Policy Patents (Class 726/1)
  • Patent number: 10735393
    Abstract: A data communication method, and a user equipment relate to the communications field and implement isolation for programs using a container technology. The user equipment includes a host machine running on a hardware layer of the user equipment, and at least one container running on the host machine, where each container corresponds to a different container instance. The user equipment determines whether an application program runs in a safe mode when a start instruction for running the application program is received, and performs security authentication with a server when the application program runs in the safe mode. The user equipment starts the application program in a container instance selected by a user when the security authentication succeeds, and performs data communication with the server using a communication channel corresponding to the selected container instance.
    Type: Grant
    Filed: May 24, 2017
    Date of Patent: August 4, 2020
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Fei Wang, Pu Chen
  • Patent number: 10735376
    Abstract: For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel virtualization architecture for utilizing a firewall service virtual machine (SVM) on the host to check the packets sent by and/or received for the GVMs. In some embodiments, the GVMs connect to a software forwarding element (e.g., a software switch) that executes on the host to connect to each other and to other devices operating outside of the host. Instead of connecting the firewall SVM to the host's software forwarding element that connects its GVMs, the virtualization architecture of some embodiments provides an SVM interface (SVMI) through which the firewall SVM can be accessed to check the packets sent by and/or received for the GVMs.
    Type: Grant
    Filed: February 19, 2018
    Date of Patent: August 4, 2020
    Assignee: NICIRA, INC.
    Inventors: Chidambareswaran Raman, Subrahmanyam Manuguri, Todd Sabin
  • Patent number: 10735444
    Abstract: A computer-implemented method, computer program product and computing system for: detecting a security event within a computing platform based upon identified suspect activity; gathering artifacts concerning the security event; and assigning a threat level to the security event based, at least in part, upon the gathered artifacts.
    Type: Grant
    Filed: June 5, 2019
    Date of Patent: August 4, 2020
    Assignee: ReliaQuest Holdings, LLC
    Inventors: Brian P. Murphy, Joe Partlow, Colin O'Connor, Jason Pfeiffer
  • Patent number: 10728216
    Abstract: A system for web application security includes an interface and a processor. The interface of a web server is to receive a pending request made to the web server using an in-line request process. The processor of the web server is to provide information regarding the pending request to an agent process; and in the event that an instruction to block the pending request is received from the agent process at the in-line request process within a time constraint, block the pending request using the in-line request process.
    Type: Grant
    Filed: February 6, 2018
    Date of Patent: July 28, 2020
    Assignee: Signal Sciences Corporation
    Inventors: Nicholas Galbreath, Zane Lackey
  • Patent number: 10725803
    Abstract: Disclosed herein are methods, devices, and apparatuses, including computer programs stored on computer-readable media, for automatic blockchain deployment. One of the methods includes: causing a virtual computing environment to be created at a computer, the computer connecting to a cloud platform; generating an initial block of a blockchain transmitting the initial block of the blockchain to the cloud platform; causing the blockchain to be initialized at the virtual computing environment; and after initialization of the blockchain is completed, monitoring the blockchain based on the cloud platform.
    Type: Grant
    Filed: January 29, 2020
    Date of Patent: July 28, 2020
    Assignee: Alibaba Group Holding Limited
    Inventor: Ming Zhu
  • Patent number: 10728096
    Abstract: Various embodiments are described herein to enable physical topology independent dynamic insertion of a service device into a network. One embodiment provides for a network system comprising a set of network elements to interconnect a set of host devices, the set of network elements having a physical topology defined by the physical links between network elements in the set of network elements and a logical topology defined by a flow of network data between a network service device and a client of the network service device, wherein the physical topology differs from the logical topology, and a network management device including a service policy module to monitor a service policy of the network service device and automatically configure the logical topology of the network elements based on a change in the service policy.
    Type: Grant
    Filed: October 2, 2015
    Date of Patent: July 28, 2020
    Assignee: Arista Networks, Inc.
    Inventors: Ben C. DeBolle, Anshul Sadana, Lincoln T. Dale
  • Patent number: 10726146
    Abstract: Implementations are directed to providing a data custodian region within a public cloud, the data custodian region being specific to a customer of an enterprise having services hosted on the public cloud, the public cloud including regional data centers, through which customer data passes and/or is stored, each data center being at a location within a region, storing at least one union definition that is used to control access, transfer, and storage of customer data within respective regional data centers, the at least one union definition being provided by a data custodian associated with the customer, monitoring a plurality of actions of respective workflows executed using the one or more computer-implemented services hosted on the public cloud, for each action, logging a data event within a repository of the data custodian region, and determining whether the data event complies with the at least one union definition.
