Patents Examined by Trang T Doan
-
Patent number: 11954195Abstract: A computer system is provided for protecting access to one or more hardware devices with a hardware device password that is invisible to a user, the system comprising a mobile device and the hardware device, the mobile device including: a memory, the memory storing one or more invisible passwords; an application in the memory; a wireless interface for communicating with the hardware device; and a processor coupled to the memory, the application and the wireless interface, the hardware device including: a memory; a wireless interface for communicating with the mobile device; and a processor coupled to the memory and the wireless interface; wherein the processor in the mobile device is configured to receive a hardware device identifier from the processor in the hardware device; wherein the application in the mobile device is configured to select, based upon the hardware device identifier, the invisible password for the hardware device; and the processor in the hardware device is configured to authenticate the aType: GrantFiled: November 1, 2018Date of Patent: April 9, 2024Assignee: FTS FOREST TECHNOLOGY SYSTEMS LTD.Inventors: Sean Daniel, Bradley William Zarikoff, Craig William Welburn, Joel Frederic Fieber Rose, Gabriel Rechwan
-
Patent number: 11934566Abstract: A voltage attack detection circuit of a chip includes: a first programmable resistor and a second programmable resistor, a first terminal of the first programmable resistor is connected to a supply voltage, a second terminal of the first programmable resistor is connected to a ground voltage through the second programmable resistor, the first terminal outputs a first voltage, the second terminal outputs a second voltage; a voltage detection circuit, receives the first voltage and a first reference voltage and output a first signal, where the first signal is configured to indicate whether the first voltage is greater than or equal to the first reference voltage, the voltage detection circuit is further configured to receive the second voltage and a second reference voltage and output a second signal, and the second signal is configured to indicate whether the second voltage is less than or equal to the second reference voltage.Type: GrantFiled: September 23, 2021Date of Patent: March 19, 2024Assignee: SHENZHEN GOODIX TECHNOLOGY CO., LTD.Inventors: Jiang Yang, Jianfeng Xue
-
Patent number: 11924239Abstract: Systems, computer-implemented methods, and computer program products that facilitate vulnerability and attack technique association are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a map component that defines mappings between vulnerability data representing a vulnerability of a computing resource and attack data representing at least one attack technique. The computer executable components can further comprise an estimation component that analyzes the mappings to estimate a probability that the vulnerability will be exploited to attack the computing resource.Type: GrantFiled: October 23, 2020Date of Patent: March 5, 2024Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Lilian Mathias Ngweta, Steven Ocepek, Constantin Mircea Adam, Sai Zeng, Muhammed Fatih Bulut, Milton H. Hernandez
-
Patent number: 11924178Abstract: Disclosed is a system and a method for information distribution. The system comprises: a server for generating a group key and its corresponding key deriving parameter, wherein the server encrypts sensitive contents by using the group key to obtain encrypted information; and terminals configured to receive the encrypted information through an open channel, extract the group key, then decrypt the encrypted information by using the group key to obtain the original content. In the group forming process, each terminal encrypts its private identifier using the public key and submits the ciphertext to the server. In information distribution process, the server transmits the ciphertext of sensitive contents and the key deriving parameter to the terminals via open channel Because private information available only to respective group members is required for calculating the group key, this mechanism ensures that the sensitive content can be transmitted securely on the open channel.Type: GrantFiled: December 13, 2021Date of Patent: March 5, 2024Assignee: MAXIO Technology (Hangzhou) Co., Ltd.Inventors: Gang Fang, Wei Xu, Yan Cai, Jun Chen, Zhehang Wen, Li Liang, Guohua Chen, Yiming Lu
-
Patent number: 11917412Abstract: A UE having a security context with an Initial AMF is able to accept an unprotected AUTHRQ, under certain circumstances, for a limited time. In one embodiment, a UE considers the security context to be temporary, which invokes rules or exceptions different than a permanent security context, such as the acceptance of an unprotected AUTHRQ from a Target AMF. The network may indicate to the UE the temporary status, or the UE may assume it. Alternatively, the UE may enable exceptions to the defined rules associated with the security context. In one embodiment, the UE receives a plurality of partial registration acceptance messages, each indicating a specific task or aspect of the overall registration has been completed. The UE may mark its security context temporary, or enable exceptions to the rules 10 associated with it, until a partial registration acceptance messages indicates AMF re-allocation is complete or is not required.Type: GrantFiled: June 17, 2020Date of Patent: February 27, 2024Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Vlasios Tsiatsis, Qian Chen, Noamen Ben Henda, Ivo Sedlacek, Monica Wifvesson
