Patents Examined by Matthew Smithers
  • Patent number: 11902330
    Abstract: A device may receive data identifying malicious behavior by a compromised endpoint device associated with a network and may receive user identity data identifying a user of the compromised endpoint device associated with the network. The device may receive endpoint device data identifying the compromised endpoint device and other endpoint devices associated with the network and may receive network device data identifying network devices associated with the network. The device may utilize the data identifying malicious behavior, the user identity data, and the endpoint device data to generate, based on an identity of the user, a security policy to isolate the malicious behavior. The device may cause the security policy to be provided to the network devices and the other endpoint devices based on the network device data and the endpoint device data.
    Type: Grant
    Filed: June 16, 2021
    Date of Patent: February 13, 2024
    Assignee: Juniper Networks, Inc.
    Inventor: Craig Dods
  • Patent number: 11899828
    Abstract: Methods and apparatus for protecting a physical unclonable function (PUF) generator are disclosed. In one example, a PUF generator is disclosed. The PUF generator includes a PUF cell array, a PUF control circuit and a reset circuit. The PUF cell array comprises a plurality of bit cells. Each of the plurality of bit cells is configurable into at least two different stable states. The PUF control circuit is coupled to the PUF cell array and is configured to access each of the plurality of bit cells to determine one of the at least two different stable states upon a power-up of the plurality of bit cells, and generate a PUF signature based on the determined stable states of the plurality of bit cells. The reset circuit is coupled to the PUF cell array and is configured to set the plurality of bit cells to represent their initialization data based on an indication of a voltage tempering event of a supply voltage of the PUF cell array.
    Type: Grant
    Filed: July 7, 2022
    Date of Patent: February 13, 2024
    Assignee: Taiwan Semiconductor Manufacturing Co., Ltd.
    Inventor: Shih-Lien Linus Lu
  • Patent number: 11900377
    Abstract: Aspects described herein may allow for authenticating a user by generating a customized set of authentication questions based on patterns that are automatically detected and extracted from user data. The user data may include transaction data collected over a period of time. By automatically detecting user patterns that correspond to user behavior over a period of time, an authentication system may be able to generate information that is recognizable to an authentic user but difficult to guess or circumvent for any other user.
    Type: Grant
    Filed: July 1, 2021
    Date of Patent: February 13, 2024
    Assignee: Capital One Services, LLC
    Inventors: Joshua Edwards, David Septimus, Samuel Rapowitz, Jenny Melendez, Tyler Maiman, Viraj Chaudhary
  • Patent number: 11902282
    Abstract: Disclosed herein are system, method, and computer program product embodiments for displaying roles of an identity and access management (IAM) together with their corresponding compliance status of the assigned security policies with respect to a set of security rules. The method includes selecting a first role and a second role administered by an entity of the IAM system. Afterwards, the method includes determining, based on a set of security rules, a first compliance status of the first role associated with a first set of security policies; and a second compliance status of the second role associated with a second set of security policies. In addition, the method includes displaying on a GUI, the first role and the second role together with a first compliance status and a second compliance status.
    Type: Grant
    Filed: May 28, 2021
    Date of Patent: February 13, 2024
    Assignee: Capital One Services, LLC
    Inventors: Matthew A. Ghiold, Muhammad Saad Tahir, Gavin McGrew
  • Patent number: 11902260
    Abstract: A network node selectively encrypts messages between a user plane node and a control plane node in a network system. The user plane node and the control plane node negotiate a connection and indicate an encryption level for the connection. The encryption level is selected from an Information Element (IE) level, a message level, or a feature level. The user plane node and the control plane node selectively encrypt at least a portion of the messages between the user plane node and the control plane node based on the encryption level for the connection.