    Type: Grant
    Filed: May 15, 2018
    Date of Patent: July 28, 2020
    Assignee: SAP SE
    Inventors: Syed Wasif Ur Rehman Gilani, Keith Klemba, Jan Loefstrand, Thomas Lee
  • Patent number: 10726154
    Abstract: Methods, systems, and software for identifying threat data in documents stored in cloud-based storage services. A service is provided that enables users who store documents on cloud-based storage services to have their documents scanned for threat data comprising personal and/or confidential data such as social security numbers, credit card numbers, e-mail addresses, and phone numbers. The documents are streamed from the storage services and scanned to detect one or more types of personal threat data. The detected personal threat data are then presented to users in redacted form. Detecting and presentation of personal threat data is performed in a manner under which threat data is never stored in non-volatile storage in an un-redacted form. A Web service seamlessly enables users to request their documents to be scanned for personal threat data, view detected personal threat data in redacted forms, and access documents identified as containing personal threat data.
    Type: Grant
    Filed: November 8, 2017
    Date of Patent: July 28, 2020
    Assignee: Onehub Inc.
    Inventors: Matthew Anderson, Michael McCracken, Phillip Wilt, Brandon Caplan, Ryan Graham, Charles Mount
  • Patent number: 10728288
    Abstract: Techniques are disclosed for implementing scalable policies across a plurality of categories that support application workloads. In one example, the policy is a security policy that indicates which types of virtualized application workloads are required to communicate with encryption and groups computing devices into zones that communicate via respective tunnels configured to carry encrypted communication. An orchestration engine selects a computing device based on the zones fined in the security policy to ensure that the virtualized application workloads requiring encrypted communication communicate via tunnels configured to carry encrypted communication.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: July 28, 2020
    Assignee: Juniper Networks, Inc.
    Inventor: Prasad Miriyala
  • Patent number: 10726120
    Abstract: In one embodiment, a system includes a processor having one or more cores and a security processor coupled to the processor. The security processor may be configured to execute in a trusted execution environment, where the security processor includes a local attestation circuit to validate an enclave stored in a protected region of a system memory as a trusted agent, based at least in part on an identifier of the enclave stored in a whitelist. Other embodiments are described and claimed.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: July 28, 2020
    Assignee: Intel Corporation
    Inventors: Ansuya Negi, Ravi L. Sahita
  • Patent number: 10726054
    Abstract: A system and method for generating at least one policy includes a policy document database containing at least one policy document containing at least one unstructured policy entry, and a natural language processor to analyze the at least one unstructured policy entry to generate least one formal policy, wherein a formal outcome of execution of the at least one formal policy corresponds to the at least one unstructured policy entry, and a rule processor to transform the at least one formal policy entry to generate at least one enforceable policy, wherein an enforcement outcome of execution of the at least one enforceable policy corresponds to the at least one formal policy entry.
    Type: Grant
    Filed: February 21, 2017
    Date of Patent: July 28, 2020
    Assignee: CARRIER CORPORATION
    Inventors: Blanca Florentino, Tarik Hadzic, Suresh B. Veluru, Ankit Tiwari
  • Patent number: 10726112
    Abstract: A trust network has at least one transmission medium supporting transmission of data, wherein data transmitted is in at least some instances transmitted in discrete portions, two or more nodes terminating discrete legs in the transmission medium, and trust software executing from a machine-readable medium by a processor on one or more of the two or more nodes. The one or more nodes executing trust software apply trust logic to transmission of the discrete data portions.
    Type: Grant
    Filed: January 3, 2017
    Date of Patent: July 28, 2020
    Inventors: Herbert Willi Artur Ristock, Brian Galvin, S. Michael Perlmutter, Andriy Ryabchun, Sergey Fedorov
  • Patent number: 10719625
    Abstract: Techniques for using contextual information to manage data that is subject to one or more data-handling requirements are described herein. In many instances, the techniques capture or depend upon the contextual information surrounding the creation and/or subsequent actions associated with the data. The contextual information may be updated as the data is handled in various manners. The contextual information may be used to identify data-handling requirements that are applicable to the data, such as regulations, standards, internal policies, business decisions, privacy obligations, security requirements, and so on. The techniques may analyze the contextual information at any time to provide responses regarding handling of the data to requests from requestors, such as administrators, applications, and others.
