Patents by Inventor Ali SAJJAD
Ali SAJJAD has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240086241Abstract: A method of selecting an algorithm from a plurality of candidate algorithms for use by a processor-controlled device to perform an application. A respective value for one or more resource characteristics of the device is obtained. Based on the one or more values, one or more analogous reference devices having similar resource characteristics to the device are identified. One or more reference performance values for execution of each of the plurality of candidate algorithms on each of the analogous reference devices are obtained. The algorithm is selected based on the one or more reference performance values.Type: ApplicationFiled: March 16, 2022Publication date: March 14, 2024Inventor: Ali SAJJAD
-
Publication number: 20220376902Abstract: There is provided a computer implemented method for accessing a resource at a computing device, as well as for controlling access to a resource by a computing device. The computing device receives a policy indicating a set of conditions under which access to the resource is permitted, determines whether each of the conditions are initially present based on an output of one or more sensors of the device, and monitors the one or more sensors to detect a change in the presence of one or more of the conditions. In response to detecting the change in the presence of one or more of the conditions, the computing device determines whether each of the conditions are present. In response to determining that each of the conditions is present, access to the resource is enabled. If at least one of the conditions is not present, access to the resource is prevented.Type: ApplicationFiled: September 11, 2020Publication date: November 24, 2022Inventors: Ali SAJJAD, Gery DUCATEL, Gabriele GELARDI
-
Patent number: 11474847Abstract: A computer implemented method of converting a serialized virtual machine (VM) for a source virtualized computing environment, the serialized VM being stored in a data file having also metadata for instantiating the serialized VM in the source environment, the method including supplementing the data file with a software adapter including a plurality of executable disk image converters, each disk image converter being suitable for converting the serialized VM between disparate virtualized computing environments; a plurality of metadata mappings, each metadata mapping defining how the metadata is converted between disparate virtual computing environments; and executable code for effecting a conversion by executing an appropriate disk image converter and performing an appropriate metadata conversion to convert the data file for a target virtualized computing environment, such that the supplemented data file is operable to self-convert between the source virtualized computing environment and the target virtualizedType: GrantFiled: December 3, 2018Date of Patent: October 18, 2022Assignee: British Telecommunications Public Limited CompanyInventors: Ali Sajjad, Fadi El-Moussa
-
Patent number: 11461460Abstract: A computer implemented method of securing an application executing in a software container deployed in a computer system includes providing access to the application selectively in accordance with access control rules by sharing an encryption key with authorized accessors.Type: GrantFiled: December 3, 2018Date of Patent: October 4, 2022Assignee: British Telecommunications Public Limited CompanyInventors: Fadi El-Moussa, Ali Sajjad
-
Patent number: 11451387Abstract: A computer implemented method of generating cryptographic keys for a plurality of hardware security modules (HSMs), the method including generating a plurality of cryptographic keys for use by the HSMs in providing cryptography functions, wherein the cryptographic keys are generated based on numerical data generated by a hardware random number generator; and storing the generated cryptographic keys in a secure key store, such that a key in the key store utilized by an HSM is flagged as utilized to prevent other HSMs utilizing the same key, so as to provide a rate of generation and storage of the cryptographic keys unconstrained by the resources of any HSM.Type: GrantFiled: May 2, 2019Date of Patent: September 20, 2022Assignee: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANYInventors: Joshua Daniel, Ali Sajjad
-
Publication number: 20220261466Abstract: Computer implemented methods for enrolling a user as an authenticated user of a computing device and for authenticating a user of a computing device are provided. The methods make use of behavioral biometrics to determine a set of shares that represent a secret credential according to a secret sharing scheme. The set of shares is initially determined when the user is enrolled based on typical measurements of the user's behavioral biometrics and authentication data indicating how to generate the set of shares from a user's behavioral biometrics is generated. When authenticating the user, the computing device can generate the set of shares based on the authentication data and measurements of the current user's behavioral biometrics. The computing device can use the generated set of shares to recreate a copy of the secret credential with which to authenticate the user.Type: ApplicationFiled: June 16, 2020Publication date: August 18, 2022Inventors: Gabriele GELARDI, Ali Sajjad, Gery DUCATEL
-
Patent number: 11411726Abstract: A computer implemented method of generating cryptographic keys for a hardware security module (HSM), the method including generating a plurality of cryptographic keys and storing the cryptographic keys for use by the HSM in providing cryptography functions, wherein the cryptographic keys are generated based on numerical data generated by a hardware random number generator, such that a rate of generation of the cryptographic keys unconstrained by the resources of the HSM, wherein the hardware random number generator operates based on a plurality of statistically random entropy data sources originating from natural phenomena so as to increase a degree of randomness of the numerical data.Type: GrantFiled: May 2, 2019Date of Patent: August 9, 2022Assignee: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANYInventors: Joshua Daniel, Ali Sajjad
-
