Patents Examined by Longbit Chai
  • Patent number: 12651047
    Abstract: A method for managing licensed content includes receiving an encrypted license file and a pre-shared key (PSK) from a deployment package and decrypting the encrypted license file using the PSK to obtain license file content. The method further includes sending the license file content to a secure license generator, obtaining a locking ID associated with an edge device, and encrypting the license file content using the locking ID to obtain a locking ID license file, wherein the locking ID is usable to access the locking ID license file. Finally, the method includes deleting the PSK and the encrypted license file, wherein, based on the deleting, the deployment package comprises a software product file and the locking ID license file.
    Type: Grant
    Filed: December 9, 2024
    Date of Patent: June 9, 2026
    Assignee: Dell Products L.P.
    Inventors: B R Nagalakshmi, Vaneeswaran Natrayan
  • Patent number: 12647362
    Abstract: A method and system for reducing triggering of throughput penalties imposed on a group of users by a software-as-a-service (SaaS) server due to Application Programming Interface (API) calls exceeding limits of the SaaS server. The approaches include intercepting requests to the SaaS server from a user group and monitoring a rate of API calls the API calls forwarded to the SaaS server, identifying one or more power users based on a notification threshold value for the user group, and managing the rate of the API calls for the requests submitted by the identified power users of the user group in accordance with an API call throttle limit, thus remediating triggering of the throughput penalty.
    Type: Grant
    Filed: August 5, 2024
    Date of Patent: June 2, 2026
    Assignee: Netskope, Inc.
    Inventors: Chandrasekaran Rajagopalan, Brian Miller
  • Patent number: 12640921
    Abstract: Systems and techniques may generally be used for provisioning local storage data object containers. A public-facing interface may receive a satisfaction identifier for a data object axiom instrument and may acquire user consent acknowledging ephemeral disclosure of recovery credentials to initiate a satisfaction workflow. A service layer may validate the identifier against a satisfaction ledger and may orchestrate the workflow by issuing a satisfy command to another service layer. The service layer, isolated from public ingress, may generate container key material defining a destination address and may construct and sign a transfer to the address. A network broadcast interface may submit the transfer to a blockchain network. An ephemeral disclosure module may present the recovery credentials in a disclosure viewport with a countdown timer. Upon expiry, the credentials may be zeroized and subsequent disclosure may be prevented, enforcing a policy of no server-side persistence.
    Type: Grant
    Filed: December 4, 2025
    Date of Patent: May 26, 2026
    Inventor: Victor Almeida Barros
  • Patent number: 12639420
    Abstract: Disclosed herein is a method for defining a model of a trusted IoT security gateway architecture based on a microhypervisor, wherein evaluation of the model provides a guarantee that the correct security protections are applied to each IoT device's network traffic at all times, including when under attack. The models defined in accordance with the method disclosed herein are used to verify security gateway architectures that provide robust trust properties to a broad range of legacy hardware platforms utilizing existing software with a reasonable performance overhead.
    Type: Grant
    Filed: July 13, 2022
    Date of Patent: May 26, 2026
    Assignee: CARNEGIE MELLON UNIVERSITY
    Inventors: Amit Vasudevan, Matthew McCormack, Vyas Sekar
  • Patent number: 12632583
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for securely certifying products in an ecosystem. In some implementations, a digital platform receives a user request to access digital models. The digital platform determines whether the user is authorized to access the digital models. In response, the digital platform generates a transaction request to send to a location of the digital models, wherein the transaction request comprises data identifying operations to perform using the digital models. The digital platform transmits, to the location of the digital models, the generated transaction request that causes execution of the operations. The digital platform receives data representative of a result of the operations performed. The digital platform provides, to a user interface of the user device, the data representative of the result. The digital platform audits the data related to the transaction request and the data representative of the result.
    Type: Grant
    Filed: August 30, 2024
    Date of Patent: May 19, 2026
    Assignee: Istari Digital, Inc.
