Patents Issued in March 12, 2024
  • Patent number: 11928199
    Abstract: An authentication system, including at least one processor configured to: perform authentication based on a first authentication method; record, when the authentication by the first authentication method is successful, an authenticated user and a location of the authenticated user in association with each other in a storage; perform authentication based on a second authentication method; and restrict successful authentication by the second authentication method when a user to be authenticated by the second authentication method and a location of the user to be authenticated are not associated with each other in the storage.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: March 12, 2024
    Assignee: RAKUTEN GROUP, INC.
    Inventor: Yeongnam Chae
  • Patent number: 11928200
    Abstract: An electronic device performs techniques related to implementing biometric authentication, including providing user interfaces for: providing indications of error conditions during biometric authentication, providing indications about the biometric sensor during biometric authentication, orienting the device to enroll a biometric feature, and providing an indication of the location of the biometric sensor to correct a detected error condition.
    Type: Grant
    Filed: October 7, 2021
    Date of Patent: March 12, 2024
    Assignee: Apple Inc.
    Inventors: Marcel Van Os, Peter D. Anton, Lynne Devine, Daamun Mohseni
  • Patent number: 11928201
    Abstract: Providing virtualized credential information includes determining whether a relying party device has access to a network/cloud infrastructure that contains at least some of the credential information, a license holder device providing the virtualized credential information directly to the relying party device in response to the relying party device not having access to the network/cloud infrastructure, and displaying at least some of the subset of credential data on a screen of the device of the relying party. Providing virtualized credential information may also include the license holder device providing authorization data to the relying party device in response to the relying party device having access to the network/cloud infrastructure and determining a preference for the relying party device to receive at least some of the virtualized credential information from the network/cloud infrastructure.
    Type: Grant
    Filed: December 21, 2017
    Date of Patent: March 12, 2024
    Assignee: HID Global CID SAS
    Inventors: Philip Hoyer, Julian Eric Lovelock
  • Patent number: 11928202
    Abstract: Our Names in physical and real world have transformed into ‘username’s in virtual digital world. Anything that we need to access in digital world asks us for a ‘username’, which can be user selected (like an e-mail address) or provided to a user (like an employee ID/Number). This ‘username’ has indeed become a SuperName, giving access to restricted areas, based on privileges, links to other services as well. So, to a cybercriminal, if a ‘username; is known, more than half the job is done. And once corresponding password is cracked, the whole digital identity lies threadbare. Damages done through transactions of such unauthorized access may get quantified, but dent to privacy is far more damaging.
    Type: Grant
    Filed: March 31, 2022
    Date of Patent: March 12, 2024
    Assignee: CertiSafe Private Limited
    Inventor: Gaurav Sharma
  • Patent number: 11928203
    Abstract: A method for operating a cooling system of a transformer, wherein the transformer is cooled via a cooling liquid that circulates in the cooling system that includes a heat-exchanger, devices for increasing heat exchange performance of the at heat-exchanger and a controller, where in a normal operating state, the controller adjusts power of the devices for increasing the heat exchange performance as a function of a measured upper temperature and where, irrespective of the measured upper temperature, the controller refrains from activating the devices and/or operates the devices at a reduced power relative to the normal operating state if the lower temperature of the cooling liquid lies below a lower threshold value during operation of the transformer to achieve improved characteristics of the cooling system during operation under low environmental temperatures of the transformer, particularly in the case of a turn-on operation following lengthy storage in a cold state.
    Type: Grant
    Filed: July 15, 2020
    Date of Patent: March 12, 2024
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Markus Höfele, Peter Kob, Rolf Schrey, Armin Zeltner
  • Patent number: 11928204
    Abstract: A TEE system that includes a first platform that runs a first TEE, a second platform that runs a second TEE, and a merging unit that is adapted to merge a first output from the first TEE of the first platform, with a second output from the second TEE of the second platform, so as to form an output of the TEE system. The first TEE and the second TEE are based on different implementations. In this way, the security of the system is improved, as a malicious actor even be able to access “t” machines, still would not be able to retrieve the secret unless there are multiple exploitable TEE vulnerabilities on all executing TEE platforms at the same time.
    Type: Grant
    Filed: December 13, 2021
    Date of Patent: March 12, 2024
    Assignee: Foris Technology Pte Ltd
    Inventors: Kian Chuan Yap, Ming Sum Sam Ng, Jason Wai King Lau, Chun Ting Yip, Tung Ling Terry Young, Durgesh Pandey
  • Patent number: 11928205
    Abstract: The various implementations described herein include methods and devices for creating and using trust binaries and blockchains. In one aspect, a method includes accessing a trust store for the computing device, including obtaining a blockchain for the trust store. A first change to the trust store is identified. In response to identifying the first change, a first block is generated and inserted into the blockchain, where the first block includes a first encrypted digest for the first change and a first block digest. A second change to the trust store is identified. In response to identifying the second change, a second block is generated and inserted into the blockchain, where the second block includes a second encrypted digest for the second change, a second block digest, and the first block digest.
