Patents Examined by Teshome Hailu
  • Patent number: 11914686
    Abstract: States of storage nodes in a storage cluster may be transitioned from a secured state to an unsecured state. When all the storage nodes are in the secured state, a first reboot of the storage nodes is initiated. The first reboot may involve the storage nodes rebooting from the secured state into an intermediate state. During the first reboot: storage nodes that have rebooted into the intermediate state are allowed to rejoin the distributed storage cluster, and storage nodes in the unsecured state are not allowed to join the distributed storage cluster. When all the storage nodes are in the intermediate state, a second reboot of the storage nodes may be initiated. The second reboot may involve rebooting the storage nodes from the intermediate state into the unsecured state. During the second reboot, storage nodes that have rebooted into the unsecured state are allowed to rejoin the storage cluster.
    Type: Grant
    Filed: October 15, 2021
    Date of Patent: February 27, 2024
    Assignee: Pure Storage, Inc.
    Inventor: Luis Pablo Pabón
  • Patent number: 11916930
    Abstract: A system and method are disclosed for performing non-invasive scan of a target device. The system is configured for: i) loading an endpoint protection agent to a target device; ii) providing a remote direct memory access of the target device to the remote security server for reading a memory of the target device; iii) scanning, by a second memory scan engine of the remote security server, the memory of the target device upon the violation of the security policy; iv) identifying, by the second memory scan engine of the remote security server, a threat on the target device; and v) sending, by the remote security server, a security response action to the endpoint protection agent on the target device in accordance with the security policy.
    Type: Grant
    Filed: June 29, 2021
    Date of Patent: February 27, 2024
    Assignee: Acronis International GmbH
    Inventors: Alexander Tormasov, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11917053
    Abstract: In one example an apparatus comprises a computer readable memory, an XMSS operations logic to manage XMSS functions, a chain function controller to manage chain function algorithms, a secure hash algorithm-2 (SHA2) accelerator, a secure hash algorithm-3 (SHA3) accelerator, and a register bank shared between the SHA2 accelerator and the SHA3 accelerator. Other examples may be described.
    Type: Grant
    Filed: March 29, 2022
    Date of Patent: February 27, 2024
    Assignee: Intel Corporation
    Inventors: Santosh Ghosh, Vikram Suresh, Sanu Mathew, Manoj Sastry, Andrew H. Reinders, Raghavan Kumar, Rafael Misoczki
  • Patent number: 11916917
    Abstract: Systems and methods are described for pre-authentication access request screening. A server computer may receive a request for access to a resource comprising access data. The server computer may transmit, to an authentication computer, an authentication request message comprising at least a subset of the access data and receive an authentication response message comprising authentication data. The server computer may determine an access score based on the authentication data. Alternatively, the server computer may determine the access score based on the access data without using/receiving authorization data. The server computer may generate an access indicator based on the access score. The server computer may prepare and transmit an authorization request message comprising the access indicator to an authorization computer. The authorization computer may approve or decline the access to the resource based on the access indicator.
    Type: Grant
    Filed: January 7, 2019
    Date of Patent: February 27, 2024
    Assignee: Visa International Service Association
    Inventors: Andrew John Bruno Naumann zu Koenigsbrueck, Ali Chamseddine, Cory Howard Siddens, Benjamin Scott Boding
  • Patent number: 11909746
    Abstract: Embodiments of systems and methods are provided to enhance network security by providing secure, multi-path user authentication, while also providing a more convenient login experience to the user. In the present disclosure, a cloud-based user authentication and threat detection system is provided with an artificial intelligence (AI) engine and a training dataset. Utilizing a cloud-based system enables the AI engine to collect data from multiple devices located within different physical locations or environments (such as, for example, the user's home and office). The collected data is stored within the training dataset and used to create a personalized user profile for each user. Each time a user initiates login to a system or network from a particular location, the AI engine collects data from multiple devices within that location and utilizes the user profile data previously stored within the training dataset to securely authenticate the user or detect potential security threats.
