Patents Examined by Walter J. Malinowski
  • Patent number: 11184162
    Abstract: Privacy preserving secure task automation. A method may include generating, by a first section of a platform, a pair of encryption keys (private and shared secret keys); receiving, by a second section of the platform, platform user data, trigger service user data; and action service user data, wherein the user of the services and platform are the same; sending the shared secret key to the services; storing the private key in the first section; receiving from the trigger service, by the second section, a first communication encrypted with the shared secret key, regarding occurrence of a trigger; determining, by the first section, that the trigger corresponds to the user of the platform; encrypting a second message with the shared secret key, requesting invocation of the action based on the trigger; and transmitting the second encrypted message to the action service without the data related to the user of the platform.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: November 23, 2021
    Assignee: NORTONLIFELOCK INC.
    Inventors: Sandeep Bhatkar, Susanta K. Nanda, Yuqiong Sun, Saurabh Shintre
  • Patent number: 11170133
    Abstract: The present invention discloses an external terminal protection device for data flow control and a corresponding protection system. The external terminal protection device includes: an interface control module, used for providing a plurality of data interfaces respectively connected to a protected host and one or more external devices; and a system control module, used for monitoring in real time a data transmission state of each data interface in the interface control module, and controlling the data flow of each data interface. The present invention realizes the functions of performing protocol filtering and auditing on various types of data flow without installing flow monitoring and security protection software on the protected host, and achieves the effects of low-latency network auditing and high-reliability protocol filtering, thereby comprehensively eliminating potential security hazards such as Trojan Horse virus implantation and flow anomaly that may be generated by the interfaces.
    Type: Grant
    Filed: January 16, 2019
    Date of Patent: November 9, 2021
    Assignee: Beijing Beyondinfo Technology Co., Ltd.
    Inventors: Hua Du, Wei Ai, Zhenhe Cai, Hao Zhang
  • Patent number: 11157641
    Abstract: A policy system enforces data security policies for requests from accessing data stored on a distributed data storage system received from a client device. The policy enforcement system can determine user credentials from the requests. The enforcement system then determines whether the user credentials allow the request to retrieve the data and if yes, whether the user credentials allow the request to retrieve the data without obligations. Upon determining that user credentials allow the request to retrieve the data without obligations, the policy enforcement system directs the client device to communicate directly with a name node of the data storage system, short-circuiting additional data retrieval and filtering of the policy system.
    Type: Grant
    Filed: July 1, 2016
    Date of Patent: October 26, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
  • Patent number: 11144629
    Abstract: Systems and methods for multi-factor authentication using graphical passwords. An access request that includes an identifier and which identifies a protected resource is received from a client device. An interface is generated having a plurality of graphical objects for presentation at random locations on a display of the client device as defined by an object map. The plurality of graphical objects include a null object and a set of user-defined objects associated with the identifier that define a graphical password. Input data including an input event for each detected interaction with the interface is received. Each input event identifies a position on the display at which a corresponding interaction was detected. Using the object map, it is determined that the input data satisfies the graphical password. Access to the protected resource is granted in response to determining that the input data satisfies the graphical password.
    Type: Grant
    Filed: October 15, 2019
    Date of Patent: October 12, 2021
    Assignee: AMADEUS S.A.S.
    Inventors: Mohamed-Amine Maaroufi, Florent Maupay
  • Patent number: 11138306
    Abstract: Disclosed are various embodiments for generating a physics-based CAPTCHA. In a physics-based CAPTCHA, an object is placed within a scene so that a visually observable change occurs to the object. The scene is animated so that the visually observable change occurs to the object. Before and after imagery can be captured and used as a challenge and a response. Incorrect responses can be generated by altering the scene or object.
    Type: Grant
    Filed: March 14, 2016
    Date of Patent: October 5, 2021
    Assignee: Amazon Technologies, Inc.
    Inventor: Jamie Plenderleith
  • Patent number: 11134104
    Abstract: A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user's position or department), behavioral attributes, and other criteria.
    Type: Grant
    Filed: May 2, 2019
    Date of Patent: September 28, 2021
    Assignee: Citrix Systems, Inc.
    Inventors: Waheed Qureshi, Thomas H. DeBenning, Ahmed Datoo, Olivier Andre, Shafaq Abdullah, John M. McGinty, Kelly Brian Roach
  • Patent number: 11128621
    Abstract: A method, apparatus, and computer program product are provided to access a web site. In the context of a method, the method includes acquiring a web address that meets a preset condition, determining a server corresponding to the web address and establishing a transport layer connection therewith. The method further includes upon receiving an instruction for accessing a website corresponding to the web address, using the transport layer connection to send a network request to the server for acquiring the webpage content of the website. Such method can save time for establishing a transport layer connection, thereby improving the efficiency of accessing a web site.
