Application Layer Security Patents (Class 713/152)
  • Patent number: 12126715
    Abstract: A method and system of providing verification of information of a user relating to an attestation transaction is provided, and includes sending a request for information of the user, wherein the information has been previously attested to in an attestation transaction stored within a centralized or distributed ledger at an attestation address; receiving at a processor associated with a verifier the information of the user; sending a cryptographic challenge nonce; receiving at the processor associated with the verifier the cryptographic challenge nonce signed by the user's private key; verifying user identity with the cryptographic challenge nonce signed by the user's private key; deriving a public attest key by using the information of the user; deriving an attestation address using the public attest key; and verifying the existence of the attestation transaction at the attestation address in the centralized or distributed ledger.
    Type: Grant
    Filed: July 17, 2023
    Date of Patent: October 22, 2024
    Assignee: Civic Technologies, Inc.
    Inventors: Jonathan Robert Smith, Vinodan Karthikeya Lingham, John Driscoll, Iain Charles Fraser
  • Patent number: 12095749
    Abstract: A computer generates a first encrypted message by encrypting an unencrypted message for decryption at a receiving device. The computer couples the first encrypted message with addressing data associated with the receiving device to generate a coupled message. The computer generates a second encrypted message by encrypting the coupled message for decryption at a data transmission service. The computer transmits the second encrypted message via the data transmission service to enable the receiving device to read the unencrypted message.
    Type: Grant
    Filed: December 9, 2021
    Date of Patent: September 17, 2024
    Assignee: Netflow, UAB
    Inventor: Karolis Kaciulis
  • Patent number: 12088617
    Abstract: A system has a firewall ingress node carrying network traffic. An attack injector creates a network attack flow on the firewall ingress node and thereby forms with the network traffic a composite firewall input signal on the firewall ingress node. A firewall egress node carries a response signal corresponding to the composite firewall input signal. A network monitor is connected to the firewall ingress node and the firewall egress node. The network monitor includes a homodyne detector to multiply the response signal by an oscillating driver signal to form a product that is integrated over time to form a homodyne detector response signal that is larger when the homodyne detector response signal has some component with the same frequency as the oscillating driver signal.
    Type: Grant
    Filed: January 18, 2022
    Date of Patent: September 10, 2024
    Assignee: Cpacket Networks Inc.
    Inventors: Ron Nevo, Douglas Cooper, Tzahi Grunzweig
  • Patent number: 11924182
    Abstract: Systems and methods related to a VPN controller are provided. In some embodiments, a first VPN controller is configured to establish a VPN tunnel with a client endpoint, wherein the VPN tunnel is established using an authentication process of the client endpoint, route a L2 request to a second VPN controller via an established communication tunnel between the first VPN controller and the second VPN controller by identifying a Generic Routing Encapsulation (GRE) header of the L2 request and based on the GRE header of the L2 request, directing the L2 request to a responsive L2 device accessible by the second VPN controller, receive an encapsulated L2 response from the second VPN controller identifying acceptance of the L2 request, and enable an electronic communication between the client endpoint and the responsive L2 device at least via the VPN tunnel between the client endpoint and the first VPN controller.
    Type: Grant
    Filed: February 28, 2022
    Date of Patent: March 5, 2024
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Amit Agrawal, Nagendra Babu Rapaka, Ravi Suhane
  • Patent number: 11785046
    Abstract: A system and method for altering client fingerprint that includes editing data components of network communication from a client device to a server, which comprises editing network protocol data from the client during negotiation of a cryptographic protocol; selectively enabling access to library components specified in the edited client network protocol data; and sending a client communication to the server using the edited client network protocol data.
    Type: Grant
    Filed: May 21, 2020
    Date of Patent: October 10, 2023
    Assignee: Plaid Inc.
    Inventor: Shawn Bracken
  • Patent number: 11625469
    Abstract: Technologies are provided for prevention of organizational data leakage across platforms based on device status. A device management service may include status information for a client device and/or a connection in a token provided to the client device and update the status in response to changes. An applicable data protection policy may be determined based on the detected status and optionally based on data being accessed. An instruction may be transmitted to a client application executed on the client device based on the applicable data protection policy thereby enforcing the data protection policy at the server. The instruction may cause a script executed at the client application to disable one or more user interface controls associated with functionality such as downloading, synchronizing, printing, etc. of the organizational data to prevent leakage of organizational data.
