Patents Examined by Michael Pyzocha
  • Patent number: 12267431
    Abstract: A conversational interface receives a conversational request for an action which requires step-up authentication; responds to the user using conversational AI with a warning that an additional step is required; transmits the authorization intent and the spoken submission to a virtual private cloud (VPC), and in response to confirmation of the spoken submission, authenticates the user, thereby authorizing the requested action; and receives a confirmation of validation of the passphrase and that the action is being or will be performed.
    Type: Grant
    Filed: May 11, 2022
    Date of Patent: April 1, 2025
    Assignee: TRUIST BANK
    Inventors: Peter Eric Sutherland, Laurence Henry Lipsmeyer, Nelson Joseph Erb
  • Patent number: 12224895
    Abstract: Techniques are described for managing communications between multiple computing nodes, such as computing nodes that are separated by one or more physical networks. In some situations, the techniques may be used to provide a virtual network between multiple computing nodes that are separated by one or more intermediate physical networks, such as from the edge of the one or more intermediate physical networks by modifying communications that enter and/or leave the intermediate physical networks. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users (e.g., users of a program execution service). The managing of the communications may include determining whether communications sent to managed computing nodes are authorized, and providing the communications to the computing nodes only if they are determined to be authorized.
    Type: Grant
    Filed: January 31, 2022
    Date of Patent: February 11, 2025
    Assignee: Amazon Technologies, Inc.
    Inventor: Daniel Todd Cohn
  • Patent number: 12210623
    Abstract: The present disclosure relates to methods, systems, and computer program products for generating an attack kill chain for threat analysis. The method comprises receiving a first security event captured by a first security operation associated with a computing device, and receiving a second security event captured by a second security operation associated with the computing device. The first security event and the second security event are associated with an attack campaign. The method further comprises mapping the first security event to first security data in an attack repository, and mapping the second security event to second security data in the attack repository. The method also comprises determining based on the mapping, one or more attack execution operations for executing the attack campaign associated with the first security event and the second security event. Additionally, the method sequences the one or more attack execution operations to form an attack kill chain.
    Type: Grant
    Filed: September 5, 2023
    Date of Patent: January 28, 2025
    Assignee: Qualys, Inc.
    Inventors: Ankur S. Tyagi, Mayuresh Vishwas Dani
  • Patent number: 12189830
    Abstract: An integrated circuit including: a plurality of physically unclonable function (PUF) cells each configured to generate a cell signal having a unique value; a selector configured to output a first signal obtained by not inverting a cell signal output by a PUF cell selected from the plurality of PUF cells and a second signal obtained by inverting the cell signal; and a key generator configured to generate a security key in response to the first signal or the second signal, wherein the selector includes a first conversion circuit configured to generate the first signal and a second conversion circuit having the same structure as the first conversion circuit and configured to generate the second signal.
    Type: Grant
    Filed: June 23, 2022
    Date of Patent: January 7, 2025
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Bohdan Karpinskyy, Yong-ki Lee, Ji-eun Park, Kyoung-moon Ahn, Yun-hyeok Choi
  • Patent number: 12159497
    Abstract: An access control system includes a credential service operable to generate an encrypted programming credential. A mobile library on a mobile device operable to communicate with the credential service, the mobile library operable to receive the encrypted programming credential from the credential service and a credential module for an access control, the credential module operable to extract programming data from the encrypted programming credential, the programming data usable to program the access control.
    Type: Grant
    Filed: December 1, 2015
    Date of Patent: December 3, 2024
    Assignee: CARRIER CORPORATION
    Inventor: Adam Kuenzi
  • Patent number: 12149517
    Abstract: A server system stores data associating a secret of the memory device configured in an endpoint, a first identification, and device information of the endpoint. After receiving a request to bind a second identification to the endpoint, the server system can tie identity data of the endpoint to the second identification. For example, after receiving a validation request containing identity data generated by the memory device, the server system can verify a verification code in the identity data based at least in part on the secret of the memory device. The verification code is generated from a message presented in the identity data and a cryptographic key derived at least in part from the secret. Based on validating the identity data, the server system can provide a validation response to indicate that the identity data is generated by the endpoint having the second identification.
    Type: Grant
    Filed: September 24, 2021
    Date of Patent: November 19, 2024
    Assignee: Micron Technology, Inc.
    Inventors: Jeffrey Charles Shiner, Lance W. Dover, Olivier Duval
  • Patent number: 12132711
    Abstract: A privacy protection method and system for financial data sharing based on federated learning are provided. In recent years, due to the restrictions of data security and privacy protection laws and regulations, it is difficult to share data across institutions or departments. In order to make data transfer and transaction between different entities can be achieved without violating the national laws on data privacy and data security, the privacy protection method and system for financial data sharing based on federated learning is provided. A privacy collection intersection technology is adopted, so that two institutions, which may have many differences in business, but most of their customer groups are the same, jointly train a learning model.