    Type: Grant
    Filed: March 23, 2018
    Date of Patent: September 21, 2021
    Assignee: Alibaba Group Holdings Limited
    Inventor: Jie Liang
  • Patent number: 11122063
    Abstract: Identification of malicious network domains through use of links analysis of graph representation of network activity, such as a bipartite graphs. An example method includes setting an initial reputation score for each of a plurality of host computers and each of a plurality of domains accessed by the plurality of host computers; until a predefined condition is satisfied, iteratively rescoring the reputation scores for each of the plurality of host computers based upon the reputation scores of the plurality of domains; and rescoring the reputation scores for each of the plurality of domains based upon the reputation scores of the plurality of host computers; and determining, based upon the rescored reputation scores for each of the plurality of host computers and the rescored reputation scores for each of the plurality of domains, whether one or more domains amongst the plurality of domains are exhibiting malicious behavior.
    Type: Grant
    Filed: March 12, 2018
    Date of Patent: September 14, 2021
    Assignee: Accenture Global Solutions Limited
    Inventors: Louis William DiValentin, Dillon J. Cullinan
  • Patent number: 11115438
    Abstract: A managed container may have a managed cache storing content managed by or through an application gateway server computer. The managed container may receive a request for content from an application running in a secure shell provided by the managed container on a client device. The managed container may determine whether the client device is within a specified geographical location. If not, the managed container may deny or restrict the application access to the requested content. The access denial or restriction may continue until a connection is made to the application gateway server computer or until the client device has returned to within the specified geographical location. If the client device is within the specified geographical location, the managed container may provide or restore access to requested content. Embodiments of the managed container can therefore perform geofencing by disabling or limiting access to content based on predetermined secure/insecure designations.
    Type: Grant
    Filed: October 2, 2018
    Date of Patent: September 7, 2021
    Assignee: OPEN TEXT SA ULC
    Inventors: Gregory Beckman, Robert Laird, Alain Gagne
  • Patent number: 11108827
    Abstract: Embodiments of an application gateway architecture may include an application gateway server computer communicatively connected to backend systems and client devices operating on different platforms. The application gateway server computer may include application programming interfaces and services configured for communicating with the backend systems and managed containers operating on the client devices. The application gateway server computer may provide applications that can be centrally managed and may extend the capabilities of the client devices, including the ability to authenticate across backend systems. A managed container may include a managed cache and may provide a secure shell for applications received from the application gateway server computer. The managed container may store the applications in the managed cache and control access to the managed cache according to rules propagated from at least one of the backend systems via the application gateway server computer.
    Type: Grant
    Filed: April 23, 2018
    Date of Patent: August 31, 2021
    Assignee: OPEN TEXT SA ULC
    Inventors: Gregory Beckman, Robert Laird, Alain Gagne
  • Patent number: 11108545
    Abstract: Implementations of this specification provide a method and an apparatus for creating a blockchain account and verifying blockchain transactions. An example method performed by a blockchain platform includes receiving a transaction, the transaction including at least an initiator field that specifies an account to be created, a receiver field that specifies a pre-determined field value, and a data field that specifies a user-defined key control rule. The user-defined key control rule includes at least one 3-tuple, and each 3-tuple includes a key identifier, an action identifier, and a permission setting. The blockchain platform seals the transaction into a block, and sends the sealed transaction to at least one other full node in the blockchain network.
    Type: Grant
    Filed: January 31, 2020
    Date of Patent: August 31, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Jun Zuo
  • Patent number: 11102013
    Abstract: In one example, an apparatus such as an authorization server and method for secure communication between constrained devices issues cryptographic communication rights among a plurality of constrained devices. Each of the plurality of constrained devices comprises no more than one cryptographic algorithm code module per cryptographic function. The method includes receiving a cryptographic communication rights request associated with at least a first of the plurality of constrained devices in response to a cryptographic algorithm update request, and includes providing a response including an identification of a subset of the plurality of constrained devices that have cryptographic communication rights with the identified first of the plurality of constrained devices. A software update server then updates the cryptographic code modules in the sub-set of the plurality of constrained devices.
    Type: Grant
    Filed: June 18, 2020
    Date of Patent: August 24, 2021
    Assignee: Entrust, Inc.
    Inventor: Timothy E. Moses
  • Patent number: 11102214
    Abstract: A method includes determining to share access to a directory between a first web services account and a second web services account that lacks access to the directory, wherein the directory is managed by a directory service that executes within a first on-demand configurable pool of shared computing resources, and wherein the second web services account is associated with a second on-demand configurable pool of shared computing resources. The method includes generating a virtual directory for the second web services account, wherein the virtual directory comprises one or more virtual resources that are representations of resources on the directory, and wherein the virtual directory further comprises a reference to the directory. The method further includes receiving an access request to the directory from the second web services account, wherein the access request is received via the reference from the virtual directory to the directory, and then granting the access request.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: August 24, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Dinesh Ramesh Kukreja, Keith Littleton Croney, Peter Lopes Pereira
  • Patent number: 11102248
    Abstract: A remote wipe message or notification may be sent from a server computer to one or more target client devices associated with a user. A managed container running on a target client device associated with the user and having a managed cache storing content managed by or through the server computer may, in response to the remote wipe message or notification, deleting the managed content or a portion thereof from its managed cache. The managed container may send back an acknowledgement or message to the server computer that it had completed the remote wipe. The remote wipe functionality can avoid having to deal with individual applications running on the client device and therefore can eliminate the complexity of having to deal with individual applications. Furthermore, the remote wipe can be done independently of the local operating system and without affecting non-managed information/applications on the client device.
