Policy Patents (Class 726/1)
  • Patent number: 11411823
    Abstract: An example system includes a vehicle having a first network zone and a second network zone of a different type than the first network zone, a converged network device (CND) interposed between the zones, where the CND includes a policy management circuit that interprets a policy including a network regulation description, a configuration circuit that configures network interface circuit(s) in response to the policy, and the interface circuit(s) that regulate communications between end points of the network zones.
    Type: Grant
    Filed: September 21, 2020
    Date of Patent: August 9, 2022
    Assignee: Sonatus, Inc.
    Inventors: Yu Fang, Yixiang Chen, Xuanran Zong, Robin Reed, Andrew Ling, Troy Michael Trenchard
  • Patent number: 11411822
    Abstract: Systems, methods, and related technologies for segmentation management are described. The segmentation management may include visualization, configuration including translation, simulation, or a combination thereof of one or more segmentation policies. In certain aspects, a segmentation policy is accessed and a segmentation rule is determined based on the segmentation policy. An enforcement point associated with the segmentation rule may be determined, where the enforcement point is communicatively coupled to a network. The segmentation rule may be translated into a configuration associated with the enforcement point and the configuration communicated to the enforcement point.
    Type: Grant
    Filed: September 27, 2018
    Date of Patent: August 9, 2022
    Assignee: Forescout Technologies, Inc.
    Inventor: Ilya Fainberg
  • Patent number: 11412027
    Abstract: Methods and systems are disclosed for network communication. A computing device may store status information. The status information may be communicated using a first protocol. The status information may indicate data is available. The data may be communicated using a second protocol.
    Type: Grant
    Filed: January 3, 2019
    Date of Patent: August 9, 2022
    Assignee: iControl Networks, Inc.
    Inventors: Reza Raji, Gerald Gutt
  • Patent number: 11409625
    Abstract: Systems and methods detect and prevent changes in business applications that modify its state to non-secure and/or non-compliant. A system may include a processor set up to perform: defining a compliant state of a computer software configuration, monitoring a state of the computer software configuration, detecting a change in the state of the computer software configuration, wherein the change causes a changed state, and comparing the compliant state and the changed state, wherein if the changed state conflicts with the compliant state, stopping the change.
    Type: Grant
    Filed: April 18, 2019
    Date of Patent: August 9, 2022
    Assignee: Onapsis, Inc.
    Inventors: Sergio Abraham, Juan Pablo Perez Etchegoyen, Alejandro Exequiel Becerra, Laura Soledad Cabrera, Erika Maria Sanchez Solis
  • Patent number: 11411945
    Abstract: A wireless communication system includes an external provider subsystem and an electronic network subsystem in operable communication with the external provider subsystem. The electronic network subsystem is configured to provide a first microservice and a second microservice different from the first microservice. The wireless communication system further includes an in-home subsystem (i) separate from the external provider subsystem, (ii) in operable communication with the electronic network subsystem, and (iii) including a first micronet and a second micronet different from the first micronet. The first micronet is configured to operably interact with the first microservice, and the second micronet is configured to operably interact with the second microservice. The wireless communication system further includes at least one electronic device configured to operably connect with one of the first micronet and the second micronet.
    Type: Grant
    Filed: March 30, 2020
    Date of Patent: August 9, 2022
    Assignee: Cable Television Laboratories, Inc.
    Inventors: Steven J. Goeringer, Brian Alexander Scriber, Michael Glenn
  • Patent number: 11410152
    Abstract: The electronic device may invoke a host application. The device may display a first host user interface on the display, the first host user interface including a first host user interface component associated with a child application. In response, the device may invoke, using the host application, the child application executed at the electronic device. The device may transmit, using the host application, a request for data associated with a child user interface component to the child application. The device may transmit, using the child application, the request for data associated with the child user interface component to a child application server, wherein the data associated with the child user interface component is inaccessible by the host application. The device may receive, using the child application, the data associated with the child user interface component from the child application server. The device may display the child user interface component.
    Type: Grant
    Filed: July 10, 2020
    Date of Patent: August 9, 2022
    Assignee: SYNCHRONY BANK
    Inventors: Jason Chen, Patrick Caraher, Abha Kataria, Darren Robinson, Derk Doijer, Alex Muller, Michael Cook, James Oldham, Daniel Murphy, Amanda Schaufler, Timothy Christensen, Amable De Los Santos
  • Patent number: 11403401
    Abstract: A method for checking an integrity of an object to be deployed to a cluster is provided. The method detects a resource creation request. The method, responsive to the request being an initial resource creation request for the object, verifies the integrity of the object based on properties in the request to create a release secret in the cluster for a positive integrity verification result for the object. The release secret represents a specific deployment configuration of the object on the cluster. The method, responsive to the request being other than the initial resource request, checks if the request corresponds to the specific deployment configuration of the object by checking against the release secret in the cluster. The method, responsive to the request corresponding to a deployment of the object and the release secret being present in the cluster, creates a resource requested by the request in the cluster.