    Type: Grant
    Filed: August 2, 2021
    Date of Patent: February 13, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Pravin Appaji Ajagekar, Ravi Shekhar, Nithin Chitta
  • Patent number: 11902323
    Abstract: The present embodiments relate to identifying and mitigating memory bit flips in a cloud infrastructure service. The cloud infrastructure service can provide a monitoring system to monitor low level memory space to detect bit flips by the DRAM instances in the cloud infrastructure service. The bit flips detected in various DRAM computing instances can be processed to verify that the bit flips are sustained (e.g., and possibly relating to a Rowhammer attack) rather than transitory bit flips occurring in DRAM computing devices. Responsive to validating a set of bit flips at one or more computing instances, workloads associated with the affected computing instances can be migrated to other computing instances in the cloud infrastructure service.
    Type: Grant
    Filed: August 31, 2021
    Date of Patent: February 13, 2024
    Assignee: Oracle International Corporation
    Inventor: Phani Bhushan Avadhanam
  • Patent number: 11895144
    Abstract: Disclosed are implementations, including a method that includes monitoring dataflow streams in a network comprising multiple computing nodes, and determining network security characteristics for a dataflow stream, from the monitored dataflow streams, relating to security, authentication, and access events for accessing, via the dataflow stream, one or more of the multiple nodes. The method further includes determining potential violations by the dataflow stream of security policies defined for operation of the network, access functionality for the network, or identity attributes used by the network, based, at least in part, on the determined network security characteristics for the dataflow stream, and based on network-operation data comprising one or more of network security data, network identity data, and network access data. The network-operation data is stored in one or more data storage units in the network, and is configured to manage network access and operation for the multiple computing nodes.
    Type: Grant
    Filed: May 21, 2021
    Date of Patent: February 6, 2024
    Assignee: AUTHMIND INC.
    Inventors: Shlomo Yanay, Ankur Panchbudhe
  • Patent number: 11895252
    Abstract: A method, controller, and non-transitory computer-readable medium of a distributed crypto-ledger network, including receiving an instruction to perform an operation between a first user and a second user, the first user corresponding to a first entity that is a member of the distributed crypto-ledger network, the instruction comprising a destination address corresponding to the second user, querying a top-level name registry with the destination address to determine a second entity associated with the destination address, the second entity being a different member of the crypto-ledger network, and executing the operation between the first user and the second user by transmitting execution instructions to the first entity and the second entity, the execution instructions causing a first entity controller to modify data stored on a first distributed crypto-ledger of the first entity, and causing a second entity controller to modify data stored on the second distributed crypto-ledger of the second entity.
    Type: Grant
    Filed: June 10, 2022
    Date of Patent: February 6, 2024
    Assignee: TASSAT GROUP INC.
    Inventors: Kevin Lupowitz, Eric Couillard, Sanjaya Kulkarni, Brian Bruce, Sanjay Deshpande, Omari Edwards, Joe Grastara, Al Gleicher
  • Patent number: 11886619
    Abstract: Systems, related methods and other means for providing the securing of web site source code are provided herein. The system and methods may be configured to poll a client device and/or to otherwise determine whether a debugging console is active on a client device and deny access to the JavaScript and source code if the debugging console is active. Additionally or alternatively, the system and methods may receive a request to access the source code form a client device, and may determine whether the request is from a trusted referrer and whether the debugging console is active. When the request is from an untrusted referrer, and/or when the debugging console is active the system and method can deny access to the source code. When the request is from a trusted referrer and the debugging console in inactive, the system and method can grant access to the source code.
    Type: Grant
    Filed: September 20, 2021
    Date of Patent: January 30, 2024
    Assignee: Newman Infinite, Inc.
    Inventor: Matthew Allan Newman
  • Patent number: 11882132
    Abstract: A computer-implemented method of monitoring security of a set of computing devices in a distributed system, the distributed system having a plurality of computing devices, in communication with one another over a network, by a security software running in a computer node. The method includes comparing an app signature of the application running in a selected one of the set of computing devices to a reference app signatures generated from a respective functional replica of the application.
