Patents Examined by Stephen T Gundry
-
Patent number: 11757907Abstract: A cybersecurity system is provided for automated cybersecurity insights, remediation recommendations, and service provisioning. The cybersecurity system can generate threat insights and/or generate remediation recommendations using machine learning models and cybersecurity data obtained from target networks, partners, and the like. To provision cybersecurity services, cybersecurity system may collect metadata regarding the network connections and use cases desired for one or more services. Once the metadata has been collected, the cybersecurity assessment system automatically provisions the selected services based on the provided data, such as duration of time elected, service metrics, and the like.Type: GrantFiled: June 18, 2020Date of Patent: September 12, 2023Assignee: Cytellix CorporationInventors: Brian Douglas Berger, Howard Chen Lin, Tanner Joseph Sirota
-
Patent number: 11748491Abstract: Systems and methods for determining and displaying platform-specific end-to-end security vulnerabilities via a graphical user interface (GUI) are disclosed. To provide users with visual indications of vulnerable computing aspects associated with a computing platform, the system identifies computing aspects associated with a platform. The system then obtains from a security entity, security-vulnerability descriptions that are associated with the platform. Using the security-vulnerability descriptions, the system then determines threat levels for each security-vulnerability description and then, using the determined threat levels, determines a computing aspect impact level for each computing aspect associated with the platform. The system then generates for display on a GUI, a graphical layout comprising each computing aspect impact level for each computing aspect associated with the platform.Type: GrantFiled: January 19, 2023Date of Patent: September 5, 2023Assignee: CITIBANK, N.A.Inventors: Prithvi Narayana Rao, Pramod Goyal
-
Patent number: 11750637Abstract: Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.Type: GrantFiled: February 22, 2021Date of Patent: September 5, 2023Assignee: SecurityScorecard, Inc.Inventors: Aleksandr Yampolskiy, Rob Blackin, Samuel Kassoumeh, Nick Matviko
-
Patent number: 11750636Abstract: A method for assessing a regular expression for vulnerability to ReDoS attacks includes receiving a regular expression for evaluating a string defined by ordered set of characters from an alphanumeric input device, and evaluating the regular expression for determining if a parsing operation of the string according to the regular expression results in a disproportionate resource consumption. The evaluation determines if the resource consumption constitutes a Regular expression Denial of Service (ReDoS) attack by providing a vulnerability indication of a single valid attack string, rather than attempting to find all possible attack strings. The valid attack string is defined by an input string for which evaluation based on the regular expression would result in disproportionate resource consumption.Type: GrantFiled: November 9, 2020Date of Patent: September 5, 2023Assignee: Two Six Labs, LLCInventors: Ian T. Blumenfeld, David Renardy
-
Patent number: 11750638Abstract: A system for detecting security threats in automated teller machines (ATMs) extracts baseline features from a first set of signals received from a first ATM, when the first ATM is initiated to operate. The baseline features represent a unique electrical signature of the first ATM. The system extracts test features from a second set of signals received from the first ATM, when the first ATM is in operation. The system determines whether there is a deviation between the test features and baseline features. If the system detects the deviation, the system determines that the first ATM is associated with a particular anomaly that makes the first ATM vulnerable to unauthorized access. The system determines that a second ATM is associated with the particular anomaly if the system detects the deviation between baseline features and test features associated with the second ATM.Type: GrantFiled: April 5, 2021Date of Patent: September 5, 2023Assignee: Bank of America CorporationInventor: Shailendra Singh
-
Patent number: 11750639Abstract: An automated teller machine (ATM) receives a first set of signals from components of the ATM. The first set of signals includes intercommunication electrical signals between the components of the ATM and electromagnetic radiation signals propagated from the components of the ATM. The ATM extracts baseline features from the first set of signals. The baseline features represent a unique electrical signature of the ATM. The ATM extracts test features from a second set of signals received from the component of the ATM. The ATM determines whether there is a deviation between the test features and baseline features. If the ATM detects the deviation, the ATM determines that the ATM is associated with a particular anomaly that makes the ATM vulnerable to unauthorized access.Type: GrantFiled: April 5, 2021Date of Patent: September 5, 2023Assignee: Bank of America CorporationInventor: Shailendra Singh
