File Protection Patents (Class 713/165)
  • Patent number: 11411731
    Abstract: A method may include obtaining input data for an application programming interface (API), and encrypting the input data for the API using a public key of a provider of the API. The method may also include transmitting, to an API management server, an API request that invokes the API, where the API request includes an API call for the API and the encrypted input data. The API request may be in a format such that the API management server is capable of performing API management services based on the API call but unable to decrypt the encrypted input data with the public key.
    Type: Grant
    Filed: September 3, 2019
    Date of Patent: August 9, 2022
    Assignee: FUJITSU LIMITED
    Inventors: Mehdi Bahrami, Wei-Peng Chen
  • Patent number: 11412284
    Abstract: A content ingestion system and method allows a single pitch of media content and associated metadata to be provided by a content provider and processed into appropriate packages for different content distribution services or delivery platforms.
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: August 9, 2022
    Assignee: BCE Inc.
    Inventors: Chris Snyder, Josh Gordon
  • Patent number: 11409889
    Abstract: The present teaching relates to a method, system, and programming for encrypted searching. In a search session, a uniform resource locator (URL) is received, wherein a portion of the URL is encrypted via a first key. A second key associated with the first key is obtained. A determination is made regarding whether a time-related criterion associated with the second key is satisfied. In response to the time-related criterion being satisfied, the portion of the URL is decrypted based on the second key to obtain a keyword, one or more search results are obtained based on the keyword, and a webpage including the one or more search results to be provided to a user is generated.
    Type: Grant
    Filed: July 16, 2019
    Date of Patent: August 9, 2022
    Assignee: YAHOO ASSETS LLC
    Inventors: Stephen Owens, Sonia Johnson, Ramu Adapala, Chris Elza Kurian
  • Patent number: 11409865
    Abstract: Disclosed embodiments relate to systems and methods for injecting verification code into source code files. Techniques include accessing a plurality of elements of source code from a source, identifying a plurality of sequentially ordered executable modules from the plurality of element and generating verification code. The techniques may further include configuring the verification code to verify the integrity of at least one of a plurality of neighboring executable modules and may also include injecting the verification code into one or more of the source code files.
    Type: Grant
    Filed: August 16, 2021
    Date of Patent: August 9, 2022
    Assignee: CyberArk Software Ltd.
    Inventor: Amit Kliger
  • Patent number: 11403002
    Abstract: Systems and methods for providing multimodal access to block devices in a distributed storage system are disclosed. In one implementation, a processing device may identify a block device snapshot stored at a block-based repository of a distributed storage system. The block device may also implement an object-based proxy container associated with the block-based repository. The processing device may further provide, to a client of the distributed storage system, access to the object-based proxy container via an object-based gateway of the distributed storage system.
    Type: Grant
    Filed: July 30, 2020
    Date of Patent: August 2, 2022
    Assignee: Red Hat, Inc.
    Inventor: Jason Dillaman
  • Patent number: 11403414
    Abstract: A method and system for secure storage of digital data offers enhanced resistance to threat actors (whether insiders or hackers) gaining unauthorised access to extract and manipulate data, and to brute force computational attacks. The method employs double randomised fragmentation of source data into a random number of fragments of random sizes, encryption of each fragment with a separate encryption key, storage of the encrypted fragments and keys and a catalogue of the mappings of locations and fragments to keys all in physically and logically separate locations in a secure storage estate (1). The method may be repeatedly applied to encrypted fragments, keys and catalogue in a cascade fragmentation process to add further levels of security.
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: August 2, 2022
    Assignee: Red Flint LLP
    Inventors: Marcus Naraidoo, Joel Edward Sweeney
  • Patent number: 11397820
    Abstract: Some embodiments disclose a method and apparatus for processing data, a computer device and a storage medium. A method can include: acquiring, by a cloud storage system, a series of slices obtained by dividing a to-be-stored file; encrypting, by the cloud storage system, each slice by using a different data key; and storing, by the cloud storage system, an encrypted data ciphertext.
    Type: Grant
    Filed: March 13, 2019
    Date of Patent: July 26, 2022
    Inventors: Wei Lu, Fei Zhou, Linjiang Lian, Meng Wang, Xianhui Niu
  • Patent number: 11392581
    Abstract: A selection system for a database (DB) of items having a hierarchical order is disclosed. The selection system is configured to: provide a user interface (UI) that includes a configuration item (CI) search component, a CI hierarchy display component, and a CI lock display component; cause a plurality of CIs from the DB to be displayed in hierarchical order in the CI hierarchy display component, including an expansion widget for each displayed CI that is in a hierarchical path of a lower level CI wherein each expansion widget when selected causes the next level of CIs in the hierarchy to be displayed, and a CI selection widget for each displayed CI wherein when selected displays a visual indication that the CI associated with the selected CI selection widget has been selected and causes an identifier for the CI associated with the selected CI selection widget to be displayed in the CI lock display component.