    Type: Grant
    Filed: December 31, 2018
    Date of Patent: July 21, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Colette Van Dyne, Jeffrey Friedberg
  • Patent number: 10719617
    Abstract: An access control system for managing and enforcing an attribute based access control (ABAC) policy includes: a minimum ABAC implementation that produces a representation access control list in an ABAC policy system; and a local host system that produces a resource repository access control list in the local host system such that the resource repository access control list is based on the representation access control list.
    Type: Grant
    Filed: February 20, 2018
    Date of Patent: July 21, 2020
    Assignee: GOVERNMENT OF THE UNITED STATES OF AMERICA, AS REPRESENTED BY THE SECRETARY OF COMMERCE
    Inventors: David F. Ferraiolo, Gopi Katwala, Serban Gavrila
  • Patent number: 10720232
    Abstract: This document describes systems, methods, devices, and other techniques for managing healthcare records. In some implementations, a computing system is provided that includes an electronic ledger, a first program module, and a second program module. The electronic ledger can store entries of medical record management events invoked by participants in a distributed computing network. The first program module can be assigned to an account of a first user on the distributed computing network and can identify (i) medical records of the first user and (ii) accounts of users other than the first user that are authorized to access the medical records of the first user. The second program module can be assigned to an account of a second user on the distributed computing network and can call the first program module to request access to a set of one or more of the medical records of the first user.
    Type: Grant
    Filed: April 13, 2016
    Date of Patent: July 21, 2020
    Assignee: Accenture Global Solutions Limited
    Inventors: Giuseppe Giordano, Emmanuel Viale, Luca Schiatti, Hugo Borne-Pons
  • Patent number: 10713375
    Abstract: Methods, systems, and computer program products for accessing a database element are described. A table link of a persistency interface is defined, the table link being a representation of a table of a persistency schema. A role for the persistency interface is defined, the role defining a type of access for a specified portion of the database element.
    Type: Grant
    Filed: October 9, 2015
    Date of Patent: July 14, 2020
    Assignee: SAP SE
    Inventors: Peter Eberlein, Volker Driesen, Arne Harren
  • Patent number: 10715656
    Abstract: Aspects of the invention determining a threat score of a call traversing a telecommunications network by leveraging the signaling used to originate, propagate and terminate the call. Outer-edge data utilized to originate the call may be analyzed against historical, or third party real-time data to determine the propensity of calls originating from those facilities to be categorized as a threat. Storing the outer edge data before the call is sent over the communications network permits such data to be preserved and not subjected to manipulations during traversal of the communications network. This allows identification of threat attempts based on the outer edge data from origination facilities, thereby allowing isolation of a compromised network facility that may or may not be known to be compromised by its respective network owner.
    Type: Grant
    Filed: July 25, 2019
    Date of Patent: July 14, 2020
    Assignee: PINDROP SECURITY, INC.
    Inventor: Lance Douglas
  • Patent number: 10715339
    Abstract: Disclosed herein are methods, systems, and apparatus, for securely executing smart contract operations in a trusted execution environment (TEE). One of the methods includes establishing, by a key management (KM) TEE of a KM node, a trust relationship with a plurality of KM TEEs in a plurality of KM nodes based on performing mutual attestations with the plurality of KM TEEs; initiating a consensus process with the plurality of KM TEEs for reaching consensus on providing one or more encryption keys to a service TEE of the KM node; in response to reaching the consensus with the plurality of KM TEEs, initiating a local attestation process with a service TEE in the KM node; determining that the local attestation process is successful; and in response to determining that the local attestation process is successful, providing one or more encryption keys to the TEE executing on the computing device.
    Type: Grant
    Filed: October 31, 2019
    Date of Patent: July 14, 2020
    Assignee: Alibaba Group Holding Limited
    Inventors: Changzheng Wei, Ying Yan, Boran Zhao, Xuyang Song
  • Patent number: 10713354
    Abstract: An apparatus includes a display, a processor coupled to the display and a memory coupled to the processor, wherein the memory includes instructions executable by the processor to identify an access attempt to a monitored resource by an application, the identification occurring after an access permission check is performed. The memory further includes instructions executable by the processor to determine whether the access attempt involves suspicious activity by evaluating a potential risk associated with the application accessing the monitored resource, and in response to determining that the access attempt involves suspicious activity to provide a graphical user interface (GUI) to the display, the GUI providing a notification of the access attempt.