-
Patent number: 11750644Abstract: Novel tools and techniques are provided for implementing web-based monitoring and detection of fraudulent or unauthorized use of voice calling service. In various embodiments, a computing system might receive, from a user device associated with an originating party, a request to initiate a call session with a destination party, the request comprising user information associated with the originating party and a destination number associated with the destination party; might query a database with session data (including user information) to access permission data and configuration data; and might configure fraud logic using received configuration data from the database. The computing system might analyze the session data and permission data using the configured fraud logic to determine whether the originating party is permitted to establish the requested call session with the destination party; if so, might initiate one or more first actions; and, if not, might initiate one or more second actions.Type: GrantFiled: June 6, 2022Date of Patent: September 5, 2023Assignee: Level 3 Communications, LLCInventors: Andrew J. Broadworth, Matthew McCarthy
-
Patent number: 11750632Abstract: A method for detecting DoS attacks using an encrypted communication protocol includes estimating traffic telemetries of packets of at least ingress traffic passing over an insecure network that is directed to a protected entity by analyzing TCP headers of the packets, the packets using an encrypted version of a non-encrypted communication protocol, the packets being intended for the protected entity; providing at least one rate-based feature and at least one rate-invariant feature based on the estimated traffic telemetries, wherein the rate-based feature and the rate-invariant feature demonstrate a normal behavior of the traffic; and executing a mitigation action when a potential flood DoS attack using the encrypted communication protocol is detected by an evaluation of each of the at least one rate-based feature and the at least one rate-invariant feature with respect to respective baselines to determine whether the behavior of the ingress traffic indicates a potential flood DoS attack.Type: GrantFiled: May 31, 2022Date of Patent: September 5, 2023Assignee: RADWARE, LTD.Inventors: Ehud Doron, Lev Medvedovsky, David Aviv, Eyal Rundstein, Ronit Lubitch Greenberg, Avishay Balderman
-
Patent number: 11750645Abstract: Provided is a process including: obtaining, with a domain controller of a private computer network, a set of user-authentication credentials comprising a first username and a first password; querying a distributed credential-monitoring application; receiving query results including one or more passwords associated with the first username; determining that at least some of the one or more passwords in the query results match the obtained first password; and in response to the determination, blocking, with the domain controller, access to a first user account on the private computer network associated with the obtained first username and first password.Type: GrantFiled: February 14, 2022Date of Patent: September 5, 2023Assignee: SpyCloud, Inc.Inventors: David Endler, Alen Puzic, Edward Ross
-
Patent number: 11748516Abstract: A privacy-enhancing system, method, and non-transitory computer-readable medium for securely identifying an individual over time without retaining sensitive biometric data. In one embodiment, the system includes a local identity server including an electronic processor, a communication interface, and a memory. The electronic processor is configured to initiate a personalization of a partner-specific identification vehicle that identifies the individual based at least in part on an individual global unique identifier associated with the individual, receive a request for a service from the individual via the communication interface, receive consent and registration information from the individual via the communication interface, generate an identity confirmation that confirms an identity of the individual, and output the identity confirmation via the communication interface.Type: GrantFiled: December 30, 2021Date of Patent: September 5, 2023Assignee: MASTERCARD INTERNATIONAL INCORPRATEDInventors: Raman Narayanswamy, Przemek Praszczalek
-
