Patents Examined by Zachary A Davis
  • Patent number: 12218966
    Abstract: The disclosed technology can acquire a first set of data from a first group of data sources including a plurality of network components within an energy delivery network. A first metric indicating a likelihood that a particular network component, from the plurality of network components, is affected by cyber vulnerabilities can be generated based on the first set of data. A second set of data can be acquired from a second group of data sources including a collection of services associated with the energy delivery network. A second metric indicating a calculated impact on at least a portion of the energy delivery network when the cyber vulnerabilities affect the particular network component can be generated based on the second set of data. A third metric indicating an overall level of cybersecurity risk associated with the particular network component can be generated based on the first metric and the second metric.
    Type: Grant
    Filed: July 5, 2022
    Date of Patent: February 4, 2025
    Assignee: C3.ai, Inc.
    Inventors: Kuenley Chiu, Jeremy Kolter, Nikhil Krishnan, Henrik Ohlsson
  • Patent number: 12212692
    Abstract: A tampering verification system and method for financial institution certificates are based on blockchain and verify whether one of the financial institution certificates has been tampered with by comparing the contents of the financial institution certificate at the point of first being generated by a financial institution and at the point of client issue.
    Type: Grant
    Filed: April 9, 2021
    Date of Patent: January 28, 2025
    Assignee: CPLABS, INC.
    Inventors: Joon Sun Uhr, Jay Wu Hong, Joo Han Song
  • Patent number: 12174948
    Abstract: A computer-implemented method is disclosed. The method includes: identifying a set of program variables associated with a computer program; generating a profile of variable writes for the computer program based on tracking, for each variable in the set of program variables: a count of memory write operations for writing to the variable; and timestamps associated with the memory write operations; detecting a trigger condition associated with the set of program variables, the detecting including: monitoring a pattern of memory accesses by the computer program, the pattern of memory accesses indicating accesses of memory allocated to variables in the set of program variables; and detecting a deviation of the pattern of memory accesses from the profile of variable writes; and in response to detecting the trigger condition, generating a notification indicating an attack status on the computer program.
    Type: Grant
    Filed: July 17, 2020
    Date of Patent: December 24, 2024
    Assignee: BlackBerry Limited
    Inventors: Glenn Daniel Wurster, Benjamin Gnahm, Paul Henri Michel Virally
  • Patent number: 12147528
    Abstract: While an application or a virtual machine (VM) is running, a device tracks accesses to cache lines to detect access patterns that indicate security attacks, such as cache-based side channel attacks or row hammer attacks. To enable the device to detect accesses to cache lines, the device is connected to processors via a coherence interconnect, and the application/VM data is stored in a local memory of the device. The device collects the cache lines of the application/VM data that are accessed while the application/VM is running into a buffer and the buffer is analyzed for access patterns that indicate security attacks.
    Type: Grant
    Filed: July 22, 2021
    Date of Patent: November 19, 2024
    Assignee: VMware LLC
    Inventors: Irina Calciu, Andreas Nowatzyk, Pratap Subrahmanyam
  • Patent number: 12130942
    Abstract: Techniques are described for budget tracking in a differentially private security system. A request to perform a query of a private database system is received by a privacy device from a client device. The request is associated with a level of differential privacy. A privacy budget corresponding to the received request is accessed by the privacy device. The privacy budget includes a cumulative privacy spend and a maximum privacy spend, the cumulative privacy spend representative of previous queries of the private database system. A privacy spend associated with the received request is determined by the privacy device based at least in part on the level of differential privacy associated with the received request. If a sum of the determined privacy spend and the cumulative privacy spend is less than the maximum privacy spend, the query is performed. Otherwise a security action is performed based on a security policy.
    Type: Grant
    Filed: September 5, 2023
    Date of Patent: October 29, 2024
    Assignee: Snowflake Inc.