    Type: Grant
    Filed: January 12, 2018
    Date of Patent: July 14, 2020
    Inventors: Xun Chen, Seonghun Moon, HyungDeuk Kim, Jisu Kim
  • Patent number: 10713368
    Abstract: A user interface for applying restriction parameters to content items and users in a grouped manner is provided. A selection of one or more restriction groups can be received through a graphical user interface on a display device associated with a content management system. One or more restriction marks associated with the one or more restriction groups can be displayed on the graphical user interface. A selection of the displayed one or more restriction marks can be received through the graphical user interface for being assigned to a content item stored in the content management system. The content item can have associated metadata stored in the content management system. Metadata associated with the content item can be updated. The updated metadata can indicate that the selection of the one or more restriction marks is assigned to the content item.
    Type: Grant
    Filed: February 2, 2017
    Date of Patent: July 14, 2020
    Assignee: Alfresco Software, Inc.
    Inventors: Roy Wetherall, Shane Maciak, John Iball
  • Patent number: 10713076
    Abstract: When the physical network is transitioned into a virtual network, functionality provided by physical ports are no longer available in the virtual machine (“VM”) environments. Physical to virtual network transport function abstraction may be implemented to provide software applications running in the VM with state information or similar information necessary for the software applications to continue running, without the physical ports that would provide such information in a physical system. In some embodiments, a virtual machine manager might send first information to a virtual infrastructure manager, which might send second information to a virtualized application manager or orchestrator. The virtualized application manager or orchestrator might in turn send third information to a virtualized application running in a virtual machine or container. The first, second, and/or third information might include state information (e.g.
    Type: Grant
    Filed: January 8, 2018
    Date of Patent: July 14, 2020
    Assignee: CenturyLink Intellectual Property LLC
    Inventor: Michael K. Bugenhagen
  • Patent number: 10706078
    Abstract: Arrangements described herein relate to collaborative environments and, more particularly, to use of a microblog to enhance communication in an organization. The present arrangements can include receiving from a first user a first microblog entry into a microblog, identifying at least one keyword associated with the first microblog entry, and assigning to the at least one keyword a tag creating an association between the at least one keyword and at least one data repository. The arrangements further can include establishing bidirectional integration between the microblog and the at least one data repository of information related to the tag creating the association between the at least one keyword and the at least one data repository.
    Type: Grant
    Filed: December 7, 2017
    Date of Patent: July 7, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Carlos N. Andreu, Rajesh Balasubramanian, William D. Dodd, Chunlong Liang, Eduardo N. Spring
  • Patent number: 10708310
    Abstract: In an embodiment, a data processing method comprises creating and storing a scoring threshold value that is associated with determining whether a baseline operation rule is to be generated; receiving, from service monitoring processes, datasets of operations performed on digital objects by processors associated with computer applications; aggregating operations and identifying operation properties from the aggregated operations to generate an aggregated baseline dataset that represents operation properties from aggregated operations; assigning score values to each of the operation properties, wherein each assigned score value represents whether a particular operation property is a candidate for generating a rule that defines expected operation property values for the particular operation property; automatically generating a set of baseline operations rules for only those operation properties that have assigned values that exceed the score threshold value.
    Type: Grant
    Filed: June 17, 2019
    Date of Patent: July 7, 2020
    Assignee: SYSDIG, INC.
    Inventor: Loris Degioanni
  • Patent number: 10708260
    Abstract: Embodiments disclosed herein generally related to a system and method for assessing a fraud risk. In one embodiment, a method for assessing a fraud risk is disclosed herein. A web browser extension executing on the computing device identifies an account associated with the computing device. The web browser extension detects that the computing device navigated to a web page hosted by a third party server. The web browser extension determines that the third party server prompted the computing device to opt into two-factor authentication functionality. The web browser extension determines that the computing device did not opt into the two-factor authentication functionality. The web browser extension prompts, via an application programming interface (API), an organization computing system to update a fraud metric associated with the account.
