Security Levels Patents (Class 713/166)
  • Patent number: 11895098
    Abstract: A method for execution by one or more processing modules of one or more computing devices begins by encoding data using a dispersed storage error encoding function to produce a plurality of sets of encoded data slices arranged into a plurality of chunksets of encoded data slices. The method continues by selecting a set of storage units for storing the plurality of chunksets and assigning a distributed computing task to each storage unit of the set of storage units. The method then continues by generating a unique key set for each storage unit of the storage units, encrypting each chunkset of encoded data slices with a corresponding one of the unique key sets to produce a plurality of encrypted chunksets and sending an encrypted chunkset of the plurality of encrypted chunksets and an indication of a corresponding distributed computing task to each storage unit of the set of storage units for storage of the encrypted chunksets and execution of the distributed computing task.
    Type: Grant
    Filed: September 30, 2022
    Date of Patent: February 6, 2024
    Assignee: Pure Storage, Inc.
    Inventors: Andrew D. Baptist, Greg R. Dhuse, Wesley B. Leggette, Jason K. Resch
  • Patent number: 11870810
    Abstract: An electronic device includes a network communications interface, a processor, and a memory configured to store instructions that, when executed by the processor, cause the processor to instantiate a set of processes; receive, over a network and via the network communications interface, a policy for network socket creation; receive, from the set of processes, a set of requests to create a first set of network sockets used to communicate over the network via the network communications interface; collect telemetry pertaining to a second set of network sockets used to communicate over the network via the network communications interface; allow or block creation of network sockets in the first set of network sockets, in accordance with the collected telemetry and the policy for network socket creation; and transmit at least part of the collected telemetry to a controller, over the network and via the network communications interface.
    Type: Grant
    Filed: June 24, 2020
    Date of Patent: January 9, 2024
    Assignee: T-Mobile USA, Inc.
    Inventor: Cameron Byrne
  • Patent number: 11870753
    Abstract: A network system is provided between at least a first client site and a second client site, the first and the second client site are at a distance from one another. A client site network component is implemented at least at the first client site, the client site network component bonding or aggregating one or more diverse network connections so as to configure a bonded/aggregated connection that has increased throughput. At least one network server component may be configured to connect to the client site network component using the bonded/aggregated connection. A cloud network controller may be configured to manage the data traffic and a virtual edge providing transparent lower-link encryption for the bonded/aggregated connection between the client site network component and the network server component.
    Type: Grant
    Filed: August 14, 2020
    Date of Patent: January 9, 2024
    Assignee: Adaptiv Networks Inc.
    Inventors: Patricio Humberto Saavedra, Jie Xiao, Yan Wang, Arun Pereira
  • Patent number: 11765586
    Abstract: An Authorization Verification Service (AVS) is disclosed that may be provided by an IoT/M2M service layer to registrants of the service layer for Dynamic Context Aware Authorization. The AVS may allow the IoT/M2M service layer entities to define dynamic limits for authorizing access to services or data. The limits may be set, for example, in terms of the number of allowed accesses. When an IoT/M2M registrant makes a request for data or services for which it has dynamic context aware authorization, the AVS may maintain records of the remaining accesses available.
    Type: Grant
    Filed: December 18, 2018
    Date of Patent: September 19, 2023
    Assignee: Convida Wireless, LLC
    Inventors: William Robert Flynn, IV, Dale N. Seed, Zhuo Chen, Quang Ly, Catalina Mihaela Mladin, Rocco Di Girolamo
  • Patent number: 11758406
    Abstract: Technologies are shown for trust delegation that involve receiving a first request from a subject client and responding by sending a first token having first permissions to the subject client. A second request from a first actor includes the first token and responding involves linking the first actor to the subject client in a trust stack and sending a second token to the first actor with second permissions, the second token being a first complex token that identifies the subject client and the first actor. A third request from a second actor includes the second token and responding to the third request involves linking the second actor to the first actor in the trust stack, and sending a third token to the second actor partner with third permissions, the third token being a second complex token that identifies the first actor and the second actor.
    Type: Grant
    Filed: October 31, 2022
    Date of Patent: September 12, 2023
    Assignee: eBay Inc.
    Inventors: Gail Anna Rahn Frederick, Tatjana Vlahovic
  • Patent number: 11711347
    Abstract: A method and system for processing an email having redacted content, and/or where the message content has been encrypted and recorded as encrypted, is provided.