    Type: Grant
    Filed: May 19, 2017
    Date of Patent: April 11, 2023
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Sameer Yadav, Willard Bruce Jones, Matthew R. Wallace, Kavita K. Kamani, Titus C. Miron, Alexandru Munteanu, Sarat Subramaniam
  • Patent number: 11588647
    Abstract: Provided is a method for validating a predetermined digital certificate having a validation device, wherein the validation device stores approval information that specifies which digital certificates of a plurality of digital certificates are permissible digital certificates, and wherein the validation device further stores trust information which indicates a trust level of the permissible digital certificates. The method includes determining, while taking account of the approval information, whether the predetermined digital certificate is permissible for the planned use under the current conditions; and if it is determined that the predetermined digital certificate is permissible, determining the trust level of the predetermined digital certificate by taking into consideration the trust information for the planned use and the current conditions, is provided.
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: February 21, 2023
    Assignee: SIEMENS GAMESA RENEWABLE ENERGY A/S
    Inventors: Michael Munzert, David von Oheimb
  • Patent number: 11568076
    Abstract: A computer-implemented method of transferring a data string from an application to a data protection device. To provide a computer-implemented method of transferring a data string from an application to a data protection device that the database query contains the data string and the database query is coded in a database language.
    Type: Grant
    Filed: May 24, 2019
    Date of Patent: January 31, 2023
    Assignee: COMFORTE AG
    Inventors: Henning Horst, Michael Horst
  • Patent number: 11533657
    Abstract: This application provides an acknowledgment packet transmission method and a communications device. The method includes: receiving, by a first device, data sent by a second device; sending, by the first device, the acknowledgment packet to the second device, where the acknowledgment packet includes an acknowledgment field, the acknowledgment field carries data lengths of K groups of data packets, and the data lengths vary with a data amount included in each group of data packets received/lost by the first device.
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: December 20, 2022
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Weiguang Wang, Feng Li, Xingwang Zhou
  • Patent number: 11496811
    Abstract: A method for assessing and improving network performance using video session data. Control plane signaling data comprising geographic location data from network monitoring equipment connected to a communications network is collected. Video session data comprising data of a plurality of video sessions from video monitoring equipment connected to the communications network is collected. The plurality of video sessions are associated with a plurality of mobile devices streaming videos on the respective mobile device across the communications network. The video session data and control plane signaling data within a cell of the communications network is correlated. The correlated data is provided to a communications network provider. The communications network is reorganized according to the correlated data.
    Type: Grant
    Filed: November 16, 2020
    Date of Patent: November 8, 2022
    Assignee: NetScout Systems, Inc.
    Inventors: Robert W. Froehlich, Wing F. Lo, Karsten Gaenger
  • Patent number: 11481778
    Abstract: A message processing server includes a message processor and a database of multi-layer tokens. Each token in the database includes a plurality of encrypted data layers. The first layer includes a first data pointer. A primary layer includes the first layer and identifies a reference data value. The message processor receives from a communications device an authentication request identifying a first data value, validates the authentication request from the first data value and the reference data value configured in one of the multi-layer tokens, receives a first authorization message including a first cryptographic key, derives a first decrypted data layer from the first cryptographic key and the first encrypted data layer of the one multi-layer token, and validates the first data pointer by receiving confirmation of the first data pointer pointing to a database entry comprising a second data value less than the reference data value.
    Type: Grant
    Filed: October 6, 2016
    Date of Patent: October 25, 2022
    Assignee: The Toronto-Dominion Bank
    Inventors: Matthew Randolph Molnar, Jonathan K. Barnett, John Jong Suk Lee, Paul Mon-Wah Chan, Orin Del Vecchio
  • Patent number: 11470102
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.
    Type: Grant
    Filed: November 12, 2018
    Date of Patent: October 11, 2022
    Assignee: Palantir Technologies Inc.
    Inventors: Samuel Jones, Timothy Yousaf, Drew Dennison, Vivek Lakshmanan, Joseph Staehle, Samuel Kremin, Maxim Kesin, Taylor Heroux
  • Patent number: 11362811
    Abstract: The present disclosure describes techniques for configuring and participating in encrypted audio calls, audio conferences, video calls, and video conferences. In particular, a call initiator generates a meeting identifier and a first meeting key, which are encrypted using a first encryption key and distributed to one or more participants of the call. The one or more participants decrypt the meeting identifier and the first meeting key, and use that information to participate in the encrypted call. Further, participants respond to the encrypted communication data by encrypting their reply data with the first meeting key. The call initiator decrypts the reply data using the first meeting key.