    Type: Grant
    Filed: May 2, 2022
    Date of Patent: March 12, 2024
    Assignee: CSP Inc.
    Inventors: Henry Tumblin, Gary Southwell
  • Patent number: 11928206
    Abstract: Examples of the present disclosure describe systems and methods for selective export address table filtering. In aspects, the relative virtual address (RVA) of exported function names may be modified to point to a protected memory location. An exception handler may be registered to process exceptions relating to access violations of the protected memory location. If an exception is detected that indicates an attempt to access the protected memory location, the instruction pointer of the exception may be compared to an allowed range of memory addresses. If the instruction pointer address is outside the boundaries, remedial action may occur.
    Type: Grant
    Filed: April 20, 2023
    Date of Patent: March 12, 2024
    Assignee: Open Text Inc.
    Inventors: Eric Klonowski, Ira Strawser
  • Patent number: 11928207
    Abstract: Techniques are described herein that are capable of performing automatic graph-based detection of potential security threats. A Bayesian network is initialized using an association graph to establish connections among network nodes in the Bayesian network. The network nodes are grouped among clusters that correspond to respective intents. Patterns in the Bayesian network are identified. At least one redundant connection, which is redundant with regard to one or more other connections, is removed from the patterns. Scores are assigned to the respective patterns in the Bayesian network, based on knowledge of historical patterns and historical security threats, such that each score indicates a likelihood of the respective pattern to indicate a security threat. An output graph is automatically generated. The output graph includes each pattern that has a score that is greater than or equal to a score threshold. Each pattern in the output graph represents a potential security threat.
    Type: Grant
    Filed: November 5, 2021
    Date of Patent: March 12, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Anisha Mazumder, Haijun Zhai, Daniel Lee Mace, Yogesh K. Roy, Seetharaman Harikrishnan
  • Patent number: 11928208
    Abstract: A calculation device receives input of a plurality of pieces of training data including a communication destination known to be malignant as data. The calculation device generates a model that calculates a malignant degree of an input communication destination from each piece of the training data. The calculation device gives weight to each of the models, and generates a mixed model using the model and the weight. The calculation device calculates a malignant degree of a communication destination unknown whether the communication destination is malignant using the mixed model.
    Type: Grant
    Filed: April 16, 2019
    Date of Patent: March 12, 2024
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Daiki Chiba, Yuta Takata, Mitsuaki Akiyama
  • Patent number: 11928209
    Abstract: A resource conservation system, including a determination processor may be provided. The determination processor may identify a characterization output that characterizes a plurality of data structures. The characterization output may be based on plurality of inputs. The inputs may be processed through a plurality, or cascade, of artificial intelligence models both in sequence and in parallel. A numerical value may be identified for each data structure. The value may identify a degree of certainty that the determination processor accurately characterized each data structure. When the degree is above a threshold, the determination processor may identify a subset of inputs that most contributed to the characterization output. The determination processor may execute an equation to identify a subset of inputs that most contributed to the output. The equation may involve inputs and/or outputs of each of the cascade of models. Identified inputs may be ranked based on contribution to the outcome.
    Type: Grant
    Filed: December 3, 2021
    Date of Patent: March 12, 2024
    Assignee: Bank of America Corporation
    Inventors: Justin Horowitz, Melissa Podrazka, Sameer Sharma
  • Patent number: 11928210
    Abstract: This document described a module and method for monitoring systems of a host device for anomalous activities or security weaknesses. The module is configured to passively monitor the content contained within the main memory of the host device and data received by hardware components in the host device for anomalies or security weaknesses. When such anomalies are detected, the module will then initiate countermeasures to prevent the anomalies from affecting the host device and/or any storage/peripheral devices linked to the host device.
    Type: Grant
    Filed: February 28, 2023
    Date of Patent: March 12, 2024
    Assignee: FLEXXON PTE. LTD.
    Inventors: Mei Ling Chan, Nizar Bouguerra
  • Patent number: 11928211
    Abstract: Systems and methods are provided for implementing a machine learning approach to modeling entity behavior. Fixed information and periodically updated information may be utilized to predict the behavior of an entity. By incorporating periodically updated information, the system is able to maintain an up-to-date prediction of each entity's behavior, while also accounting for entity action with respect to ongoing obligations. The system may generate behavior scores for the set of entities. In some embodiments, the behavior scores that are generated may indicate the transactional risk associated with each entity. Using the behavior scores generated, a user may be able to assess the credit riskiness of individual entities and instruct one or more individuals assigned to the entities to take one or more actions based on the credit riskiness of the individual entities.
    Type: Grant
    Filed: November 21, 2022
    Date of Patent: March 12, 2024
    Assignee: Palantir Technologies Inc.