    Type: Grant
    Filed: May 4, 2020
    Date of Patent: July 25, 2023
    Inventor: Zafar Khan
  • Patent number: 11711213
    Abstract: Methods, computer readable media, and devices for escrow of master keys and recovery of previously escrowed master keys may be disclosed. A method for escrow of master keys may include registering a root certificate authority (CA) within each of two first-party hardware security modules (HSMs), initializing each of three third-party HSMs as master escrow recovery devices, performing a bootstrap operation on an authoritative blockchain to generate three master keys, generating a first set of master key shard ciphertexts using a first one of the three master escrow recovery devices, a second set using a second one of the three master escrow recovery devices, and a third set using a third one of the three master escrow recovery devices, and storing the first, the second, and the third set of master key shard ciphertexts as opaque objects in each of the two first-party HSMs.
    Type: Grant
    Filed: March 31, 2021
    Date of Patent: July 25, 2023
    Assignee: POLYSIGN, INC.
    Inventors: Arun Velagapalli, Nitin Mahendru, Arthur Britto, David Schwartz, Kimon Papahadjopoulos
  • Patent number: 11698890
    Abstract: A system and method for generating a column-oriented data structure repository for columns of single data types. The method includes: receiving instructions to generate a new column of a single data type for a first data structure, wherein the first data structure is a column oriented data structure; and storing, based on the instructions, the new column within the column-oriented data structure repository, wherein the column-oriented data structure repository is accessible to at least a second user account.
    Type: Grant
    Filed: June 26, 2019
    Date of Patent: July 11, 2023
    Assignee: Monday.com Ltd.
    Inventors: Daniel Lereya, Roy Mann, Eran Zinman, Tal Haramati
  • Patent number: 11695777
    Abstract: Techniques for providing hybrid access control in a cloud-services computing environment are provided. In one embodiment, a method for providing hybrid access control is provided at a host computing device. The method includes obtaining access control settings including at least a first user's role-based access settings with respect to a first sub-system of a hierarchical computing-resource system. The method further includes propagating the access control settings from the first sub-system to a second sub-system; obtaining user group domains assigned to a plurality of sub-systems; and obtaining a group membership associated with the first user. The method further includes determining, based on the obtained user group domains and the obtained group membership associated with the first user, whether the first user's role-based access settings propagated to the second sub-system are to be adjusted; and making adjustments accordingly.
    Type: Grant
    Filed: February 26, 2019
    Date of Patent: July 4, 2023
    Assignee: VMware, Inc.
    Inventors: Stanimir Lukanov, Georgi Lyubomirov Dimitrov, Hristo Hristov
  • Patent number: 11681816
    Abstract: A mobile device can receive input to execute a target application in a private session. The target application is a native application for a mobile platform of the mobile device. The private session is a native function of the mobile device configured to isolate data of the target application. In response to the input, the mobile device can configure a local resource of the mobile device to support the target application in the private session, instantiate a procedure that utilizes the local resource to isolate the data of the target application while in the private session, and execute the target application in the private session on the mobile device. The operation of the private session is transparent and undetectable to the target application.
    Type: Grant
    Filed: September 23, 2022
    Date of Patent: June 20, 2023
    Assignee: OSOM PRODUCTS, INC.
    Inventors: Jonas Hinn, Gary Anderson
  • Patent number: 11662891
    Abstract: An illustrative embodiment provides a computer-implemented process for navigation through historical stored interactions associated with a multi-user view that receives a previously saved multi-user view, wherein the multi-user view comprises a set of artifact attributes, receives an identified filter from a user, and presents a filtered view to the user. The process further determines whether to amend the filtered view, and responsive to a determination to amend the filtered view, generates an amended view from the filtered view, and responsive to a determination to save the amended view, saves the amended view as one of a new view or an updated view.
    Type: Grant
    Filed: May 2, 2016
    Date of Patent: May 30, 2023
    Assignee: International Business Machines Corporation
    Inventors: Steve Gutz, Jason Hiltz-Laforge, Alireza Pourshahid, Graham Watts
  • Patent number: 11665140
    Abstract: Distributed firewalls in a network are disclosed. Example firewall controllers disclosed herein are to instruct a first network node of a software-defined network to implement a first firewall instance of a distributed firewall, the first network node to implement the first firewall instance with a first virtual machine. Disclosed example firewall controllers are also to configure a second network node of the software-defined network to route network traffic through the first firewall instance and, after at least some of the network traffic is dropped by the first firewall instance, instruct the second network node to implement a second firewall instance of the distributed firewall, the second network node to implement the second firewall instance with a second virtual machine.