    Type: Grant
    Filed: November 19, 2018
    Date of Patent: August 24, 2021
    Assignee: OPEN TEXT SA ULC
    Inventors: Gregory Beckman, Robert Laird, Alain Gagne
  • Patent number: 11102188
    Abstract: A method performed by a computing system includes receiving from a client component of an enterprise application, a request destined for a service component of the enterprise application, the request comprising authentication data and request data, the authentication data being associated with a current user of the client component, the user associated with an organization. The method further includes performing an authentication process to create principal data and role data associated with the request, the principal data identifying a user. The method further includes using the authentication data and request data, determining a current tenant of the client component. The method further includes replacing the principal data with updated principal data, the updated principal data identifying the organization. The method further includes updating the role data associated with the request to create updated role data that indicates roles of the user within the organization.
    Type: Grant
    Filed: February 1, 2016
    Date of Patent: August 24, 2021
    Assignee: RED HAT, INC.
    Inventor: Juraci Paixao Kroehling
  • Patent number: 11089028
    Abstract: Devices and processes perform federation of tokenization services. A tokenization federation service establishes trust relationships between tokenization services that substitute tokens for sensitive data and acts as a mechanism for token portability among distinct tokenization domains. The tokenization federation service receives a request from a tokenization service to establish a tokenization federation group, and receives membership policy information, token rules and token access policy information from the tokenization service for federation that are all associated with the federation and stored. The tokenization federation service receives another request from another tokenization service to join the federation, and if the membership policy allows, is made a member of the federation group. Access by the members to tokens is regulated in accordance with the access policy.
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: August 10, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Michael Alpaugh, Hart Rossman
  • Patent number: 11063923
    Abstract: Authenticator plugin interface for an enterprise virtualization portal is provided. An example method for evaluating a portal access request may comprise: receiving, by a virtualization management platform, a request initiated by a requestor for access to an enterprise virtualization portal associated with the virtualization management platform, the request comprising a login credential; transmitting, to a first authentication system, a first authentication query comprising an identifier of a first data type, and a first value of the first data type, wherein the first value is derived from the login credential; receiving a first response message comprising an identifier of a second data type, and an authentication response of the second data type; and responsive to evaluating the authentication response, granting the requestor access to the enterprise virtualization portal.
    Type: Grant
    Filed: March 22, 2018
    Date of Patent: July 13, 2021
    Assignee: Red Hat Israel, Ltd.
    Inventors: Barak Azulay, Alon Bar-Lev, Ravi Nori
  • Patent number: 11044271
    Abstract: A method for implementing adaptive policy based computer security is described. In one embodiment, the method may include monitoring a behavior of a user on a computing device associated with the user, determining whether the user triggers one or more policy triggers associated with a broad policy or at least one sub-policy of the broad policy, or both, and upon determining the user triggers at least one policy trigger during the monitoring period, implementing a customized version of the broad policy on the computing device. In some cases, the method may include implementing the broad policy on the computing device upon determining the user does not trigger any of the one or more policy triggers. In other cases, the method may include triggering at least one of the policy triggers based at least in part on a requested action and determining whether the requested action includes a security threat.
    Type: Grant
    Filed: March 15, 2018
    Date of Patent: June 22, 2021
    Assignee: NortonLifeLock Inc.
    Inventors: Mark Kennedy, Petrus Johannes Viljoen
  • Patent number: 10922406
    Abstract: A protecting method and system for malicious code, and a monitor apparatus are provided. The monitor apparatus circulates a monitor module obtained from a combination of a plurality of antivirus systems in a communication system, so as to monitor a plurality of electronic apparatuses in the communication system. When the monitor module is circulated to one of the electronic apparatuses and the malicious code is detected, a protection result is decided and one or more corresponding process actions are executed based on the protection result by the monitor module.
    Type: Grant
    Filed: September 26, 2016
    Date of Patent: February 16, 2021
    Assignee: Wistron Corporation
    Inventor: Chih-Ming Chen
  • Patent number: 10915610
    Abstract: The present disclosure relates to systems and methods for providing inclusive CAPTCHA. The method, in response to a user request for a webpage having CAPTCHA, creates a media file in real-time, wherein the created media file is characterized by distortion interference and corresponds to a selected theme from a plurality of themes associated with real-world scenarios. Further, randomly selecting a comprehension question from a plurality of comprehension questions for the created media file as the CAPTCHA, the comprehension question being based on the selected theme, geography associated with a user requesting the webpage and context of the created media file and transmits the webpage including the CAPTCHA. Further, in response to a user input to the comprehension question, intelligently detecting either a human input or a machine input based on a self-learning CAPTCHA decision module, by considering one or more of spelling errors, incomplete responses, contextual metonyms, synonyms and variants thereof.
    Type: Grant
    Filed: March 15, 2018
    Date of Patent: February 9, 2021
    Assignee: Tata Consultancy Services Limited
    Inventors: Charudatta Jadhav, Sumeet Agrawal, Madhu Priyatam Venkata Paladugu