Patents Examined by Simon P Kanaan
  • Patent number: 11520888
    Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform, including a processor, a memory, and a network interface; a bucketized reputation modifier table; and instructions encoded within the memory to instruct the processor to: perform a feature-based malware analysis of an object; assign the object a malware reputation according to the feature-based malware analysis; query and receive via the network interface a complementary score for a complementary property of the object; query the bucketized reputation modifier table according to the complementary score to receive a reputation modifier for the object; adjust the object's reputation according to the reputation modifier; and take a security action according to the adjusted reputation.
    Type: Grant
    Filed: October 29, 2020
    Date of Patent: December 6, 2022
    Assignee: McAfee, LLC
    Inventors: Steven Grobman, Jonathan B. King, Yonghong Huang, Amit Kumar
  • Patent number: 11522853
    Abstract: An image forming apparatus capable of maintaining user's convenience in performing transmission while utilizing a transmission setting even when destinations usable for the transmission according to the transmission setting are restricted to a predetermined destination such as an authenticated user's address in order to enhance security. In a case where destinations usable for the transmission according to the transmission setting are restricted to an authenticated user's address and where at least one transmission destination registered in the transmission setting differs from the user's address, the at least one transmission destination registered in the transmission setting is rewritten to the authenticated user's address.
    Type: Grant
    Filed: March 17, 2020
    Date of Patent: December 6, 2022
    Inventor: Hiroyoshi Takamiya
  • Patent number: 11514188
    Abstract: Systems and methods for serving subject access requests (SARs) are disclosed. A network connection is established with a user. An SAR, including at least one piece of personal data corresponding to an entity associated with said user, is received from the user via the network connection. Text data is extracted from a plurality of data objects, the data objects including personal data associated with the user. The text data is then processed to identify instances of names and instances of personal data within the text data. Associations are generated between identified names and identified personal data. A subset of the identified personal data that corresponds to the entity is identified based on the associations. A response to the SAR is provided, based at least in part on the identified personal data corresponding to the entity.
    Type: Grant
    Filed: March 26, 2020
    Date of Patent: November 29, 2022
    Assignee: Egnyte, Inc.
    Inventors: Amrit Jassal, Debjit Bhattacharjee, Vikram Chandrasekhar, Tomasz Marek Kaczmarek, Willy Lanig Picard, Marcin Artur Zablocki
  • Patent number: 11507659
    Abstract: Embodiments herein facilitate resisting side channel attacks through various implementations and combinations of implementations. In embodiments, this is accomplished by preventing sensitive data from consecutively following other data through potentially vulnerable resources which otherwise may cause data to leak. Where such vulnerabilities to attacks are known, suspected, or as a proactive precaution, a cleaner can be used to inhibit the sensitive data from passing through the vulnerable areas consecutively and thus inhibit the leakage. Embodiments also envision utilizing certain types of circuits to assist in preventing leakage. By using such circuits one can reduce or even potentially eliminate the requirement for cleaners as mentioned previously.
    Type: Grant
    Filed: September 25, 2020
    Date of Patent: November 22, 2022
    Assignee: Cryptography Research, Inc.
    Inventors: Sami Saab, Elke De Mulder, Pankaj Rohatgi, Craig E. Hampel, Jeremy Cooper, Winthrop Wu
  • Patent number: 11500970
    Abstract: A method and data processing system are provided for determining if a machine learning model has been copied. The machine learning model has a plurality of nodes, the plurality of nodes is organized as a plurality of interconnected layers, and the plurality of interconnected layers includes an input layer and an output layer. The output layer has a predetermined number of output nodes for classifying input samples into a predetermined number of categories, where each output node corresponds to a category. An additional watermarking node is added to the output layer. The model is trained to classify the input data into the predetermined number of categories and into an additional category for the additional node. The additional node may be added to another model to determine if the another model is a copy or clone of the ML model.
    Type: Grant
    Filed: August 2, 2019
    Date of Patent: November 15, 2022
    Assignee: NXP B.V.
    Inventors: Joppe Willem Bos, Simon Johann Friedberger, Nikita Veshchikov, Christine van Vredendaal
  • Patent number: 11502824
    Abstract: Generally described, one or more aspects of the present application correspond to techniques for creating encrypted block store volumes of data from unencrypted object storage snapshots of the volumes. These encryption techniques use a special pool of servers for performing the encryption. These encryption servers are not accessible to users, and they perform encryption and pass encrypted volumes to other block store servers for user access. The encryption context for the volumes can be persisted on the encryption severs for as long as needed for encryption and not shared with the user-facing servers in order to prevent user access to encryption context.
    Type: Grant
    Filed: June 23, 2020
    Date of Patent: November 15, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Sandeep Kumar, Danny Wei, Lalit Jain, Varun Verma, Oscar Allen Grim Courchaine, Kristina Kraemer Brenneman, Sriram Venugopal, Arvind Chandrasekar
  • Patent number: 11487857
    Abstract: A fog/edge server machine for authenticating a user in an edge computing model is disclosed using a data spectrum table and spectrum hash values to improve performance, efficiency, and/or security. The edge computing model may include, in some examples, a secure Internet of Things (IoT) and/or mobile-based authentication system. Illustrative embodiments of a spectrum table stored at fog/edge server, a spectrum data array and spectrum hash value generated and stored in memory at the fog/edge sever, and a large, data table stored at an application server are disclosed herein to show continuous/subsequent authentication of the user with attributes/values/inputs collected by one or more edge devices during post-login activities/interactions to re-authenticate/maintain the authentication.
