Patents Examined by Trong H Nguyen
-
Patent number: 12380207Abstract: Virtual machine images may be constantly scanned using background process, to identify current and evolving security risks, such as by optimizing the image scanning a last-in, first-out (LIFO) stack to prioritize most relevant images. Older and/or non-relevant image are removed from the scanning process and removed from use. Virtual machines image prioritization is based on each virtual machine image's current and/or potential usage requirement, where the LIFO stack prioritizes the scanning order. Newly created virtual machine images and/or newly re-activated virtual machine images are placed onto a provisioning queue (first-in, first out) before activation. The virtual machine images active within a host computing environment are processed via a reconciliation process to scan for indications of security vulnerabilities and/or threats to network security. Obsolete or otherwise irrelevant virtual machine images are removed from use via a repository synchronization process.Type: GrantFiled: November 1, 2022Date of Patent: August 5, 2025Assignee: Bank of America CorporationInventors: Brian Jacobson, Boris Gitlin, Donna Phillips, Elvis Nyamwange, Madhukiran Bangalore Ramachandra, Vismay Mandloi
-
Patent number: 12375565Abstract: A method, apparatus and product for sub-networks based cyber security. One method includes detecting a device connecting to a local network, wherein the local network is divided into an initial set of subnets, identifying the device by performing a fingerprinting operation on the device, determining an expected usage of the device and updating the initial set of subnets based on the expected usage of the device to generate an updated set of subnets. The method further includes selecting a subnet of the updated set of subnets of the local network to connect the device based on the expected usage of the device, the selected subnet corresponding to the expected usage of the device and connecting the device to the selected subnet in the local network.Type: GrantFiled: September 21, 2023Date of Patent: July 29, 2025Assignee: Forescout Technologies, Inc.Inventors: Shmulik Bachar, Yossi Atias
-
Patent number: 12363138Abstract: Methods and apparatus for dynamic adaption of anti-replay window (ARW) management with enhanced security. According to aspects of the method, pre-ARW block employing a pre-ARW sliding window and an ARW block employing an ARW sliding window are maintained for an associated IPsec security association (SA). A determination is made to whether a received packet passes a pre-ARW check using the pre-ARW sliding window. When it does, the pre-ARW sliding window is advanced, encrypted content in the packet is decrypted, and processing is forwarded to the ARW block which performs an ARW check and advances the ARW sliding window when the ARW check is passed. Packets that do not pass the pre-ARW check may be buffered in queues and subsequently rechecked against the ARW sliding window. Under solutions provided herein, ARW checks and updates are decoupled from the decryption processes, enabling decryption to be performed in parallel and/or offloaded to a hardware accelerator.Type: GrantFiled: March 14, 2022Date of Patent: July 15, 2025Assignee: Intel CorporationInventors: Ravikumar Aimangala Nagaraja Setty, Rajakumar Chidambaram, Balaji Chintalapalle, Deepak Khandelwal, Joy Devassykutty Pullokaran, Joseph Maria Jaison Vincent Solomon
-
Patent number: 12360792Abstract: A computer-implemented method, system and computer program product for safely processing integrated flows of messages in a multi-tenant container. Each step in the flows of messages to be processed by the applications in the multi-tenant container is monitored. If the monitored step is determined to run custom logic in a general-purpose programming language, then the flow of messages running such custom logic is suspended from being processed by the application in the container if there are other flows of messages being processed by other applications in the container. Furthermore, new flows of messages are prevented from being processed by the applications in the container. After processing the other flows of messages by the other applications in the container, the suspended flow of messages is now processed by the application in the container. In this manner, the risk of interference with other flows of messages in the container is avoided.Type: GrantFiled: January 9, 2020Date of Patent: July 15, 2025Assignee: International Business Machines CorporationInventors: Trevor Clifford Dolby, John Anthony Reeve, Andrew John Coleman, Matthew E. Golby-Kirk
-
Patent number: 12348513Abstract: Zero trust network security is provided without modifying the underlying network infrastructure. A first entity at a first node in a network environment obtains an entity identifier and host certificate from a second entity installed on a second node. A determination is made as to whether the host certificate is valid based on a firewall policy and an intermediate certificate that was issued to the first entity. A determination is also made as to whether the entity identifier is valid based on a known infrastructure of the network environment. If the host certificate and entity identifier are valid, communications between the first and second entities can be allowed, while communications are blocked if at least one of the host certificate and the entity identifier is not valid.Type: GrantFiled: March 8, 2024Date of Patent: July 1, 2025Assignee: Palo Alto Networks, Inc.Inventors: Liron Levin, Eran Yanay, Dima Stopel
-
Patent number: 12341788Abstract: Disclosed are techniques for monitoring and identifying attempts to subvert a security wall within a network infrastructure.Type: GrantFiled: November 23, 2022Date of Patent: June 24, 2025Assignee: Target Brands, Inc.Inventors: Paul Hutelmyer, Adam Blake
