Patents Examined by Teshome Hailu
  • Patent number: 11463419
    Abstract: Disclosed is a file security method for reinforcing file security. The method may include: by a first communication device, detecting an access to a file stored in a virtual drive; by the first communication device, requesting a decryption key of the file to a second communication device and receiving the decryption key; and by the first communication device, decrypting the access-detected file by using the decryption key.
    Type: Grant
    Filed: December 11, 2019
    Date of Patent: October 4, 2022
    Assignee: Facecon Co., Ltd.
    Inventors: Giho Yang, Jae-Yeob Hwang
  • Patent number: 11463470
    Abstract: Methods and systems for performing an electronic security assessment of a building automation system are provided. The building automation system includes a controller and a network of electronic devices connected in electronic communication. The method includes requesting, by the controller, an electronic security scan of the controller with a data set of the controller via a secured channel to a cloud-based service. The method also includes initiating the electronic security scan of the controller based on the data set of the controller. The method further includes electronically assessing security vulnerabilities of the building automation system. The method also includes electronically assessing, by the controller, security vulnerabilities of the network of electronic devices connected in electronic communication with the controller.
    Type: Grant
    Filed: December 29, 2020
    Date of Patent: October 4, 2022
    Assignee: TRANE INTERNATIONAL INC.
    Inventors: Udhaya Kumar Dayalan, Brian Meyers, Mangayarkarasi Sivagnanam
  • Patent number: 11444759
    Abstract: A method of cryptographically binding a secure element to a host device includes storing host key information in a host key information slot of the secure element and storing binding information in secure memory of the secure element. The binding information is correlated with the host key information. The method includes storing a second secret key within system operational code of the host device. The second secret key is cryptographically correlated with the host key information. The method includes, after storing the binding information and after storing the second secret key, operationally coupling the secure element to the host device, reading, by the host device, the binding information from the secure element, generating, by the host device, the host key information using the binding information and the second secret key, and storing, by the host device, the host key information in a host key information slot of the host device.
    Type: Grant
    Filed: May 29, 2019
    Date of Patent: September 13, 2022
    Assignee: STMICROELECTRONICS, INC.
    Inventor: Giuseppe Pilozzi
  • Patent number: 11444971
    Abstract: The present invention relates to a method for assessing the quality of network-related Indicators of Compromise comprising the phase of calculating, by a computerized data processing unit, a quality score for Indicators of Compromise of the IP Address type, the steps of assigning an autonomous system score of the IP Address according to a predefined range of values based on a database of autonomous system owners, assigning a subnet score of said IP Address according to a predefined range of values based on a database of subnet owners, assigning a services hosted score of the IP Address according to a predefined range of values based on known malicious services hosted by the IP Address before the phase of calculating the quality score, calculating the IP Address quality score as sum of the autonomous system score, subnet score and services hosted score and wherein the method comprises a phase of evaluating the calculated quality score comprises, for each of the Indicators of Compromise of the IP Address type,
    Type: Grant
    Filed: October 6, 2020
    Date of Patent: September 13, 2022
    Assignee: Nozomi Networks Sagl
    Inventors: Ivan Speziale, Alessandro Di Pinto, Moreno Carullo, Andrea Carcano
  • Patent number: 11431712
    Abstract: A method, system and computer-usable medium are disclosed for authenticating passengers and their activity regarding the use of resources on a transport during a trip or session on a transport. A passenger is matched to a name and/or identifier that corresponds to a seat on a transport for a specific flight. Authentication is performed based on various methods, such as set of security questions, biometric recognition, facial recognition, certificate recognition. Passenger data is exchanged with on board and remote systems that include accessibility of the passenger to a set of onboard resources. Passenger activity is monitored as to acceptable use of the resources during the flight or trip.
    Type: Grant
    Filed: May 29, 2019
    Date of Patent: August 30, 2022
    Assignee: International Business Machines Corporation
    Inventors: Bruno dos Santos Silva, Diogo Tadeu Silva De Araujo, Sylvain Meras
  • Patent number: 11431471
    Abstract: This disclosure relates to data encryption and decryption. In one aspect, a method includes receiving, by a second peer end computing device, first data from a first peer end computing device. The second end computing device generates a random term based on a result range pre-agreed upon with the first peer end computing device. The result range includes a minimum result value and a maximum result value. The random term is a product of a random number and an agreed upon constant. The agreed upon constant is greater than a difference between the maximum result value and the minimum result value. The second peer end computing device performs a homomorphic operation based on the first data, local private second data, and the random term to obtain an encryption result. The second peer end computing device returns the encryption result to the first peer end computing device.
    Type: Grant
    Filed: August 9, 2021
    Date of Patent: August 30, 2022
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Lichun Li, Wenzhen Lin, Huazhong Wang
  • Patent number: 11423137
    Abstract: An authorization level is set at enrollment. The authorization level can be determined based on user identity and a class of authentication. The class of authentication can be associated with strength of authentication related to a channel employed to enroll a user for access to products or services. Authorization level can also be determined based on initiation information regarding the user, a device of the user, or both. Access to the products or services can be selectively controlled based on the authorization level.
