Security Kernel Or Utility Patents (Class 713/164)
  • Patent number: 11565836
    Abstract: An item to write on a surface of a celestial body that has less atmosphere than Earth is received at a communications station and from a user device. An instruction that triggers the robot to write the item on the surface of the celestial body is provided by the communications station and to a robot on the surface of the celestial body. An image of the item written on the surface of the celestial body is received by the communications station and from the robot. The image of the item written on the surface of the celestial body is provided by the communications station and to the user device.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: January 31, 2023
    Assignee: RKF Engineering Solutions LLC
    Inventors: Jeffrey Freedman, Ted Kaplan, Phil Rubin, David Marshack, David Milliner
  • Patent number: 11563574
    Abstract: This invention relates generally to distributed ledger technology (including blockchain related technologies), and in particular the use of a blockchain in implementing, controlling and/or automating a task or process. It may relate to the use of a blockchain or related technology for recording or representing the execution of a portion of logic. This portion of logic may be arranged to implement the functionality of a logic gate, or plurality of logic gates, such as AND, XOR, NOT, OR etc. . . . .
    Type: Grant
    Filed: July 21, 2017
    Date of Patent: January 24, 2023
    Assignee: nChain Holdings Ltd
    Inventor: Gavin Allen
  • Patent number: 11552998
    Abstract: A device includes a root of trust and a controller to perform a device function of the device using the root of trust. The root of trust is designed to control and/or observe the controller at least partially for the performance of the device function.
    Type: Grant
    Filed: August 21, 2019
    Date of Patent: January 10, 2023
    Assignee: Infineon Technologies AG
    Inventors: Josef Haid, Stefan Rueping
  • Patent number: 11526599
    Abstract: One or more computer processors collect logs containing one or more admission requests associated with a new application installation in an empty namespace, wherein the empty namespace is a sandbox representative of a production environment. The one or more computer processors classify the one or more admission requests according to a set of conditions indicating respective levels of trust. The one or more computer processors create a set of candidates for signing containing admissions requests that are classified unsigned. The one or more computer processors generate a security policy for each candidate for signing in the set of candidates for signing.
    Type: Grant
    Filed: April 19, 2021
    Date of Patent: December 13, 2022
    Assignee: International Business Machines Corporation
    Inventors: Ruriko Kudo, Hirokuni Kitahara, Kugamoorthy Gajananan, Yuji Watanabe
  • Patent number: 11500969
    Abstract: This disclosure describes systems and methods for protecting commercial off-the-shelf software program code from piracy. A software program may include multiple image files having code and data. A platform may modify the executable file such that the data may be placed at a location in memory that is an arbitrary distance from the code. The platform may encrypt the code and provide it to a computing device comprising a hardware enclave. The computing device may load the encrypted code into the hardware enclave but load the data into memory outside the hardware enclave. The computing device may request a decryption key from an authentication server using a hash of the hardware enclave signed by a processor. The authentication server may provide the decryption key if it verifies the signature and the hash. The computing device may decrypt the code and mark the hardware enclave as non-readable.
    Type: Grant
    Filed: January 3, 2020
    Date of Patent: November 15, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Xinyang Ge, Weidong Cui, Ben Niu, Ling Tony Chen
  • Patent number: 11501005
    Abstract: A method and system for performing computational jobs securely on a shared computing resource. Data files for the computational job are encrypted on a secure system and the encrypted data files are stored in a data store on the shared computing resource. A key distribution server is established using a secure enclave on a front end of the shared computing resource. Cryptographic keys and application binaries are transferred to the enclave of the shared computing resource using a session key. The computational job is run using an application launcher on compute nodes of an untrusted execution environment of the shared computing resource, the application launcher obtaining the application binaries and the cryptographic keys from the key distribution server.
    Type: Grant
    Filed: August 26, 2020
    Date of Patent: November 15, 2022
    Assignee: ROLLS-ROYCE plc
    Inventor: Bryan L Lapworth
  • Patent number: 11488144
    Abstract: A computer-implemented method to participate in a token transfer process for transferring a first quantity of token from a sender node to a recipient node using a blockchain is disclosed. The token transfer process includes a plurality of participating nodes and execution of a set of indirect token transactions between multiple pairs of the participating nodes.