    Inventors: William Roper, Jr., Christopher Benson, Sriram Krishnan, Baha aldeen E.A. Abunojaim, Ellie Daw, Omar Valverde, Mohammad M.Y. Zahra, Peter Galvin, Danne Stayskal Huffaker
  • Patent number: 12627668
    Abstract: A method for role-based access control recommendation includes obtaining one or more security logs from a security analytics platform. The method includes determining access rights to the one or more security logs for one or more users of the security analytics platform. The determining includes generating one or more clusters of security logs based on the one or more security logs. The determining includes providing, to a user of the security analytics platform, a recommendation for a first data access group for the security analytics platform based on a first cluster of the one or more clusters. The determining includes, responsive to input from the user of the security analytics platform, generating the first data access group for the security analytics platform based on the first cluster of the one or more clusters.
    Type: Grant
    Filed: May 9, 2024
    Date of Patent: May 12, 2026
    Assignee: Google LLC
    Inventor: James Paul Black
  • Patent number: 12609820
    Abstract: A method for generating a secure secret key, includes the following steps: A. receiving, in a communication station referred to as the transmitting station, a first secret key by way of a quantum encryption channel via satellite, the first secret key also being transmitted to at least one other communication station by way of the quantum encryption channel; B. generating, in the transmitting station, a second secret key using a trusted random number generator; C. generating an encrypted secret key using the first secret key and the second secret key by the one-time pad method; D. transmitting the encrypted secret key from the transmitting station to the one or more other communication stations.
    Type: Grant
    Filed: September 15, 2022
    Date of Patent: April 21, 2026
    Assignee: THALES
    Inventors: Benoit Tranier, Jean Didier Gayrard
  • Patent number: 12609965
    Abstract: Systems and methods for workspace orchestration based on contributor scores are described. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: receive, at a local management agent from a workspace orchestration service, one or more files configured to enable the local management agent to instantiate a workspace based, at least in part, upon an aggregated contributor score; and instantiate the workspace.
    Type: Grant
    Filed: March 20, 2024
    Date of Patent: April 21, 2026
    Assignee: Dell Products L.P.
    Inventors: Girish S. Dhoble, Nicholas D. Grobelny, Jason Kolodziej
  • Patent number: 12602514
    Abstract: A method for processing sensitive user personally identifiable information (PII) data across geographical boundaries, including: receiving in real-time, by a personally identifiable information (PII) resolver within a first location, a payload data object from a first processing unit at a second location, wherein the payload data object comprises: a header comprising metadata, a body comprising a message to be sent to a user, and a first identifier associated with the user; determining, by the PII resolver, a second identifier and a third identifier stored in a database corresponding to the received first identifier, wherein the database includes a mapping between the first identifier, and the second identifier, and the third identifier; replacing, by the PII resolver.
    Type: Grant
    Filed: September 5, 2025
    Date of Patent: April 14, 2026
    Assignee: MOENGAGE INDIA PRIVATE LIMITED
    Inventors: Ajish Nair, Yashwanth Kumar, Nikhil Kumar, Shilpa Narayana Reddy
  • Patent number: 12574418
    Abstract: One example method includes receiving, from a prospective tenant, a request to provision a tenant cluster of a cloud computing environment, creating, and/or accessing, a tenant-specific catalog that contains information identifying a tenant-specific configuration of trusted execution environment (TEE) hardware, provisioning the TEE hardware according to the information in the tenant-specific catalog, monitoring the TEE hardware for any TEE state changes, analyzing a detected TEE state change, and when the detected TEE state change indicates a specified risk, applying a TEE hardware maintenance state to the TEE hardware.
    Type: Grant
    Filed: January 19, 2024
    Date of Patent: March 10, 2026
    Assignee: Dell Products L.P.
