Patents Examined by Thaddeus J Plecha
-
Patent number: 11048811Abstract: The invention relates to methods for implementing a unified framework for big data usage analytics and security profiling across heterogeneous platforms and multiple clusters. An embodiment of the present invention may be applied in various applications and use cases. This may include auditing for Big Data lakes; capacity assessment and charge back functionality for Big Data infrastructure and clusters and resource usage analytics.Type: GrantFiled: December 19, 2018Date of Patent: June 29, 2021Assignee: JPMorgan Chase Bank, N. A.Inventors: Krishna Prashanth Dharanikota, Rajan Mehndiratta, Sreemannarayana Balineni
-
Patent number: 11044079Abstract: Systems, methods, and software technology for managing keys used to encrypt data at-rest and decrypt the data when serving requests for the data. In an implementation, a data service receives a request for data that has been encrypted at rest using a data key, wherein the data key has been encrypted using a policy key, and wherein the policy key has been encrypted using a root key. When the root key is unavailable, the data service requests a key service to decrypt the policy key using an alternative root key. When the data service receives the policy key in an unencrypted state from the key service, it decrypts the data key using the policy key and decrypts the data using the data key.Type: GrantFiled: April 19, 2019Date of Patent: June 22, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Ayla Kol, Kameshwar Jayaraman, Yoganand Rajasekaran, Jaclynn Hiranaka, Girish Nagaraja, Nikhil Aggarwal, Paul Howard Rich
-
Patent number: 11038844Abstract: Systems and methods for analyzing content of encrypted traffic between processes are disclosed herein. According to one aspect, an exemplary method comprises rerouting traffic between a first process executing on a first computing device and a second process, to a server, to determine that there is a protected connection established between the first process and the second process, determining information related to an application pertaining to the first process, obtaining a session key for the protected connection by calling a function, wherein the information comprises an address of the function to call to obtain the session key, decrypting and analyzing the rerouted traffic on the server between the first process and the second process using the session key to determine whether the traffic contains malicious objects and in response to determining the traffic contains malicious objects, counteracting the malicious objects by blocking or rerouting the traffic.Type: GrantFiled: February 14, 2019Date of Patent: June 15, 2021Assignee: AO Kapersky LabInventors: Sergey V. Kogan, Denis V. Rodionov, Alexander N. Makarov, Alexey S. Totmakov, Petr Y. Kolmakov
-
Patent number: 11038863Abstract: Disclosed are some implementations of systems, apparatus, methods and computer program products for encrypting and securely storing session data during a browser session using a session-based cryptographic key. The session data may be decrypted during the browser session or other browser sessions using the session-based cryptographic key or other backwards compatible session-based cryptographic keys. In addition, session-based cryptographic keys may be shared among browser sessions to enable encrypted session data to be decrypted across page refreshes and browser tabs.Type: GrantFiled: August 30, 2019Date of Patent: June 15, 2021Assignee: salesforce.com, inc.Inventors: Kevin Venkiteswaran, Sergey Gorbaty, Bob Yao, Trevor James Bliss
-
Patent number: 11038913Abstract: Disclosed herein is a system for generating and displaying information useful to help a security analyst understand a scale and a root cause of a potential security issue associated with a resource. The resource can include a server, a storage device, a user device (e.g., a personal computer, a tablet computer, a smartphone, etc.), a virtual machine, networking equipment, etc. The resource may be one that is under control of an entity operating a security operations center. Additionally or alternatively, the resource may be one that is configured to be monitored by the security operations center. The information provides the security analyst with a broader context of the potential security issue based on relationships between the potential security issues and other security issues. Consequently, the information enables the security analyst to implement more efficient and effective actions to handle the potential security issue.Type: GrantFiled: April 19, 2019Date of Patent: June 15, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Hani Hana Neuvirth, Sangeetha Madderla, Larry J. Matuska, William K. Hollis, Gueorgui Chkodrov, Yotam Livny
-
Patent number: 11036877Abstract: The disclosed computer-implemented method for controlling access to information stored in an information retention system may include (1) receiving, at a computing device, metadata associated with an object type of respective objects, where at least two of the respective objects are in different domains, (2) determining, from the metadata, the respective object types of at least two objects, (3) forming a hierarchy of the at least two objects based on relative features of the respective object types, and (4) performing a security action comprising (A) receiving at least one access rule controlling access by at least one user to the at least two objects and (B) storing, in at least one storage device in the information retention system, the at least one access rule, the hierarchy of the objects, and the at least two objects. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: December 3, 2018Date of Patent: June 15, 2021Assignee: Veritas Technologies LLCInventor: Amber Ved
-
