Patents Examined by Thong P Truong
  • Patent number: 11507643
    Abstract: At least one machine readable medium comprising a plurality of instructions that in response to being executed by a system cause the system to send a unique identifier to a license server, establish a secure channel based on the unique identifier, request a license for activating an appliance from a license server over the secure channel, receive license data from the license server over the secure channel; determine whether the license is valid, and activate the appliance in response to a determination that the license data is valid.
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: November 22, 2022
    Assignee: Intel Corporation
    Inventors: Malini K. Bhandaru, Kapil Sood, Christian Maciocco, Isaku Yamahata, Yunhong Jiang
  • Patent number: 11502998
    Abstract: Methods for provisioning and managing Internet-of-Things (IoT) devices over a network using device based tunneled nodes are provided. In one aspect, a method includes receiving, by a first network device in a network, data originated from an Internet-of-Things (IoT) device; identifying a device type of the IoT device by analyzing data packets of the received data; obtaining, by the first network device, a device profile for the IoT device, wherein the device profile is used for provisioning the IoT device to access the network; and provisioning the IoT device using the device profile, wherein the provisioning includes at least one of (1) identifying a tunneling attribute in the device profile; and (2) identifying a constrained application protocol (CoAP) parameter in the device profile, wherein the CoAP parameter is used to zero touch provision one or more device attributes of the IoT device. Systems and machine-readable media are also provided.
    Type: Grant
    Filed: August 20, 2018
    Date of Patent: November 15, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Sivasankaran Nagarajan, Sudhir kumar Chimakurthy, Feroz Ahmed
  • Patent number: 11503045
    Abstract: A cyber-physical system may have monitoring nodes that generate a series of current monitoring node values over time that represent current operation of the system. A hierarchical abnormality localization computer platform accesses a multi-level hierarchy of elements, and elements in a first level of the hierarchy are associated with elements in at least one lower level of the hierarchy and at least some elements may be associated with monitoring nodes. The computer platform may then determine, based on feature vectors and a decision boundary, an abnormality status for a first element in the highest level of the hierarchy. If the abnormality status indicates an abnormality, the computer platform may determine an abnormality status for elements, associated with the first element, in at least one level of the hierarchy lower than the level of the first element. These determinations may be repeated until an abnormality is localized to a monitoring node.
    Type: Grant
    Filed: January 30, 2019
    Date of Patent: November 15, 2022
    Assignee: General Electric Company
    Inventors: Masoud Abbaszadeh, Walter Yund, Daniel Francis Holzhauer
  • Patent number: 11496493
    Abstract: Systems and methods for implementing dynamic graph analysis (DGA) to detect anomalous network traffic are provided. The method includes processing communications and profile data associated with multiple devices to determine dynamic graphs. The method includes generating features to model temporal behaviors of network traffic generated by the multiple devices based on the dynamic graphs. The method also includes formulating a list of prediction results for sources of the anomalous network traffic from the multiple devices based on the temporal behaviors.
    Type: Grant
    Filed: September 10, 2019
    Date of Patent: November 8, 2022
    Inventors: LuAn Tang, Jingchao Ni, Wei Cheng, Haifeng Chen, Dongjin Song, Bo Zong, Wenchao Yu
  • Patent number: 11496491
    Abstract: A fraud detecting method for use in an in-vehicle network system including a plurality of electronic control units that communicate with each other via a network includes detecting whether a state of a vehicle satisfies a first condition or a second condition, and switching, upon detecting that the state of the vehicle satisfies the first condition or the second condition, an operation mode of a fraud-sensing electronic control unit connected to the network between a first mode in which a first type of detecting process for detecting a fraudulent message in the network is performed and a second mode in which the first type of detecting process is not performed.