    Type: Grant
    Filed: September 24, 2019
    Date of Patent: November 1, 2022
    Assignee: Bank of America Corporation
    Inventors: Nagasubramanya Lakshminarayana, Vijay Kumar Yarabolu
  • Patent number: 11483354
    Abstract: Embodiments provide a system and method for reasoning about the optimality of a configuration parameter of a distributed system. During operation, the system obtains a multi-layer graph for a system with a plurality of components, wherein the multi-layer graph comprises a configuration subgraph, a vulnerability subgraph, and a dependency subgraph. The system determines, based on the multi-layer graph, constraint relationships associated with configuration parameters for the components, wherein the constraint relationships include security constraints and functionality constraints. The system computes an unsatisfiable core which comprises a set of mutually incompatible constraints.
    Type: Grant
    Filed: July 8, 2020
    Date of Patent: October 25, 2022
    Assignee: Palo Alto Research Center Incorporated
    Inventors: Hamed Soroush, Shantanu Rane
  • Patent number: 11475128
    Abstract: A method includes training a first machine learning model with a first dataset, to produce a first trained machine learning model to infer cybersecurity-oriented file properties and/or detect cybersecurity threats within a first domain. The first dataset includes labeled files associated with the first domain. The first trained machine learning model includes multiple layers, some of which are trainable. A second trained machine learning model is generated, via a transfer learning process, using (1) at least one trainable layer from the multiple trainable layers of the first trained machine learning model, and (2) a second dataset different from the first dataset. The second dataset includes labeled files associated with a second domain. The first domain has a different syntax, different semantics, and/or a different structure than that of the second domain. The second trained machine learning model (e.g.
    Type: Grant
    Filed: August 16, 2019
    Date of Patent: October 18, 2022
    Assignee: Mandiant, Inc.
    Inventors: Scott Eric Coull, David Krisiloff, Giorgio Severi
  • Patent number: 11470472
    Abstract: Methods and systems for performing wireless communication are presented. In one example, a wireless peripheral device comprises a wireless transceiver configured to receive and transmit data over a primary channel, an optical sensor configured to receive data over an out-of-band channel, and one or more processors configured to: receive, via the wireless transceiver and over the primary channel, wireless signals including first key data from a second device; receive, via the optical sensor, optical signals including verification data from the second device; verify the first key data based on the verification data; and responsive to verifying the first key data based on the verification data, generate a digital security key based on the first key data, the digital security key used for following data transmission between the wireless peripheral device and the second device via the wireless transceiver.
    Type: Grant
    Filed: May 31, 2019
    Date of Patent: October 11, 2022
    Assignee: Logitech Europe S.A.
    Inventors: Philippe Chazot, Marc Viredaz, Jiri Holzbecher
  • Patent number: 11463871
    Abstract: Techniques are described for wireless communication. A method for wireless communication at a user equipment (UE) includes performing an extensible authentication protocol (EAP) procedure with an authentication server via an authenticator. The EAP procedure is based at least in part on a set of authentication credentials exchanged between the UE and the authentication server. The method also includes deriving, as part of performing the EAP procedure, a master session key (MSK) and an extended master session key (EMSK) that are based at least in part on the authentication credentials and a first set of parameters; determining a network type associated with the authenticator; and performing, based at least in part on the determined network type, at least one authentication procedure with the authenticator. The at least one authentication procedure is based on an association of the MSK or the EMSK with the determined network type.
    Type: Grant
    Filed: September 27, 2019
    Date of Patent: October 4, 2022
    Assignee: QUALCOMM Incorporated
    Inventors: Soo Bum Lee, Anand Palanigounder, Adrian Edward Escott
  • Patent number: 11455404
    Abstract: Aspects and features of the present disclosure can provide a trusted, privacy-preserved deduplication process by executing deduplication functions in a trusted execution environment (TEE). In some examples, encrypted, incoming user data blocks are decrypted in the TEE to produce unencrypted user data blocks. An incoming digital fingerprint or each unencrypted user data block is produced. A processing device can compare the incoming digital fingerprint to existing digital fingerprints stored in the TEE to determine a presence of the incoming digital fingerprint and hence the presence of a copy of the data block in the storage platform, and writes the encrypted. Incoming data blocks are written to storage only when necessary. The technique allows public mass storage systems to meet cybersecurity objectives while achieving the storage space efficiency that deduplication provides.
    Type: Grant
    Filed: May 28, 2020
    Date of Patent: September 27, 2022
    Assignee: RED HAT, INC.
