Patents Examined by Syed A Zaidi
-
Patent number: 11818254Abstract: A share [x]i of plaintext x in accordance with Shamir's secret sharing scheme is expressed by N shares [x0]i, . . . , [xN?1]i, and each share generating device Ai obtains a function value ri=Pm(i(?))(si) of a seed si, obtains a first calculated value ?i=?(i, i(?))[xi(?)]i+ri using a Lagrange coefficient ?(i, i(?)), a share [xi(?)]i, and the function value ri, and outputs the first calculated value ?i to a share generating device Ai(?). Each share generating device Ai accepts a second calculated value ?i(+), obtains a third calculated value zi=?(i, i(+))[xi]i+?i(+) using a Lagrange coefficient ?(i, i(+)), a share [xi]i, and the second calculated value ?i(+), and obtains information containing the seed si and the third calculated value zi as a share SSi of the plaintext x in secret sharing and outputs the share SSi.Type: GrantFiled: August 16, 2018Date of Patent: November 14, 2023Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATIONInventors: Dai Ikarashi, Ryo Kikuchi, Koji Chida
-
Patent number: 11818578Abstract: A security context obtaining method includes: a first access and mobility management function (AMF) receiving a first registration request message sent by a user equipment (UE) and validating integrity protection for the first registration request message; if the first AMF successfully validates integrity protection for the first registration request message, sending, by the first AMF, a second request message to a second AMF; the second AMF receiving the second request message; and if the second request message carries indication information and the indication information is used to indicate that the UE is validated, sending, by the second AMF, a security context of the UE to the first AMF.Type: GrantFiled: December 8, 2020Date of Patent: November 14, 2023Assignee: HONOR DEVICE CO., LTD.Inventors: Fei Li, Bo Zhang
-
Patent number: 11818171Abstract: Systems and methods are provided for determining an access request provided by an entity that seeks to interact with one or more backend systems through a middleware system, the access request including a genuine access token. The entity can be authenticated based on the genuine access token. When a client request is made to the middleware system with a genuine access token, the request can be made through a smart ingress and egress proxy which intercepts the request and replaces the genuine access token with an invalid access token. The middleware system can subsequently make authorized requests to downstream systems on behalf of the middleware system's client by treating the smart proxy as an egress proxy for those subsequent requests, and the smart proxy replaces the invalid access token with a genuine one.Type: GrantFiled: May 28, 2021Date of Patent: November 14, 2023Assignee: Palantir Technologies Inc.Inventor: James Ding
-
Patent number: 11810039Abstract: A method of detecting and responding to anomalous activity within a system involves generating a two-dimensional graphical image of a first dimension and a second dimension, and wherein the first dimension corresponds to a cyclical repeating interval made up of multiple bins, the graphical image having been generated such that a bin of the multiple bins, is the bin having a highest count, and the bin is scaled to the second dimension, and counts of all other bins in the interval are scaled relative to that highest count, graphically comparing the generated graphical image to an immediately preceding graphical image for similarity, and when a result of the comparison fails to satisfy a pre-specified similarity threshold, automatically triggering an appropriate anomaly detection-based follow-on action.Type: GrantFiled: March 23, 2021Date of Patent: November 7, 2023Assignee: Morgan Stanley Services Group Inc.Inventors: Robert R. Bruno, Luke A. Higgins
-
Patent number: 11805097Abstract: A network security platform (NSP) device and interaction method are disclosed. The interaction method provides network packet analysis for secure transmission protocols using ephemeral keys or keys that are negotiated dynamically. The NSP may be part of an Intrusion Protection System, or firewall. The disclosed approach does not use man-in-the-middle proxy. Instead, it includes monitoring connections ends: client and/or server, to intercept the required data or negotiated (or changed) encryption keys. Decrypted data may be sent to an NSP sensor in a secure manner for analysis. Alternatively, intercepted keys used for the encrypt/decrypt operations may be sent to an NSP sensor in a secure manner every time they are changed. The NSP sensor may then use the obtained keys to decrypt traffic prior to providing it to the inspection engines. Embodiments focused on inbound traffic to a web server may coordinate between a web server and an NSP.Type: GrantFiled: December 25, 2020Date of Patent: October 31, 2023Assignee: Skyhigh Security LLCInventors: Manikandan Kenyan, Shelendra Sharma, Anil Abraham
-
Patent number: 11805107Abstract: The disclosed embodiments disclose techniques for extracting encryption keys to enable monitoring services. During operation, an encrypted connection is detected on a computing device. A monitoring service harvests an encryption key for this encrypted connection from the memory of a computing device and then forwards the encryption key to an intercepting agent in an intermediate computing environment that intercepts encrypted traffic that is sent between the computing device and a remote service via the encrypted connection.Type: GrantFiled: April 8, 2020Date of Patent: October 31, 2023Assignee: Nubeva, Inc.Inventors: Greig W. Bannister, Randy Yen-pang Chou
-