    Type: Grant
    Filed: April 22, 2020
    Date of Patent: August 23, 2022
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Adam Evans Vancini, Christopher Phillip Clausen, Darrell L. Suen
  • Patent number: 11411982
    Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to extract, from a website vulnerability scanner log, a uniform resource locator (URL) and a vulnerability score and vulnerability classification associated with the URL. The at least one processor is further configured to generate an application vulnerability graph comprising connected nodes that are associated with a field of the URL. The nodes are labeled to indicate the associated field of the URL and color coded based on the vulnerability score. The nodes are also associated with the vulnerability classification. The at least one processor is further configured to enable or disable security protection against a user-selected vulnerability classification of a user-selected node by generating web application firewall security rules and/or web application firewall relaxation rules.
    Type: Grant
    Filed: September 28, 2020
    Date of Patent: August 9, 2022
    Assignee: Citrix Systems, Inc.
    Inventors: Kasirao Velugu, Priya Bagaria, Thirumoorthi Thangamani, Ganesh Kathiresan
  • Patent number: 11411997
    Abstract: Methods, systems, and devices supporting active fingerprinting for transport layer security (TLS) servers are described. In some systems, a client device may transmit a same set of client hello messages to each TLS server. The client device may receive a set of server hello messages in response to the standard set of client hello messages based on the contents of each client hello message. For example, a server hello message may indicate a selected cipher suite, TLS protocol version, and set of extensions in response to the specific information included in a client hello message. The client device may generate a hash value (e.g., a fuzzy hash) based on the set of server hello messages received from a TLS server. By comparing the hash values generated for different TLS servers, the client device may determine whether the TLS configurations for the different TLS servers are the same or different.
    Type: Grant
    Filed: December 17, 2020
    Date of Patent: August 9, 2022
    Assignee: Salesforce, Inc.
    Inventors: John Brooke Althouse, Andrew Smart, Randy Nunnally, Jr., Michael Brady, Caleb Yu
  • Patent number: 11411953
    Abstract: In some embodiments, a secure local connection between a network node of a network and an edge device attached to the network node is provided by extending the security of the network to this local connection. The edge device attached to the network node communicates with a network manager of the network to obtain security keys and security credentials for the edge device. Using the security keys and the security credentials, the edge device can establish a secure channel between the network node and the edge device over the local connection. The edge device further communicates with the network manager to exchange routing information and to obtain a network address for the edge device. The edge device can then communicate, through the network node, with other network nodes in the network using the security keys, the security credentials, and the network address.
    Type: Grant
    Filed: May 5, 2020
    Date of Patent: August 9, 2022
    Assignee: LANDIS+GYR INNOVATIONS, INC.
    Inventor: Stephen John Chasko
  • Patent number: 11397823
    Abstract: A system comprising one or more computers implements a hardware feature access service. The hardware feature access service stores private keys that correspond to digital certificates embedded in chipsets of devices enrolled in the hardware feature access service. The hardware feature access service is configured to issue access or access revocation messages to the chipsets to “lock” or “unlock” associated hardware components. The hardware feature access service also implements a service interface that allows clients to request changes to enabled feature sets for devices enrolled in the hardware feature access service. In response to such requests, the hardware feature service automatically and wirelessly enables or disables feature sets by locking or unlocking relevant hardware components of a device relevant to enabling or disabling the requested feature sets.
    Type: Grant
    Filed: June 26, 2019
    Date of Patent: July 26, 2022
    Assignee: Amazon Technologies, Inc.
    Inventor: Marco Argenti
  • Patent number: 11368489
    Abstract: An apparatus for security management based on event correlation in a distributed multi-layered cloud environment is disclosed, wherein the distributed multi-layered cloud environment comprises at least one first layer cloud service provider, and at least one second layer cloud service provider as a tenant of the first layer cloud service provider, and the apparatus is installed at least on one cloud service provider of the first layer cloud service provider and the second layer cloud service provider, the apparatus comprising: a central processing module configured to: provide correlation as a Service (CORRaaS) to a plurality of tenants as virtualized security appliances or virtualized security functions for the plurality of tenants's lices, generate a second interface for allowing the plurality of tenants to configure the correlation as a Service (CORRaaS), and correlate and process security events from security functions in the plurality of tenants' slices to form processed security event data, and to detec
    Type: Grant
    Filed: November 20, 2017
    Date of Patent: June 21, 2022
    Assignee: Nokia Technologies Oy
    Inventors: Iris Adam, Jing Ping, Stephane Mahieu
  • Patent number: 11368473
    Abstract: The automated estimation that an interface service has been misconfigured. Sensitive interface services are first identified based on common characteristics, and those characteristics are associated with sensitivity based on behavior across multiple clusters. Thereafter, the threat assessment estimates that a particular interface service is misconfigured if the particular interface service has these same common characteristics, is accessible from outside the cluster, and does not require authentication. Cluster administrators can therefore be more fully and timely advised when a misconfiguration of an interface service subjects their cluster to undue security risks.
