Patents Examined by Saleh Najjar
  • Patent number: 11687631
    Abstract: A method for determining whether a user is a human is disclosed. The method includes receiving a request to determine whether a user attempting to access a service provided by a host compute device is a human, obtaining an input motion that the user entered while the user solved a challenge-response test for accessing the service, extracting a noise component of the input motion, retrieving a noise model characterizing noise patterns of input motions previously entered into graphical user interfaces by humans, comparing the noise component with the noise model, calculating a human likeness score of the user based on the comparison, determining whether the user is a human based on the human likeness score, and sending a result of the determination to the host compute device such that the host compute device can allow or restrict access to the service by the user depending on the result.
    Type: Grant
    Filed: June 23, 2022
    Date of Patent: June 27, 2023
    Assignee: Imperva, Inc.
    Inventors: Tyler James Paxton, Reid Michael Tatoris, Benjamin Trenda, Elvis Jakupovic, Steven P. Burkett, Adam Michael Janower
  • Patent number: 11675902
    Abstract: A system and method of de-elevating a process created in a computing device of a computer system are disclosed. In certain aspects, a method includes detecting a user login within a login session of a computing device in the computer system, the login session having a default security context. The method also includes creating a de-elevated security context for the login session, wherein the de-elevated security context has fewer privileges than the default security context. The method also includes detecting a process being created within the login session. The method further includes determining that the process is potentially malicious by comparing an intended state and a digital profile of the computing device. The method also includes launching the process using the de-elevated security context.
    Type: Grant
    Filed: December 5, 2018
    Date of Patent: June 13, 2023
    Assignee: VMWARE, INC.
    Inventor: Sisimon Soman
  • Patent number: 11669244
    Abstract: Some embodiments provide a method for a first device that identifies definitions of different groups of devices, each of which is defined by a set of properties required for a device to be a member. The method monitors properties of the first device to determine when the device is eligible for membership in a group. When the first device is eligible for membership in a first group of which the device is not a member, the method sends an application for membership in the first group signed with at least a private key of the device to at least one other device that is a member of the first group. When the first device becomes ineligible for membership in a second group of which the first device is a member, the method removes the device from the second group and notifies other devices that are members of the second group.
    Type: Grant
    Filed: May 30, 2019
    Date of Patent: June 6, 2023
    Assignee: Apple Inc.
    Inventors: Mitchell D. Adler, Michael Brouwer, Andrew R. Whalley, John C. Hurley, Richard F. Murphy, David P. Finkelstein
  • Patent number: 11664982
    Abstract: Methods and systems for managing cryptographic keys in on-premises and cloud computing environments and performing multi-party cryptography are disclosed. A cryptographic key can be retrieved from a hardware security module by a key management computer. The key management computer can generate key shares from the cryptographic key, and securely distribute the key shares to computer nodes or key share databases. The computer nodes can use the key shares in order to perform secure multi-party cryptography.
    Type: Grant
    Filed: September 24, 2018
    Date of Patent: May 30, 2023
    Assignee: Visa International Service Association
    Inventors: Oleg Gryb, Sekhar Nagasundaram
  • Patent number: 11658971
    Abstract: Virtual firewalls may be established that enforce sets of policies with respect to computing resources maintained by multi-tenant distributed services. Particular subsets of computing resources may be associated with particular tenants of a multi-tenant distributed service. A tenant may establish a firewalling policy set enforced by a virtual firewall for an associated subset of computing resources without affecting other tenants of the multi-tenant distributed service. Virtual firewalls enforcing multiple firewalling policy sets may be maintained by a common firewalling component of the multi-tenant distributed service. Firewalling policy sets may be distributed at multiple locations throughout the multi-tenant distributed service. For a request targeting a particular computing resource, the common firewalling component may identify the associated virtual firewall, and submit the request to the virtual firewall for evaluation in accordance with the corresponding firewalling policy set.