    Type: Grant
    Filed: February 12, 2020
    Date of Patent: November 8, 2022
    Assignee: PANASONIC IN TEI IECTUAL PROPERTY CORPORATION OF AMERICA
    Inventors: Manabu Maeda, Hideki Matsushima, Tomoyuki Haga, Yuji Unagami, Yoshihiro Ujiie, Takeshi Kishikawa
  • Patent number: 11470046
    Abstract: Deep packet inspection of data in a multi-spoke data tunnel inspection architecture is provided. Inspection may include using a data review tunnel module to receive a first portion of a data stream, encrypted with a first encryption scheme, in a first data conduit. The method may also include receiving a second portion of the data stream, encrypted with a second encryption scheme, in the second data conduit. The method may also include decrypting and reconstructing a complete data stream. The complete data stream may be derived from the decrypted and reconstructed first data stream and the decrypted and reconstructed second data stream. The method may then analyze and review the flow of the complete data stream to determine whether the flow of the data stream is associated with a pre-determined likelihood of intrusion, and then prepare a data report based on the analysis and review.
    Type: Grant
    Filed: August 26, 2019
    Date of Patent: October 11, 2022
    Assignee: Bank of America Corporation
    Inventors: Rajesh Narayanan, Manu Jacob Kurian
  • Patent number: 11463472
    Abstract: A method for detecting malicious program behavior includes performing program verification based on system activity data, analyzing unverified program data identified from the program verification to detect abnormal events, including analyzing host-level events to detect abnormal host-level events by learning a program representation as a graph embedding through an attentional architecture based on an invariant graph between different system entities, generating detection results based on the analysis, and performing at least one corrective action based on the detection results.
    Type: Grant
    Filed: October 15, 2019
    Date of Patent: October 4, 2022
    Inventors: Zhengzhang Chen, Ding Li, Zhichun Li, Shen Wang
  • Patent number: 11463450
    Abstract: In some aspects, a computing system can obtain, via a first communication channel with a host server, a data network identifier that identifies a mobile device accessing an interactive computing environment provide by a host server. The computing system can generate, from communications with a telecommunication provider server via a second communication channel, a dynamic identity-verification element that includes the data network identifier and a location identifier that identifies a geographic location of the mobile device. The computing system can match the dynamic identity-verification element to a device-and-location combination indicating unauthorized use of the host server by the mobile device. The computing system can prevent the mobile device from accessing a function for advancing an electronic transaction within the interactive computing environment.
    Type: Grant
    Filed: April 13, 2018
    Date of Patent: October 4, 2022
    Assignee: EQUIFAX INC.
    Inventors: Hrishi Talwar, Prasad Shetty
  • Patent number: 11451581
    Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which detects and defends against malware in-flight regardless of the specific nature and methodology of the underlying attack. The analytic server learns the system's normal behavior during testing and evaluation phase and trains a machine-learning model based on the normal behavior. The analytic server monitors the system behavior during runtime comprising the runtime behavior of each sub-system of the system. The analytic server executes the machine-learning model and compares the system runtime behavior with the normal behavior to identify anomalous behavior. The analytic server executes one or more mitigation instructions to mitigate malware. Based on multiple available options for mitigating malware, the analytic server makes an intelligent decision and takes the least impactful action that have the least impact on the system to maintain mission assurance.
    Type: Grant
    Filed: May 20, 2019
    Date of Patent: September 20, 2022
    Assignee: ARCHITECTURE TECHNOLOGY CORPORATION
    Inventors: Joseph Sirianni, Judson Powers, Robert Joyce
  • Patent number: 11445373
    Abstract: For validation of position, navigation, time (PNT) signals, a hash included in messages with PNT data is used to validate the source of the message without backhaul. Different tags from a hash chain are included in different messages. The receiver is pre-loaded with the root or later trusted hash tag of the chain as created. The hash of any received message may be hashed by the receiver. The result of the hashing will match the pre-loaded or trusted hash tag if the transmitter of the message is a valid source. The PNT data may be validated using a digital signature formed from the PNT data for one or more messages and the hash tag wherein a hash tag of the chain in a subsequently received message is used as the key. The digital signature may be formed from data across multiple messages.
    Type: Grant
    Filed: August 5, 2019
    Date of Patent: September 13, 2022
    Assignee: SATELLES, INC.
