Patents Examined by William S. Powers
  • Patent number: 12149561
    Abstract: Systems and methods of embodiments are described of a campaign controller that establishes a model for using a plurality of types of exploits based on at least results of simulated phishing communications using those exploits, and uses the model to communicate a first simulated phishing communication to one or more devices of a user where the type of exploit used for the first simulated phishing communication is selected using the model. The campaign controller applies either artificial intelligence or machine learning to the results of simulated phishing communications to establish the model. The campaign controller selects the exploit by applying either artificial intelligence or machine learning to one or more attributes of the user and/or one or more responses from the user.
    Type: Grant
    Filed: May 3, 2023
    Date of Patent: November 19, 2024
    Inventors: Alin Irimie, Stu Sjouwerman, Greg Kras, Eric Sites
  • Patent number: 12147572
    Abstract: A system may receive, from one or more data sources, one or more de-identified data sets that include de-identified personal data. The system may receive a request for a feature set of the one or more de-identified data sets, wherein the feature set includes a set of quasi-identifiers included in the de-identified personal data. The system may calculate a re-identification risk score for the set of quasi-identifiers. The system may selectively output, based on the re-identification risk score, one of: actual data, from the one or more de-identified data sets, of the feature set if the re-identification risk score satisfies a condition, or synthetic data, generated by the device from the one or more de-identified data sets, for the feature set, or a combination of the synthetic data and the actual data for the feature set, if the re-identification risk score does not satisfy the condition.
    Type: Grant
    Filed: December 2, 2020
    Date of Patent: November 19, 2024
    Assignee: Accenture Global Solutions Limited
    Inventors: Gaston Besanson, Andrea Amorosi, Runar Gunnerud, Bartomeu Pou Mulet, Joel Gordillo Solana, Frode Huse Gjendem, Geir Prestegård, Rubén Sánchez Fernández
  • Patent number: 12149543
    Abstract: Anomalies are detected in network packet header data associated with a user's smart device that is in communication with one or more external sources via an electronic network. The user's smart device has one or more device classifications. Bayesian priors are stored of network traffic obtained from crowdsourced network packet header data for a plurality of smart devices having one of the same device classifications as the user's smart device. Network traffic obtained from network packet header data for the user's smart device is captured. The network traffic for the user's smart device is compared with the Bayesian priors and any anomalies are identified. The anomalies indicate potential abnormal data communication behavior regarding the user's smart device.
    Type: Grant
    Filed: February 22, 2022
    Date of Patent: November 19, 2024
    Assignee: EVERYTHING SET INC.
    Inventors: Michael D. Melnick, David L Knudsen
  • Patent number: 12135791
    Abstract: Embodiments of the present invention relate to apparatuses, systems, methods and computer program products for security analysis and validation during construction and deployment of dynamic network components. Specifically, the system is typically structured for identifying and remediating defects in a first resource program code being built at an internal network layer of the first distributed network, in real-time, and validating the first resource program code at both a lower deployment environment and a higher deployment environment. In some aspects, the system, in response to the successful first validation of the first resource program code, stores the first resource program code at an artifactory system. In response to a successful second validation, the system then typically allows deployment of the first resource program code to the lower deployment environment.
    Type: Grant
    Filed: August 12, 2022
    Date of Patent: November 5, 2024
    Assignee: BANK OF AMERICA CORPORATION
    Inventor: Pierre Jacques Bouchard
  • Patent number: 12135779
    Abstract: Data from a SaaS application may be stored and accessed locally, enabling SaaS data to be interacted with, regardless of connectivity, while providing secure authentication when offline. When online, a user may perform an authentication procedure and provide credentials to an application server, which may provide an authentication token for access to secure data or applications. The authentication token and user credentials may be cached locally. When offline or experiencing intermittent connectivity, if user provided credentials match the cached credentials, then the client application may retrieve the cached authentication token and allow the embedded browser to resume utilizing the network application and/or data; while if the new credentials do not match the previously provided and cached credentials, access may be denied. Thus, the embedded browser may perform authentication agnostic to whether the device is online or offline at that time, requiring no changes to the browser or network application.