    Type: Grant
    Filed: May 30, 2019
    Date of Patent: May 23, 2023
    Assignee: Amazon Technologies, Inc.
    Inventors: Kevin Ross O'Neill, Mark Joseph Cavage, Nathan R. Fitch, Anders Samuelsson, Brian Irl Pratt, Yunong Jeff Xiao, Bradley Jeffery Behm, James E. Scharf, Jr.
  • Patent number: 11645397
    Abstract: A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.
    Type: Grant
    Filed: April 15, 2020
    Date of Patent: May 9, 2023
    Assignee: Crowd Strike, Inc.
    Inventors: David F. Diehl, James Robert Plush, Timothy Jason Berger
  • Patent number: 11646882
    Abstract: The present disclosure relates to a fifth generation (5G) or a pre-5G communication system for supporting higher data transmission rate compared to fourth generation (4G) communication systems such as Long Term Evolution (LTE). The present disclosure relates to generating a security key in a wireless communication system, and a method for operating a transmission end comprises the steps of: generating an encryption key using information related to channel estimation; and transmitting encrypted data to a receiving end using the encryption key.
    Type: Grant
    Filed: February 20, 2018
    Date of Patent: May 9, 2023
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Sanghyun Chang
  • Patent number: 11641285
    Abstract: Certificates issued by a CA are distributed across multiple CRLs. Each certificate issued by the CA is assigned to a specific CRL, and the address of that CRL is written to the appropriate field of the certificate, such that an authenticating application can subsequently determine if the certificate is revoked. When the CA revokes a specific one of the issued certificates, it determines to which CRL the revoked certificate is assigned, and updates the specific CRL accordingly. In some embodiments, a single one of the multiple CRLs is active for assignment of certificates at any given time, and each certificate issued by the CA is assigned to the currently active CRL. In other embodiments, assignments of issued certificates are distributed between different ones of a pre-determined number of multiple CRLs by applying a statistical distribution formula to each issued certificate to determine a corresponding target CRL.
    Type: Grant
    Filed: January 11, 2021
    Date of Patent: May 2, 2023
    Assignee: DigiCert, Inc.
    Inventors: Hari Veladanda, Hoa Ly, Ning Chai
  • Patent number: 11640464
    Abstract: The present disclosure describes a firmware analysis system and method that can generate a collection of protocol constraints from known firmware and apply the collection of protocol constraints towards an unknown firm to recognize protocol relevant fields and detect functionality within the unknown firmware.
    Type: Grant
    Filed: May 30, 2019
    Date of Patent: May 2, 2023
    Assignee: University of Florida Research Foundation, Inc.
    Inventors: Tuba Yavuz, Farhaan Fowze, Kevin Raymond Boyce Butler, Jing Tian, Grant Haydock Hernandez
  • Patent number: 11637709
    Abstract: An approach is disclosed for running a first smart contract on a first blockchain platform restricting access to a client's funds appropriated to a second smart contract running on a second blockchain platform. A transaction is received by invoking the first smart contract authorizing the second smart contract. In response to receiving an indication of a successful completion of the first smart contract, a plurality of client's authorization tickets are sent to the second smart contract. The invoked smart contract receives the set of authorization information and records the set of authorization information. After receiving a set of authenticated authorization tickets exceeding a predetermined threshold, the funds are released.
    Type: Grant
    Filed: May 4, 2021
    Date of Patent: April 25, 2023
    Assignee: 0CHAIN CORP.
    Inventors: Saswata Basu, Thomas Howard Austin
  • Patent number: 11627151
    Abstract: A verification platform may include a data connection to receive a stream of industrial asset cyber-attack detection algorithm data, including a subset of the industrial asset cyber-attack detection algorithm data. The verification platform may store the subset into a data store (the subset of industrial asset cyber-attack detection algorithm data being marked as invalid) and record a hash value associated with a compressed representation of the subset of industrial asset cyber-attack detection algorithm data combined with metadata in a secure, distributed ledger.