    Type: Grant
    Filed: March 16, 2020
    Date of Patent: June 14, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Dipakkumar R. Kasabwala, Thomas Michael Leavy
  • Patent number: 11336627
    Abstract: According to an implementation of the disclosure, a computing device may record substantially all the network traffic being transported over a first node of a network over a period of time. The computing device may receive an authenticated request from a forensics system that includes access criteria. The first computing device may determine a relevant encrypted and unencrypted portion of the network traffic based on the access criteria. Based on unencrypted portion, the computing device may recalculate an encryption key applicable to the encrypted portion. The computing device may then replicate the relevant portion and the encryption key to the forensics system for forensic analysis.
    Type: Grant
    Filed: July 16, 2019
    Date of Patent: May 17, 2022
    Assignee: Salesforce, Inc.
    Inventors: Mark Manasse, Amit Limaye
  • Patent number: 11314858
    Abstract: A computing device may detect events such as a break-in, fire, flood, movement of people between different areas or zones within a defined area, cyberattacks, movement of devices away from the defined area, etc. If an event is detected, the computing device may take action to protect devices, data on the devices, and/or accounts accessible by the devices. The devices may encrypt, backup data, and/or delete data. The computing device may communicate with other computing devices about events that have been detected.
    Type: Grant
    Filed: October 10, 2018
    Date of Patent: April 26, 2022
    Assignee: Comcast Cable Communications, LLC
    Inventors: William McMaster, Brian Xu, Sanjay Dorairaj
  • Patent number: 11283810
    Abstract: A communication control method executed by a processor included in a communication control device that controls communication with a communication device, the method includes, when a communication access to the communication device is detected, specifying a related characteristic corresponding to the communication device by referring to a first memory that stores communication device-related characteristics, determining a security function corresponding to the specified related characteristic by referring to a second memory that stores executable security functions for the communication device-related characteristics, and executing the security function determined at the determining for the communication device of the communication access.
    Type: Grant
    Filed: January 22, 2019
    Date of Patent: March 22, 2022
    Assignee: FUJITSU LIMITED
    Inventors: Takeshi Ohtani, Ryuichi Matsukura, Jun Kakuta
  • Patent number: 11244072
    Abstract: In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.
    Type: Grant
    Filed: May 31, 2021
    Date of Patent: February 8, 2022
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Kevin Jones, Jonathan Blake Brannon
  • Patent number: 11184324
    Abstract: Examples provide a deep packet inspection for performing security operations on network data packets by a plurality of enhanced packet analyzers. A copy of a mirrored network data packet is sent to each of the packet analyzers. Each packet analyzer performs one or more security operations on the copy in parallel, and generates an allow recommendation or a deny recommendation. If all the recommendations are allow recommendations, a virtual network interface controller (VNIC) routes the network data packet to its destination. If at least one of the recommendations is a deny recommendation, the VNIC discards the network data packet.
    Type: Grant
    Filed: September 3, 2019
    Date of Patent: November 23, 2021
    Assignee: NICIRA, INC.
    Inventor: Sudheendra Bangalore Krishnamurthy
  • Patent number: 11159547
    Abstract: A computer system extracts features of documents that mention malware programs to determine textual features that correspond to individual ones of the malware programs. The computer system performs analysis of samples of malware programs to determine features corresponding to the samples. The computer system performs clustering using the textual features and using the features that correspond to the samples of the malware programs. The clustering creates clusters of data points, each data point corresponding to an individual one of the malware programs. The clusters contain data points considered by the clustering to be similar. The computer system outputs indications of the clusters to allow determination of whether data points in the clusters correspond to individual ones of specific malwares. Apparatus, methods, and computer program products are disclosed.
