Patents Examined by Madhuri R Herzog
  • Patent number: 11990943
    Abstract: Aspects of the subject disclosure may include, for example, monitoring a security status of a wireless communication session comprising a back-haul link supporting a classical communication channel between a wireless access point and a wireless mobility core network. The classical communication channel is adapted to transport underlying data of the wireless communication session and, responsive to determining a change in the security status, associating with the wireless communication session a quantum communication channel adapted to transport information via qubits. Information is exchanged between the wireless access point and the mobility core network via the qubits of the quantum communication channel, wherein the exchanging of the information via the qubits enhances a security level of the wireless communication session in view of a perceived threat. Other embodiments are disclosed.
    Type: Grant
    Filed: January 4, 2021
    Date of Patent: May 21, 2024
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: Moshiur Rahman
  • Patent number: 11989312
    Abstract: A method for transmitting information between a data processing system external to the vehicle and systems using the information in a vehicle employs integrity protection and/or encryption mechanisms. The integrity and/or encryption mechanisms are used with different levels of protection, wherein the level of protection is selected and/or adjusted based on the information or a classification of the information, the provided use of the information, the state of the vehicle, the surroundings of the vehicle, the origin of the information, the protection goal, and/or the resource consumption.
    Type: Grant
    Filed: May 11, 2020
    Date of Patent: May 21, 2024
    Inventors: Viktor Friesen, Micha Koller, Hubert Rehborn
  • Patent number: 11968179
    Abstract: Systems and methods include, responsive to a request to access an application, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet, determining if a user of the user device is permitted to access the application and whether the application should be provided in an isolated browser; responsive to the determining, creating secure tunnels between the user device, an isolation service operating the isolated browser, and the application based on connection information; loading the application in the isolated browser, via the secure tunnels; and providing image content for the application to the user device, via the secure tunnels.
    Type: Grant
    Filed: April 29, 2021
    Date of Patent: April 23, 2024
    Assignee: Zscaler, Inc.
    Inventors: Alex-Marian Negrea, Constantin Miroslav, John A. Chanak, Arvind Nadendla
  • Patent number: 11968294
    Abstract: This application provide a data management method for a blockchain system, a medium, and an electronic device. The system includes an accounting node sub-network and a service node sub-network. The method includes: adding, after an accounting node generates a first data block, first key information used for verifying a block header of a second data block generated after the first data block to a block header of the first data block; generating a signature corresponding to the first data block, and adding the signature corresponding to the first data block to the block header of the first data block; and releasing the block header of the first data block to the service node sub-network, to cause a service node to verify the signature included in the block header of the first data block, and obtaining the first key information after a successful verification to verify the block header of the second data block.
    Type: Grant
    Filed: January 13, 2021
    Date of Patent: April 23, 2024
    Inventors: Maocai Li, Zongyou Wang, Li Kong, Kaiban Zhou, Hu Lan, Yifang Shi, Changqing Yang, Jinsong Zhang, Yong Ding, Gengliang Zhu, Qucheng Liu, Qiuping Chen
  • Patent number: 11954213
    Abstract: A system may receive a string of characters, identify two or more sub-strings of the string, compare the two or more sub-strings to one or more reserve values from a database of reserve values, identify a first sub-string of the two or more sub-strings that contains one of the one or more reserve values, identify a second sub-string of the two or more sub-strings with a sensitive value, and obfuscate the second sub-string and not obfuscating the first sub-string.
    Type: Grant
    Filed: September 13, 2021
    Date of Patent: April 9, 2024
    Assignee: International Business Machines Corporation
    Inventors: Kin Fong, Matthias Seul
  • Patent number: 11941133
    Abstract: One aspect provides an FPGA chip mounted on a printed circuit board (PCB). The FPGA chip can include a joint test action group (JTAG) interface comprising a number of input/output pins and an enablement pin, and a control logic block coupled to the enablement pin of the JTAG interface. The control logic block can receive a control signal from an off-chip control unit and control a logical value of the enablement pin based on the received control signal, thereby facilitating the off-chip control unit to lock or unlock the JTAG interface. The FPGA chip can further include a detection logic block to detect an unauthorized access to the FPGA chip. An input to the detection logic is coupled to the enablement pin, and a conductive trace coupling the input of the detection logic block and the enablement pin is situated on an inner layer of the PCB.
    Type: Grant
    Filed: September 23, 2021
    Date of Patent: March 26, 2024
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Siung Siew Liew, Khai Chiah Chng
  • Patent number: 11934544
    Abstract: Target data may be associated with a location requirement established by a data owner. A data access module may be used to attempt access to the target data. Location requirement and provenance metadata associated with the target data are obtained. The provenance metadata must be validated, and evidence only approved data access locations identified in the location requirement. A current location of a computing device attempting access to the target data must also meet the location requirement. The computing device is allowed to access the target data only in response to the current location and each location identified in the provenance metadata meeting the location requirement. The provenance metadata is updated to include a new record including the current data access location.