Patent number: 11748488Abstract: A method, system and computer program product for facilitating risk mitigation of information security threats. Data obtained from at least one tracked data source is analyzed for identifying at least one event related to a threat, to be stored in a database comprising date and time of each event identified, enabling generation of threat timeline comprising temporally ordered sequence of each event related to respective threat identified. Features selected using correlation between features from threat timelines in the database and labeling assigned using records of threat usage incidents are extracted from events in threat timeline for the threat which the at least one event related thereto being identified and based thereon a dynamic score indicating an estimated level of risk posed by the threat is calculated using at least one machine learning model for predicting threat usage during a time window defined, enabling risk mitigation based on outputted indication thereof.Type: GrantFiled: December 23, 2020Date of Patent: September 5, 2023Assignee: Sixgill Ltd.Inventors: Nadav Binyamin Helfman, Alex Marks-Bluth, Omer Carmi, Ben Sterenson
-
Patent number: 11748490Abstract: A computer system includes an ensemble moving target defense architecture that protects the computer system against attack using one or more composable protection layers that change each churn cycle, thereby requiring an attacker to acquire information needed for an attack (e.g., code and pointers) and successfully deploy the attack, before the layers have changed state. Each layer may deploy a respective attack information asset protection providing multiple respective attack protections each churn cycle, wherein the respective attack information asset protections may differ.Type: GrantFiled: December 30, 2021Date of Patent: September 5, 2023Assignee: REGENTS OF THE UNIVERSITY OF MICHIGANInventors: Todd Austin, Valeria Bertacco, Mark Gallagher, Baris Kasikci
-
Patent number: 11727795Abstract: Disclosed herein are methods and systems for managing traffic violation or enforcement data using a distributed ledger. The distributed ledger provides a transparent chain of custody/evidence related to all digital interactions with traffic violation or enforcement data. The distributed ledger can be audited for data accuracy and integrity by nodes making up the system each time one of the nodes interacts with the traffic violation or enforcement data. For example, a digital evidence package related to a traffic violation event can be generated by a node within the system and a package digest can be logged in the distributed ledger beginning with the creation of the digital evidence package and each time that the digital evidence package is processed, modified, or reviewed by nodes within the system.Type: GrantFiled: June 3, 2022Date of Patent: August 15, 2023Assignee: Hayden AI Technologies, Inc.Inventors: Bo Shen, Bryan John Shea, Stuart Montagu McKee
-
Patent number: 11652843Abstract: A system and method for detecting cyber-attacks using quantile regression analysis are disclosed. The method includes identifying at least one hit quantile out of a plurality of quantiles, wherein at least one sample of traffic directed at a protected entity falls within quantile edges of the at least one identified hit quantile, wherein each of the plurality of quantiles is characterized by a probability distribution of at least one feature of a data stream, each of the plurality of quantiles having a respective probability estimate of bytes to fall into it; updating the probability estimates of the plurality of quantiles when the hit quantile has been identified; determining if the probability estimate of the at least one hit quantile is above a threshold; and detecting a cyber-attack when the probability estimate of the at least one hit quantile is above the threshold.Type: GrantFiled: December 31, 2020Date of Patent: May 16, 2023Assignee: RADWARE LTD.Inventors: Lev Medvedovsky, David Aviv
-
Patent number: 11647010Abstract: The technology disclosed relates to non-intrusively enforcing security during federated single sign-on (SSO) authentication without modifying a trust relationship between a service provider (SP) and an identity provider (IDP). In particular, it relates to an assertion proxy receiving a verified assertion from an IDP obtained from an assertion that is generated when a user logs into a service provider (SP) and is verified in dependence upon the IDP's public key. It also relates to evaluating the verified assertion against one or more security policies. It further relates to forwarding the verified assertion evaluated to the SP and causing establishment of a single sign-on (SSO) authenticated session without modifying the assertion.Type: GrantFiled: July 2, 2021Date of Patent: May 9, 2023Assignee: Netskope, Inc.Inventors: Lebin Cheng, Krishna Narayanaswamy, Kartik Kumar Chatnalli Deshpande Sridhar
-
