Computer Program Modification Detection By Cryptography Patents (Class 713/187)
  • Patent number: 11829773
    Abstract: A network device may load, via a boot ROM application, a provider bootloader application from a memory of the network device and may calculate a first hash value based on decrypting a provider bootloader signature with a provider public key. The network device may calculate a second hash value based on the provider bootloader application and may utilize, when the first hash value and the second hash value are equivalent, the provider bootloader application to load an original equipment manufacturer (OEM) bootloader application from the memory. The network device may calculate a third hash value based on decrypting an OEM bootloader signature with one of a plurality of OEM public keys. The network device may calculate a fourth hash value based on the OEM bootloader application. The network device may complete, when the third hash value and the fourth hash value are equivalent, a boot process for the network device.
    Type: Grant
    Filed: June 11, 2020
    Date of Patent: November 28, 2023
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Young Rak Choi, Warren Hojilla Uy, Dayong He, Manuel Enrique Caceres
  • Patent number: 11824877
    Abstract: A system and method for anomaly interpretation and mitigation. A method includes extracting at least one input feature vector from observation data related to an observation; applying an isolation forest to the at least one input feature vector, wherein the isolation forest includes a plurality of estimators, wherein each estimator is a decision tree, wherein the output of each estimator is a split-path of a plurality of split-paths, each split-path having a path-length and including name and a corresponding value for a respective output feature of a plurality of output features; generating a mapping object based on the application of the isolation forest to the at least one feature vector, wherein the mapping object includes the plurality of split-paths; clipping the mapping object based on the path-length of each split-path; and determining at least one mitigation action based on the clipped mapping object.
    Type: Grant
    Filed: November 10, 2020
    Date of Patent: November 21, 2023
    Assignee: ARMIS SECURITY LTD.
    Inventors: Yuval Friedlander, Ron Shoham, Gil Ben Zvi, Tom Hanetz
  • Patent number: 11811810
    Abstract: A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.
    Type: Grant
    Filed: September 23, 2021
    Date of Patent: November 7, 2023
    Assignee: Centripetal Networks, LLC
    Inventors: David K. Ahn, Sean Moore, Douglas M. Disabello
  • Patent number: 11803538
    Abstract: The present disclosure discloses a method, a related apparatus and storage medium for distributed transaction processing. The method includes: obtaining, by a distributed transaction processing device, a distributed transaction processing request; writing, by the distributed transaction processing device, a commit log corresponding to the distributed transaction processing request to a second object database set in the target database cluster, the commit log comprising a commit indication result; obtaining, by the distributed transaction processing device after the distributed transaction processing device resumes distributed transaction processing, the commit log from the second object database set; and performing, by the distributed transaction processing device when the commit indication result in the commit log instructs to commit the processing operation on the account data in the N accounts, the processing operation on the account data in the N accounts.
    Type: Grant
    Filed: July 27, 2020
    Date of Patent: October 31, 2023
    Assignee: Tencent Technology (Shenzhen) Company Limited
    Inventors: Wei Zhao, Hao Tang, Dongzhi Zhao
  • Patent number: 11755773
    Abstract: Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information. A user additionally is able to have user data and/or third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal.
    Type: Grant
    Filed: June 16, 2022
    Date of Patent: September 12, 2023
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Lila Fakhraie, Brian M. Pearce, Steven Pulido, Benjamin Soccorsy, James Stahley, Mojdeh Tomsich
  • Patent number: 11689354
    Abstract: The present disclosure relates generally to systems and methods for content authentication. A method can include receiving from a sender system transmitted content (C) and appended content, the appended content including a digital signature associated with the content (C) and a hash tree (“SHT”) associated with the content (C), generating with a signature engine a hash tree (“RHT”) from the content (C), cryptographically verifying the received digital signature to generate a resultant hash value, comparing the resultant hash value to the second hash value of the second root node, determining that the second hash value of the second root node does not match the resultant hash value, identifying a potentially corrupted portion of content (C) via comparison of at least some of the plurality of first nodes of SHT to corresponding second nodes of RHT, and indicating that the digital signature could not be verified.
    Type: Grant
    Filed: October 7, 2020
    Date of Patent: June 27, 2023
    Assignee: Oracle International Corporation
    Inventors: Karthik Venkatesh, Saikat Chakrabarti, Pratibha Anjali Dohare
  • Patent number: 11675570
    Abstract: In one embodiment, a method for developing a virtual programmable logic controller (PLC) application using a graphical user interface (GUI) is disclosed. The method including receiving, from a first portion of the GUI representing a tool box, a first selection of a first object from a set of objects represented in the GUI, wherein each of the set of objects performs a respective function. The method also includes inserting, into a horizontal section of a second portion of the GUI representing the virtual PLC application, the first object, wherein the horizontal section includes a second object that executes simultaneously as the first object in the horizontal section. The method also includes compiling code implementing the first object and the second object to generate the virtual PLC application, and adding a shortcut of the virtual PLC application to a virtual tray of an operating system.