Patent number: 11038751Abstract: The present embodiments relate to an information processing method, a network node, an authentication method, and a server. In one embodiment, a method includes generating a virtual access node corresponding to a first access node on a central node in response to determining that no virtual access node corresponding to the first access node currently exists on the central node; obtaining, by the virtual access node on the central node, configuration information related to the first access node; and sending, by the virtual access node to the first access node, the configuration information related to the first access node, after the first access node goes online.Type: GrantFiled: December 31, 2019Date of Patent: June 15, 2021Assignee: Huawei Technologies Co., Ltd.Inventor: Ruobin Zheng
-
Patent number: 11030563Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.Type: GrantFiled: December 31, 2020Date of Patent: June 8, 2021Assignee: OneTrust, LLCInventors: Jonathan Blake Brannon, Andrew Clearwater, Brian Philbrook, Trey Hecht, Wesley Johnson, Nicholas Ian Pavlichek
-
Patent number: 11025660Abstract: Various implementations disclosed herein provide a method for detecting impact of the vulnerability by using a normalizer and correlator. In various implementations, the method includes: accessing a first set of data from a first data sources, calculating a risk level value for each of the first set of data based on a first set of rules, sorting the first set of data based on their risk level, accessing the sorted first set of data by a correlator, accessing, by the correlator, a second set of data from second data sources, correlating each of the sorted first set of data to at least a data of the second set of data based a second set of rules, and calculating a confidence score for each data of the sorted first set of data based on a third set of rules.Type: GrantFiled: December 3, 2018Date of Patent: June 1, 2021Assignee: ThreatWatch Inc.Inventors: Ketan Sateesh Nilangekar, Amol Narayan Godbole, Adrian Asher
-
Patent number: 11017090Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.Type: GrantFiled: December 17, 2018Date of Patent: May 25, 2021Assignee: Hewlett Packard Enterprise Development LPInventors: Ludovic Emmanuel Paul Noel Jacquin, Hamza Attak, Nigel Edwards
-
Patent number: 11017378Abstract: An electronic device is provided. The electronic device includes a display configured to display information, an input device configured to receive a user input, an image sensor, a processor electrically connected with the display, the input device, and the image sensor, and a non-transitory computer readable storage medium electrically connected with the processor that stores instructions that cause the processor to control the display to display first-level information as a locking mode is partially released when partial authentication passes based on bio-information acquired through the image sensor in a state in which the electronic device is in the locking mode, and control the display to display second-level information having a security level higher than a security level of the first-level information as the locking mode is fully released when full authentication passes based on a user input made through the input device.Type: GrantFiled: July 13, 2018Date of Patent: May 25, 2021Inventors: Yoon Ho Lee, Hyun Kim, Byung In Yu
-
Systems and methods for identifying potentially risky traffic destined for network-connected devices
Patent number: 11019085Abstract: The disclosed computer-implemented method for identifying potentially risky traffic destined for network-connected devices may include (1) receiving, at a cloud-based server, characteristics of a network-connected device being adding to a network, (2) creating a digital virtual image of the network-connected device on the cloud-based server, (3) receiving a request sent to a port on the network-connected device and (4) performing a security action including (A) sending the request to the digital virtual image of the network-connected device, (B) identifying the request as a potentially risky request by monitoring a runtime reaction of the digital virtual image of the network-connected device to the request, and (C) sending, to a network monitoring device, a message indicating the request is a potentially risky request. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: December 17, 2018Date of Patent: May 25, 2021Inventors: Ilya Sokolov, Bruce McCorkendale -
Patent number: 11012856Abstract: A setting system including a portable medium having recorded therein setting information generated by a management apparatus that manages a wireless network and necessary for a wireless device that joins the wireless network, and a setting apparatus that acquires the setting information from the portable medium and sets the acquired setting information in the wireless device.Type: GrantFiled: November 9, 2018Date of Patent: May 18, 2021Assignee: YOKOGAWA ELECTRIC CORPORATIONInventor: Osamu Ito
-
Patent number: 11005882Abstract: Reputation-based transaction security. In one embodiment, a method for reputation-based transaction security may include obtaining data regarding a user device associated with a first party; obtaining data regarding an intended second party, the user device being used in a transaction between the first party and the intended second party; calculating a reputation score based on the data obtained regarding the user device and the intended second party; determining a likelihood that resources related to the transaction will be received by the intended second party based on determining that the reputation score satisfies a pre-determined threshold; and automatically initiating a remedial action to the user device based on determining the likelihood that resources related to the transaction will be received by the intended second party.Type: GrantFiled: December 17, 2018Date of Patent: May 11, 2021Assignee: NORTONLIFELOCK INC.Inventors: Qubo Song, Joe H. Chen
-