    Type: Grant
    Filed: March 17, 2022
    Date of Patent: March 19, 2024
    Inventors: Pierre Mouallem, William Laurence Jaeger, Scott A. Piper, Michael Gerard Demeter
  • Patent number: 11921846
    Abstract: Disclosed are systems and methods for improving interactions with and between computers in distributional similarity identification using randomized observations. In connection with an intrusion detection system monitoring a computing system, a pair of perturbed sample sets are generating using a pair of real sample set (or real observations) and a pair of random sample sets (of randomly-selected observations), and a similarity measuring representing a level of consistency in user behavior is determined. The systems improve the quality and accuracy of the similarity determination for use in intrusion detection.
    Type: Grant
    Filed: March 31, 2020
    Date of Patent: March 5, 2024
    Assignee: YAHOO ASSETS LLC
    Inventors: Stav Yanovsky Daye, Ran Wolff
  • Patent number: 11916963
    Abstract: In an example, systems and methods enable automatic implementation of intent-based security policies in a network system, such as a software-defined wide area network system, in which network segment prefixes for network segments at one or more sites are dynamically learned. A service orchestrator controller translates an intent-based security policy input by a user to a security policy for a first site. The security policy for the first site specifies a segment-specific queryable resource associated with a second site. To implement the security policy, a device associated with the first site queries the segment-specific queryable resource associated with the second site, and updates one or more forwarding tables of the device with the network segment prefixes associated with one or more network segments at the second site received in response to the query. The first site forwards network traffic to the second site based on the updated forwarding tables.
    Type: Grant
    Filed: March 30, 2021
    Date of Patent: February 27, 2024
    Assignee: Juniper Networks, Inc.
    Inventors: Kaushik Dutta Majumdar, Fnu Nadeem, Shanmukh Uppuluri
  • Patent number: 11914696
    Abstract: Quorum-based access control management may be implemented. Quorum controls may be created for determining whether to perform or deny access control operations to perform privileged tasks. When an access control operation is received, approval of the operation may be requested from members for the quorum control. If a policy for the quorum control is satisfied by approval responses, then approval to perform the access control operation may be provided.
    Type: Grant
    Filed: September 30, 2020
    Date of Patent: February 27, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Dean H Saxe, Conor P Cahill, Dennis Tighe, Jonathan Robert Hurd, Brian Mead Tyler, Cristian Marius Ilac, Mark Ryland
  • Patent number: 11907411
    Abstract: Example computing devices that are enabled to enter secure operating modes are provided. An example computing device includes a main processor to run an operating system enabled to establish communication from an external device to the main processor via a hardware interrupt handler when the external device is connected to the computing device. The computing device further includes a keyboard controller to detect a lock keystroke sequence at a keyboard, and, in response to detecting the lock keystroke sequence, cause the main processor to halt the operating system and to enter a secure operating mode in which communication from the external device to the main processor via the hardware interrupt handler is blocked.
    Type: Grant
    Filed: December 9, 2019
    Date of Patent: February 20, 2024
    Inventors: Mason Andrew Gunyuzlu, Robert Stephen Craig, Tevin Richards
  • Patent number: 11888817
    Abstract: A security system obtains data logs from a set of security applications that each output data of different data types and in different formats. A filtering module obtains the data from the security applications as an input message stream and processes the into message stream into an output message stream with messages in a standardized format for processing by a security engine. The filtering module includes a set of filters each tailored to process data from a different data source. The filtering module detects the data source from analysis of the data and applies the corresponding filter to generate the output message stream. The security engine then detects patterns in the output data stream and provides alerts to an administrative interface when it detects a pattern indicative of malicious activity.
    Type: Grant
    Filed: November 4, 2020
    Date of Patent: January 30, 2024
    Assignee: Cysiv, Inc.
    Inventor: Daniel James Smith
  • Patent number: 11880437
    Abstract: A system and method for securely storing, retrieving and sharing data using PCs and mobile devices and for controlling and tracking the movement of data to and from a variety of computing and storage devices.
    Type: Grant
    Filed: December 5, 2022
    Date of Patent: January 23, 2024
    Assignee: QUICKVAULT, INC.
    Inventor: Steven V. Bacastow
  • Patent number: 11847223
    Abstract: A method and a system for identifying indicators of compromise are provided. The method comprises: obtaining a given malware carrier configured for execution a main malware module; generating, based on the given malware carrier, an attack roadmap, the attack roadmap including a plurality of malware carriers; determining a malware class of each one of the plurality of malware carriers; generating a current list of indicators of compromise of each of the plurality of malware carriers; searching a database to locate at least one stored attack roadmap including a plurality of stored malware carriers; retrieving from the database a stored list of indicators of compromise for each of the plurality of stored malware carriers; generating an amalgamated list of indicators of compromise based on the current list of indicators and the stored digital list of indicators of compromise; storing, in the database, the amalgamated list of indicators of compromise.