    Type: Grant
    Filed: January 24, 2022
    Date of Patent: June 13, 2023
    Assignee: Programmable Logic Consulting, LLC
    Inventor: Harold Bayless
  • Patent number: 11651359
    Abstract: A system has a storage medium encoded with program instructions, and a processor coupled to access the program instructions. The instructions configure the processor for: receiving a first request at a POS terminal to surrender a previously purchased first asset in exchange for at least a portion of a second asset that was used to purchase the first asset, receiving the private key from the first asset; accessing a set of rules stored in a distributed electronic ledger, the set of rules specifying conditions associated with the first request; transmitting an authorization to return the at least a portion of the second asset in exchange for surrender of the first asset, in the case where the conditions are satisfied; and invalidating the first request in the case where one or more of the conditions are not satisfied.
    Type: Grant
    Filed: October 5, 2016
    Date of Patent: May 16, 2023
    Assignee: The Toronto-Dominion Bank
    Inventors: Ian James McDonald, Adam Douglas McPhee, Perry Aaron Jones Haldenby, Paul Mon-Wah Chan, John Jong Suk Lee
  • Patent number: 11625304
    Abstract: An apparatus, method, and system for updating a file index in a search engine in a data backup system to reflect file changes introduced in a new backup is disclosed. The operations comprise: generating a first external file, the first external file comprising file hashes for files already indexed in a file index in a search engine of a data backup storage system that are not associated with a deleted status; generating a second external file, the second external file comprising file hashes for files in a new backup; determining one or more file changes introduced in the new backup based on a comparison between the first external file and the second external file; and updating the file index in the search engine to reflect the one or more file changes introduced in the new backup.
    Type: Grant
    Filed: April 26, 2019
    Date of Patent: April 11, 2023
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: James Morton, Lihui Su, Yubing Zhang, Ming Zhang, Yujun Liang
  • Patent number: 11620385
    Abstract: A vehicle control device that verifies integrity of a program within a higher-importance region containing a start-up program; and that verifies integrity of a program within a lower-importance region in a state in which the program within the higher-importance region has been started up by the start-up program.
    Type: Grant
    Filed: January 13, 2020
    Date of Patent: April 4, 2023
    Assignee: TOYOTA JIDOSHA KABUSHIKI KAISHA
    Inventors: Keita Goto, Yusuke Sato
  • Patent number: 11593488
    Abstract: A system for a cryptographic agile bootloader for upgradable secure computing environment, the cryptographic agile bootloader comprising a computing device associated with a first bootloader is presented. The computing device includes a secure root of trust, the secure root of trust configured to produce a first secret and a second secret and a processor. The processor is configured to load a second bootloader, wherein the second bootloader is configured to generate a secret-specific public datum as a function of the second secret, wherein the secret-specific public datum further comprises a bootloader measurement, load a first bootloader, wherein the first bootloader is configured to sign the secret-specific public datum as a function of the first secret, and replace the first bootloader with the second bootloader.
    Type: Grant
    Filed: October 28, 2021
    Date of Patent: February 28, 2023
    Assignee: Ares Technologies, Inc.
    Inventors: Christian Wentz, Ilia Lebedev, Anna Lysyanskaya
  • Patent number: 11562095
    Abstract: A database protection system (DPS) mitigates injection attacks. DPS receives an unrestricted database query, extract a syntax tree, and evaluates whether it recognizes the query. To this end, DPS applies a hash function over the extracted syntax tree, and then determines whether the resulting hash has been seen by DPS before. If so, DPS retrieves a previously-generated prepared statement associated with the syntax tree, and that prepared statement is then forward to the database server in lieu of sending the original query. If the syntax tree is not recognized, DPS creates a new prepared statement, generates a hash of the syntax tree, and stores the hash and the new prepared statement, and forwards the new prepared statement. The prepared statements are configured based on the native wire protocol used by the database server, and DPS includes additional functionality by which it can learn the semantics of this protocol if necessary.
    Type: Grant
    Filed: January 28, 2021
    Date of Patent: January 24, 2023
    Assignee: International Business Machines Corporation
    Inventors: Galia Diamant, Leonid Rodniansky, Cheng-Ta Lee, Chun-Shuo Lin, Richard Ory Jerrell
  • Patent number: 11544384
    Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.