    Type: Grant
    Filed: June 19, 2018
    Date of Patent: November 1, 2022
    Inventors: Daniel Joseph, Silvia Bartolucci
  • Patent number: 11468386
    Abstract: Data processing systems and methods, according to various embodiments, are adapted for determining an applicable privacy policy based on various criteria associated with a user and the associated product or service. User and product criteria may be obtained automatically and/or based on user input and analyzed by a privacy policy rules engine to determine the applicable policy. Text from the applicable policy can then be presented to the user. A default policy can be used when no particular applicable policy can be identified using by the rules engine. Policies may be ranked or prioritized so that a policy can be selected in the event the rules engine identifies two, conflicting policies based on the criteria.
    Type: Grant
    Filed: January 12, 2022
    Date of Patent: October 11, 2022
    Assignee: OneTrust, LLC
    Inventors: Richard A. Beaumont, Jonathan Blake Brannon
  • Patent number: 11449613
    Abstract: Systems and methods for providing security services during a power management mode are disclosed. In some embodiments, a method comprises detecting with a mobile security system a wake event on a mobile device, providing from the mobile security system a wake signal, the providing being in response to the wake event to wake a mobile device from a power management mode, and managing with the mobile security system security services of the mobile device. Managing security services may comprise scanning a hard drive of the mobile devices for viruses and/or other malware. Managing security services may also comprise updating security applications or scanning the mobile device for unauthorized data.
    Type: Grant
    Filed: May 6, 2019
    Date of Patent: September 20, 2022
    Assignee: CUPP Computing AS
    Inventors: Ami Oz, Shlomo Touboul
  • Patent number: 11449627
    Abstract: Systems and methods for tokenization in a cloud-based environment. The disclosed systems and methods may perform operations including receiving input to be tokenized; obtaining a keyed hash function from a key management system; using the keyed hash function to generate a storage token for the input; creating an encrypted database entry linking the generated token to the received input; setting an expiry for the storage token; and when the storage token is received before the expiry, providing the linked input in response.
    Type: Grant
    Filed: April 23, 2020
    Date of Patent: September 20, 2022
    Assignee: Amadeus S.A.S.
    Inventors: Roman Jean Jo Bayon, Giuseppe Andrea Turelli
  • Patent number: 11438366
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network risk assessment. One of the methods includes obtaining information describing network traffic between a plurality of network devices within a network. A network topology of the network is determined based on the information describing network traffic, with the network topology including nodes connected by an edge to one or more other nodes, and with each node being associated with one or more network devices. Indications of user access rights of users are associated to respective nodes included in the network topology. User interface data associated with the network topology is generated.
    Type: Grant
    Filed: July 17, 2020
    Date of Patent: September 6, 2022
    Assignee: Palantir Technologies Inc.
    Inventors: Miles Seiver, Stephen Cohen
  • Patent number: 11429725
    Abstract: Systems and methods involve a database function of an ATM processor on which rules database records for positive transition flows of ATM hardware or software activities are stored, a security agent function of the ATM processor that extracts data points from a transition flow for every succeeding ATM activity, and an algorithm function of the ATM processor that generates a rules database record for the transition flows for succeeding ATM activity based on the extracted data points and discards any generated rules database record that is identical to a rules database record already stored on the rules database function. A discovery phase of the algorithm function stores new rules database records, rules database function, and a protection phase of the algorithm function selects a risk protocol, when a generated record is not identical to a record already stored.
    Type: Grant
    Filed: April 26, 2018
    Date of Patent: August 30, 2022
    Assignee: CITICORP CREDIT SERVICES, INC. (USA)
    Inventor: Ganesh Banerjee
  • Patent number: 11409860
    Abstract: A system enables a content creator to upload the content onto the server and set rules and conditions for the access and retrieval. The content is downloaded to a portable storage medium, the content will be encrypted for display at a particular destination device. When the content is loaded on the destination device, the destination device will check if the content is loaded on the correct destination device by checking the information of the destination device attached to the content against the device information stored on the destination device.