Patent number: 11797930Abstract: A system for securing data is disclosed. The system includes a processing subsystem including a connection module to evaluate a computing device corresponding to remote workers for compatibility with a peripheral edge computing device, the computing device is enabled with an edge assisted proctoring service. The system includes an edge computing subsystem including an authentication module to verify an identity of the remote workers on the computing device using verification processes. The edge computing subsystem includes an activity monitoring module to monitor activities of the remote workers by collecting streaming data in real-time on the peripheral edge computing device. The activity monitoring module identifies suspicious activities by processing the streaming data. The edge computing subsystem includes an alert generation module to generate an alert upon identifying the suspicious activities.Type: GrantFiled: November 30, 2020Date of Patent: October 24, 2023Assignee: Virtusa CorporationInventor: Giridhara Padmanabha Rao Madakashira
-
Patent number: 11797497Abstract: Techniques for creating, sharing, and using bundles (also referred to as packages) in a multi-tenant database are described herein. A bundle is a schema object with associated hidden schemas. A bundle can be created by a provider user and can be shared with a plurality of consumer users. The bundle can be used to enable code sharing and distribution without losing control while maintaining security protocols.Type: GrantFiled: December 20, 2022Date of Patent: October 24, 2023Assignee: Snowflake Inc.Inventors: Damien Carru, Benoit Dageville, Subramanian Muralidhar, Eric Robinson, Sahaj Saini, David Schultz
-
Patent number: 11783028Abstract: Systems and methods are disclosed for identifying resources responsible for events. In one embodiment, a method may include determining a number of unique actors in a plurality of actors that have accessed the resource. The method may further include identifying from the plurality of actors a set of affected actors that has been affected by an event and identifying from the set of affected actors a subset of resource-affected actors that accessed the resource prior to being affected by the event. The method may further include determining a number of resource-affected actors in the subset of resource-affected actors and, based on the number of unique actors and the number of resource-affected actors, determining an event score for the resource. The event score may be a lower bound of a confidence interval of a binomial proportion of the number of resource-affected actors to the number of unique actors.Type: GrantFiled: July 8, 2020Date of Patent: October 10, 2023Assignee: Capital One Services, LLCInventors: Chris Moradi, Jacob Sisk, Evan Bloom, Craig Gimby, Xin Sun
-
Patent number: 11762987Abstract: Systems and methods are provided for data randomization using live patching. A method may comprise generating a plurality of randomization live patches, wherein each randomization live patch comprises a respective technique for swapping data values within a data structure. The method may comprise identifying software comprising at least one of: an operating system and an application, identifying a first data structure associated with the software, and selecting a first randomization live patch from the plurality of randomization live patches. The method may comprise modifying, during runtime and without restarting the software, the software using the first randomization live patch such that data values within the first data structure are swapped or shifted in accordance with a first technique.Type: GrantFiled: January 24, 2022Date of Patent: September 19, 2023Assignee: Cloud Linux Software Inc.Inventor: Kirill Korotaev
-
Patent number: 11765185Abstract: One variation of a method for verifying email senders includes: intercepting an email addressed to a target recipient within an organization, the email received from a sender at an inbound email address and including an inbound display name; accessing a whitelist including a verified display name and a set of verified email addresses corresponding to an employee within the organization; characterizing a display name difference between the inbound display name and the verified display name; in response to the display name difference falling below a threshold difference, comparing the inbound email address to the set of verified email addresses; in response to identifying the inbound email address in the set of verified email addresses, authorizing transmission of the email to the target recipient; and, in response to the set of verified email addresses omitting the inbound email address, withholding transmission of the email and flagging the email for authentication.Type: GrantFiled: December 18, 2020Date of Patent: September 19, 2023Assignee: Paubox, Inc.Inventor: Hoala Greevy
-
Patent number: 11764954Abstract: Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.Type: GrantFiled: December 30, 2019Date of Patent: September 19, 2023Assignee: Apple Inc.Inventors: Wade Benson, Libor Sykora, Vratislav Kuzela, Michael Brouwer, Andrew R. Whalley, Jerrold V. Hauck, David Finkelstein, Thomas Mensch
-
Patent number: 11734404Abstract: Systems and methods relate generally to attendee authentication. In a method, a robot gatekeeper has a multi-function printer with program code configured for character recognition and handwriting analysis. The program code is executed by a processor coupled to the memory to initiate operations including: instructing for placement of a hand for a palm vein scanner and a badge for a badge reader; reading a badge to obtain first identification information; reading a palm to obtain first biometric data; accessing a database to obtain second identification information responsive to the first identification information; comparing the first biometric data and second biometric data obtained from the second identification information; printing an anti-tampering feature on a card; scanning a hand written sample on the card; and analyzing the hand written sample scanned with respect to at least one handwriting exemplar in or associated with the second identification information.Type: GrantFiled: January 21, 2021Date of Patent: August 22, 2023Assignee: KYOCERA Document Solutions Inc.Inventors: Jacek Joseph Matysiak, Dilinur Wushour
-
