Tickets (e.g., Kerberos Or Certificates, Etc.) Patents (Class 726/10)
  • Patent number: 11901040
    Abstract: A genomic update system can generate a user interface from network pages based on user variant data and network services associated with the network pages. A trait data structure tracks network services for different trait categories. A given network page of a given category can be used to identify a different category and different network services and content for display to a user. Content in the trait data structure can be included in a user interface with additional contextual visualizations that allow the user to interact with the links and content via a user device, such as a handheld mobile device.
    Type: Grant
    Filed: February 22, 2021
    Date of Patent: February 13, 2024
    Assignee: Helix, Inc.
    Inventors: Keith Dunaway, Anna Merkoulovitch, Andrew Shinohara, Anupreet Walia
  • Patent number: 11870816
    Abstract: Custom policies are definable for use in a system that enforces policies. A user, for example, may author a policy using a policy language and transmit the system through an application programming interface call. The custom policies may specify conditions for computing environment attestations that are provided with requests to the system. When a custom policy applies to a request, the system may determine whether information in the attestation is sufficient for the request to be fulfilled.
    Type: Grant
    Filed: September 26, 2022
    Date of Patent: January 9, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Branchek Roth, Eric Jason Brandwine
  • Patent number: 11863664
    Abstract: A method for performing key exchange for a security operation in a storage device includes generating, by a trusted third party (TTP), a first certificate based on a first user ID and first public key and generating a second certificate based on a second user ID and second public key. While the storage device is accessed by the first user ID, a first verification is performed on the second certificate based on a third certificate. When the first verification is successfully completed, a ciphering key is derived based on a first private key and the second public key. While the storage device is accessed by the second user ID, a second verification is performed on the first certificate based on the third certificate. When the second verification is successfully completed, the ciphering key is derived based on a second private key and the first public key.
    Type: Grant
    Filed: May 21, 2021
    Date of Patent: January 2, 2024
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventor: Younsung Chu
  • Patent number: 11856116
    Abstract: Disclosed is a device and method to secure software update information for authorized entities. In one embodiment, a device for receiving secured software update information from a server, the device includes: a physical unclonable function (PUF) information generator, comprising a PUF cell array, configured to generate PUF information, wherein the PUF information comprises at least one PUF response output, wherein the at least one PUF response output is used to encrypt the software update information on the server so as to generate encrypted software update information; a first encrypter, configured to encrypt the PUF information from the PUF information generator using one of at least one public key from the server so as to generate encrypted PUF information; and a second encrypter, configured to decrypt the encrypted software update information using one of the at least one PUF response output so as to obtain the software update information.
    Type: Grant
    Filed: October 28, 2022
    Date of Patent: December 26, 2023
    Assignee: Taiwan Semiconductor Manufacturing Co., Ltd.
    Inventor: Shih-Lien Linus Lu
  • Patent number: 11856092
    Abstract: An example operation may include one or more of encrypting content via an encryption key to generate encrypted content, storing the encrypted content via a distributed ledger, splitting the encrypted encryption key into a set of key shares via a threshold secret sharing scheme, and distributing the set of key shares among a plurality of nodes of a distributed vault, where each key share is distributed with an expiry value that identifies when the respective key share is to be deleted by a node.
    Type: Grant
    Filed: June 2, 2021
    Date of Patent: December 26, 2023
    Assignee: International Business Machines Corporation
    Inventors: Artem Barger, Yacov Manevich, Yoav Tock
  • Patent number: 11831790
    Abstract: A method is provided for automating management of automatic renewal of a public key infrastructure (PKI) certificate issued by a certificate authority (CA) for a subscriber. The method includes steps of causing the subscriber to (i) transmit a first alert to a management entity for initiating renewal of the PKI certificate, and (ii) transmit a certificate signing request (CSR) to a registration authority (RA) for issuance of a renewal certificate. The method further includes steps of (iii) transmitting, from the RA to the CA, the CSR signed by the RA, (iv) receiving, at the RA from the CA, an issued renewal certificate signed by the CA, (v) sending, from the RA to the subscriber, the issued renewal certificate signed by the CA, and (vi) causing the subscriber to transmit a second alert to a management entity indicating renewal of the PKI certificate.
