Patents Examined by Thomas Ho
  • Patent number: 10798131
    Abstract: A universal opt-in/opt-out client allows a user to connect to the APIs for various different sites which have the user's data. The universal client orchestrates opting out on any of the site lists provided by default, or sites which the user selects. The universal client enables the user to select total or partial opt-ins or opt-outs with granular control, on one or more web or decentralized sites, where the user may wish to allow some uses of data and access to data but would also like to restrict others. When a user is calibrating their privacy and data settings, a company or site may provide reasons and incentives for the user to allow access to certain data. This allows users to have simultaneous global control over their personal data while enabling the user to receive compensation for the use of their personal data, and allowing companies to have access to better data.
    Type: Grant
    Filed: May 1, 2018
    Date of Patent: October 6, 2020
    Inventors: Charles Finkelstein, Ethan Finkelstein, Inder Singh
  • Patent number: 10796016
    Abstract: A method is disclosed. The method includes receiving, at a computing system, from a user, a request for an access code and one or more constraints on a use of the access code, and identifying a portable device to be associated with the access code. The method also includes obtaining, using the portable device, authorization for one or more potential interactions using the access code. Upon obtaining authorization for the one or more interactions, the method includes generating the access code, which includes an identifier that causes an access request that includes the access code be routed to the computing system. The method also includes receiving, from an access device, an access request comprising the access code in an interaction. Upon determining that the interaction complies with the one or more transaction constraints, the computing system provides an indication to the access device that the interaction is authorized.
    Type: Grant
    Filed: March 28, 2018
    Date of Patent: October 6, 2020
    Assignee: Visa International Service Association
    Inventor: Matthew Aaron Legler
  • Patent number: 10791146
    Abstract: Systems and methods are described for analysing, sharing and comparing security configurations. According to one embodiment, a security metric for a network segment of a private network is generated based on determination and analysis of network assets, network topology, and one or more defined security criteria representing security features being implemented by one or more network security devices that form part of the network segment, wherein the scoring metric is a quantitative representation of protection level and/or exposure level of the network segment. In an embodiment, the security metric can be shared and compared with security metrics of other network segments.
    Type: Grant
    Filed: March 28, 2018
    Date of Patent: September 29, 2020
    Assignee: Fortinet, Inc.
    Inventors: Michael Xie, Robert A. May
  • Patent number: 10740471
    Abstract: Systems and methods for determining an extent of a vulnerability on a computer and remediating the vulnerability. An installed resource set comprising shared software resources installed on the computer is enumerated. A vulnerable resource is identified in the installed resource set. A vulnerable process set including at least one vulnerable process that uses the vulnerable resource is enumerated. And, the vulnerable process is remediated.
    Type: Grant
    Filed: June 5, 2018
    Date of Patent: August 11, 2020
    Assignee: Rapid7, Inc.
    Inventors: Roy Hodgman, Jonathan Hart
  • Patent number: 10735464
    Abstract: A computer-implemented method for detecting replay attack comprises: obtaining at least one candidate transaction for adding to a blockchain; verifying if an identification of the candidate transaction exists in an identification database, the identification database comprising a plurality of identifications within a validation range; and in response to determining that the identification does not exist in the identification database, determining that the candidate transaction is not associated with a replay attack.
    Type: Grant
    Filed: December 17, 2019
    Date of Patent: August 4, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Guilu Xie
  • Patent number: 10728029
    Abstract: Systems, apparatuses, methods, and computer program products are disclosed for session authentication using quantum line switching. An example system includes encoding circuitry configured to generate, based on a first set of quantum bases, a set of qbits, and transmit the first subset of qbits over a first quantum line. The encoding circuitry is configured not to transmit the first set of quantum bases. The system further includes switching circuitry configured to receive the first subset of qbits over the first quantum line, and transmit it over a second quantum line. The system further includes first decoding circuitry configured to receive the first subset of qbits, and decode, based on a second set of quantum bases, the first subset of qbits to generate a first decoded set of bits. The system further includes first session authentication circuitry configured to generate a session key based on the first decoded set of bits.
    Type: Grant
    Filed: March 9, 2018
    Date of Patent: July 28, 2020
    Assignee: WELLS FARGO BANK, N.A.
    Inventor: Masoud Vakili
  • Patent number: 10721259
    Abstract: In general, certain embodiments of the present disclosure provide methods and systems for automatic generation of filter rules based on functional network flows for e-Enabled aviation systems. According to various embodiments, a method is provided comprising capturing network packets corresponding to a functional network flow transmitted within a networked aviation system, and parsing the network packets in order to extract one or more network messages corresponding to the functional network flow. The network message is examined in order to identify and classify a plurality of attributes corresponding to the header and data fields of the network packets. A table corresponding to the network messages is automatically generated, which includes one or more filter rules. In some embodiments, the table may be used to determine which communications are authorized during a particular context of the networked aviation system. The method further comprises validating the one or more filter rules.