Patent number: 11729078Abstract: Devices and method are disclosed for a load allocation and monitoring for a resource to be allocated in a network, where the resource to be allocated is a critical resource in terms of supply security for a population group and/or a system, and the critical resource comprises electric power, where the network is subdivided into network units, and each network unit has a network unit controller.Type: GrantFiled: March 20, 2020Date of Patent: August 15, 2023Assignee: RHEINISCH-WESTFĂ„LISCHE TECHNISCHE HOCHSCHULE (RWTH) AACHENInventors: Abhinav Sadu, Gianluca Lipari, Ferdinanda Ponci, Jindal Akshay
-
Patent number: 11720655Abstract: Methods, devices and systems for enabling a specific registered user to log into a computerized system having multiple registered users by continuously staring at a display associated with the computerized system for at least a pre-determined threshold duration, without requiring any input other than staring to initiate the login process, and without requiring the user to provide any additional login information or authentication information.Type: GrantFiled: August 20, 2018Date of Patent: August 8, 2023Inventors: Dov Moran, Menahem Lasser
-
Patent number: 11704393Abstract: A user, using a user-computing device connected to a computer network, is authenticated to access a computing resource managed by a system on the computer network. The user computing device presents a user interface to prompt the user to input a value for each of a set of user-defined credentials that the user has previously defined for a SAIF server to authenticate the user to access the computer resource, thereby forming a set of input values. Modified values, each generated from and representing a corresponding one of the input values, are transmitted and validated by comparing them with corresponding modified forms of user-defined credential values stored in a memory, thereby determining whether the user is authenticated to access the computing resource on the system.Type: GrantFiled: July 15, 2021Date of Patent: July 18, 2023Inventor: Harsha Ramalingam
-
Patent number: 11704431Abstract: Cybersecurity and data categorization efficiency are enhanced by providing reliable statistics about the number and location of sensitive data of different categories in a specified environment. These data sensitivity statistics are computed while iteratively sampling a collection of blobs, files, or other stored items that hold data. The items may be divided into groups, e.g., containers or directories. Efficient sampling algorithms are described. Data sensitivity statistic gathering or updating based on the sampling activity ends when a specified threshold has been reached, e.g., a certain number of items have been sampled, a certain amount of data has been sampled, sampling has used a certain amount of computational resources, or the sensitivity statistics have stabilized to a certain extent.Type: GrantFiled: May 29, 2019Date of Patent: July 18, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Naama Kraus, Tamer Salman, Salam Bashir
-
Patent number: 11704416Abstract: Methods and systems for performing a computational operation on a server host are provided. Exemplary methods include: receiving an encrypted service request from a client host, the client host encrypting a service request to produce the encrypted service request using a shared secret, the service request specifying the computational operation; decrypting, in a secure enclave, the encrypted service request using the shared secret to produce a decrypted service request, the secure enclave preventing other software running on the server host from accessing the shared secret and other data stored in a memory space; performing the computational operation, in the secure enclave, using the decrypted service request to generate a service result; encrypting, in the secure enclave, the service result using the shared secret to create an encrypted service result; and providing the encrypted service result to the client host, the client host decrypting the encrypted service result.Type: GrantFiled: October 19, 2020Date of Patent: July 18, 2023Assignee: Enveil, Inc.Inventors: Ellison Anne Williams, Ryan Carr
-
Patent number: 11687930Abstract: Systems and methods for authentication may include a first device including a memory, a communication interface, and one or more processors. The memory may include a counter value, transmission data, and at least one key. The one or more processors may be in communication with the memory and communication interface. The one or more processors may be configured to create a cryptogram using the at least one key and counter value, wherein the cryptogram includes the counter value and the transmission data; transmit the cryptogram via the communication interface; update the counter value after cryptogram transmission; receive an encrypted access token via the communication interface; decrypt the encrypted access token; store the decrypted access token in the memory; and transmit, after entry of the communication interface into a communication field, the access token via the communication interface for access to one or more resources, wherein the access token is encrypted.Type: GrantFiled: January 28, 2021Date of Patent: June 27, 2023Assignee: CAPITAL ONE SERVICES, LLCInventors: Jeffrey Rule, Kaitlin Newman, Rajko Ilincic
-
Patent number: 11687653Abstract: A system, method, and apparatus for identifying and removing malicious applications are disclosed. An example apparatus includes an executable application configured to collect data regarding processes operating on a client device during a time period. The executable application is also configured to purposefully access, during the time period, an application server using a web browser on the client device in an attempt to trigger a malicious application potentially located on the client device. The executable application is configured to transmit, after the time period, the collected data to an analysis server to determine whether the malicious application is located on the client device.Type: GrantFiled: March 18, 2019Date of Patent: June 27, 2023Assignee: SUNSTONE INFORMATION DEFENSE, INC.Inventor: David K. Ford