Patents by Inventor Hui Fung Herman Kwong

Hui Fung Herman Kwong has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11489839
    Abstract: Clustering-based machine learning is utilized to generate and update permissions data in a computing system. The computing system logs permissions-related user activity for users of the system over time. Feature vectors are generated for the users based on the logs, where each feature corresponds to a specific permission or permission-related operation of the system. A clustering-based learning algorithm analyzes the feature vectors and generates clusters of similar users based on their feature vectors. The permissions of the users may be updated to reflect attributes of the clusters to which they were assigned. For example, the clusters may be utilized to seed and/or update access control groups or other permissions-related user groups in the system. Or, some or all permissions not used by any users within a cluster over a recent period of time may be automatically removed from any user in the cluster.
    Type: Grant
    Filed: January 31, 2019
    Date of Patent: November 1, 2022
    Assignee: Salesforce, Inc.
    Inventors: Sneha Krishna Sankavaram, Hui Fung Herman Kwong
  • Patent number: 10740475
    Abstract: A method and a system for enabling multiple log record consumers to comply with regulations and requirements regarding privacy and handling of data are described. A determination, based on a log record format being of a first of the log record types, that a first field from a raw log record is to be tokenized based on a first tokenization strategy of multiple tokenization strategies in the first log record type, is performed. Each one of the tokenization strategies identifies a tokenization mechanism from tokenization mechanisms for generating a token from a raw value to enable compliance with a set of regulations and requirements regarding privacy and the handling of data. For a first raw value in the first field a first token is generated that is an anonymized representation of the first raw value using a tokenization mechanism identified by the first tokenization strategy in the log record type.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: August 11, 2020
    Assignee: salesforce.com, inc.
    Inventors: William C. Eidson, David Hacker, Yu Chen, Hui Fung Herman Kwong, Wolfgang Krause
  • Publication number: 20200252405
    Abstract: Clustering-based machine learning is utilized to generate and update permissions data in a computing system. The computing system logs permissions-related user activity for users of the system over time. Feature vectors are generated for the users based on the logs, where each feature corresponds to a specific permission or permission-related operation of the system. A clustering-based learning algorithm analyzes the feature vectors and generates clusters of similar users based on their feature vectors. The permissions of the users may be updated to reflect attributes of the clusters to which they were assigned. For example, the clusters may be utilized to seed and/or update access control groups or other permissions-related user groups in the system. Or, some or all permissions not used by any users within a cluster over a recent period of time may be automatically removed from any user in the cluster.
    Type: Application
    Filed: January 31, 2019
    Publication date: August 6, 2020
    Inventors: Sneha Krishna Sankavaram, Hui Fung Herman Kwong
  • Publication number: 20190340388
    Abstract: A method and a system for enabling multiple log record consumers to comply with regulations and requirements regarding privacy and handling of data are described. A determination, based on a log record format being of a first of the log record types, that a first field from a raw log record is to be tokenized based on a first tokenization strategy of multiple tokenization strategies in the first log record type, is performed. Each one of the tokenization strategies identifies a tokenization mechanism from tokenization mechanisms for generating a token from a raw value to enable compliance with a set of regulations and requirements regarding privacy and the handling of data. For a first raw value in the first field a first token is generated that is an anonymized representation of the first raw value using a tokenization mechanism identified by the first tokenization strategy in the log record type.
    Type: Application
    Filed: July 31, 2018
    Publication date: November 7, 2019
    Inventors: William C. EIDSON, David HACKER, Yu CHEN, Hui Fung Herman KWONG, Wolfgang KRAUSE
  • Patent number: 10382463
    Abstract: Threat detection in a multi-organizational environment. Attribute data corresponding to accesses to a multi-organizational environment and entity data corresponding to accesses to the multi-organizational environment are maintained. A graph based on the attribute data and the entity data where graph edges represent a relationship between an attribute and an entity is generated. Subsequent access are compared to the graph to determine if the subsequent access corresponds to a new relationship. The subsequent access is allowed if the subsequent access does not correspond to a new relationship. The subsequent access further analyzed if the subsequent access corresponds to a new, unexpected relationship.
    Type: Grant
    Filed: December 20, 2016
    Date of Patent: August 13, 2019
    Assignee: salesforce.com, inc.
    Inventors: Ping Yan, Huy Hang, Hui Fung Herman Kwong
  • Publication number: 20180176239
    Abstract: Threat detection in a multi-organizational environment. Attribute data corresponding to accesses to a multi-organizational environment and entity data corresponding to accesses to the multi-organizational environment are maintained. A graph based on the attribute data and the entity data where graph edges represent a relationship between an attribute and an entity is generated. Subsequent access are compared to the graph to determine if the subsequent access corresponds to a new relationship. The subsequent access is allowed if the subsequent access does not correspond to a new relationship. The subsequent access further analyzed if the subsequent access corresponds to a new, unexpected relationship.
    Type: Application
    Filed: December 20, 2016
    Publication date: June 21, 2018
    Inventors: Ping YAN, Huy HANG, Hui Fung Herman KWONG
  • Patent number: 9195724
    Abstract: Methods and systems are provided for associating objects in a database. An exemplary method involves identifying one or more objects in the database that are likely to be related to a first object in the database that is based on data obtained from a local application associated with a user and displaying the identified objects on a client device associated with the user. In exemplary embodiments, the identified objects are displayed in response to selection of a graphical user interface element enabling indication of a second object from among the one or more objects, wherein the first object is associated with the second object in the database after receiving indication of the second object. In one or more exemplary embodiments, the database is a multi-tenant database in a multi-tenant system providing instances of a virtual application to multiple tenants.
    Type: Grant
    Filed: February 9, 2012
    Date of Patent: November 24, 2015
    Assignee: salesforce.com, inc.
    Inventors: Ganesh Mathrubootham, Qian Lu, Lu Ping Chen, Shahid H. Khatri, Hui Fung Herman Kwong, Kayvaan Ghassemieh
  • Publication number: 20130031496
    Abstract: Methods and systems are provided for associating objects in a database. An exemplary method involves identifying one or more objects in the database that are likely to be related to a first object in the database that is based on data obtained from a local application associated with a user and displaying the identified objects on a client device associated with the user. In exemplary embodiments, the identified objects are displayed in response to selection of a graphical user interface element enabling indication of a second object from among the one or more objects, wherein the first object is associated with the second object in the database after receiving indication of the second object. In one or more exemplary embodiments, the database is a multi-tenant database in a multi-tenant system providing instances of a virtual application to multiple tenants.
    Type: Application
    Filed: February 9, 2012
    Publication date: January 31, 2013
    Applicant: SALESFORCE.COM, INC.
    Inventors: Ganesh Mathrubootham, Qian Lu, Lu Ping Chen, Shahid H. Khatri, Hui Fung Herman Kwong, Kayvaan Ghassemieh