Patents Examined by Syed A Zaidi
  • Patent number: 11818254
    Abstract: A share [x]i of plaintext x in accordance with Shamir's secret sharing scheme is expressed by N shares [x0]i, . . . , [xN?1]i, and each share generating device Ai obtains a function value ri=Pm(i(?))(si) of a seed si, obtains a first calculated value ?i=?(i, i(?))[xi(?)]i+ri using a Lagrange coefficient ?(i, i(?)), a share [xi(?)]i, and the function value ri, and outputs the first calculated value ?i to a share generating device Ai(?). Each share generating device Ai accepts a second calculated value ?i(+), obtains a third calculated value zi=?(i, i(+))[xi]i+?i(+) using a Lagrange coefficient ?(i, i(+)), a share [xi]i, and the second calculated value ?i(+), and obtains information containing the seed si and the third calculated value zi as a share SSi of the plaintext x in secret sharing and outputs the share SSi.
    Type: Grant
    Filed: August 16, 2018
    Date of Patent: November 14, 2023
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Dai Ikarashi, Ryo Kikuchi, Koji Chida
  • Patent number: 11818578
    Abstract: A security context obtaining method includes: a first access and mobility management function (AMF) receiving a first registration request message sent by a user equipment (UE) and validating integrity protection for the first registration request message; if the first AMF successfully validates integrity protection for the first registration request message, sending, by the first AMF, a second request message to a second AMF; the second AMF receiving the second request message; and if the second request message carries indication information and the indication information is used to indicate that the UE is validated, sending, by the second AMF, a security context of the UE to the first AMF.
    Type: Grant
    Filed: December 8, 2020
    Date of Patent: November 14, 2023
    Assignee: HONOR DEVICE CO., LTD.
    Inventors: Fei Li, Bo Zhang
  • Patent number: 11818171
    Abstract: Systems and methods are provided for determining an access request provided by an entity that seeks to interact with one or more backend systems through a middleware system, the access request including a genuine access token. The entity can be authenticated based on the genuine access token. When a client request is made to the middleware system with a genuine access token, the request can be made through a smart ingress and egress proxy which intercepts the request and replaces the genuine access token with an invalid access token. The middleware system can subsequently make authorized requests to downstream systems on behalf of the middleware system's client by treating the smart proxy as an egress proxy for those subsequent requests, and the smart proxy replaces the invalid access token with a genuine one.
    Type: Grant
    Filed: May 28, 2021
    Date of Patent: November 14, 2023
    Assignee: Palantir Technologies Inc.
    Inventor: James Ding
  • Patent number: 11810039
    Abstract: A method of detecting and responding to anomalous activity within a system involves generating a two-dimensional graphical image of a first dimension and a second dimension, and wherein the first dimension corresponds to a cyclical repeating interval made up of multiple bins, the graphical image having been generated such that a bin of the multiple bins, is the bin having a highest count, and the bin is scaled to the second dimension, and counts of all other bins in the interval are scaled relative to that highest count, graphically comparing the generated graphical image to an immediately preceding graphical image for similarity, and when a result of the comparison fails to satisfy a pre-specified similarity threshold, automatically triggering an appropriate anomaly detection-based follow-on action.
    Type: Grant
    Filed: March 23, 2021
    Date of Patent: November 7, 2023
    Assignee: Morgan Stanley Services Group Inc.
    Inventors: Robert R. Bruno, Luke A. Higgins
  • Patent number: 11805097
    Abstract: A network security platform (NSP) device and interaction method are disclosed. The interaction method provides network packet analysis for secure transmission protocols using ephemeral keys or keys that are negotiated dynamically. The NSP may be part of an Intrusion Protection System, or firewall. The disclosed approach does not use man-in-the-middle proxy. Instead, it includes monitoring connections ends: client and/or server, to intercept the required data or negotiated (or changed) encryption keys. Decrypted data may be sent to an NSP sensor in a secure manner for analysis. Alternatively, intercepted keys used for the encrypt/decrypt operations may be sent to an NSP sensor in a secure manner every time they are changed. The NSP sensor may then use the obtained keys to decrypt traffic prior to providing it to the inspection engines. Embodiments focused on inbound traffic to a web server may coordinate between a web server and an NSP.
    Type: Grant
    Filed: December 25, 2020
    Date of Patent: October 31, 2023
    Assignee: Skyhigh Security LLC
    Inventors: Manikandan Kenyan, Shelendra Sharma, Anil Abraham
  • Patent number: 11805107
    Abstract: The disclosed embodiments disclose techniques for extracting encryption keys to enable monitoring services. During operation, an encrypted connection is detected on a computing device. A monitoring service harvests an encryption key for this encrypted connection from the memory of a computing device and then forwards the encryption key to an intercepting agent in an intermediate computing environment that intercepts encrypted traffic that is sent between the computing device and a remote service via the encrypted connection.
    Type: Grant
    Filed: April 8, 2020
    Date of Patent: October 31, 2023
    Assignee: Nubeva, Inc.