    Type: Grant
    Filed: May 21, 2020
    Date of Patent: August 9, 2022
    Assignee: Equalearning Corp.
    Inventor: Shih-Yuan Wang
  • Patent number: 11411996
    Abstract: A mechanism to facilitate a private network (VPN)-as-a-service, preferably within the context of an overlay IP routing mechanism implemented within an overlay network. A network-as-a-service customer operates endpoints that are desired to be connected to one another securely and privately using the overlay IP (OIP) routing mechanism. The overlay provides delivery of packets end-to-end between overlay network appliances positioned at the endpoints. During such delivery, the appliances are configured such that the data portion of each packet has a distinct encryption context from the encryption context of the TCP/IP portion of the packet. By establishing and maintaining these distinct encryption contexts, the overlay network can decrypt and access the TCP/IP flow. This enables the overlay network provider to apply one or more TCP optimizations. At the same time, the separate encryption contexts ensure the data portion of each packet is never available in the clear at any point during transport.
    Type: Grant
    Filed: April 23, 2019
    Date of Patent: August 9, 2022
    Assignee: Akamai Technologies, Inc.
    Inventors: Brandon O. Williams, Martin K. Lohner, Kevin Harmon, Jeffrey Bower
  • Patent number: 11409881
    Abstract: A method of controlling access of an information handling system to a secured network may comprise detecting a time of flight (TOF) signal distance between the information handling system and a plurality of WLAN access points and received signal strength indication (RSSI) values to determine, via a processor executing code instructions of the information handling system, a location fingerprint of the information handling system relative to the plurality of address-identified wireless local area network (WLAN) access points and a secured perimeter of the facility before completing a boot process of the information handling system or allowing access to a secured network, if the location fingerprint indicates the information handling system is located within the secured perimeter.
    Type: Grant
    Filed: August 12, 2019
    Date of Patent: August 9, 2022
    Assignee: Dell Products, LP
    Inventors: Kamal J. Koshy, Eugene R. Simpson, Lars Fredrik Proejts
  • Patent number: 11392512
    Abstract: Apparatuses, methods and storage medium associated with virtualizing a USB device controller of a SoC in a computing platform hosting multiple VMs, are disclosed herein. In some embodiments, a CRM includes instructions to implement a USB driver stack in a SOS of a SVM on the computing platform. The USB driver stack of the SOS includes a SOS device controller driver to communicate with one or more USB devices of the computing platform, via a USB device controller of the SoC; and a SOS function virtualization driver to communicate with one or more corresponding UVM function virtualization drivers of the UVMs to paravirtualize the SOS device controller driver to the UVMs. Other embodiments are also described and claimed.
    Type: Grant
    Filed: October 16, 2018
    Date of Patent: July 19, 2022
    Assignee: Intel Corporation
    Inventors: Rajaram Regupathy, Abdul R. Ismail
  • Patent number: 11388258
    Abstract: Embodiments described include systems and methods for managing downloads from an embedded browser. The client application can control the locations to which downloads are directed. A system administrator can configure a policy to restrict downloads to approved locations. The client application can prevent a user from navigating to and downloading a file to a location that has not been approved according to the policy.
    Type: Grant
    Filed: December 7, 2020
    Date of Patent: July 12, 2022
    Assignee: Citrix Systems, Inc.
    Inventor: Christopher Fleck
  • Patent number: 11379593
    Abstract: Examples associated with storage monitoring are described. One example system includes generating an encryption key and transmitting the encryption key to a basic input/output system (BIOS) security module. The BIOS security module uses the encryption key as a basis for a heartbeat. A provisioning module receives a signal identifying a monitored storage and generates an enforced storage associated with the monitored storage. The provisioning module also creates a manifest describing the relationship between the enforced storage and the monitored storage. The provisioning module transmits the manifest to the BIOS security module. A versioning module assigns a first access policy for the monitored storage and a second access policy to the enforced storage based on the manifest. The versioning module performs versioning for the monitored storage using the enforced storage, and periodically verifies operation to the BIOS security module using the heartbeat.
