Patents Examined by Longbit Chai
  • Patent number: 11070369
    Abstract: A system that comprises a quantum key device configured to generate quantum information and transmit the quantum information over a first and second quantum communication channel. The system also comprises a first device, communicatively coupled to the quantum key device over the first quantum communication channel, and a second device, communicatively coupled to the quantum key device over the second quantum communication channel. The system further comprises an encryption module configured to encrypt data to create encrypted data, at the first device, using a first quantum encryption key. The system also comprises a decryption module configured to decrypt the encrypted data to create decrypted data, at the second device, using a second quantum encryption key. The first quantum encryption key is the same as the second quantum encryption key. The system further comprises a termination module configured to prevent access to the decrypted data after a predetermined period of time.
    Type: Grant
    Filed: January 16, 2020
    Date of Patent: July 20, 2021
    Assignee: The Boeing Company
    Inventors: Wayne R. Howe, Jeffrey H. Hunt
  • Patent number: 11062044
    Abstract: An access control system for managing and enforcing an attribute based access control (ABAC) policy includes: a minimum ABAC implementation that produces a representation access control list in an ABAC policy system; and a local host system that produces a resource repository access control list in the local host system such that the resource repository access control list is based on the representation access control list.
    Type: Grant
    Filed: March 12, 2020
    Date of Patent: July 13, 2021
    Assignee: GOVERNMENT OF THE UNITED STATES OF AMERICA, AS REPRESENTED BY THE SECRETARY OF COMMERCE
    Inventors: David F. Ferraiolo, Gopi Katwala, Serban Gavrila
  • Patent number: 11063969
    Abstract: In one embodiment, a network security device monitors network communications between a computer and another computer. A periodicity of transmissions made by one computer to the other computer is determined, with the periodicity being used to identify candidate time point pairs having intervals that match the periodicity. A graph is constructed with time points of the candidate time point pairs as nodes and with intervals of time point pairs as edges. A longest path that continuously links one time point to another time point on the graph is compared to a threshold length to verify that the transmissions are periodic, and are thus potentially indicative of malicious network communications.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: July 13, 2021
    Assignee: Trend Micro Incorporated
    Inventors: Shoufu Luo, Jonathan Edward Andersson, Josiah Dede Hagen
  • Patent number: 11063756
    Abstract: Methods, systems and devices for using different encryption keys written into interconnects of different functional blocks in different integrated circuits to securely encrypt and authenticate firmware, data, instructions and other messages transmitted among said functional blocks; and methods, systems and devices to obfuscate encryption keys to significantly increase the time and resources required to compromise those keys, ensuring encrypted data is only decrypted by authorized functional blocks, applications or users. Unique keys, small enough not to impact substrate surface area available for other device functions, can be written by charged particle beams such that multiple (or each of) functional blocks has a corresponding key unique within an IC and across a line of ICs and so that access to said keys is as limited (or nonexistent) as desired.
    Type: Grant
    Filed: October 22, 2019
    Date of Patent: July 13, 2021
    Inventors: Kevin M. Monahan, David K. Lam, Theodore A. Prescop
  • Patent number: 11057418
    Abstract: Prioritizing vulnerability scan results is provided. Vulnerability scan results data corresponding to a network of data processing systems are received from a vulnerability scanner. The vulnerability scan results data are parsed to group the vulnerability scan results data by vulnerability identifiers. A corresponding security threat information identifier is associated with each vulnerability identifier. A correlation of each associated security threat information identifier is performed with a set of current vulnerability exploit data that corresponds to that particular security threat information identifier. Current security threat information that affects host data processing systems in the network is determined based on the correlation between each associated security threat information identifier and its corresponding set of current vulnerability exploit data. The current security threat information is prioritized based on a number of corresponding current vulnerability exploit attacks.
    Type: Grant
    Filed: October 15, 2018
    Date of Patent: July 6, 2021
    Assignee: International Business Machines Corporation
    Inventors: Steven Ocepek, Nevenko Zunic, Tamer Aboualy, Johnny A. Shaieb
  • Patent number: 11044267
    Abstract: A measure of influence of a sender entity is determined for a message receiving entity based at least in part on an analysis of previous electronic messages sent by the sender entity. An electronic message associated with the sender entity is received. The measure of influence of the sender entity is utilized to determine a security risk associated with the received electronic message.
    Type: Grant
    Filed: December 13, 2018
    Date of Patent: June 22, 2021
    Assignee: Agari Data, Inc.
    Inventors: Bjorn Markus Jakobsson, Siobhán McNamara, Patrick Richard Peterson, Jacob Rudee Rideout
  • Patent number: 11044233
    Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace and an isolated computing environment. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The host computer system may be configured to receive a request to communicate with a first network destination. On a condition that the first network destination is determined to be trusted, the processor may be configured to communicate with the first network destination via a first browser process executed in the workspace. On a condition that the first network destination is determined to be untrusted, the processor may be configured to communicate with the first network destination via a second browser process executed in the isolated computing environment.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: June 22, 2021
    Assignee: L3 Technologies, Inc.
