Patents Examined by Tri M Tran
  • Patent number: 11398910
    Abstract: Systems and methods of the invention are directed to provisioning a token by a secure authentication system. A user may initiate a transaction that causes a resource provider computer to transmit an authentication request message to a directory server computer. The directory server computer may transmit the authentication request message to an access control server computer for authentication. Subsequent to receiving the authentication request message, the directory server computer may request a token for the transaction from a token provider computer. If authentication is successful, the token may be included in an authentication response message transmitted by the directory server computer to the resource provider computer. The token may then be utilized by the resource provider computer in lieu of sensitive user information for any suitable purpose. In some embodiments, user-specific-data provided by the access control server computer may be included in the authentication response message.
    Type: Grant
    Filed: October 22, 2019
    Date of Patent: July 26, 2022
    Inventors: Aparna Krishnan Girish, Parveen Bansal
  • Patent number: 11399043
    Abstract: Embodiments of the invention are directed to the utilization of trust tokens to perform secure message transactions between two devices. A trust token transmitted in a message from one device may include first data that is digitally signed by a trust provider computer, and second data that is digitally signed by the device itself. Upon receipt of a message containing a trust token, the recipient may utilize the first data to verify with the trust provider computer that the sender of the message is a trusted party. The trust provider computer may provide the recipient device the public key of the sender. The recipient may utilize the second data and the provided public key to verify that the sender signed the message and that the message is unaltered. These techniques may increase detection of relay, replay, or other man-in-the-middle attacks, decreasing the likelihood that such attacks will be successful.
    Type: Grant
    Filed: October 22, 2019
    Date of Patent: July 26, 2022
    Assignee: Visa International Service Association
    Inventor: Quan Wang
  • Patent number: 11372988
    Abstract: A system deletes and sanitizes files in a distributed file system. The system also randomizes rotation of data in a distributed file system.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: June 28, 2022
    Assignee: Raytheon Company
    Inventors: Nicholas Wayne Barrett, Gregory Andrew Early
  • Patent number: 11372981
    Abstract: A redundant processing system with profile-based monitoring is disclosed. In embodiments, the redundant system includes two or more redundant lanes, each lane having equivalent processing components. In a testing state, template processors and hardware monitoring sensors are connected to a selected trusted lane and input vectors submitted thereto; the hardware sensors characterize the response of the selected lane and the resulting testing data compiled into system templates. In an operational environment, the template processors send challenges based on the input vectors to each of the redundant lanes in real time, collecting response data from each lane via identical sets of monitoring sensors. The template processors correlate the response data with the corresponding system templates, identifying anomalous lanes and system anomalies based on discorrelations between the response data and the system templates.
    Type: Grant
    Filed: January 9, 2020
    Date of Patent: June 28, 2022
    Assignee: Rockwell Collins, Inc.
    Inventors: Reginald D. Bean, Carl J. Henning, Gregory S. Droba, Carlen R. Welty
  • Patent number: 11373762
    Abstract: To provide an authentication technique having higher security between IoT devices and server devices or between IoT devices. The server device provides, to the terminal device, a parameter file including a predetermined identifier for uniquely identifying a relationship between the terminal device and the server device, and connection destination information regarding a connection destination of the server device, the terminal device accesses the server device specified by the connection destination information in the parameter file, requests issuance of a timed identification number, and transmits the identifier and the timed identification number to the server device when connecting to the server device specified by the connection destination information in the parameter file, and the server device authenticates the terminal device using the identifier, and confirms an authenticity of the terminal device using the timed identification number.
    Type: Grant
    Filed: September 21, 2019
    Date of Patent: June 28, 2022
    Inventor: Norihito Futamura
  • Patent number: 11368513
    Abstract: Systems and methods for providing a middleware application for user-interface-driven applications include receiving, at the middleware application, queries from different dynamic user interface modules associated with respective front-end applications. The front-end applications are authenticated using authentication data included in the query and verification data external to the middleware application. In response to each query, the middleware application receives data from different external data sources, each being a separate instance of the same back-end service. The data is used to generate objects declaring instances of user interface elements, which are sent by the middleware application to the requesting dynamic user interface module for rendering at the associated front-end application.