    Type: Grant
    Filed: March 31, 2016
    Date of Patent: July 21, 2020
    Assignee: The Boeing Company
    Inventors: John E. Bush, Arun Ayyagari, Steven L. Arnold
  • Patent number: 10719590
    Abstract: Runtime computer software product management system including a computer database, an access control system and a composite model including an integrated entitlement-service state model with first state data specifying access to a subscription of a computer software product of a host and second state data specifying permissible actions involving the subscription based at least in part upon the first state data. The access control system is in communication with the computer database and generates grants for an accountant and client based on the entitlement-service state model and receives a request from the computer software product for the client to access the product. The access control system determines a grant status based at least in part upon the first grant status and the second grant status and responds to the request with the determined grant status which governs client access to the computer software product.
    Type: Grant
    Filed: April 1, 2019
    Date of Patent: July 21, 2020
    Assignee: INTUIT INC.
    Inventors: Leena Sampemane, Michael A. Meagher, Lise Caron, Almira H. Niciu-Chiuaru, David Kemme
  • Patent number: 10721062
    Abstract: Utilizing error correction (ECC) for secure secret sharing includes computing an encrypted key using a key and a number of random values, computing, based on a first ECC scheme, a key ECC for the encrypted key and the random values, and storing a number of key fragments on a number of storage servers, the number of key fragments includes the encrypted key, the random values, and the key ECC.
    Type: Grant
    Filed: September 24, 2014
    Date of Patent: July 21, 2020
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Liqun Chen, Peter Thomas Camble, Mark Robert Watkins, Ieuan James Henry
  • Patent number: 10713355
    Abstract: Certain embodiments may generally relate to controlling access to data held in the cloud. A method for controlling access to data held in the cloud may include determining, at a cloud server, the validity of user credentials received from a user device. The method may also include receiving context data related to the user device based on the validity of the user credentials. The method may further include synchronizing the context data with the cloud server. In addition, the method may include enforcing context-sensitive security checks on requests made by the user for resources based on the sensor data collected by the user device.
    Type: Grant
    Filed: October 17, 2017
    Date of Patent: July 14, 2020
    Inventors: Bashar Nuseibeh, Arosha Bandara, Khaled M. Khan, Niamul Haque Khan, Armstrong Nhlabatsi, Thein Than Tun, Yijun Yu
  • Patent number: 10686803
    Abstract: A validation-ready preprocessing block in a current consensus round is obtained by a blockchain node and in a service consensus stage. The validation-ready preprocessing block is validated. If it is determined that the validation-ready preprocessing block is validated, validation is started on a next validation-ready preprocessing block and parallel data processing is performed on service data stored in the validated validation-ready preprocessing block.
    Type: Grant
    Filed: May 30, 2018
    Date of Patent: June 16, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Shifeng Wang
  • Patent number: 10657257
    Abstract: A method, apparatus and product performing feature vector aggregation for malware detection. Two sets of measurements produced by a two dynamic analyses of an examined program are obtained, wherein the two dynamic analyses are performed with respect to the examined program executing two different execution paths. An aggregated feature vector representing the examined program is generated. The aggregated feature vector comprises a set of aggregated features, wherein a value of each aggregated feature is based on an aggregation of corresponding measurements in the first set of measurements and in the second set of measurements. A predictive model is applied on the aggregated feature vector to classify the examined program as malicious or benign.
    Type: Grant
    Filed: December 6, 2017
    Date of Patent: May 19, 2020
    Assignee: International Business Machines Corporation
    Inventors: Fady Copty, Cynthia Eisner, Dov Murik, Tamer Salman
  • Patent number: 10652260
    Abstract: A method and an apparatus for detecting botnet domains is described. In one embodiment, the method includes monitoring network traffic associated with a plurality of clients in a network. Based on the monitoring, information related to a plurality of domains that are queried is stored. The method includes identifying one or more suspect clients in the network based on the stored information and determining a subset of suspect domains based on the stored information related to the domains queried by the suspect clients. The method can include determining client activity information and using the client activity information to determine a polytope region for a client. The method includes comparing each suspect domain to the polytope region and associating a domain with a group of blocked domains if the domain falls within the polytope region.