-
Patent number: 11909872Abstract: Systems and methods are provided for quantum-resistant secure key distribution between a peer and an EAP authenticator by using an authentication server. The systems and methods include receiving requests for a COMMON-SEED and a quantum-safe public key from a peer and an EAP authenticator. The COMMON-SEED is encrypted using the quantum-safe public key of the peer and the quantum-safe public key of the EAP authenticator, and the encrypted COMMON-SEED is sent to the peer along with a request for a PPK_ID from the peer to complete authentication of the peer. The PPK_ID is received from the peer, and the encrypted COMMON-SEED and PPK_ID is sent to the EAP authenticator. A quantum-resistant secure channel is established between the peer and the EAP authenticator when the peer and the EAP authenticator share the same COMMON-SEED and the same PPK-ID.Type: GrantFiled: November 10, 2022Date of Patent: February 20, 2024Assignee: Cisco Technology, Inc.Inventors: Amjad Inamdar, Lionel Florit, Eric Voit, Sujal Sheth, Chennakesava Reddy Gaddam
-
Patent number: 11910187Abstract: Systems, methods, and computer program products for an application to securely record and propagate an invocation context for invoking other applications are described. The applications being invoked not only receive a user's authentication token, but also authentication tokens of an entire invocation chain. Accordingly, the applications being invoked can verify a chain of custody through verification of nested, cryptographically signed payloads of a chain of authentication tokens. An application can thus verify identities of each application in the chain of custody, as well as the invocation contexts (e. g. the HTTP request method and path) in which each application in the chain invoked the next application.Type: GrantFiled: August 3, 2020Date of Patent: February 20, 2024Assignee: Pivotal Software, Inc.Inventor: William Tran
-
Patent number: 11895234Abstract: A node may receive, from a quantum key-distribution (QKD) device, a first message that includes an identifier associated with a key. The node may send, to another node, a second message that includes the identifier and a request to perform at least one task. A node may receive, from the other node, a third message that includes information associated with performance of the at least one task by the other node and information indicating a time of performance. The node may receive, from the QKD device, a fourth message that includes the key and information indicating a time window associated with the quantum key; wherein the fourth message is received after expiration of the time window. The node may process, based on the fourth message, the third message to determine whether the third message is valid and thereby cause one or more actions to be performed.Type: GrantFiled: September 30, 2021Date of Patent: February 6, 2024Assignee: Juniper Networks, Inc.Inventors: Jason R. Pascucci, Melchior Dirk Frederik Aelmans, Gert Grammel
-
Patent number: 11888883Abstract: An enhanced threat disposition analysis technique is provided. In response to receipt of a security threat, a threat disposition score (TDS) is retrieved. The threat disposition score is generated from a machine learning scoring model that is built from information about historical security threats, including historical disposition of one or more alerts associated with the historical security threats. The system augments an alert to include the threat disposition score, optionally together with a confidence level, to generate an enriched alert. The enriched alert is then presented to the security analyst for handling directly. Depending on the TDS (and its confidence level), the analyst may be able to respond to the threat immediately, i.e., without further detailed investigation. Preferably, the machine learning model is updated continuously as the system handles security threats, thereby increasing the predictive benefit of the TDS scoring.Type: GrantFiled: June 14, 2017Date of Patent: January 30, 2024Assignee: International Business Machines CorporationInventors: Gary I. Givental, Aankur Bhatia, Paul J. Dwyer
-
Patent number: 11870906Abstract: Described is a system (and method) that provides a mechanism for guarding against cyber-attacks including ransomware, malware, and various other types of malicious attacks. The mechanism includes providing an isolated storage recovery account within a cloud-based storage infrastructure. The isolated storage recovery account secures data even in instances where credentials for a subscriber to a cloud-based service or the cloud-based provider itself is compromised. In order to ensure that data is still protected even when access credentials may be compromised (e.g. by a disgruntled employee), the mechanism requires a joint coordination between both the provider and the subscriber. The joint coordination may be mandated by the use of a particular multiple encryption technique for credentials that are required to access the isolated storage recovery account.Type: GrantFiled: September 6, 2018Date of Patent: January 9, 2024Assignee: EMC IP Holding Company LLCInventor: Yossef Saad
