Patents Examined by Zachary A Davis
  • Patent number: 11893133
    Abstract: Techniques are described for budget tracking in a differentially private security system. A request to perform a query of a private database system is received by a privacy device from a client device. The request is associated with a level of differential privacy. A privacy budget corresponding to the received request is accessed by the privacy device. The privacy budget includes a cumulative privacy spend and a maximum privacy spend, the cumulative privacy spend representative of previous queries of the private database system. A privacy spend associated with the received request is determined by the privacy device based at least in part on the level of differential privacy associated with the received request. If a sum of the determined privacy spend and the cumulative privacy spend is less than the maximum privacy spend, the query is performed. Otherwise a security action is performed based on a security policy.
    Type: Grant
    Filed: June 1, 2021
    Date of Patent: February 6, 2024
    Assignee: Snowflake Inc.
    Inventors: Christopher Hockenbrocht, Ishaan Nerurkar, Liam Damewood, Mihai Maruseac, Alexander Rozenshteyn
  • Patent number: 11888897
    Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosting operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Credentials for services implemented by a BotSink may be planted in an active directory (AD) server. The BotSink periodically uses the credentials thereby creating log entries indicating use thereof. When an attacker accesses the services using the credentials, the BotSink engages and monitors an attacker system and may generate an alert. Decoy services may be assigned to a domain and associated with names according to a naming convention of the domain.
    Type: Grant
    Filed: August 24, 2022
    Date of Patent: January 30, 2024
    Assignee: SentinelOne, Inc.
    Inventors: Venu Vissamsetty, Nitin Jyoti, Pavan Patel, Prashanth Srinivas Mysore
  • Patent number: 11874929
    Abstract: Systems and methods are provided to identify security vulnerabilities related to containerization platforms. Container images may be received from a repository, and scanned for security vulnerabilities. Containers may be automatically generated and updated with security updates when the images are extracted and identified. Updated versions of images may be generated based on the updated containers. Stored security vulnerability may be automatically updated with CVE information received from external databases at regular intervals, or upon receiving a scan request. Scan results may be generated, stored and compared. Vulnerability comparisons may be generated for an initial version of an image and an updated version of the image that includes the implemented security updates that rectify the identifiable security vulnerabilities.
    Type: Grant
    Filed: December 9, 2019
    Date of Patent: January 16, 2024
    Assignee: Accenture Global Solutions Limited
    Inventors: Manoharan Ramasamy, Satish Janardhanan
  • Patent number: 11861016
    Abstract: Generation of a first prediction model is caused based on first training data, where the first prediction model enables determining whether an exploit to be developed for software vulnerabilities will be used in an attack. For each training instance in the first training data, the first prediction model is used to generate a score. Each training instance is added to second training data if the score is greater than a threshold value. The second training data is a subset of the first training data. Generation of a second prediction model is caused based on the second training data, where the second prediction model enables determining whether an exploit to be developed for software vulnerabilities will be used in an attack.
    Type: Grant
    Filed: April 6, 2021
    Date of Patent: January 2, 2024
    Inventors: Michael Roytman, Jay Jacobs
  • Patent number: 11829776
    Abstract: An integrated circuit device that includes a secure or protected memory component is herein disclosed and enabled. The integrated circuit may be a wireless communication device or a smart card or an USB device. Additionally, the integrated circuit may be part of or in a computing device or mobile device. The integrated circuit device includes a private memory section for storing protected data that is not accessible by a user at the private memory section, but is accessible by a memory controller included in the integrated circuit device. The memory controller accesses the protected data with a combination of security operations that may include cryptography. The integrated circuit device may further include a wireless component for establishing a wireless connection with wireless computing devices or readers for wirelessly transmitting the protected data accessed by the memory controller to the wireless computing devices.
    Type: Grant
    Filed: February 11, 2016
    Date of Patent: November 28, 2023
    Assignee: Flexiworld Technologies, Inc.
    Inventors: William Ho Chang, Vinaynathan Viswanathan
  • Patent number: 11809610
    Abstract: A real time, on-the-fly data encryption system is shown operable to encrypt and decrypt the data flow between a secure processor and an unsecure external memory system. Multiple memory segments are supported, each with its own separate encryption capability, or no encryption at all. Data integrity is ensured by hardware protection from code attempting to access data across memory segment boundaries. Protection is also provided against dictionary attacks by monitoring multiple access attempts to the same memory location.
    Type: Grant
    Filed: June 16, 2014
    Date of Patent: November 7, 2023
    Assignee: Texas Instruments Incorporated
    Inventors: Amritpal S. Mundra, William C. Wallace
  • Patent number: 11757863
    Abstract: Systems and methods are provided to authorize users to anonymously access resources of different web sites. For example, a business listing service may authenticate users and allow the authenticated users to access the resources of the businesses listed via the business listing service, without the users having to create separate accounts with the businesses and without having to reveal the identities of the users to the businesses.