    Type: Grant
    Filed: September 9, 2022
    Date of Patent: October 29, 2024
    Assignees: Zhejiang University City College, Zhejiang Gongshang University, Beihang Hangzhou Innovation Institute Yuhang
    Inventors: Song Han, Siqi Ren, Minghui Wu, Shuai Zhao, Xiling Luo, Luyao Wang
  • Patent number: 12126636
    Abstract: Disclosed herein is a method for use in detection of anomalous behavior of a device of a computer system. The method is arranged to be performed by a processing system. The method includes deriving values, m1, . . . , mN, of a metric, M, representative of data associated with the device; modeling a distribution of the values; and determining, in accordance with the distribution of the values, the probability of observing a more extreme value of the metric than a given value, in, of the metric, wherein the probability is used to determine whether the device is behaving anomalously. Also disclosed is an equivalent computer readable medium and anomalous behavior detection system.
    Type: Grant
    Filed: December 29, 2020
    Date of Patent: October 22, 2024
    Assignee: Darktrace Holdings Limited
    Inventors: Tom Dean, Jack Stockdale
  • Patent number: 12095762
    Abstract: Systems and methods for multi-stage, biometric-based, digital authentication are provided. Methods include a first and a second stage of authentication. The first stage may include a user profile submitting a first request to access a first digital application, receiving one or more authenticating factors, transmitting, to a central server, the one or more authenticating factors, processing the one or more authenticating factors to authenticate the user profile to the first digital application.
    Type: Grant
    Filed: May 23, 2022
    Date of Patent: September 17, 2024
    Assignee: Bank of America Corporation
    Inventors: Trish Gillis, Taylor Farris
  • Patent number: 12086233
    Abstract: An orchestration engine intermittently scans secrets, of different secret types, to identify secrets that are to be rotated. The orchestration engine calls an application programming interface (API) exposed by a serverless management system and wakes up the serverless management system. The serverless management system generates a new secret, stores the new secret for rotation, and interacts with a dependent system in order to revoke an old secret and implement the new secret. Once the secret is rotated, and the new secret is implemented, the orchestration engine stores the new secret in a secret store.
    Type: Grant
    Filed: June 26, 2019
    Date of Patent: September 10, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Bhaskardeep Khaund, Bo Wu, Yiqun Wang, Chen Shen
  • Patent number: 12079341
    Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.
    Type: Grant
    Filed: June 22, 2021
    Date of Patent: September 3, 2024
    Assignee: Intel Corporation
    Inventors: Kapil Sood, Ioannis T. Schoinas, Yu-Yuan Chen, Raghunandan Makaram, David J. Harriman, Baiju Patel, Ronald Perez, Matthew E. Hoekstra, Reshma Lal
  • Patent number: 12069082
    Abstract: A method, computer system, and computer program product are provided for mitigating network risk. A plurality of risk reports corresponding to a plurality of network devices in a network are processed to determine a multidimensional risk score for the network. The plurality of risk reports are analyzed using a semantic analysis model to identify one or more factors that contribute to the multidimensional risk score. One or more actions are determined using a trained learning model to mitigate one or more dimensions of the multidimensional risk score. The outcomes of applying the one or more actions are presented to a user to indicate an effect of each of the one or more actions on the multidimensional risk score for the network.
    Type: Grant
    Filed: June 11, 2021
    Date of Patent: August 20, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Qihong Shao, Xinjun Zhang, Yue Liu, Kevin Broich, Kenneth Charles Croley, Gurvinder P. Singh
  • Patent number: 12052568
    Abstract: A system for provisioning a device is provided. The system includes a computer device. The computer device is programmed to receive, from a user equipment, a connection request via a layer two connection. The computer device is also programmed to accept the connection request. The computer device is further programmed to receive, from the user equipment, a certificate request via the layer two connection. Additionally, the computer device is programmed to determine a destination for the certificate request, and to route the certificate request to the destination.
    Type: Grant
    Filed: February 28, 2022
    Date of Patent: July 30, 2024
    Assignee: Cable Television Laboratories, Inc.
    Inventors: Tao Wan, Massimiliano Pala, Steven J. Goeringer, Darshak Thakore
  • Patent number: 12041162
    Abstract: Techniques are disclosed for inline security key exchanges between network devices. An example network device includes one or more processors and memory coupled to the one or more processors. The memory stores instructions that, upon execution, cause one or more processors to obtain a first payload key and obtain a path key. The instructions cause the one or more processors to encrypt a first payload of a first packet using the first payload key and insert the first payload key into first metadata of the first packet. The instructions cause the one or more processors to encrypt the first metadata using the path key and send the first packet to another network device.
    Type: Grant
    Filed: February 18, 2022
    Date of Patent: July 16, 2024
    Assignee: Juniper Networks, Inc.