    Type: Grant
    Filed: August 16, 2017
    Date of Patent: July 5, 2022
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventor: Ronaldo Rod Ferreira
  • Patent number: 11379589
    Abstract: An information processing apparatus having at least a first controller and a second controller. The second controller includes a CPU and a first storage for storing, in a non-volatile manner, a first program to be executed by the CPU. When the information processing apparatus is started up, the first controller verifies a presence or absence of alteration of the first program stored in the first storage, and causes the CPU to start up after confirming by the verification that the first program has not been altered.
    Type: Grant
    Filed: March 30, 2020
    Date of Patent: July 5, 2022
    Assignee: Canon Kabushiki Kaisha
    Inventor: Junichi Goda
  • Patent number: 11354151
    Abstract: In an approach for securing container workloads, a processor encrypts workload binaries. A processor uploads the workload binaries to a software repository. A processor encrypts a workload definition. A processor replaces the workload definition with a mock workload definition. A processor references the encrypted workload definition in the mock workload definition. A processor submits the mock workload definition to a master node.
    Type: Grant
    Filed: February 12, 2020
    Date of Patent: June 7, 2022
    Assignee: International Business Machines Corporation
    Inventors: Harshal Patil, Pradipta Banerjee, Nitesh Konkar, Manjunath Kumatagi
  • Patent number: 11354407
    Abstract: Various embodiments are generally directed to techniques for library behavior verification, such as by generating executables for software with indications of permitted behaviors by the library. Some embodiments are particularly directed to monitoring library behavior and performing one or more protective actions based on abnormal or unpermitted library behavior. In many embodiments, libraries and library manifests may be validated based on one or more signatures. In various embodiments, library behavior data comprising a set of permitted behaviors for the library may be determined based on the library manifest. In various such embodiments, a compiler may embed indications of the permitted library behavior in executables.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: June 7, 2022
    Assignee: Intel Corporation
    Inventors: Omer Ben-Shalom, Hila Yitzhaki, Yoni Wolf, Dror Shilo, Gyora M. Benedek, Ezra Caltum
  • Patent number: 11354446
    Abstract: A distributed file integrity checking system is described. The described peer integrity checking system (PICS) may negate an attack by storing a properties database amongst nodes of a peer-to-peer network of hosts, some or all of which co-operate to protect and watch over each other.
    Type: Grant
    Filed: March 20, 2020
    Date of Patent: June 7, 2022
    Assignee: Architecture Technology Corporation
    Inventors: Barry A. Trent, Edward R. Mandy
  • Patent number: 11347865
    Abstract: Systems, methods, and software can be used to analyze security risks of a binary software code. In some aspects, a computer-implemented method comprises: receiving, by at least one hardware processor, a binary software code; determining, by the at least one hardware processor, a security risk value for each of a plurality of security risk factors of the binary software code; for each of the plurality of security risk factors, determining, by the at least one hardware processor, a security confidence level of the respective security risk factor; and generating, by the at least one hardware processor, a security notification, wherein the security notification includes the security confidence levels corresponding to the plurality of security risk factors.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: May 31, 2022
    Assignee: BlackBerry Limited
    Inventor: Adam John Boulton
  • Patent number: 11341280
    Abstract: Disclosed are various embodiments for executing entity-specific cryptographic code in a cryptographic coprocessor. In one embodiment, encrypted code implementing a cryptographic algorithm is received from a service via a network. The cryptographic coprocessor decrypts the encrypted code. The cryptographic coprocessor executes the decrypted code to generate a cryptogram including information encrypted using the cryptographic algorithm. The cryptogram is sent to the service via the network.
    Type: Grant
    Filed: October 30, 2019
    Date of Patent: May 24, 2022
    Assignee: American Express Travel Related Services Company, Inc.
    Inventors: Wael Ibrahim, Manish K. Deliwala, Manik Biswas, Subrahmanyam Venakata Vishnuvajhala, Andrew Lei
  • Patent number: 11336684
    Abstract: A device includes a secure execution context that is segregated from an operating system of the device. A security application executing in the operating system interfaces with the secure execution context to obtain verified data. The secure execution context may verify that operating system files are free of malware, obtain sensor readings that may be cryptographically signed, verify functioning of a baseband processor, and verify other aspects of the function and security of the device. The verified data may be used for various purposes such as verifying location of the device, training a machine learning model, and the like.