    Type: Grant
    Filed: October 8, 2014
    Date of Patent: September 12, 2023
    Assignee: Thryv, Inc.
    Inventor: Jakhongir Samatov
  • Patent number: 11743254
    Abstract: One embodiment provides a method, including: receiving, at a server from a device, a request for device authentication across an unsecure network, the request including a device registration token; generating, at the server, a shared registration key utilizing the device registration token; verifying, at the server, the device registration token by comparing the device registration token to a function of the shared registration key; and producing, at the server and responsive to verifying the device registration token, a one-time activation token and sending the one-time activation token to the device. Other aspects are described and claimed.
    Type: Grant
    Filed: August 12, 2019
    Date of Patent: August 29, 2023
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Igor Stolbikov, Rod D. Waltermann, Joseph Michael Pennisi, Michael Demeter
  • Patent number: 11729193
    Abstract: Techniques are described for automatically incorporating lifecycle information for a secured environment (SE) into an intrusion detection system monitoring the secured environment's operations. In one example, a secured environment including at least one component is monitored, where the secured environment is associated with a lifecycle operations manager (LOM) responsible for managing lifecycle operations associated with at least one component in the SE. One or more log files associated with operations of each of the at least one components are obtained, along with log files associated with lifecycle operations executed by the LOM. A determination is made as to whether the particular activities documented in the log files indicate a violation of at least one malicious action rule. In response to determining that the log files are associated with a malicious action rule, a mitigation action associated with the violation is triggered.
    Type: Grant
    Filed: April 5, 2022
    Date of Patent: August 15, 2023
    Assignee: SAP SE
    Inventor: Rouven Krebs
  • Patent number: 11728991
    Abstract: Privacy-preserving leakage-deterring public-key encryption techniques are provided. A sender system sends to an authority system a commitment to leakage-deterring-data, and proves in zero-knowledge that the sender system has access to an opening to the commitment. The sender system receives a signature corresponding to a signed commitment to the leakage-deterring-data and an identifier of the sender system. The sender system encrypts a message to a receiver system by applying a one-time pad to the message using a one-time-pad key, and encrypts the result of the application with the public key of the receiver system. The sender system encrypts the one-time-pad key with an attribute-based encryption scheme with a public key of an oblivious decryptor system. The sender system forms a ciphertext from a combination of the encrypted message and the encrypted one-time-pad key and sends the ciphertext to the receiver system.
    Type: Grant
    Filed: May 28, 2019
    Date of Patent: August 15, 2023
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Maria Dubovitskaya, Patrick Towa
  • Patent number: 11728988
    Abstract: An electronic key pre-distribution device for configuring multiple network nodes with local key information is provided. The key pre-distribution device applies at least a first hash function and a second hash function to a digital identifier of a network node. The first and second hash functions map the digital identifier to a first public point and a second public point on a first elliptic curve and second elliptic curve. A first and second secret isogeny are applied to the first and second public elliptic curve points, to obtain a first private elliptic curve point and second private elliptic curve point that are part of private key material for the network node.
    Type: Grant
    Filed: February 12, 2018
    Date of Patent: August 15, 2023
    Assignee: Koninklijke Philips N.V.
    Inventors: Oscar Garcia Morchon, Sauvik Bhattacharya, Ludovicus Marinus Gerardus Maria Tolhuizen, Ronald Rietman
  • Patent number: 11698962
    Abstract: A method detects intrusions in an audit log including records of user sessions with activity features and a user label of a claimed user of the user session. Probabilities that a user session belongs to a user are predicted. A probability is predicted for each combination of a user and a user session of the audit log based on the activity features of the user sessions. A user group including users with similar activity features is constructed based on the predicted probabilities. An anomaly score for a user session of the audit log and a claimed user of the user session belonging to the user group is determined based on a probability that the user session belongs to the user group. An intrusion is detected if the anomaly score of the user session and the claimed user exceeds a predetermined threshold.
    Type: Grant
    Filed: November 27, 2019
    Date of Patent: July 11, 2023
    Assignee: BULL SAS
    Inventor: Mathieu Garchery
  • Patent number: 11665150
    Abstract: Credentials for an account on a remote server requiring credentialed access by a client device are created, credentials are transmitted to the remote server, and response data including the credentials is received from the remote server, while restricting access to the credentials by the client device at all times. Session data transmitted by the remote server is also restricted from the client device to prevent side loading of session secrets onto client devices that may be used to attempt to gain unauthorized access to the remote server. Cookies are used to allow the client device to access more than one remote server without having to authenticate individually to each remote server.
    Type: Grant
    Filed: November 14, 2014
    Date of Patent: May 30, 2023
    Assignee: Pleasant Solutions, Inc.