    Inventors: Viswanath Ponnuru, Vinay Sawal, Sumanth Vidyadhara, Judith A. Furlong, Krishnaprasad K
  • Patent number: 12568086
    Abstract: A system has been created to automatically expand CSPM coverage for an organization based on CSP offerings and organization usage of cloud resources. The system crawls API specifications of each CSP used by an organization to extract cloud resource metadata including attributes and attribute descriptions. The system classifies each discovered attribute as related to security or not related to security. The system then filters out those security related attributes that already have CSPM coverage. The system collects information across different data sources corresponding to CSPM for the organization, such as audit logs and ingestion requests. The system then prioritizes resource attributes for metadata ingestion based on configurable parameters that consider newly discovered CSP offerings represented by discovered security related attributes. According to the prioritization, the system generates templates to execute for ingestion.
    Type: Grant
    Filed: March 26, 2024
    Date of Patent: March 3, 2026
    Assignee: Palo Alto Networks, Inc.
    Inventors: Ankit Agarwal, Vivek Hari Menon, Akshay Raghunandan, Pranav Rai
  • Patent number: 12568099
    Abstract: Technologies for generating a set of models for each account, where each model is a fine-grained, unsupervised behavior model trained for each user to monitor and detect anomalous patterns are described. An unsupervised training pipeline can generate user models, each being associated with one of multiple accounts and is trained to detect an anomalous pattern using feature data associated with the one account. Each account is associated with at least one of a user, a machine, or a service. An inference pipeline can detect a first anomalous pattern in first data associated with a first account using a first user model. The inference pipeline can detect a second anomalous pattern in second data associated with a second account using a second user model.
    Type: Grant
    Filed: August 17, 2023
    Date of Patent: March 3, 2026
    Assignee: NVIDIA Corporation
    Inventors: Rachel Allen, Gorkem Batmaz, Michael Demoret, Ryan Kraus, Hsin Chen, Bartley Richardson
  • Patent number: 12563097
    Abstract: Systems and methods for enforcing tag-based policy on dynamic workloads include monitoring, via a cloud-based system, traffic associated with one or more customers of the cloud-based system; receiving a packet from a workload associated with a customer of the one or more customers; performing a tag lookup at one or more nodes of the cloud-based system based on the packet; enforcing one or more policies based on the tag lookup. Based on no tags being found for the workload during the tag lookup at the one or more nodes, the nodes are adapted to drop the packet; query the one or more cloud connectors for workload information; and receive, in a next packet, all tags and a version associated with the workload.
    Type: Grant
    Filed: January 16, 2024
    Date of Patent: February 24, 2026
    Assignee: Zscaler, Inc.
    Inventors: Charles Bransi, Praveen Yadothare, Siva Yarlagadda, Vladimir Stepanenko
  • Patent number: 12563102
    Abstract: Dynamic attribute-based edge-deployed security in an industrial automation environment is described. A policy engine receives a command executable relevant to operational technology of an industrial automation environment via an access account. The policy engine classifies the command as approved or denied based on identifying a security policy based on the access account and operational technology, determining a set of parameter values based on the security policy, determining an intent of the command based on the set of parameter values, and classifying the command by evaluating the intent against the security policy. In response to command approval, the policy engine identifies a first communication channel coupling the operational technology and a policy enforcement point, connects a second communication channel coupling the policy enforcement point and the policy engine, and transmits the command and an indication of the first channel to the policy enforcement point via the second channel.
    Type: Grant
    Filed: March 15, 2024
    Date of Patent: February 24, 2026
    Assignee: Rockwell Automation Technologies, Inc.
    Inventors: Diane E. Golden, Michael J. Anthony, Blake S. Johnson
  • Patent number: 12556582
    Abstract: Systems and methods provide controlled access to resources in a zero-trust computing environment. Requests for access to resources of the zero-trust environment are tracked, including identifying policies evaluated in response to requests for access to resources. Based on the tracked requests, policies are identified that were satisfied in granting access to resources and that were not satisfied in denying access to resources. Request for access to resources are evaluated based on a trust score for a resource that is calculated based on users requesting access to the resource, hardware requesting access to the resource, software applications requesting access to the resource, networks used to request access to the resource and data exposed by providing the requested access to the resource. The trust score for the resource is adjusted upwards based on the policies satisfied in granting requested access, and adjusted downwards based on policies not satisfied in denying requested access.