    Inventors: Huamin Chen, Michael Bursell
  • Patent number: 11451398
    Abstract: A computer implemented method of validating use of a computing resource by a an executing requester software module from a plurality of discrete software modules, the method including validating a characteristic of the requester software module; generating a first transaction defining criteria for consumption of the computing resource by the requester software module, the first transaction being encrypted with a private key from a public key/private key pair and being added as part of a block of transactions to a blockchain data structure; generating a subsequent encrypted transaction corresponding to a request of the requester software module to consume the computing resource, the subsequent transaction referring to the first transaction, wherein the subsequent transaction is validated by a transaction miner computing component from a plurality of miners by authenticating the transaction using the public key and verifying compliance with the criteria defined in each transaction.
    Type: Grant
    Filed: May 3, 2018
    Date of Patent: September 20, 2022
    Assignee: British Telecommunications Public Limited Company
    Inventor: Robert Ghanea-Hercock
  • Patent number: 11449607
    Abstract: Some examples relate generally to computer architecture software for information security and, in some more particular aspects, to machine learning based on changes in snapshot metadata for anomaly and ransomware detection in a file system.
    Type: Grant
    Filed: August 7, 2019
    Date of Patent: September 20, 2022
    Assignee: Rubrik, Inc.
    Inventors: Oscar Annen, Di Wu, Ajay Saini
  • Patent number: 11443027
    Abstract: Disclosed is a method of controlling an intelligent electronic device including initiating implicit continuous authentication, obtaining sensor data from at least one sensor, classifying a security level of the intelligent electronic device into at least two states having different security on the basis of the sensor data, and determining an authentication period of the implicit continuous authentication according to the classified security level, wherein the at least one sensor is continuously activated on the basis of the determined authentication period.
    Type: Grant
    Filed: April 30, 2019
    Date of Patent: September 13, 2022
    Inventors: Younghyeog Jeon, Beomoh Kim, Sungjin Kim
  • Patent number: 11444785
    Abstract: Example techniques for establishing trusted communication with container-based services are described. In an example, a digital certificate stored in a memory is injected from the memory into a container. The container is external to the memory. The digital certificate is usable to establish a trusted communication between a service deployed in the container and a software program.
    Type: Grant
    Filed: March 5, 2019
    Date of Patent: September 13, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Kiran Kumar Vaddi, Om Kumar, Jaivish Kothari
  • Patent number: 11444977
    Abstract: Web sites are crawled using multiple browser profiles to avoid malicious cloaking. Based on web page content returned from HTTP requests using the multiple browser profiles, web sites returning substantively different content to HTTP requests for different browser profiles are identified. Web sites are further filtered by common cloaking behavior, and redirect scripts are extracted from web page content that performed cloaking. Signatures comprising tokenized versions of the redirect scripts are generated and compared to a database of known cloaking signatures. URLs corresponding to signatures having approximate matches with signatures in the database are flagged for recrawling. Recrawled URLs are verified for malicious cloaking again using HTTP requests from multiple browser profiles.
    Type: Grant
    Filed: October 22, 2019
    Date of Patent: September 13, 2022
    Assignee: Palo Alto Networks, Inc.
    Inventors: Oleksii Starov, Zhanhao Chen, Yuchen Zhou, Fang Liu
  • Patent number: 11436360
    Abstract: The present disclosure provides a system for storing encrypted data. The system comprises a server and a plurality of clients. A first client of the plurality of clients is configured to send to the server a first reference value calculated from data to be encrypted and stored. The server is configured to determine a group of second clients from the plurality of clients, the second clients having each sent to the server data with a second reference value equal to the first reference value. The group of second clients is configured to perform a passive key exchange protocol with the first client, and the server is configured to determine, based on a result of the passive key exchange protocol, whether the data is to be stored in full or as deduplicated data.
    Type: Grant
    Filed: May 22, 2020
    Date of Patent: September 6, 2022
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Yong Li
  • Patent number: 11436349
    Abstract: An embodiment of the present invention is directed to leveraging GPU farms for machine learning where the selection of data is self-service. The data may be cleansed based on a classification and automatically transferred to a cloud services platform. This allows an entity to leverage the commoditization of the GPU farms in the public cloud without exposing data into that cloud. Also, an entire creation of a ML instance may be fully managed by a business analyst, data scientist and/or other users and teams.
    Type: Grant
    Filed: November 8, 2019
    Date of Patent: September 6, 2022
    Inventors: Brian J. Smyth, Mehul Jani, Kunjithapatham Muthuvelayutham
  • Patent number: 11435990
    Abstract: The methods and apparatus for detecting malware using JAR file decompilation are disclosed. An apparatus for decompiling class files, the apparatus comprising a class feature unpacker to unpack a class feature from a class file included in an instruction set, a constant pool address generator to generate a constant pool address table, from the class features, including a plurality of constant pool blocks, based on constant pool type, through an iterative process, a class feature identifier to determine values for each constant pool block based on a constant pool type and store the determined values as a class file feature set, a feature value identifier to obtain raw feature values from a class file feature set and non-class file features, and a feature matrix generator to generate a matrix based on the raw features that correspond to the instruction set.
    Type: Grant
    Filed: August 14, 2019
    Date of Patent: September 6, 2022
    Assignee: MCAFEE, LLC
    Inventor: Daniel Burke