    Inventors: Thomas Stachura, Patrick W. Earl
  • Patent number: 11581918
    Abstract: A near field communication system can include a near field generator configured to generate a near field detectable information signal. The near field generator and supporting circuitry also produces incidental electromagnetic radiation. A masking signal transmitter is used with the near field generator and radiates a masking electromagnetic signal. The masking electromagnetic signal may substantially mask the incidental electromagnetic radiation.
    Type: Grant
    Filed: August 8, 2008
    Date of Patent: February 14, 2023
    Assignee: Freelinc Technologies Inc.
    Inventors: Douglas Howard Dobyns, Howard Bernard Dobyns, Jed Erich Woodard, Anthony Joseph Sutera
  • Patent number: 11580219
    Abstract: A technique for detecting malware involves loading known malware information, finding a string in the known malware information, saving the string in a first database, identifying a first contiguous string block from the known malware information, assigning a confidence indicator to the first contiguous string block, attempting to find the first contiguous string block in a second database containing one or more contiguous string blocks extracted from known malware, and responsive to a determination the first contiguous string block meets a predetermined threshold of similarity with a second contiguous string block contained in the second database, labelling the first contiguous string block.
    Type: Grant
    Filed: January 25, 2018
    Date of Patent: February 14, 2023
    Assignee: McAfee, LLC
    Inventors: Craig Schmugar, Zheng Zhang, John Teddy, Michael Hughes
  • Patent number: 11568080
    Abstract: At least some aspects of the present disclosure feature systems and methods for obfuscating data. The method includes the steps of receiving an input data stream including a sequence of n-grams, mapping at least some of the sequence of n-grams to corresponding dictionary terms using a dictionary, and disposing the corresponding tokens to an output data stream.
    Type: Grant
    Filed: November 10, 2014
    Date of Patent: January 31, 2023
    Assignee: 3M Innovative Properties Company
    Inventors: Brian J. Stankiewicz, Eric C. Lobner, Richard H. Wolniewicz, William L. Schofield
  • Patent number: 11539744
    Abstract: A method of monitoring network traffic for cryptojacking activity is provided. A request is received from a protected host. It is determined whether the request is a cryptocurrency request based on whether the request uses a protocol specified for requests belonging to the cryptocurrency communication. In response to a determination that the request is a cryptocurrency request for the cryptocurrency, a second request is submitted to a destination indicated by the request, wherein the second request is formatted as a cryptocurrency request for the cryptocurrency. A determination is made whether a reply to the second request from the destination is a cryptocurrency response for the cryptocurrency based on whether the response uses a protocol specified for a response that belongs to communication associated with the cryptocurrency. An intervention action is caused in response to a determination that the reply to the second request from the destination is a cryptocurrency response for the cryptocurrency.
    Type: Grant
    Filed: August 11, 2020
    Date of Patent: December 27, 2022
    Assignee: Arbor Networks, Inc.
    Inventor: Sean O'Hara
  • Patent number: 11539704
    Abstract: A system includes a processor configured to wirelessly broadcast a message obtained from a first originating vehicle BUS or controller, following a determination that the message was on a pre-approved list for broadcast and having encrypted the message utilizing a temporary random key generated for a message session. The system may include vehicle controllers, a gateway module, and vehicle BUSSES connecting the system controllers to the gateway module. The gateway module may include a memory storing a list of pre-approved message types and corresponding source types, and a processor configured to receive a message from one of the vehicle controllers over one of the vehicle BUSSES to determine if a message type and source type of the received message matches an element of the list.
    Type: Grant
    Filed: November 13, 2015
    Date of Patent: December 27, 2022
    Assignee: Ford Global Technologies, LLC
    Inventors: Omar Makke, Haysam M. Kadry, James Martin Lawlis, Oleg Yurievitch Gusikhin
  • Patent number: 11520894
    Abstract: A controller that is separate from a processor of the system verifies controller code for execution on the controller. In response to verifying the controller code, the controller verifies system boot code.
    Type: Grant
    Filed: June 8, 2020
    Date of Patent: December 6, 2022
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Jeffrey Kevin Jeansonne, Valiuddin Y Ali, James M. Mann, Boris Balacheff
  • Patent number: 11516215
    Abstract: To allow access to encrypted data stored in the memory of a user terminal, the corresponding secret encryption key is stored in a secure element integrated into the user terminal and this secure element serves as a highly secure relay toward an access device to this data, used by a third party. To do so, a secure communication channel is established between the third party and the secure element. The EAC standard allows mutual authentication accompanied by the establishment of such a secure communication channel. The secure element performs an encryption conversion of the data so that the latter is protected by a session (or transport) key associated with the secure communication channel, and no longer by the initial secret key. The third party can thus access the encrypted data without even knowing the initial secret key.
    Type: Grant
    Filed: December 6, 2019
    Date of Patent: November 29, 2022
    Assignee: IDEMIA FRANCE
    Inventors: Mourad Hamouda, Jérôme Dumoulin