    Type: Grant
    Filed: August 3, 2017
    Date of Patent: October 26, 2021
    Assignee: International Business Machines Corporation
    Inventors: Suresh Chari, Heqing Huang, Taesung Lee, Youngja Park
  • Patent number: 11153095
    Abstract: A more efficient internet-of-things (IoT) manufacturing process can be achieved using hash functions to authenticate and identify IoT devices. Device data comprising manufacturer name data, device name data, software version data, and/or hardware version data can be feed through a hash function to generate hashed data. Additionally, same and/or similar data can be hashed via a manufacturing process. The two outputs from both sets of data can then be matched to determine the authentication of a device. Based on the authenticity of the device being verified, the IoT device can undergo a certification process as a part of the manufacturing process. This manufacturing process comprising hashed data can eliminate current manufacturing processes and allow for a unique identifier to be associated with the IoT device.
    Type: Grant
    Filed: April 30, 2019
    Date of Patent: October 19, 2021
    Assignee: AT&T MOBILITY II LLC
    Inventors: Thomas Becker, Jordan Alexander, Paul Daunno
  • Patent number: 11122008
    Abstract: Systems, methods, and computer-readable media for creating service chains for inter-cloud traffic. In some examples, a system receives domain name system (DNS) queries associated with cloud domains and collects DNS information associated the cloud domains. The system spoofs DNS entries defining a subset of IPs for each cloud domain. Based on the spoofed DNS entries, the system creates IP-to-domain mappings associating each cloud domain with a respective IP from the subset of IPs. Based on the IP-to-domain mappings, the system programs different service chains for traffic between a private network and respective cloud domains. The system routes, through the respective service chain, traffic having a source associated with the private network and a destination matching the IP in the respective IP-to-domain mapping.
    Type: Grant
    Filed: May 8, 2020
    Date of Patent: September 14, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Balaji Sundararajan, Samar Sharma
  • Patent number: 11089061
    Abstract: A cloud device is configured in an email transmission pathway. The cloud device receives an email attachment whose maliciousness status is determined to be unknown. The cloud device encrypts the email attachment and delivers the encrypted attachment to the recipient. When the recipient attempts to access the encrypted attachment, the cloud device re-determines the maliciousness status of the attachment. If the re-determined maliciousness status is benign, the cloud device allows the encrypted attachment to be decrypted and opened locally on the recipient's device. If the re-determined maliciousness status is still unknown, the cloud device provides a cloud-based viewing solution to the recipient using an isolation service.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: August 10, 2021
    Assignee: CA, INC.
    Inventors: Nikhil Sinha, Alexander Harris, John Steenbruggen, Ananta Krishna Vadlamani
  • Patent number: 11088994
    Abstract: An application using a virtual private network (VPN) is programmed to transmit proxy traffic to a remote proxy server. Traffic to the proxy server is intercepted, shifted to user space, and processed according to one or more options. Traffic may be terminated by a local proxy that resolves domain names in traffic and requests referenced content. Intercepted traffic may include plain text data in headers that is encrypted before forwarding to a different proxy server. Traffic may be evaluated, such as a User Agent string in order to determine routing choices, such as blocking, throttling, local termination, transmitting through a VPN, or other options. Multiple VPNs may operate on the same user computer and proxy traffic may be intercepted and processed by transmitting it through a VPN, bypassing all VPNs, or routing through a different VPN.
    Type: Grant
    Filed: August 8, 2018
    Date of Patent: August 10, 2021
    Assignee: Twingate Inc.
    Inventors: Eugene Lapidous, Sean Ghiocel, Maxim Molchanov, Eduardo Panisset
  • Patent number: 11057289
    Abstract: A method for identifying a network application. The method includes analyzing metadata and source code of a network application to extract a set of application tokens, generating an index document of the network application based on the set of application code tokens, wherein the index document is included in a library of index documents corresponding to a number of network applications, extracting a set of packet header tokens from a packet header of a packet in a flow, comparing the set of packet header tokens to the set of index documents to generate a number of match scores, wherein each match score represents a similarity measure between the set of packet header tokens and one index document, and determining, based on a highest match score corresponding to a particular network application, that the flow is generated by the particular network application.
    Type: Grant
    Filed: December 26, 2017
    Date of Patent: July 6, 2021
    Assignee: The Boeing Company
    Inventors: Gyan Ranjan, Alok Tongaonkar, Ruben Torres
  • Patent number: 11057430
    Abstract: Methods, systems, and devices for server-initiated secure sessions are described, A browser application may connect to a portal, where the portal may transmit a command to a server agent to initiate a secure session with an endpoint device. The server agent may be housed in a destination server, and may establish a secure connection with an intermediary server using a secure communication protocol. The secure connection may be made by directing the destination server to open an outbound connection through a firewall of the destination server, A browser session may be redirected to the intermediary server from the browser application, and the intermediary server may route the browser session traffic to the secure connection.