Patent number: 10997298Abstract: A semiconductor integrated circuit generates second boot code by encrypting first boot code, and transmits, based on route information indicating a delivery route of the second boot code, encrypted data including the second boot code to a first destination via a network. A different semiconductor integrated circuit is the first destination, and receives the encrypted data via the network and generates third boot code by decrypting the second boot code.Type: GrantFiled: January 28, 2019Date of Patent: May 4, 2021Assignee: SOCIONEXT INC.Inventors: Kazuya Asano, Yuya Ueno, Seiji Goto
-
Patent number: 10979411Abstract: A client apparatus converts second input authentication information having a data content compliant with a second authentication method different from a first authentication method into authentication target information in a data format compliant with the first authentication method and transmits information corresponding to the authentication target information to a communication server apparatus. A server apparatus is capable of carrying out both a first process of providing a first authentication server apparatus that carries out an authentication process compliant with the first authentication method with first information corresponding to the authentication target information and a second process of providing a second authentication server apparatus that carries out an authentication process compliant with the second authentication method with second information corresponding to the authentication target information.Type: GrantFiled: December 15, 2016Date of Patent: April 13, 2021Assignees: NIPPON TELEGRAPH AND TELEPHONE CORPORATION, NTT Innovation Institute, Inc.Inventors: Tetsutaro Kobayashi, Hitoshi Fuji, Akira Nagai, Go Yamamoto
-
Patent number: 10972472Abstract: A system and method for providing an alternate treatment for an interaction with unauthorized users is provided. The system receives a request from a user to access information and further receives an authentication credential from the user, wherein the authentication credential is received from one or more user computer systems. The system determines that the user is an unauthorized user based on the authentication credential, and in response, provides an alternate treatment to the unauthorized user. Unauthorized user information is captured from the unauthorized user based on the alternate treatment; and used to generate a unique user identification profile for the unauthorized user. User profiles are further categorized for efficient application of additional alternate treatments.Type: GrantFiled: June 1, 2018Date of Patent: April 6, 2021Assignee: BANK OF AMERICA CORPORATIONInventors: Dharmender Kumar Satija, Eren Kursun, Andrew DongHo Kim, Scott Anderson Sims, Craig D. Widmann
-
Patent number: 10972449Abstract: Disclosed herein are techniques for enabling device communication in a secure environment. In one example, a system comprises a storage in a server, a first component in the server, the first component being isolated in a secure environment in the server, and an entry point device authorized to access the first component via the secure environment. The entry point device may receive a request to access the first component. The entry point device may store a notification in a region of the storage accessible by the first component, wherein the notification is to be read by the first component from the storage to set the first component to an operation mode. The entry point device may store operation data in the storage, wherein the operation data is to be acquired by the first component from the storage to control an operation of the first component in the operation mode.Type: GrantFiled: June 28, 2018Date of Patent: April 6, 2021Assignee: Amazon Technologies, Inc.Inventors: Alex Levin, Barak Wasserstrom, Georgy Zorik Machulsky, Saar Gross, Or Yochanan
-
Patent number: 10965683Abstract: Systems, methods, and apparatuses for authenticating requests to access one or more accounts over a network using authenticity evaluations of two or more automated decision engines are discussed. A login request for access to a user account may be submitted to multiple decision engines that each apply different rulesets for authenticating the login request, and output an evaluation of the authenticity of the login request. Based on evaluations from multiple automated decision engines, the login request may be allowed to proceed to validation of user identity and, if user identity is validated, access to the user account may be authorized. Based on the evaluations, the login attempt may also be rejected. One or more additional challenge question may be returned to the computing device used to request account access, and the login request allowed to proceed to validation of identity if the response to the challenge question is deemed acceptable.Type: GrantFiled: December 3, 2018Date of Patent: March 30, 2021Assignee: Wells Fargo Bank, N.A.Inventors: Mark David Castonguay, Upul D. Hanwella, Bryan Hall, Nicola A. Maiorana, David Lerner
-
Patent number: 10963558Abstract: A malware detection method and a malware detection apparatus, where the method includes running to-be-detected software in a sandbox, and recording at least one operation, and in a process of recording the at least one operation, when it is detected that any interface that has a delay attribute in the sandbox is called, determining whether delay duration corresponding to a first delay length parameter of the called interface is greater than a preset duration. When the delay duration corresponding to the first delay length parameter is greater than the preset duration, delay duration of delay execution is reduced to enable the malicious behavior to be executed in the process of recording the at least one operation executed within the preset duration after the to-be-detected software starts to run.Type: GrantFiled: December 20, 2019Date of Patent: March 30, 2021Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventor: Bu Liu