Patents Examined by Thanh T Le
-
Patent number: 11601402Abstract: Secure communications can be established in which a request is received from a client computing device to instantiate a virtual key store (VKS) node. In response to the request, a cryptographically calculated uniform resource locator (URL) is generated. In addition, a crytopgraphic identity certificate is received from a certification authority server. Subsequently, a virtual desktop infrastructure (VDI) instance is instantiated and configured with the cryptographic identity certificate. Communications are then established between the client computing device and the VDI instance using the generated cryptographically calculated URL such that the VDI instance acts as a cryptographic proxy with at least one remote computing device.Type: GrantFiled: September 23, 2019Date of Patent: March 7, 2023Assignee: Cyber IP Holdings, LLCInventors: Christopher Edward Delaney, Chava Louis Jurado, Carl Bailey Jacobs, Jeremiah MacDonald, Michael Vincent Chest, Walter Adeyinka Ademiluyi
-
Patent number: 11599675Abstract: An apparatus, related devices and methods, having memory to store instructions; and a processor to execute the instructions, and the apparatus is configured to receive, by a remote browser isolation (RBI) proxy from a client device, a transfer request to send data to a destination application, wherein the client device is running an RBI agent and includes a Data Loss Prevention endpoint (DLPe) module, and wherein communications between the client device and the destination application are routed through the RBI proxy; receive a plurality of inputs to the client device associated with the transfer request; create a submission request that includes the plurality of inputs and metadata; send the submission request to the DLPe module; receive a response from the DLPe module, wherein the response includes an instruction to allow, to disallow, or to amend and allow the submission request; and process the submission request according to the instruction.Type: GrantFiled: September 30, 2020Date of Patent: March 7, 2023Assignee: McAfee, LLCInventors: Andrew Naidley Juniper, Maayan Tal, Justin Timothy Cragin, Brandon Beau Adkins, Matan Gillon
-
Patent number: 11599679Abstract: A method of operation concealment for a cryptographic system includes randomly selecting which one of at least two cryptographic operation blocks receives a key to apply a valid operation to data and outputs a result that is used for subsequent operations. Noise can be added by operating the other of the at least two cryptographic operation blocks using a modified key. The modified key can be generated by mixing the key with a block-unique-identifier, a device secret, a slowly adjusting output of a counter, or a combination thereof. In some cases, noise can be added to a cryptographic system by transforming input data of the other cryptographic operation block(s) by mixing the input data with the block-unique-identifier, device secret, counter output, or a combination thereof. A cryptographic system with operation concealment can further include a distributed (across a chip) or interweaved arrangement of subblocks of the cryptographic operation blocks.Type: GrantFiled: June 23, 2020Date of Patent: March 7, 2023Assignee: ARM LIMITEDInventors: Brendan James Moran, Matthias Lothar Boettcher
-
Patent number: 11601444Abstract: A device for verifying previous determinations from cybersecurity devices comprising a processor and a storage device communicatively coupled to the processor. The storage device comprises submission analysis logic including object parsing logic to receive submission message data and then parse the submission message data into object data, along with workflow selector logic to receive the object data and process the object data to select at least one analyzer within analyzer logic. The analyzer logic can generate at least one analyzer based on the selected analyzer within the workflow selector logic, analyze the object data for potential threats and embedded object data, generate results data based on that analysis, and pass the embedded object data back to the workflow selector for further analysis. Finally, the submission analysis logic comprises triage ticket generation logic to generate triage tickets for analyst review and alert logic to generate automatic alerts.Type: GrantFiled: December 24, 2019Date of Patent: March 7, 2023Assignee: FireEye Security Holdings US LLCInventors: Sai Vashisht, Rahul Khul
-
Patent number: 11601288Abstract: A secure connection to a router web UI is provided. In one implementation, responsive to a client request to securely connect to a router web server (RWS), the RWS generates and sends a certificate signing request (CSR) to a remote-security certificate server (R-SCS). Upon validation of the RWS, the R-SCS signs and transmits a router web UI certificate (RWUIC) to the RWS to present to the client. In another implementation, the router includes a local-SCS (L-SCS) that periodically obtains a short-lived intermediate certification authority (ICA) certificate from the R-SCS. Responsive to a client request for secure access to the RWS, the RWS generates and sends a CSR to the L-SCS for the RWUIC. The L-SCS signs the RWUIC and passes the ICA certificate and RWUIC to the RWS, which presents the certificate(s) to the client. Upon validation of the certificate(s), a secure channel between the client and RWS is established.Type: GrantFiled: August 21, 2019Date of Patent: March 7, 2023Assignee: Cox Communications, Inc.Inventors: Kinney Chapman Bacon, David Adam Taylor