    Type: Grant
    Filed: January 28, 2020
    Date of Patent: July 19, 2022
    Assignee: salesforce.com, inc.
    Inventor: Nishant Panchal
  • Patent number: 11386195
    Abstract: In certain embodiments, resource allocation related to records may be facilitated by generating and using modified instances of such records. In some embodiments, a set of records associated with a user may be stored in a memory area, where each such record includes a record identifier. In response to obtaining one or more commands related to a resource transfer from a user device associated with the user, a new set of records associated with the user may be generated such that each record of the new set is (i) a modified instance of a corresponding record of the record set and (ii) includes a record identifier different from the record identifier of the corresponding record. In one use case, the new records and its data may then be utilized to perform operations related to the user commands. In another use case, the new records may replace its older corresponding records.
    Type: Grant
    Filed: October 11, 2021
    Date of Patent: July 12, 2022
    Inventor: Stanley Kevin Miles
  • Patent number: 11387984
    Abstract: A method including determining, by a first device, a sharing encryption key based at least in part on a group access private key associated with a group and an assigned public key associated with a second device; encrypting, by the first device, the group access private key associated with the group utilizing the sharing encryption key; and transmitting, by the first device, the encrypted group access private key to enable the second device to access the group. Various other aspects are contemplated.
    Type: Grant
    Filed: September 25, 2021
    Date of Patent: July 12, 2022
    Assignee: UAB 360 IT
    Inventor: Mindaugas Valkaitis
  • Patent number: 11381561
    Abstract: A relay apparatus, which is connected between an information terminal and at least one peripheral device communicatively connected to the information terminal and supplying information to the information terminal, is recognized as a peripheral device by the information terminal, and recognized as an information terminal by the peripheral device. The relay apparatus comprises authentication means for authenticating a user using the information terminal by operating the peripheral device and control means for controlling relaying of an operation signal of the peripheral device operated by the user to the information terminal, based on an authentication result of the user.
    Type: Grant
    Filed: December 1, 2017
    Date of Patent: July 5, 2022
    Assignee: NEC CORPORATION
    Inventor: Kayato Sekiya
  • Patent number: 11379610
    Abstract: An automatic file encryption method and device for automatically encrypting a file. A processor identifies a characteristic associated with likely sensitive content based on a usage pattern of encrypting files having the characteristic. Creation of a new file is detected and the newly-created file is analyzed to determine whether the file contains sensitive content based upon it having the characteristic. If the file is found to have the characteristic, then the file is automatically encrypted.
    Type: Grant
    Filed: July 10, 2019
    Date of Patent: July 5, 2022
    Assignee: BlackBerry Limited
    Inventors: Neil Patrick Adams, Robert Joseph Lombardi, Jasmin Mulaosmanovic
  • Patent number: 11379609
    Abstract: The present invention provides a health file access control system and method in an electronic medical cloud. The system comprises: a medical management center unit configured to generate a system public key and a system private key, and generate a private key for corresponding utilizer's attributes according to the system public key, the system private key, and a set of utilizer's attributes; an electronic medical cloud storage unit configured to receive and store a privacy-protected health file ciphertext; and at least one health file user access unit configured to encrypt the health file according to the system public key to obtain the privacy-protected health file ciphertext, and/or generate the set of utilizer's attribute, and decrypt the privacy-protected health file ciphertext according to the system public key and the private key for utilizer's attributes.
    Type: Grant
    Filed: December 11, 2017
    Date of Patent: July 5, 2022
    Assignee: XI'AN UNIVERSITY OF POSTS AND TELECOMMUNICATIONS
    Inventors: Yinghui Zhang, Dong Zheng, Qinglan Zhao, Chengzhe Lai, Rui Guo
  • Patent number: 11366910
    Abstract: Electronic network include multiple users. Each user operates Wallet software application on his/her endpoint devices (special purpose, computer or smartphone). Each Wallet integrates with Cloud-based Identification-as-a-Service(s) (IDaaS) In context of present invention—IDaaS provides real-time, multi-factor, malware-resilient, context-sensitive Strong Identification-as-a-Service of the user and enables Cryptographic Keys Management of the Wallet. Each Wallet provides various Cryptographic functionalities. Each Wallet may be connected with multiple centralized Marketplace software applications, thus allowing these Cryptographic functionalities to interact with specific Marketplace software application. Each Wallet may be connected with multiple decentralized peer-to-peer software applications, thus allowing these Cryptographic functionalities to interact with specific peer-to-peer software application.