    Type: Grant
    Filed: October 9, 2018
    Date of Patent: July 6, 2021
    Assignee: JumpCloud, Inc.
    Inventors: Rajat Bhargava, Christopher Marie, James Brown
  • Patent number: 11051247
    Abstract: A transmission/reception device with wake-up radio for a node with limited resources such as an IoT network node. The device includes a permanently powered auxiliary circuit, capable of detecting a wake-up token, and a main circuit, normally in the idle state and activated by the auxiliary circuit when a wake-up token is detected. The next wake-up token is calculated by the main circuit by applying a one-way function to at least part of a message exchanged on the main radio through a secure communication.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: June 29, 2021
    Assignee: COMMISSARIAT A L'ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES
    Inventors: Maxime Montoya, Simone Bacles-Min, Anca Molnos, Jacques Fournier
  • Patent number: 11032266
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identifying a digital certificate associated with data and assigning a reputation to the digital certificate, where the digital certificate is classified as trusted if the digital certificate is included in an entry in a whitelist and the digital certificate is classified as untrusted if the digital certificate is included in an entry in a blacklist.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: June 8, 2021
    Assignee: McAfee, LLC
    Inventors: James Bean, Joel R. Spurlock, Cedric Cochin, Aditya Kapoor, Ramnath Venugopalan
  • Patent number: 11023616
    Abstract: In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.
    Type: Grant
    Filed: March 23, 2020
    Date of Patent: June 1, 2021
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Kevin Jones, Jonathan Blake Brannon
  • Patent number: 11025655
    Abstract: Techniques for inspecting network traffic are disclosed. An application executing as an operating system extension that uses a virtual private network (VPN) stack of the operating system intercepts an Internet protocol (IP) packet for delivery to a remote computer system. A determination is made of an action to take in response to intercepting the packet. The determined action is taken.
    Type: Grant
    Filed: July 11, 2019
    Date of Patent: June 1, 2021
    Assignee: Fyde, Inc.
    Inventors: Sinan Eren, Jose Luis Ferras Pereira, Pablo German Sole, Luisa Marina Moya Praca de Araujo Lima
  • Patent number: 11017084
    Abstract: A method for detecting malicious code fragments based on data-flow isolation is provided. The method may include isolating data flows associated with a computing program for a user device. The method may further include mapping steps for the isolated data flow to modules associated with the computing program and the user device. The method may further include comparing the mapped steps to determine connections between the isolated data flows. The method may further include, based on the comparison of the mapped steps and the modules, determining whether the isolated data flows comprise malicious data flow deviations. The method may also include, in response to the determination that the isolated data flows comprise malicious data flow deviations, determining whether the computer program is malicious by weighing security risks associated with the malicious data flow deviations based on security risk factors.
    Type: Grant
    Filed: November 21, 2017
    Date of Patent: May 25, 2021
    Assignee: International Business Machines Corporation
    Inventors: Roee Hay, Marco Pistoia, Omer Tripp
  • Patent number: 11012523
    Abstract: In one embodiment, a proxying agent loaded at application startup loads a circuit breaker framework into a class loader, and also loads a circuit breaker proxy into an extension class loader seen by the proxying agent and by the application. The proxying agent may also instrument selected methods of the application, such that, when calling to run an instrumented method: an ID of the circuit breaker proxy is set to a trackable context, and the proxy execution may be held until exit of the run method (and if exit of the run method is due to a particular exception, an exception of the proxy may also be set to reflect the particular exception). The circuit breaker may then monitor the proxy for latency, exceptions, and circuit breaker trip criteria, and stops the run method in response to the latency, exceptions, or circuit breaker trip criteria surpassing a particular respective threshold.
    Type: Grant
    Filed: July 24, 2019
    Date of Patent: May 18, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Walter Theodore Hulick, Jr., Harish Nataraj
  • Patent number: 10992690
    Abstract: Techniques for inspecting network traffic are disclosed. An application executing as an operating system extension that uses a virtual private network (VPN) stack of the operating system intercepts an Internet protocol (IP) packet for delivery to a remote computer system. A determination is made of an action to take in response to intercepting the packet. The determined action is taken.