-
Patent number: 11601414Abstract: Disclosed are various approaches for retrieving contacts from a plurality of federated services. In one example, an authentication notification is received from an identity manager. The authentication notification can include an identifier for a user account and a single sign-on token for the user account. A federated service to authenticate on behalf of the user account is identified. The single sign-on token is transmitted to the federated service for authentication. An authentication token and a refresh token are received from the federated service. The authentication token is determined to expire within a threshold time period. A determination is made that the refresh token has not expired. The refresh token is transmitted to the federated service for a replacement authentication token.Type: GrantFiled: September 8, 2021Date of Patent: March 7, 2023Assignee: VMware, Inc.Inventors: William Christian Pinner, David Shaw, Evan Hurst
-
Patent number: 11601267Abstract: A key generator including a first access circuit, a first calculating circuit and a first certification circuit is provided. The first access circuit writes first predetermined data to a first resistive memory cell during a write period and reads a first current passing through the first resistive memory cell after a randomization process. The first calculating circuit calculates the first current to generate a first calculation result. The first certification circuit generates a first password according to the first calculation result.Type: GrantFiled: March 22, 2019Date of Patent: March 7, 2023Assignee: WINBOND ELECTRONICS CORP.Inventors: Meng-Hung Lin, Chia Hua Ho, Bo-Lun Wu
-
Patent number: 11601453Abstract: Systems and methods are provided for utilizing natural language process (NLP), namely semantic learning approaches in network security. Techniques include analyzing network transaction records to form a corpus related to a semantics of network activity. The corpus includes formulated network sentences, representing sequences of network entities that are accessed in the network. A corpus of network sentences can include sequences of servers accessed by each user. A network sentence embeddings model can be trained on the corpus. The network sentence embeddings model includes an embedding space of text that captures the semantic meanings of the network sentences. In sentence embeddings, network sentences with equivalent semantic meanings are co-located in the embeddings space. Further, proximity measures in the embedding space can be used to identify whether network sentences (e.g., access sequences), are semantically equivalent.Type: GrantFiled: October 31, 2019Date of Patent: March 7, 2023Assignee: Hewlett Packard Enterprise Development LPInventor: Ramsundar Janakiraman
-
Patent number: 11599555Abstract: Methods and systems for providing data manifests as a service (DMAAS) are described herein. A first computing system, may generate a first data manifest comprising a first count parameter and a first hash parameter associated with a first data exchange transaction between the first computing system and a second computing system, store the first data manifest to a blockchain data store and transfer a data payload of the first data exchange transaction. The second computing system may analyze the data payload received via the transport mechanism, generate a second data manifest including a second count parameter and a second hash parameter and store the second data manifest to the blockchain data store. A DMAAS computing system facilitates access to the blockchain data store, identifies transmission errors, and triggers acceptance of data at the second computing system upon a successful data exchange transaction.Type: GrantFiled: October 5, 2021Date of Patent: March 7, 2023Assignee: Bank of America CorporationInventors: Vishal Patangia, Mark Standring, Vasudevan Atteeri, Matthew Steed
-
Patent number: 11601408Abstract: Systems and methods for providing data privacy in a private distributed ledger are disclosed. According to another embodiment a distributed ledger network may include a first node comprising a first node computer processor and hosting a central ledger comprising a plurality of entries for public transactions and private transactions, wherein the entries for public transactions comprise transaction payloads for the respective public transaction, and the entries for private transactions comprise a cryptographic hash digest of a transaction payload for the respective private transaction; and a plurality of second nodes each comprising a second node computer processor and hosting a public database comprising the public transactions, and a private database comprising transaction payloads for the private transactions to which the node is a party.Type: GrantFiled: August 15, 2020Date of Patent: March 7, 2023Assignee: JPMORGAN CHASE BANK, N.A.Inventors: David Voell, Samer Falah, Patrick Mylund Nielsen, Felix Shnir, Chetan Sarva, Gene D. Fernandez