    Type: Grant
    Filed: June 19, 2020
    Date of Patent: August 2, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Kugamoorthy Gajananan, Hirokuni Kitahara, Yuji Watanabe, Ruriko Kudo
  • Patent number: 11405385
    Abstract: The invention relates to alternate user communication routing for a one-time credential. When a user is determined to be an unauthorized user, the unauthorized user may be provided with an alternative one-time credential (e.g., one-time password, or the like) in response to the user trying to take an action (e.g., to access the organization systems in order to access information). When the unauthorized user tries to utilize the alternative one-time credential, the organization may identify the user as unauthorized and determine how to respond to the unauthorized user. In addition to the alternative one-time credential, one or more additional alternate treatments may be presented to the unauthorized user in order to identify, track, and/or prevent access by the unauthorized user.
    Type: Grant
    Filed: June 29, 2020
    Date of Patent: August 2, 2022
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Dharmender Kumar Satija, Eren Kursun, Andrew DongHo Kim, Scott Anderson Sims, Craig D. Widmann
  • Patent number: 11405406
    Abstract: A fraudulent transmission data detection device includes: a receiving unit that receives data that is transmitted in cycles; and plural determination units, each of which is configured to, based on whether or not a time from a reference timing until a predetermined number of data items are received by the receiving unit is less than a predetermined time, determine whether or not fraudulent transmission data is contained in the received data, and in which at least the reference timing, or the predetermined number of data items and the predetermined time, are different from those of the other determination units.
    Type: Grant
    Filed: March 2, 2020
    Date of Patent: August 2, 2022
    Assignee: TOYOTA JIDOSHA KABUSHIKI KAISHA
    Inventors: Keita Gotoh, Yusuke Sato, Shinichi Iiyama
  • Patent number: 11405426
    Abstract: A system compares two network security specifications expected to implement the same network security policy for a network and identifies possible discrepancies between them. The system generates a representation of relations between subnetworks of the network for each network security specification. The representation efficiently stores permitted connections between subnetworks. The system compares the representations corresponding to the two network security specifications to identify discrepancies across the two network security specifications. If discrepancies are identified across the two network security specifications the system generating a report identifying the discrepancies.
    Type: Grant
    Filed: November 4, 2019
    Date of Patent: August 2, 2022
    Assignee: Salesforce.com, Inc.
    Inventor: Toan Nguyen
  • Patent number: 11403101
    Abstract: Described herein are systems and methods for introducing noise in threaded execution to mitigate cross-thread monitoring. For example, some systems include an integrated circuit including a processor pipeline that is configured to execute instructions using an architectural state of a processor core; data storage circuitry configured to store a thread identifier; and a random parameter generator. The integrated circuit may be configured to: determine a time for insertion based on a random parameter generated using the random parameter generator; at the time for insertion, insert one or more instructions in the processor pipeline by participating in thread arbitration using the thread identifier; and execute the one or more instructions using one or more execution units of the processor pipeline.
    Type: Grant
    Filed: July 30, 2021
    Date of Patent: August 2, 2022
    Assignee: Marvell Asia Pte, Ltd.
    Inventor: Rabin Sugumar
  • Patent number: 11405423
    Abstract: The technology disclosed proposes a metadata-based solution to prevent malicious data egress resulting from resource-level transactions. In advance of the data egress requests, the technology disclosed crawls an organization's accounts on different cloud storage services and makes a resource list of different cloud-based resources configured under the organization's accounts. The resource list is then stored in a metadata store. When an inline proxy receives a resource-level transaction that is requesting to move a cloud-based resource outside the organization's account, the proxy looks up the metadata store and determines whether the resource-level transaction is attempting to manipulate any of the cloud-based resources listed in the resource list. If so, then the proxy blocks the resource-level transaction.
    Type: Grant
    Filed: May 13, 2019
    Date of Patent: August 2, 2022
    Assignee: Netskope, Inc.
    Inventors: Krishna Narayanaswamy, Sudha Iyer, VenkataSwamy Pathapati, Kenil Patel
  • Patent number: 11405427
    Abstract: The present technology pertains to a system, method, and non-transitory computer-readable medium for orchestrating policies across multiple networking domains. The technology can receive, at a provider domain from a consumer domain, a data request; receive, at the provider domain from the consumer domain, at least one access policy for the consumer domain; translate, at the provider domain, the at least one access policy for the consumer domain into at least one translated access policy understood by the provider domain; apply, at the provider domain, the at least one translated access policy understood by the provider domain to the data request; and send, at the provider domain to the consumer domain, a response to the data request.