    Inventors: Paul Gribelyuk, Han Xu, Kelvin Lau, Pierre Cholet
  • Patent number: 11928212
    Abstract: Aspects of the disclosure relate to spear phishing simulation using machine learning. A computing platform may send, to an enterprise user device, a spear phishing message. The computing platform may receive initial user interaction information indicating how a user of the enterprise user device interacted with the spear phishing message. Based on the initial user interaction information and using a series of branching message templates, the computing platform may generate additional spear phishing messages. The computing platform may receive additional user interaction information indicating how the user interacted with the additional spear phishing messages. Based on the initial user interaction information and the additional user interaction information, the computing platform may compute spear phishing scores.
    Type: Grant
    Filed: October 8, 2020
    Date of Patent: March 12, 2024
    Assignee: Proofpoint, Inc.
    Inventor: Nicholas Patrick McClay
  • Patent number: 11928213
    Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one memory provides operations including: receiving a disassembled binary file that includes a plurality of instructions; processing the disassembled binary file with a convolutional neural network configured to detect a presence of one or more sequences of instructions amongst the plurality of instructions and determine a classification for the disassembled binary file based at least in part on the presence of the one or more sequences of instructions; and providing, as an output, the classification of the disassembled binary file. Related computer-implemented methods are also disclosed.
    Type: Grant
    Filed: March 20, 2020
    Date of Patent: March 12, 2024
    Assignee: Cylance Inc.
    Inventors: Andrew Davis, Matthew Wolff, Derek A. Soeder, Glenn Chisholm, Ryan Permeh
  • Patent number: 11928214
    Abstract: SPI firmware updates can be performed at runtime. A secure SPI flash access domain can be created during pre-boot and used at runtime to deliver and write a SPI firmware update to SPI flash. The secure SPI flash access domain can ensure that only a trusted component running on a trusted CPU core can access a SPI memory layout used to deploy the SPI firmware update to the SPI flash. Once the SPI firmware update is written to the SPI flash, a reboot can be triggered so that the updated SPI firmware is loaded to perform the boot process.
    Type: Grant
    Filed: August 2, 2021
    Date of Patent: March 12, 2024
    Assignee: Dell Products L.P.
    Inventors: Shekar Babu Suryanarayana, Anand Prakash Joshi
  • Patent number: 11928215
    Abstract: An apparatus to verify firmware in a computing system, comprising a non-volatile memory, including firmware memory to store agent firmware associated with each of a plurality of interconnect protocol (IP) agents and version memory to store security version numbers (SVNs) included in the agent firmware, a security controller comprising verifier logic to verify an integrity of the version memory by applying a hash algorithm to contents of the version memory to generate a SVN hash, and a trusted platform module (TPM) to store the SVN hash.
    Type: Grant
    Filed: June 29, 2022
    Date of Patent: March 12, 2024
    Assignee: Intel Corporation
    Inventors: Prashant Dewan, Chao Zhang, Nivedita Aggarwal, Aditya Katragada, Mohamed Haniffa, Kenji Chen
  • Patent number: 11928216
    Abstract: A method for protecting an OS disk of a computing device without block encrypting the OS disk. The method identifies one or more files that store configuration data associated with OS binaries executed on the computing device. The method encrypts the configuration data stored in the one or more files using an encryption key and seals the encryption key to a TPM of the computing device. The method then boots the computing device by attempting to unseal the encryption key by authenticating one or more of the OS binaries with the TPM. When authenticating the one or more of the OS binaries is successful, the method completes boot of the computing device by decrypting the configuration data using the encryption key. If authentication of the one or more of the OS binaries is not successful, however, the method aborts boot of the computing device.
    Type: Grant
    Filed: December 18, 2020
    Date of Patent: March 12, 2024
    Assignee: VMware, Inc.
    Inventors: Samyuktha Subramanian, Jesse Pool, Petr Vandrovec, Viswesh Narayanan
  • Patent number: 11928217
    Abstract: An apparatus comprising: a unit configured to verify whether a first region that specifies a verification range of a first boot code and a second region that specifies a verification range of a second boot code have been altered; a unit configured to, when the first region has not been altered, verify whether the first boot code has been altered; a unit configured to, when the first boot code has been altered and the second region has not been altered, verify whether the second boot code has been altered; and a unit configured to, when the second boot code has not been altered, restore the first boot code using the second boot code, wherein the first and second regions are regions that are not rewritten after a start of the apparatus.