    Type: Grant
    Filed: May 17, 2021
    Date of Patent: May 30, 2023
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Dustin Grant, Sandeep Gupta, Sridhar Narahari, Michael J. Satterlee
  • Patent number: 11659005
    Abstract: Systems and methods for self-protecting and self-refreshing workspaces are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, from a workspace orchestration service, one or more files or policies configured to enable the client IHS to instantiate a workspace based upon a workspace definition; determine that a context of the client IHS has been modified; in response to the determination, terminate the workspace; and receive, from the workspace orchestration service, one or more files or policies configured to enable the client IHS to re-instantiate the workspace based upon the workspace definition.
    Type: Grant
    Filed: December 16, 2020
    Date of Patent: May 23, 2023
    Assignee: Dell Products, L.P.
    Inventors: Girish S. Dhoble, Nicholas D. Grobelny, Charles D. Robison
  • Patent number: 11651023
    Abstract: An information providing system is an information providing system for selecting reference information that is appropriate when a user to perform a task related to a device works on the task, and has an acquiring unit for acquiring acquired data including first image data, in which a specific device and a specific identification label for identifying the specific device are photographed. The system also includes a first database that is built on machine learning, using a data structure for machine learning, which includes a plurality of items of training data that each include evaluation target information including image data, and a meta-ID linked with the evaluation target information. The image data includes an image showing the device and the identification label for identifying the device.
    Type: Grant
    Filed: March 25, 2020
    Date of Patent: May 16, 2023
    Assignee: INFORMATION SYSTEM ENGINEERING INC.
    Inventor: Satoshi Kuroda
  • Patent number: 11652721
    Abstract: Provided herein are systems and methods for sanitizing logged data packets in a distributed system prior to storing them in a remote or third-party data server. Interactions with an application are monitored and values in a data packet are extracted from the interaction. The values are classified based on a classification configuration and respective labels of the values. The values are then sanitized based on the classification to prevent exposure of secure or private data. The sanitized data packets are then logged into the remote data server. The logged data can be used to help resolve events occurring in the application. The classification configuration can be iteratively updated and the interactions repeated to capture data that was previously sanitized to aid in resolution of events. The logged data can also be used in research or analysis, such as for identifying potential improvements to the application.
    Type: Grant
    Filed: June 30, 2021
    Date of Patent: May 16, 2023
    Assignee: Capital One Services, LLC
    Inventors: Sudheendra Kumar Kaanugovi, Jimmy Sambuo, Rui Zhang
  • Patent number: 11645385
    Abstract: A computing system provides clock readings from an untrusted code to trusted code, where the trusted code is executed in a secure enclave and the untrusted code is executed outside the secure enclave. The computing system allocates a pointer to shared memory that is shared between the untrusted code and the trusted code. Under control of the untrusted code, the computing system periodically writes a clock reading to the shared memory. Under control of the trusted code, the computing system reads the clock reading stored in shared memory. The untrusted code cannot determine when the trusted code reads a clock reading.
    Type: Grant
    Filed: June 27, 2022
    Date of Patent: May 9, 2023
    Assignee: R3 LTD.
    Inventors: Roy Hopkins, Marco Bonifazi, Denis Zhereschin
  • Patent number: 11635885
    Abstract: In certain embodiments, an electronic device may include: a touch-sensitive display; a processor operatively connected to the display; and a memory operatively connected to the processor, wherein the memory stores instructions which, when executed, cause the processor to: provide, through the display, a registration screen for registering an automation in the electronic device, the automation being defined as at least one action automatically executed when a designated trigger occurs; register an action in the electronic device as a feature of the automation through the registration screen, the action being selected by a user; and when the action registered as the feature of the automation corresponds to a data reference action configured to refer to data, display guidance information for a data processing action, the data processing action being configured to output a result value by using, as a first input value, an output value output as a result of executing the data reference action.
    Type: Grant
    Filed: November 29, 2021
    Date of Patent: April 25, 2023
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Donghee Suh, Jungkeun Cho
  • Patent number: 11637847
    Abstract: A computer-implemented method, computer program product and computing system for: obtaining system-defined consolidated platform information for a computing platform from an independent information source; obtaining client-defined consolidated platform information for the computing platform from a client information source; and comparing the system-defined consolidated platform information to the client-defined consolidated platform information to define differential consolidated platform information for the computing platform.