    Type: Grant
    Filed: December 27, 2021
    Date of Patent: June 21, 2022
    Assignee: Modo Labs, Inc.
    Inventors: Thomas Hughes Speller, III, Brian Lawrence Patt, Evan Arthur McCullough, Ryan Zhao Chan
  • Patent number: 11363454
    Abstract: A method for providing access to a communication includes generating a timed key table in device nonvolatile memory, storing archival copies of the timed key table within enterprise environments, encrypting a master secret with the currently applicable key of the timed key table, generating an encrypted timed key table by encrypting the timed key table with a public key, sending data on an encrypted session from a communication device to a server over a network, sending the encrypted master secret and encrypted timed key table from the communication device over the network, decrypting the encrypted timed key table with a private key, decrypting the encrypted master secret sent from the communication device using at least a subset of an unencrypted timed key table to obtain the master secret, and decrypting the encrypted data sent from the communication device using the unencrypted master secret.
    Type: Grant
    Filed: January 31, 2020
    Date of Patent: June 14, 2022
    Inventor: Raymond Edward Ozzie
  • Patent number: 11354414
    Abstract: A multi-engine malicious code scanning method for scanning data sets from a storage device is provided. The method includes, among other steps obtaining at least one data set from a storage device and generating a single forensic image of the data set and also applying a recover data application to the data set to generate a single recovered data set. A scanning is initiated of the single forensic image and the single recovered data set using the selected plurality of malware engines, where each of the malware engines, installed on the independent operating systems of the virtual operating system may be run concurrently on the single forensic image and the single recovered data set. A report is generated combining each of the malware engines reporting the results of the scans.
    Type: Grant
    Filed: December 30, 2019
    Date of Patent: June 7, 2022
    Assignee: Forensic Scan, LLC
    Inventors: William R. Spernow, Daniel Garrie
  • Patent number: 11349849
    Abstract: This disclosure describes embodiments of an improvement to the static group solution because all the administrator needs to do is specify the criteria they care about. Unlike static groups, where the administrator needs to keep track of the status of individual users and move them between static groups as their status changes, smart groups allows for automatic identification of the relevant users at the moment that action needs to be taken. This feature automates user management for the purposes of enrollment in either phishing and training campaigns. Because the smart group membership is determined as the group is about to be used for something, the smart group membership is always accurate and never outdated. The query that determines the smart group membership gets run at the time when you are about to do a campaign or perform some other action that needs to know the membership of the smart group.
    Type: Grant
    Filed: September 13, 2021
    Date of Patent: May 31, 2022
    Assignee: KnowBe4, Inc.
    Inventors: Greg Kras, Alin Irimie
  • Patent number: 11341256
    Abstract: A computing device includes a processor and a machine-readable storage medium storing instructions. The instructions are executable by the processor to: cause a file management sub-system to detect a request to access a particular file belonging to a specific user entity, and to send an authorization request to a security sub-system; cause the security sub-system to check user metadata for the specific user entity in response to the authorization request, to determine whether the file is expired based on the user metadata for the specific user entity, and to, in response to a determination that the file is expired based on the metadata, send a denial of the authorization request to the file management sub-system; and cause the file management sub-system to, in response to the denial, block access to the particular file.
    Type: Grant
    Filed: January 24, 2019
    Date of Patent: May 24, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: Vijaya Kumbhashi
  • Patent number: 11336619
    Abstract: A host computer system may be configured to connect to a network. The host computer system may be configured to implement a workspace, an isolated computing environment, and a host-based firewall. The host computer system may be configured to isolate the isolated computing environment from the workspace using an internal isolation firewall. The internal isolation firewall may be configured to prevent data from being communicated between the isolated computing environment and the workspace, for example, without an explicit user input. The host computer system may be configured to determine, using one or more environmental indicators, a relative location of the host computer system. The processor may be configured to select a firewall policy based on the relative location of the host computer system. The firewall policy may include a configuration to apply to one or more of the internal isolation firewall or the host-based firewall.