    Type: Grant
    Filed: November 17, 2021
    Date of Patent: March 12, 2024
    Assignee: Canon Kabushiki Kaisha
    Inventors: Takami Eguchi, Nobuhiro Tagashira, Ayuta Kawazu
  • Patent number: 11928218
    Abstract: Systems and methods for providing a Basic Input/Output System (BIOS) enforced blocklisting of harmful applications are described. In one embodiment, an Information Handling System (IHS) may include a processor and a BIOS coupled to the processor, the BIOS having program instructions that, upon execution, cause the IHS to download an Unsafe Application List (UAL) from an online source, and during a bootstrap process of the IHS, compare a plurality of Applications (Apps) installed on the IHS against a list of harmful applications included in a UAL. When a harmful application is found by the comparison, the instructions enforce one or more policies to restrict the harmful application from being executed on the IHS.
    Type: Grant
    Filed: April 21, 2022
    Date of Patent: March 12, 2024
    Assignee: Dell Products, L.P.
    Inventors: Balasingh Ponraj Samuel, Richard M. Tonry, Jacob Vincent Mink
  • Patent number: 11928219
    Abstract: A level of classification for each piece of data of one or more pieces of data is determined. A layer of encryption for each piece of data of the one or more pieces of data is determined. A type of encryption for each piece of data of the one or more pieces of data is determined. Other mechanisms applied to each piece of data of the one or more pieces of data is determined. A first constant for the layer of encryption, a second constant for the type of encryption, a third constant for the other mechanisms applied is determined. A risk factor for each piece of data of the one or more pieces of data is determined.
    Type: Grant
    Filed: June 16, 2021
    Date of Patent: March 12, 2024
    Assignee: International Business Machines Corporation
    Inventors: Rinkesh I. Bansal, Mahesh Shivram Paradkar, Raghuraman Seshadri, Nagendra Ramamurthy Pattavardhanam
  • Patent number: 11928220
    Abstract: A method for evaluating the risk of data leakage in an application includes the steps of: extracting a DEX (Dalvik Executable) file and a so (Shared Object) file by decompressing an APK file of a mobile application; extracting DEX code information from the DEX file by parsing the DEX file; translating a content of the so file into IR (Intermediate Representation); extracting IR code information from the translated IR; generating a call-reference structure between the DEX file and the so file by processing the extracted DEX code information and the extracted IR code information; and outputting weakness information according to a risk designated in advance based on the generated call-reference structure. Accordingly, it is possible to extend the call-reference coverage of an android application.
    Type: Grant
    Filed: April 1, 2021
    Date of Patent: March 12, 2024
    Assignee: FOUNDATION OF SOONGSIL UNIVERSITY-INDUSTRY COOPERATION
    Inventors: Jeong Hyun Yi, Minseong Choi, Sunjun Lee
  • Patent number: 11928221
    Abstract: A system includes a memory and processor. The memory stores code segment vulnerability findings that were generated through static application security testing (SAST). For a first code segment, a first vulnerability finding has been classified as a real vulnerability, and a second vulnerability finding has been classified as a false positive by external review. The processor generates a code fingerprint for each code segment, which corresponds to an abstract syntax tree that has been augmented by data flow information and flattened. The processor determines that the fingerprint for the first code segment matches the fingerprint for a second code segment and that the vulnerability findings for the first code segment match those for the second. In response, the processor automatically classifies a matching first vulnerability finding for the second code segment as the real vulnerability, and a matching second vulnerability finding for the second code segment as the false positive.
    Type: Grant
    Filed: November 29, 2021
    Date of Patent: March 12, 2024
    Assignee: Bank of America Corporation
    Inventors: Jack Lawson Bishop, III, Anthony Herron, Yao Houkpati, Carrie E. Gates
  • Patent number: 11928222
    Abstract: A system includes a synchronization group of a distributed ledger network. The synchronization group includes nodes. The nodes include a first node to generate a content block of a ledger, and participate in a consensus process to generate a consensus block based at least in part on the content block. The nodes further include a second node to receive a copy of the content block from the first node, and participate in the consensus process to generate the consensus block.
    Type: Grant
    Filed: September 29, 2021
    Date of Patent: March 12, 2024
    Assignee: BLOCKFRAME, INC.
    Inventor: Christopher Paul Gorog
  • Patent number: 11928223
    Abstract: Systems, computer program products, and methods are described herein for implementing enhanced file encryption technique. The present invention is configured to receive a request from a computing device of a user to encrypt a file; encrypt the file using a local file encryption key to generate an encrypted file; transmit, via an encryption engine, a first encryption request to an encryption server to encrypt a first portion of the encrypted file; receive, from the encryption server, an encrypted first portion of the encrypted file based on at least the first encryption request, wherein the first portion of the encrypted file is encrypted by the encryption server using a first file encryption key; append the encrypted first portion of the encryption file with a remaining portion of the encrypted file to generate a final encrypted file; and store the final encrypted file in a data repository.