    Type: Grant
    Filed: April 12, 2019
    Date of Patent: January 3, 2023
    Assignee: International Business Machines Corporation
    Inventors: Kristofer A. Duer, John T. Peyton, Jr., Babita Sharma, David E. Stewart, Jason N. Todd, Shu Wang
  • Patent number: 11537709
    Abstract: The present invention relates to a device (1) such as a connected object comprising a first electronic circuit (2) comprising: a first processing unit (6) for executing a program, a first memory (8) for memorizing data during the execution of the program, a debug port (10) dedicated to checking the execution of the program from outside the first circuit, a second electronic circuit (4) connected to the debug port (10), comprising: a second memory (14) memorizing reference data related to the program, a second processing unit (12) for implementing the following steps automatically and autonomously via the debug port (10): checking the integrity of the data memorized by the first memory (8) and/or the compliance of the program's execution by the first processing unit (6) with a reference execution, assisted by the reference data.
    Type: Grant
    Filed: June 25, 2020
    Date of Patent: December 27, 2022
    Assignee: IDEMIA IDENTITY & SECURITY FRANCE
    Inventors: Fabien Blanco, Jean-Yves Bernard
  • Patent number: 11496317
    Abstract: A method of validating software including maintaining, in a trusted computing system, a copy of at least portions of data of the software, the software comprising data in an untrusted computing system. The method includes, with the trusted computing system, specifying selected data from data included in the copy as hash data, generating an executable file for generating a hash based on the specified hash data, executing the executable file to generate a check hash using the specified selected data from the copy as the hash data, and determining whether the software is valid based, at least in part, on a comparison of the check hash to an access hash generated by execution of the executable file by the untrusted computing system using the specified selected data from the untrusted computing system as the hash data.
    Type: Grant
    Filed: January 21, 2016
    Date of Patent: November 8, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Chris Tofts, Brian Quentin Monahan, Adrian John Baldwin
  • Patent number: 11468171
    Abstract: A variety of applications can include apparatus and/or methods of controlling a secure boot mode for a memory system. In an embodiment, a system includes a memory component and a processing device, where the processing device is configured to control a boot process for the system to operate the memory component and perform a cryptographic verification with a host to conduct an authentication of the host. The processing device can interact with the host, in response to the authentication, to receive a setting to control the boot process in a secure boot mode. The processing can interact with another processing device of the system to store the setting and to receive a secure boot signal from the other processing device, where the secure boot signal is a signal to assert or de-assert the secure boot mode depending on a value of the setting. Additional apparatus, systems, and methods are disclosed.
    Type: Grant
    Filed: November 25, 2020
    Date of Patent: October 11, 2022
    Assignee: Micron Technology, Inc.
    Inventors: Robert W. Strong, Dustin J. Carter, Neil Levine
  • Patent number: 11449331
    Abstract: Disclosed is a vehicular update system including a communication device configured to communicate between a server and a controller included in a vehicle, a memory, and a controller configured to, (i) when a public key set including a root public key for verifying a root signature is stored in the memory, acquire the root signature from the server and verify root metadata based on the acquired root signature and the root public key of the public key set pre-stored in the memory, and configured to, (ii) when the public key set is not stored in the memory, acquire, from the server, root metadata including a public key set and a root signature obtained by performing a digital signature on a hash value of the public key set using a root private key, verify the root metadata based on the root public key of the acquired root metadata and the root signature, and store the public key set.
    Type: Grant
    Filed: January 25, 2018
    Date of Patent: September 20, 2022
    Assignee: LG ELECTRONICS INC.
    Inventors: Junsang Park, Sangwook Lee, Kyusuk Han
  • Patent number: 11449264
    Abstract: A processing device receives a command to arm a memory device for self-destruction. In response to the command, a self-destruction countdown timer is commenced. An expiry of the self-destruction countdown timer and based on detecting the expiry of the self-destruction countdown timer, data stored by the memory device is destructed.
    Type: Grant
    Filed: May 13, 2020
    Date of Patent: September 20, 2022
    Assignee: Micron Technology, Inc.
    Inventor: Robert W. Strong
  • Patent number: 11423160
    Abstract: A virtual environment system for validating executable data using authorized hash outputs is provided. In particular, the system may generate a virtual environment using a virtual environment device, where the virtual environment is logically and/or physically separated from other devices and/or environments within the network. The system may then open a specified set of executable data within the virtual environment and perform a set of commands or processes with respect to the executable data. If the system determines that the executable data is unsafe to run, the system may generate a hash output of the executable data and store the hash output in a database of unauthorized executable data. In this way, the system may securely generate a repository of authorized and unauthorized hashes such that the system may ensure that unsafe executable data is blocked from being processed within a network environment.