-
Patent number: 11863538Abstract: In one embodiment, a method of useful for generating a symmetric key includes the step of obtaining a sensor signal from a sensor of a mobile device. The method includes the step of determining one or more sampling points on said sensor signal. The method includes the step of extracting a sensor signal value at the sampling points. The method includes the step of generating the symmetric key from the sampled sensor signal value.Type: GrantFiled: December 26, 2018Date of Patent: January 2, 2024Inventor: Luigi Caramico
-
Patent number: 11863563Abstract: The appropriate scoping of an access policy can be determined using the observed access and usage of various resources covered under that policy. Information about access requests received over a period of time can be logged, and actions represented in the log data can be mapped to the permissions of the access policy. A new access policy can be generated that includes grant permissions only for those actions that were received and/or granted during the monitored period of time. The new policy can be processed using policy logic to ensure that changes in permission comply with rules or policies for the target resources. The new policy can be at least partially implemented, or can be provided to an authorized user, who can choose to adopt or deny the new policy, or to accept some of the recommendations for modifying the current policy.Type: GrantFiled: March 16, 2018Date of Patent: January 2, 2024Assignee: Amazon Technologies, Inc.Inventors: Neha Rungta, Tyler Stuart Bray, Kasper Søe Luckow, Alexander Watson, Jeff Puchalski, John Cook, Michael Gough
-
Patent number: 11841971Abstract: Various embodiments of the present technology generally relate to systems and methods for secure customer data handling. More specifically, some embodiments relate to handling of derivative data as a provider in a manner that supports security and provides a stronger level of control over the data. The solution supports four core principles of customer data handling: no export of customer data, unless authorized; remote operations only via shell access or equivalent; temporary and task-based privileges; and diagnostic data to be ephemeral. The customer data handling system herein includes a central repository for the storage of diagnostic data, an upload tool for uploading to the central repository and automated staging on containers, a diagnostic virtual machine that enables task-based access to diagnostic data and analysis tools hosted on a dedicated container, and an application for handling requests, provisioning and staging containers, and purging.Type: GrantFiled: September 29, 2020Date of Patent: December 12, 2023Assignee: Oracle International CorporationInventors: Farhat Safi, Naganand Abbaraju, Srinivas Thanneeru, Rahul Saraf, Alhad Shewade, Venkatesh Solasa, Veera Venkata Satyanarayana Desina, Rajesh Vig, Flemming Christensen, Lawrence Klein
-
Patent number: 11831605Abstract: Various example embodiments for supporting firewalling of traffic are presented. The support for firewalling of traffic may include support for firewalling of layer-2 traffic (e.g., applying firewall rules to layer-3 traffic embedded within layer-2 frames) using a layer-2 firewall. The firewalling of layer-2 traffic by a layer-2 firewall may include support for firewalling of layer-2 traffic associated with various types of layer-2 services. The firewalling of layer-2 traffic by a layer-2 firewall may include support for firewalling of layer-2 traffic for which the layer-2 destination address of the traffic is known and layer-2 traffic for which the layer-2 destination address of the traffic is unknown. The firewalling of layer-2 traffic by a layer-2 firewall may include receiving, by a router, a packet of a flow of a layer-2 service and supporting, by the router, layer-2 firewalling of the packet at the router while honoring layer-2 forwarding of the packet at the router.Type: GrantFiled: March 29, 2021Date of Patent: November 28, 2023Assignee: Nokia Solutions and Networks OyInventors: Prashant Shanbhag, Joshua Dennis, Jason M'Sadoques, Huanxin Xiong, Qiang Wu
-
Patent number: 11816234Abstract: Embodiments of the present systems and methods may provide a data access approval process that supports complex and fine-grained policies and can be applied to different data items at scale, which provides improvement over current technologies. For example, in an embodiment, a computer-implemented method for controlling access to data by computer systems may comprise generating an intermediate representation by integrating a combination of data access policies, data attributes including attributes per data subject, and the data itself to form the intermediate representation, receiving a request for access to the data, rewriting the request for access to the data to incorporate the intermediate representation so as to provide access only to data allowed by the policies integrated into the intermediate representation, and executing the rewritten request and providing only data allowed by the policies integrated into the intermediate representation.Type: GrantFiled: March 19, 2018Date of Patent: November 14, 2023Assignee: International Business Machines CorporationInventors: Maya Anderson, Ronen Itshak Kat, Roee Shlomo, Ety Khaitzin