    Type: Grant
    Filed: January 26, 2023
    Date of Patent: March 12, 2024
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Praveen Chakravarthy Yedluri, Shyam Acharya
  • Patent number: 11928224
    Abstract: Data may be stored by receiving the data to be stored, determining whether the data is regulated in a jurisdiction, and, responsive to the determination, selecting between a regulated storage scheme, requiring that the data be stored and/or processed in the jurisdiction in accordance with one or more laws pertaining to the jurisdiction, and an unregulated storage scheme, in which the data is not required to be stored in the jurisdiction and/or is not required to be stored in accordance with the one or more laws. Further, the regulated storage scheme may be followed by initiating storage of the data in the jurisdiction in accordance with the one or more laws.
    Type: Grant
    Filed: February 10, 2023
    Date of Patent: March 12, 2024
    Assignee: InCountry, Inc.
    Inventors: Peter Yared, Marc Raiser
  • Patent number: 11928225
    Abstract: Systems, computer program products, and methods are described herein for implementing real-time redaction in a workflow configurable environment. The present invention is configured to electronically receive, from a user input device, a request to load at least one user interface associated with an application; initiate a real-time content redaction engine on contents of the one or more fields associated with the at least one user interface in response to receiving the request, wherein initiating further comprises: parsing one or more embedded structures associated with the one or more fields; identifying private information in the one or more fields based on at least parsing the one or more embedded structures; and masking the private information in the one or more fields; and load the at least one user interface associated with the application in response to masking the private information in the one or more fields.
    Type: Grant
    Filed: June 1, 2023
    Date of Patent: March 12, 2024
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Nagaraju Buddhiraju, Deepali Dadhich, Lekshan Bhathiya Jayasinghe
  • Patent number: 11928226
    Abstract: A marking onto a collaboration board, located in a first location, is detected. The marking includes the creation of one or more content elements on the collaboration board. Responsive to detecting the markings one or more content elements on the collaboration board are analyzed. A first content element of the one or more content elements is classified based on analyzing the one or more content elements. The first content element is classified as a first privileged content element. The first location of the collaboration board is scanned. The scanning is based on the classifying of the first privileged content element. An unauthorized person is identified based on scanning the first location. The unauthorized person is not permitted to view the collaboration board. A security response is performed on the collaboration board regarding the one or more content elements. The security response is performed responsive to identifying the unauthorized person.
    Type: Grant
    Filed: February 4, 2021
    Date of Patent: March 12, 2024
    Assignee: International Business Machines Corporation
    Inventors: Zachary A. Silverstein, Shikhar Kwatra, Sudhir Alluri, Manish Anand Bhide
  • Patent number: 11928227
    Abstract: A rail vehicle contains a vehicle control system being connected to a drive enable device which controls drive components for the operation of the vehicle. The vehicle control system is connected to a high-voltage enable device which controls high-voltage components of the rail vehicle. The rail vehicle contains a locking device containing controllable switches. A first switch is interposed between the vehicle control system and the drive enable device so that the control of the drive components can be prevented when the first switch is open and executed when the first switch is closed. A second switch is interposed between the vehicle control system and the high-voltage enable device so that the control of the high-voltage components can be prevented when the second switch is open and executed when the second switch is closed. The locking device is connected to an enable device which closes the switches after an authentication.
    Type: Grant
    Filed: June 17, 2019
    Date of Patent: March 12, 2024
    Assignee: Siemens Mobility GmbH
    Inventor: Christian Stroessner
  • Patent number: 11928228
    Abstract: Facilitating an object protocol based access of data within a multiprotocol environment is presented herein. In response to receiving a simple storage system (S3) protocol based request to access data via a storage device of a filesystem, the filesystem determines a type of S3 bucket that represents the data; and based on the type of S3 bucket, the filesystem facilitates an S3 protocol based access of the data via the storage device. For example, the S3 protocol based request comprises a file request to create, read, write, and/or delete a file within the storage device. In another example, the S3 protocol based request comprises an object request to create, modify, read, and/or delete an object within the storage device.
    Type: Grant
    Filed: September 25, 2020
    Date of Patent: March 12, 2024
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventor: Miles Ohlrich
  • Patent number: 11928229
    Abstract: A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.
    Type: Grant
    Filed: May 17, 2021
    Date of Patent: March 12, 2024
    Assignee: Commvault Systems, Inc.
    Inventors: Andrei Erofeev, Rahul S. Pawar
  • Patent number: 11928230
    Abstract: A method for execution by a computing device to adjust efficiency of storing data in a storage network includes processing a data segment based on a storage approach to produce a processed data segment, the storage approach being based on an estimated overwrite frequency for the data segment. The method continues by error encoding the processed data segment to produce a set of encoded data slices, where a decode threshold number of encoded data slices is needed to recover the processed data segment. The method continues by storing the set of encoded data slices in the memory of the storage network.
    Type: Grant
    Filed: February 3, 2023
    Date of Patent: March 12, 2024
    Assignee: Pure Storage, Inc.
