Patents Examined by Longbit Chai
-
Patent number: 12651047Abstract: A method for managing licensed content includes receiving an encrypted license file and a pre-shared key (PSK) from a deployment package and decrypting the encrypted license file using the PSK to obtain license file content. The method further includes sending the license file content to a secure license generator, obtaining a locking ID associated with an edge device, and encrypting the license file content using the locking ID to obtain a locking ID license file, wherein the locking ID is usable to access the locking ID license file. Finally, the method includes deleting the PSK and the encrypted license file, wherein, based on the deleting, the deployment package comprises a software product file and the locking ID license file.Type: GrantFiled: December 9, 2024Date of Patent: June 9, 2026Assignee: Dell Products L.P.Inventors: B R Nagalakshmi, Vaneeswaran Natrayan
-
Patent number: 12647362Abstract: A method and system for reducing triggering of throughput penalties imposed on a group of users by a software-as-a-service (SaaS) server due to Application Programming Interface (API) calls exceeding limits of the SaaS server. The approaches include intercepting requests to the SaaS server from a user group and monitoring a rate of API calls the API calls forwarded to the SaaS server, identifying one or more power users based on a notification threshold value for the user group, and managing the rate of the API calls for the requests submitted by the identified power users of the user group in accordance with an API call throttle limit, thus remediating triggering of the throughput penalty.Type: GrantFiled: August 5, 2024Date of Patent: June 2, 2026Assignee: Netskope, Inc.Inventors: Chandrasekaran Rajagopalan, Brian Miller
-
Patent number: 12640921Abstract: Systems and techniques may generally be used for provisioning local storage data object containers. A public-facing interface may receive a satisfaction identifier for a data object axiom instrument and may acquire user consent acknowledging ephemeral disclosure of recovery credentials to initiate a satisfaction workflow. A service layer may validate the identifier against a satisfaction ledger and may orchestrate the workflow by issuing a satisfy command to another service layer. The service layer, isolated from public ingress, may generate container key material defining a destination address and may construct and sign a transfer to the address. A network broadcast interface may submit the transfer to a blockchain network. An ephemeral disclosure module may present the recovery credentials in a disclosure viewport with a countdown timer. Upon expiry, the credentials may be zeroized and subsequent disclosure may be prevented, enforcing a policy of no server-side persistence.Type: GrantFiled: December 4, 2025Date of Patent: May 26, 2026Inventor: Victor Almeida Barros
-
Patent number: 12639420Abstract: Disclosed herein is a method for defining a model of a trusted IoT security gateway architecture based on a microhypervisor, wherein evaluation of the model provides a guarantee that the correct security protections are applied to each IoT device's network traffic at all times, including when under attack. The models defined in accordance with the method disclosed herein are used to verify security gateway architectures that provide robust trust properties to a broad range of legacy hardware platforms utilizing existing software with a reasonable performance overhead.Type: GrantFiled: July 13, 2022Date of Patent: May 26, 2026Assignee: CARNEGIE MELLON UNIVERSITYInventors: Amit Vasudevan, Matthew McCormack, Vyas Sekar
-
Patent number: 12632583Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for securely certifying products in an ecosystem. In some implementations, a digital platform receives a user request to access digital models. The digital platform determines whether the user is authorized to access the digital models. In response, the digital platform generates a transaction request to send to a location of the digital models, wherein the transaction request comprises data identifying operations to perform using the digital models. The digital platform transmits, to the location of the digital models, the generated transaction request that causes execution of the operations. The digital platform receives data representative of a result of the operations performed. The digital platform provides, to a user interface of the user device, the data representative of the result. The digital platform audits the data related to the transaction request and the data representative of the result.Type: GrantFiled: August 30, 2024Date of Patent: May 19, 2026Assignee: Istari Digital, Inc.Inventors: William Roper, Jr., Christopher Benson, Sriram Krishnan, Baha aldeen E.A. Abunojaim, Ellie Daw, Omar Valverde, Mohammad M.Y. Zahra, Peter Galvin, Danne Stayskal Huffaker