    Type: Grant
    Filed: May 3, 2022
    Date of Patent: November 5, 2024
    Inventor: Abhishek Chauhan
  • Patent number: 12137113
    Abstract: Methods and systems for scanning an endpoint terminal across an open computer network are disclosed. An exemplary method includes providing a scanner engine in a computer server in communication with an open computer network, and establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on the endpoint terminal in communication with the open computer network. Commands for collecting data regarding the endpoint terminal are sent from the scanner engine across the secure connection to the scanner agent. The scanner engine then receives the collected data from the scanner agent across the secure connection, analyzes the data to assess a current posture of the endpoint terminal, and determines any updates for the endpoint terminal from the analysis. Updates are sent across the secure connection to the scanner agent for installation on the endpoint terminal, and the secure connection may then be terminated.
    Type: Grant
    Filed: July 17, 2023
    Date of Patent: November 5, 2024
    Assignee: Qualys, Inc.
    Inventors: Wissam Ali-Ahmad, Wolfgang Kandek, Holger Kruse, Vikas Dewan, Khair-ed-Dine Mazboudi, Ganesh Jampani, Kenneth K. Okumura
  • Patent number: 12118080
    Abstract: A security monitoring system for a Controller Area Network (CAN) comprises an Electronic Control Unit (ECU) operatively connected to the CAN bus. The ECU is programmed to classify a message read from the CAN bus as either normal or anomalous using an SVM-based classifier with a Radial Basis Function (RBF) kernel. The classifying includes computing a hyperplane curvature parameter ? of the RBF kernel as ?=ƒ(D) where ƒ( ) denotes a function and D denotes CAN bus message density as a function of time. In some such embodiments ?=ƒ(Var(D)) where Var(D) denotes the variance of the CAN bus message density as a function of time. The security monitoring system may be installed in a vehicle (e.g. automobile, truck, watercraft, aircraft) including a vehicle CAN bus, with the ECU operatively connected to the vehicle CAN bus to read messages communicated on the CAN bus.
    Type: Grant
    Filed: August 30, 2019
    Date of Patent: October 15, 2024
    Assignee: BATTELLE MEMORIAL INSTITUTE
    Inventors: Brad Harris, Anuja Sonalker, Kevin Mayhew
  • Patent number: 12120522
    Abstract: There is provided mechanisms for provisioning of an application level identity from an ID backend server to a communication device. The provisioning of the application level identity is protected using TLS-, DTLS-, or OSCORE-based secure communication. The communication device comprises an identity module configured for interaction according to GSMA RSP based remote subscription profile download. The methods are performed by the communication device and the ID backend server.
    Type: Grant
    Filed: June 12, 2019
    Date of Patent: October 15, 2024
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Per Ståhl, Bernard Smeets
  • Patent number: 12114156
    Abstract: A first network node may transmit an authentication proof to a second network node. The authentication proof may be based on a first credential associated with the first network node. The first network node may be authenticable based on the authentication proof. The second network node may identify whether the first network node is authentic based on the authentication proof. The second network node may transmit a configuration request to the first network node. The configuration request may include a phase-modulated indication of a second credential associated with the second network node. The configuration request may be based on a random phase. The second network node may be authenticable based on the configuration request. The first network node may transmit a configuration response to the second network node. The configuration response may include a phase-modulated confidential parameter. The configuration response may be based on the configuration request.
    Type: Grant
    Filed: August 8, 2022
    Date of Patent: October 8, 2024
    Assignee: QUALCOMM Incorporated
    Inventors: Yavuz Yapici, Tao Luo, Junyi Li
  • Patent number: 12095898
    Abstract: A blockchain-based privacy protection method for a CCN includes: executing, by a trusted AAC, an initialization algorithm to generate common parameters and a master key, generating a public key and a private key for each consumer and publisher, and randomly generating, by the trusted AAC, its own public key and private key; calculating a public key, and generating ciphertext and uploading the ciphertext to a CSP; performing transaction on-chaining; and during decryption, finding, by the consumer, transaction information of the content on the consortium blockchain, sending an interest packet based on the transaction information, and obtaining ciphertext CT through a storage address in the transaction information; generating, by the consortium blockchain, an access transaction based on access information of the consumer; sending the ciphertext CT to the consumer through a data packet; and locally decrypting, by the consumer, the ciphertext CT, and verifying correctness of the content.