    Type: Grant
    Filed: February 4, 2021
    Date of Patent: February 20, 2024
    Assignee: Dell Products L.P.
    Inventors: Fnu Jasleen, Joseph P. Marquardt
  • Patent number: 11909764
    Abstract: Various embodiments include implementing an interceptor for application security testing. The interceptor may intercept traffic, including one or more traffic items, between a scan engine and a target application. The traffic item(s) may include a request directed to the target application from a scan engine implementing application security testing or a response from the target application responsive to request(s) from the scan engine. The interceptor may determine that a particular traffic item satisfies a particular traffic trigger associated with a particular traffic action comprising a manipulation to the traffic between the scan engine and the target application. The particular traffic action is one of a plurality of predefined traffic actions that the interceptor is configured to perform across different scan engine versions, different scan configurations, or both.
    Type: Grant
    Filed: July 1, 2021
    Date of Patent: February 20, 2024
    Assignee: Rapid7, Inc.
    Inventor: Barry Curran
  • Patent number: 11900801
    Abstract: A computer-implemented method for generating a speeding ticket. The method includes generating a first image of at least a part of a vehicle by a first camera, detecting a first set of the characters of the number plate of the vehicle dependent on the first image, and generating a secured file by a first camera using the first set of the characters and a first character code. The method further includes generating a second image of the part of the vehicle by a second camera and detecting a second set of the characters of the number plate dependent on the second image. The method further includes generating the speeding ticket, in response to determining that the vehicle violates a speed limit and in response to verifying that the first set of the characters is equal to the second set of the characters.
    Type: Grant
    Filed: November 30, 2021
    Date of Patent: February 13, 2024
    Assignee: International Business Machines Corporation
    Inventors: Martin Anton Oberhofer, Florian Mentzel, Hien Pham The, Thishanth Thevarajah
  • Patent number: 11902779
    Abstract: Systems and methods to authenticate a Non-Fifth Generation Capable (N5GC) device on a Residential Gateway (RG) include a wireline access network comprising the RG and a wireline-access gateway function (W-AGF). The RG connects to the W-AGF using a termination system (e.g., a Cable Modem Termination System (CMTS) and the like) to relay N5GC device messages received at the RG to the W-AGF and vice versa. During a registration/authentication procedure for the N5GC device, the W-AGF generates a Registration Request message on behalf of the N5GC device and sends the Registration Request message to an Access & Mobility Management Function (AMF) of a Fifth Generation (5G) core network. The Registration Request message includes an indication that the N5GC device lacks 5G capabilities (e.g., is N5GC). In response to the Registration Request message, the system causes the N5GC device to be authenticated at least partly in response to the Registration Request message.
    Type: Grant
    Filed: October 4, 2021
    Date of Patent: February 13, 2024
    Inventor: Tao Wan
  • Patent number: 11902314
    Abstract: A device may receive security data identifying assets of an entity, security issues associated with the assets, and objectives associated with the assets and may utilize a data model to generate, based on the security data, asset related data identifying mapped sets of security data. The device may process a first portion of the asset related data, with a first model, to calculate an asset risk likelihood score for an asset of the assets and may process a second portion of the asset related data, with a second model, to calculate an asset criticality score for the asset. The device may process a third portion of the asset related data, with a third model, to calculate an asset control effectiveness score for the asset and may combine the scores to generate a security risk score for the asset. The device may provide the security risk score for display.
    Type: Grant
    Filed: August 3, 2021
    Date of Patent: February 13, 2024
    Assignee: Accenture Global Solutions Limited
    Inventors: Md. Faisal Zaman, Andrew Poole, Gaurav Shivhare, Sneha Shinde, Grant Kevin Harris, Jeffrey Mark Recor
  • Patent number: 11899788
    Abstract: A system dividing unit (110) divides a target system into a plurality of sub-systems. A root system selection unit (122) selects a sub-system in which a threat on security occurs, as a root system from among the plurality of sub-systems. A root tree generation unit (131) generates an attack tree of the root system, as a root tree. A descendant system selection unit (132) selects one sub-system or more located on an intrusion course to the root system, as one descendent system or more from among the plurality of sub-systems. A descendant tree generation unit (133) generates one attack tree or more corresponding to the one descendent system or more, as one descendent tree or more. A sub-attack tree integration unit (140) integrates the root tree and the one descendent tree or more, to thereby generate an attack tree of the target system.