    Inventors: Ilya Volvovski, Wesley B. Leggette, Michael C. Storm, Jason K. Resch
  • Patent number: 11928231
    Abstract: An authentication model dynamically adjusts authentication factors required for access to a remote resource based on changes to a risk score for a user, a device, or some combination of these. For example, the authentication model may conditionally specify the number and type of authentication factors required by a user/device pair, and may dynamically alter authentication requirements based on changes to a current risk assessment for the user/device while the remote resource is in use.
    Type: Grant
    Filed: March 7, 2023
    Date of Patent: March 12, 2024
    Assignee: Sophos Limited
    Inventors: Joseph H. Levy, Andrew J. Thomas, Daniel Salvatore Schiappa, Kenneth D. Ray
  • Patent number: 11928232
    Abstract: A method for protecting sensitive data from being exposed in graph embedding vectors. In some embodiments, a method may include generating first graph embedding vectors from an original graph and generating a proxy graph from the first graph embedding vectors. The proxy graph may include a plurality of proxy nodes and proxy edges connecting the proxy nodes. The proxy nodes may include one or more attributes of the original nodes that are included in the first graph embedding vectors. Second graph embedding vectors may then be generated by encoding the proxy graph and a reconstructed graph may be generated from the second graph embedding vectors. Finally, the reconstructed graph may be compared to the original graph and if a threshold level of similarity is met, a security action may be performed to protect sensitive data from being exposed.
    Type: Grant
    Filed: March 3, 2021
    Date of Patent: March 12, 2024
    Assignee: GEN DIGITAL INC.
    Inventors: Yun Shen, Yufei Han
  • Patent number: 11928233
    Abstract: Techniques are described for transaction-based read and write operations in a distributed system. In an embodiment, an authorization protocol overlaid onto a transaction to control access to each of the data pools. Using the techniques described herein, the DTRS provides authorization mechanism to ensure that the entity, which hosts the data pool, may only access the data set from an originating entity based at least upon the access rules of the originating entity set for the data set. Additionally, the DTRS's read/write transactions keep the data pools of the DTRS in synch with each other, so each data pool stores the same data sets as another data pool of the DTRS. When a data integrity service of an entity generates a new data entry from a user transaction with a client application, a new write request is generated for the DTRS to which the data integrity service belongs.
    Type: Grant
    Filed: July 29, 2021
    Date of Patent: March 12, 2024
    Assignee: RATEGAIN ADARA, INC.
    Inventors: Hongcheng Mi, Michael Baird Leavitt, Shuo Yang, Hien Nguyen
  • Patent number: 11928234
    Abstract: One embodiment provides a method, including: receiving, from a user at a collaboration platform, a request to perform a computation; generating a workflow comprising a sequence of steps for performing the computation; identifying potential data sources comprising the type of data and able to assist in performing at least one of the sequence of steps of the workflow; selecting computation data sources that collaborate to perform the computation, wherein the selecting is performed dynamically and based upon characteristics of a network created by the collaboration platform and between the computation data sources; and facilitating performance of the computation by the computation data sources using data of the computation data sources, wherein during performance of the computation the computation data sources collaborate within the network to perform the workflow while maintaining individual privacy of the data of the computation data sources and providing proof verifying a trustworthiness of the computation.
    Type: Grant
    Filed: August 6, 2021
    Date of Patent: March 12, 2024
    Assignee: International Business Machines Corporation
    Inventors: Pankaj Satyanarayan Dayama, Nitin Singh, Dhinakaran Vinayagamurthy, Santosh Ravi Kiran Penubothula
  • Patent number: 11928235
    Abstract: In a method of controlling account user access to transaction information for a joint account, a set of control criteria is stored in a control database. Information for a new transaction is received and stored in a transaction information database. An information limitation request to prevent access to the transaction information by a second account user for a withholding time interval is received from a first account user. An access limitation record including identification of the second account user and the withholding time interval is stored in the information control database. Upon receiving from a second account user a request for account information including the transaction information, a determination may be made as to whether the transaction information should be withheld from the second account user. Responsive to a determination that the transaction information should be withheld, a response excluding the transaction information is transmitted to the second user device.
    Type: Grant
    Filed: August 17, 2020
    Date of Patent: March 12, 2024
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventors: Salik Shah, Sophie Bermudez
  • Patent number: 11928236
    Abstract: Systems, methods, and apparatuses for providing a central location to manage permissions provided to third-parties and devices to access and use user data and to manage accounts at multiple entities. A central portal may allow a user to manage all access to account data and personal information as well as usability and functionality of accounts. The user need not log into multiple third-party systems or customer devices to manage previously provided access to the information, provision new access to the information, and to manage financial or other accounts. A user is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. The user is able to impose restrictions on how user data is used by devices, applications, and third-party systems, and control such features as recurring payments and use of rewards, via a central portal.