    Type: Grant
    Filed: June 2, 2021
    Date of Patent: April 25, 2023
    Assignee: ReliaQuest Holdings, LLC
    Inventors: Brian P. Murphy, Joe Partlow, Colin O'Connor, Jason Pfeiffer
  • Patent number: 11621960
    Abstract: A method in a peer-to-peer network for recording maintenance data is provided. The method comprises receiving troubleshooting summary secured data (TSSD) from a plurality of sources; entering the TSSD from the plurality of sources using a Blockchain framework, wherein TSSD from a source is entered as a unique transaction in the Blockchain framework when a set of smart maintenance keys possessed by the source authorizes the entry of the TSSD; providing a first level of controlled access to a first subset of entered TSSD to an entity possessing a first level controlled access set of keys; providing a second level of controlled access to a second subset of the entered TSSD to an entity possessing a second level controlled access set of keys; and providing a third level of controlled access to all of the entered TSSD to an entity possessing a third level controlled access set of keys.
    Type: Grant
    Filed: May 28, 2019
    Date of Patent: April 4, 2023
    Assignee: Honeywell International Inc.
    Inventors: Rohini Sabnis, Imtiaz Elahi
  • Patent number: 11593424
    Abstract: An information providing system is an information providing system for selecting reference information that is appropriate when a user to perform a task related to a device works on the task, and has an acquiring unit for acquiring acquired data including first image data, in which a specific device and a specific identification label for identifying the specific device are photographed. The system also includes a first database that is built on machine learning, using a data structure for machine learning, which includes a plurality of items of training data that each include evaluation target information including image data, and a meta-ID linked with the evaluation target information. The image data includes an image showing the device and the identification label for identifying the device.
    Type: Grant
    Filed: March 25, 2020
    Date of Patent: February 28, 2023
    Assignee: INFORMATION SYSTEM ENGINEERING INC.
    Inventor: Satoshi Kuroda
  • Patent number: 11588817
    Abstract: Provided is a user authentication management device including a login request receiver that receives a login request from a user from a plurality of inputters via a path corresponding to each of the plurality of inputters, an authentication scheme selector that selects any one of a plurality of authentication schemes and provides identification information of a user related to the received login request to the selected authentication scheme to perform user authentication, and a user information storage that stores a user authentication result received from the selected authentication scheme as user information related to the user, in which the authentication scheme selector selects an authentication scheme predetermined corresponding to a path through which the login request is received.
    Type: Grant
    Filed: July 22, 2020
    Date of Patent: February 21, 2023
    Assignee: SHARP KABUSHIKI KAISHA
    Inventor: Hirotoshi Ohkubo
  • Patent number: 11582040
    Abstract: In some examples, in response to a request from a client device for information relating to a transaction stored by a blockchain, a system identifies, using information stored in a distributed storage system that stores data for the blockchain, multiple data owner entities from which permissions are to be obtained for access of the information, and determines an authorization requirement for the information based on a smart contract. The system sends authorization information based on the authorization requirement to trigger a retrieval of authorization tokens from the identified data owner entities for access of the information, and sends the information to the client device in response to receiving the authorization tokens.
    Type: Grant
    Filed: October 20, 2017
    Date of Patent: February 14, 2023
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Abilash Soundararajan, Michael Reid Tennefoss
  • Patent number: 11558407
    Abstract: The present invention relates to methods, processes, and systems for monitoring security policy violations in a computer network. Details of such monitoring include creating a rule according to a security policy, determining if the rule is violated by a value of a variable, and recording security events and comparing the number of events to a threshold.
    Type: Grant
    Filed: February 3, 2017
    Date of Patent: January 17, 2023
    Assignee: Defensestorm, Inc.
    Inventors: Sean Cassidy, Alejandro Hernandez, Darryl J. Landreneau, Edgardo Nazario
  • Patent number: 11553352
    Abstract: Technologies are shown for trust delegation that involve receiving a first request from a subject client and responding by sending a first token having first permissions to the subject client. A second request from a first actor includes the first token and responding involves linking the first actor to the subject client in a trust stack and sending a second token to the first actor with second permissions, the second token being a first complex token that identifies the subject client and the first actor. A third request from a second actor includes the second token and responding to the third request involves linking the second actor to the first actor in the trust stack, and sending a third token to the second actor partner with third permissions, the third token being a second complex token that identifies the first actor and the second actor.
    Type: Grant
    Filed: May 27, 2021
    Date of Patent: January 10, 2023
    Assignee: eBay Inc.