    Inventors: Peter Martz, Kenneth Moritz, Glenn Coleman
  • Patent number: 11042400
    Abstract: A method for providing a language agnostic contract execution on a blockchain is provided. The method includes providing a menu comprising multiple execution environments, and selecting, from a suite of virtual machine containers, a virtual machine container that runs an execution environment selected by the developer of the blockchain application. The method also includes enabling one or more functions in the virtual machine container to access a dedicated memory or a state variable in the block producer to run an action in the virtual machine container, the action provided by a server running the blockchain application, providing the action to the blockchain application in the virtual machine container, and writing an output from the action of the blockchain application to a secure ledger in a blockchain. A system and a non-transitory, computer-readable medium storing instructions to perform the above method are also provided.
    Type: Grant
    Filed: February 16, 2021
    Date of Patent: June 22, 2021
    Assignee: block.one
    Inventor: Ian Holsman
  • Patent number: 11038888
    Abstract: A method for dynamically creating network access control lists includes, by a processor receiving a request for an access control list (ACL). The method further includes, in response to receiving the request for the ACL: receiving a plurality of resource description from a first data source, receiving a policy enforcement point (PEP) graph for a network from a second data source, and using the plurality of resource descriptions and the PEP graph to generate the ACL, wherein the ACL comprises at least one policy for controlling network traffic through a PEP of the network. Each of the plurality of resource descriptions is associated with a plurality of computing devices in the network, and includes one or more of the following: information corresponding to an Internet Protocol definition of a computing device, information corresponding to desired access of the computing device, and information corresponding to permitted access of the computing device.
    Type: Grant
    Filed: March 19, 2019
    Date of Patent: June 15, 2021
    Assignee: Google LLC
    Inventors: Vjaceslavs Klimovs, Daniel Watson
  • Patent number: 11036873
    Abstract: Techniques for enhancing the security of a communication device may include providing an application agent and a transaction application that executes on a communication device. The application agent may receive, from the application, a cryptogram key generated by a remote computer, and store the cryptogram key on the communication device. When the application agent receives a request to conduct a transaction from the application, the application agent may generate a transaction cryptogram using the cryptogram key, and provides the transaction cryptogram to an access device.
    Type: Grant
    Filed: October 15, 2019
    Date of Patent: June 15, 2021
    Assignee: Visa International Service Association
    Inventor: Eduardo Lopez
  • Patent number: 11032592
    Abstract: Systems and methods are provided for securely providing a media stream from a server device to a remote player via a communications network. A request for a connection is received from the remote player at the server device via the communications network. In response to the request for the connection, an authorization credential is requested from a central server via the communications network. Further, in response to the authorization credential received from the central server, the media stream between the server device and the remote player can be established over the communications network. At least a portion of the media stream may be encrypted based upon the authorization credential.
    Type: Grant
    Filed: June 24, 2019
    Date of Patent: June 8, 2021
    Assignee: SLING MEDIA L.L.C.
    Inventor: Padmanabha R. Rao
  • Patent number: 11023590
    Abstract: A method, apparatus, system, and computer program product for performing security testing. Information about successful payloads in payloads is determined by a computer system using crowd-sourced data in which a successful payload is a payload used in a successful attack. A set of popular payloads is determined by a computer system from the payloads using information about the successful payloads determined using the crowd-sourced data. Testing is focused by the computer system on the set of popular payloads based on a set of key features for the set of popular payloads.
    Type: Grant
    Filed: November 28, 2018
    Date of Patent: June 1, 2021
    Assignee: International Business Machines Corporation
    Inventors: Paul Ionescu, Omer Tripp, Iosif Onut
  • Patent number: 11019061
    Abstract: Embodiments of an invention for protecting supervisor mode information are disclosed. In one embodiment, an apparatus includes a storage location, instruction hardware, execution hardware, and control logic. The storage location is to store an indicator to enable supervisor mode information protection. The instruction hardware is to receive an instruction to access supervisor mode information. The execution hardware is to execute the instruction. The control logic is to prevent execution of the instruction if supervisor mode information protection is enabled and a current privilege level is less privileged than a supervisor mode.
    Type: Grant
    Filed: November 19, 2018
    Date of Patent: May 25, 2021
    Assignee: Intel Corporation
    Inventors: Barry E. Huntley, Gilbert Neiger, H. Peter Anvin, Asit K. Mallick, Adriaan Van De Ven, Scott D. Rodgers
  • Patent number: 11012421
    Abstract: Disclosed is an improved systems, methods, and computer program products that use a cluster-based probability model to perform anomaly detection, where the clusters are based upon entities and interactions that exist in content management platforms.
    Type: Grant
    Filed: August 28, 2018
    Date of Patent: May 18, 2021
    Assignee: Box, Inc.