    Type: Grant
    Filed: December 18, 2018
    Date of Patent: July 7, 2020
    Assignee: Capital One Services, LLC
    Inventors: Michael Mossoba, Joshua Edwards, Jason Ji, Ljubica Chatman, Carlos Eduardo Rodriguez
  • Patent number: 10708267
    Abstract: The present invention provides method and associated processor for authentication, e.g., log-in, with a remote application server by the processor of a user equipment, including: by the processor, achieving a bootstrapping authorization with a remote operator, obtaining a username and a password for logging in the remote application server according to the bootstrapping authorization, composing a log-in message according to the username and the password, and sending the log-in message to the remote application server.
    Type: Grant
    Filed: July 19, 2017
    Date of Patent: July 7, 2020
    Assignee: MEDIATEK INC.
    Inventor: Jing-Fu Chen
  • Patent number: 10708228
    Abstract: A content filtering system and method includes receiving in a network device in a network from a user device, a user selected set of rules identifying a set of URLs to be blocked. The set of rules are loaded into the network device. The network device receives from the user device a request to access a specified URL. A determination is made at the network device whether the specified URL is in the user selected set of rules. If the specified URL is in the user selected set of rules, then the specified URL is blocked.
    Type: Grant
    Filed: August 23, 2017
    Date of Patent: July 7, 2020
    Assignees: AT&T Intellectual Property I, L.P., AT&T Mobility II LLC
    Inventors: Mark Austin, Shahab Azmoudeh, Joseph Dorsey, Jr., Victor Nilson, Christopher Sambar, Jerald Weber
  • Patent number: 10706427
    Abstract: Systems and methods are described for determining whether an electronic computing device complies with the security policy for a network.
    Type: Grant
    Filed: January 4, 2019
    Date of Patent: July 7, 2020
    Assignee: Cellsec, Inc.
    Inventors: David Goldschlag, Erik Dahl
  • Patent number: 10708268
    Abstract: Disclosed are various embodiments for managing voice-driven application. In one embodiment, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to receive a request to initiate an application proxy service. The program instructions can cause the computing device to authenticate the request based on an access token. The program instructions can cause the computing device to initiate an application proxy service session with a second computing device, where the second computing device provides input data to the application proxy service. The computing device can also initiate an application session associated with an application service, where the application proxy service provides the input data to the application service. The computing device also can apply a compliance policy as data is communicated between the second computing device and the application service.
    Type: Grant
    Filed: July 31, 2017
    Date of Patent: July 7, 2020
    Assignee: AirWatch, LLC
    Inventors: Chaoting Xuan, Kar-Fai Tse, Suyu Pan
  • Patent number: 10699459
    Abstract: Regional shapes are generated that respectively enclose geographic regions determined within a map area on the display screen. A pattern of vertices is generated within the map area as a set of intersections of map features. Regional shapes are formed by connecting subsets of vertices to form closed shapes. Data sets corresponding to the regional shapes are transmitted to a processor based device that is programmed to render the map area on a display screen with photo overlays that match the regional shapes.
    Type: Grant
    Filed: December 3, 2018
    Date of Patent: June 30, 2020
    Inventors: Michael Lanza, Konstantin Varik
  • Patent number: 10699226
    Abstract: Systems and methods for automatically generating and providing a compliance notification for a document in response to a compliance request received from an electronic device via a network. A governance system is constructed to communicate with a first governing agent device, a first principal device and a second principal device via the Internet. The first governing agent device provides a first document to the governance system, and the governance system compares the first document with stored permissions and at least one permission generated in real-time by a first personal robot representative. The governance system provides a result of the comparison to the first governing agent device.
    Type: Grant
    Filed: August 23, 2018
    Date of Patent: June 30, 2020
    Inventors: Kevin James Lyons, Glenn Richard Korban
  • Patent number: 10700927
    Abstract: A cloud extension agent can be provided on a customer premise for interfacing, via an outbound secure connection, cloud based services. The cloud extension agent can reach the cloud based services through existing firewall infrastructure, thereby providing simple, secure deployment. Furthermore, the secure connection can enable substantially real-time communication with a cloud service to provide web-based, substantially real time control or management of resources on the customer premises via the cloud extension agent.
    Type: Grant
    Filed: December 29, 2017
    Date of Patent: June 30, 2020
    Assignee: International Business Machines Corporation
    Inventors: Vineeth Narasimhan, Joshua Lambert, Thomas Herchek, Ryan Elliot Hope, Nitish Jha, Rahul Jain, Sumeet Singh
  • Patent number: 10701050
    Abstract: A base station includes a reception unit that receives a first communication parameter including first security information and an identifier of a first wireless network established by another base station, a generation unit that generates second security information in which a security method defined in the first security information is changed to a security method having a higher security level, and an establishment unit that establishes a second wireless network that uses a second communication parameter including the identifier and the second security information and has the identifier.