    Inventors: Greig W. Bannister, Randy Yen-pang Chou
  • Patent number: 11797930
    Abstract: A system for securing data is disclosed. The system includes a processing subsystem including a connection module to evaluate a computing device corresponding to remote workers for compatibility with a peripheral edge computing device, the computing device is enabled with an edge assisted proctoring service. The system includes an edge computing subsystem including an authentication module to verify an identity of the remote workers on the computing device using verification processes. The edge computing subsystem includes an activity monitoring module to monitor activities of the remote workers by collecting streaming data in real-time on the peripheral edge computing device. The activity monitoring module identifies suspicious activities by processing the streaming data. The edge computing subsystem includes an alert generation module to generate an alert upon identifying the suspicious activities.
    Type: Grant
    Filed: November 30, 2020
    Date of Patent: October 24, 2023
    Assignee: Virtusa Corporation
    Inventor: Giridhara Padmanabha Rao Madakashira
  • Patent number: 11797497
    Abstract: Techniques for creating, sharing, and using bundles (also referred to as packages) in a multi-tenant database are described herein. A bundle is a schema object with associated hidden schemas. A bundle can be created by a provider user and can be shared with a plurality of consumer users. The bundle can be used to enable code sharing and distribution without losing control while maintaining security protocols.
    Type: Grant
    Filed: December 20, 2022
    Date of Patent: October 24, 2023
    Assignee: Snowflake Inc.
    Inventors: Damien Carru, Benoit Dageville, Subramanian Muralidhar, Eric Robinson, Sahaj Saini, David Schultz
  • Patent number: 11783028
    Abstract: Systems and methods are disclosed for identifying resources responsible for events. In one embodiment, a method may include determining a number of unique actors in a plurality of actors that have accessed the resource. The method may further include identifying from the plurality of actors a set of affected actors that has been affected by an event and identifying from the set of affected actors a subset of resource-affected actors that accessed the resource prior to being affected by the event. The method may further include determining a number of resource-affected actors in the subset of resource-affected actors and, based on the number of unique actors and the number of resource-affected actors, determining an event score for the resource. The event score may be a lower bound of a confidence interval of a binomial proportion of the number of resource-affected actors to the number of unique actors.
    Type: Grant
    Filed: July 8, 2020
    Date of Patent: October 10, 2023
    Assignee: Capital One Services, LLC
    Inventors: Chris Moradi, Jacob Sisk, Evan Bloom, Craig Gimby, Xin Sun
  • Patent number: 11762987
    Abstract: Systems and methods are provided for data randomization using live patching. A method may comprise generating a plurality of randomization live patches, wherein each randomization live patch comprises a respective technique for swapping data values within a data structure. The method may comprise identifying software comprising at least one of: an operating system and an application, identifying a first data structure associated with the software, and selecting a first randomization live patch from the plurality of randomization live patches. The method may comprise modifying, during runtime and without restarting the software, the software using the first randomization live patch such that data values within the first data structure are swapped or shifted in accordance with a first technique.
    Type: Grant
    Filed: January 24, 2022
    Date of Patent: September 19, 2023
    Assignee: Cloud Linux Software Inc.
    Inventor: Kirill Korotaev
  • Patent number: 11765185
    Abstract: One variation of a method for verifying email senders includes: intercepting an email addressed to a target recipient within an organization, the email received from a sender at an inbound email address and including an inbound display name; accessing a whitelist including a verified display name and a set of verified email addresses corresponding to an employee within the organization; characterizing a display name difference between the inbound display name and the verified display name; in response to the display name difference falling below a threshold difference, comparing the inbound email address to the set of verified email addresses; in response to identifying the inbound email address in the set of verified email addresses, authorizing transmission of the email to the target recipient; and, in response to the set of verified email addresses omitting the inbound email address, withholding transmission of the email and flagging the email for authentication.
    Type: Grant
    Filed: December 18, 2020
    Date of Patent: September 19, 2023
    Assignee: Paubox, Inc.
    Inventor: Hoala Greevy
  • Patent number: 11764954
    Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.
    Type: Grant
    Filed: December 30, 2019
    Date of Patent: September 19, 2023
    Assignee: Apple Inc.
    Inventors: Wade Benson, Libor Sykora, Vratislav Kuzela, Michael Brouwer, Andrew R. Whalley, Jerrold V. Hauck, David Finkelstein, Thomas Mensch
  • Patent number: 11734404
    Abstract: Systems and methods relate generally to attendee authentication. In a method, a robot gatekeeper has a multi-function printer with program code configured for character recognition and handwriting analysis. The program code is executed by a processor coupled to the memory to initiate operations including: instructing for placement of a hand for a palm vein scanner and a badge for a badge reader; reading a badge to obtain first identification information; reading a palm to obtain first biometric data; accessing a database to obtain second identification information responsive to the first identification information; comparing the first biometric data and second biometric data obtained from the second identification information; printing an anti-tampering feature on a card; scanning a hand written sample on the card; and analyzing the hand written sample scanned with respect to at least one handwriting exemplar in or associated with the second identification information.
    Type: Grant
    Filed: January 21, 2021
    Date of Patent: August 22, 2023
    Assignee: KYOCERA Document Solutions Inc.