    Type: Grant
    Filed: October 31, 2018
    Date of Patent: April 11, 2023
    Assignee: General Electric Company
    Inventors: Daniel Francis Holzhauer, Lalit Mestha, Justin John
  • Patent number: 11616651
    Abstract: According to one embodiment, a system receives, at a host channel manager (HCM) of a host system, a request from an application to establish a secure channel with a data processing (DP) accelerator, where the DP accelerator is coupled to the host system over a bus. In response to the request, the system generates a first session key for the secure channel based on a first private key of a first key pair associated with the HCM and a second public key of a second key pair associated with the DP accelerator. In response to a first data associated with the application to be sent to the DP accelerator, the system encrypts the first data using the first session key. The system then transmits the encrypted first data to the DP accelerator via the secure channel over the bus.
    Type: Grant
    Filed: January 4, 2019
    Date of Patent: March 28, 2023
    Inventors: Yong Liu, Yueqiang Cheng, Jian Ouyang, Tao Wei
  • Patent number: 11615176
    Abstract: Conventionally, biometric template protection has been achieved to improve matching performance with high levels of security by use of deep convolution neural network models. However, such attempts have prominent security limitations mapping information of images to binary codes is stored in an unprotected form. Given this model and access to the stolen protected templates, the adversary can exploit the False Accept Rate (FAR) of the system. Secondly, once the server system is compromised all the users need to be re-enrolled again. Unlike conventional systems and approaches, present disclosure provides systems and methods that implement encrypted deep neural network(s) for biometric template protection for enrollment and verification wherein the encrypted deep neural network(s) is utilized for mapping feature vectors to a randomly generated binary code and a deep neural network model learnt is encrypted thus achieving security and privacy for data protection.
    Type: Grant
    Filed: September 23, 2020
    Date of Patent: March 28, 2023
    Inventors: Arun Kumar Jindal, Imtiyazuddin Shaik, Harika Narumanchi, Vasudha Kumari, Srinivasa Rao Chalamala, Rajan Mindigal Alasingara Bhattachar, Sachin Premsukh Lodha
  • Patent number: 11611432
    Abstract: A method for distributing data to a computing device using device level authentication includes: storing, in a memory of a computing device, a single use key encrypted with a first encryption, a server public key, and device data; generating a key pair comprising a device private key and a corresponding device public key; wrapping the device public key using the server public key; transmitting at least the device data, wrapped device public key, and the single use key encrypted with the first encryption to a server; receiving the single use key encrypted with a second encryption from the server; and executing a query on the memory to insert the received single use key encrypted with the second encryption.
    Type: Grant
    Filed: November 8, 2021
    Date of Patent: March 21, 2023
    Inventors: Abhinava Srivastava, Sapankumar K. Mandloi
  • Patent number: 11599832
    Abstract: A computing system can include a plurality of clients located outside a cloud-based computing environment, where each of the clients may be configured to encode respective original data with a respective unique secret key to generate data hypervectors that encode the original data. A collaborative machine learning system can operate in the cloud-based computing environment and can be operatively coupled to the plurality of clients, where the collaborative machine learning system can be configured to operate on the data hypervectors that encode the original data to train a machine learning model operated by the collaborative machine learning system or to generate an inference from the machine learning model.
    Type: Grant
    Filed: June 29, 2020
    Date of Patent: March 7, 2023
    Assignee: The Regents of the University of California
    Inventors: Mohsen Imani, Yeseong Kim, Tajana Rosing, Farinaz Koushanfar, Mohammad Sadegh Riazi
  • Patent number: 11593459
    Abstract: Techniques are disclosed for improving user experience of multimedia streaming over computer networks. More specifically, techniques presented herein reduce (or eliminate) latency in playback start time for streaming digital media content resulting from digital rights management (DRM) authorizations. A streaming media client (e.g., a browser, set-top box, mobile telephone or tablet “app”) may request a “fast-expiring” license for titles the streaming media client predicts a user is likely to begin streaming. A fast-expiring license is a DRM license (and associated decryption key) which is valid for only a very limited time after being used for playback. During the validity period of such a license, the client device requests a “normal” or “regular” license to continue accessing the title after the fast-expiring license expires.