    Type: Grant
    Filed: December 14, 2016
    Date of Patent: June 30, 2020
    Assignee: CANON KABUSHIKI KAISHA
    Inventor: Toshifumi Hamachi
  • Patent number: 10701137
    Abstract: This disclosure relates to a method, system, and medium to exchange service management contents with a cloud entity via a self-contained cloud content package. The device retrieves a plurality of service management contents for a first cloud controller that offers a cloud service. Also, the device generates a self-contained cloud content package including a plurality of service management contents and a plurality of associated dependencies and configurations. The self-contained cloud content package includes elements for provisioning and managing the cloud service offered by the first cloud controller. Moreover, the device exchanges the plurality of service management contents with a second cloud controller in a cloud entity to support the second cloud controller to deploy and manage the cloud service.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: June 30, 2020
    Assignee: MICRO FOCUS LLC
    Inventors: Prashant Gupte, Stephane Herman Maes, Bikash Ranjan Praharaj
  • Patent number: 10701587
    Abstract: Aspects of the disclosure relate to a method of operating a user equipment for wireless communication with a network. In some aspects, the UE establishes a connection to a network and obtains a control plane message from the network. The control plane message may include one or more types of policy information if a size of the one or more types of policy information is less than or equal to a maximum payload size of the control plane message, or information indicating at least a network location from where the one or more types of policy information may be obtained by the UE over a user plane if the size of the one or more types of policy information is greater than the maximum payload size of the control plane message, or a combination thereof. Other aspects, embodiments, and features are also claimed and described.
    Type: Grant
    Filed: October 11, 2018
    Date of Patent: June 30, 2020
    Assignee: QUALCOMM Incorporated
    Inventors: Lenaig Genevieve Chaponniere, Santosh Abraham, Stefano Faccin, Hong Cheng, Haris Zisimopoulos, Miguel Griot
  • Patent number: 10701071
    Abstract: A request is received by a user in a second region. The request, which is digitally signed with credential associated with the user in the second region causes the generation of a session credential that includes a session key. The user in the second region can use the session credentials to access the resources in the first region.
    Type: Grant
    Filed: February 7, 2018
    Date of Patent: June 30, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Srikanth Mandadi, Khaled Salah Sedky, Slavka Praus, Marc R. Barbour
  • Patent number: 10701100
    Abstract: Threat intelligence management is provided in a security and compliance environment. A threat explorer platform or module of a security and compliance service may detect, investigate, manage, and provide actionable insights for threats at an organizational level. Working with a data insights platform that collects different types of signals (metadata, documents, activities, etc.) and correlates in a multi-stage evaluation, the threat intelligence module may provide actionable visual information on potential threats, affected areas, and actionable insights derived from internal threat data and external information using contextual correlation of data within the data insight platform. User experience may be dynamically adjusted at multiple levels based on context and allow users to drill down arbitrarily deep.
    Type: Grant
    Filed: March 30, 2017
    Date of Patent: June 30, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Philip K. Newman, Puhazholi Vetrivel, Krishna Kumar Parthasarathy, Binyan Chen, Manas Singh, Ashish Mishra, Sudhakar Narayanamurthy
  • Patent number: 10701076
    Abstract: A network agent includes an ingress port in data communication with a network traffic source for receiving network traffic entering a network and an egress port in data communication with the ingress port and a protection device included in the network. The egress port is configured to transmit network traffic received from the ingress port to a network device included in the network. A processing device receives from a protection device included in the network blacklist addresses determined by the protection device to be a threat to the network, and maintains a blacklist that includes the received blacklist addresses. A physical layer device compares the network layer source address of a packet of the network traffic received by the ingress port to the blacklist and forwards the packet to the egress port only if the packet's source address is not included in the blacklist.
    Type: Grant
    Filed: January 14, 2016
    Date of Patent: June 30, 2020
    Assignee: Arbor Networks, Inc.