    Type: Grant
    Filed: December 27, 2018
    Date of Patent: June 21, 2022
    Inventors: Eli Talmor, Rita Talmor
  • Patent number: 11366839
    Abstract: This disclosure relates to personalized and dynamic server-side searching techniques for encrypted data. Current so-called ‘zero-knowledge’ privacy systems (i.e., systems where the server has ‘zero-knowledge’ about the client data that it is storing) utilize servers that hold encrypted data without the decryption keys necessary to decrypt, index, and/or re-encrypt the data. As such, the servers are not able to perform any kind of meaningful server-side search process, as it would require access to the underlying decrypted data. Therefore, such prior art ‘zero-knowledge’ privacy systems provide a limited ability for a user to search through a large dataset of encrypted documents to find critical information.
    Type: Grant
    Filed: March 31, 2020
    Date of Patent: June 21, 2022
    Assignee: Entefy Inc.
    Inventors: Alston Ghafourifar, Philip Nathan Greenberg, Mehdi Ghafourifar
  • Patent number: 11363114
    Abstract: A method of electronic communication via a virtual network function (NFV) implementation of a core network. The method comprises receiving a hypertext transfer protocol (HTTP) content request from a user equipment (UE), wherein the HTTP content request comprises an identification of a content source and determining by an orchestrator service that insufficient NFV processing capacity is available to perform the HTTP content request, where the orchestrator service is an application that executes on a first physical host. The method further comprises dynamically increasing the NFV processing capacity by the orchestrator service, performing the HTTP content request using the increased NFV processing capacity, and returning a HTTP content response to the UE, wherein the HTTP content response does not comprise identification of the content source.
    Type: Grant
    Filed: November 27, 2019
    Date of Patent: June 14, 2022
    Assignee: Sprint Communications Company L.P.
    Inventors: Ronald R. Marquardt, Lyle W. Paczkowski, Carl J. Persson, Arun Rajagopal
  • Patent number: 11353707
    Abstract: A method and an apparatus for processing a screen by using a device are provided. The method includes obtaining, at the second device, a display screen displayed on the first device and information related to the display screen according to a screen display request regarding the first device, determining, at the second device, an additional screen based on the display screen on the first device and the information related to the display screen, and displaying the additional screen near the display screen on the first device.
    Type: Grant
    Filed: November 5, 2020
    Date of Patent: June 7, 2022
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Myung-sik Kim, Su-jung Bae, Moon-sik Jeong, Sung-do Choi
  • Patent number: 11356246
    Abstract: The application discloses a data analysis system and a data analysis method. The data analysis system includes a data provider host and a data analysis host. The data provider host is configured to perform a stream cipher algorithm based on raw data to obtain first data. The data analysis host is configured to perform a data analysis based on the first data to obtain an analysis result. The data provider host or the data analysis host is further configured to perform a block cipher algorithm based on the analysis result to obtain second data, and send the second data to an external device. The data provider host is further configured to calculate an attribute-value correspondence between the raw data and the second data, and send the attribute-value correspondence to the external device.
    Type: Grant
    Filed: January 14, 2020
    Date of Patent: June 7, 2022
    Assignee: PEGATRON CORPORATION
    Inventors: Wei-Cheng Lin, Pei-Yu Chen, Jia-Shiung Yang
  • Patent number: 11347882
    Abstract: Methods and devices for secure data sharing with granular access control are described. A modified attribute-based encryption (ABE) scheme is used to perform cryptographically-enforced ABE using attributes of a file access policy. A sender sends to a receiver a file encrypted using a file encryption key, the file encryption key encrypted using ABE based on a file access policy set by the sender, and a set of private ABE keys decryptable using a key stored in a trusted execution environment (TEE) of the receiver. The private ABE keys are decrypted by the receiver TEE when the file is accessed, decrypting a file encryption key only when the attributes of the receiver access action satisfy the file access policy. The decrypted file encryption key grants access to the file contents via a trusted viewer application. A user password may also be required and cryptographically enforced as part of the ABE decryption.