    Type: Grant
    Filed: July 11, 2019
    Date of Patent: April 27, 2021
    Assignee: Fyde, Inc.
    Inventors: Sinan Eren, Jose Luis Ferras Pereira, Pablo German Sole, Luisa Marina Moya Praca de Araujo Lima
  • Patent number: 10963576
    Abstract: Systems and methods for receiving a request to analyze trust of a client system and perform actions based on a client trust profile. A trust rating server device receives a request from a client computing device to analyze the trust on the device. The request identifies at least one credential or certificate installed on the device for example. The credential or certificate is obtained and analyzed to identify key information that relates to trust, such as level of encryption, country or entity of origin, duration of credential, certifying authority, etc. A rating is established using the key information and compared to a profile or other metric. One or more credentials or certifications may be blocked, disabled, enabled or removed based on a user's profile. Trust credentials are continuously monitored on the device for changes, and new credentials are blocked that do not meet thresholds established in the user's profile.
    Type: Grant
    Filed: July 30, 2019
    Date of Patent: March 30, 2021
    Assignee: The Privacy Factor, LLC
    Inventor: Mark A. Sartor
  • Patent number: 10938553
    Abstract: The present disclosure relates to generating an identifier, an encrypted value that is an original value encrypted, and a Message Authentication Code (MAC) at a server device, and to generating a message including a message header and a message body, said message header including the identifier and the MAC, and said message body including the encrypted value, and said that the MAC key used to compute the message authentication code is included in the original value to be encrypted, and further relates to transmitting the message to a client device.
    Type: Grant
    Filed: November 27, 2015
    Date of Patent: March 2, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Liqun Chen, Nigel Edwards
  • Patent number: 10929553
    Abstract: The application provides a managing method and device for a sensor access authority, and relates to the field of information security. The method includes: determining a second sensor corresponding to a first sensor and having a type different from the first sensor in response to adjustment of an access authority of an application program to the first sensor, and then adjusting the access authority of the application program to the second sensor. The second sensor corresponding to a first sensor is determined when an access authority of an application program to the first sensor is adjusted, and the access authority of the application program to the second sensor is adjusted, thereby avoiding the second sensor collecting and leaking privacy information of the user and protecting privacy security of the user.
    Type: Grant
    Filed: December 2, 2016
    Date of Patent: February 23, 2021
    Assignee: BEIJING ZHIGU RUI TUO TECH CO., LTD.
    Inventors: Kuifei Yu, Ran Xu
  • Patent number: 10911237
    Abstract: A means of using a virally connected network of friends to assist each other to recover encrypted data should any single person lose their encryption key, without noticeably risking the security of the encrypted data to any persons with access to the encrypted data or to the Internet, including the virally connected network of friends.
    Type: Grant
    Filed: March 9, 2018
    Date of Patent: February 2, 2021
    Inventors: Jim Zubov, John Kenneth Brixius
  • Patent number: 10901717
    Abstract: A request to install an application on a device may be received, and data associated with the device and a set of users associated with the device may be received. Acceptance factors specified in a terms and conditions document associated with the application to be installed on the device may be identified. A terms and conditions implication of installing the application on the device may be determined based on the acceptance factors. Based on the terms and conditions implication, a rule may be dynamically generated to control at least a running of the application on the device. The rule may be activated or caused to be activated on the device. The activation of the rule may control the running of the application on the device.
    Type: Grant
    Filed: July 16, 2018
    Date of Patent: January 26, 2021
    Assignee: International Business Machines Corporation
    Inventors: Skyler Speakman, Komminist Weldemariam
  • Patent number: 10885180
    Abstract: Techniques are disclosed relating to detecting that a client system is an emulated computer system based on its computational performance of one or more challenge problems. In some embodiments, a server computer system may receive, from a client system, a request to access a web service. The server computer system may determine reported technical features of the client system and select a particular challenge problem to provide to the client system. The server computer system may determine an expected response time of the particular challenge problem for the client system. The server computer system may receive a challenge response from the client system that includes a proposed solution to the particular challenge problem. The server computer system may then determine whether to authorize the request based on a measured response time by the client system and the expected response time of the particular challenge problem for the client system.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: January 5, 2021
    Assignee: PayPal, Inc.