    Type: Grant
    Filed: March 5, 2020
    Date of Patent: May 17, 2022
    Assignee: LOOKOUT, INC.
    Inventors: Brian James Buck, Karina Levitian, Francis Kelly, Sebastian Krawczuk, Michael Murray
  • Patent number: 11328063
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to intercept a process, store execution profiling for the process if the process involves a privileged resource or a privileged operation, and analyze the code involved in each stack frame to determine malicious activity. If the process does not involve a privileged resource or a privileged operation, then the process is not analyzed.
    Type: Grant
    Filed: November 1, 2019
    Date of Patent: May 10, 2022
    Assignee: McAfee, LLC
    Inventor: Greg W. Dalcher
  • Patent number: 11314868
    Abstract: A system root of trust device of a computing system authenticates boot images associated with data processing units of the computing system. The device includes at least one processor configured to determine whether a first set of boot code associated with a first processor of the computing system is authentic, in response to determining that the first set of boot code is authentic, reset the first processor to allow the first processor to boot and authenticate first executable code to be executed by the first processor, after resetting the first processor, determine whether a second set of boot code associated with a second processor of the computing system is authentic, and in response to determining that the second set of boot code is authentic, reset the second processor to allow the second processor to boot and to authenticate second executable code to be executed by the second processor.
    Type: Grant
    Filed: August 30, 2019
    Date of Patent: April 26, 2022
    Assignee: Fungible, Inc.
    Inventors: Yvonne Hou, Sunil Mekad, Prathap Sirishe, Satish D Deo, Umar Badusha
  • Patent number: 11308226
    Abstract: The described technology is generally directed towards secure collaborative processing of private inputs. A secure execution engine can process encrypted data contributed by multiple parties, without revealing the encrypted data to any of the parties. The encrypted data can be processed according to any program written in a high-level programming language, while the secure execution engine handles cryptographic processing.
    Type: Grant
    Filed: July 28, 2021
    Date of Patent: April 19, 2022
    Assignee: CipherMode Labs, Inc.
    Inventors: Mohammad Sadegh Riazi, Ilya Razenshteyn
  • Patent number: 11308202
    Abstract: An intrusion detection system, comprising a monitor to receive messages from a target over a low-latency communication link comprising a controlled access memory structure logically positioned between the target and the monitor using point-to-point interconnects, the controlled access memory structure to receive a message from the target indicating that the target has entered a controlled mode of operation.
    Type: Grant
    Filed: June 7, 2018
    Date of Patent: April 19, 2022
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Ronny Chevalier, David Plaquin, Maugan Villatel, Guillaume Hiet
  • Patent number: 11308160
    Abstract: One embodiment provides for a computer-implemented method comprising generating a linked list table including a first component having linking data to be stored in a table data structure for one or more rebase and bind operations and second a component having instructions to implement the table data structure to perform the rebase and bind operations according to a linked list chain and executing the instructions in the second component of the linked list table to perform the one or more rebase and bind operations based on the linked list chain.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: April 19, 2022
    Assignee: Apple Inc.
    Inventors: Peter Cooper, Louis G. Gerbarg, Nick Kledzik
  • Patent number: 11294727
    Abstract: Various embodiments are provided for managing cryptographic bottlenecks for distributed multi-signature blockchain contracts in a computing environment. One or more cryptographic bottlenecks of cryptographic requests at a cryptographic accelerator may be resolved by switching between a blockchain node cryptographic library and an accelerator cryptographic library upon a number of the cryptographic requests at the accelerator exceeding a defined threshold.
    Type: Grant
    Filed: March 26, 2019
    Date of Patent: April 5, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Emanuele Ragnoli, Mustafa Rafique, John Sheehan, Kevin Reilly
  • Patent number: 11258677
    Abstract: Techniques for generating a data representation without access to content are described. A method for generating a data representation without access to content comprises receiving a request to analyze one or more data items in a protected area of the provider network, sending the request to the protected area of the provider network, wherein the cluster model is used to identify a cluster identifier associated with each of the one or more data items, receiving the cluster identifier associated with each of the one or more data items, and regenerating each of the one or more data items based on the cluster identifier.