-
Patent number: 12627668Abstract: A method for role-based access control recommendation includes obtaining one or more security logs from a security analytics platform. The method includes determining access rights to the one or more security logs for one or more users of the security analytics platform. The determining includes generating one or more clusters of security logs based on the one or more security logs. The determining includes providing, to a user of the security analytics platform, a recommendation for a first data access group for the security analytics platform based on a first cluster of the one or more clusters. The determining includes, responsive to input from the user of the security analytics platform, generating the first data access group for the security analytics platform based on the first cluster of the one or more clusters.Type: GrantFiled: May 9, 2024Date of Patent: May 12, 2026Assignee: Google LLCInventor: James Paul Black
-
Patent number: 12609820Abstract: A method for generating a secure secret key, includes the following steps: A. receiving, in a communication station referred to as the transmitting station, a first secret key by way of a quantum encryption channel via satellite, the first secret key also being transmitted to at least one other communication station by way of the quantum encryption channel; B. generating, in the transmitting station, a second secret key using a trusted random number generator; C. generating an encrypted secret key using the first secret key and the second secret key by the one-time pad method; D. transmitting the encrypted secret key from the transmitting station to the one or more other communication stations.Type: GrantFiled: September 15, 2022Date of Patent: April 21, 2026Assignee: THALESInventors: Benoit Tranier, Jean Didier Gayrard
-
Patent number: 12609965Abstract: Systems and methods for workspace orchestration based on contributor scores are described. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: receive, at a local management agent from a workspace orchestration service, one or more files configured to enable the local management agent to instantiate a workspace based, at least in part, upon an aggregated contributor score; and instantiate the workspace.Type: GrantFiled: March 20, 2024Date of Patent: April 21, 2026Assignee: Dell Products L.P.Inventors: Girish S. Dhoble, Nicholas D. Grobelny, Jason Kolodziej
-
Patent number: 12602514Abstract: A method for processing sensitive user personally identifiable information (PII) data across geographical boundaries, including: receiving in real-time, by a personally identifiable information (PII) resolver within a first location, a payload data object from a first processing unit at a second location, wherein the payload data object comprises: a header comprising metadata, a body comprising a message to be sent to a user, and a first identifier associated with the user; determining, by the PII resolver, a second identifier and a third identifier stored in a database corresponding to the received first identifier, wherein the database includes a mapping between the first identifier, and the second identifier, and the third identifier; replacing, by the PII resolver.Type: GrantFiled: September 5, 2025Date of Patent: April 14, 2026Assignee: MOENGAGE INDIA PRIVATE LIMITEDInventors: Ajish Nair, Yashwanth Kumar, Nikhil Kumar, Shilpa Narayana Reddy
-
Patent number: 12574418Abstract: One example method includes receiving, from a prospective tenant, a request to provision a tenant cluster of a cloud computing environment, creating, and/or accessing, a tenant-specific catalog that contains information identifying a tenant-specific configuration of trusted execution environment (TEE) hardware, provisioning the TEE hardware according to the information in the tenant-specific catalog, monitoring the TEE hardware for any TEE state changes, analyzing a detected TEE state change, and when the detected TEE state change indicates a specified risk, applying a TEE hardware maintenance state to the TEE hardware.Type: GrantFiled: January 19, 2024Date of Patent: March 10, 2026Assignee: Dell Products L.P.Inventors: Viswanath Ponnuru, Vinay Sawal, Sumanth Vidyadhara, Judith A. Furlong, Krishnaprasad K
-