    Type: Grant
    Filed: July 13, 2022
    Date of Patent: September 17, 2024
    Assignee: Zhengzhou University of Light Industry
    Inventors: Jianwei Zhang, Haiyan Sun, Zengyu Cai, Liang Zhu, Shujun Liang, Erlin Tian, Huanlong Zhang, Yanhua Zhang, Xi Chen
  • Patent number: 12081654
    Abstract: Provided is a method to authenticate a user equipment (UE) at a service provider (SP), when the UE is compliant with either Generic Bootstrap Architecture (GBA) or Authentication and Key Agreement for Applications (AKMA). The user authentication is performed by way of the GBA or AKMA protocol The method relies on the Mobile Network Operator's (MNO) GBA or AKMA authentication framework. It can employ a Diffie-Hellman exchange between the user equipment (UE) and the service provider (SP), leading to a Diffie-Hellman session key (gxy), while establishing the GBA or AKMA protocol. The method calculates a final Network Application Function (NAF) or AKMA Application Function key (iNAF_key or iAApF_key) to maintain confidentiality of the communication between the user equipment (UE) and the service provider (SP). It derives this key from the Diffie-Hellman session key (gxy) and from the respective protocol's service provider key (Ks_ext/int_NAF or KAF).
    Type: Grant
    Filed: April 7, 2020
    Date of Patent: September 3, 2024
    Assignee: THALES DIS FRANCE SAS
    Inventors: Mireille Pauliac, Ly Thanh Phan
  • Patent number: 12079332
    Abstract: The present disclosure pertains to systems and methods to monitor communication ports. In one embodiment, a system may include a first interface to connect to a first host device and a second interface to connect to a second host device. The first interface and the second interface may include a plurality of channels to enable communication between the first host device and the second host device. Control logic may monitor a power channel between the first host device and the second host device and a communication channel between the first host device and the second host device. The control logic may detect an interruption of at least one of the power channel or the communication channel. In response to the interruption, the control logic may disable communication between the first host device and the second host device.
    Type: Grant
    Filed: October 15, 2021
    Date of Patent: September 3, 2024
    Assignee: Schweitzer Engineering Laboratories, Inc.
    Inventor: Mark L. Zeller
  • Patent number: 12074859
    Abstract: First, a plurality of access tokens may be received from a respective plurality of identity provider services. Each of the plurality of access tokens may be associated with a user. Then, the plurality of access tokens may be stored in a profile associated with the user. Next, user polices associated with the use of the plurality of access tokens may be assigned. A device token may then be provided to a user device associated with the user. The device token may be associated with the profile. The device token and network policies may be received and then it may be determined that the user polices and the network policies are congruent. In response to determining that the user polices and the network policies are congruent, authentication to at least one of the plurality identity provider services may be made.
    Type: Grant
    Filed: October 12, 2022
    Date of Patent: August 27, 2024
    Inventors: Bart A. Brinckman, Eyal Shiber Shalev
  • Patent number: 12069479
    Abstract: A method of utilizing wireless earpieces for hub communications in embodiments of the present invention may have one or more of the following steps: (a) activating the wireless earpieces, (b) connecting one or more devices to the wireless earpieces, (c) performing first biometric measurements of the user utilizing the wireless earpieces, (d) receiving second biometric measurements from the one or more devices, (e) determining if the one or more devices is located on the same user as the wireless earpieces by comparing the second biometric measurements to the first biometric measurements, (f) receiving a communication to be sent through the wireless earpieces from the one or more devices, and (g) sending the communication to reach a receiving party in response to the determination the second biometric measurements are similar to the first biometric measurements.