    Type: Grant
    Filed: October 22, 2018
    Date of Patent: February 28, 2023
    Assignee: NETFLIX, INC.
    Inventors: Mark Watson, Anthony Neal Park, Mitch Zollinger
  • Patent number: 11595367
    Abstract: An apparatus includes a packet encryption circuit that uses an encryption keys to encrypt each of two or more portions of a data packet. Each portion is encrypted with a different encryption key and includes one or more layers of the data packet. A first portion includes a layer of the data packet with MAC information. The apparatus includes a packet transmitter that transmits, from a source router, an encrypted data packet to an intermediate router between the source router and a destination router. The encrypted data packet includes an encrypted version of the data packet encrypted using the encryption keys. The intermediate router has encryption keys sufficient for a service level agreement of the intermediate router and lacks a portion of the encryption keys. The source and destination routers use a MAC security standard for encryption and decryption of the data packet using the encryption keys.
    Type: Grant
    Filed: September 30, 2020
    Date of Patent: February 28, 2023
    Assignee: LENOVO Enterprise Solutions (Singapore) PTE. LTD.
    Inventors: Bogdan Chifor, George-Andrei Stanescu, Radu Iorga, Corneliu-Ilie Calciu
  • Patent number: 11593362
    Abstract: To efficiently determine intermediate data for use with an aggregate function while keeping confidentiality, a bit decomposition unit generates a share of a bit string by bit decomposition and concatenation of key attributes. A group sort generation unit generates a share of a first permutation, which performs a stable sort of the bit string in ascending order. A bit string sorting unit generates a share of a sorted bit string obtained by sorting the bit string with the first permutation. A flag generation unit generates a share of a flag indicating a boundary between groups. A key aggregate sort generation unit generates a share of a second permutation, which performs a stable sort of the negation of the flag in ascending order. A de-duplication unit generates shares of de-duplicated key attributes. A key sorting unit generates shares of sorted key attributes by sorting the de-duplicated key attributes.
    Type: Grant
    Filed: May 14, 2019
    Date of Patent: February 28, 2023
    Inventors: Dai Ikarashi, Koki Hamada
  • Patent number: 11568052
    Abstract: Embodiments seek to prevent detection of a sandbox environment by a potential malware application. To this end, execution of the application is monitored, and provide information about the execution to a reinforcement learning machine learning model. The model generates a suggested modification to make to the executing application. The model is provided with information indicating whether the application executed successfully or not, and this information is used to train the model for additional modifications. By modifying the potential malware execution during its execution, detection of a sandbox environment is prevented, and analysis of the potential malware applications features are better understood.
    Type: Grant
    Filed: May 31, 2020
    Date of Patent: January 31, 2023
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jugal Parikh, Geoffrey Lyall McDonald, Mariusz H. Jakubowski, Seyed Mehdi Fatemi Booshehri, Allan Gordon Lontoc Sepillo, Bradley Noah Faskowitz
  • Patent number: 11563557
    Abstract: An example operation may include one or more of configuring a blockchain network comprising first and second blockchain nodes, providing, by the first blockchain node, a data reference to the second blockchain node, accessing a document, by the second blockchain node, from the first blockchain node, and providing by the second blockchain node, a proof of receipt for the document to a shared blockchain ledger.
    Type: Grant
    Filed: April 24, 2018
    Date of Patent: January 24, 2023
    Assignee: International Business Machines Corporation
    Inventors: Chih-Hsiung Liu, Joey H. Y. Tseng, Chih-Wen Su, June-Ray Lin, Gary P. Noble