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: May 17, 2022
    Assignee: L3 Technologies, Inc.
    Inventors: Peter Martz, Kenneth Moritz, Glenn Coleman
  • Patent number: 11329994
    Abstract: An example method for the remote authorization of a gateway to communicate with a device includes accessing time interval data, specified by an owner of the device, the time interval data specifying an access authorization time interval. A calculation is performed, using at least one processor, to generate authorization data that is specific to the device and valid for the access authorization time interval. The authorization data is accessed using the gateway. A scanning function is performed using the gateway, the scanning function to locate the device. A control request is sent to device to control the device.
    Type: Grant
    Filed: June 9, 2020
    Date of Patent: May 10, 2022
    Assignee: Luna XIO, Inc.
    Inventors: Alan Gous, Jeffrey Bazar, Arman Maghbouleh
  • Patent number: 11328078
    Abstract: Various embodiments of the disclosure provide an apparatus for protecting information. According to various embodiments of the disclosure, an apparatus for monitoring a database includes a transceiver, and a processor operatively coupled to the transceiver. The processor may be configured to acquire a query used in access of the database from the database through the transceiver, replace a first code, included in the acquired query, for query checking to a predefined text, convert the text to a second code for query checking, and output information on validity of the acquired query on the basis of a comparison result of the first code and the second code.
    Type: Grant
    Filed: November 22, 2017
    Date of Patent: May 10, 2022
    Assignee: Samsung Electronics Co., Ltd.
    Inventor: Yeon-Kyu Choi
  • Patent number: 11308212
    Abstract: Telemetry data from client file reputation queries is collected over time. Directories/sub-directories under which files of queries are located are identified. The files including the reputations for the files under a given directory/sub-directory are identified and used to calculate the reputation score for the directory/sub-directory. The directory/sub-directory is then classified based on the calculated score for the directory/sub-directory. After the classification of directories/sub-directories, reputation for a file with unknown reputation is then determined based on the classification of the directory/sub-directory under which the file is located.
    Type: Grant
    Filed: June 26, 2019
    Date of Patent: April 19, 2022
    Assignee: CA, INC.
    Inventors: Qian Zhu, Alexander Lichstein, Daniel Sosa
  • Patent number: 11310243
    Abstract: An example intermediary system allows an owner computer system to securely identify and communicate with an end device. The end device uses master secret and time data shared with the owner computer system to generate and advertise a time-dependent device identifier and potentially an encrypted device message. The intermediary system augments the received device data with a message (e.g., an estimate of the device's location) encrypted using the time-dependent device identifier as an encryption key. Furthermore, it hashes the time-dependent device identifier for additional security. The augmented data is forwarded to a server for retrieval and processing by the owner computer system. The owner uses the shared master secret, time data and hash function to generate a hashed time-dependent device identifier used to retrieve matching augmented data from the server. The retrieved message data is decrypted using the reverse of the encryption operations.
    Type: Grant
    Filed: July 14, 2021
    Date of Patent: April 19, 2022
    Assignee: Luna XIO, Inc.
    Inventors: Alan Gous, Jeffrey Bazar, Arman Maghbouleh
  • Patent number: 11310241
    Abstract: The disclosed system implements techniques to enable a tenant of a cloud-based platform to effectively and efficiently apply a policy that copies data packets communicated to or from a virtual machine in the tenant's own virtual network. When applied, the policy mirrors data traffic associated with a workload executing on a virtual machine in the tenant's virtual network. To mirror the data traffic, a copy of a data packet is streamed to another virtual machine so that network analytics can be performed (e.g., performance analytics, security analytics, etc.). In various examples, the policy can be a role-based mirroring policy that defines a plurality of roles in association with a role-based access model that scales operations and that provides improved security for a tenant's virtual network.