    Inventors: Gail Anna Rahn Frederick, Tatjana Vlahovic
  • Patent number: 11550962
    Abstract: The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.
    Type: Grant
    Filed: May 6, 2020
    Date of Patent: January 10, 2023
    Assignee: SOCIONEXT INC.
    Inventors: Seiji Goto, Jun Kamada, Taiji Tamiya
  • Patent number: 11537591
    Abstract: A computing system may include a server, and a client computing device in communication with the server and operating a local mobile OS. One of the client computing device and the server may be configured to compare a notification message with a database of flagged terms to determine whether the notification message includes a flagged term. If the notification message includes the flagged term and the local mobile OS is in a locked state, the notification message is revised by replacing the flagged term with a placeholder term, and the revised notification message is displayed on a display.
    Type: Grant
    Filed: October 17, 2018
    Date of Patent: December 27, 2022
    Assignee: CITRIX SYSTEMS, INC.
    Inventors: Yuran Ou, Yang Wang
  • Patent number: 11520823
    Abstract: A content model data base stores past target information, which includes past first video information acquired in advance, reference IDs, which are linked with the past target information, and which correspond to contents, and three or more levels of degrees of content association between the past target information and the reference IDs. A first acquiring unit acquires the target information from a user terminal, a first evaluation unit looks up the content model database and acquires ID information, which includes the degrees of content association between the target information and the reference IDs, and an output unit outputs the contents corresponding to the ID information. After the output from the output unit, the ID information, acquired by the first evaluation unit, is stored in an ID history unit.
    Type: Grant
    Filed: February 13, 2020
    Date of Patent: December 6, 2022
    Assignee: INFORMATION SYSTEM ENGINEERING INC.
    Inventor: Satoshi Kuroda
  • Patent number: 11520822
    Abstract: A content model data base stores past target information, which includes past first video information acquired in advance, reference IDs, which are linked with the past target information, and which correspond to contents, and three or more levels of degrees of content association between the past target information and the reference IDs. A first acquiring unit acquires the target information from a user terminal, a first evaluation unit looks up the content model database and acquires ID information, which includes the degrees of content association between the target information and the reference IDs, and a judging unit judges the ID information. Contents that correspond to the ID information are output to the user terminal based on the result of judgment by the judging unit.
    Type: Grant
    Filed: February 13, 2020
    Date of Patent: December 6, 2022
    Assignee: INFORMATION SYSTEM ENGINEERING INC.
    Inventor: Satoshi Kuroda
  • Patent number: 11483136
    Abstract: A method for wrapped keys with access control predicates includes obtaining a cryptographic key for content. The method also includes encrypting the content using the cryptographic key and generating an encryption request. The encryption request requests that a third party cryptography service encrypts an encapsulation of the cryptographic key and an access control condition governing access to the content. The method also includes communicating the encryption request to the third party cryptography service. The encryption request includes the cryptographic key.
    Type: Grant
    Filed: December 10, 2019
    Date of Patent: October 25, 2022
    Assignee: Google LLC
    Inventors: Nicolas Lidzborski, Laetitia Estelle Baudoin
  • Patent number: 11477221
    Abstract: A system, a method, and a computer program for protecting data traffic from a communication device against fingerprinting or privacy leakage. The method can include receiving data traffic from a communication device connected to a network, analyzing the received data traffic to determine network activity or operational characteristics of the communication device, generating forged data traffic for the network based on the determined network activity or operational characteristic of the communication device, and transmitting the forged data traffic to an external communication device that is located outside the network. The forged data traffic can add an entropy factor to the data traffic from said communication device connected to the network.
    Type: Grant
    Filed: November 14, 2019
    Date of Patent: October 18, 2022
    Assignee: Saudi Arabian Oil Company
    Inventor: Salman Abdullah Alanazi
  • Patent number: 11463420
    Abstract: A method for execution by one or more storage units of a dispersed storage network (DSN). The method begins by receiving, at a first storage unit, a request for a partial task. The method continues by generating a slice request, to one or more additional storage units, when the first storage unit does not contain all encoded data slices required to execute the partial task. The method continues by receiving the at least one additional encoded data slice from the one or more additional storage units and performing the partial task on the first encoded data slice and the at least one additional encoded data slice to produce at least partial results.
    Type: Grant
    Filed: April 27, 2020
    Date of Patent: October 4, 2022
    Assignee: PURE STORAGE, INC.