Publication number: 20220159020Abstract: There is provided a computer implemented method, computer system and computer program for protecting a network. The method comprises: gathering traffic data for the network; identifying a set of loT devices in the network based on the output from a machine learning model for classifying loT devices using features extracted from the traffic data that are indicative of an loT device; and causing one or more predetermined actions to be taken in respect of the set of loT devices to protect the network.Type: ApplicationFiled: March 3, 2020Publication date: May 19, 2022Inventors: Xiao-Si WANG, Ali SAJJAD
-
Publication number: 20210218564Abstract: A computer implemented method of generating cryptographic keys for a plurality of hardware security modules (HSMs), the method including generating a plurality of cryptographic keys for use by the HSMs in providing cryptography functions, wherein the cryptographic keys are generated based on numerical data generated by a hardware random number generator; and storing the generated cryptographic keys in a secure key store, such that a key in the key store utilized by an HSM is flagged as utilized to prevent other HSMs utilizing the same key, so as to provide a rate of generation and storage of the cryptographic keys unconstrained by the resources of any HSM.Type: ApplicationFiled: May 2, 2019Publication date: July 15, 2021Inventors: Joshua DANIEL, Ali SAJJAD
-
Publication number: 20210203495Abstract: A computer implemented method of generating cryptographic keys for a hardware security module (HSM), the method including generating a plurality of cryptographic keys and storing the cryptographic keys for use by the HSM in providing cryptography functions, wherein the cryptographic keys are generated based on numerical data generated by a hardware random number generator, such that a rate of generation of the cryptographic keys unconstrained by the resources of the HSM, wherein the hardware random number generator operates based on a plurality of statistically random entropy data sources originating from natural phenomena so as to increase a degree of randomness of the numerical data.Type: ApplicationFiled: May 2, 2019Publication date: July 1, 2021Inventors: Joshua DANIEL, Ali SAJJAD
-
Publication number: 20200387598Abstract: A computer implemented method of securing an application executing in a software container deployed in a computer system, the method including identifying at least one application executing in the container; determining an application installation path for the application as a location in a container data storage facility at which the code for the application at least partially resides; generating an encryption key for the application; determining a data path for the application as a location in the container data storage facility at which data processed or generated by the application at least partially resides; securely communicating an identifier of the container, the application path, the data path and the generated encryption key for secure storage by a security component external to the container; securely receiving, from the security component, one or more access control rules defining computing components authorized to access the application; encrypting the application path and the data path using theType: ApplicationFiled: December 3, 2018Publication date: December 10, 2020Inventors: Fadi EL-MOUSSA, Ali SAJJAD
-
Publication number: 20200387392Abstract: A computer implemented method of converting a serialized virtual machine (VM) for a source virtualized computing environment, the serialized VM being stored in a data file having also metadata for instantiating the serialized VM in the source environment, the method including supplementing the data file with a software adapter including a plurality of executable disk image converters, each disk image converter being suitable for converting the serialized VM between disparate virtualized computing environments; a plurality of metadata mappings, each metadata mapping defining how the metadata is converted between disparate virtual computing environments; and executable code for effecting a conversion by executing an appropriate disk image converter and performing an appropriate metadata conversion to convert the data file for a target virtualized computing environment, such that the supplemented data file is operable to self-convert between the source virtualized computing environment and the target virtualizedType: ApplicationFiled: December 3, 2018Publication date: December 10, 2020Inventors: Ali SAJJAD, Fadi EL-MOUSSA
-
Patent number: 10728841Abstract: A mobile device having a processor, a memory and a wireless network interface, the processor executing an operating system including a network communication library for providing networking services via the wireless network interface and being further arranged to: receive capability information associated with each of plurality of wireless network access points accessible to the mobile device; identify, for a set of networked applications in execution on the mobile device, one or more applications having associated a wireless network capability requirement; and select an access point from the plurality of access points to provide network communication for the mobile device, the access point being selected based on the identified one or more applications and the received capability information, wherein network communication for applications executed by the mobile device having associated a wireless network capability requirement that is incompatible with a network capability of the selected access point are prType: GrantFiled: June 5, 2015Date of Patent: July 28, 2020Assignee: British Telecommunications Public Limited CompanyInventors: Fadi El-Moussa, Ali Sajjad
-
Patent number: 10594659Abstract: A computer implemented method of secure communication between a virtual machine in a set of virtual machines in a virtualized computing environment and a shared software service over a network, the method comprising: establishing a network connection between the virtual machine and the software service; communicating data between the virtual machine and the software service; and establishing a tunneling virtual private network (VPN) connection for communication of encrypted network traffic between the virtual machine and the software service, access to the VPN connection being restricted so as to securely separate communication between the virtual machine and the software service from communication occurring with other virtual machines in the set, and wherein data is communicated between the virtual machine and the software service via the VPN connection.Type: GrantFiled: November 4, 2015Date of Patent: March 17, 2020Assignee: British Telecommunications Public Limited CompanyInventors: Fadi El-Moussa, Ali Sajjad