Patent number: 11646868Abstract: An autonomous driving controller includes a plurality of parallel processors operating on common input data received from the plurality of autonomous driving sensors. Each of the plurality of parallel processors includes communication circuitry, a general processor, a security processor subsystem (SCS), and a safety subsystem (SMS). The communication circuitry supports communications between the plurality of parallel processors, including inter-processor communications between the general processors of the plurality of parallel processors, communications between the SCSs of the plurality of parallel processors using SCS cryptography, and communications between the SMSs of the plurality of parallel processors using SMS cryptography, the SMS cryptography differing from the SCS cryptography. The SCS and/or the SMS may each include dedicated hardware and/or memory to support the communications.Type: GrantFiled: April 20, 2021Date of Patent: May 9, 2023Assignee: Tesla, Inc.Inventors: Thaddeus Fortenberry, Samuel Douglas Crowder, Patryk Kaminski, Daniel William Bailey, David Glasco
-
Patent number: 11646881Abstract: Systems and methods for securely sharing and authenticating a last secret can include generating, by a cryptographic module on a first network node, a seed configured for deriving or recovering a last secret, the last secret providing access to a secure entity and being a last cryptographic element controlling access to the secure entity, creating, by the cryptographic module, an envelope for the seed, enveloping the seed by the envelope, and transmitting, by the cryptographic module, the seed to a computing system on a second node different than the first node, the computing system being configured to decrypt the envelope of the enveloped seed to recover the seed, and obtain the last secret based on the seed, where the cryptographic module is prevented from deriving the last secret.Type: GrantFiled: December 21, 2021Date of Patent: May 9, 2023Assignee: Wells Fargo Bank, N.A.Inventors: Phillip H. Griffin, Jeffrey J. Stapleton
-
Patent number: 11645419Abstract: A computer-implemented method can comprise determining, by a device comprising a processor, personally identifying data elements of data, representative of a group of transactions, that comprise personally identifying information according to an anonymization criterion associated with personally identifying information being determined not to be satisfied by the data elements, and storing, by the device, non-identifying data elements of the data to a non-identifying data store.Type: GrantFiled: June 14, 2021Date of Patent: May 9, 2023Assignee: VOLVO CAR CORPORATIONInventors: Douglas Robert Case, Bin Wang
-
Patent number: 11637854Abstract: A computer system may generate alerts related to a potential cyber attack an resource of an organization. The computer system may receive activity information associated with activity on a computer network of the organization, access contextual information about the resource, determine, based on the contextual information, select, based at least in part on the contextual information, one or more indicators that are indicative of a cyber attack against the resource to form a second plurality of indicators, and generate, based at least in part on the second plurality of indicators and the contextual information, a risk score, wherein the risk score indicates a probability that the resource is at risk of a cyber attack. In response to the risk score satisfying a threshold value, the computer system may generate an alert. Alerts may be presented using a graphical user interface. Analysts' actions may be tracked for review.Type: GrantFiled: February 14, 2022Date of Patent: April 25, 2023Assignee: Palantir Technologies Inc.Inventors: Cem Zorlular, Barrett Brown, Xiao (Raymoond) Tang, Alexandra Serenhov, Chuo Hao Yeo, Ihar Zalutski, Matthew Walsh
-
Patent number: 11637861Abstract: A method for securing a networked computer system executing an application includes identifying a vulnerable computer resource in the networked computer system, determining all computer resources in the networked computer system that are accessible from, or are accessed by, the vulnerable computer resource, and prioritizing implementation of a remediation action to secure the vulnerable computer resource if a vulnerability path extends from the vulnerable computer resource to a critical computer resource that contains sensitive information. The remediation action to secure the vulnerable computer resource is a safe remediation action that does not impact availability of the application executing on the networked computer system.Type: GrantFiled: January 23, 2020Date of Patent: April 25, 2023Assignee: BMC Software, Inc.Inventors: Siddharth Sukumar Burle, Ajoy Kumar, Manish Jain