    Inventors: Andrew D. Baptist, Greg R. Dhuse, Wesley B. Leggette, Jason K. Resch
  • Patent number: 11455388
    Abstract: A system and method for real-time attestation which attests to the untouchability of processors from external influences. The system and method comprise a security mechanism that extracts information about a program's full-control execution path and then validates that information with a highly isolated guard process during runtime, which is running in a trusted environment. This trusted guard application also acts as a remote attester client and sends the currently running control flow graph to a remote attestator server on demand.
    Type: Grant
    Filed: January 13, 2022
    Date of Patent: September 27, 2022
    Assignee: WEEVE.NETWORK
    Inventors: Marcus Jones, Michael-Maria Bommer
  • Patent number: 11449623
    Abstract: Systems and methods for a machine-learning driven fine-grained file access control approach are provided. According to one embodiment, a server associated with an enterprise network can obtain and store information regarding historical user behavior of users of the enterprise network by observing file access requests initiated by the users. The server receives a file access request initiated by a user, which relates to a file stored within the enterprise network in encrypted form. In response to receipt of the file access request, the server determines a risk score for the user based on multiple factors, including information regarding historical user behavior, the file access request and observed data determined based on the file access request so that based on the risk score, access to the file is permitted by returning a decryption key for the file or denied by withholding the decryption key.
    Type: Grant
    Filed: March 22, 2019
    Date of Patent: September 20, 2022
    Assignee: Fortinet, Inc.
    Inventors: Matthew J. Little, Jamie R. Graves, Carson Leonard
  • Patent number: 11438380
    Abstract: To commission an industrial automation control system, IACS, a computing device generates commands to automatically set or verify a security configuration of the IACS. The commands are generated by the computing device based on a machine-readable security baseline, and, optionally, based on a machine-readable configuration file of the IACS.
    Type: Grant
    Filed: September 14, 2018
    Date of Patent: September 6, 2022
    Assignee: ABB SCHWEIZ AG
    Inventors: Thomas Locher, Thanikesavan Sivanthi
  • Patent number: 11423083
    Abstract: A method performed by a computer system including: accessing a specification that specifies a plurality of modules to be implemented by the computer program for processing the one or more values of the one or more fields in the structured data item; transforming the specification into the computer program that implements the plurality of modules, wherein the transforming includes: for each of one or more first modules of the plurality of modules: identifying one or more second modules of the plurality of modules that each receive input that is at least partly based on an output of the first module; and formatting an output data format of the first module such that the first module outputs only one or more values of one or more fields of the structured data item.
    Type: Grant
    Filed: October 27, 2017
    Date of Patent: August 23, 2022
    Assignee: Ab Initio Technology LLC
    Inventors: Jonah Egenolf, Marshall A. Isman, Frederic Wild
  • Patent number: 11424920
    Abstract: The technology disclosed herein provides a proof-of-work key wrapping system that cryptographically controls access to data. An example method may include: selecting a set of cryptographic attributes in view of a characteristic of a computing device; obtaining, by a processing device, a cryptographic key; encrypting, by the processing device, the cryptographic key in view of the set of cryptographic attributes to produce a wrapped key; and providing the wrapped key and at least one of the cryptographic attributes to the computing device, wherein the at least one cryptographic attribute facilitates deriving the cryptographic key from the wrapped key.
    Type: Grant
    Filed: August 19, 2019
    Date of Patent: August 23, 2022
    Assignee: Red Hat, Inc.
    Inventors: Michael Hingston McLaughlin Bursell, Nathaniel Philip McCallum, Peter M. Jones
  • Patent number: 11405401
    Abstract: A system and method of providing security for an application. A request to use an application to perform an operation using information is received from an operator by a computer system. In response to receiving the request, an operator identity assurance level of the operator and characteristics of the operation using the information are determined. An operation assurance level for the operation is determined based on the characteristics of the operation using the information. It is determined whether the operator identity assurance level of the operator satisfies the operation assurance level for the operation. The operator is allowed to use the application to perform the operation using the information in response to a determination that the operator identity assurance level of the operator satisfies the operation assurance level for the operation.
    Type: Grant
    Filed: May 21, 2020
    Date of Patent: August 2, 2022
    Assignee: ADP, Inc.
    Inventors: Steffen Fohn, Mitchel Maio, Juan Andrade
  • Patent number: 11392698
    Abstract: The present disclosure is directed to systems and methods of detecting a side-channel attack detecting a translation lookaside buffer (TLB) miss on a virtual address lookup caused by the speculative execution of an instruction and determining that the physical memory address associated with the virtual address lookup contains a privileged object or a secret object. Range register circuitry determines whether the physical memory address is located in an address range containing privileged objects or secret objects. Performance monitoring counter (PMC) circuitry generates an interrupt in response to receipt of information indicative of the TLB miss and information indicative that the physical memory address contains a privileged object or a secret object. The PMC circuitry causes the storage of information associated with the speculatively executed instruction causing the virtual address lookup.