    Type: Grant
    Filed: February 18, 2021
    Date of Patent: December 19, 2023
    Assignee: GROUP IB TDS, LTD
    Inventor: Ilia Sergeevich Pomerantsev
  • Patent number: 11849328
    Abstract: A computer-implemented method, in a communication framework in which each of a plurality of users has one or more devices associated therewith, and in which the users use at least some of their devices to communicate via a backend system. A first user has a first set of first one or more associated trusted devices, and a second user has a second set of second one or more trusted devices associated therewith. The first user forms a first trust relationship between a first device in the first set and a second device in the second set. Based on (i) the first trust relationship, and (ii) the second set associated with the second user, the first user forms a second trust relationship between each device in the first set and each device in the second set. A least one device in the first set communicates with one or more devices in the second set based on the second trust relationship.
    Type: Grant
    Filed: March 14, 2019
    Date of Patent: December 19, 2023
    Assignee: Wire Swiss GmbH
    Inventor: Raphael Robert
  • Patent number: 11848933
    Abstract: Systems and methods that provide access to users of a network system via a unique identity key that controls access and permission rights of outside entities as controlled by the entity itself. The system assigns unique identity to a unique entity. The key is responsible for facilitating preferred access types and information accessed by outside entities, and acts as a signal for action, interaction and experience within the System as well as third party platforms. Each interaction within the system includes a requesting entity's proxy (‘REP’) sending an information access request (‘IAR’) to the deciding entity's proxy (‘DEP’) via a network. This IAR is routed to the correct DEP via the unique identifier. The DEP applies access preferences to allow or deny the IAR, in part or completely. If allowed or partially allowed, the DEP returns information to the REP.
    Type: Grant
    Filed: October 31, 2022
    Date of Patent: December 19, 2023
    Assignee: THE & COMPANY
    Inventors: Daniel James Carroll, Aaron August Sloup
  • Patent number: 11849319
    Abstract: A method may be provided at a wireless terminal to support communications with a network node of a wireless communication network. An IKE SA may be initiated to establish a NAS connection between the wireless terminal and the network node through a non-3GPP access network and a non-3GPP interworking function network node. After initiating the IKE SA, an IKE authorization request may be transmitted through the non-3GPP access network to the N3IWF network node, with the IKE authorization request including an identifier of the wireless terminal. An access network key may be derived for the NAS connection through the non-3GPP access network at the wireless terminal, with the access network key being derived based on a NAS count for the wireless terminal and an anchor key. An IKE authorization response corresponding to the IKE authorization request may be received.
    Type: Grant
    Filed: July 28, 2017
    Date of Patent: December 19, 2023
    Inventors: Noamen Ben Henda, Vesa Lehtovirta, Mikael Wass, Monica Wifvesson
  • Patent number: 11848958
    Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to detect malware based on network traffic analysis. An example apparatus includes a classification controller to: in response to a first classification score of a first network traffic sample satisfying a first threshold, determine whether a second classification score of a second network traffic sample satisfies a second threshold; and in response to the second classification score of the second network traffic sample satisfying the second threshold, classify network traffic associated with the first network traffic sample and the second network traffic sample as potentially malicious network traffic; and a remediation controller to, in response to the network traffic being classified as the potentially malicious network traffic, execute a remediation action to remediate malicious activity associated with the potentially malicious network traffic.
    Type: Grant
    Filed: December 23, 2019
    Date of Patent: December 19, 2023
    Assignee: McAfee, LLC
    Inventors: Daniel Burke, Bernard Sapaden, Jorge Arias, Hemendra Singh, Bhargav Shah
  • Patent number: 11841940
    Abstract: An information handling system may include at least one processor; a plurality of physical storage resources; and a network interface configured to communicatively couple the information handling system to a plurality of host systems; wherein the information handling system is configured to: determine a likelihood of compromise for each of the plurality of host systems; and in response to the likelihood of compromise for a particular host system exceeding a threshold likelihood, carry out a remedial action with respect to the particular host system, wherein the remedial action includes restricting access from the particular host system to the plurality of physical storage resources.
    Type: Grant
    Filed: July 16, 2021
    Date of Patent: December 12, 2023
    Assignee: Dell Products L.P.
    Inventors: Susan E. Young, Elie Jreij, Arieh Don
  • Patent number: 11838299
    Abstract: Systems and methods include receiving a request for resources that are one of web content and a cloud application from a user device; determining the request requires isolation based on any of policy, category of the web content, type of the user device, and location of the user device; rendering content associated with the request in a secure environment that is isolated from the user device; and providing image content based on the content to the user device. The user device can execute a web browser that loads the image content utilizing a JavaScript application and that interacts with the image content by sending keyboard and mouse inputs via a WebSocket channel.
    Type: Grant
    Filed: December 4, 2019
    Date of Patent: December 5, 2023
    Assignee: Zscaler, Inc.
    Inventors: Uli P. Mittermaier, Alex-Marian Negrea