Patents Examined by William S. Powers
  • Patent number: 11375371
    Abstract: Methods, systems, and media for protected near-field communications are provided. In some embodiments, the method comprises: receiving, from an NFC tag device, a request for an NFC reader device identifier (ID); transmitting the NFC reader device ID to the NFC tag device; receiving an NFC tag device ID; determining whether the NFC tag device ID matches an NFC tag device ID stored in memory of the NFC reader device; in response to determining that the NFC tag device ID matches the NFC tag device ID, transmitting a password to the NFC tag device; receiving, from the NFC tag device, a shared secret; determining whether the received shared secret matches a shared secret stored in the memory of the NFC reader device; and in response to determining that the received shared secret matches the shared secret, causing an action to be performed by a device associated with the NFC reader device.
    Type: Grant
    Filed: January 16, 2020
    Date of Patent: June 28, 2022
    Assignee: McAfee, LLC
    Inventor: Eoin Carroll
  • Patent number: 11354400
    Abstract: Data from a SaaS application may be stored and accessed locally, enabling SaaS data to be interacted with, regardless of connectivity, while providing secure authentication when offline. When online, a user may perform an authentication procedure and provide credentials to an application server, which may provide an authentication token for access to secure data or applications. The authentication token and user credentials may be cached locally. When offline or experiencing intermittent connectivity, if user provided credentials match the cached credentials, then the client application may retrieve the cached authentication token and allow the embedded browser to resume utilizing the network application and/or data; while if the new credentials do not match the previously provided and cached credentials, access may be denied. Thus, the embedded browser may perform authentication agnostic to whether the device is online or offline at that time, requiring no changes to the browser or network application.
    Type: Grant
    Filed: October 1, 2018
    Date of Patent: June 7, 2022
    Assignee: Citrix Systems, Inc.
    Inventor: Abhishek Chauhan
  • Patent number: 11323469
    Abstract: Entity group behavior profiling. An entity group is created that includes multiple entities, where each entity represents one of a user, a machine, and a service. A behavior profile is created for each one of the entities of the entity group. The behavior of each of one of the entities of the entity group is monitored to detect behavior change. An indicator of compromise is detected based on multiple ones of the entities experiencing substantially a same behavior change.
    Type: Grant
    Filed: May 22, 2020
    Date of Patent: May 3, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: Jisheng Wang
  • Patent number: 11314883
    Abstract: The disclosed technology includes techniques for secure access to data associated with an organization and includes providing a user device access to a user interface that is configurable by a user of the user device to execute function requests. Upon receipt of a function request, a router can randomly select an available computer from a computer cluster to execute the function. The computer can access a predetermined portion of the organization's data, generate an output by executing the requested function based on the predetermined portion of the organization's data, and transmit the output to the user device.
    Type: Grant
    Filed: September 28, 2020
    Date of Patent: April 26, 2022
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventor: Timothy Russell Marcinowski
  • Patent number: 11316882
    Abstract: The disclosed embodiments relate to a system that generates an alert based on information extracted from search results generated by a query. During operation, the system executes the query to generate the search results. The system also obtains configuration information for the alert, wherein the configuration information identifies information associated with the search results, and also specifies a trigger condition for the alert. Next, when the trigger condition for the alert is met, the system uses the configuration information to generate a payload containing the identified information associated with the search results. The system then invokes alert-generating functionality and provides the payload as input to the alert-generating functionality. This enables the alert-generating functionality to use the information from the search results while performing one or more alert actions association with the alert.
    Type: Grant
    Filed: July 30, 2020
    Date of Patent: April 26, 2022
    Assignee: Splunk Inc.
    Inventors: Nicholas J. Filippi, Siegfried Puchbauer-Schnabel, Carl S. Yestrau, Vivian Shen, J. Mathew Elting
  • Patent number: 11290337
    Abstract: In various exemplary embodiments, a system and associated method for providing a hybrid cloud computing environment are disclosed. For example, a system may authorize an enterprise user based on an enterprise identity. Once authenticated, embodiments may use mapping data and a cloud role to determine an identity to use when the enterprise user accesses a cloud.
    Type: Grant
    Filed: April 14, 2020
    Date of Patent: March 29, 2022
    Assignee: eBay Inc.
    Inventor: Richard Sinn
  • Patent number: 11282310
    Abstract: The system includes an electronically controllable access point device and a server. The server includes one or more processors, which are communicatively coupled to the access point device and a portable device. The one or more processors are configured to determine whether a user of the portable device is authorized to access the access point device based on one or more credentials received from the portable device and retrieve a location of the portable device. The one or more processors are further configured to determine whether the location of the portable device is within a pre-defined geographical area. Upon determination of user authorization to the access point device and that the location of the portable device is within the pre-defined geographical area, the one or more processors direct the access point device to provide access to the user.
    Type: Grant
    Filed: May 30, 2018
    Date of Patent: March 22, 2022
    Assignee: Geokey, Inc.