-
Patent number: 11601279Abstract: Methods and systems are disclosed for payment authentication. For example, a method may include: the method comprising: storing a first device fingerprint in association with a token representing a primary account number, the first device fingerprint being derived from a device attribute of a user device and behavioral biometric data derived from a behavioral pattern of a user in using the user device; receiving an authentication request indicative of the token and a second device fingerprint generated by a customer device associated with a customer of a merchant, the authentication request being associated with a transaction between the merchant and a customer using the token; identifying the stored first device fingerprint based on the token indicated by the authentication request; and determining whether the second device fingerprint matches the stored first device fingerprint.Type: GrantFiled: June 12, 2020Date of Patent: March 7, 2023Assignee: Capital One Services, LLCInventors: Clayton Johnson, Esther Scott, Jeffrey Wieker
-
Patent number: 11599674Abstract: An information processing apparatus includes: a memory; and a processor coupled to the memory and configured to: receive personal data related to a personal data originator; receive agreement information on a processing method for the personal data agreed between the personal data originator and a personal data user who uses the personal data; process the personal data by the processing method defined in the agreement information; and attach a digital signature to processed data and output the processed data.Type: GrantFiled: August 19, 2020Date of Patent: March 7, 2023Assignee: FUJITSU LIMITEDInventors: Takuya Sakamoto, Kazuaki Nimura
-
Patent number: 11601339Abstract: Systems and methods are provided for utilizing natural language process (NLP), namely sequence prediction approaches, in the realm of network security. Techniques include analyzing network transaction records to form network sentences representative of network activity. The network sentences are formulated by regularizing transactions records using words, allowing the network sentences to represent the network activity using natural language terminology. In some cases, multiple variations of the network sentences having different sequences of words are generated to form a corpus of network sentences related to a semantics of network activity. Accordingly, an NLP-based network prediction model can be created and trained using the corpus of network sentences. The network prediction model can be trained over to identify dimensions corresponding to particular sequences of words in the network sentences, and predict an expected dimension.Type: GrantFiled: September 6, 2019Date of Patent: March 7, 2023Assignee: Hewlett Packard Enterprise Development LPInventor: Ramsundar Janakiraman
-
Patent number: 11503033Abstract: Described herein are systems and methods for predicting a metric value for an entity associated with a query node in a graph that represents a network. In embodiments, using a user's profile as the query node, a metric about that user may be estimated based, at least in part, as a function of how well connected the query node is to a whitelist of “good” users/nodes in the network, a blacklist of “bad” users/nodes in the network, or both. In embodiments, one or more nodes or edges may be weighted when determining a final score for the query node. In embodiments, the final score regarding the metric may be used to take one or more actions relative to the query node, including accepting it into a network, allowing or rejecting a transaction, assigning a classification to the node, using the final score to compute another estimate for a node, etc.Type: GrantFiled: October 4, 2019Date of Patent: November 15, 2022Assignee: Stripe, Inc.Inventors: Pranav Dandekar, Peter Lofgren, Ashish Goel
-
Patent number: 11496325Abstract: An information handling system includes a provisioning server and a server. The server includes a baseboard management controller (BMC) that configures a first ownership certificate for the server, and provides it to the provisioning server. The first ownership certificate is associated with a first owner. The BMC receives a first signed provisioning configuration content, and stores the first signed provisioning configuration content in an encrypted memory. The BMC configures a second ownership certificate for the server, and provides it to the provisioning server. The second ownership certificate is associated with a second owner. The BMC receives a second signed provisioning configuration content, and stores the second signed provisioning configuration content on top of the first signed provisioning configuration content in the encrypted memory.Type: GrantFiled: March 2, 2021Date of Patent: November 8, 2022Assignee: Dell Products L.P.Inventors: Ankit Singh, Deepaganesh Paulraj
