Patents Examined by Mohammad W. Reza
  • Patent number: 11184392
    Abstract: Attempts at lateral movement are detected by monitoring failed login attempts across a number of endpoints in a network. By configuring endpoints across the network to report unsuccessful login attempts and monitoring these login attempts at a central location, patterns of attempts and failures may advantageously be detected and used to identify malicious attempts at lateral movement within the network before any unauthorized lateral movement is achieved.
    Type: Grant
    Filed: December 18, 2018
    Date of Patent: November 23, 2021
    Assignee: Sophos Limited
    Inventors: Andrew J. Thomas, Daniel Stutz
  • Patent number: 11163775
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing a blockchain-based decentralized application, are provided. One of the methods includes: generating a request to an external service based on a software development kit (SDK) associated with the external service, wherein the SDK is integrated with a client-side application on the client device; sending the request to a server associated with the external service; obtaining, from the server associated with the external service, a result responsive to the request; generating a blockchain transaction based on the result from the external service, wherein the blockchain transaction invokes a blockchain contract deployed on a blockchain; sending the blockchain transaction to one or more blockchain nodes for adding to the blockchain; and obtaining, from one or more data stores synchronized with the blockchain, one or more return values associated with adding the blockchain transaction to the blockchain.
    Type: Grant
    Filed: December 21, 2020
    Date of Patent: November 2, 2021
    Assignee: ALIPAY (HANGZHOU) INFORMATION TECHNOLOGY CO., LTD.
    Inventors: Shanlu Sun, Shubo Li
  • Patent number: 11163912
    Abstract: The present disclosure includes apparatuses, methods, and systems for data attestation in memory. An embodiment includes a memory, and circuitry configured to detect a power off of the apparatus, generate a run-time cryptographic hash, and compare the run-time cryptographic hash with a cryptographic hash in response to detecting the power off, wherein the cryptographic hash is stored in a portion of the memory.
    Type: Grant
    Filed: March 25, 2019
    Date of Patent: November 2, 2021
    Assignee: Micron Technology, Inc.
    Inventors: Alberto Troia, Antonino Mondello
  • Patent number: 11159568
    Abstract: Methods, systems, and media are shown for reducing the vulnerability of user accounts to attack that involve creating a rule for a user account that includes a permitted parameter corresponding to a user account activity property, monitoring the account activity of the user account. If it is determined that account activity property is inconsistent with the permitted parameter, then the user account is disabled. An example of a permitted parameter is a permitted time period, such as a start time, an end time, a recurrence definition, a days of the week definition, a start date, an end date, and a number of occurrences definition. Other examples are a physical parameter, such as a permitted geographic location, device, or network, or a permitted usage parameter, such as a permitted application, data access, or domain.
    Type: Grant
    Filed: June 21, 2018
    Date of Patent: October 26, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Moshe Israel, Ben Kliger, Royi Ronen
  • Patent number: 11159310
    Abstract: A digital security bubble encapsulation is disclosed. A public key and a device identifier of at least one recipient is requested from a first server. A message containing one or more components is encrypted using a symmetric key. The symmetric key is encrypted with a public key received in response to the request. The encrypted message, the encrypted symmetric key, and the device identifier are encapsulated in a digital security bubble encapsulation. The digital security bubble encapsulation is transmitted to a second server.
    Type: Grant
    Filed: January 23, 2020
    Date of Patent: October 26, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Christopher A. Howell, Robert Statica, Kara Lynn Coppa
  • Patent number: 11151263
    Abstract: A system or method for encryption of data includes a light source, a random optical element and a light detection element. The light source is arranged to transmit an input data signal to the random optical element. The light source is incident on the random optical element such that the input data signal is randomly scattered by the random optical element to generate an image at on the detector disposed at an output of the random optical element. The image received by the detector is applied to a compressive sensing algorithm to generate a transfer function. The transfer function defines a relationship between the input data signal and the image to enable estimation and reconstruction of the input data signal.
    Type: Grant
    Filed: July 31, 2019
    Date of Patent: October 19, 2021
    Assignee: National Technology & Engineering Solutions of Sandia, LLC
    Inventors: Gabriel Carlisle Birch, Charles Fredrick LaCasse, IV, John Clark Griffin, Christian Turner, Amber Lynn Dagel, Bryana Lynn Woo
  • Patent number: 11153291
    Abstract: A method for verifying that default passwords have been changed without causing a security lockout, is provided, including enabling user identifiers associated with a plurality of devices, prior to an initial security test, identifying, a default password for a user identifier of each device, attempting a login to each device using the default password for the user identifier of each device, wherein: in response to determining that the login is successful, raising an alert against the user identifier as a security concern and maintaining an enabled state of the user identifier, in response to determining that the login is unsuccessful, disabling the user identifier so that the user identifier is in a non-enabled state, until a security lockout interval elapses, and retrying the login only for each user identifier in an enabled state during one or more subsequent security tests initiated after a predetermined alert interval.