    Type: Grant
    Filed: January 23, 2020
    Date of Patent: August 2, 2022
    Inventors: Ronak K. Desai, Rajagopalan Janakiraman, Mohammed Javed Asghar, Azeem Suleman, Patel Amitkumar Valjibhai, Sanjay Kumar Hooda, Victor Manuel Moreno
  • Patent number: 11403137
    Abstract: Tenant support is provided in a multi-tenant configuration in a data center by a Physical Function driver communicating a virtual User Priority to a virtual traffic class mapper to a Virtual Function driver. The Physical Function driver configures the Network Interface Controller to map virtual User Priorities to Physical User Priorities and to enforce the Virtual Function's limited access to Traffic Classes. Data Center Bridging features assigned to the physical network interface controller are hidden by virtualizing user priorities and traffic classes. A virtual Data Center Bridging configuration is enabled for a Virtual Function, to provide access to the user priorities and traffic classes that are not visible to the Virtual Function that the Virtual Function may need.
    Type: Grant
    Filed: October 7, 2019
    Date of Patent: August 2, 2022
    Assignee: Intel Corporation
    Inventors: Manasi Deval, Neerav Parikh, Robert O. Sharp, Gregory J. Bowers, Ryan E. Hall, Chinh T. Cao
  • Patent number: 11405409
    Abstract: Examples include threat-aware copy data management. Responsive to a request to back up data, a threat level may be determined. Where the threat level is determined to be less than a threat level threshold, a data port between a first and second network domain may be opened. Conversely, the request may be denied where the threat level is determined to be at or greater than the threat level threshold.
    Type: Grant
    Filed: April 29, 2019
    Date of Patent: August 2, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Neil Andrew Fleming, Alastair Michael Slater
  • Patent number: 11405429
    Abstract: Security techniques for device assisted services are provided. In some embodiments, secure service measurement and/or control execution partition is provided. In some embodiments, implementing a service profile executed at least in part in a secure execution environment of a processor of a communications device for assisting control of the communications device use of a service on a wireless network, in which the service profile includes a plurality of service policy settings, and wherein the service profile is associated with a service plan that provides for access to the service on the wireless network; monitoring use of the service based on the service profile; and verifying the use of the service based on the monitored use of the service.
    Type: Grant
    Filed: June 22, 2020
    Date of Patent: August 2, 2022
    Assignee: HEADWATER RESEARCH LLC
    Inventor: Gregory G. Raleigh
  • Patent number: 11399030
    Abstract: A solution is proposed for controlling access to one or more resources of a computing system. A corresponding method comprises storing a knowledge base, which provides a knowledge of an access control to the resources in conformity with an access control ontology. In response to an update request, the access control ontology is updated according to update assertions obtained from the update request. In response to an access request (for a selected access to a selected resource), the selected access is granted or denied according to a result of an access query (for querying the access control ontology) obtained from the access request. A computer program and a computer program product for performing the method are also proposed. Moreover, a corresponding system (particularly, a control computing machine) is proposed.
    Type: Grant
    Filed: July 23, 2018
    Date of Patent: July 26, 2022
    Assignee: Kyndryl, Inc.
    Inventors: Francesco Fabrizi, Angelo Littera, Frank G. Marbello, Claudio Valant
  • Patent number: 11399041
    Abstract: Described are platforms, systems, and methods for providing a set of detection rules for a security threat. In one aspect, a method comprises receiving, from an interface, a request for a set of detection rules to detect a specified security threat, the request comprising a threat landscape of an enterprise; processing the request through a machine-learning model to determine the set of detection rules, the machine-learning model trained with threat context data and other detection rules provided by a plurality of other enterprises; wherein each detection rule is included in the set of detection rules based on a relevance factor meeting a threshold, and wherein the relevance factor for each respective detection rule is determined based on an efficacy of detecting the security threat within the threat landscape; and providing, through the interface, the set of detection rules.
    Type: Grant
    Filed: November 20, 2020
    Date of Patent: July 26, 2022
    Assignee: ANVILOGIC, INC.
    Inventors: Karthik Kannan, Deb Banerjee
  • Patent number: 11394691
    Abstract: A method and system are provided to integrate IoTs and related components, users and applications into an ecosystem, and then on a per-component basis to provide real-time security solutions. Ecosystem security provides isolation, communications and security for technologies that fulfill a specific function or set of functions and their related and supporting platform elements.
    Type: Grant
    Filed: June 5, 2018
    Date of Patent: July 19, 2022
    Assignee: ACRETO CLOUD CORPORATION
    Inventor: Babak Pasdar
  • Patent number: 11394736
    Abstract: A log output device includes a generation unit that generates a log indicating history information of execution of processing, a memory that stores a first list including first static information indicating that the processing is abnormal; a second list including second static information indicating that the processing is normal; and a third list including dynamic information to be used for determining the necessity of output of the log according to the log, and a selection unit that determines to output the generated log when the log has the first static information, and decides not to output the generated log when the log has the second static information. The selection unit determines the necessity of output of the generated log on the basis of the log and the third list.