    Type: Grant
    Filed: April 2, 2021
    Date of Patent: January 23, 2024
    Assignee: Prescient Devices, Inc.
    Inventor: Andrew Wang
  • Patent number: 11882205
    Abstract: Systems and/or methods of the present disclosure enable ledger interoperability using a controller to perform an operation between a first user and a second user on separate entity-specific distributed ledgers, where the separate entity-specific distributed ledgers are both operatively linked to a membered common distributed ledger. The controller burns a first quantity of first entity-specific tokens from the first entity-specific distributed ledger and mints a second quantity of the common tokens on the membered common distributed ledger, where the first quantity of first entity-specific tokens and the second quantity of the common tokens represent an equivalency. The controller moves the second quantity of common tokens from a first encrypted storage to a second encrypted storage of the membered common distributed ledger, burns the second quantity of the common tokens and mints a third quantity of the second entity-specific tokens on the second entity-specific distributed ledger to complete the operation.
    Type: Grant
    Filed: March 13, 2023
    Date of Patent: January 23, 2024
    Assignee: TASSAT GROUP INC.
    Inventors: Kevin Lupowitz, Eric Couillard, Sanjaya Kulkarni, Brian Bruce, Sanjay Deshpande, Omari Edwards, Joe Grastara, Al Gleicher
  • Patent number: 11876796
    Abstract: Systems, methods, and storage media for abstraction and enforcement of protected resources in an identity infrastructure are disclosed. Exemplary implementations may: identify one or more protected resources for one or more identity domains of an identity infrastructure; receive, at the identity infrastructure, a dataflow pertaining to first identity data for a first identity domain; request the first identity session based at least in part on the first identity data; receive a request to access a first protected resource of the one or more protected resources; accept the first identity session by the first protected resource; and provide the first user access to the first protected resource.
    Type: Grant
    Filed: May 24, 2021
    Date of Patent: January 16, 2024
    Assignee: Strata Identity, Inc.
    Inventors: Eric Olden, Christopher Marie, Carl Eric Leach
  • Patent number: 11870897
    Abstract: Various arrangements relate to a method performed by a processor of a computing system. An example method includes tokenizing a first value using a tokenization algorithm to generate a first token. The first value and first key are inputs of the tokenization algorithm. A message is generated. The message includes a first value identifier associated with the first value and a first key generation identifier associated with the generation of the first key. The message is associated with the first token. A second key is generated. A second value is tokenized using a tokenization algorithm to generate a second token. The second value and second key are inputs of the tokenization algorithm.
    Type: Grant
    Filed: November 11, 2021
    Date of Patent: January 9, 2024
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Phillip H. Griffin, Jeffrey J. Stapleton
  • Patent number: 11870811
    Abstract: Embodiments are directed to systems that attempt to establish trust in relation to operations on a customer endpoint of a computer network. The systems monitor, in real-time, operations to file systems, registries, application processes and threads, and OS kernels at the customer endpoint. The systems maintain compute components affected by the operation in a quarantine state. The systems then attempt to establish trust in the affected compute components (e.g., by applying rule-based policies). The systems remove the affected compute components from the quarantine state, if trust of the one or more affected compute components is established. The systems execute callback routines to mitigate results of the operation, if trust of the affected compute components is not established.
    Type: Grant
    Filed: March 26, 2019
    Date of Patent: January 9, 2024
    Assignee: Virsec Systems, Inc.
    Inventors: Satya V. Gupta, Piyush Gupta
  • Patent number: 11863668
    Abstract: Methods, systems, and apparatus for transmitting qubits encoding quantum information with reduced risk of interception from an eavesdropper. In one aspect, a method includes encoding quantum information into an information qubit; encrypting the information qubit, comprising performing i) a parity operation on the information qubit and a parity control qubit and ii) a phase operation on the information qubit and a phase control qubit; performing, by a sender party, a sequence of one or more quantum logic gates on the phase control qubit; sending the information qubit, parity control qubit, and phase control qubit to a recipient party; and sending data identifying the sequence of one or more quantum logic gates to the recipient party, wherein the recipient party obtains the quantum information encoded into the information qubit using the information qubit, parity control qubit, phase control qubit, and data identifying the sequence of one or more quantum logic gates.