    Type: Grant
    Filed: March 15, 2019
    Date of Patent: July 19, 2022
    Assignee: Intel Corporation
    Inventors: Chaim Shen-Orr, Baruch Chaikin, Ahmad Yasin, Reuven Elbaum
  • Patent number: 11368433
    Abstract: Private network request forwarding can include receiving a request from a user for Internet services over a public network. Private network request forwarding can include analyzing the request and determining whether the request is legitimate. Private network request forwarding can include forwarding the request to an entity through a private network when it is determined that the request is legitimate, wherein the user has access to the entity through a proxy.
    Type: Grant
    Filed: May 22, 2020
    Date of Patent: June 21, 2022
    Assignee: United Services Automobile Association (USAA)
    Inventors: Donald E. Clemons, Christopher Thomas Wilkinson
  • Patent number: 11349812
    Abstract: Described embodiments provide systems and methods for learning across multiple application delivery controllers and updating settings across the application delivery controllers. A profile can be generated based on selection of a set of intermediary devices managed by a device. The set of intermediary devices configured to load balance data of an application hosted in different computing environments. Activity can be identified at the intermediary devices with use of a firewall. The activity having an appearance of a malicious attack on at least one intermediary device of the set. The device can determine if the activity is permissible or a violation based on a comparison of an aggregation of data records for the identified activity and a threshold. The device can provide a notification to at least one intermediary device of the set to configure the at least one intermediary device to allow the activity or prevent the activity.
    Type: Grant
    Filed: December 10, 2020
    Date of Patent: May 31, 2022
    Assignee: Citrix Systems, Inc.
    Inventors: Gourish K Biradar, Kasirao Velugu, Vamshi Raghav, Ratnesh Singh Thakur, Rama Rao Katta, Srinivasa Reddy Kasu, Kapil Jaisinghani, Satyendra Tiwari
  • Patent number: 11349671
    Abstract: Techniques are disclosed relating to authenticating communications. A computer system may generate a master private key usable to derive user-specific private keys for a plurality of users hosted by a particular application. The computer system may generate master public configuration information usable to derive user-specific public keys for the plurality of users. The computer system may send that configuration information to a directory service accessible to applications that communicate with the particular application. The computer system may receive, from the particular application, a request for a user-specific private key for one of the plurality of users. The request may include an identifier of the user. The computer system may perform a key derivation function to generate a particular user-specific private key based on the master private key and the identifier of the user. The computer system may send the particular user-specific private key to the particular application.
    Type: Grant
    Filed: January 24, 2019
    Date of Patent: May 31, 2022
    Assignee: salesforce.com, inc.
    Inventor: Koson Thambundit
  • Patent number: 11328042
    Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.
    Type: Grant
    Filed: May 6, 2020
    Date of Patent: May 10, 2022
    Assignee: Winkk, Inc.
    Inventor: Robert O. Keith, Jr.
  • Patent number: 11323455
    Abstract: Methods and systems are provided for preventing unauthorized communication with an end device on a network, the system comprising an external device and a communication device.
    Type: Grant
    Filed: May 14, 2019
    Date of Patent: May 3, 2022
    Assignee: SCHNEIDER ELECTRIC IT CORPORATION
    Inventor: Gary R. Ware
  • Patent number: 11314605
    Abstract: Embodiments for providing automated selection of optimal disk types for virtualized storage by defining a minimum number of backup samples, selecting, if the minimum number of backup samples is not met for a backup operation, a solid state drive (SSD) for a virtual machine (VM) storage for a disaster recovery operation, otherwise selecting a hard disk drive (HDD) for the VM storage. The method further defines a cold HDD threshold (CHT) value and a minimal percentage of backups (PPT) value, and obtains a cold backup count based on the CHT value. It compares a ratio of the cold backup count to an amount of backups (AB) for the disaster recovery operation to the defined PPT value, and if the ratio is greater than the PPT value, it selects the SSD rather than HDD for the VM storage.