    Type: Grant
    Filed: September 2, 2019
    Date of Patent: July 19, 2022
    Assignee: PANASONIC HOLDINGS CORPORATION
    Inventors: Tadaomi Aso, Koji Muto, Yutaka Iyoki
  • Patent number: 11392700
    Abstract: A trust verification system for automatically verify an integrity of an object across multiple operating system (OS) platforms. The trust verification system features package verification logic, catalog verification logic, and component verification logic. The package verification logic recovers, from an incoming package, (i) an object, (ii) a catalog including identifiers associated with software component(s) forming the object and representation(s) associated with each of the software component(s), and (iii) a representation of the catalog. The catalog verification logic is configured to verify an integrity of the catalog while the component verification logic is configured to verify an integrity of software component(s) associated with the object.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: July 19, 2022
    Assignee: FireEye Security Holdings US LLC
    Inventors: Robert Beard, Robin Caron
  • Patent number: 11392685
    Abstract: This application relates to an apparatus and a non-transitory computer readable medium applying to the internet of vehicles. Embodiments of this application implement a distributed authentication process, which including sending information used to indicate a to-be-authenticated device to the to-be-authenticated device. Compared with a centralized authentication mechanism, the authentication manner in the embodiments of this application reduces load of a device because one intermediate node does not need to perform authentication on a plurality of nodes. If the to-be-authenticated device fails to be authenticated, because the authentication is an authentication process related to a first service, the determined execution policy is an execution policy related to the first service, and the determined execution policy better meets a service requirement.
    Type: Grant
    Filed: July 6, 2021
    Date of Patent: July 19, 2022
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Jianfen Peng, Zhipeng Guo
  • Patent number: 11392766
    Abstract: Disclosed embodiments relate to systems and methods for automatically mediating among diversely structured operational policies. Techniques include identifying a first communication of a computing resource that is associated with an operational policy, identifying a second computing resource, determining if there is a conflict between the first communication and the second computing resource, applying a language processing protocol to the communication, normalizing the communication and policy, and generating a mediated communication. Other techniques include transmitting the mediated communication, generating a recommendation for implementing a security control on the first communication, and applying a security policy to the first communication.
    Type: Grant
    Filed: February 26, 2020
    Date of Patent: July 19, 2022
    Assignee: CyberArk Software Ltd.
    Inventors: Tal Kandel, Lavi Lazarovitz
  • Patent number: 11394623
    Abstract: Systems and methods for determining an efficiency score for an automation platform are provided. According to one embodiment, a first weight for each playbook of multiple playbooks of an automation framework and a second weight for each type of error of multiple types of errors that may cause execution of one of the multiple playbooks to fail are maintained. The first weight represents a relative importance of the playbook and the second weight represents an effort required to address the error. An efficiency score is calculated for execution of one or more playbooks of the multiple playbooks during a particular time period based on the first weight for each of the one or more playbooks and the second weight for each type of error observed during the particular time period. An indication of a health of the automation framework is then displayed based on the efficiency score.
    Type: Grant
    Filed: December 31, 2020
    Date of Patent: July 19, 2022
    Assignee: Fortinet, Inc.
    Inventors: Shravan K. Konthalapally, Abhishek Narula, Pooja Singh
  • Patent number: 11394547
    Abstract: A hardware agent is a hardware device attached to, embedded in, or otherwise associated with a good. In particular, the hardware agent is bound to the good in such a way that information held by the agent may be confidently associated with the good. The hardware agent is constructed to securely hold information about the good, and information about stakeholders, such that the agent may autonomously make binding decisions regarding the good, including sales and financial transactions. Although the hardware agent may perform many functions autonomously, it often will have communication capabilities enabling it to share information with stakeholders, or to others as allowed.
    Type: Grant
    Filed: August 4, 2016
    Date of Patent: July 19, 2022
    Inventors: Jack Donner, Paul Atkinson
  • Patent number: 11392688
    Abstract: Data transfer in a secure processing environment is provided. A digital assistant can receive audio input detected by a microphone of a computing device. The digital assistant can determine, based on the audio input, to invoke a third-party application associated with the computing device. The digital assistant can generate, responsive to the determination to invoke the third-party application, a packaged data object. The digital assistant can forward, to the third-party application invoked by the digital assistant component to execute in a secure processing environment on the computing device, the packaged data object. The third-party application can transmit, responsive to a digital component request triggered in the third-party application, the packaged data object to a digital component selector to execute a real-time selection process based on the packaged data object.