    Type: Grant
    Filed: June 2, 2020
    Date of Patent: May 31, 2022
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Nikolay Gigov, Yin Tan
  • Patent number: 11347691
    Abstract: A method, non-transitory computer readable medium, and device that assists with managing storage in a distributed deduplication system includes receiving an object to be stored from a client computing device. The received object is divided into a plurality of fragments. A plaintext hash value and a ciphertext hash value is determined for each of the plurality of fragments, wherein each of the plurality of fragments is renamed with the corresponding determined ciphertext hash value. Each of the renamed plurality of fragments are stored in a plurality of storage repositories.
    Type: Grant
    Filed: August 10, 2016
    Date of Patent: May 31, 2022
    Assignee: NETAPP, INC.
    Inventor: David Slik
  • Patent number: 11349883
    Abstract: A system and method for returning security policy requirements data based on user input that identifies a cloud environments, a service model, first or third party responsibilities, and/or code deployment information. A user provides answers to straightforward, generally non-expert questions directed to the user's cloud environment, first or third party responsibilities, and/or code deployment information for the user's scenario, e.g., technical workload. The answers result in determining which architecture layers apply (are in-scope architecture layers) relevant to the user's scenario. The in-scope architecture layers map to security requirements maintained in a security policy data store. The security requirements are returned (e.g., as a list) in response to the user's answers.
    Type: Grant
    Filed: May 20, 2020
    Date of Patent: May 31, 2022
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Samantha Kossey, Rebecca Finnin, Christine Liu, Amy Zwarico, Luba Droizman
  • Patent number: 11336452
    Abstract: The invention proposes a method for registering data from an individual's identity document (1), the method being characterized in that it comprises implementing by data processing means (21) of a server (2) the following steps: (A) Receipt of a photograph of said individual visible on said identity document (1), an optical reading data element of the identity document (1), and at least one personal data element of said individual; (B) Extraction by analysis of said photograph from reference information representative of the appearance of said photograph; (C) Generation of a random string, calculation of an encoded data element by applying an encoding procedure to said reference information representative of the appearance of said photograph and said random string; (D) Storage on the server (2) data storage means (22) of: Said encoded data element; A cryptographic imprint of a first concatenation of the optical reading data element of the identity document (1) and the random string; An encryption with a c
    Type: Grant
    Filed: April 22, 2020
    Date of Patent: May 17, 2022
    Assignee: IDEMIA IDENTITY & SECURITY FRANCE
    Inventor: Sébastien Bahloul
  • Patent number: 11336450
    Abstract: An embodiment of the present invention is directed to delivering an entitlements model that scales to both mid-frequency and low-latency use cases. The innovative solution may be distributed in nature and able to operate in low priority threads alongside the main logic of the software. An embodiment of the present invention may be implemented as a software module with APIs for ease of adoption.
    Type: Grant
    Filed: September 6, 2019
    Date of Patent: May 17, 2022
    Assignee: JPMORGAN CHASE BANK, N.A.
    Inventor: Ilya Slavin
  • Patent number: 11327789
    Abstract: In an example, there is disclosed a computing apparatus, having: a data interface to communicatively couple to a storage pool having a plurality of disks; a virtual machine manager including a processor; and a storage coprocessor (SCP) to: create a read queue and write queue for the disks in the storage pool; receive an input/output (IO) operation from a virtual machine, the IO operation directed to a storage address located on a disk in the storage pool; and add the IO operation to the queue for the disk.
    Type: Grant
    Filed: February 17, 2017
    Date of Patent: May 10, 2022
    Assignee: Intel Corporation
    Inventors: Gang Cao, Weihua Rosen Xu, Danny Yigang Zhou
  • Patent number: 11323482
    Abstract: Methods, systems, and media for protecting computer systems from user-created objects are provided.
    Type: Grant
    Filed: December 31, 2019
    Date of Patent: May 3, 2022
    Assignee: McAfee, LLC
    Inventor: Craig David Schmugar
  • Patent number: 11321488
    Abstract: An approach is disclosed for moving personal and sensitive data from a source filesystem to a destination filesystem while enforcing a source privacy legal framework. A request to copy information from a file residing in the source filesystem enabled to enforce the privacy and control legal framework to a destination filesystem is received. Access to the filesystem is enforced by an Operating System (OS) that provides a privacy legal framework where the OS enforces controlled access to the source filesystem based on user consent metadata. The user consent metadata associated with the file and the request is analyzed to determine a copying policy. The copying policy is applied to the contents of the file to ensure compliance with the privacy and control legal framework of the source filesystem.