    Inventors: Christopher Hockenbrocht, Ishaan Nerurkar, Liam James Damewood, Mihai Maruseac, Alexander Rozenshteyn
  • Patent number: 12132839
    Abstract: First and second devices store respective device data and private keys. The first-device data is additionally stored by the second device and by a proxy; and the second-device data is additionally stored by the first device and by the proxy. In a commitment phase, each of the first and second devices uses its respective device data, private key and a random nonce to generate a respective one-time first-device or second-device commitment value, which it sends to the proxy. In a checking phase, the devices communicate secret-key information to the proxy, which verifies the received one-time commitment values. In a digest phase, the proxy calculates a one-time digest, which it sends to the second device. The second device then verifies the received one-time digest to authenticate the first device.
    Type: Grant
    Filed: May 31, 2019
    Date of Patent: October 29, 2024
    Assignee: Iothic Ltd
    Inventors: Christopher Patrick Autry, Andrew William Roscoe, Mykhailo Magal
  • Patent number: 12028709
    Abstract: A subscriber device may perform a key exchange with a network operation center (NOC) computing device to receive a secret key. A list of group identifiers of personal devices for which the subscriber device is to handle events may be received at the subscriber device. The subscriber device may receive an encrypted event packet from a personal device via a direct communication connection. The subscriber device may decrypt the encrypted event packet at the subscriber device using the secret key to generate a decrypted event packet and extract a group identifier from the decrypted event packet. In response to determining that the group identifier is included in the list of group identifiers received from the NOC computing device, an event handler of a plurality of handlers stored in the subscriber device that corresponds to an event included in the decrypted event packet may be identified to handle the event.
    Type: Grant
    Filed: May 3, 2021
    Date of Patent: July 2, 2024
    Assignees: Getac Technology Corporation, WHP Workflow Solutions, Inc.
    Inventor: Thomas Guzik
  • Patent number: 12019742
    Abstract: Methods, systems, and computer-readable media for automated threat modeling using application relationships are disclosed. A graph is determined that includes nodes and edges. At least a portion of the nodes represent software components, and at least a portion of the edges represent relationships between software components. An event is received, and a sub-graph associated with the event is determined. The event is indicative of a change to one or more of the nodes or edges in the graph. Threat modeling is performed on the sub-graph using one or more analyzers. The one or more analyzers determine whether the sub-graph is in compliance with one or more policies.
    Type: Grant
    Filed: June 1, 2018
    Date of Patent: June 25, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Raghuveer Ketireddy, Trevor Tonn, Daniel Bailey, Naga Venkata Sunil Alamuri
  • Patent number: 12010209
    Abstract: A hardware cryptographic engine comprises a direct-memory-access (DMA) input module for receiving input data over a memory bus, and a cryptographic module. The cryptographic module comprises an input register having an input-register length, and circuitry configured to perform a cryptographic operation on data in the input register. The hardware cryptographic engine further comprises an input-alignment buffer having a length that is less than twice said input-register length, and alignment circuitry performing an alignment operation on input data in the input-alignment buffer. The hardware cryptographic engine is configured to pass input data, received by the DMA input module, from the memory bus to the input register of the cryptographic module after buffering an amount of input data no greater than the length of the input-alignment buffer.
    Type: Grant
    Filed: May 29, 2019
    Date of Patent: June 11, 2024
    Assignee: Nordic Semiconductor ASA
    Inventors: Marko Winblad, Markku Vähätaini, James Nevala, Matti Tiikkainen, Hannu Talvitie
  • Patent number: 11997075
    Abstract: Various embodiments relate to a method performed by a processor of a computing system. An example method includes generating a symmetric content encryption key. Content is encrypted using the content encryption key to generate cipher text. A hash of the cipher text is generated. Each of the hash and the content encryption key is signcrypted using each of a signcrypting party public key, a signcrypting party private key and a recipient public key to generate a signcrypted envelope message. The cipher text is embedded in a component of the signcrypted envelope message. The signcrypted envelope message is transmitted to a recipient. The recipient can unsigncrypt the signcrypted envelope message using each of the recipient public key, a recipient private key, and the signcrypting party public key to retrieve the content encryption key and hash of the cipher text. The recipient can decrypt the cipher text using the content encryption key.