-
Patent number: 12321451Abstract: A live attack shadow replay can be performed at a shadow replay box that receives a snapshot of a computer program executed by an operating system of a device; mirrors an execution environment of the snapshot; determines a typical execution of the computer program comprising a first set of variables; performs a static analysis on the snapshot of the computer program to determine a second set of variables; determines a divergence between the first set of variables and the second set of variables; marks variables of the second set of variables that are associated with the divergence; replays a portion of the computer program corresponding to at least the snapshot; and monitors the marked variables of the second set of variables during the replaying of the portion of the computer program.Type: GrantFiled: March 20, 2023Date of Patent: June 3, 2025Assignee: ARM LIMITEDInventor: Michael Bartling
-
Patent number: 12299138Abstract: Methods, systems, and computer programs are presented for analyzing a program to be executed on a computer to detect vulnerability for malicious attacks using the program. One method includes an operation for performing dynamic vulnerability detection of a driver when the driver is loaded in a computing system. The dynamic vulnerability detection comprises detecting at least one offset made available by the driver for access to the driver, and detecting application programming interface (API) calls made by the driver. Further, the method includes performing static vulnerability detection of the driver by analyzing binary code of the driver. The static vulnerability detection comprises determining the at least one offset available for access to the driver, and identifying vulnerable code paths to functions accessing kernel functionality.Type: GrantFiled: February 7, 2024Date of Patent: May 13, 2025Assignee: Microsoft Technology Licensing, LLCInventors: Raghav Pande, Jordan Josef Geurten, Danut Antoche-Albisor
-
Patent number: 12299635Abstract: The present disclosure is directed to authenticating a mobile device and a user of the mobile device to receive patient data from a clinical information system of a medical facility. In some implementations, methods include receiving a logon request, the logon request comprising credentials and at least one technical factor, accessing a validation database based on the at least one technical factor, determining that the mobile device is an authorized mobile device based on information provided by the validation database and the at least one technical factor, validating the credentials to ensure that the user is authorized to access patient data provided by the clinical information system, and then, upon determining that the user is authorized to access patient data: establishing a session to communicate patient data between the mobile device and the clinical information system, the data managements system processing the patient data communicated during the session.Type: GrantFiled: March 15, 2021Date of Patent: May 13, 2025Assignee: AirStrip IP Holdings, LLCInventors: William Cameron Powell, Stephen Trey Moore
-
Patent number: 12292969Abstract: In a method for detecting an attack compromise window in a CMS website for which a temporal sequence of a plurality of snapshots of website backups have been stored, a temporally ordered set of spatial elements from each snapshot is constructed. Spatial metrics are computed for each individual snapshot's elements. The collected spatial metrics are temporally correlated and queried against attack models to recover an attack timeline. Attack events in the attack timeline are labelled. A sequence of assigned attack labels is verified. The compromise window is extracted from the plurality of snapshots.Type: GrantFiled: March 4, 2021Date of Patent: May 6, 2025Assignee: Georgia Tech Research CorporationInventors: Ranjita Pai Kasturi, Brendan D. Saltaformaggio
-
Patent number: 12282543Abstract: The present disclosure describes digital watermark detection systems and methods. In one such system, a plurality of intellectual property cores are integrated on a system-on-chip, such that the intellectual property cores comprise a first intellectual property core and a second intellectual property core. The system further includes a first network interface connected to the first intellectual property core that can encode a first digital watermark into a packet stream designated for the second intellectual property core. The system further includes a second network interface connected to the second intellectual property core that can receive the packet stream and decode the packet stream to generate a second digital watermark. The second network interface is further configured to perform a validation test on the packet stream and deliver the packet stream to the second intellectual property core when the first digital watermark is determined to match the second digital watermark.Type: GrantFiled: November 12, 2021Date of Patent: April 22, 2025Assignee: University of Florida Research Foundation, Inc.Inventors: Prabhat Kumar Mishra, Thelijjagoda Subodha Nadeeshan Charles, Vincent Bindschaedler
-
Patent number: 12282578Abstract: Generally discussed herein are devices, systems, and methods for improving phishing webpage content detection. A method can include instantiating an odometer with a nested privacy filter architecture, the nested privacy filter including privacy filters of different, increasing sizes, training a DL model, maintaining, during training and by a privacy odometer that operates using the nested privacy filter, a running total of privacy loss budget consumed by the training, and responsive to a query for the total privacy loss budget consumed, returning, by the odometer, a size of a smallest privacy filter of the nested privacy filters that is bigger than the running total of the privacy loss budget.Type: GrantFiled: April 29, 2024Date of Patent: April 22, 2025Assignee: Microsoft Technology Licensing, LLCInventor: Mathias François Roger Lécuyer