-
Patent number: 11816235Abstract: The semiconductor device includes a control unit having redundant processors, a memory storing target data, a secure memory storing a key used for encryption or decryption processing, an cryptographic unit, a secure processor instructing cryptographic processing to the cryptographic unit in response to a request from the control unit, a first bus coupled to the control unit, the memory, the cryptographic unit, and the secure processor, and a second bus coupled to the secure memory, the cryptographic unit, and the secure processor. The control unit communicates with the memory via a predetermined error detection mechanism, the cryptographic unit includes a plurality of cryptographic processors that independently perform cryptographic processing on target data using a key based on an instruction, and each of the plurality of cryptographic processors includes a data transfer unit that performs data transfer with the memory via the error detection mechanism.Type: GrantFiled: September 17, 2019Date of Patent: November 14, 2023Assignee: RENESAS ELECTRONICS CORPORATIONInventors: Kenichi Ito, Akihiro Yamate, Akira Hosotani
-
Patent number: 11818257Abstract: Disclosed are a system and method of establishing secure communications between nodes in a cloud environment. The method includes receiving a registration of a first user at a quantum processor service provider, receiving at the quantum processor service provider a request for authentication of the first registered user, the request comprising at least the password and the registration number, when the password and registration number match stored data at the quantum processor service provider for the first registered user, generating an EPR entangled pair and transmitting the EPR entangled pair to a first computing device of the first registered user, wherein the first registered user utilizes the EPR entangled pair in order to communicate with a second computing device associated with a second registered user. The quantum processor service provider can include a quantum EPR (Einstein Podoslky and Rosen) processor (QEP) and a logically co-located computer server.Type: GrantFiled: April 27, 2022Date of Patent: November 14, 2023Assignee: Cisco Technology, Inc.Inventors: Santanu Ganguly, D. Brice Achkir
-
Patent number: 11811768Abstract: A method and system for securely transmitting a plurality of data streams between a client device and a server that are in communication via standard Internet protocols are disclosed. The method comprises authenticating the client device by the server to create a Session ID and authorizing the client device to access the plurality of data streams by the server using at least one ACL Group, wherein a WebSocket connection is created between the client device and the server once the client device is both authenticated and authorized. The system comprises a client device and a server in communication with the client device via standard Internet protocols, wherein the server authenticates the client device to create a session, authorizes the client device to access the plurality of data streams using at least one ACL Group, wherein a WebSocket connection is created once the client device is both authenticated and authorized.Type: GrantFiled: January 22, 2019Date of Patent: November 7, 2023Assignee: Vital Connect, Inc.Inventors: Steve Petersen, Kesava Mallela
-
Patent number: 11803663Abstract: Disclosed is a multi-region data center connectivity solution for seamless integration between multi-region data center users and content. The solution supports user pinning (e.g., users and their personal content can be pinned to a particular geographical location/data center); protects personal content (e.g., personal content uploaded by a user is stored in that user's pinned geographical location/data center); and enables data sharing between multi-region data center users in a manner that is seamless and transparent to end users, while respecting user privacy, complying with data sovereignty requirements, and maintaining system anonymity.Type: GrantFiled: May 10, 2022Date of Patent: October 31, 2023Assignee: OPEN TEXT SA ULCInventors: Gregory Beckman, Ryan Cathal Robert O'Toole, Paul Turner
-
Patent number: 11792004Abstract: Polynomial multiplication for side-channel protection in cryptography is described. An example of an apparatus includes one or more processors to process data; a memory to store data; and polynomial multiplier circuitry to multiply a first polynomial by a second polynomial, the first polynomial and the second polynomial each including a plurality of coefficients, the polynomial multiplier circuitry including a set of multiplier circuitry, wherein the polynomial multiplier circuitry is to select a first coefficient of the first polynomial for processing, and multiply the first coefficient of the first polynomial by all of the plurality of coefficients of the second polynomial in parallel using the set of multiplier circuits.Type: GrantFiled: September 17, 2021Date of Patent: October 17, 2023Assignee: INTEL CORPORATIONInventors: Santosh Ghosh, Manoj Sastry