    Type: Grant
    Filed: April 29, 2021
    Date of Patent: February 13, 2024
    Inventors: Ryosuke Shimabe, Takeshi Asai, Kiyoto Kawauchi
  • Patent number: 11895243
    Abstract: A method for data transfer and storage is provided. The method may include: encrypting data generated by a terminal device; storing duplicated copies of the encrypted data respectively in a first storage device and a second storage device, which are removably inserted into the terminal device; generating, with the terminal device, a message authentication code associated with the encrypted data; transmitting the message authentication code to a first server; physically transporting the first storage device to a remote location of the first server, and upon the first storage device being inserted into the first server, determining whether the encrypted data stored in the first storage device are damaged using the message authentication code; and in response to a determination that the encrypted data stored in the first storage device are not damaged, transmitting the encrypted data from the first storage device to the first server.
    Type: Grant
    Filed: June 17, 2021
    Date of Patent: February 6, 2024
    Inventors: Hua Wang, Fenglei Wang, Yubo Huang
  • Patent number: 11888870
    Abstract: Embodiments detect cyberattack campaigns against multiple cloud tenants by analyzing activity data to find sharing anomalies. Data that appears benign in a single tenant's activities may indicate an attack when the same or similar data is also found for additional tenants. Attack detection may depend on activity time frames, on how similar certain activities of different tenants are to one another, on how unusual it is for different tenants to share an activity, and on other factors. Sharing anomaly analysis may utilize hypergeometric probabilities or other statistical measures. Detection avoidance attempts using entity randomization are revealed and thwarted. Authorized vendors may be recognized, mooting anomalousness. Although data from multiple tenants is analyzed together for sharing anomalies while monitoring for attacks, tenant confidentiality and privacy are respected through technical and legal mechanisms. Mitigation is performed in response to an attack indication.
    Type: Grant
    Filed: October 4, 2021
    Date of Patent: January 30, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yaakov Garyani, Moshe Israel, Hani Hana Neuvirth, Ely Abramovitch, Amir Keren, Timothy William Burrell
  • Patent number: 11888875
    Abstract: One embodiment of the described invention is directed to a key management module and a consumption quota monitoring module deployed within a cybersecurity system. The key management module is configured to assign a first key to a subscriber and generate one or more virtual keys, based at least in part on the first key, for distribution to the subscriber. A virtual key is included as part of a submission received from the subscriber to authenticate the subscriber and verify that the subscriber is authorized to perform a task associated with the submission. The consumption quota monitoring module is configured to monitor a number of submissions received from the subscriber.
    Type: Grant
    Filed: December 5, 2022
    Date of Patent: January 30, 2024
    Assignee: Musarubra US LLC
    Inventors: Sai Vashisht, Sumer Deshpande
  • Patent number: 11888834
    Abstract: Methods are systems are provided for onboarding network equipment to managed networks. An onboarding controller of a managed network may generate a challenge for network equipment to be onboarded into the managed network, and may send the challenge to a communication device different from the equipment network. The challenge may include information relating to a configuration change to be made to the network equipment. Further, the challenge is sent over a connection that is different than a connection used in communicating with the network equipment. The onboarding controller may verify, based on handling of the configuration change, an identity and/or a network location of the network equipment. Handling the configuration change may include applying the configuration change.