    Type: Grant
    Filed: August 3, 2020
    Date of Patent: April 26, 2022
    Assignee: EMC IP Holding Company LLC
    Inventors: Boris Shpilyuck, Jehuda Shemer, Tomer Kushnir
  • Patent number: 11310283
    Abstract: The present disclosure relates to systems, methods, and computer-readable media for implementing an efficient and flexible policy-driven approach to securing a computing device. For example, systems disclosed herein can identify any number of security policies including configuration states associated with configuration settings of a client device. The systems disclosed herein can further enforce the security policies by performing an enforcement operation including an idempotent operation that enables a computing device to both diagnose as well as remedy security issues identified by an agent on a computing device. The systems disclosed herein further include features and functionality that enable a computing device to be compliant with multiple security standards without performing redundant enforcement operations.
    Type: Grant
    Filed: September 7, 2018
    Date of Patent: April 19, 2022
    Assignee: VMWARE, INC.
    Inventor: Thomas S. Hatch
  • Patent number: 11296885
    Abstract: An embodiment of the present invention is directed to a Channel Dynamic Multifactor Authentication. This solution provides the capability to select a multifactor authentication channel (e.g., email, SMS, etc.) dynamically based on multiple sources of risk scoring input data. The risk decision engine may determine an optimal lowest risk delivery channel for delivery of a one-time passcode and/or implement an additional or alternative mechanism for user authentication or verification.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: April 5, 2022
    Assignee: JPMORGAN CHASE BANK, N.A.
    Inventors: Eric Everson, Benjamin R. Cohen, Tim Skeen, Kurt A. Baskette
  • Patent number: 11290481
    Abstract: A tool uses a graph-based approach to analyze scripts to determine whether the scripts pose security threats when executed. The tool breaks down scripts into component steps and generates a graph based on those steps. The tool then converts the graph into a vector and compares that vector with clusters of other vectors. Based on that comparison, the tool determines whether the script will cause a security vulnerability. If the script causes a security threat when executed, the script may be prevented from executing.
    Type: Grant
    Filed: July 9, 2020
    Date of Patent: March 29, 2022
    Assignee: Bank of America Corporation
    Inventors: Karthikeyan Janakiraman, Madhusudhanan Krishnamoorthy
  • Patent number: 11258763
    Abstract: A computing device is configured to retrieve network security configuration information from a computer network and generate a security configuration map which readily enables a user to detect defects in the security configuration with respect to a security policy. The computing device retrieves firewall configurations from security appliances in the network which operate firewalls, and processes the firewall configurations to generate a set of corresponding standardized firewall configurations. These are processed to identify enclaves containing network nodes which are associated with respective security sensitivity values based on the security policy. The computing device monitors and detects inter-node network traffic.
    Type: Grant
    Filed: November 21, 2017
    Date of Patent: February 22, 2022
    Assignee: CYBERNETIQ, INC.
    Inventors: Joseph Cummins, Jonathan Wong
  • Patent number: 11258800
    Abstract: Embodiments of the present disclosure relate to managing admin-controlled access of external resources to group-based communication interfaces associated with an organization, via a group-based communication system including APIs for improved external resource permissioning, provisioning, and access handling. Embodiments include methods, computer program products, apparatuses, and systems configured to receive an external resource access request, determine an organization identifier, obtain an admin response indication, set an external resource permission status for the external resource based on the admin response indication, and cause rendering of the requested group-based communication interface based on the admin response indication. Embodiments further relate to provisioning and handling requests for services associated with an external resource by managing one or more single-interface access tokens linked to a multi-interface access token.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: February 22, 2022
    Assignee: Slack Technologies, LLC
    Inventors: Salman Suhail, Saurabh Sahni, Kefan Xie, Emilio Aurea, Shilpi Sanchetee, Nupur Goyal, Carly Robinson
  • Patent number: 11159535
    Abstract: A method for controlling a device includes: sending a command signed by an operator's signature to a server; verifying, in the server, that the operator is authenticated to transmit the command; assigning, in the server, a criticality level and an authorization level to the command; depending on the criticality level and the authorization level, sending an approval request relating to the command to at least one control user; approving or denying the approval request by at least a subset of the at least one control user; sending the denied or approved approval request back to the server; determining, in the server, whether the command was approved by sufficiently many control users based on the criticality level and the authorization level; and sending the command to the device for being carried out by the device in case the command was approved by sufficiently many control users, wherein at last one of the at least one control user and the operator is remote from each other.
    Type: Grant
    Filed: October 16, 2018
    Date of Patent: October 26, 2021
    Assignee: ABB Schweiz AG
    Inventors: Roman Schlegel, Thomas Locher