    Type: Grant
    Filed: June 26, 2023
    Date of Patent: August 20, 2024
    Assignee: BRAGI GmbH
    Inventor: Veniamin Milevski
  • Patent number: 12052225
    Abstract: In one embodiment, a data sharing platform performs a series of data operations to provide different types of data via different sharing services of the data sharing platform that are derived from data shared by a particular data owner. The data sharing platform generates tag data associated with the particular data owner for one or more of the series of data operations. The data sharing platform determines, based on the tag data, an attribution chain that links the data shared by the particular data owner to the different types of data provided via the different sharing services. The data sharing platform sends an indication of the attribution chain for display.
    Type: Grant
    Filed: September 16, 2021
    Date of Patent: July 30, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Oliver James Bull, Trevor George Smith, Gaétan Feige, Arvind Tiwari
  • Patent number: 12052285
    Abstract: At a first resource to be used to perform a computing operation, a pair of execution environments is configured. I/O permissions of programs running in the different environments are based on respective sets of constraints. A program performs the operation in one of the environments, with input data being provided to the program from the second environment. A result of the operation is provided to a destination from the second environment.
    Type: Grant
    Filed: February 4, 2019
    Date of Patent: July 30, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Gowda Dayananda Anjaneyapura Range, Srinivasan Sankaran, Leo Dirac, Lakshmi Naarayanan Ramakrishnan, Stefano Stefani
  • Patent number: 12047380
    Abstract: The present disclosure relates to methods and systems for reducing access control lists (ACLs). The methods and systems combine multiple allowed internet protocol (IP) addresses from the ACLs to a single or small number of IP prefixes. The methods and systems calculate a minimum of the bit changes in transforming the IP addresses from one to another. Using the information for the minimum bit changes in transforming the IP addresses from one to another, the methods and systems build a graph of IP addresses, where the nodes are the IP addresses, and the edges denote that the IP addresses are transformed from one to another using the minimum number of bit changes. The methods and systems recursively merge the nodes to reduce the ACL rules into a compressed ACL rule graph. The methods and systems generate a reduced set of ACL rules using the compressed ACL rule graph.
    Type: Grant
    Filed: June 1, 2022
    Date of Patent: July 23, 2024
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventor: Rohan Gandhi
  • Patent number: 12041035
    Abstract: A privacy protecting transaction engine for a cloud provider network is described. According to some embodiments, a computer-implemented method includes receiving a request from a customer of a cloud provider network to create a customer cloud in the cloud provider network, generating the customer cloud in the cloud provider network, receiving a first request at the cloud provider network for the customer cloud that includes private information of an end customer of the customer of the cloud provider network, removing the private information from the first request by a privacy protecting transaction engine of the cloud provider network to generate a second request, and sending the second request to the customer cloud for servicing.
    Type: Grant
    Filed: February 7, 2023
    Date of Patent: July 16, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Paul A. Kotas, Keerat Singh Sharma, Matthew H. Battles
  • Patent number: 12039037
    Abstract: A method, a computer program product and an apparatus for online detection of command injection attacks in a computerized system. The method comprises determining that an input of a potential input provisioning event received from a network includes a command separator and an executable product and recording a suspicious record event. The method further comprises determining that an execution command configured to be executed a potential execution event correlates to the suspicious record event and in response to said determining flagging the execution command as a command injection attack. The method further comprises performing a remedial action with respect to the flagged command injection attack prior to attempting to execute the execution command.
    Type: Grant
    Filed: July 25, 2023
    Date of Patent: July 16, 2024
    Assignee: JFROG LTD
    Inventors: Asaf Karas, Or Peles, Meir Tsvi, Anton Nayshtut
  • Patent number: 12034774
    Abstract: A method and apparatus are disclosed for controlling access of a computing device to a multi-layer network implementing a zero-trust architecture, the multi-layer network including a switch and apparatus for controlling access to a plurality of hierarchical levels of the multi-layer network. The method includes receiving, at the apparatus, an access request message from the computing device, the access request message including one or more identifiers associated with the computing device for requesting access to the multi-layer network. The method further includes determining a hierarchical penetration level among the plurality of hierarchical levels of the multi-layer network to be assigned to the computing device based on the one or more identifiers within the access request message.
    Type: Grant
    Filed: August 17, 2022
    Date of Patent: July 9, 2024
    Assignee: The Boeing Company
    Inventors: William S. Inman, II, Mark J. Boyer