    Type: Grant
    Filed: December 27, 2018
    Date of Patent: April 19, 2022
    Inventors: Chandrasekar Srinivasan, Neha Aggarwal, Deven Jagasia, Fengfen Liu, Karthik Ananthakrishnan, Avijit Gupta, Ganesh Srinivasan, Nisheeth Srivastava, Rishabh Tewari, Michal Czeslaw Zygmunt, Harish Kumar Chandrappa, Gabriel Silva, Naveen Prabhat, Sumit Sharad Dhoble, Xinyan Zan, Maitrey Kumar, Wei Xia
  • Patent number: 11303661
    Abstract: Systems and methods for detection of attacks on a communication authentication layer of an in-vehicle network, including determining, by at least one network node, at least one attack attempt on the communication authentication layer of the in-vehicle network, wherein the determination is carried out by identifying anomalies in at least one of messages, data and metadata directed to the communication authentication layer, and selecting, by the at least one network node, a response corresponding to the determined attack attempt from at least one of modification of parameter values corresponding to a security protocol, a failsafe response, and rejection of messages identified as anomalies.
    Type: Grant
    Filed: October 29, 2019
    Date of Patent: April 12, 2022
    Assignee: Argus Cyber Security Ltd
    Inventors: Yaron Galula, Ofer Ben-Noon, Oron Lavi
  • Patent number: 11297051
    Abstract: A virtual session manager of an electronic device maintains a web session for a user across multiple electronic devices. The virtual session manager receives an authentication request from a first electronic device that is in a communication range of the device. The virtual session manager transmits the authentication request to an endpoint device with a grant token without providing the first electronic device with any access to the grant token. The virtual session manager will receive, from the endpoint device, a first access token in response to the first authentication request. The virtual session manager will transmit the first access token to the first electronic device so that the first electronic device can establish a virtual session with the first web resource.
    Type: Grant
    Filed: September 10, 2019
    Date of Patent: April 5, 2022
    Assignee: Google LLC
    Inventors: Guibin Kong, Naveen Agarwal
  • Patent number: 11271730
    Abstract: Dynamic Cipher Key Management (DCKM) of the present invention enables the protection of sensitive electronic data by assigning symmetric or asymmetric cipher keys using a process that delivers the cipher key to a network endpoint device by means of a key installation, delivery, and storage methodology. DCKM may negate the need to physically touch the network device under protection. Further, DCKM's process is based on a set of operating principles that maintains the highest levels of assurance that the cipher key pairs are issued with only devices that have the right and authorization to create a secure communication path. The DCKM process realizes the same level of security confidence that is only achieved today with conventional token based key management services with respect to the paired devices linked via a cipher key public and private relationship.
    Type: Grant
    Filed: December 6, 2019
    Date of Patent: March 8, 2022
    Inventors: James Taylor, John Dwyier, Joseph Lawn, Glen Gulyas
  • Patent number: 11269977
    Abstract: System and method of collecting and processing data in electronic devices. A sensors data collector collects measurements from at least an accelerometer and a gyroscope of an electronic device. A data-loss prevention module operates to pass these measurements, immediately upon their collection, to a supplemental locally-running processing thread which retains the measurements even after a refresh of a web-page in which the measurements were collected, and which transmits the measurements to a remote server even after refresh of the web-page in which the measurements were collected. Non-global scope of functions is utilized, to reduce security exposure. An asynchronous SharedWorker module is utilized, to alleviate congestion of computing resources of the electronic device. Data obfuscation and encoding is utilized to maintain anonymity of user-entered data while still allowing a remote server to ensure the integrity of data received from the electronic device.
    Type: Grant
    Filed: September 15, 2019
    Date of Patent: March 8, 2022
    Assignee: BIOCATCH LTD.
    Inventors: Avi Turgeman, Yehuda Sabag, Leonid Karabchevsky