    Type: Grant
    Filed: March 21, 2018
    Date of Patent: July 19, 2022
    Assignee: GOOGLE LLC
    Inventors: Justin Lewis, Scott Davies
  • Patent number: 11385942
    Abstract: Systems and methods for censoring text-based data are provided. In some embodiments a censoring system may include at least one processor and at least one non-transitory memory storing application programming interface instructions. The censoring system may be configured to perform operations comprising storing a target pattern type and a computer-based model for identifying a target data pattern corresponding to a target pattern type within text based data. The censoring system may also be configured to receive text-based data by a server, and to retrieve the stored target pattern type to be censored in the text-based data. The censoring system may be configured to identify within the received text-based data, a target data pattern corresponding to the retrieved target pattern type. The censoring system may be configured to censor target characters within the identified target data pattern, and transmit the censored text-based data to a receiving party.
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: July 12, 2022
    Assignee: Capital One Services, LLC
    Inventors: Austin Walters, Fardin Abdi Taghi Abad, Vincent Pham, Jeremy Goodsitt, Anh Truong, Mark Watson, Reza Farivar, Kenneth Taylor
  • Patent number: 11386165
    Abstract: Methods for generating transaction profile tags from profile transaction activity may include receiving a transaction profile including recorded transactions, associating at least one transaction label with each of the transactions, the labels associated with transaction types, generating a set of profile features based on the recorded transactions from the transaction profile, encoding the set of profile features with a macro-encoder into a first-reduced set, clustering the first-reduced set into at least two subsets, each associated with a macro-profile tag, and tagging the transaction profile with one of the macro-profile tags. Methods may also include encoding the set of profile features with a micro-encoder selected based on the tagged macro-profile tag, clustering the second-reduced set into a plurality of subsets associated with account profile types, respectively, and tagging the transaction profile with a tag associated with the account profile type.
    Type: Grant
    Filed: December 20, 2019
    Date of Patent: July 12, 2022
    Assignee: Visa International Service Association
    Inventors: Keyuan Wu, Roan Joy Halili Cuares, Spiridon Zarkov
  • Patent number: 11386231
    Abstract: Methods and systems for context-based mobile device feature control are provided. One method comprises determining, with a mobile device, one or more contexts corresponding to the mobile device; selecting, from a predetermined set of security protocols, a security protocol corresponding to the determined one or more contexts; and adjusting a permission setting for one or more functional features of the mobile device based upon the selected security protocol. One apparatus comprises one or more features configure to input data, output data, transform data, or a combination thereof; and a controller configured to: determine one or more contexts corresponding to the mobile computing device, to select, from a predetermined set of security protocols, a security protocol corresponding to the determined one or more contexts, and to adjust a permission setting for the one or more functional features based upon the selected security protocol.
    Type: Grant
    Filed: July 27, 2020
    Date of Patent: July 12, 2022
    Assignee: Micron Technology, Inc.
    Inventors: Aparna U. Limaye, Lindsay Hamilton, Carla L. Christensen, Cipriana Forgy, Brandi M. Jones
  • Patent number: 11386017
    Abstract: Technologies for secure authentication and programming of an accelerator device include a computing device having a processor and an accelerator. The processor establishes a trusted execution environment, which receives a unique device identifier from the accelerator, validates a device certificate for the device identifier, authenticates the accelerator in response to validating the accelerator, validates attestation information of the accelerator, and establishes a secure channel with the accelerator. The trusted execution environment may securely program a data key and a bitstream key to the accelerator, and may encrypt a bitstream image and securely program the bitstream image to the accelerator. The accelerator and a tenant may securely exchange data protected by the data key. The trusted execution environment may be a secure enclave, and the accelerator may be a field programmable gate array (FPGA). Other embodiments are described and claimed.
    Type: Grant
    Filed: December 26, 2018
    Date of Patent: July 12, 2022
    Assignee: INTEL CORPORATION
    Inventors: Vincent Scarlata, Reshma Lal, Alpa Narendra Trivedi, Eric Innis
  • Patent number: 11388199
    Abstract: Methods, systems, and computer-readable media for processing policy variance requests in an enterprise computing environment are presented. A computing platform may receive, from a first endpoint computing device, a request for a first policy variance. In response to receiving the request, the computing platform may authenticate the first endpoint computing device based on enrollment information and may validate contents of the request. Subsequently, the computing platform may generate a policy variance result message based on approval or rejection of the request for the first policy variance. Then, the computing platform may send, to the first endpoint computing device, the policy variance result message. By sending the policy variance result message to the first endpoint computing device, the computing platform may cause the first endpoint computing device to execute a policy action corresponding to the approval or rejection of the request for the first policy variance.
    Type: Grant
    Filed: October 10, 2018
    Date of Patent: July 12, 2022
    Assignee: Citrix Systems, Inc.