    Type: Grant
    Filed: April 16, 2020
    Date of Patent: August 23, 2022
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: George Albero, Emanuel David Guller, Edward Lee Traywick, Scot Lincoln Daniels, Rick Wayne Sumrall, Elijah Clark, Konata Stinson, Jake Michael Yara
  • Patent number: 11424909
    Abstract: A system and method secures data including sensitive data parts for exporting and securely analyzes the secure exported data. In one embodiment, the secure data may be analyzed using at least two compute elements. In one embodiment, the system may use the AES process to secure the sensitive parts of the data.
    Type: Grant
    Filed: December 10, 2019
    Date of Patent: August 23, 2022
    Assignee: BAFFLE, INC.
    Inventors: Ameesh Divatia, Harold Byun
  • Patent number: 11418333
    Abstract: A system includes a communication channel monitor configured to calculate a hash value of a first encrypted code segment based on a measurement. A security module may derive a first encryption key using a key decryption function operation from the hash value of the first encrypted code segment. A processor decrypts the first encrypted code segment with a seed key retrieved from a storage device, and if the decryption is successful then executes the first decrypted code segment. The processor may retrieve a second one of the encrypted code segments, wherein the second encrypted code segment is a next encrypted code segment for execution after the first encrypted code segment according to a sequence of execution, decrypt the second encrypted code segment with the first encryption key, and if the decryption is successful then execute the second decrypted code segment.
    Type: Grant
    Filed: January 10, 2020
    Date of Patent: August 16, 2022
    Assignee: Dell Products L.P.
    Inventors: Nicholas D. Grobelny, Richard M. Tonry, Balasingh P. Samuel
  • Patent number: 11343258
    Abstract: Methods and devices for determining whether a mobile device has been compromised. The mobile device has a managed portion of memory and an unmanaged portion of memory, a managed profile and an unmanaged profile, and the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory. The managed profile is governed by a device policy set by a remote administrator. File tree structure information for the managed profile of the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in the managed portion of memory. It is determined from the file tree structure information that the mobile device has been compromised and, based on that determination, an action is taken.
    Type: Grant
    Filed: August 15, 2019
    Date of Patent: May 24, 2022
    Assignee: BlackBerry Limited
    Inventors: Chang Fung Yang, Robert Joseph Lombardi, Chi Hing Ng, Johnathan George White
  • Patent number: 11343230
    Abstract: A method for configuring resources at an information handling system may include determining, during initialization, a wide area network (WAN) Internet Protocol (IP) address associated with the information handling system, and retrieving a list of trusted IP addresses from a storage location at the information handling system. The method may further include configuring a first resource at the information handling system to operate in a first state in response to determining that the WAN IP address is included at the list of trusted IP addresses, and configuring the first resource at the information handling system to operate in a second state in response to determining that the WAN IP address is not included at the list of trusted IP addresses.
    Type: Grant
    Filed: June 9, 2020
    Date of Patent: May 24, 2022
    Assignee: Dell Products L.P.
    Inventors: Ibrahim Sayyed, Daniel L. Hamlin
  • Patent number: 11334670
    Abstract: The present disclosure relates to a method for integrity verification of a software stack or part of a software stack resident on a host machine. A management entity generates a measurement log for a disk image associated with the software stack or the part of a software stack. A verifier entity retrieves the generated measurement log and compares the generated measurement log with a reference measurement of a verification profile previously assigned by the verifier entity to the software stack or the part of a software stack to verify the software stack or the part of a software stack.
    Type: Grant
    Filed: January 28, 2020
    Date of Patent: May 17, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Sidnei Roberto Selzler Franco, Ludovic Emmanuel Paul Noel Jacquin, Jonathan Meller, Guilherme De Campos Magalhaes
  • Patent number: 11323506
    Abstract: Sharing data in a data exchange across multiple cloud computing platforms and/or cloud computing platform regions is described. An example computer-implemented method can include receiving data sharing information from a data provider for sharing a data set in a data exchange from a first cloud computing entity to a set of second cloud computing entities. In response to receiving the data sharing information, the method may also include creating an account with each of the set of second cloud computing entities. The method may also further include sharing the data set from the first cloud computing entity with the set of second cloud computing entities using at least the corresponding account of that second cloud computing entity.
    Type: Grant
    Filed: July 16, 2021
    Date of Patent: May 3, 2022
    Assignee: Snowflake Inc.
