Patents Examined by Michael R Vaughan
  • Patent number: 11683301
    Abstract: Signed digital certificates can be automatically obtained from a trusted certificate authority. For example, a computing device can receive a request associated with a handshake procedure for establishing a secure session between a client device and a server. The request can indicate a trusted certificate authority that issues signed digital certificates. The computing device can determine that a local key store that is local to the server does not have a signed digital certificate issued by the trusted certificate authority and responsively obtain the signed digital certificate from the trusted certificate authority. The computing device can return the signed digital certificate back to the client device as part of the handshake procedure to establish the secure session.
    Type: Grant
    Filed: July 27, 2020
    Date of Patent: June 20, 2023
    Assignee: Red Hat, Inc.
    Inventors: Farah Juma, Darren Andrew Lofthouse
  • Patent number: 11675896
    Abstract: A method, apparatus and computer program product to defend learning models that are vulnerable to adversarial example attack. It is assumed that data (a “dataset”) is available in multiple modalities (e.g., text and images, audio and images in video, etc.). The defense approach herein is premised on the recognition that the correlations between the different modalities for the same entity can be exploited to defend against such attacks, as it is not realistic for an adversary to attack multiple modalities. To this end, according to this technique, adversarial samples are identified and rejected if the features from one (the attacked) modality are determined to be sufficiently far away from those of another un-attacked modality for the same entity. In other words, the approach herein leverages the consistency between multiple modalities in the data to defend against adversarial attacks on one modality.
    Type: Grant
    Filed: April 9, 2020
    Date of Patent: June 13, 2023
    Assignee: International Business Machines Corporation
    Inventors: Ian Michael Molloy, Youngja Park, Taesung Lee, Wenjie Wang
  • Patent number: 11676515
    Abstract: Systems and methods are provided for encrypting and decrypting data using visually encoded ciphertext. The method includes selecting, using a graphical user interface coupled to an electronic device, one or more portions of a document to be encrypted, visually encoding the selected one or more portions of the document, generating a visual representation, wherein the visual representation corresponds to encrypted content, and replacing the selected one or more portions of the document with the visual representation. The method further includes displaying, to the user, the visual representation, capturing the visual representation using one or more cameras, decoding the visual representation, obtaining the encrypted content, and decrypting the encrypted content, generating decrypted content.
    Type: Grant
    Filed: April 7, 2022
    Date of Patent: June 13, 2023
    Inventor: Andrea G. Forte
  • Patent number: 11678177
    Abstract: Disclosed is a dual-link wireless ad hoc network and a security defense method in an emergency scene, aiming at comprehensively improving its security defense capability. The method comprises: sending, by a source node, the secret key and other messages which are not security defense messages through the second link; detecting, by a destination node, abnormal messages from the acquired valid messages after matching with abnormal message feature library, filtering the abnormal messages out, and quickly broadcasting the features of new abnormal messages through the first link; checking, by a new node to be added to the network, the identity and hardware state, authorizing the new node without abnormality, and broadcasting the authorization result information through the first link; adding, by other nodes receiving the security defense messages, the features of the new abnormal messages to their own abnormal message feature library, and allowing the entry of the new node.
    Type: Grant
    Filed: January 26, 2021
    Date of Patent: June 13, 2023
    Assignee: Xidian University
    Inventors: Wenchi Cheng, Chunhua Chen, Muyao Wang
  • Patent number: 11671425
    Abstract: A request is obtained for accessing a resource in a different region from a region indicated by a session token included with the request. The session token is re-encrypted using secret information of the second region. The request to access the resource in the different region can be fulfilled using the re-encrypted session token.
    Type: Grant
    Filed: June 25, 2020
    Date of Patent: June 6, 2023
    Assignee: Amazon Technologies, Inc.
    Inventors: Srikanth Mandadi, Khaled Salah Sedky, Slavka Praus, Marc R. Barbour
  • Patent number: 11664973
    Abstract: An example operation includes one or more of establishing, by a first blockchain trust anchor node, a trusted connection to a trust anchor node of a second blockchain, detecting, by the first blockchain trust anchor node, changes of the first blockchain, and executing a smart contract to reflect the detected changes on the second blockchain.
    Type: Grant
    Filed: April 21, 2020
    Date of Patent: May 30, 2023
    Assignee: International Business Machines Corporation
    Inventors: Nitin Gaur, Petr Novotny, Dulce B. Ponceleon
  • Patent number: 11658965
    Abstract: Systems and methods for adaptive token verification are disclosed. For example, a system may include at least one memory storing instructions and one or more processors configured to execute the instructions to perform operations. The operations may include training a verification model to verify tokenized requests based on system identifiers. The operations may include receiving a tokenized request from an external system, the request comprising a system identifier of the external system. The operations may include generating output of the verification model based on the system identifier, and, based on the output, performing one of granting the request or blocking the request.