    Inventor: Edmund J. Gurney, III
  • Patent number: 10698898
    Abstract: Systems, methods, apparatuses, and software for distributed database systems in computing environments are provided herein. In one example, a method of operating a database system is provided that includes providing an interface to a database service that hosts at least a data store across a plurality of storage elements distributed with respect to each other, and receiving, in the interface, lookup requests to determine if first keys indicated by the lookup requests are present in the data store. The method includes processing the lookup requests with at least a bloom filter initialized with second keys associated with the data store to determine presence statuses of the first keys with respect to the data store, and indicating the presence statuses responsive to the lookup requests.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: June 30, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Sunil Khandelwal
  • Patent number: 10698928
    Abstract: Arrangements described herein relate to collaborative environments and, more particularly, to use of a microblog to enhance communication in an organization. The present arrangements can include receiving from a first user a first microblog entry into a microblog, identifying at least one keyword associated with the first microblog entry, and assigning to the at least one keyword a tag creating an association between the at least one keyword and at least one data repository. The arrangements further can include establishing bidirectional integration between the microblog and the at least one data repository of information related to the tag creating the association between the at least one keyword and the at least one data repository.
    Type: Grant
    Filed: December 7, 2017
    Date of Patent: June 30, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Carlos N. Andreu, Rajesh Balasubramanian, William D. Dodd, Chunlong Liang, Eduardo N. Spring
  • Patent number: 10693895
    Abstract: According to an example, security indicator access determination may include determining a security indicator that is received from a first entity by a security indicator sharing platform for sharing with a second entity. A rule associated with identification of a third entity that has access to the security indicator may be analyzed. The third entity may be different from the second entity, and if the second entity belongs to a community, the third entity may not be in the community of the second entity. A determination may be made as to whether to identify the third entity based on the analysis of the rule. In response to a determination that the third entity is to be identified or not to be identified, the third entity may be identified to the first entity, or not identified to the first entity.
    Type: Grant
    Filed: July 22, 2014
    Date of Patent: June 23, 2020
    Assignee: Micro Focus LLC
    Inventors: Anurag Singla, Amir Kibbar, Tomas Sander, Edward Ross, Serhan Shbeita
  • Patent number: 10691618
    Abstract: Various embodiments are generally directed to techniques to load and run secure enclaves for use by kernel mode applications. An apparatus to provide kernel mode access to a secure enclave includes a kernel mode secure enclave driver to provide user mode support for a kernel mode application and to initialize a secure enclave on behalf of the kernel mode application and a user mode secure enclave manager to process an instruction from the kernel mode application to the secure enclave.
    Type: Grant
    Filed: December 17, 2013
    Date of Patent: June 23, 2020
    Assignee: INTEL CORPORATION
    Inventors: Bin Cedric Xing, Reshma Lal
  • Patent number: 10691738
    Abstract: A system, method, and computer program product are provided for tagging application data with enrichment information for interpretation and analysis by an analytics system. In operation, a tagging system receives data from an application. The tagging system examines the data to identify characteristics associated with the data. Additionally, the tagging system tags the data with enrichment information based on the identified characteristics associated with the data and criteria including application specific context and logic, such that the data is capable of being interpreted and analyzed by an analytics system.
    Type: Grant
    Filed: August 7, 2017
    Date of Patent: June 23, 2020
    Assignee: AMDOCS DEVELOPMENT LIMITED
    Inventors: Christophe Regis Jean-jaques Michel, Pierre-Erwann Gouesbet, Nicolas Pierre
  • Patent number: 10693913
    Abstract: In one embodiment, a device in a network gathers characteristics of a container application on the device. The device provides the gathered characteristics of the container application for security assessment. The device receives an indication of the security assessment based on the provided characteristics of the container application. The device controls execution of the container application based on the received indication of the security assessment.
    Type: Grant
    Filed: April 28, 2017
    Date of Patent: June 23, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Selvaraj Mani, Swapna Yelamanchi, Amarender Musku, Sri Hari Kumaran Masilamani, Deep Preet Singh
  • Patent number: 10680852
    Abstract: Example implementations relate to configuring a managed device. For example, configuration of a managed device may be performed by a services controller. The services controller may comprise a processing resource and a memory resource storing machine readable instructions to cause the processing resource to perform a number of actions. For instance, the services controller may manage configuration of a network using a hierarchical configuration model. The services controller may define a plurality of configuration elements for each of a plurality of managed devices in the hierarchical configuration model, where configuration elements shared among the plurality of managed devices are assigned a same setting from the services controller, and the configuration elements assigned by the services controller are customizable by each of the plurality of managed devices.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: June 9, 2020
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventors: Piyush Agarwal, Raja Rangarajan, Chirag Vaidya, Joseph Baniqued, Senthil Kumar V. S., Toni Liu
  • Patent number: 10681013
    Abstract: A retrieving system for retrieving information concealed within a sequence of symbols. The system includes a decoder configurable using rule information and operable when so configured to retrieve the information concealed within the sequence of symbols by applying to the sequence of symbols at least one decoder rule determined by the configuration of the encoder.