    Inventors: Pui Kei Johnston Chu, Benoit Dageville, Matthew Glickman, Christian Kleinerman, Prasanna Krishnan, Justin Langseth
  • Patent number: 11301561
    Abstract: A method performed by one or more processors, and an apparatus is disclosed. The method may comprise identifying a request from a custom computer program within a sandbox to perform an operation not permitted within the sandbox, and receiving a first indication of security privileges associated with a provider of the custom computer program. The method may also comprise selectively causing the operation to be performed based on the first indication of security privileges.
    Type: Grant
    Filed: January 11, 2019
    Date of Patent: April 12, 2022
    Assignee: Palantir Technologies Inc.
    Inventors: Thomas Powell, Kyle Patron, Mark Elliot
  • Patent number: 11281778
    Abstract: A method of verifying an application, according to an embodiment, includes: storing application codes; loading a part of the application codes into a memory; and verifying the application by using the codes loaded into the memory.
    Type: Grant
    Filed: November 28, 2016
    Date of Patent: March 22, 2022
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Dong-uk Kim, Ji-hoon Kim, Chang-sup Ahn
  • Patent number: 11281472
    Abstract: An information handling system includes a basic input/output system having a virtual advanced configuration and power interface device. A processor may download a device driver for a particular virtual advanced configuration and power interface device, wherein the device driver includes a code for a security feature and a signed file that includes a list of identifiers of compromised information handling systems. The processor may determine whether the information handling system is compromised based on the list of identifiers of compromised information handling systems in the signed file, and execute the code for the security feature.
    Type: Grant
    Filed: February 3, 2020
    Date of Patent: March 22, 2022
    Assignee: Dell Products L.P.
    Inventors: Craig Chaiken, Balasingh P. Samuel, Steven Downum
  • Patent number: 11277480
    Abstract: A computer system, method, and device perform targeted acquisition of data. The system includes an examiner device having a processor and a memory, an agent in the form of an executable program for finding and transferring targeted data, and a target endpoint system. The examiner device is configured to deploy the agent to the target endpoint system. The agent is configured to establish a connection with the examiner device. The examiner device is configured to send a request for targeted data to the agent. The agent is configured to locate the targeted data on the target endpoint system. The agent is configured to transfer the targeted data to the examiner device.
    Type: Grant
    Filed: September 30, 2020
    Date of Patent: March 15, 2022
    Assignee: Magnet Forensics Investco Inc.
    Inventors: Jad John Saliba, Andrew Gordon Roberts, Nicholas Bruce Alexander Cosentino, Kevin Brightwell
  • Patent number: 11275834
    Abstract: Systems and method of identifying malware in backups are provided. Backups are subjected to analysis for malware signatures based on malware signature files that are received after the backup is produced. This approach allows the distinction between clean and infected restore points. The testing of backups for malware infection may be performed by a backup provider or an third party.
    Type: Grant
    Filed: January 12, 2018
    Date of Patent: March 15, 2022
    Inventors: Richard Offer, Jennifer Coopersmith
  • Patent number: 11269986
    Abstract: A memory stores a program to be executed by a microprocessor. The program includes a first program part and a second program part. An authenticator is configured to authenticate the program and includes a module that is external to the microprocessor and configured to authenticate said first program part when the microprocessor is inactive. The authenticator further activates the microprocessor to execute the first program part and authenticate said second program part using instructions of the first program part if the module has authenticated the first program part. The microprocessor then executes the second program part if the microprocessor has authenticated said second program part.
    Type: Grant
    Filed: October 22, 2019
    Date of Patent: March 8, 2022
    Assignees: STMicroelectronics (Grand Ouest) SAS, STMicroelectronics (Rousset) SAS
    Inventors: Vincent Berthelot, Layachi Daineche
  • Patent number: 11238151
    Abstract: There is provided a method of patching a binary having vulnerability which is performed by a computing device. The method comprises loading a first binary to be patched, into a memory, generating a second binary by patching to call a stack frame initialization function from a vulnerable function of the first binary, executing the stack frame initialization function by calling the vulnerable function when the second binary is executed and initializing a stack frame area of the vulnerable function so as to automatically initialize a variable declared in the vulnerable function.