    Inventors: Kurtis A. Charling, Derick Frauendorfer, Brandon Peterson
  • Patent number: 11272367
    Abstract: A method of utilizing wireless earpieces for hub communications in embodiments of the present invention may have one or more of the following steps: (a) activating the wireless earpieces, (b) connecting one or more devices to the wireless earpieces, (c) performing first biometric measurements of the user utilizing the wireless earpieces, (d) receiving second biometric measurements from the one or more devices, (e) determining if the one or more devices is located on the same user as the wireless earpieces by comparing the second biometric measurements to the first biometric measurements, (f) receiving a communication to be sent through the wireless earpieces from the one or more devices, and (g) sending the communication to reach a receiving party in response to the determination the second biometric measurements are similar to the first biometric measurements.
    Type: Grant
    Filed: September 11, 2018
    Date of Patent: March 8, 2022
    Assignee: BRAGI GmbH
    Inventor: Veniamin Milevski
  • Patent number: 11271902
    Abstract: A packet-filtering system described herein may be configured to filter packets with encrypted hostnames in accordance with one or packet-filtering rules. The packet-filtering system may resolve a plaintext hostname from ciphertext comprising an encrypted Server Name Indication (eSNI) value. The packet-filtering system may resolve the plaintext hostname using a plurality of techniques. Once the plaintext hostname is resolved, the packet-filtering system may then use the plaintext hostname to determine whether the packets are associated with one or more threat indicators. If the packet-filtering system determines that the packets are associated with one or more threat indicators, the packet-filtering system may apply a packet filtering operation associated with the packet-filtering rules to the packets.
    Type: Grant
    Filed: May 4, 2021
    Date of Patent: March 8, 2022
    Assignee: Centripetal Networks
    Inventors: Sean Moore, Vincent Mutolo, Jonathan R. Rogers
  • Patent number: 11240203
    Abstract: A method of automatic security group generation by a firewall management service. The method may include receiving a security policy definition allowing cloud resource instances labeled by a first tag to communicate to cloud resource instances labeled by a second tag; creating a first security group comprising an inbound firewall rule for the cloud resource instances associated with the first tag, wherein the inbound firewall rule specifies cloud resource instances associated with a second security group as source communication endpoints; creating a second security group comprising an outbound firewall rule for the cloud resources instances associated with the second tag, wherein the outbound firewall rule specifies cloud resource instances associated with the first security group as destination communication endpoints; and causing a firewall service to implement the first security group and the second security group.
    Type: Grant
    Filed: December 7, 2018
    Date of Patent: February 1, 2022
    Assignee: Amazon Technologies, Inc.
    Inventor: Hatem Eyada
  • Patent number: 11228583
    Abstract: Embodiments described include systems and methods for slogan based sharing of network application objects. The method may include executing a network application on behalf of a client application executed by a first client device. The client application may include an embedded browser. The method may include receiving from the client application a selection of an object of the network application to be shared with a second client device. The method may include selecting a unique sequence of words from a pre-defined list of words, associating the unique sequence of words with the selected object of the network application, transmitting the unique sequence of words to the first client device, and receiving the unique sequence of words from the second client device. The method may include, responsive to receipt of the unique sequence of words from the second client device, accessing the selected object of the network application.
    Type: Grant
    Filed: October 1, 2018
    Date of Patent: January 18, 2022
    Assignee: CITRIX SYSTEMS, INC.
    Inventor: Abhishek Chauhan
  • Patent number: 11228568
    Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for anonymization of user data for privacy across distributed computing systems. Example methods may include determining, by a first computer system, a request for content to present at a user device, wherein the request for content is associated with a user account, determining a first search query associated with the user account, and determining a first keyword associated with the first search query. Some methods may include generating a first hash value for the first keyword, sending the first hash value to a second computer system for identification of first content for presentation at the user device, and causing the second computer system to send the first content to the user device for presentation, wherein the first computer system does not receive the first content.
    Type: Grant
    Filed: November 30, 2018
    Date of Patent: January 18, 2022
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Atreyee Dey, Debasish Das, Gaurav Bhatnagar
  • Patent number: 11222111
    Abstract: This disclosure provides techniques for pooling and searching network security events reported by multiple sources. As information representing a security event is received from one source, it is searched against a central or distributed database representing events reported from multiple, diverse sources (e.g., different client networks). Either the search or correlated results can be filtered and/or routed according at least one characteristic associated with the networks, for example, to limit correlation to events reported by what are presumed to be similarly situated networks. The disclosed techniques facilitate faster identification of high-relevancy security event information, and thereby help facilitate faster threat identification and mitigation. Various techniques can be implemented as standalone software (e.g., for use by a private network) or for a central pooling and/or query service. This disclosure also provides different examples of actions that can be taken in response to search results.
    Type: Grant
    Filed: March 23, 2020
    Date of Patent: January 11, 2022
    Assignee: ServiceNow, Inc.