    Type: Grant
    Filed: February 21, 2019
    Date of Patent: June 9, 2020
    Inventors: Dilipsinhji Jadeja, Anita Jadeja
  • Patent number: 10681006
    Abstract: In one embodiment, an agent process associated with a particular application on a computing device intercepts outbound connection calls made by the particular application for a remote target host within a computer network, and determines an application context for the outbound connection call based on the particular application and one or more features of the outbound connection call. The agent process may then compare the application context against a set of application-context-aware firewall policies configured on the agent process, and determines whether to allow or not allow (block) the outbound connection call based on the comparing of the application context to the set of application-context-aware firewall policies.
    Type: Grant
    Filed: October 31, 2017
    Date of Patent: June 9, 2020
    Assignee: Cisco Technology, Inc.
    Inventor: Walter Theodore Hulick, Jr.
  • Patent number: 10679225
    Abstract: A system for examining service certifications with multi-sides based on customer experiences is provided, including: a database, an analysis processor, a certification system, an accreditation system, a registration system for a certification officer to register, an internal system of a service firm and a mobile terminal. A first time certification is performed on services from the service firm by the certification system to obtain a service certification credential. A first QR code is identified to obtain an organization name of the certification organization, basic information of the service certification credential, accreditation information of the accreditation system, registration information of the certification officer registered in the registration system and authorization information, authorized by the Certification and Accreditation Administration, for carrying out service certification businesses of the certification organization.
    Type: Grant
    Filed: March 22, 2018
    Date of Patent: June 9, 2020
    Assignee: CHINA CERTIFICATION & ACCREDITATION ASSOCIATION
    Inventors: Fei Sheng, Binyou Fu, Xijun Li
  • Patent number: 10679164
    Abstract: The present disclosure describes systems and method for performing a vulnerabilities assessment of an organization. A campaign controller executes one or more simulated phishing campaigns directed to a plurality of users of an organization, using a plurality of models determined by the campaign controller based at least on identification of the organization. The campaign controller stores to a database the results of execution of the one or more simulated phishing campaigns and based on the results, the campaign controller determines one or more vulnerabilities to phishing for the organization. In one embodiment, the campaign controller determines a percentage of the plurality of users of the organization that are phish-prone. In some embodiments, the users of the organization that are phish-prone interacted with a link of a simulated phishing communication.
    Type: Grant
    Filed: December 1, 2017
    Date of Patent: June 9, 2020
    Assignee: KnowBe4, Inc.
    Inventors: Alin Irimie, Stu Sjouwerman, Greg Kras, Eric Sites
  • Patent number: 10671752
    Abstract: A method includes receiving a data capture event affecting personal data of a user stored in at least one storage device of a computing system and mapped in a privacy graph database. Personal data of the user may be identified in the data capture event and classified into the data categories. In response to the data capture event, a mapping of user-centric nodes associated with the at least one user associated with other users in the privacy graph database is automatically updated using the classified personal data in the data capture event. A request by a requester for personal data of at least one specific user stored in the at least one storage device is received. The privacy graph database is queried to provide the requested personal data and locations of the requested personal data of the at least one specific user in the request stored in the computing system.
    Type: Grant
    Filed: November 20, 2019
    Date of Patent: June 2, 2020
    Assignee: Capital One Services, LLC
    Inventors: Anindya Misra, Eckow Fred Ayison, Sripal Togaru
  • Patent number: 10673850
    Abstract: Systems and methods for network authorization are described herein. An example method can include receiving a user credential from a host device connected to a network, authenticating the user credential, and in response to authenticating the user credential, determining an authorization policy associated with the host device. The method can also include polling a network overlay control plane of the network to obtain a network location information associated with the host device, identifying at least one network device of the network using the network location information, and transmitting the authorization policy to the at least one network device.
    Type: Grant
    Filed: December 20, 2016
    Date of Patent: June 2, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Victor Moreno, Sridhar Subramanian, Sanjay Kumar Hooda