    Type: Grant
    Filed: November 8, 2017
    Date of Patent: May 12, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: David Rodriguez, Andrea Michelle Scarfo, Dhia Mahjoub
  • Patent number: 10638313
    Abstract: Systems and methods for confirming a cryptographic key. The system includes an electronic controller configured to generate an electronic message in response to an installation of a secret key on the electronic controller, the electronic message comprising information about the installation of the secret key, digitally sign the electronic message using a manufacturer private key, encrypt the electronic message, store the electronic message in a memory, access the stored electronic message in response to a request by a user, decrypt the electronic message, confirm a digital signature of the electronic message using a manufacturer public key, generate a confirmation message, and send the confirmation message to a user.
    Type: Grant
    Filed: October 26, 2017
    Date of Patent: April 28, 2020
    Assignee: Robert Bosch GmbH
    Inventors: Robert J. Lambert, Robert M. Kaster
  • Patent number: 10637865
    Abstract: A device may include one or more processors to establish a media access control security (MACsec) key agreement (MKA) session between a first network device and a second network device via a MACsec link; establish a fast heartbeat session via the MACsec communication link, between a first packet processing engine of the first network device and a second packet processing engine of the second network device, to permit the first packet processing engine and the second packet processing engine to exchange fast heartbeat messages via the fast heartbeat session and the MACsec communication link; determine, based on the fast heartbeat session, that the MKA session has ended; and/or perform an action based on the MKA session ending.
    Type: Grant
    Filed: October 16, 2017
    Date of Patent: April 28, 2020
    Assignee: Juniper Networks, Inc.
    Inventors: Baba Syed Mazaz Hussain, Nikhil Gavraskar, Avinash Jayaprakash, Sachin Mutalik Desai
  • Patent number: 10635792
    Abstract: Techniques are provided for providing multi-factor authentication with Uniform Resource Locator (URL) validation (MFAUV). One of the multiple authentication factors used may include a unique, user-specific URL that is sent to the user within a message. In this way, the user may simply click on, or otherwise execute or select, the provided URL, directly from within the message in which the URL is provided.
    Type: Grant
    Filed: August 31, 2017
    Date of Patent: April 28, 2020
    Assignee: Sybase 365, Inc.
    Inventors: William Dudley, Steven Garcia, Khalid Abdullah, Fernando Nakano
  • Patent number: 10630693
    Abstract: Provided is adaptive authentication that utilizes relational analysis, sentiment analysis, or both relational analysis and sentiment analysis to facilitate an authentication procedure. The relational analysis evaluates a transactional profile and a behavioral profile of the user. The sentiment analysis evaluates available user information that is obtained from various forms of Internet activity related to the user. A level of authentication is selectively modified based on a result of the relational analysis and/or the sentiment analysis.
    Type: Grant
    Filed: April 6, 2017
    Date of Patent: April 21, 2020
    Assignee: WELLS FARGO BANK, N.A.
    Inventor: Sridhar Kotamraju
  • Patent number: 10616404
    Abstract: A system and method for with an inmate in a privileged communication are disclosed. a communication system includes a portal subsystem that determines whether a communication should be monitored, or not, based on received information, including access information, from a first communication device. Based on the determination, the communication system bypasses a monitoring subsystem and stores and/or transmits the communication to a second communication device by way of a non-monitoring subsystem.
    Type: Grant
    Filed: March 19, 2019
    Date of Patent: April 7, 2020
    Assignee: Global Tel*Link Corporation
    Inventor: Stephen L. Hodge
  • Patent number: 10608843
    Abstract: In one embodiment, a server instructs one or more networking devices in a local area network (LAN) to form a virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the server. The server receives the redirected traffic associated with the particular node. The server trains a machine learning-based behavioral model for the particular node based on the redirected traffic. The server controls whether a particular redirected traffic flow associated with the node in the LAN is sent to a destination of the traffic flow using the trained behavioral model.
    Type: Grant
    Filed: April 12, 2017
    Date of Patent: March 31, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Pascal Thubert, Jean-Philippe Vasseur, Patrick Wetterwald, Eric Levy-Abegnoli
  • Patent number: 10608827
    Abstract: Described herein are methods and systems for updating digital certificates on a computer and testing to confirm that the update was performed correctly. The testing may involve confirming that a server's common name (CN) and/or a server's subject alternative name (SAN) matches the domain name server (DNS) name utilized to access the server, confirming that, for all the certificates sent in chain, each certificate's expiration date is less than or equal to the expiration date of that certificate's parent certificate, confirming that the certificates' authority key identifier (AKI), subject key identifier (SKI), and/or authority information access (AIA) are in compliance, and comparing available cipher suites to a list of pre-approved cipher suites.
    Type: Grant
    Filed: November 18, 2016
    Date of Patent: March 31, 2020
    Assignee: United Services Automobile Association (USAA)
    Inventors: Carl Mehner, Dale Lawrence