    Inventor: Kave Eshghi
  • Patent number: 11003761
    Abstract: Embodiments for implementing an inferred access authentication decision for an application by a processor. A minimum required credential strength of a current authentication process for an application is compared to a previous, successful authentication for the application. The minimum required credential strength of application is inferred to be sufficient to validate the current authentication process upon determining a minimum required credential value (AMRCV) is greater than a predetermined threshold of the previous successful authentication for the application.
    Type: Grant
    Filed: September 5, 2018
    Date of Patent: May 11, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Charles S. Lingafelt, Gregory J. Boss, Andrew R. Jones, John E. Moore, Jr., Kevin Charles Mcconnell
  • Patent number: 11003774
    Abstract: An apparatus for detecting malicious files includes a memory and a processor communicatively coupled to the memory. The processor receives multiple potentially malicious files. A first potentially malicious file has a first file format, and a second potentially malicious file has a second file format different than the first file format. The processor extracts a first set of strings from the first potentially malicious file, and extracts a second set of strings from the second potentially malicious file. First and second feature vectors are defined based on lengths of each string from the associated set of strings. The processor provides the first feature vector as an input to a machine learning model to produce a maliciousness classification of the first potentially malicious file, and provides the second feature vector as an input to the machine learning model to produce a maliciousness classification of the second potentially malicious file.
    Type: Grant
    Filed: January 25, 2019
    Date of Patent: May 11, 2021
    Assignee: Sophos Limited
    Inventors: Joshua Daniel Saxe, Ethan M. Rudd, Richard Harang
  • Patent number: 11006273
    Abstract: Described embodiments provide systems and methods for policy-based authentication, where the policy may designate locations and/or forms of proof of locations, for use in authentication. Some embodiments include or utilize a database storing authentication policies. In an example system, an authentication server in communication with the database is configured to receive a request from a device needing authentication. The request may include a credential. The authentication server is configured to retrieve, from the database storing authentication policies, an authentication policy corresponding to the device, the retrieved authentication policy specifying a location parameter. The authentication server is configured to receive location data from the device and resolve the authentication request using the credential and the received location data pursuant to the retrieved authentication policy.
    Type: Grant
    Filed: October 3, 2017
    Date of Patent: May 11, 2021
    Assignee: Citrix Systems, Inc.
    Inventor: Hao Wu
  • Patent number: 10999260
    Abstract: In a general aspect, secure messaging between electronic modules is described. In an example, a method includes: generating, by a first electronic module, a private key and a public key associated with the private key; communicating, by the first electronic module, an unencrypted message, including the public key, to a first network-connected device using a first module-to-device communication link; receiving, from the first network-connected device, an encrypted message including a symmetric encryption key generated by a second electronic module; decrypting, by the first electronic module, the encrypted message using the private key, wherein decrypting using the private key makes the symmetric encryption key available to the first electronic module; and establishing, by the first electronic module, a secure messaging channel with the second electronic module based on at least the symmetric encryption key.
    Type: Grant
    Filed: July 21, 2020
    Date of Patent: May 4, 2021
    Assignee: iCoin Technology, Inc.
    Inventors: Chester Silvestri, Adam Silvestri
  • Patent number: 10999310
    Abstract: To combat data theft and/or sabotage, a network-level security client may monitor and selectively apply security protocols to manage risk in data transfers within, incoming to, and outgoing from an organization's data network. This top-down approach may become increasingly difficult to maintain within a data network with numerous connected terminals, storage devices, and other devices, many of which may be attempting data transfers simultaneously. In the presently disclosed technology, connected data storage devices each include an endpoint security client embedded in data storage device firmware. The endpoint security clients each establish a security client connection with a network security client upon connection to a data storage network, monitor data transfers within the data storage network, and selectively apply security protocols to manage risk in data transfers, thereby decentralizing some aspects of data security within the organization's data network.
    Type: Grant
    Filed: November 27, 2018
    Date of Patent: May 4, 2021
    Assignee: SEAGATE TECHNOLOGY LLC
    Inventor: Michael Francis Chalmandrier-Perna
  • Patent number: 10997125
    Abstract: A method of applying proof of lottery to select block forgers in a blockchain, comprising performing the following at a certain one of a plurality of computing nodes connected to a blockchain network: (1) transmitting one or more of a plurality of participation transactions submitted by at least some of the plurality of computing nodes for participating in selection process conducted to select forgers from the plurality of computing nodes to forge blocks to be added to the blockchain; (2) determining a respective forger, during each selection process, by applying a selection function to an outcome of a hash function and a plurality of participation transactions extracted from a first subset of blocks preceding the respective block, the hash function is applied to a second subset of blocks preceding the respective block; and (3) forging the respective block in case the certain computing node is selected as the respective forger.
    Type: Grant
    Filed: November 29, 2018
    Date of Patent: May 4, 2021
    Assignee: Technion Research & Development Foundation Limited
    Inventor: Oded Shmueli