    Inventors: Jacek Joseph Matysiak, Dilinur Wushour
  • Patent number: 11729078
    Abstract: Devices and method are disclosed for a load allocation and monitoring for a resource to be allocated in a network, where the resource to be allocated is a critical resource in terms of supply security for a population group and/or a system, and the critical resource comprises electric power, where the network is subdivided into network units, and each network unit has a network unit controller.
    Type: Grant
    Filed: March 20, 2020
    Date of Patent: August 15, 2023
    Assignee: RHEINISCH-WESTFĂ„LISCHE TECHNISCHE HOCHSCHULE (RWTH) AACHEN
    Inventors: Abhinav Sadu, Gianluca Lipari, Ferdinanda Ponci, Jindal Akshay
  • Patent number: 11720655
    Abstract: Methods, devices and systems for enabling a specific registered user to log into a computerized system having multiple registered users by continuously staring at a display associated with the computerized system for at least a pre-determined threshold duration, without requiring any input other than staring to initiate the login process, and without requiring the user to provide any additional login information or authentication information.
    Type: Grant
    Filed: August 20, 2018
    Date of Patent: August 8, 2023
    Inventors: Dov Moran, Menahem Lasser
  • Patent number: 11704393
    Abstract: A user, using a user-computing device connected to a computer network, is authenticated to access a computing resource managed by a system on the computer network. The user computing device presents a user interface to prompt the user to input a value for each of a set of user-defined credentials that the user has previously defined for a SAIF server to authenticate the user to access the computer resource, thereby forming a set of input values. Modified values, each generated from and representing a corresponding one of the input values, are transmitted and validated by comparing them with corresponding modified forms of user-defined credential values stored in a memory, thereby determining whether the user is authenticated to access the computing resource on the system.
    Type: Grant
    Filed: July 15, 2021
    Date of Patent: July 18, 2023
    Inventor: Harsha Ramalingam
  • Patent number: 11704431
    Abstract: Cybersecurity and data categorization efficiency are enhanced by providing reliable statistics about the number and location of sensitive data of different categories in a specified environment. These data sensitivity statistics are computed while iteratively sampling a collection of blobs, files, or other stored items that hold data. The items may be divided into groups, e.g., containers or directories. Efficient sampling algorithms are described. Data sensitivity statistic gathering or updating based on the sampling activity ends when a specified threshold has been reached, e.g., a certain number of items have been sampled, a certain amount of data has been sampled, sampling has used a certain amount of computational resources, or the sensitivity statistics have stabilized to a certain extent.
    Type: Grant
    Filed: May 29, 2019
    Date of Patent: July 18, 2023
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Naama Kraus, Tamer Salman, Salam Bashir
  • Patent number: 11704416
    Abstract: Methods and systems for performing a computational operation on a server host are provided. Exemplary methods include: receiving an encrypted service request from a client host, the client host encrypting a service request to produce the encrypted service request using a shared secret, the service request specifying the computational operation; decrypting, in a secure enclave, the encrypted service request using the shared secret to produce a decrypted service request, the secure enclave preventing other software running on the server host from accessing the shared secret and other data stored in a memory space; performing the computational operation, in the secure enclave, using the decrypted service request to generate a service result; encrypting, in the secure enclave, the service result using the shared secret to create an encrypted service result; and providing the encrypted service result to the client host, the client host decrypting the encrypted service result.
    Type: Grant
    Filed: October 19, 2020
    Date of Patent: July 18, 2023
    Assignee: Enveil, Inc.
    Inventors: Ellison Anne Williams, Ryan Carr
  • Patent number: 11687930
    Abstract: Systems and methods for authentication may include a first device including a memory, a communication interface, and one or more processors. The memory may include a counter value, transmission data, and at least one key. The one or more processors may be in communication with the memory and communication interface. The one or more processors may be configured to create a cryptogram using the at least one key and counter value, wherein the cryptogram includes the counter value and the transmission data; transmit the cryptogram via the communication interface; update the counter value after cryptogram transmission; receive an encrypted access token via the communication interface; decrypt the encrypted access token; store the decrypted access token in the memory; and transmit, after entry of the communication interface into a communication field, the access token via the communication interface for access to one or more resources, wherein the access token is encrypted.
    Type: Grant
    Filed: January 28, 2021
    Date of Patent: June 27, 2023
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventors: Jeffrey Rule, Kaitlin Newman, Rajko Ilincic
  • Patent number: 11687653
    Abstract: A system, method, and apparatus for identifying and removing malicious applications are disclosed. An example apparatus includes an executable application configured to collect data regarding processes operating on a client device during a time period. The executable application is also configured to purposefully access, during the time period, an application server using a web browser on the client device in an attempt to trigger a malicious application potentially located on the client device. The executable application is configured to transmit, after the time period, the collected data to an analysis server to determine whether the malicious application is located on the client device.
    Type: Grant
    Filed: March 18, 2019
    Date of Patent: June 27, 2023
    Assignee: SUNSTONE INFORMATION DEFENSE, INC.
    Inventor: David K. Ford