, Stacie A. McCullough, Shawn M. Call, Eric Bellas, Jaime Skaggs, Jacob J. Alt, Eric R. Moore, Vicki King
  • Patent number: 11477192
    Abstract: A method for providing improved personalized security mechanisms for transferring electronic data is disclosed. In an embodiment, the method comprises generating, at a client computer, a user key pair, wherein the user key pair comprises a user private key and a user public key; transmitting the user public key from the client computer to a server computer; receiving, at the client computer, from the server computer, a user account public key; generating a virtual memory stick (“VMS”) file and including, in the VMS file, one or more keys and one or more passphrases; encrypting the VMS file with a protection passphrase to generate an encrypted VMS file; and transmitting the encrypted VMS file to the server computer.
    Type: Grant
    Filed: June 24, 2020
    Date of Patent: October 18, 2022
    Assignee: VERM SECURITAS, INC.
    Inventors: Kris Durski, Gustav Metkowski
  • Patent number: 11468185
    Abstract: Aspects of the disclosure relate to dynamically controlling access to linked content in electronic communications. A computing platform may receive, from a user computing device, a request for a uniform resource locator associated with an email message and may evaluate the request using one or more isolation criteria. Based on evaluating the request, the computing platform may identify that the request meets at least one isolation condition associated with the one or more isolation criteria. In response to identifying that the request meets the at least one isolation condition associated with the one or more isolation criteria, the computing platform may initiate a browser mirroring session with the user computing device to provide the user computing device with limited access to a resource corresponding to the uniform resource locator associated with the email message.
    Type: Grant
    Filed: May 15, 2020
    Date of Patent: October 11, 2022
    Assignee: Proofpoint, Inc.
    Inventors: Conor Brian Hayes, Michael Edward Jones, Alina V. Khayms, Kenny Lee, David Jonathan Melnick, Adrian Knox Roston
  • Patent number: 11468199
    Abstract: An apparatus includes one or more functional circuits, a debug circuit configured to implement one or more debug features for the one or more functional circuits, and a validation circuit. The validation circuit is configured to receive a request to access debug features, and to send an identification value corresponding to the apparatus. The validation circuit is further configured to receive a certificate generated by a server computer system, the certificate including encoded debug permissions, and to decode the debug permissions using the identification value. Using the decoded debug permissions, the validation circuit is further configured to enable one or more of the debug features.
    Type: Grant
    Filed: July 22, 2020
    Date of Patent: October 11, 2022
    Assignee: Apple Inc.
    Inventors: Mukesh Kataria, Jerrold V. Hauck
  • Patent number: 11463423
    Abstract: A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files.
    Type: Grant
    Filed: February 10, 2020
    Date of Patent: October 4, 2022
    Assignee: T-CENTRAL, INC.
    Inventors: David W. Kravitz, Donald Houston Graham, III, Josselyn L. Boudett, Russell S. Dietz
  • Patent number: 11463362
    Abstract: A method and system for reducing triggering of throughput penalties imposed on a group of users by a software-as-a-service (SaaS) server due to Application Programming Interface (API) calls exceeding limits of the SaaS server is disclosed. The approaches include actions of intercepting requests to the SaaS server from a user group and monitoring both a rate of API calls for the requests and a rate of API events generated by forwarding the API calls to the SaaS server, intercepting the SaaS server's responses, where some of the responses indicate a throughput penalty imposed by the server, inferring load conditions of the SaaS server by analyzing the varying rate of API events against the responses with imposition of throughput penalty and setting an API call throttle limit dynamically adaptive to the inferred load conditions, then throttling the rate of the API calls for the group's requests according to the throttle limit.
    Type: Grant
    Filed: March 7, 2022
    Date of Patent: October 4, 2022
    Assignee: NetSkope, Inc.
    Inventors: Chandrasekaran Rajagopalan, Brian Miller
  • Patent number: 11461437
    Abstract: Using various embodiments, methods and systems for verification of a digital asset owner in a digital environment are described. In one embodiment, a system can be configured to receive a digital asset where the digital asset is configured to be displayed in a multi-dimensional environment. Thereafter, the system retrieves a secret pattern within the digital asset and computes a first identification hash value using a hash function. In one embodiment, the hash function receives a parameter value derived from the secret pattern. The system then compares the first identification hash value to a second identification hash value, where the second identification hash value is provided by the owner of the digital asset. The system then determines the digital asset as authentic when the first and second identification hash values are identical.
    Type: Grant
    Filed: January 12, 2022
    Date of Patent: October 4, 2022
    Assignee: Trivver, Inc.
    Inventor: Joel LaMontagne