    Type: Grant
    Filed: November 13, 2018
    Date of Patent: February 1, 2022
    Assignee: KOREA INTERNET & SECURITY AGENCY
    Inventors: Hwan Kuk Kim, Tae Eun Kim, Dae Il Jang, Han Chul Bae, Jong Ki Kim, Soo Jin Yoon, Jee Soo Jurn, Geon Bae Na
  • Patent number: 11232195
    Abstract: The disclosure relates to systems and methods for managing state using relatively small assistance from protected hardware. Obfuscated code segments may communicate with supporting protected hardware, store encrypted state values in main memory, and/or communicate via secure channels to secure platform hardware components. In various embodiments, consistent state may be achieved, at least in part, by computing secure tag information and storing the secure tag information in a secure and/or otherwise protected device register. Consistent with embodiments disclosed herein, the tag information may be used to derive keys used to encrypt and/or decrypt stored state information. Tag information may further be used in connection with verification operations prior to using the information to derive associated keys.
    Type: Grant
    Filed: July 29, 2020
    Date of Patent: January 25, 2022
    Assignee: Intertrust Technologies Corporation
    Inventor: Stephen G. Mitchell
  • Patent number: 11231911
    Abstract: In one embodiment, a method for developing a virtual programmable logic controller (PLC) application using a graphical user interface (GUI) is disclosed. The method including receiving, from a first portion of the GUI representing a tool box, a first selection of a first object from a set of objects represented in the GUI, wherein each of the set of objects performs a respective function. The method also includes inserting, into a horizontal section of a second portion of the GUI representing the virtual PLC application, the first object, wherein the horizontal section includes a second object that executes simultaneously as the first object in the horizontal section. The method also includes compiling code implementing the first object and the second object to generate the virtual PLC application, and adding a shortcut of the virtual PLC application to a virtual tray of an operating system.
    Type: Grant
    Filed: February 25, 2021
    Date of Patent: January 25, 2022
    Assignee: PROGRAMMABLE LOGIC CONSULTING, LLC
    Inventor: Harold Bayless
  • Patent number: 11232199
    Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to defend against dynamic-link library (DLL) side-loading attacks. An example apparatus includes a fingerprint generator to determine a first DLL fingerprint of a first DLL stored at a first OS path referenced by an operating system (OS) event generated by a computing device, and, in response to determining that a second DLL having the same name as the first DLL is stored at a second OS path superseding the first OS path, determine a second DLL fingerprint of the second DLL, a fingerprint comparator to determine whether at least one of the first or the second DLL fingerprint satisfies a deviation threshold based on a comparison of the first and the second DLL fingerprint to a reference DLL fingerprint, and a security action enforcer to execute a security action to protect a computing device from an attack.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: January 25, 2022
    Assignee: MCAFEE, LLC
    Inventors: Craig Schmugar, Jyothi Mehandale
  • Patent number: 11216389
    Abstract: A container from a first root of trust associated with a first root entity may be received. The container may correspond to a mapping of a resource of an integrated circuit that is associated with the first root entity. The container may be verified based on a key that corresponds to the first root of trust and that is stored in the integrated circuit at manufacturing of the integrated circuit. An identification may be made that an assignment of the resource from the container corresponds to assigning the resource from the first root of trust to a new root of trust. A new key corresponding to the new root of trust may be generated. Information corresponding to the new key may be stored into a memory of the integrated circuit. Furthermore, the new key may be used to delegate the resource to a subsequent container.
    Type: Grant
    Filed: December 1, 2016
    Date of Patent: January 4, 2022
    Assignee: CRYPTOGRAPHY RESEARCH, INC.
    Inventors: Ambuj Kumar, William Craig Rawlings
  • Patent number: 11218497
    Abstract: A technique includes determining relations among a plurality of entities that are associated with a computer system; and selectively grouping behavior anomalies that are exhibited by the plurality of entities into collections based at least in part on the determined relations among the entities. The technique includes selectively reporting the collections to a security operations center.
    Type: Grant
    Filed: February 20, 2017
    Date of Patent: January 4, 2022
    Assignee: Micro Focus LLC
    Inventors: Tomasz Jaroslaw Bania, William G. Horne, Pratyusa K. Manadhata, Tomas Sander
  • Patent number: 11204992
    Abstract: The disclosed computer-implemented method for safely executing unreliable malware may include (i) intercepting a call to an application programming interface (API) in a computing operating system, the API being utilized by malware for disseminating malicious code, (ii) determining an incompatibility between the API call and the computing operating system that prevents successful execution of the API call, (iii) creating a proxy container for receiving the API call, (iv) modifying, utilizing the proxy container, the API call to be compatible with the computing operating system, (v) sending the modified API call from the proxy container to the computing operating system for retrieving the API utilized by the malware, and (vi) performing a security action during a threat analysis of the malware by executing the API to disseminate the malicious code in a sandboxed environment. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 4, 2019
    Date of Patent: December 21, 2021
    Assignee: CA, INC.