    Inventors: Bradley Wardman, Blake Butler
  • Patent number: 10812496
    Abstract: In one embodiment, a method includes receiving data associated with a cluster at a computer and processing the data at the computer to automatically generate a description of the cluster. The data includes cluster data comprising data within the cluster and non-cluster data comprising a remaining set of the data. The description comprises a minimal set of features that uniquely defines the cluster to differentiate the cluster data from non-cluster data. An apparatus and logic are also disclosed herein.
    Type: Grant
    Filed: October 1, 2015
    Date of Patent: October 20, 2020
    Assignee: CISCO TECHNOLOGY, INC.
    Inventor: Blake Harrell Anderson
  • Patent number: 10778697
    Abstract: With regard to a method for transmitting and receiving data in a wireless communication system in the present specification, a method implemented by a first network node is characterized by comprising: transmitting a control message, including information pertaining to terminal context retention properties, to a terminal; receiving a first message including a first information block from the terminal; carrying out a verification process on the terminal on the basis of the received first message; and transmitting a second message to the terminal according to the results of the verification of the terminal, wherein the terminal context retention properties represent at least one of whether terminal context is retained or whether terminal context can be changed.
    Type: Grant
    Filed: June 22, 2016
    Date of Patent: September 15, 2020
    Assignee: LG Electronics Inc.
    Inventors: Heejeong Cho, Jiwon Kang, Genebeck Hahn, Eunjong Lee, Ilmu Byun
  • Patent number: 10764252
    Abstract: A method and system for communicating between a managed device and a device manager is provided by sending the managed device a message over a first communications channel, and then initiating communication between the managed device and the device manager over a second communications channel in response to the message, wherein the first communications channel and the second communications channel are of different types.
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: September 1, 2020
    Assignee: VODAFONE IP LICENSING LTD
    Inventors: Nick Bone, Simone Ferrara
  • Patent number: 10764263
    Abstract: Apparatuses and methods for authenticating a user to a host by an agent are disclosed. In the method the agent receives a connection request to the host from the user. In response to the received connection request, the agent determines an ephemeral authenticator, and acquires using the ephemeral authenticator a second authenticator. The second authenticator is based at least in part on use of the ephemeral authenticator. The agent then authenticates the user to the host using the second authenticator.
    Type: Grant
    Filed: November 28, 2016
    Date of Patent: September 1, 2020
    Assignee: SSH Communications Security OYJ
    Inventor: Markku Rossi
  • Patent number: 10712796
    Abstract: A non-transitory computer readable storage medium having stored thereon instructions, the instructions being executable by one or more processors to perform operations including: receiving, by a calibration module executed by the one or more processors, a calibration request including (i) a workload type, (ii) a list of compute nodes belonging to a distributed computer system, and (iii) one or more frequencies; responsive to identifying the workload type as a clustered workload type, instructing a plurality of compute nodes on the list of compute nodes to begin processing a workload of the workload type; and responsive to identifying the workload type as a clustered workload type, instructing a compute node on the list of compute nodes to begin processing the workload of the workload type is shown.
    Type: Grant
    Filed: December 24, 2014
    Date of Patent: July 14, 2020
    Assignee: INTEL CORPORATION
    Inventors: Muralidhar Rajappa, Andy Hoffman, Devadatta Bodas, Justin Song, James Alexander
  • Patent number: 10698900
    Abstract: Systems and methods are disclosed for generating a distributed execution model with untrusted commands. The system can receive a query, and process the query to identify the untrusted commands. The system can use data associated with the untrusted command to identify one or more files associated with the untrusted command. Based on the files, the system can generate a data structure and include one or more identifiers associated with the data structure in the distributed execution model. The system can distribute the distributed execution model to one or more nodes in a distributed computing environment for execution.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: June 30, 2020
    Assignee: Splunk Inc.
    Inventors: Arindam Bhattacharjee, Sourav Pal, Alexander Douglas James
  • Patent number: 10701091
    Abstract: A computerized method to identify potentially malicious code in a network is described. Herein, information associated with a threat is analyzed to yield intelligence that includes instructions or indicators related to the threat. Based on the intelligence, a determination is made as to an endpoint device, which includes an endpoint agent, is to (i) receive at least one of the instructions or the indicators, (ii) conduct an examination of memory of the endpoint device for data corresponding to any of the instructions or the indicators, and (iii) obtain results of the examination. Verification information, including at least a portion of the results of the examination by the endpoint device and an identifier for the endpoint device, is gathered and correlated to determine whether such information corresponds to a verified threat. Thereafter, a notification, including a portion of the verification information, is sent to identify the verified threat.