    Type: Grant
    Filed: June 6, 2022
    Date of Patent: May 28, 2024
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Phillip H. Griffin, Jeffrey J. Stapleton
  • Patent number: 11979392
    Abstract: A method and system for managing device association and access is disclosed. Some embodiments may include receiving, from a user device, a request to access a network device. The request may include a public key of the user device. The request may include a digital certificate, wherein the digital certificate may include the public key of the user device. A distributed database address of the user device may be determined by applying a deterministic function to the public key of the user device. A distributed database entry may include the address of the user device. A distributed database entry may be generated. The distributed database entry may include the address of the user device. Based on the address of the user device, access to the network device may be granted to the user device.
    Type: Grant
    Filed: July 17, 2017
    Date of Patent: May 7, 2024
    Assignee: COMCAST CABLE COMMUNICATIONS, LLC
    Inventor: Asad Haque
  • Patent number: 11968226
    Abstract: Remote Triggered Black Holes (RTBHs) can be precisely placed on networks that are not directly physically connected to a target of an attack. A network source of a potential attack can be determined. A path between the network source and the target can be identified, and a determination can be made as to which networks along that path subscribe to an attack mitigation service. From multiple identified subscriber networks, a subscriber network can be identified that is determined to be appropriate for placement of a black hole to mitigate the attack. Once selected, the identified network can receive attack information and acknowledge placement of the black hole. The subscriber network can then begin discarding traffic for the attack target. A subscriber-owned list of network prefixes can be reviewed before allowing RTBH injection for a corresponding address space.
    Type: Grant
    Filed: March 16, 2017
    Date of Patent: April 23, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Payam Tarverdyan Chychi, Dennis Marinus, Shawn Joseph Marck, Stephen Roderick O'Dor
  • Patent number: 11909857
    Abstract: Systems, apparatus, methods, and techniques for functional safe execution of encryption operations are provided. A fault tolerant counter and a complementary pair of encryption flows are provided. The fault tolerant counter may be based on a gray code counter and a hamming distance checker. The complementary pair of encryption flows have different implementations. The output from the complementary pair of encryption flows can be compared, and where different, errors generated.
    Type: Grant
    Filed: December 23, 2019
    Date of Patent: February 20, 2024
    Assignee: Intel Corporation
    Inventors: Santosh Ghosh, Marcio Juliato, Rafael Misoczki, Manoj Sastry, Liuyang Yang, Shabbir Ahmed, Christopher Gutierrez, Xiruo Liu
  • Patent number: 11893133
    Abstract: Techniques are described for budget tracking in a differentially private security system. A request to perform a query of a private database system is received by a privacy device from a client device. The request is associated with a level of differential privacy. A privacy budget corresponding to the received request is accessed by the privacy device. The privacy budget includes a cumulative privacy spend and a maximum privacy spend, the cumulative privacy spend representative of previous queries of the private database system. A privacy spend associated with the received request is determined by the privacy device based at least in part on the level of differential privacy associated with the received request. If a sum of the determined privacy spend and the cumulative privacy spend is less than the maximum privacy spend, the query is performed. Otherwise a security action is performed based on a security policy.
    Type: Grant
    Filed: June 1, 2021
    Date of Patent: February 6, 2024
    Assignee: Snowflake Inc.
    Inventors: Christopher Hockenbrocht, Ishaan Nerurkar, Liam Damewood, Mihai Maruseac, Alexander Rozenshteyn
  • Patent number: 11888897
    Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosting operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Credentials for services implemented by a BotSink may be planted in an active directory (AD) server. The BotSink periodically uses the credentials thereby creating log entries indicating use thereof. When an attacker accesses the services using the credentials, the BotSink engages and monitors an attacker system and may generate an alert. Decoy services may be assigned to a domain and associated with names according to a naming convention of the domain.