    Inventors: Richard Reybok, Andreas Seip Haugsnes, Kurt Joseph Zettel, II, Jeffrey Rhines, Henry Geddes, Volodymyr Osypov, Scott Lewis, Sean Brady, Mark Manning
  • Patent number: 11212117
    Abstract: A validation record chain that is generated for a particular version of a software package may be used to verify the legitimacy of the particular version. A hash that is generated by a software building platform for a particular version of a software package is received. A validation record chain for the particular version is then generated that includes a plurality of certificates such that a first certificate in the validation record chain contains the hash, and each of one or more subsequent certificates is signed with a corresponding hash signature of a corresponding certifier application and contains a prior hash signature of a previous certificate in the validation record chain. The validation record chain is stored for validation of the particular version of the software package via the plurality of certificates.
    Type: Grant
    Filed: December 3, 2018
    Date of Patent: December 28, 2021
    Assignee: T-Mobile USA, Inc.
    Inventor: Richard Harrington
  • Patent number: 11205010
    Abstract: The disclosed computer-implemented method for identifying privacy leakage information may include (1) identifying, at the computing device, at least one informative word in a digital text and (2) performing a security action that identifies privacy leakage information, where the security action includes (A) determining, for at least one identified informative word, a type of privacy leakage and a respective confidence score indicating a probability the identified informative word causes the type of privacy leakage, (B) determining, using the respective confidence score, a combined confidence score for each respective element within a level of detail to display, and (C) displaying, on a display device, the combined confidence score for each respective element within the level of detail to display. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: December 21, 2021
    Assignee: NortonLifeLock Inc.
    Inventors: Ashwin Kayyoor, Petros Efstathopoulos
  • Patent number: 11178136
    Abstract: Embodiments of systems and methods for data access control and account management are described. In an embodiment, a server can apply flags to user accounts identified as requiring the user to perform an action or, in the case of potentially compromised access credentials, to offer the user the opportunity to authenticate and create new credentials. A user account database and an access report database can store access credentials, flags, and other relevant information for use by the server to perform various administrative, authentication, and protective actions on user accounts.
    Type: Grant
    Filed: December 19, 2019
    Date of Patent: November 16, 2021
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventors: Lara Mossler, Baskar Dilli, Melissa Heng, Aravindhan Manivannan
  • Patent number: 11165802
    Abstract: Systems and methods may be used to assess network communications by generating one or more thresholds for network traffic parameters based at least in part on a generated baseline for the network traffic parameter in the supervisory control and data acquisition system based on communications within the industrial network. Network communications may be assessed by determining whether the communications in the industrial network fall within the one or more thresholds for the network traffic parameter.
    Type: Grant
    Filed: November 30, 2018
    Date of Patent: November 2, 2021
    Assignee: Schweitzer Engineering Laboratories, Inc.
    Inventors: Cody W. Tews, Cassandra Seubert
  • Patent number: 11163904
    Abstract: A method, system and computer program for implementing fine-grained access control (FGAC) of data stored in a dataset. In response to receiving a data query statement from a user, any representational index exclusions that are relevant to the data query statement are identified, wherein each index exclusion specifies an access restriction to the data. It is then determined whether any of the identified representational index exclusions are to be applied to the data query statement, and if ‘yes’ then the data query statement is modified before being processed, so that processing of the query takes place by searching the dataset under restriction of the representational index exclusions. The proposed approach allows for easy creation and modification of FGAC privacy rules without introducing performance gaps in processing the data query statements.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: November 2, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Pedro M. Barbas, David Kelly, Martin J. Neary, Johnson Uman
  • Patent number: 11157600
    Abstract: Data processing systems and methods, according to various embodiments, are adapted for automatically assessing the level of security and/or privacy risk associated with doing business with a particular vendor or other entity and for generating training material for such vendors. In various embodiments, the systems may automatically obtain and use any suitable information to assess such risk levels including, for example: (1) any security and/or privacy certifications held by the vendor; (2) the terms of one or more contracts between a particular entity and the vendor; (3) the results of one or more privacy impact assessments for the vendor; and/or (4) any other suitable data. The system may be configured to automatically approve or reject a particular vendor based on the assessed risk level associated with the vendor and this information may be automatically communicated to an entity considering doing business with the vendor and/or the vendor itself.
    Type: Grant
    Filed: April 30, 2020
    Date of Patent: October 26, 2021
    Assignee: OneTrust, LLC
    Inventors: Jonathan Blake Brannon, Kabir A. Barday, Jason L. Sabourin, Kevin Jones, Subramanian Viswanathan, Milap Shah
  • Patent number: 11159558
    Abstract: A query is received from a particular endpoint device identifying a particular wireless access point encountered by the particular endpoint device. Pre-existing risk assessment data is identified for the identified particular wireless access point and query result data is sent to the particular endpoint device characterizing pre-assessed risk associated with the particular wireless access point. In some instances, the query result data is generated based on the pre-existing risk assessment data. In some instances, pre-existing risk assessment data can be the result of an earlier risk assessment carried-out at least in part by an endpoint device interfacing with and testing the particular wireless access point.
    Type: Grant
    Filed: May 8, 2020
    Date of Patent: October 26, 2021
    Assignee: McAfee, LLC
    Inventors: Prasanna Ganapathi Basavapatna, Satish Kumar Gaddala, Sven Schrecker, David Moshe Goldschlag