    Inventors: Michael L. O'Connor, David G. Lawrence, Gregory Gutt
  • Patent number: 11436335
    Abstract: A method and system for implementing AI based neural networks for data analytics in dynamic testing of security vulnerability of cloud-based enterprise software applications. The method comprises directing, to a software program under execution, a series of attack vectors; diagnosing an at least a first set of results associated with the software program under execution as comprising one of a security vulnerability and not a security vulnerability, the at least a first set of results produced based at least in part on the attack vectors; and training a machine learning neural network classifier in accordance with a supervised classification that identifies false positive vulnerability defects of the at least a first set of results to produce a trained classifier, the neural network classifier including an input and an output layers connected via at least one intermediate layer that is configured in accordance with an initial matrix of weights.
    Type: Grant
    Filed: July 29, 2019
    Date of Patent: September 6, 2022
    Assignee: Ventech Solutions, Inc.
    Inventors: Matthew Canada, Jerry Allen Craig, II, Kathrine Dass, Raja Krishnamurthy, David Anthony Rigsby, Richard Nathan Toney, Stephen J. Veneruso
  • Patent number: 11423249
    Abstract: A device that includes a model training engine implemented by a processor. The model training engine is configured to obtain a set of data values associated with a feature vector. The model training engine is further configured to generate a set of gradients by dividing separation distances by an average separation distance and to compare each gradient to a gradient threshold value. The model training engine is further configured to identify a boundary in response to determining a gradient exceeds the gradient threshold value, to determine a number of identified boundaries, and to determine a number of clusters based on the number of identified boundaries. The model training engine is further configured to train the machine learning model to associate the determined number of clusters with the feature vector.
    Type: Grant
    Filed: December 3, 2018
    Date of Patent: August 23, 2022
    Assignee: Bank of America Corporation
    Inventors: Pankaj Panging, Patrick N. Lawrence
  • Patent number: 11409867
    Abstract: A script analysis platform may obtain a script associated with content wherein the script includes one or more functions that include one or more expressions. The script analysis platform may parse the script to generate a data structure and may traverse the data structure to determine the one or more functions and to determine properties of the one or more expressions, wherein traversing the data structure includes evaluating one or more constant sub-expressions of the one or more expressions. The script analysis platform may analyze the properties of the one or more expressions to determine whether the script exhibits malicious behavior. The script analysis platform may cause an action to be performed concerning the script or the content based on determining whether the script exhibits malicious behavior.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: August 9, 2022
    Assignee: Juniper Networks, Inc.
    Inventor: Frank Jas
  • Patent number: 11403429
    Abstract: Controlling functionality of a core on a per-instance basis can include implementing, within an accelerator, an instance of a core by configuring the accelerator using configuration data, receiving, within the instance of the core, encrypted authorization data for the instance of the core, generating, using control circuitry of the instance of the core, decrypted authorization data for the instance of the core by decrypting the encrypted authorization data using a core instance identifier stored in a first control register of the instance of the core, and writing the decrypted authorization data to a second control register in the instance of the core, wherein the instance of the core enables core functionality therein based on the decrypted authorization data in the second control register.
    Type: Grant
    Filed: November 15, 2019
    Date of Patent: August 2, 2022
    Assignee: Xilinx, Inc.
    Inventors: David Robinson, Raymond Kong
  • Patent number: 11405417
    Abstract: A defense platform for protecting a cloud-hosted application against distributed denial-of-services (DDoS) attacks, wherein the defense platform is deployed out-of-path of incoming traffic of the cloud-hosted application hosted in a plurality of cloud computing platforms, comprising: a detector; a mitigator; and a controller communicatively connected to the detector and the mitigator; wherein the detector is configured to: receive telemetries related to behavior of the cloud-hosted application from sources deployed in the plurality of cloud computing platforms; and detect, based on the telemetries, a potential DDoS attack; wherein, the controller, upon detection of a potential DDoS attack, is configured to: divert traffic directed to the cloud-hosted application to the mitigator; cause the mitigator to perform at least one mitigation action to remove malicious traffic from the diverted traffic; and cause injection of clean traffic to at least one of the plurality of cloud computing platforms hosting the cloud
    Type: Grant
    Filed: February 28, 2018
    Date of Patent: August 2, 2022
    Assignee: Radware, Ltd.