    Inventors: Jacob Maynard, Anjaneya Padmakar Akondi, Thierry Duchastel, Philip Wiebe, Raja Mummidi, Marcos Alejandro Di Pietro
  • Patent number: 11386225
    Abstract: Embodiments disclosed herein are related to computing systems and methods for localizing how a user will receive and view received DID-related data. The computing system and methods are implemented in the decentralized network that implements a distributed ledger that backs one or more decentralized identities (DID) for one or more users of the computing system. Various sets of rule are accessed. The sets of rules specify how a DID owner will receive and view DID-related data received from a third party entity. The sets of rules are applied to the DID-related data received from the third party entity. The received DID-related data is modified such that the received DID-related data conforms to the one or more sets of rules. The modified DID-related data is provided to the DID owner so that the DID owner is able to view the modified DID-related data according to the applied sets of rules.
    Type: Grant
    Filed: April 29, 2019
    Date of Patent: July 12, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Brandon Murdoch, Daniel James Buchner, Ankur Patel
  • Patent number: 11386173
    Abstract: A computer-implemented method of processing user provided information from a plurality of users in a digital network for ranking one or more information modules is described, which involves causing at least one processor to store in memory user assessment weights, each associated with a user of the plurality of users and representing a weight to be applied to information module assessments, receive a proxy nomination message, change the user assessment weight associated with the proxy user based on the proxy nomination message, for one or more information modules: receive information module assessments, generate weighted assessments, each based on one of the information module assessments received and a user assessment weight, aggregate the weighted assessments to generate an aggregated weighted assessment, and rank a set of the plurality of information modules based at least in part on the aggregated weighted assessments. Apparatuses, systems and computer readable media also described.
    Type: Grant
    Filed: June 12, 2017
    Date of Patent: July 12, 2022
    Assignee: 1974226 ALBERTA LTD.
    Inventor: Jode Robert Alan Himann
  • Patent number: 11388615
    Abstract: Systems and methods are provided by which a radio controller, also called a radio intelligence controller (RIC), is configured as a platform that hosts one or more third party applications. The radio controller platform provides the applications with access to radio access network (RAN) information and a command interface. An application programming interface is defined between the applications and the radio controller. The radio controller collects information from the RAN node and makes that information available to the applications. The applications also provide input information to the radio controller, such as in the form of a commands or a radio controller policy. The radio controller policy rules from the applications are executed by the radio controller or direct the radio controller to query one of the applications for an instruction.
    Type: Grant
    Filed: August 14, 2019
    Date of Patent: July 12, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Vladimir Yanover, Alon Ben Ami
  • Patent number: 11388174
    Abstract: A system and method for validating an entity may include obtaining by at least a first system, a set of entity details related to the entity; associating with the entity, by the first system, a first trust level based on at least some of the entity details; and validating the entity based on the first trust level. A system and method for validating an entity may include providing at least one of first and second values to a respective at least one of first and second devices; providing the entity, by at least one of the first and second devices, with the at least one of first and second values; and using the at least one of first and second values, by the entity, to identify the entity to an identifying entity.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: July 12, 2022
    Assignee: SECRET DOUBLE OCTOPUS LTD
    Inventors: Shlomi Dolev, Shimrit Tzur-David, Chen Tetelman, Amit Rahav, Amit Lavi
  • Patent number: 11381587
    Abstract: Techniques are disclosed relating to data management. A computer system may evaluate network traffic to extract and group data objects based on their content satisfying similarity criteria, and to identify baseline behavior with respect to those data objects. The computer system may generate data-defined network (DDN) data structures that include a content class and one or more behavioral classes. The content class may be indicative of one or more of the data objects that have been grouped based on them satisfying the similarity criteria. The one or more behavioral classes may indicate baseline behavior of those data objects within the content class as determined from evaluation of the network traffic. The computer system may detect, using the DDN data structures, anomalous data behavior within network traffic. In response to detecting anomalous data behavior, the computer system may prevent network traffic corresponding to the anomalous data behavior from being communicated.
    Type: Grant
    Filed: January 20, 2020
    Date of Patent: July 5, 2022
    Assignee: Helios Data Inc.
    Inventors: Yi Sun, Fei Zou, Huiyu Zhang
  • Patent number: 11379579
    Abstract: Enforcing shadow stack violations at module granularity, rather than at thread or process granularity. An exception is processed during execution of a thread based on code of an application binary, which is enabled for shadow stack enforcement, that calls an external module. The exception results from a mismatch between a return address popped from the thread's call stack and a return address popped from the thread's shadow stack. Processing the exception includes determining that the exception resulted from execution of an instruction in the external module, and determining whether or not the external module is enabled for shadow stack enforcement. Based at least on these determinations, execution of the thread is terminated when the external module is enabled for shadow stack enforcement, or the thread is permitted to continue executing when the external module is not enabled for shadow stack enforcement.