    Type: Grant
    Filed: March 8, 2021
    Date of Patent: May 23, 2023
    Assignee: Capital One Services, LLC
    Inventors: Allison Fenichel, Brice Elder, Varun Gupta
  • Patent number: 11658973
    Abstract: A method of preventing unauthorized access to electronic mail attachment is disclosed herein. A message management system receives one or more files designated as sensitive files. The message management system generates one or more hash values by applying a hash function to each of the one or more images corresponding to the file. The message management system stores the one or more hash values in a database. The message management system receives an outgoing electronic message that includes an attached file. The message management system generates one or more attachment hash values for the attached file by applying the hash function to the attached file. The message management system compares the one or more attachment hash values to the database. The message management system determines that at least one attachment hash value matches at least one hash value. The message management system blocks the outgoing electronic message.
    Type: Grant
    Filed: November 12, 2020
    Date of Patent: May 23, 2023
    Assignee: Capital One Services, LLC
    Inventor: Vincent Pham
  • Patent number: 11652808
    Abstract: Embodiments as disclosed provide systems and methods that use a local authenticator within a domain to provide a credential to access a resource of the domain to a non-local requestor. When a request is received from a non-local requestor at the domain the non-local requestor can be authenticated based on the request. The local authenticator can then be accessed to obtain a credential. This credential may be the same type of credential provided to members of the domain when they authenticate using the local authenticator. The credential is provided to the non-local requestor so the non-local requestor can access the resource of the domain using the credential and authentication of the non-local requestor with respect to these accesses can be accomplished using the local domain authenticator and the credential.
    Type: Grant
    Filed: December 22, 2020
    Date of Patent: May 16, 2023
    Assignee: Open Text SA ULC
    Inventors: Glen Matthews, Jonathan Carroll, Aladin Dajani
  • Patent number: 11647019
    Abstract: A method includes generating, by an internal segmentation orchestrator, a key to cipher/decipher a cryptographic segmentation tag used by an untrusted device, transmitting the key to an external segmentation orchestrator, transmitting the cryptographic segmentation tag to the external segmentation orchestrator and provisioning a trusted network edge with the key and optionally the cryptographic segmentation tag. The method can also include onboarding, based on the key and the cryptographic segmentation tag, the untrusted device, wherein the untrusted device receives the cryptographic segmentation tag from the external segmentation orchestrator.
    Type: Grant
    Filed: October 16, 2019
    Date of Patent: May 9, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Alberto Rodriguez Natal, Mikhail Davidov, Lorand Jakab, Richard James Smith, Fabio Maino
  • Patent number: 11641364
    Abstract: An example operation may include one or more of receiving a gossip message originated from a domain anchor peer in a first security domain, verifying that block content within the gossip message does not violate a cross-domain security policy, in response to verifying the block content, updating an endpoint of the gossip message with an address of a domain anchor peer in a second security domain, and transmitting the updated gossip message to the domain anchor peer in the second security domain.
    Type: Grant
    Filed: March 3, 2020
    Date of Patent: May 2, 2023
    Assignee: International Business Machines Corporation
    Inventors: Timothy Olson, Petr Novotny
  • Patent number: 11627466
    Abstract: Systems and techniques for keeping a mobile device up to date with respect to dynamic information necessary to identify and access the most suitable wireless network are disclosed. Such dynamic information includes device configuration update and wireless network selection policies update. Both device configuration data update and wireless network selection policies update includes wireless local area network (WLAN) automatic access parameters. The mobile device receives wireless network selection policies update whenever the mobile device changes location. At statically determined time slots, the mobile device receives device configuration update, followed by an additional wireless network selection policies update, which includes updated WLAN automatic access parameters.
    Type: Grant
    Filed: February 14, 2018
    Date of Patent: April 11, 2023
    Assignee: T-Mobile USA, Inc.
    Inventor: Samir Hodroj
  • Patent number: 11615206
    Abstract: Described herein is a data security system for enabling tokenized access to sensitive data, including a token provider configured to initiate a secure connection with a remote client computing device of a first data subject, and receive, from the remote client computing device, a request for an access token to provide a service provider with access to sensitive data associated with the first data subject. The request includes a data definition and authorization parameters. The token provider is also configured to generate the access token that enables access to the sensitive data, store the access token in a token database, and transmit, to the remote client computing device, a response including the access token and instructions that enable the remote computing device to display the access token to the first data subject or transmit the access token to the service provider.
    Type: Grant
    Filed: July 22, 2020
    Date of Patent: March 28, 2023
    Inventor: Tim M. Watkins
  • Patent number: 11616782
    Abstract: As a default, a global permissions model is established. The global permissions model serves for applying a first set of resource access permissions to shared content objects. Additionally, a set of context-aware access policies that govern user interactions over the shared content object is established. When a particular user requests an interaction over a shared content object, then interaction attributes associated with the request are gathered. The context-aware access policies are applied to the request by determining a set of extensible access permissions that are derived from the interaction attributes. The context-aware access policies are enforced by overriding the first set of resource access permissions with dynamically-determined access permissions. When a particular access request is denied, a response is generated in accordance with the set of extensible access permissions and the user is notified. In some cases, the access request is permitted, but only after the user provides a justification.