    Type: Grant
    Filed: August 1, 2023
    Date of Patent: February 17, 2026
    Assignee: Dell Products L.P.
    Inventors: Deepak Gaikwad, Judith A. Furlong, Raj Suryavanshi, Biraj Silwal, Berke Belge, Chenhao Huang, Sarthak Madrecha
  • Patent number: 12556538
    Abstract: In one or more examples disclosed herein, a potential cyberattack is detected in a centralized computer system. A centralized policy service generates a prevention policy in response, using the information about the potential cyberattack. The prevention policy allows granular blocking of selective functionality in respect of a certain user(s). Although generated centrally, one generated, the prevention policy is distributed to multiple computer devices (e.g. within an organization) for decentralized enforcement, by policy agents executed on those computer devices.
    Type: Grant
    Filed: March 20, 2023
    Date of Patent: February 17, 2026
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Noam Hadash, Amir Kutcher, Edan Zwick, Philip Tsukerman, Yair Tsarfaty
  • Patent number: 12556565
    Abstract: A system and method for ingesting delayed logs for cybersecurity detection is presented. The method includes detecting a resource deployed in a computing environment, the resource configured to generate a local log on a disk of the resource; periodically fetching the local log from the disk, the local log including a plurality of event records written by at least a software application executed on the resource; applying a control on the fetched local log; and detecting a cybersecurity issue on the resource based on a result of applying the control.
    Type: Grant
    Filed: August 11, 2025
    Date of Patent: February 17, 2026
    Assignee: Wiz, Inc.
    Inventor: Ofir Saban
  • Patent number: 12556585
    Abstract: The present disclosure provides a communication method and apparatus, and a device. The communication method may be applied to a communication system, such as an onboarding network (ONN) system. The method may include: an access network device receives a registration request message from a terminal device, establishment cause information carried in the registration request message being to log on to a standalone non-public network (SNPN); and the access network device configures a user plane security policy of the terminal device as a first security policy according to the establishment cause information so as to indicate to activate user plane encryption protection and/or user plane integrity protection for a DRB belonging to a PDU session.
    Type: Grant
    Filed: July 19, 2021
    Date of Patent: February 17, 2026
    Assignee: BEIJING XIAOMI MOBILE SOFTWARE CO., LTD.
    Inventor: Wei Hong
  • Patent number: 12549603
    Abstract: Systems, methods and/or computer program products for dynamically adjusting levels of data security, encryption enforcement, confidentiality, network policies and other parameters within a network and at processing nodes thereof, implementing heightened levels of security and encryption as needed, based on the type of datasets being processed. Enforcement and removal of data security, encryption requirements, confidentiality, network policies and other parameters at the nodes of the network is performed using headers and footers added to the source dataset. Headers prescribe the heightened level of security or encryption being enforced at each node of the network along the source dataset's flow trajectory, while footers follow the completed processing of the source dataset and indicates to the nodes along the data flow trajectory the conditions for removing the heightened level of security, encryption, confidentiality, network policies and other parameters prescribed by the headers.
    Type: Grant
    Filed: September 14, 2022
    Date of Patent: February 10, 2026
    Assignee: International Business Machines Corporation
    Inventors: Partho Ghosh, Sarbajit K. Rakshit, Venkata Vara Prasad Karri, Akash U. Dhoot
  • Patent number: 12549538
    Abstract: Disclosed embodiments relate to systems and methods for providing agentless efficient queries for native network resource connections. Techniques include receiving a request from a network identity to access an original network resource; authenticating the network identity using a native client and communication protocol; authorizing the network identity based on one or more access policy; identifying an account having a secret, based on the one or more access policy; accessing the original network resource using the secret; enabling the network identity to access the original network resource using the account using the native client and communication protocol; creating at least one new entity associated with the original network resource; adapting the request to use the at least one new entity; and performing the request using the at least one new entity.
    Type: Grant
    Filed: June 30, 2023
    Date of Patent: February 10, 2026
    Assignee: CyberArk Software Ltd.
    Inventors: Tomer Dayan, Ofir Iluz, Yaron Nisimov