    Type: Grant
    Filed: September 21, 2020
    Date of Patent: June 21, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Josef Weizman, Ram Haim Pliskin, Dotan Patrich
  • Patent number: 11363057
    Abstract: At least some embodiments are directed to a computer-based cyber-attack frequency tracking system that determines types and frequencies of cyber-attacks. In at least some embodiments, the method of a cyber-attack frequency tracking system may operate a processor in an enterprise computing environment for automatically conducting a process that comprises receiving, a plurality of data values that represent a plurality of cyber-attacks. Determining cyber-attack types, and then determining the frequency of attempts and contacts with assets. After that determining likelihood values. Aggregating these determinations to produce a quantifiable value of a likelihood values of each of the plurality of cyber-attack types.
    Type: Grant
    Filed: April 17, 2020
    Date of Patent: June 14, 2022
    Assignee: American Express Travel Related Services Company, Inc.
    Inventors: Douglas S. Talbot, Phillip Collett, Tony Durivaux
  • Patent number: 11363061
    Abstract: In one aspect, a method for preventing attacks on a web application server by monitoring and validating the API calls executed by the dynamic language code of web application is provided. The method includes the step of scanning the computer system for web applications and the location of dynamic language code or script files used by the web applications. The method includes the step of parsing all script files to identify API calls, the location of API calls, and arguments used in the API calls and storing them as rules.
    Type: Grant
    Filed: July 13, 2020
    Date of Patent: June 14, 2022
    Inventor: Jayant Shukla
  • Patent number: 11356435
    Abstract: Systems and methods are provided for sharing authentication information. The systems and methods include retrieving, with a messaging application, a list of applications that are installed on a user device; searching the list of applications to identify a given application within the list of applications that is configured to share authentication information with the messaging application; and in response to identifying the given application within the list of applications, generating for display within a graphical user interface of the messaging application an option to authorize the messaging application to share authentication information with the given application.
    Type: Grant
    Filed: May 29, 2019
    Date of Patent: June 7, 2022
    Assignee: Snap Inc.
    Inventors: Charles Burson DePue, Patrick Mandia
  • Patent number: 11336642
    Abstract: A self-authenticating chip includes first and second memory regions storing, respectively, first and second authentication codes. The second memory region is adapted to be unreadable and unmodifiable by the chip or a chip reader. The chip also includes a comparator for providing an indicator of whether given input matches the second authentication code. The chip also includes an authentication circuit that is operable to read the first authentication code from the first memory region, present the first authentication code to the comparator, and in response to receiving an indicator from the comparator indicating that the first and second authentication codes match, unlock at least one of (i) a communication interface of the chip to allow data to be transmitted therethrough to a chip reader and (ii) a third memory region of the chip to allow data to be read therefrom.
    Type: Grant
    Filed: April 9, 2020
    Date of Patent: May 17, 2022
    Assignee: CARDEX SYSTEMS INC.
    Inventors: Dennis Bernard Van Kerrebroeck, Craig Michael Horn, Bernard Marie-Andre Van Kerrebroeck
  • Patent number: 11329956
    Abstract: Systems, computer program products, and methods are described herein for scalable encryption framework using virtualization and adaptive sampling. The present invention is configured to receive metadata associated with one or more intrusion types from an intrusion data lake; initiate an adaptive instance sampling engine on the metadata associated with the one or more intrusion types to generate a sampled intrusion data lake; initiate one or more simulations of atomic intrusion on a firewall; generate one or more prioritized combination of the one or more sampled intrusion types; initiate one or more simulations of cumulative intrusion on the firewall using the one or more prioritized combination of the one or more sampled intrusion types; determine an atomic performance metric and a cumulative performance metric of the firewall; and generate a robustness report for the firewall.
    Type: Grant
    Filed: July 28, 2020
    Date of Patent: May 10, 2022
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Madhusudhanan Krishnamoorthy, Raghavendran Sukumaran, Vinothkumar Babu
  • Patent number: 11323472
    Abstract: Systems, methods, and software described herein provide security actions based on related security threat communications. In one example, a method of operating an advisement system includes identifying a security threat within the computing environment, wherein the computing environment comprises a plurality of computing assets. The method further provides obtaining descriptor information for the security threat, and retrieving related communication interactions based on the descriptor information. The method also includes generating a response to the security threat based on the related communication interactions.
    Type: Grant
    Filed: September 25, 2020
    Date of Patent: May 3, 2022
    Assignee: Splunk Inc.
    Inventors: Sourabh Satish, Oliver Friedrichs, Atif Mahadik, Govind Salinas
  • Patent number: 11303429
    Abstract: In one example an apparatus comprises a computer readable memory, an XMSS operations logic to manage XMSS functions, a chain function controller to manage chain function algorithms, a secure hash algorithm-2 (SHA2) accelerator, a secure hash algorithm-3 (SHA3) accelerator, and a register bank shared between the SHA2 accelerator and the SHA3 accelerator. Other examples may be described.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: April 12, 2022
    Assignee: INTEL CORPORATION
    Inventors: Santosh Ghosh, Vikram Suresh, Sanu Mathew, Manoj Sastry, Andrew H. Reinders, Raghavan Kumar, Rafael Misoczki