-
Patent number: 10505721Abstract: A method of securing a virtual data volume storing data in a first virtualized computing environment including: deriving a cryptographic key for encrypting the data, the key being derived from first and second parameters; and encrypting the data, wherein the first parameter is generated for association with the virtualized data volume, and the second parameter is generated based on at least one characteristic of a second virtualized computing environment.Type: GrantFiled: September 22, 2015Date of Patent: December 10, 2019Assignee: British Telecommunications Public Limited CompanyInventors: Theo Dimitrakos, Ali Sajjad
-
Patent number: 10038557Abstract: A method of a security system to provide access by a requester to an encrypted data object stored in an object store, the requester being authenticated by the object store, the method comprising: receiving, from the object store: the encrypted object having associated an object identifier; and an identifier of the requester; deriving a first cryptographic key to decrypt the object; deriving a second cryptographic key; re-encrypting the object based on the second key and communicating the re-encrypted object to the requester; wherein each of the first and second keys are based on the object identifier, the requester identifier and a secret key portion generated by the security system, the secret key portion being different for each of the first and second keys, the method further comprising: in response to a second authentication of the requester by the security system, communicating the secret key portion for the second key to the requester.Type: GrantFiled: September 24, 2015Date of Patent: July 31, 2018Assignee: British Telecommunications Public Limited CompanyInventors: Theo Dimitrakos, Ali Sajjad
-
Publication number: 20170302629Abstract: A computer implemented method of secure communication between a virtual machine in a set of virtual machines in a virtualized computing environment and a shared software service over a network, the method comprising: establishing a network connection between the virtual machine and the software service; communicating data between the virtual machine and the software service; and, establishing a tunneling virtual private network (VPN) connection for communication of encrypted network traffic between the virtual machine and the software service, access to the VPN connection being restricted so as to securely separate communication between the virtual machine and the software service from communication occurring with other virtual machines in the set, and wherein data is communicated between the virtual machine and the software service via the VPN connection.Type: ApplicationFiled: November 4, 2015Publication date: October 19, 2017Applicant: British Telecommunications Public Limited CompanyInventors: Fadi EL-MOUSSA, Ali SAJJAD
-
Publication number: 20170288871Abstract: A method of a security system to provide access by a requester to an encrypted data object stored in an object store, the requester being authenticated by the object store, the method comprising: receiving, from the object store: the encrypted object having associated an object identifier; and an identifier of the requester; deriving a first cryptographic key to decrypt the object; deriving a second cryptographic key; re-encrypting the object based on the second key and communicating the re-encrypted object to the requester; wherein each of the first and second keys are based on the object identifier, the requester identifier and a secret key portion generated by the security system, the secret key portion being different for each of the first and second keys, the method further comprising: in response to a second authentication of the requester by the security system, communicating the secret key portion for the second key to the requester.Type: ApplicationFiled: September 24, 2015Publication date: October 5, 2017Applicant: British Telecommunications Public Limited CompanyInventors: Theo DIMITRAKOS, Ali SAJJAD
-
Publication number: 20170288863Abstract: A method of securing a virtual data volume storing data in a first virtualized computing environment including: deriving a cryptographic key for encrypting the data, the key being derived from first and second parameters; and encrypting the data, wherein the first parameter is generated for association with the virtualized data volume, and the second parameter is generated based on at least one characteristic of a second virtualized computing environment.Type: ApplicationFiled: September 22, 2015Publication date: October 5, 2017Applicant: British Telecommunications Public Limited CompanyInventors: Theo DIMITRAKOS, Ali SAJJAD
-
Publication number: 20170142649Abstract: Dynamic Wireless Network Access Point Selection A mobile device having a processor, a memory and a wireless network interface, the processor executing an operating system including a network communication library for providing networking services via the wireless network interface and being further arranged to: receive capability information associated with each of plurality of wireless network access points accessible to the mobile device; identify, for a set of networked applications in execution on the mobile device, one or more applications having associated a wireless network capability requirement; and select an access point from the plurality of access points to provide network communication for the mobile device, the access point being selected based on the identified one or more applications and the received capability information, wherein network communication for applications executed by the mobile device having associated a wireless network capability requirement that is incompatible with a networType: ApplicationFiled: June 5, 2015Publication date: May 18, 2017Applicant: British Telecommunications Public Limited CompanyInventors: Fadi EL-MOUSSA, Ali SAJJAD