    Type: Grant
    Filed: June 9, 2022
    Date of Patent: January 2, 2024
    Assignee: Accenture Global Solutions Limited
    Inventors: Benjamin Glen McCarty, Malek Ben Salem
  • Patent number: 11863554
    Abstract: Systems and methods as provided herein may create a biometric model associated with a user. The created biometric model may be used to generate challenges that are presented to the user for authentication purposes. A user response to the challenge may be compared to an expected response, and if the user response matches within a predetermined error of the expected response, the user may be authenticated. The systems and methods may further generate challenges that are adaptively designed to address weaknesses or errors in the created model such that the model is more closely associated with a user and the user is more likely to be the only person capable of successfully responding to the generated challenges.
    Type: Grant
    Filed: April 12, 2022
    Date of Patent: January 2, 2024
    Assignee: PayPal, Inc.
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 11855980
    Abstract: Methods and systems for network communication are disclosed. Proxy information may be received. The proxy information may facilitate a gateway device communicating as a proxy for a user device.
    Type: Grant
    Filed: July 1, 2022
    Date of Patent: December 26, 2023
    Assignee: Comcast Cable Communications, LLC
    Inventor: Jonathan Moore
  • Patent number: 11831616
    Abstract: The implementation of application layer-based and transport-layer based security rules via a reverse proxy server chain is described. Each reverse proxy server in the chain is configured to perform a particular function with respect to client messages intended for a destination server and/or convey contextual information pertaining to the messages to a subsequent reverse proxy server in the chain. For instance, a first reverse proxy server in the chain is configured to include client-specific metadata in the transport layer of the message. A second reverse proxy server in the chain enforces transport layer-based policy rules based on the metadata. This enables the second reverse proxy server to manage transport layer connections on a client-by-client basis, thereby enabling the second reverse proxy server to block unauthorized clients, while maintaining the transport layer connections for authorized clients. A third reverse proxy server in the chain enforces application layer-based policy rules.
    Type: Grant
    Filed: March 24, 2020
    Date of Patent: November 28, 2023
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Guy Lewin, Vitaly Khait, Yossi Haber
  • Patent number: 11831635
    Abstract: One example method includes contacting, by a client, a service, receiving a credential from the service, obtaining trust information from a trust broker, comparing the credential with the trust information, and either connecting to the service if the credential and trust information match, or declining to connect to the service if the credential and the trust information do not match. Other than by way of the trust information obtained from the trust broker, the client may have no way to verify whether or not the service can be trusted.
    Type: Grant
    Filed: June 2, 2022
    Date of Patent: November 28, 2023
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Ido Begun, Jehuda Shemer
  • Patent number: 11831790
    Abstract: A method is provided for automating management of automatic renewal of a public key infrastructure (PKI) certificate issued by a certificate authority (CA) for a subscriber. The method includes steps of causing the subscriber to (i) transmit a first alert to a management entity for initiating renewal of the PKI certificate, and (ii) transmit a certificate signing request (CSR) to a registration authority (RA) for issuance of a renewal certificate. The method further includes steps of (iii) transmitting, from the RA to the CA, the CSR signed by the RA, (iv) receiving, at the RA from the CA, an issued renewal certificate signed by the CA, (v) sending, from the RA to the subscriber, the issued renewal certificate signed by the CA, and (vi) causing the subscriber to transmit a second alert to a management entity indicating renewal of the PKI certificate.
    Type: Grant
    Filed: December 17, 2021
    Date of Patent: November 28, 2023
    Assignee: Cable Television Laboratories, Inc.
    Inventors: Steven J. Goeringer, Brian A. Scriber, Darshak Thakore, Massimiliano Pala