    Type: Grant
    Filed: September 27, 2019
    Date of Patent: February 22, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: David Paul Martin, Sukriti Jain, Jean-Paul Stephane Bonny
  • Patent number: 11245694
    Abstract: A user terminal apparatus may include a communication unit for communicating with a server; a memory in which applications are stored; and a processor for executing an application including a first logic which requires security processing, performing mutual verification with the server, controlling the communication unit such that a request for executing the first logic on the server is sent to the server, and when the execution result of the first logic is received from the server, proceeding with the execution of the application by using the received execution result.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: February 8, 2022
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Kyung-soo Kwag, Ji-hoon Kim
  • Patent number: 11237986
    Abstract: The present embodiments relate to methods and apparatuses for side-band management of security for server computers. According to certain aspects, such management is directed to the security of data that is stored under the local control of the server, as well as data that flows through the network ports of the server. Such locally stored data is secured by encryption, and the encryption keys are managed by a management entity that is separate from the server. The management entity can also manage the security of network data flowing through the server using its own configuration of network security applications such as firewalls, monitors and filters.
    Type: Grant
    Filed: November 8, 2019
    Date of Patent: February 1, 2022
    Assignee: JANUS TECHNOLOGIES, INC.
    Inventor: Sofin Raskin
  • Patent number: 11234105
    Abstract: Techniques for obfuscating and deploying digital assets (e.g., mobile applications) are provided to mitigate the risk of unauthorized disclosure. An asset can be received that is to be deployed to a plurality of mobile devices, each of the mobile devices associated with a corresponding account having account attributes. A deployment group of one or more mobile devices for deploying the asset can be identified based on a set of one or more obfuscation parameters, comprising account attributes shared among the one or more mobile devices within the deployment group. A customized obfuscation scheme to be applied to the asset can be determined based at least in part on the set of obfuscation parameters. The customized obfuscation scheme can be applied to the asset to generate an obfuscated asset. The obfuscated asset can be transmitted and/or updated over a network to the one or more mobile devices within the deployment group.
    Type: Grant
    Filed: September 29, 2015
    Date of Patent: January 25, 2022
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventors: James Gordon, Roopesh Joshi, David Horton, Johan Van Tilburg
  • Patent number: 11232217
    Abstract: A method for establishing and maintaining a security policy for a device can include establishing a secure channel between a secure execution environment (SEE) operating on the device and a security entity external to the device. The method can also include configuring, by a security manager executing on the SEE, access to sensitive operations of an environment interactor coupled to the device based on a security policy provided from the security entity. The method can further include resetting, by the security manager, a secure watchdog timer in response to a reset authorization token provided from the secure entity. If the secure watchdog timer expires a given predetermined number of times since a last reset authorization token is received, the security manager executes a given prescriptive operation dictated by the security policy.
    Type: Grant
    Filed: December 6, 2018
    Date of Patent: January 25, 2022
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventor: Nicolas Ponsini
  • Patent number: 11227247
    Abstract: Data processing systems and methods, according to various embodiments, are adapted for determining an applicable privacy policy based on various criteria associated with a user and the associated product or service. User and product criteria may be obtained automatically and/or based on user input and analyzed by a privacy policy rules engine to determine the applicable policy. Text from the applicable policy can then be presented to the user. A default policy can be used when no particular applicable policy can be identified using by the rules engine. Policies may be ranked or prioritized so that a policy can be selected in the event the rules engine identifies two, conflicting policies based on the criteria.
    Type: Grant
    Filed: May 31, 2021
    Date of Patent: January 18, 2022
    Assignee: OneTrust, LLC
    Inventors: Richard A. Beaumont, Jonathan Blake Brannon
  • Patent number: 11216573
    Abstract: Implementations of the present disclosure include receiving a record corresponding to a private transaction recorded in two or more private state databases of entities participating in the private transaction within a distributed ledger system (DLS), generating a data representation based on the record, transmitting the data representation for public consensus processing within the DLS, and recording within a public ledger of the DLS, and providing a public record for recording in the DLS, the public record being recorded in a public state database of each of entity participating in the DLS.