    Type: Grant
    Filed: September 20, 2019
    Date of Patent: May 3, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Aris Gkoulalas-Divanis, Corville O. Allen
  • Patent number: 11314518
    Abstract: A method of monitoring execution in an execution environment of an operation, for example a cryptographic operation, comprising a sequence of instructions, is disclosed. Instructions sent in the sequence from a main processor to one or more auxiliary processors, for example cryptographic processors, to execute the operation are monitored and the sequence of instructions is verified using verification information. The method comprises enabling output from the execution environment of a result of the operation in response to a successful verification of the sequence, or generating a verification failure signal in response to a failed verification of the sequence.
    Type: Grant
    Filed: August 2, 2017
    Date of Patent: April 26, 2022
    Assignee: Nagravision S.A.
    Inventors: Marco Macchetti, Nicolas Fischer, Jerome Perrine
  • Patent number: 11310207
    Abstract: System and methods are provided to facilitate the exchange of user data between two parties, but limit the exchange of user data to users that are known to both parties. According to an embodiment, encrypted first user data is transmitted from a first device to a second device. The second device then transmits intersection data to the first device, where the intersection data is based on the encrypted first user data and second user data. The intersection data may be decrypted by the first device and the first device may determine, based on the decrypted intersection data, that one or more users are common to the both the first device and the second device. The first and second devices may then exchange data pertaining to the common users.
    Type: Grant
    Filed: December 21, 2020
    Date of Patent: April 19, 2022
    Assignee: SHOPIFY INC.
    Inventors: Joshua Davey, Jiawei Du, Fernando Nogueira
  • Patent number: 11301419
    Abstract: Methods, systems, and devices for data retention handling are described. In some data storage systems, data objects are stored in a non-relational database schema. The system may support configurable data retention policies for different tenants, users, or applications. For example, a data store may receive retention requests, where the retention requests may specify deletion or exportation actions to perform on records contained within data objects. The data store may determine retention rules based on these retention requests, and may periodically or aperiodically evaluate the rules to determine active actions to perform. To improve the efficiency of the system, the data store may aggregate the active actions (e.g., according to the dataset to perform the actions on), and may generate work items corresponding to the aggregate actions. A work processor may retrieve these work items and may efficiently perform the data retention actions on datasets stored in the data object store.
    Type: Grant
    Filed: March 2, 2018
    Date of Patent: April 12, 2022
    Assignee: salesforce.com, inc.
    Inventors: Shu Liu, Eric Shahkarami, Yuk Hei Chan, Ming-Yang Chen, Karl Ryszard Skucha, Eli Levine, Ka Chun Au
  • Patent number: 11296889
    Abstract: Confidential, secret data may be shared via one or more blockchains. Mortgage applications, medical records, financial records, and other electronic documents often contain social security numbers, names, addresses, account information, and other personal data. A secret sharing algorithm is applied to any secret data to generate shares. The shares may then be integrated or written to one or more blockchains for distribution.
    Type: Grant
    Filed: August 23, 2019
    Date of Patent: April 5, 2022
    Assignee: Inveniam Capital Partners, Inc.
    Inventors: Paul Snow, Brian Deery, Mahesh Paolini-Subramanya
  • Patent number: 11294992
    Abstract: An example hardware accelerator for a computer system includes a programmable device and further includes kernel logic configured in a first programmable fabric of the programmable device, a shell circuit configured in a second programmable fabric of the programmable device, the shell circuit configured to provide an interface between a computer system and the kernel logic, and an intellectual property (IP) checker circuit in the kernel logic The IP checker circuit is configured to obtain a device identifier (ID) from the first programmable fabric and a signed whitelist, the signed whitelist including a list of device IDs and a signature, verify the signature of the signed whitelist, compare the device ID against the list of device IDs, and selectively assert or deassert an enable of the kernel logic in response to presence or absence, respectively, of the device ID in the list of device IDs and verification of the signature.
    Type: Grant
    Filed: March 12, 2019
    Date of Patent: April 5, 2022
    Assignee: XILINX, INC.
    Inventors: Brian S. Martin, Premduth Vidyanandan, Mark B. Carson, Neil Watson, Gary J. McClintock
  • Patent number: 11288356
    Abstract: An electronic apparatus is disclosed. The electronic apparatus includes a display, and a processor configured to, based on a user command for setting unlocking information being input, display a screen including a word on the display, and store information on an object drawn on the screen by a user's gesture as the unlocking information, wherein the word is configured to induce an object related to the word to be drawn on the screen.