    Inventors: Ehud Doron, Nir Ilani, David Aviv, Yotam Ben Ezra, Amit Bismut
  • Patent number: 11399035
    Abstract: In an embodiment, the disclosed technologies include extracting, from a link contained in an electronic message received from an upstream device on a network, first unit-level input data of a first semantic type and second unit-level input data of a second semantic type; in response to inputting the first and second unit-level input data into first and second deep learning models, respectively, outputting, by the first and second deep learning models, first and second unit-level classification data that corresponds to the first and second unit-level input data, respectively, the first deep learning model having been trained to recognize, in unit-level data of the first semantic type, first patterns of syntactic features and semantic features that are predictive of phishing and the second deep learning model having been trained to recognize, in unit-level data of the second semantic type, second patterns of syntactic features and semantic features that are predictive of phishing; combining the first and second
    Type: Grant
    Filed: June 4, 2019
    Date of Patent: July 26, 2022
    Assignee: CLOUDFLARE, INC.
    Inventor: Umalatha Batchu
  • Patent number: 11386201
    Abstract: A bus control device is enabled for placement between an input port to which a suspect device would be connected and the bus. In this manner, all message received from the suspect device, such an infotainment system, must pass through the bus control device. A separate intrusion detection device is coupled to the bus. The bus control device is arranged to output a notification message to the intrusion detection device, the notification message comprising information about the received message. The intrusion detection device is arranged to determine the validity of the received message responsive to the received notification message.
    Type: Grant
    Filed: August 6, 2017
    Date of Patent: July 12, 2022
    Assignee: C2A-SEC, Ltd.
    Inventor: Shlomo Oberman
  • Patent number: 11372997
    Abstract: Automatically generating audit logs is provided. Audit log statement insertion points are identified in components of an application based on a static code analysis identifying start and end operations on sensitive data in the components of the application. The application is instrumented with audit log statements at the audit log statement insertion points in the components of the application. Audit logs of monitored sensitive data activity events in the application are generated using the audit log statements at the audit log statement insertion points in the components of the application.
    Type: Grant
    Filed: March 10, 2020
    Date of Patent: June 28, 2022
    Assignee: International Business Machines Corporation
    Inventors: Suresh N. Chari, Ted A. Habeck, Ashish Kundu, Ian M. Molloy
  • Patent number: 11374944
    Abstract: In one embodiment, a network security service forms, for each of a plurality of malware classes, a feature vector descriptor for the malware class. The service uses the feature vector descriptors for the malware classes and a symmetric mapping function to generate a training dataset having both positively and negatively labeled feature vectors. The service trains, using the training dataset, an instant threat detector to determine whether telemetry data for a particular traffic flow is within a threshold of similarity to a feature vector descriptor for a new malware class that was not part of the plurality of malware classes.
    Type: Grant
    Filed: December 19, 2018
    Date of Patent: June 28, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: Tomas Komarek, Petr Somol
  • Patent number: 11297103
    Abstract: A system is described for protecting a cyber-physical system against a potential attacker of the cyber-physical system. The system includes at least one processor configured to: collect historical information about the cyber-physical system, and train, based on the historical information, a machine-learned model to predict future conditions of at least a portion of the cyber-physical system. Responsive to detecting an input signal to the cyber-physical system, the system is configured to output an alert to the cyber-physical system indicative of a potential attacker, and respond to the input signal by simulating, based on the future conditions predicted by the machine-learned model, functionality and communications of the at least a portion of the cyber-physical system.
    Type: Grant
    Filed: April 19, 2019
    Date of Patent: April 5, 2022
    Assignee: Battelle Memorial Institute
    Inventors: Thomas W. Edgar, Draguna L. Vrabie, William J. Hofer, Kathleen E. Nowak