Patent number: 12568086Abstract: A system has been created to automatically expand CSPM coverage for an organization based on CSP offerings and organization usage of cloud resources. The system crawls API specifications of each CSP used by an organization to extract cloud resource metadata including attributes and attribute descriptions. The system classifies each discovered attribute as related to security or not related to security. The system then filters out those security related attributes that already have CSPM coverage. The system collects information across different data sources corresponding to CSPM for the organization, such as audit logs and ingestion requests. The system then prioritizes resource attributes for metadata ingestion based on configurable parameters that consider newly discovered CSP offerings represented by discovered security related attributes. According to the prioritization, the system generates templates to execute for ingestion.Type: GrantFiled: March 26, 2024Date of Patent: March 3, 2026Assignee: Palo Alto Networks, Inc.Inventors: Ankit Agarwal, Vivek Hari Menon, Akshay Raghunandan, Pranav Rai
-
Patent number: 12568099Abstract: Technologies for generating a set of models for each account, where each model is a fine-grained, unsupervised behavior model trained for each user to monitor and detect anomalous patterns are described. An unsupervised training pipeline can generate user models, each being associated with one of multiple accounts and is trained to detect an anomalous pattern using feature data associated with the one account. Each account is associated with at least one of a user, a machine, or a service. An inference pipeline can detect a first anomalous pattern in first data associated with a first account using a first user model. The inference pipeline can detect a second anomalous pattern in second data associated with a second account using a second user model.Type: GrantFiled: August 17, 2023Date of Patent: March 3, 2026Assignee: NVIDIA CorporationInventors: Rachel Allen, Gorkem Batmaz, Michael Demoret, Ryan Kraus, Hsin Chen, Bartley Richardson
-
Patent number: 12563097Abstract: Systems and methods for enforcing tag-based policy on dynamic workloads include monitoring, via a cloud-based system, traffic associated with one or more customers of the cloud-based system; receiving a packet from a workload associated with a customer of the one or more customers; performing a tag lookup at one or more nodes of the cloud-based system based on the packet; enforcing one or more policies based on the tag lookup. Based on no tags being found for the workload during the tag lookup at the one or more nodes, the nodes are adapted to drop the packet; query the one or more cloud connectors for workload information; and receive, in a next packet, all tags and a version associated with the workload.Type: GrantFiled: January 16, 2024Date of Patent: February 24, 2026Assignee: Zscaler, Inc.Inventors: Charles Bransi, Praveen Yadothare, Siva Yarlagadda, Vladimir Stepanenko
-
Patent number: 12563102Abstract: Dynamic attribute-based edge-deployed security in an industrial automation environment is described. A policy engine receives a command executable relevant to operational technology of an industrial automation environment via an access account. The policy engine classifies the command as approved or denied based on identifying a security policy based on the access account and operational technology, determining a set of parameter values based on the security policy, determining an intent of the command based on the set of parameter values, and classifying the command by evaluating the intent against the security policy. In response to command approval, the policy engine identifies a first communication channel coupling the operational technology and a policy enforcement point, connects a second communication channel coupling the policy enforcement point and the policy engine, and transmits the command and an indication of the first channel to the policy enforcement point via the second channel.Type: GrantFiled: March 15, 2024Date of Patent: February 24, 2026Assignee: Rockwell Automation Technologies, Inc.Inventors: Diane E. Golden, Michael J. Anthony, Blake S. Johnson
-
Patent number: 12556582Abstract: Systems and methods provide controlled access to resources in a zero-trust computing environment. Requests for access to resources of the zero-trust environment are tracked, including identifying policies evaluated in response to requests for access to resources. Based on the tracked requests, policies are identified that were satisfied in granting access to resources and that were not satisfied in denying access to resources. Request for access to resources are evaluated based on a trust score for a resource that is calculated based on users requesting access to the resource, hardware requesting access to the resource, software applications requesting access to the resource, networks used to request access to the resource and data exposed by providing the requested access to the resource. The trust score for the resource is adjusted upwards based on the policies satisfied in granting requested access, and adjusted downwards based on policies not satisfied in denying requested access.Type: GrantFiled: August 1, 2023Date of Patent: February 17, 2026Assignee: Dell Products L.P.Inventors: Deepak Gaikwad, Judith A. Furlong, Raj Suryavanshi, Biraj Silwal, Berke Belge, Chenhao Huang, Sarthak Madrecha