    Type: Grant
    Filed: January 2, 2019
    Date of Patent: March 29, 2022
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventor: Junho Huh
  • Patent number: 11275842
    Abstract: A method for evaluating security of third-party application is disclosed. The method includes: receiving, from a first application, a request to obtain first account data for a user account associated with a protected data resource; generating fake data for at least a portion of the requested first account data; providing, to the first application, a first data set in response to the request, the first data set including at least the generated fake data; monitoring use of the first data set by the first application; detecting a trigger condition indicating misuse of account data based on monitoring use of the first data set by the first application; in response to detecting the trigger condition, generating a notification identifying the misuse of account data; and transmitting the notification to a computing device associated with an application user.
    Type: Grant
    Filed: September 20, 2019
    Date of Patent: March 15, 2022
    Assignee: The Toronto-Dominion Bank
    Inventors: Milos Dunjic, David Samuel Tax, Gregory Albert Kliewer, Anthony Haituyen Nguyen, Sairam Srinivasa Poguluru, Shishir Dattatraya Bhat
  • Patent number: 11270000
    Abstract: A cybersecurity server receives an executable file that has bytecode and metadata of the bytecode. Strings are extracted from the metadata, sorted, and merged into data streams. The data streams are merged to form a combined data stream. A digest of the combined data stream is calculated using a fuzzy hashing algorithm. The similarity of the digest to another digest is determined to detect whether or not the executable file is malware or a member of a malware family.
    Type: Grant
    Filed: November 7, 2019
    Date of Patent: March 8, 2022
    Assignee: Trend Micro Incorporated
    Inventors: Chia-Ming Chiang, Po-Han Hao, Kuo-Cheng Wang
  • Patent number: 11265106
    Abstract: A method by a network device for detecting data in a data stream. The method includes receiving the data stream, where the data stream includes a sequence of original characters, generating a sequence of type-mapped characters corresponding to the sequence of original characters, converging each of two or more consecutive occurrences of a first character in the sequence of type-mapped characters into a single occurrence of the first character, inserting beginning/ending of segment indicators in the sequence of type-mapped characters, searching for occurrences of one or more predefined sequences of characters in the sequence of type-mapped characters, and responsive to finding an occurrence of any of the one or more predefined sequences of characters, extracting a sequence of characters in the sequence of original characters corresponding to the predefined sequence of characters found in the sequence of type-mapped characters.
    Type: Grant
    Filed: December 29, 2020
    Date of Patent: March 1, 2022
    Assignee: Imperva, Inc.
    Inventor: Itsik Mantin
  • Patent number: 11265306
    Abstract: A method of authenticating an account is provided. A resource access request requesting for accessing, by a first account, a target resource in a cloud storage system is received by a server from a first client, the first account logging in to the first client. In response to the resource access request, a first access right of the first account is determined by the server based on right configuration information corresponding to the target resource, the right configuration information indicating an association relationship between an account and an access right of the account to the target resource. The first account is allowed by the server to access the target resource through the first client based on the first access right indicating that the first account is allowed to access the target resource.
    Type: Grant
    Filed: September 30, 2019
    Date of Patent: March 1, 2022
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LTD
    Inventor: Zhe Yuan
  • Patent number: 11239998
    Abstract: A method of performing ordered statistics between at least two parties is disclosed which includes identifying a first dataset (xA) by a first node (A), identifying a second dataset (xB) by a second node (B), wherein xB is unknown to A and xA is unknown to B, and wherein A is in communication with B, and wherein A and B are in communication with a server (S), A and B each additively splitting each member of their respective datasets into corresponding shares, sharing the corresponding shares with one another, arranging the corresponding shares according to a mutually agreed predetermined order into corresponding ordered shares, shuffling the ordered shares into shuffled shares, re-splitting the shuffled shares into re-split shuffled shares, and performing an ordered statistical operation on the re-split shuffled shares, wherein the steps of shuffle and re-split is based on additions, subtractions but not multiplication and division.
    Type: Grant
    Filed: August 16, 2019
    Date of Patent: February 1, 2022
    Assignee: Purdue Research Foundation
    Inventors: Mikhail J Atallah, Siva Chaitanya Chaduvula, Adam Dachowicz, Jitesh H Panchal, Mohammad S Rahman
  • Patent number: 11222162
    Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for managing content item collections. For example, in embodiment, a client device may receive first user input selecting a content item collection. The client device may generate a graphical user interface for presenting the content item collection. The content item collection may include one or more tiles. Each tile may correspond to a content item embedded into the content item collection and stored by a content management system. The client device may present the content item collection including the one or more tiles. The client device may present, within each of the one or more tiles, an image representing the corresponding content item.