-
Patent number: 12254094Abstract: A system and method for identifying authorized job step programs. The process identifies a plurality of job step programs. It then identifies authorized program facility (APF) authorized programs from the plurality of job step programs. An output table of APF authorized program is generated. This table is used to submit at least one batch job using the output table. A list identifying which parameters in a parameter string contain an address for each APF program in the output table is generated. This list is then provided for program testing.Type: GrantFiled: May 20, 2022Date of Patent: March 18, 2025Assignee: International Business Machines CorporationInventors: Michael Page Kasper, Scott Woolley, Diane Marie Stamboni, Joshua David Steen, Roan Dawkins, Eric Rosenfeld
-
Patent number: 12248938Abstract: The method includes receiving a first identity attribute; determining a corresponding first level of assurance (LOA) based on the first identity attribute and a first attribute history; receiving a second identity attribute; determining a corresponding second LOA based on the second identity attribute and a second attribute history; defining a Self-Sovereign Identity (SSI) based on the first identity attribute, the second identity attribute, the first LOA, and the second LOA; and determining an aggregate LOA based on the SSI.Type: GrantFiled: March 14, 2022Date of Patent: March 11, 2025Assignee: NEUROSYMBOLIC AI-IP, LLCInventors: Agasthya P. Narendranathan, James M. Dzierzanowski
-
Patent number: 12248408Abstract: When having detected that key data set to an accelerator by command information is not key data permitted to use, a monitor unit issues, to a storage control unit, a suspension request for suspending processing related to writing of data, a compute unit having received an instruction from an application program reads data from the storage device, encrypts read data using the accelerator, and issues, to the storage control unit, an instruction to write encrypted data to the storage device, and when having received the suspension request, the storage control unit suspends processing related to writing of data to the storage device.Type: GrantFiled: September 7, 2022Date of Patent: March 11, 2025Assignee: HITACHI VANTARA, LTD.Inventors: Tatsuya Hirai, Hideo Saito
-
Patent number: 12248563Abstract: An electronic device for receiving and seamlessly providing cybersecurity analyzer updates and concurrent management systems for detecting cybersecurity threats including a processor and a memory communicatively coupled to the processor. The memory stores an analyzer logic to generate a first analyzer configured to receive a suspicious object for threat evaluation, an inspection logic to manage a first queue of suspicious objects for threat evaluation to the first analyzer, and an update logic to receive updated cybersecurity analytics content data. The analyzer logic receives updated cybersecurity analytics content data and can generate a second analyzer that incorporates at least a portion of the parsed updated cybersecurity analytics content data.Type: GrantFiled: April 24, 2023Date of Patent: March 11, 2025Assignee: Musarubra US LLCInventors: Neeraj Kulkarni, Robert M. Beard, Jr., Robin Caron
-
Patent number: 12229312Abstract: Methods, systems, and devices for leveraging data already collected on a user in a secure and private manner, in particular to verify user credentials for third parties. The methods, systems, and devices innovate beyond traditional security and privacy platforms in computer systems by processing the data to create a useable metric for the purposes of the third parties, in which the useable metric preserves the security and privacy of the underlying data.Type: GrantFiled: January 10, 2024Date of Patent: February 18, 2025Assignee: Capital One Services, LLCInventors: Ya Liu, Matthew Carson
-
Patent number: 12224921Abstract: Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.Type: GrantFiled: January 31, 2024Date of Patent: February 11, 2025Assignee: Cisco Technology, Inc.Inventors: Navindra Yadav, Abhishek Ranjan Singh, Anubhav Gupta, Shashidhar Gandham, Jackson Ngoc Ki Pang, Shih-Chun Chang, Hai Trong Vu
-
Patent number: 12223036Abstract: Methods and systems for injected byte buffer data classification are disclosed. According to an implementation, a security agent can detect process injection events, gather byte buffer data associated with the process injection events, and send the byte buffer data to a security service comprising a byte buffer classification function. The byte buffer classification function can be implemented as a trained transformer type neural network machine learning model, which can analyze the byte buffer data and generate a classification output comprising a probability that the byte buffer data is associated with a malicious process injection.Type: GrantFiled: April 5, 2024Date of Patent: February 11, 2025Assignee: CrowdStrike, Inc.Inventors: Florian Stortz, Felix Schwyzer, Marian Radu
-
Patent number: 12216775Abstract: Systems and methods mediate permissions for applications on user devices using predictive models. Data communications are monitored on a user device for permission requests and responses. A predictive model is trained with these permission requests and responses until a threshold is met. Then, a default permission response is provided on behalf of the user device in response to a permission request.Type: GrantFiled: December 5, 2023Date of Patent: February 4, 2025Assignee: CAPITAL ONE SERVICES, LLCInventors: Mark Watson, Jeremy Goodsitt, Austin Walters, Anh Truong, Vincent Pham