    Type: Grant
    Filed: August 6, 2019
    Date of Patent: January 4, 2022
    Assignee: United Services Automobile Association (USAA)
    Inventors: Jonathan Huntington Rhea, Bharat Prasad, Minya Liang, Joseph Gregory Delong, Steven J. Schroeder
  • Patent number: 11201892
    Abstract: Techniques are disclosed for enhanced crawling of unexposed web applications for vulnerability scanning purposes. A response to a request to a web application is received and a web application framework detection routine is executed on the response. A determination is made that a web application framework is part of the response and the response is loaded in a web browser associated with the web application. A custom web application framework hook for the web application framework is injected into a web page of a web browser and a list of Document Object Model (DOM) elements and corresponding event handlers is received. A determination is made, based on the list, to execute DOM events to discover functionality of the web application. The DOM events are executed, and network activity of the web browser during execution of the DOM events is recorded.
    Type: Grant
    Filed: September 9, 2019
    Date of Patent: December 14, 2021
    Assignee: Rapid7, Inc.
    Inventors: Dmitriy Kashitsyn, Andrew Tisdale, Jijo John
  • Patent number: 11188651
    Abstract: A security agent configured to initiate a security agent component as a hypervisor for a computing device is described herein. The security agent is further configured to determine a subset of memory locations in memory of the computing device to be intercepted. The security agent component may then set intercepts for the determined memory locations. Setting such intercepts may include setting privilege attributes for pages which include the determined memory locations so as to prevent specific operations in association with those memory locations. In response to one of those specific operations, the security agent component may return a false indication of success or allow the operation to enable monitoring of the actor associated with the operation. When an operation affects another memory location associated with one of the pages, the security agent component may temporarily reset the privilege attribute for that page to allow the operation.
    Type: Grant
    Filed: March 7, 2016
    Date of Patent: November 30, 2021
    Assignee: CrowdStrike, Inc.
    Inventor: Ion-Alexandru Ionescu
  • Patent number: 11182472
    Abstract: A process monitoring methodology is disclosed. In a computer-implemented method, a selection of a process to be monitored is received. The process is to be at least partially performed using a component of a computing environment. An expected operating parameter of the process is determined. The process is also monitored to determine an actual operating parameter of the process. The actual operating parameter of the process is compared with the expected operating parameter of the process to generate a comparison result. An operation is then automatically performed based upon the comparison result.
    Type: Grant
    Filed: September 30, 2019
    Date of Patent: November 23, 2021
    Assignee: VMware, Inc.
    Inventors: Nakul Ogale, Shirish Vijayvargiya, Sachin Shinde
  • Patent number: 11181963
    Abstract: An information processing device shifts to first and second power states and includes an output unit to output an operation stop signal, and a device to receive the operation stop signal and to shift to an operation stop state based on the operation stop signal, and to shift to an electric power saving mode where less power is consumed than in the operation stop state on condition that the operation stop signal has not been input. A signal control unit provides control that prevents the operation stop signal from being input to the device when the information processing device shifts to the second power state. The signal control unit controls the operation stop signal when a restart unit restarts the information processing device.
    Type: Grant
    Filed: October 24, 2019
    Date of Patent: November 23, 2021
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Yo Kobayashi
  • Patent number: 11182485
    Abstract: A reprogramming method of a vehicle includes authenticating a diagnostor; receiving integrated firmware comprising a plurality of firmwares that correspond to a plurality of target controllers, respectively, from the diagnostor that is completely authenticated; authenticating the integrated firmware; encrypting and storing the plurality of firmwares included in the integrated firmware; and generating encryption keys that corresponds the plurality of target controllers, respectively apparatus. The encrypting and storing comprises encrypting and storing the plurality of firmwares to the encryption keys that correspond to the plurality of firmwares, respectively.
    Type: Grant
    Filed: November 29, 2017
    Date of Patent: November 23, 2021
    Assignees: Hyundai Motor Company, Kia Motors Corporation, Hyundai Autoever Corp.