    Type: Grant
    Filed: March 24, 2020
    Date of Patent: July 5, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Jason Lin, Jin Lin, Gregory John Colombo, Niraj Majmudar, Mehmet Iyigun, Shayne Daniel Hiet-Block, Kenneth Dean Johnson
  • Patent number: 11381576
    Abstract: A method is disclosed in which one or more pieces of first authentication information are obtained. The one or more pieces of first authentication information represent at least one piece of unique information associated with a user and/or an electronic device of the user. A trust level is determined based, at least in part, on the one or more pieces of first authentication information. The trust level value is indicative of a level of trust in the one or more pieces of first authentication information. An according apparatus, computer program, and system are also disclosed.
    Type: Grant
    Filed: February 11, 2020
    Date of Patent: July 5, 2022
    Assignee: KOBIL GmbH
    Inventors: Ismet Koyun, Frank Wernert
  • Patent number: 11381603
    Abstract: A segmentation server enables user-based management of a segmentation policy. Administrators belonging to different user groups may have different limited visibility into traffic flows controlled by the segmentation policy and may be assigned different privileges with respect to viewing, creating, and modifying rules of the segmentation policy. Thus, the burden of administering the segmentation policy may be distributed between administrators associated with different user groups that each may have responsibility for a different segment.
    Type: Grant
    Filed: April 14, 2020
    Date of Patent: July 5, 2022
    Assignee: Illumio, Inc.
    Inventors: Paul J. Kirner, Dhanalakshmi Balasubramaniam, Seth Bruce Ford, Mukesh Gupta, Matthew K. Glenn
  • Patent number: 11379573
    Abstract: Embodiments of the present invention relate to a trusted application access control method and a terminal. The method includes: receiving, by a terminal in a TEE, a request for accessing a target trusted application (TA) that is sent by a client application (CA); determining, by the terminal, a service level of the CA in a trusted execution environment (TEE) based on the request for accessing the target TA; and providing, by the terminal in the TEE by using the target TA, a service corresponding to the service level for the CA. In this way, the target TA provides different levels of services for the CA, and determines, in the TEE, the service level corresponding to the CA, thereby enhancing constraint and limitation of accessing the target TA by the CA, and improving security of accessing the target TA by the CA.
    Type: Grant
    Filed: October 27, 2017
    Date of Patent: July 5, 2022
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Guoqing Li, Xinmiao Chang
  • Patent number: 11379620
    Abstract: Described herein are techniques that provide privacy protection for a user by preventing user device tracking via device fingerprints. A communication may be received from a user device that includes metadata having information related to the user device. An intended recipient of the communication may be identified. Based on one or more of the user device or the recipient, a determination may be made as to what data within the metadata should be scrambled or selectively replaced. The data may then be overwritten with alternative data that may be selected at random, and the communication is forwarded to the recipient.
    Type: Grant
    Filed: November 18, 2020
    Date of Patent: July 5, 2022
    Assignee: T-Mobile USA, Inc.
    Inventor: Jay Stark
  • Patent number: 11382052
    Abstract: Disclosed is a synchronisation method and apparatus. The method includes steps described below. A control plane (CP) entity determines content to be counted, an object and a reporting policy for performing a synchronisation operation, where the synchronisation operation includes at least one of: a working status synchronisation operation or a resource status synchronisation operation; and the CP entity sends a request for the synchronisation operation to a user plane (UP) entity, where the request carries configuration information about the content to be counted, the object and the reporting policy for the synchronisation operation. Further disclosed are a network element and a computer-readable storage medium.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: July 5, 2022
    Assignee: ZTE CORPORATION
    Inventors: Li Yang, He Huang, Yuan Gao
  • Patent number: 11381568
    Abstract: A device may receive, from a user equipment (UE), authentication data that includes user information associated with a user of the UE. The device may determine whether the user is authorized to make requests to a service. The device may grant access to the user to make requests to the service. The device may receive, from the UE, a request that is intended for the service. The request may relate to an action that is to be performed by the service. The device may determine whether the user has permission to request the action. The device may provide the request to the service. The device may receive, from the service, a response to the request. The device may provide, to the UE, the response.