    Inventors: Bahaa Naamneh, Felix Leder
  • Patent number: 11194908
    Abstract: Synthesizing sanitization code for applications based upon a probabilistic prediction model includes receiving a set of applications. The set of applications is partitioned into a first subset of applications and a second subset of applications. The first subset has one or more malicious payloads associated therewith, and the second subset has one or more non-malicious payloads associated therewith. A probabilistic prediction model is computed based upon the malicious payloads associated with the first subset of applications. One or more predicted malicious payloads are predicted from the probabilistic prediction model.
    Type: Grant
    Filed: January 8, 2019
    Date of Patent: December 7, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Peng Liu, Yunhui Zheng, Marco Pistoia, Omer Tripp
  • Patent number: 11190358
    Abstract: An acceptance hash code is disclosed herein. An acceptance hash code is a value generated by a device using a hash function. The acceptance hash code itself may represent a legally enforceable document. The acceptance hash code may be structured in a manner such that a device operated by a user can transmit a legally enforceable document over a network using a smaller file size than is possible with conventional secure transaction techniques. In addition, the manner in which the acceptance hash code is generated allows a receiving device to verify that the document elements of the document are as expected and to verify an identity of a user that allegedly executed the document. Thus, even if a malicious user attempts to alter document elements or perform other fraudulent activity, the receiving device can use the acceptance hash code to identify such activity and prevent a transaction from being completed.
    Type: Grant
    Filed: August 9, 2018
    Date of Patent: November 30, 2021
    Assignee: Secure Open Systems, Inc.
    Inventor: David Duane Bettger
  • Patent number: 11189164
    Abstract: The present disclosure is directed to methods and apparatus that manage the flow of traffic. Methods and systems consistent with the present disclosure may allow biometric information of individuals to be collected when access privileges associated with particular individuals are validated or updated. These methods may allow a supervisor to temporarily or permanently authorize certain employees to access components that are located within a traffic control cabinet and these methods may allow changes in traffic signal light timing to be authorized according to a set of rules. Such authorization rules may require proposed signal light timing changes to be approved by a supervisor before a proposed change is implemented. Methods and systems consistent with the present disclosure may also cause components within a control cabinet to be disabled or disconnected when a signal light control cabinet is accessed by unauthorized persons.
    Type: Grant
    Filed: April 25, 2019
    Date of Patent: November 30, 2021
    Assignee: Cubic Corporation
    Inventor: William S. Overstreet
  • Patent number: 11151256
    Abstract: Systems and methods for detecting IHS attacks by monitoring chains of configuration changes made to Basic Input/Output System (BIOS) or Unified Extensible Firmware Interface (UEFI) attributes are described. In some embodiments, an IHS may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: monitor a chain of BIOS/UEFI configuration changes; compare the chain of BIOS/UEFI configuration changes against an Indication of Attack (IoA); and report an alert in response to the chain of BIOS/UEFI configuration changes matching the IoA.
    Type: Grant
    Filed: May 13, 2019
    Date of Patent: October 19, 2021
    Assignee: Dell Products, L.P.
    Inventors: Ricardo L. Martinez, Girish S. Dhoble, Nicholas D. Grobelny
  • Patent number: 11138108
    Abstract: Devices and techniques for logical-to-physical (L2P) map (e.g., table) synchronization in a managed memory device are described herein. For example, a plaintext portion of an L2P map may be updated in a managed memory device. In response to updating the plaintext portion of the L2P map, the updated portion can be obfuscated to create an obfuscated version of the updated portion of the L2P map. Both the updated portion and the obfuscated version of the updated portion can be saved in storage of the memory device. When a request from a host for the updated portion of the L2P map is received, the memory device can provide the obfuscated version of the portion from the storage.
    Type: Grant
    Filed: August 22, 2019
    Date of Patent: October 5, 2021
    Assignee: Micron Technology, Inc.
    Inventors: Jonathan Scott Parry, Nadav Grosz
  • Patent number: 11109231
    Abstract: The present invention provides an approach for granting access and respectively denying access to an instruction set of a device. The technical teaching provides the advantage that unauthorized access can be effectively prevented. Hence, maintenance work can be performed by specialized staff and security sensitive parts of the instruction sets are secured.