    Type: Grant
    Filed: August 31, 2018
    Date of Patent: January 11, 2022
    Assignee: Dropbox, Inc.
    Inventors: Sunny Rochiramani, Vinod Valloppillil, Jacob Hurwitz, Katherine R. Rudolph, Francesco Paduano, Eric Sprauve, Igor Kofman, Aaron Staley
  • Patent number: 11222127
    Abstract: A microcoded processor instruction may invoke a number of microinstructions to perform a round of a SHA3 operation using a circuit that includes a first stage circuit to perform a set of first bitwise XOR operations on a set of five input blocks to yield first intermediate output blocks; perform a set of second bitwise XOR operations on a first intermediate block and a rotation of another first intermediate block to yield second intermediate blocks; and perform a set of third bitwise XOR operations on a second intermediate block and an input block to yield third intermediate blocks. The circuit further includes a second stage circuit to rotate bits within each of the third intermediate blocks to yield a set of fourth intermediate blocks, and a third stage circuit to perform an affine mapping on bits within each of the fourth intermediate blocks to yield a set of output blocks.
    Type: Grant
    Filed: December 10, 2019
    Date of Patent: January 11, 2022
    Assignee: Intel Corporation
    Inventors: Santosh Ghosh, Michael LeMay, Manoj R. Sastry, David M. Durham
  • Patent number: 11216570
    Abstract: Techniques for reducing compromise of sensitive data in a virtual machine are described. During initiation of a secure string instance of a program module in memory allocated to the virtual machine, the program module can receive sensitive data in plaintext and retrieves parameters sourced from outside the allocated memory. During the execution of the program module, the sensitive data can be encrypted using a key based on the parameters to obtain encrypted data. The program module can overwrite the sensitive data with the encrypted data. The program module can receive a trigger to send a message that is generated using the sensitive data. The encrypted data can be decrypted using the key based on the parameters to obtain the sensitive data. After encryption and decryption, the program module can generate the message using the sensitive data and overwrite the sensitive data and the parameters used to encrypt the sensitive data.
    Type: Grant
    Filed: May 18, 2018
    Date of Patent: January 4, 2022
    Assignee: Visa International Service Association
    Inventors: Bartlomiej Prokop, James Donaldson, Peter Lennon
  • Patent number: 11216571
    Abstract: Examples associated with credentialed encryption are described. One example method includes receiving an encryption request from a local process via a secure channel. The encryption request includes a credential associated with the local process. Whether the local process is authorized to access an encryption function is verified using the credential. The encryption function specified in the encryption request is performed using a security key unique to a system performing the method. A result of the encryption function is provided to the local process.
    Type: Grant
    Filed: February 13, 2017
    Date of Patent: January 4, 2022
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Daryl T Poe, Christoph Graham
  • Patent number: 11212319
    Abstract: Techniques that facilitate multiple sentinels for securing communications are provided. In one example, a system communicates with at least one multi-purpose device configured to communicate with one or more sources, at least one computing device configured to communicate with a defined source that is different than the one or more sources, and at least one security sentinel that manages one or more security processes for a communication network associated with the at least one multi-purpose device and the at least one computing device. The system also manages one or more other security processes for the communication network associated with the at least one multi-purpose device and the at least one computing device.
    Type: Grant
    Filed: January 15, 2020
    Date of Patent: December 28, 2021
    Assignee: Zhnith Incorporated
    Inventor: Andrew Chua
  • Patent number: 11204881
    Abstract: Technology for decrypting and using a security module in a processor cache in a secure mode such that dynamic address translation prevents access to portions of the volatile memory outside of a secret store in a volatile memory.
    Type: Grant
    Filed: November 27, 2019
    Date of Patent: December 21, 2021
    Assignee: International Business Machines Corporation
    Inventors: Angel Nunez Mencias, Jakob C. Lang, Martin Recktenwald, Ulrich Mayer
  • Patent number: 11206256
    Abstract: A tokenization system tokenizes sensitive data to prevent unauthorized entities from accessing the sensitive data. The tokenization system accesses sensitive data, and retrieves an initialization vector (IV) from an IV table using a first portion of the sensitive data. A second portion of the sensitive data is modified using the accessed initialization vector. A token table is selected from a set of token tables using a third portion of the sensitive data. The modified second portion of data is used to query the selected token table, and a token associated with the value of the modified second portion of data is accessed. The second portion of the sensitive data is replaced with the accessed token to form tokenized data.