    Inventors: A Ram Cho, Ho Jin Jung, Hyun Soo Ahn, Young Jun Lee, Dae Young Kim
  • Patent number: 11151247
    Abstract: A malicious code detection module identifies potentially malicious instructions in memory of a computing device. The malicious code detection module examines the call stack for each thread running within the operating system of the computing device. Within each call stack, the malicious code detection module identifies the originating module for each stack frame and determines whether the originating module is backed by an image on disk. If an originating module is not backed by an image on disk, the thread containing that originating module is flagged as potentially malicious, execution of the thread optionally is suspended, and an alert is generated for the user or administrator.
    Type: Grant
    Filed: July 13, 2017
    Date of Patent: October 19, 2021
    Assignee: Endgame, Inc.
    Inventor: Joseph W. Desimone
  • Patent number: 11138296
    Abstract: One embodiment provides a method, including: generating, using an information handling device, digital content; providing an indication of the digital content to at least one other device; and receiving, from the at least one other device, a digital signature for the digital content. Other aspects are described and claimed.
    Type: Grant
    Filed: March 1, 2019
    Date of Patent: October 5, 2021
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Russell Speight VanBlon, Mark Patrick Delaney, John Carl Mese, Nathan J. Peterson
  • Patent number: 11133925
    Abstract: Systems are provided for managing access to a log of dataset that is generated when the dataset is accessed. A system stores, with respect to each of a log producer and a log accessor, an encrypted symmetric key for dataset that is encrypted using a corresponding public key. The system returns the encrypted symmetric key for the log producer, such that the log producer can decrypt the dataset that is encrypted using the symmetric key. A log of the dataset is generated when the log producer accesses the dataset.
    Type: Grant
    Filed: May 29, 2018
    Date of Patent: September 28, 2021
    Assignee: Palantir Technologies Inc.
    Inventors: Vaughan Shanks, Andrew Lampert
  • Patent number: 11126771
    Abstract: Methods and systems for verifying, via formal verification, a hardware design for a data transformation pipeline comprising one or more data transformation elements that perform a data transformation on one or more inputs, wherein the formal verification is performed under conditions that simplify the data transformations calculations that the formal verification tool has to perform.
    Type: Grant
    Filed: April 1, 2019
    Date of Patent: September 21, 2021
    Assignee: Imagination Technologies Limited
    Inventor: Sam Elliott
  • Patent number: 11108777
    Abstract: Functionality is disclosed herein for providing temporary access to a resource. A software product that is executing in response to a request from a customer may access one or more resources of a software provider. The resources that may be accessed by a software product may be identified within an access policy. The customer is prevented from accessing the resource when the software product is not executing.
    Type: Grant
    Filed: June 4, 2019
    Date of Patent: August 31, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Graeme David Baer, Jacques Daniel Thomas, Nicholas Andrew Gochenaur
  • Patent number: 11106793
    Abstract: Systems and methods of disarming malicious code in protected content in a computer system having a processor are provided. The method includes determining that a received input file intended for a recipient is protected, the recipient may be connected to a network; accessing a credential associated with the intended recipient for accessing the protected input file; accessing the content of the protected input file based on the credential; modifying at least a portion of digital values of the content of the input file configuring to disable any malicious code included in the input file, thereby creating a modified input file; and protecting the modified input file based on the credential associated with the intended recipient. The method also includes forwarding the protected modified input file to the intended recipient in the network.
    Type: Grant
    Filed: June 21, 2019
    Date of Patent: August 31, 2021
    Assignee: Votiro Cybersec Ltd.
    Inventor: Aviv Grafi
  • Patent number: 11102003
    Abstract: Techniques for implementing a ledger-independent token service are provided. According to one set of embodiments, a computer system executing the service can receive, from a user, a request to create a token on a distributed ledger network. The computer system can further provide to the user one or more token templates, where each token template corresponds to a type of physical or digital asset and defines a set of one or more attributes and one or more control functions associated with the type. The computer system can then receive, from the user, a selection of a token template in the one or more token templates and create the token on the distributed ledger network, where the created token includes the set of one or more attributes and one or more control functions defined in the selected token template.
    Type: Grant
    Filed: February 25, 2019
    Date of Patent: August 24, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: John Marley Gray, Gregory Philip Cignavitch, Supriya Madhuram, Nayana Singh Patel