    Inventors: Abilash Menon, Avinash Prakash Bhat, Anna Yungelson
  • Patent number: 12032713
    Abstract: Systems and methods are provided for sending and receiving encrypted submessages. A method for sending and receiving encrypted submessages includes generating a first submessage comprising a first portion of content stored onto a first computer, generating a second submessage comprising a second portion of the content, encrypting the first submessage and the second submessage, transmitting the encrypted first submessage to a second computer via a first path, transmitting the encrypted second submessage to the second computer via a second path, wherein the first submessage and the second submessage are transmitted to the second computer in a batched manner, transmitting an encryption key to the second computer, wherein the encryption key is transmitted to the second computer in real time, wherein the encryption key indicates a decrypting algorithm to decrypt the encrypted first submessage, and wherein the second computer recreates the content by decrypting the encrypted first submessage.
    Type: Grant
    Filed: November 3, 2022
    Date of Patent: July 9, 2024
    Assignee: United Services Automobile Association
    Inventors: Reynaldo Medina, III, Arthur Smith
  • Patent number: 12010105
    Abstract: A first device and a home hub have a same TEE platform, and a second device and the home hub have different TEE platforms. A control method includes the home hub receiving an identity credential of the second device and public key information of the first device from the second device. The home hub controls an IoT device based on the identity credential of the second device. The home hub receives private key information that is of the first device and that is from the first device. The home hub forms an identity credential of the first device based on the public key information of the first device and the private key information of the first device to control the IoT device.
    Type: Grant
    Filed: March 2, 2022
    Date of Patent: June 11, 2024
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Lu Gan, Xiaoshuang Ma, Jianhao Huang, Chao He
  • Patent number: 12010232
    Abstract: A cryptography administration system facilitates secure, user-friendly and auditable cryptography. An administrator may create channels with associated cryptographic keys and algorithms for performing cryptographic operations such as encryption and decryption. The channel may be associated with licenses which may include permissions to perform cryptographic operations. The licenses may be shared with one or more users. A user may perform cryptographic operations using the channel according to the permissions and operations included in the licenses, to which the user has access, associated with the channel. The user does not need a technical understanding of the cryptographic system (e.g., keys and algorithms) to perform the cryptographic operations and does not need access to the keys to perform the operations. The cryptographic operations may be stored in an audit log that can be reviewed by user.
    Type: Grant
    Filed: October 15, 2021
    Date of Patent: June 11, 2024
    Assignee: Palantir Technologies Inc.
    Inventors: Mihir Patil, Hugo Dobbelaere, Yeong Wei Wee, Maia Hamin, Piotr Kraus, Yurii Mashtalir, Hussein Farah, Alexander Galimberti, Caterina Wanka, Lukas Czypulovski, Juraj Micko, Nezihe Pehlivan
  • Patent number: 12003649
    Abstract: Methods, systems, and computer media provide attestation tokens that protect the integrity of communications transmitted from client devices, while at the same time avoiding the use of stable device identifiers that could be used to track client devices or their users. In one approach, client devices can receive anonymous certificates from a device integrity computing system signifying membership in a selected device trustworthiness group, and attestation tokens can be signed anonymously with the anonymous certificates using a group signature scheme. Client devices can include throttlers imposing limits on the quantity of attestation tokens created by the client device.
    Type: Grant
    Filed: March 16, 2021
    Date of Patent: June 4, 2024
    Assignee: Google LLC
    Inventors: Gang Wang, Marcel M. Moti Yung
  • Patent number: 11962701
    Abstract: A method includes: receiving, from a vehicle approaching a trust zone, an identifier corresponding to an identity of the vehicle; verifying, by a computing device (e.g., an access server at a gate of the trust zone) and using the identifier, the identity of the vehicle; and comparing the identity of the vehicle with a set of authorized identities stored in a database.
    Type: Grant
    Filed: December 21, 2021
    Date of Patent: April 16, 2024
    Assignee: Micron Technology, Inc.
    Inventors: Antonino Mondello, Alberto Troia
  • Patent number: 11930040
    Abstract: Malicious attacks by certain devices against a radio access network (RAN) can be detected and mitigated, while allowing communication of priority messages. A security management component (SMC) can determine whether a malicious attack against the RAN is occurring based on a defined baseline that indicates whether a malicious attack is occurring. The defined baseline is determined based on respective characteristics associated with respective devices that are determined based on analysis of information relating to the devices. In response to determining there is a malicious attack, SMC determines whether to block connections of devices to the RAN based on respective priority levels associated with respective messages being communicated by the devices.
    Type: Grant
    Filed: January 23, 2023
    Date of Patent: March 12, 2024
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Deon Ogle, Yaron Koral, Cagatay Buyukkoc, Nicholas Arconati, Jitendra Patel, Bogdan Ungureanu