    Type: Grant
    Filed: October 1, 2020
    Date of Patent: March 28, 2023
    Assignee: Box, Inc.
    Inventors: Alok Ojha, Sivaramakrishnan Subramanian, Kechen Huang, Pal Ramanathan, Varun Parmar, Yi Zhao
  • Patent number: 11609986
    Abstract: Various embodiments of the present technology generally relate to management of big data storage and data access control systems. In some embodiments, a data access system for use in multiple application service and multiple storage service environments comprises a sandbox database for users, wherein the sandbox database is a virtual database environment via which a user may access datasets according to one or more access policies. In some embodiments, the data access system receives a user request to access a dataset stored in a database into the sandbox environment, wherein the database is associated with the data access system. In response to the request, the data access system may retrieve the corresponding data from the database, determine any associated sandbox access policies, and generate an anonymized data table in the sandbox environment.
    Type: Grant
    Filed: July 22, 2020
    Date of Patent: March 21, 2023
    Assignee: Okera, Inc.
    Inventors: Amandeep Khurana, Nong Li
  • Patent number: 11611541
    Abstract: Systems and methods for secure sharing of sensitive information in a computing environment. The methods comprise, by a first entity of a first computing environment receiving sensitive information of the first computing environment, receiving a request to share the sensitive information from a second entity of the first computing environment, and determining whether the second entity is a trusted entity included in a list of trusted entities held by a configuration service associated with a second computing environment. If the second entity is not a trusted entity, determining whether the second entity can establish trust by validating a subscription of the second entity with a directory service, and validating a digital certificate corresponding to the second entity with a certificate authority. If the second entity can establish trust or is a trusted entity, sharing the sensitive information with the second entity so as to enable operation of the second entity.
    Type: Grant
    Filed: August 7, 2018
    Date of Patent: March 21, 2023
    Assignee: Citrix Systems, Inc.
    Inventors: Feng Huang, Jean-Luc Giraud
  • Patent number: 11604897
    Abstract: A data privacy protection system is disclosed that comprises listener(s) that receive and store data including non-personal identifiable information (PII) and PII in data sets in a database and agent(s) that access each data set from the database, obtain the non-PII data and exclude the PII data to create non-PII data sets, and transmit the non-PII data sets to a third-party server. The system further comprises an anonymization framework that obtains the PII data from the data sets and stores some of the PII data in a raw PII data set. The anonymization framework distributes anonymization work on the stored PII data to queues based on hashed device identifiers associated with the stored PII data, performs the anonymization work on the stored PII data according to the queues to create an anonymized PII data set, and transmits the anonymized PII data set to the third-party server.
    Type: Grant
    Filed: January 12, 2021
    Date of Patent: March 14, 2023
    Inventors: Jaideepsinh Gohil, Bobby Williams
  • Patent number: 11575715
    Abstract: A processor may identify a new application on a device. The processor may receive, from the device, user data. The user data may include user profile information and user activity information. The processor may evaluate the user data. The evaluating of the user data may include designating a security level to the user data. The processor may determine, from evaluating the user data, that a default security configuration for the new application is not secure. The processor may automatically generate a customized security configuration for the new application. The processor may apply the customized security configuration to the new application.
    Type: Grant
    Filed: October 28, 2019
    Date of Patent: February 7, 2023
    Assignee: International Business Machines Corporation
    Inventors: Paul Llamas Virgen, Humberto Orozco Cervantes, Carolina Garcia Delgado
  • Patent number: 11575681
    Abstract: Disclosed is a system and method for providing secure access control to an electronic network or device. By limiting the ability of a single administrator to act unilaterally without the agreement and/or notification of further system administrators, the data integrity and security of stored data, such as email accounts, may be enhanced and risk of compromise ameliorated. By permitting multiple administrators acting in a concert of action to access stored data, such as without notification of the email account holder, potential misconduct by email account holders may be audited.
    Type: Grant
    Filed: October 4, 2021
    Date of Patent: February 7, 2023
    Assignee: BAIMMT, LLC
    Inventors: Thomas Drennan Selgas, Roy Edwin Gingher, Richard Snowden Thompson
  • Patent number: 11563591
    Abstract: Disclosed herein is a social media platform profile identification and social discovery feature. Disclosed social media networks enable introduction of users that may not otherwise know one another based on commonality between those users. Social media profiles are identified by digital objects instead of or in addition to more traditional indexing methods such as real names or screen names. Social discovery on a social network is performed via matching to similar behavior profiles in activity monitored by a block explorer. Machine learning models categorize behavior patterns observed by the block explorer into a machine recognized glossary. Social networks further recommend actions by users based on the monitored online behaviors of social connections.
    Type: Grant
    Filed: July 14, 2022
    Date of Patent: January 24, 2023
    Assignee: EMOJI ID, LLC
    Inventors: Naveen Kumar Jain, Riccardo Paolo Spagni