    Type: Grant
    Filed: July 15, 2019
    Date of Patent: July 5, 2022
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Jude M. Munn, Ye Huang, Shelly E. Asher
  • Patent number: 11374979
    Abstract: Systems and methods are provided for managing network devices using policy graph representations. In some embodiments, the method includes receiving configurations for a plurality of network devices; extracting one or more policies from the configurations; extracting a label hierarchy from the configurations, the label hierarchy describing an organization of nodes in a network comprising the network devices; generating a connectivity of a network comprising the network devices based on the one or more policies and the label hierarchy; generating a policy graph representation of the connectivity of the network; and displaying the policy graph representation of the connectivity to a user.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: June 28, 2022
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Anu Mercian, Puneet Sharma, Charles F. Clark
  • Patent number: 11374980
    Abstract: A plurality of policies to be enforced in a network environment via a plurality of devices are determined. A topology of the plurality of devices within the network environment is also determined. For each policy of the plurality of policies, a device of the plurality of devices is selected as the location at which to enforce the policy of the plurality of policies. Selecting the device for each policy of the plurality of policies includes correlating the policy of the plurality of policies with another of the plurality of policies and correlating the policy of the plurality of policies with the topology.
    Type: Grant
    Filed: January 17, 2020
    Date of Patent: June 28, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Syam Sundar V Appala, Rex Emmanuel Fernando, Sanjay Kumar Hooda
  • Patent number: 11374913
    Abstract: If authentication information used for communication has not been determined in a case where authentication is required in communication with a network device, a communication unit of a management system attempts the authentication processing with the network device by using information for one piece each in order from among shared authentication information that has been managed. If the authentication has succeeded, a storage unit stores the authentication information used in the authentication in association with the network device. If the authentication information to be used for the communication has been stored in a case where the authentication is required in communication with the network device, the communication unit performs communication using the stored authentication information without performing an attempt.
    Type: Grant
    Filed: December 3, 2019
    Date of Patent: June 28, 2022
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Toshiyuki Nakazawa
  • Patent number: 11372664
    Abstract: Techniques disclosed herein relate to migrating virtual computing instances such as virtual machines (VMs). In one embodiment, VMs are migrated across different virtual infrastructure platforms by, among other things, translating between resource models used by virtual infrastructure managers (VIMs) that manage the different virtual infrastructure platforms. VM migrations may also be validated prior to being performed, including based on resource policies that define what is and/or is not allowed to migrate, thereby providing compliance and controls for borderless data centers. In addition, an agent-based technique may be used to migrate VMs and physical servers to virtual infrastructure, without requiring access to an underlying hypervisor layer.
    Type: Grant
    Filed: May 20, 2019
    Date of Patent: June 28, 2022
    Assignee: VMWARE, INC.
    Inventors: Sachin Thakkar, Serge Maskalik, Allwyn Sequeira, Debashis Basak
  • Patent number: 11373007
    Abstract: A system for identifying and determining whether a particular cookie may include personal data, in any embodiment described herein, is configured to analyze collected cookies to determine whether the collected cookies may be used to directly or indirectly identify a particular individual. The system may, for example: (1) generate one or more virtual profiles; (2) use the one or more virtual profiles to access a plurality of websites; (3) collect cookie data for the plurality of websites for the one or more virtual profiles; and (4) analyze the cookie data to determine whether a particular website of the plurality of websites utilizes one or more cookies which may potentially include personal data. The system may then generate a report of the analysis, and display the report to an administrator or other individual associated with the particular website.
    Type: Grant
    Filed: June 14, 2018
    Date of Patent: June 28, 2022
    Assignee: OneTrust, LLC
    Inventors: Richard Beaumont, John Mannix, Kabir A. Barday, Jonathan Blake Brannon
  • Patent number: 11374981
    Abstract: This disclosure describes techniques for providing manufacturer usage description (MUD) solution to automatically update network access policy for client application software. The method may include embedding metadata in the application binary. The metadata may include MUD uniform resource identifiers (URIs) that may point to MUD files describing the application's network access requirements. The MUD files may be hosted by application vendor's MUD servers. The system may include a network policy server that is able discover the MUD URIs. The MUD URIs may be discovered based on extracting the MUD URIs from the metadata and/or being provision with the set of MUD URIs for trusted applications. The method may include enterprise wide policy and individual host policy for implementation of the MUD files.
    Type: Grant
    Filed: January 17, 2020
    Date of Patent: June 28, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: Eliot Lear, Owen Friel
  • Patent number: 11374903
    Abstract: The disclosed computer-implemented method for managing devices may include (i) intercepting outbound network traffic that is directed to an original target network destination, and (ii) redirecting the outbound network traffic to a virtual computing node within a publicly available on-demand cloud computing platform for the virtual computing node to apply a management policy to the outbound network traffic prior to the outbound network traffic arriving at the original target network destination, where a management service directs the performance of both configuring the computing device to redirect the outbound network traffic to the virtual computing node within the publicly available on-demand cloud computing platform and configuring the virtual computing node within the publicly available on-demand cloud computing platform to apply the management policy. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: January 30, 2019
    Date of Patent: June 28, 2022
    Assignee: NortonLifeLock Inc.
    Inventor: Qing Li