    Type: Grant
    Filed: August 5, 2019
    Date of Patent: January 30, 2024
    Inventors: Dominik Schatzmann, Markus Brunner
  • Patent number: 11886572
    Abstract: Upgrade to a Trusted Application in a Trusted Execution Environment compliant to a Trusted Execution Environment standard to an as-a-server functioning by running, inside the Trusted Execution Environment, each instance of a Multi Instance/Single Session Trusted-Server Trusted Application compliant to the TEE standard in an infinite state-full loop polling a session of a Single Instance/Multi Session Trusted-Pipe Trusted Application, the single session of each of the instance of the Trusted-Server Trusted Application being adapted to perform a task as a server, said Trusted-Pipe Trusted Application being further polled by the Customer Application and opening session depending on command coming from the Customer Application.
    Type: Grant
    Filed: September 17, 2019
    Date of Patent: January 30, 2024
    Inventor: Geoffroy Cogniaux
  • Patent number: 11888890
    Abstract: Certain edge networking devices such as application gateways may report status to a cloud-based threat management platform using a persistent network connection between the gateway and the cloud platform. Where a cloud computing platform for an edge networking device or the treat management platform imposes periodic timeouts, the threat management platform may monitor connects and disconnects for edge devices and asynchronously evaluate connection status of edge devices independently of a heartbeat or other signal through the persistent connection in order to distinguish periodic timeouts imposed by the cloud computing platform from networking devices that are compromised or malfunctioning.
    Type: Grant
    Filed: October 24, 2022
    Date of Patent: January 30, 2024
    Assignee: Sophos Limited
    Inventors: Sanjeev Kumar Maheve, Biju Ramachandra Kaimal, Venkata Suresh Reddy Obulareddy, Neha Parshottam Patel
  • Patent number: 11876917
    Abstract: An interface element connected to a device and a security die-chip are fabricated in a single package. The security die-chip may provide a security authentication function to the interface element that does not have the security authentication function. The security die-chip may include a physically unclonable function (PUF) to provide a private key, and a hardware security module to perform encryption and decryption using the private key.
    Type: Grant
    Filed: February 25, 2021
    Date of Patent: January 16, 2024
    Assignees: ICTK Holdings Co., Ltd., IUCF-HYU (Industry-University Cooperation Foundation Hanyang University)
    Inventors: Dong Kyue Kim, Byong Deok Choi, Kwang Hyun Jee
  • Patent number: 11870802
    Abstract: Systems, methods, and software described herein provide security actions based on related security threat communications. In one example, a method of operating an advisement system includes identifying a security threat within the computing environment, wherein the computing environment comprises a plurality of computing assets. The method further provides obtaining descriptor information for the security threat, and retrieving related communication interactions based on the descriptor information. The method also includes generating a response to the security threat based on the related communication interactions.
    Type: Grant
    Filed: March 31, 2022
    Date of Patent: January 9, 2024
    Assignee: Splunk Inc.
    Inventors: Sourabh Satish, Oliver Friedrichs, Atif Mahadik, Govind Salinas
  • Patent number: 11870754
    Abstract: A network device detecting possible malicious traffic and enlists the help of a co-operative group of downstream routers to perform enhanced deep packet analysis and firewalling in parallel with the transport of the packet through the network. The routers may also use other remote computational resource to perform some of the analysis along or close to the route 80 of the packet through the network. The packets are cached at the exit edge router, which does not release the packet from the cooperative group until all analyzers report the traffic is safe, or deletes the traffic if identified as malicious. By buffering at the remote end the packet can be forwarded promptly if approved, but protects downstream components if the traffic is malicious.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: January 9, 2024
    Assignee: British Telecommunications Public Limited Company
    Inventor: Catherine White
  • Patent number: 11868452
    Abstract: Provided is a method for automatically registering a user on a field device for the purpose of administering the field device, including a) providing user information on the basis of an identity of the user and an identity of the field device by a security device; b) transmitting the provided user information to a mobile device of the user; c) generating field-device-specific registration information on the basis of the transmitted user information by the mobile device; and d) registering the user on the field device by the generated registration information. This method has the particular advantage that a highly secure infrastructure can be used for administering access information for administering the field devices without problems arising during the registration process.
    Type: Grant
    Filed: September 17, 2020
    Date of Patent: January 9, 2024
    Inventors: Dirk Kröselberg, Carl Henrik Denis, Silvio Riener