-
Patent number: 11496517Abstract: Some embodiments of the invention provide a system for defining, distributing and enforcing policies for authorizing API (Application Programming Interface) calls to applications executing on one or more sets of associated machines (e.g., virtual machines, containers, computers, etc.) in one or more datacenters. This system has a set of one or more servers that acts as a logically centralized resource for defining and storing policies and parameters for evaluating these policies. The server set in some embodiments also enforces these API-authorizing policies. Conjunctively, or alternatively, the server set in some embodiments distributes the defined policies and parameters to policy-enforcing local agents that execute near the applications that process the API calls. From an associated application, a local agent receives API-authorization requests to determine whether API calls received by the application are authorized.Type: GrantFiled: July 31, 2018Date of Patent: November 8, 2022Assignee: STYRA, INC.Inventors: Timothy L. Hinrichs, Teemu Koponen, Andrew Curtis, Torin Sandall, Octavian Florescu
-
Patent number: 11455433Abstract: In one embodiment, a system on chip includes a dynamic voltage and frequency scaling (DVFS) power supply, a secure environment, a non-secure environment, and a power supply management control module. The secure environment is configured to generate a secure instruction defining a permitted operating point of voltage and frequency for the DVFS power supply. The non-secure environment is configured to generate a request to modify the DVFS power supply, where the request to modify includes a voltage-frequency operating point. The power supply management control module is configured to scale the DVFS power supply to the permitted operating point, in response to the request to modify the DVFS power supply.Type: GrantFiled: September 23, 2019Date of Patent: September 27, 2022Assignee: STMICROELECTRONICS (GRAND OUEST) SASInventors: Arnaud Rosay, Gerald Lejeune, Jean Nicolas Graux, Olivier Claude LeBreton
-
Patent number: 11451558Abstract: A method at a computing device is described. The method comprises executing an application for verifying a location of a user requesting to access a location-based service, receiving, at the application, information indicating a location of the computing device, and encoding, with the application, at least the location to thereby generate a location token for responding to a challenge for the location token. The method further comprises outputting the location token from the application, the location token configured for use in applying a location-based access policy that controls access by the user to the location-based service.Type: GrantFiled: March 16, 2020Date of Patent: September 20, 2022Assignee: THE BOEING COMPANYInventors: Atul Uttam Dimble, Kiran Narayan
-
Patent number: 11436373Abstract: Systems and methods are disclosed detecting whether calls to consent rejection functions originate with an automated tool or a human user. The system can determine that a calls to a consent rejection function are likely from an automated tool by determining that a rate and/or number of calls to a function exceeds a threshold and/or that the calls are received before the interface requesting user consent preferences has been rendered to the user. The system can also require that a function call include a token that an automated tool would not have knowledge of or access to and reject function calls without this token. The system can also use private consent rejection function calls with obfuscated names and/or provide a follow up consent rejections confirmation interface requiring human user input before process a consent rejection.Type: GrantFiled: September 15, 2021Date of Patent: September 6, 2022Assignee: OneTrust, LLCInventors: Jonathan Blake Brannon, Patrick Whitney, Sharath Chandra Chavva
-
Patent number: 11423139Abstract: An information processing apparatus includes a rewrite request receiving unit configured to receive a rewrite request for rewriting an execution module, an update module determination unit configured to determine whether an update module that issues the rewrite request is an authorized module, a first falsification detection unit configured to detect falsification of a whitelist, an unauthorized-rewriting prevention unit configured to prevent unauthorized rewriting while maintaining a function of the information processing apparatus by rejecting the rewrite request without stopping the function of the information processing apparatus, in a case where the execution module for which the rewrite request is issued is registered in a whitelist for which the first falsification detection unit determines that no falsification is made and where the rewrite request is issued by an update module for which the update module determination unit determines to be an unauthorized update module.Type: GrantFiled: June 22, 2020Date of Patent: August 23, 2022Assignee: Canon Kabushiki KaishaInventors: Ayuta Kawazu, Nobuhiro Tagashira, Takami Eguchi