    Type: Grant
    Filed: September 12, 2019
    Date of Patent: October 19, 2021
    Assignee: International Business Machines Corporation
    Inventors: John J. Auvenshine, Per Lutkemeyer, Christian Sonder
  • Patent number: 11146538
    Abstract: Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.
    Type: Grant
    Filed: October 25, 2018
    Date of Patent: October 12, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine
  • Patent number: 11134073
    Abstract: In one embodiment, a device obtains certificate information for a plurality of network addresses. The device constructs, based on the certificate information, a bipartite graph that maps nodes representing common names from the certificate information to nodes representing autonomous systems. The device determines edge counts from the bipartite graph for the nodes representing the autonomous systems. The device identifies, based on the edge counts, a particular one of the common names as botnet-related by comparing edge counts for the autonomous systems associated with that particular common name to edge counts for the autonomous systems associated with one or more of the other common names.
    Type: Grant
    Filed: January 18, 2019
    Date of Patent: September 28, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Thomas Manianghat Mathew, Dhia Mahjoub
  • Patent number: 11134377
    Abstract: A method includes: pre-generating a key pair including a first public key and a first private key; acquiring identification information about a mobile terminal; encrypting the key pair including the first public key and the first private key using the identification information to obtain a first encrypted public key and a first encrypted private key and saving same; when a service key is encrypted, encrypting the service key using the first private key to obtain an encrypted service key; when the service key is decrypted, decrypting the encrypted service key using the first public key to obtain the service key; acquiring data needing to be encrypted/decrypted of the mobile terminal; and encrypting/decrypting the data using the service key. The security of the data can be protected off-line with low cost and without hardware protection, so that the data cannot be intercepted and tampered with.
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: September 28, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Yitao Song
  • Patent number: 11134376
    Abstract: A 5G user equipment (UE) can register for 5G services with a telecommunication network in part using a Subscription Concealed Identifier (SUCI), an encrypted version of a subscriber identifier, so that the actual subscriber identifier is not exposed during network registration. Legacy SIMs originally deployed for 4G/LTE and other legacy wireless access technologies store an international mobile subscriber identity (IMSI), but do not store a network public key needed to generate a SUCI. However, a 5G UE can still use a legacy SIM to securely obtain 5G services by encrypting the IMSI from the legacy SIM using a network public key stored in the 5G UE's own memory to generate a SUCI, and then transmitting the generated SUCI to the telecommunication network during network registration. Accordingly, the IMSI on the legacy SIM is not exposed during network registration.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: September 28, 2021
    Assignee: T-Mobile USA, Inc.
    Inventors: Kyeong Hun An, Mathew George, Phani Ramisetty
  • Patent number: 11134098
    Abstract: The life cycle of one or more containers related to one or more containerized applications is managed by determining that a predefined retention time for a first container of a plurality of containers has elapsed; in response to the determining, suspending new session traffic to the first container; and waiting for a predefined session dilution time before terminating the first container and/or changing a role of the first container. In some embodiments, the session dilution time allows existing sessions to complete before the first container is disconnected from a service platform.
    Type: Grant
    Filed: October 30, 2017
    Date of Patent: September 28, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Amit Lieberman, Oron Golan, Raul Shnier, Assaf Natanzon
  • Patent number: 11126740
    Abstract: An application running in a container is able to access files stored on disk via normal file system calls, but in a manner that remains isolated from applications and processes in other containers. In one aspect, a namespace virtualization component is coupled with a copy-on-write component. When an isolated application is accessing a file stored on disk in a read-only manner, the namespace virtualization component and copy-on-write component grant access to the file. But, if the application requests to modify the file, the copy-on-write component intercepts the I/O and effectively creates a copy of the file in a different storage location on disk. The namespace virtualization component is then responsible for hiding the true location of the copy of the file, via namespace mapping.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: September 21, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Sarosh C. Havewala, Christian Gregory Allred
  • Patent number: 11122039
    Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising memory configured to store information characterizing at least one run-time behavioural pattern, at least one processing core configured to perform a behavioural determination based at least partly on the stored information, concerning a network node, and to verify, as a response to a result of the behavioural determination, whether the network node is comprised on a list of valid network nodes.