    Type: Grant
    Filed: August 27, 2020
    Date of Patent: March 12, 2024
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Lila Fakhraie, Brian M. Pearce, Steven Pulido, Benjamin Soccorsy, James Stahley, Mojdeh Tomsich
  • Patent number: 11928237
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting errors in a client device and its associated applications while preserving the privacy of the user of the device. Methods can include obtaining and blinding contextual application data for an application on a device. Data regarding the application's digital certificate and device trustworthiness data are obtained and provided to a trust assessment server along with the blinded data. This server can provide indications that the device is trustworthy and the application is authentic, and can digitally sign the blinded data. The digital signature can be validated and the unblinded contextual application data can be obtained. If the unblinded data matches the contextual application data, the application can provide the digital signature, the indications, and the unblinded contextual application data to an error detection server, which in turn can indicate the application does not have errors.
    Type: Grant
    Filed: May 12, 2020
    Date of Patent: March 12, 2024
    Assignee: Google LLC
    Inventors: Gang Wang, Marcel M. Moti Yung, David Bruce Turner
  • Patent number: 11928238
    Abstract: A domain registry (DR) service executing within a service provider network protects data, such as account data, that is associated with different accounts for testing and/or performing other operations/actions by registering an account with one or more domains. The DR service may register an account in one or more domains based on a request by a user. The operations performed that uses/changes data associated with accounts may be restricted based on the domains for which an account is registered. For example, an account that is registered in a “testing” domain may have different workflows/operations performed using the account data associated with the account registered in the testing domain as compared to an account that is not part of the testing domain.
    Type: Grant
    Filed: March 31, 2021
    Date of Patent: March 12, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Yuk Lun Patrick Kwan, Gary Rittinger, Ting-Jui Ho, Gabriel Marcelo Fusca, Barrett Lowell Brumitt
  • Patent number: 11928239
    Abstract: Disclosed herein are various embodiments for a sensitive data management system. An embodiment operates by receiving an HTTP request for an interface. A plurality of tiles, including both tiles associated with sensitive data and non-sensitive data, are identified for display on the interface. An access profile associated with providing access to the sensitive data is identified, the access profile including one or more requirements, associated with the HTTP request. Request information in the HTTP request corresponding to the one or more requirements of the access profile is identified. The identified request information is compared to the one more requirements of the access profile. A determination is made whether the identified request information satisfies the one more requirements of the access profile based on the comparing. At least one of: the second tile or the first tile and the second tile are provided for display on the interface based on the determination.
    Type: Grant
    Filed: September 30, 2021
    Date of Patent: March 12, 2024
    Assignee: SAP SE
    Inventors: Setu Saxena, Akhilesh Kumar
  • Patent number: 11928240
    Abstract: The present invention provides a means for efficiently and securely collecting, storing, and sharing all types of personal, electronic information from, for and between individuals and business users using software that runs on multiple personal, business and cloud computing systems. The information of a primary user is stored in an encrypted relational database which associates the private data with private data fields needed by secondary users or various business users. Each entity is assigned one unique user identity to ensure consistency in data privacy and sharing. Attributes for data groups exist to define the secondary users and business users who the primary user has authorized for access to or master sourcing of certified data. Change lists, including conditions for implementation, are created to facilitate management, scheduling and distribution of changes. Collection, storage, and distribution of personal data is assisted by robotic process automation algorithms.
    Type: Grant
    Filed: January 28, 2022
    Date of Patent: March 12, 2024
    Inventors: Greg Richmond, Bihama Vedaste, Dean Hamilton, John Chiong
  • Patent number: 11928241
    Abstract: A system, method, and computer program product are provided for consent management. A method may include receiving a first data request for user data associated with a user, the user data stored in a user data database; communicating a consent request to the requester system; receiving a consent response from the requester system; storing consent data associated with the consent response for the user data requested in the first data request in an immutable ledger; receiving a consent verification request from the user data database, the consent verification request based on a second data request for the user data from the requester system to the user data database; verifying the consent verification request based on the consent data; and communicating a consent verification response to the user data database, the consent verification response indicating consent from the user to share the user data with the requester system.
    Type: Grant
    Filed: August 31, 2022
    Date of Patent: March 12, 2024
    Assignee: Visa International Service Association
    Inventors: Kimberly E. Bella, Nirmal Kumar Baid, Robert B. Hedges, Jr., David Alan Henstock, Shashi Kumar Velur, Sonia Gupta, Cindy Hong, Jonathan Twichell
  • Patent number: 11928242
    Abstract: Implementations include receiving a user provided example value of personally identifiable information (PII). Occurrences of the received example value are automatically identified in a dataset of events, wherein each occurrence is identified in a portion of raw machine data of a respective event of the events. For each occurrence of the identified occurrences, an extraction rule is generated, which defines a pattern of the occurrence of the example value and is executable to identify PII values in portions of raw machine data of the events using the pattern. Values of the PII are identified in a set of events using a set of extraction rules comprising the extraction rule of a plurality of the occurrences.