    Type: Grant
    Filed: August 24, 2022
    Date of Patent: January 30, 2024
    Assignee: SentinelOne, Inc.
    Inventors: Venu Vissamsetty, Nitin Jyoti, Pavan Patel, Prashanth Srinivas Mysore
  • Patent number: 11874929
    Abstract: Systems and methods are provided to identify security vulnerabilities related to containerization platforms. Container images may be received from a repository, and scanned for security vulnerabilities. Containers may be automatically generated and updated with security updates when the images are extracted and identified. Updated versions of images may be generated based on the updated containers. Stored security vulnerability may be automatically updated with CVE information received from external databases at regular intervals, or upon receiving a scan request. Scan results may be generated, stored and compared. Vulnerability comparisons may be generated for an initial version of an image and an updated version of the image that includes the implemented security updates that rectify the identifiable security vulnerabilities.
    Type: Grant
    Filed: December 9, 2019
    Date of Patent: January 16, 2024
    Assignee: Accenture Global Solutions Limited
    Inventors: Manoharan Ramasamy, Satish Janardhanan
  • Patent number: 11861016
    Abstract: Generation of a first prediction model is caused based on first training data, where the first prediction model enables determining whether an exploit to be developed for software vulnerabilities will be used in an attack. For each training instance in the first training data, the first prediction model is used to generate a score. Each training instance is added to second training data if the score is greater than a threshold value. The second training data is a subset of the first training data. Generation of a second prediction model is caused based on the second training data, where the second prediction model enables determining whether an exploit to be developed for software vulnerabilities will be used in an attack.
    Type: Grant
    Filed: April 6, 2021
    Date of Patent: January 2, 2024
    Inventors: Michael Roytman, Jay Jacobs
  • Patent number: 11829776
    Abstract: An integrated circuit device that includes a secure or protected memory component is herein disclosed and enabled. The integrated circuit may be a wireless communication device or a smart card or an USB device. Additionally, the integrated circuit may be part of or in a computing device or mobile device. The integrated circuit device includes a private memory section for storing protected data that is not accessible by a user at the private memory section, but is accessible by a memory controller included in the integrated circuit device. The memory controller accesses the protected data with a combination of security operations that may include cryptography. The integrated circuit device may further include a wireless component for establishing a wireless connection with wireless computing devices or readers for wirelessly transmitting the protected data accessed by the memory controller to the wireless computing devices.
    Type: Grant
    Filed: February 11, 2016
    Date of Patent: November 28, 2023
    Assignee: Flexiworld Technologies, Inc.
    Inventors: William Ho Chang, Vinaynathan Viswanathan
  • Patent number: 11809610
    Abstract: A real time, on-the-fly data encryption system is shown operable to encrypt and decrypt the data flow between a secure processor and an unsecure external memory system. Multiple memory segments are supported, each with its own separate encryption capability, or no encryption at all. Data integrity is ensured by hardware protection from code attempting to access data across memory segment boundaries. Protection is also provided against dictionary attacks by monitoring multiple access attempts to the same memory location.
    Type: Grant
    Filed: June 16, 2014
    Date of Patent: November 7, 2023
    Assignee: Texas Instruments Incorporated
    Inventors: Amritpal S. Mundra, William C. Wallace
  • Patent number: 11757863
    Abstract: Systems and methods are provided to authorize users to anonymously access resources of different web sites. For example, a business listing service may authenticate users and allow the authenticated users to access the resources of the businesses listed via the business listing service, without the users having to create separate accounts with the businesses and without having to reveal the identities of the users to the businesses.
    Type: Grant
    Filed: October 8, 2014
    Date of Patent: September 12, 2023
    Assignee: Thryv, Inc.
    Inventor: Jakhongir Samatov