    Type: Grant
    Filed: April 12, 2016
    Date of Patent: September 14, 2021
    Assignee: Comptel Oy
    Inventors: Stephen Lacey, Mikko Jarva
  • Patent number: 11113422
    Abstract: Systems, apparatuses, and methods related to a computer system having a processor and a main memory storing scrambled data are described. The processor may have a cache, a register, an execution unit, and an unscrambler. The processor can load the scrambled data into the cache; and the unscrambler may convert the scrambled data into unscrambled data just in time for the register or the execution unit during instruction execution. The unscrambled data can be an instruction, an address, or an operand of an instruction. Unscrambling can be performed just before loading the data item in a scrambled form from the cache into the register in an unscrambled form, or after the data item leaves the register in the scrambled form as input to the execution unit in the unscrambled form. The unscrambled data and the scrambled data may have the same set of bits arranged in different orders.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: September 7, 2021
    Assignee: Micron Technology, Inc.
    Inventor: Steven Jeffrey Wallach
  • Patent number: 11108803
    Abstract: A security system scans application programming interfaces (APIs) to detect security vulnerabilities by receiving API documentation from a third-party system associated with the API and organizing it in an API specification that describes the hostname of the API and one or more endpoints of the API. For each of the endpoints, the API specification includes a uniform resource identifier, a method term, an input content type, an output content type (if applicable), authorization details, and any associated parameters or arguments. The security system performs an audit job for each combination of endpoints, potential security vulnerabilities, and (in some embodiments) authentication flows. In some embodiments, the security system is able to access portions of the API requiring authentication by using authentication flows received from the third-party system and detect security vulnerabilities related to authentication by manipulating the authentication units that make up the authentication flow.
    Type: Grant
    Filed: March 1, 2017
    Date of Patent: August 31, 2021
    Assignee: Synopsys, Inc.
    Inventors: Shane Wilton, Benjamin D. Sedat, Angel Irizarry, Michael Borohovski, Ainsley K. Braun
  • Patent number: 11100241
    Abstract: To prevent ransomware from encrypting data elements stored in a memory of a computer-based system, the system identifies at least one identifier associated with a data element. The identifiers indicate an attribute(s) of the corresponding data element within the memory. The system then determines an optimal number of virtual traps for the data elements respective of at least one identifier. The system then determines an optimal position for each virtual trap corresponding to the at least one identifier. The system then positions the virtual traps at the determined position within the memory. The system monitors the data elements stored in the memory in order to identify whether changes have occurred, and determines respectively updated optimal number and positions of virtual traps.
    Type: Grant
    Filed: November 27, 2019
    Date of Patent: August 24, 2021
    Assignee: Palo Alto Networks, Inc.
    Inventor: Gil Barak
  • Patent number: 11100444
    Abstract: Data processing systems and methods, according to various embodiments, are adapted for performing a process of procuring a vendor and sub-processes associated therewith, such as performing vendor risk assessments and providing training specific to the procurement of that particular vendor. Training requirements for the user procuring the vendor and/or for the vendor itself are determined and any deficiencies in current, valid training requirements are identified. Training to address any identified deficiencies is provided as part of the vendor procurement process. Training may be customized based on trainee and/or organization attributes to improve the effectiveness of such training.
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: August 24, 2021
    Assignee: OneTrust, LLC
    Inventors: Jonathan Blake Brannon, Kabir A. Barday
  • Patent number: 11095688
    Abstract: Embodiments described include a method for implementing a privacy policy by a device intermediary to a plurality of clients and one or more servers. The method can include identifying, by a device intermediary to a plurality of clients and one or more servers, network traffic of a user that has not selected an option of a plurality of options of a privacy policy managed by the device. The method can include receiving, by the device, an indicator of a selection by the user of the option from the plurality of options of the privacy policy. The method can include handling, by the device, network traffic of the user according to the selected option of the privacy policy.
    Type: Grant
    Filed: October 5, 2018
    Date of Patent: August 17, 2021
    Assignee: Citrix Systems, Inc.
    Inventor: Abhishek Chauhan
  • Patent number: 11089004
    Abstract: A method at a network element for attestation of applications, the method including sending a challenge to an application at an electronic device; receiving a response from the electronic device; processing the response; and upon determining that the response is invalid based on the processing, taking an enforcement action against the application.
    Type: Grant
    Filed: May 1, 2019
    Date of Patent: August 10, 2021
    Assignee: BlackBerry Limited
    Inventors: Johnathan White, Amit Ghosh