    Type: Grant
    Filed: December 21, 2020
    Date of Patent: March 12, 2024
    Assignee: Splunk Inc.
    Inventors: Adam Oliner, Nghi Nguyen
  • Patent number: 11928243
    Abstract: An example of a method for detecting hacking activities includes categorizing a plurality of web pages of a web site providing bank services using a trained semantic model. The trained semantic model uses at least one resource identifier of a web page as an input and generates a web page category as an output. One or more attributes of an interaction between a user and bank services are identified. The one or more identified attributes are analyzed by comparing the one or more identified attributes with attributes known to belong to hacking interactions based on a corresponding web page category. Hacking activity is identified based on the results of the analysis.
    Type: Grant
    Filed: December 1, 2020
    Date of Patent: March 12, 2024
    Assignee: AO Kaspersky Lab
    Inventor: Sergey N. Ivanov
  • Patent number: 11928244
    Abstract: A method is disclosed, performed at a server device, for detecting tracking elements of a web page, wherein the server device is configured to control a proxy server. The method comprises obtaining a web page address configured to connect to a web server. The method comprises establishing a controlled communication interface between the server device and the web server via the proxy server. The method comprises transmitting, via the controlled communication interface, a web page request based on the web page address. The method comprises receiving, via the controlled communication interface, a web page response. The method comprises identifying, based on the web page response, a set of tracking tags including a first tracking tag and a second tracking tag and deactivating all tracking tags of the set; and activating the first tracking tag.
    Type: Grant
    Filed: May 27, 2020
    Date of Patent: March 12, 2024
    Assignee: Usercentrics A/S
    Inventor: Daniel Johannsen
  • Patent number: 11928245
    Abstract: A compromised data exchange system extracts data from websites using a crawler, detects portions within the extracted data that resemble personally identifying information (PII) data based on PII data patterns using a risk assessment module, and compares a detected portion to data within a database of disassociated compromised PII data to determine a match using the risk assessment module. A risk score may be assigned to a data item within the database in response to determining the match. In some embodiments, URL data may also be detected in the extracted data. The detected URL data represents further websites that can be automatically crawled by the system to detect further PII data.
    Type: Grant
    Filed: January 13, 2023
    Date of Patent: March 12, 2024
    Assignee: Early Warning Services, LLC
    Inventors: Lester Leland Lockhart, III, David Hugh Munson, Gregor R. Bonin, Michael Cook
  • Patent number: 11928246
    Abstract: Content within a memory device (e.g., a DRAM) may be secured in a customizable manner. Data can be secured and the memory device performance by be dynamically defined. In some examples, setting a data security level for a group of memory cells of a memory device may be based, at least in part, on a security mode bit pattern (e.g., a flag, flags, or indicator) in metadata read from or written to the memory device. Some examples include comparing a first signature (e.g., a digital signature) in metadata to a second value (e.g., an expected digital signature) to validate the first value in the metadata. The first value and the second value can be based, at least in part, on the data security level. Some examples include performing a data transfer operation in response to validation of the first and/or second values.
    Type: Grant
    Filed: June 14, 2021
    Date of Patent: March 12, 2024
    Assignee: Micron Technology, Inc.
    Inventors: Alberto Troia, Antonino Mondello
  • Patent number: 11928247
    Abstract: An encryption and signature device for AI model protection is provided. The encryption and signature device for AI model protection includes a key derivation unit, a model encryption unit, a model password encryption unit, an image generation unit and a signature unit. The key derivation unit is configured to derive a model key according to a model password and a derivation function. The model encryption unit is configured to encrypt an AI model according to the model key to generate an encrypted AI model. The model password encryption unit is configured to encrypt the model password to generate an encrypted model password. The image generation unit is configured to generate an image file according to the encrypted model password and the encrypted AI model. The signature unit is configured to sign the image file according to a private key to obtain a signed image file.
    Type: Grant
    Filed: November 1, 2021
    Date of Patent: March 12, 2024
    Assignee: CVITEK CO. LTD.
    Inventors: Tsung-Hsien Lin, Jen-Shi Wu, Hsiao-Ming Chang
  • Patent number: 11928248
    Abstract: A semiconductor device is configured to implement a security protocol. The semiconductor device includes an entropy source that includes a plurality of bitcells. The entropy source is configured to output a sequence of physical unclonable function bit values based on intrinsic properties of the plurality of bitcells to generate a unique device secret for the security protocol, and selectively damage at least a portion of the plurality of bitcells to prevent reverse engineering the sequence of physical unclonable function bit values.
    Type: Grant
    Filed: June 21, 2022
    Date of Patent: March 12, 2024
    Assignee: Marvell Asia Pte Ltd
    Inventor: Eric Hunt-Schroeder