    Type: Grant
    Filed: July 23, 2018
    Date of Patent: June 30, 2020
    Assignee: FireEye, Inc.
    Inventors: Sean Cunningham, Robert Dana, Joseph Nardone, Joseph Faber, Kevin Arunski
  • Patent number: 10666665
    Abstract: A confirmation apparatus includes a determination unit configured to determine whether an information processing apparatus that has transmitted a security confirmation instruction executes communication via a firewall, a setting unit configured to set predetermined ports as inspection targets in a first case where the determination unit determines that the information processing apparatus executes communication via the firewall, and set ports listed in a used port list received from the information processing apparatus as the inspection targets in a second case where the determination unit determines that the information processing apparatus executes communication without interposing the firewall, an inspection unit configured to inspect ports set as the inspection targets by the setting unit, and a notification unit configured to notify the information processing apparatus of an inspection result acquired by the inspection unit.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: May 26, 2020
    Assignee: Canon Kabushiki Kaisha
    Inventor: Masamichi Akashi
  • Patent number: 10652297
    Abstract: A method for the transmission and adaption of data can include the steps of generating generic requirement documents, identifying a plurality of suitable communication patterns on the basis of the generic requirement documents, determining currently available transport options and their service quality across at least one communication network, and selecting a communication pattern from a plurality of suitable communication patterns based on the network transmission qualities of the at least one communication network. The method can utilize a first functional layer and a second functional layer that are integrated between a software application layer and a network access layer that each receive input documents that are independent of each other. The input documents of the second functional layer can contain transport-related information while the input documents of the first functional layer can contain application-related information.
    Type: Grant
    Filed: January 30, 2019
    Date of Patent: May 12, 2020
    Assignee: Unify GmbH & Co. KG
    Inventors: Jurgen Totzke, Karl Klug, Paul Mueller, Tino Fleuren, Joachim Goetze, Ralf Steinmetz, Apostolos Papageorgiou, Ulrich Lampe, Phuoc Tran-Gia, Martina Zitterbart, Erwin Rathgeb, Adam Wolisz
  • Patent number: 10642996
    Abstract: A method, system and computer-usable medium for adaptively remediating multivariate risk, comprising: detecting a violation of a multivariate security policy, the multivariate security policy comprising a plurality of variables; identifying a variable from the plurality of variables associated with a cause of the violation; associating an entity with the variable associated with the cause of the violation; and, adaptively remediating a risk associated with the entity.
    Type: Grant
    Filed: July 25, 2018
    Date of Patent: May 5, 2020
    Assignee: Forcepoint LLC
    Inventors: Richard A. Ford, Ann Irvine, Adam Reeve
  • Patent number: 10637848
    Abstract: Disclosed herein is an apparatus for supporting authentication between devices, which includes a certificate information storage unit for storing certificate data of a first terminal for managing a certificate; a communication unit for receiving a request for a certificate of the first terminal, which uses a signature value and certificate-related information corresponding to the first terminal, from a second terminal and returning information corresponding to a valid certificate of the first terminal to the second terminal in order to enable the second terminal to authenticate the first terminal; and a certificate verification unit for verifying whether a certificate of the first terminal is valid.
    Type: Grant
    Filed: November 15, 2017
    Date of Patent: April 28, 2020
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Yun-Kyung Lee, Young-Ho Kim, Jeong-Nyeo Kim, Jae-Deok Lim, Bo-Heung Chung, Hong-Il Ju, Yong-Sung Jeon
  • Patent number: 10628466
    Abstract: A full-text index can be created for each mailbox of an EDB to facilitate the performance of complex queries to quickly search for email data. In this way, relevant email data can be identified and retrieved quickly and efficiently from the full-text index rather than from the EDB. To create such indexes, each email in a mailbox can be retrieved and processed to convert the email from its native format into textual name/value pairs which can then be submitted for indexing. This use of name/value pairs to index each email enables the emails across all mailboxes to be efficiently queried using any possible combination of values.
    Type: Grant
    Filed: January 6, 2016
    Date of Patent: April 21, 2020
    Assignee: Quest Software Inc.
    Inventors: Sergey Romanovich Vartanov, Alexander Gennadievich Stepanoff, Sergey Evgenievich Zalyadeev