    Type: Grant
    Filed: December 31, 2019
    Date of Patent: December 21, 2021
    Assignee: Protegrity Corporation
    Inventors: Ulf Mattsson, Yigal Rozenberg, Vichai Levy
  • Patent number: 11206273
    Abstract: In embodiments, a computer program may be stored on a storage medium for securely inserting portions of content maintained on external web servers into an online community web page. The computer program may comprise a set of instructions operable to cause a computer to receive a request to render a web page maintained within a social platform, the web page including embedded settings that refer to content on one or more remote servers. The computer program may further cause the computer to retrieve, at a rendering time of the web page, based at least in part on the embedded settings, content from the one or more remote servers, process the retrieved content in a secured environment according to one or more security protocols and insert it into the web page. In embodiments, the computer program may further cause the computer to render the web page in a main window and the inserted content in an isolated custom window. Related methods and apparatus are also presented.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: December 21, 2021
    Assignee: SALESFORCE.COM, INC.
    Inventors: Jean-Francois Paradis, Shipra Shreyasi, Sanjaya Lai
  • Patent number: 11190505
    Abstract: A method and apparatus for creating and using a password card and a password hint. The invention allows the user to avoid revealing their password and because of that, the invention provides a better secure way of managing passwords. The user is still able to retrieve their password using the password hint and the password card generated by the system. The invention also allow to encrypt and decrypt the password hint to an external API and this add an extra layer of security protection.
    Type: Grant
    Filed: July 12, 2016
    Date of Patent: November 30, 2021
    Inventor: Patrick Tardif
  • Patent number: 11188668
    Abstract: A system and a method for accessing data in a secure manner are provided, in which the data comprises a number of data sets and each of the data sets is assigned to a user. The data sets are stored in a database in an encrypted manner, and are decryptable by means of a first decryption key assigned to the particular entity. The first decryption keys are stored in a volatile memory unit, and each of the first decryption keys are encrypted separately using a first and at least a second encryption key assigned to the particular entity, and the encrypted first decryption keys are stored in a permanent memory unit. After the volatile memory unit is erased, the encrypted first decryption keys are copied from the permanent memory unit into the volatile memory unit, and the encrypted first decryption keys are decrypted in the volatile memory unit.
    Type: Grant
    Filed: October 31, 2019
    Date of Patent: November 30, 2021
    Assignee: UNISCON UNIVERSAL IDENTITY CONTROL GMBH
    Inventors: Hubert Jäger, Juan Quintero
  • Patent number: 11184335
    Abstract: A method for remote private key security is described. The method may include generating a private key and may further include generating encrypted data by encrypting data using an encryption algorithm, wherein the data is stored at a first location and the private key is for the encrypted data. The method may also include transmitting the private key to a remote private key deposit at a second location. The method may additionally include transmitting the encrypted data to a remote data center at a third location. Moreover, the method may include permitting access to the private key at the remote private key deposit to an individual at the second location in response to confirming an identity of the individual present at the second location.
    Type: Grant
    Filed: May 26, 2016
    Date of Patent: November 23, 2021
    Inventors: Serguei M. Beloussov, Alexander Tormasov, Stanislav Protasov
  • Patent number: 11182501
    Abstract: Responding to a data subject access request includes receiving the request and identifying the requestor and source. In response to identifying the requestor and source, a computer processor determines whether the data subject access request is subject to fulfillment constraints, including whether the requestor or source is malicious. If so, then the computer processor denies the request or requests a processing fee prior to fulfillment. If not, then the computer processor fulfills the request.
    Type: Grant
    Filed: March 15, 2021
    Date of Patent: November 23, 2021
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Jason L. Sabourin, Jonathan Blake Brannon, Mihir S. Karanjkar, Kevin Jones
  • Patent number: 11176240
    Abstract: In certain embodiments, resource allocation related to records may be facilitated by generating and using modified instances of such records. In some embodiments, a set of records associated with a user may be stored in a memory area, where each such record includes a record identifier. In response to obtaining one or more commands related to a resource transfer from a user device associated with the user, a new set of records associated with the user may be generated such that each record of the new set is (i) a modified instance of a corresponding record of the record set and (ii) includes a record identifier different from the record identifier of the corresponding record. In one use case, the new records and its data may then be utilized to perform operations related to the user commands. In another use case, the new records may replace its older corresponding records.
    Type: Grant
    Filed: April 20, 2021
    Date of Patent: November 16, 2021
    Inventor: Stanley Kevin Miles