    Type: Grant
    Filed: March 21, 2016
    Date of Patent: August 31, 2021
    Assignee: ABB Schweiz AG
    Inventors: Matus Harvan, Roman Schlegel, Sebastian Obermeier, Thomas Locher
  • Patent number: 11108753
    Abstract: A computer system and methods for securing files in a file system with storage resources accessible to an authenticable user using an untrusted client device in a semi-trusted client threat model. Each file is secured in the file system in one or more ciphertext blocks along with the file metadata. Each file is assigned a unique file key FK to encrypt the file. A wrapping key WK assigned to the file is used for encrypting the file key FK to produce a wrapped file key WFK. A key manager is in charge of generating and storing keys. The file is encrypted block by block to produce corresponding ciphertext blocks and corresponding authentication tags. The authentication tags are stored in the file metadata, along with an ID of the wrapping key WK, wrapped file key WFK, last key rotation time, an Access Control List (ACL), etc. The integrity of ciphertext blocks is ensured by authentication tags and the integrity of the metadata is ensured by a message authentication code (MAC).
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: August 31, 2021
    Assignee: ZETTASET, INC.
    Inventor: Eric A. Murray
  • Patent number: 11082483
    Abstract: Sharing data in a data exchange across multiple cloud computing platforms and/or cloud computing platform regions is described. An example computer-implemented method can include receiving data sharing information from a data provider for sharing a data set in a data exchange from a first cloud computing entity to a set of second cloud computing entities. In response to receiving the data sharing information, the method may also include creating an account with each of the set of second cloud computing entities. The method may also further include sharing the data set from the first cloud computing entity with the set of second cloud computing entities using at least the corresponding account of that second cloud computing entity.
    Type: Grant
    Filed: April 1, 2021
    Date of Patent: August 3, 2021
    Assignee: Snowflake Inc.
    Inventors: Pui Kei Johnston Chu, Benoit Dageville, Matthew Glickman, Christian Kleinerman, Prasanna Krishnan, Justin Langseth
  • Patent number: 11062037
    Abstract: A shared networked storage may be separated from a key vault system. A storage request with data to be stored and the storage request with a confidentiality rating may be received. The confidentiality rating may indicate a level of confidentiality the data is associated with. The storage request with the data and the confidentiality rating may be received via a shared networked storage access interface by a security layer. The data to be stored by the key vault system and the confidentiality rating may be encrypted on request of the security layer and into a data container. The shared networked storage may be categorized into Cloud zones. Each Cloud zone may be assigned a trust level. The data container may be stored in one of the Cloud zones of the shared networked storage. The trust level of the one of the Cloud zones may correspond to the confidentiality rating.
    Type: Grant
    Filed: September 17, 2019
    Date of Patent: July 13, 2021
    Assignee: International Business Machines Corporation
    Inventors: Marcus Breuer, Itzhack Goldberg, Thorsten Muehge, Erik Rueger, Matthias Seul
  • Patent number: 11055387
    Abstract: Techniques for electronic signature process management are described. Some embodiments provide an electronic signature service (“ESS”) configured to manage electronic identity cards. In some embodiments, the ESS generates and manages an electronic identity card for a user, based on personal information of the user, activity information related to the user's actions with respect to the ESS, and/or social networking information related to the user. The electronic identity card of a signer may be associated with an electronic document signed via the ESS, so that users may obtain information about the signer of the document. The ESS may also generate a trust score for the user based on activity information related to the user's actions with respect to the ESS and/or other factors. The trust score may be used to recommend authentication mechanisms to use with respect to electronic signature transactions.
    Type: Grant
    Filed: September 28, 2019
    Date of Patent: July 6, 2021
    Assignee: DOCUSIGN, INC.
    Inventors: Thomas H. Gonser, Donald G. Peterson, Douglas P. Rybacki, Ashley Carroll, Michael Strickland
  • Patent number: 11023579
    Abstract: A method and apparatus for monitoring a volatile memory in a computer system. Samples of compressed data from locations in the volatile memory in the computer system are read. Data in the volatile memory is reconstructed using the samples of compressed data. The data is an image of the volatile memory. The image enables determining whether an undesired process is present in the volatile memory.
    Type: Grant
    Filed: December 1, 2016
    Date of Patent: June 1, 2021
    Assignee: National Technology & Engineering Solutions of Sandia, LLC
    Inventors: Jason W. Wheeler, Tu-Thach Quach, Conrad D. James, James Bradley Aimone, Arun F. Rodrigues
  • Patent number: 11005845
    Abstract: A second device seeking to access a network can be detected using a first device communicatively coupled to the network. Responsive to detecting the second device seeking to access the network, the first device can be caused to communicatively uncouple from the network and whether the second device poses a risk of corrupting the network's intended functioning if the second device accesses the network can be determined by the first device.
    Type: Grant
    Filed: October 18, 2018
    Date of Patent: May 11, 2021
    Inventors: Jeremy R. Fox, Kelley Anders, Gregory J. Boss, Sarbajit K. Rakshit