-
Patent number: 12556538Abstract: In one or more examples disclosed herein, a potential cyberattack is detected in a centralized computer system. A centralized policy service generates a prevention policy in response, using the information about the potential cyberattack. The prevention policy allows granular blocking of selective functionality in respect of a certain user(s). Although generated centrally, one generated, the prevention policy is distributed to multiple computer devices (e.g. within an organization) for decentralized enforcement, by policy agents executed on those computer devices.Type: GrantFiled: March 20, 2023Date of Patent: February 17, 2026Assignee: Microsoft Technology Licensing, LLCInventors: Noam Hadash, Amir Kutcher, Edan Zwick, Philip Tsukerman, Yair Tsarfaty
-
Patent number: 12556565Abstract: A system and method for ingesting delayed logs for cybersecurity detection is presented. The method includes detecting a resource deployed in a computing environment, the resource configured to generate a local log on a disk of the resource; periodically fetching the local log from the disk, the local log including a plurality of event records written by at least a software application executed on the resource; applying a control on the fetched local log; and detecting a cybersecurity issue on the resource based on a result of applying the control.Type: GrantFiled: August 11, 2025Date of Patent: February 17, 2026Assignee: Wiz, Inc.Inventor: Ofir Saban
-
Patent number: 12556585Abstract: The present disclosure provides a communication method and apparatus, and a device. The communication method may be applied to a communication system, such as an onboarding network (ONN) system. The method may include: an access network device receives a registration request message from a terminal device, establishment cause information carried in the registration request message being to log on to a standalone non-public network (SNPN); and the access network device configures a user plane security policy of the terminal device as a first security policy according to the establishment cause information so as to indicate to activate user plane encryption protection and/or user plane integrity protection for a DRB belonging to a PDU session.Type: GrantFiled: July 19, 2021Date of Patent: February 17, 2026Assignee: BEIJING XIAOMI MOBILE SOFTWARE CO., LTD.Inventor: Wei Hong
-
Patent number: 12549603Abstract: Systems, methods and/or computer program products for dynamically adjusting levels of data security, encryption enforcement, confidentiality, network policies and other parameters within a network and at processing nodes thereof, implementing heightened levels of security and encryption as needed, based on the type of datasets being processed. Enforcement and removal of data security, encryption requirements, confidentiality, network policies and other parameters at the nodes of the network is performed using headers and footers added to the source dataset. Headers prescribe the heightened level of security or encryption being enforced at each node of the network along the source dataset's flow trajectory, while footers follow the completed processing of the source dataset and indicates to the nodes along the data flow trajectory the conditions for removing the heightened level of security, encryption, confidentiality, network policies and other parameters prescribed by the headers.Type: GrantFiled: September 14, 2022Date of Patent: February 10, 2026Assignee: International Business Machines CorporationInventors: Partho Ghosh, Sarbajit K. Rakshit, Venkata Vara Prasad Karri, Akash U. Dhoot
-
Patent number: 12549538Abstract: Disclosed embodiments relate to systems and methods for providing agentless efficient queries for native network resource connections. Techniques include receiving a request from a network identity to access an original network resource; authenticating the network identity using a native client and communication protocol; authorizing the network identity based on one or more access policy; identifying an account having a secret, based on the one or more access policy; accessing the original network resource using the secret; enabling the network identity to access the original network resource using the account using the native client and communication protocol; creating at least one new entity associated with the original network resource; adapting the request to use the at least one new entity; and performing the request using the at least one new entity.Type: GrantFiled: June 30, 2023Date of Patent: February 10, 2026Assignee: CyberArk Software Ltd.Inventors: Tomer Dayan, Ofir Iluz, Yaron Nisimov