    Type: Grant
    Filed: December 17, 2021
    Date of Patent: November 28, 2023
    Assignee: Cable Television Laboratories, Inc.
    Inventors: Steven J. Goeringer, Brian A. Scriber, Darshak Thakore, Massimiliano Pala
  • Patent number: 11792206
    Abstract: A connection management apparatus of a relay system specifies, when terminal identification information for identifying a target terminal is acquired from a client terminal, a first relay apparatus that relays communication, and specifies connecting information for the client terminal to connect to the first relay apparatus. The connection management apparatus stores the specified connecting information and the terminal identification information in a storage in association with each other, and notifies the client terminal of the specified connecting information. When the specified first relay apparatus receives access based on the connecting information from the client terminal, the specified first relay apparatus relays the communication between the client terminal and the target terminal on the basis of the terminal identification information associated with the connecting information.
    Type: Grant
    Filed: July 6, 2021
    Date of Patent: October 17, 2023
    Assignee: SORACOM, INC.
    Inventors: Kenta Yasukawa, Motokatsu Matsui, Taiki Kawakami
  • Patent number: 11792074
    Abstract: The present invention provides a system and method for remote configuration and management of internet of thing devices, whereby applications do not need to explicitly participate in a particular configuration scheme and the application configuration and management can be performed securely and remotely while the Secure Remote Management engine is architecturally decoupled from the bearing protocols used by the remote enterprise to configure and manage the device or devices.
    Type: Grant
    Filed: January 30, 2021
    Date of Patent: October 17, 2023
    Inventors: John Geiger, Vinod Mukkamala, Timothy Winter
  • Patent number: 11777919
    Abstract: Systems and methods for enhancing file systems with file system objects that automatically expire. An example method may involve: scanning, by a processing device, a data storage node, wherein the data storage node comprises multiple certificates associated with file system objects in a plurality of different data storage nodes; iterating through the multiple certificates to determine a set of certificates, wherein the set of certificates comprises certificates that are invalid; and initiating a deletion of the file system objects in the plurality of different storage nodes.
    Type: Grant
    Filed: August 12, 2020
    Date of Patent: October 3, 2023
    Assignee: Red Hat, Inc.
    Inventors: Vivek ShivBhagwan Agarwal, Nagaprasad Sathyanarayana
  • Patent number: 11774953
    Abstract: Disclosed is a method for checking the setting of predefined security functions of a field device of process and automation technology, wherein the predefined security functions relate to an access to a function of the field device by an unauthorized person. The method includes: identifying a user; starting by the user a query about the actual setting of the security functions predefined at the measuring point; comparing actual setting of the predefined security functions with a target setting of the predefined security functions defined by the stipulated security level; and outputting an electronic report about the matching or deviation of the actual setting from the target setting of the predefined security functions. Depending on the matching or deviation of the actual setting from the target setting of the predefined security functions, different steps are carried out.
    Type: Grant
    Filed: November 23, 2020
    Date of Patent: October 3, 2023
    Assignee: Endress+Hauser Wetzer GmbH+Co. KG
    Inventor: Michael Kuhl
  • Patent number: 11765149
    Abstract: A first instruction to store an entity identification (ID) in a memory of a device may be received. The entity ID may be stored in the memory in response to receiving the first instruction. Furthermore, a second instruction to store a value based on a key in the memory of the device may be received. A determination may be made as to whether the value based on the key that is to be stored in the memory corresponds to the entity ID that is stored in the memory. The value based on the key may be stored in the memory of the device when the value based on the key corresponds to the entity ID.
    Type: Grant
    Filed: October 4, 2019
    Date of Patent: September 19, 2023
    Assignee: Cryptography Research, Inc.
    Inventors: Ambuj Kumar, Daniel Beitel, Benjamin Che-Ming Jun
  • Patent number: 11763032
    Abstract: A method preserves privacy in an HTTP communication between a client and a server. The method includes: intercepting an HTTP request that is sent from the client to the server; extracting a cookie from the HTTP request, the cookie including a cookie name and a cookie value; splitting the cookie value into information segments according to a split pattern; and modifying one or more of the information segments based on predefined modification rules. The split pattern for the cookie value is received from a cookie format analyzer. The cookie format analyzer selects the split pattern by: generating multiple lists of data formats based on the cookie name, and selecting one of the lists as the split pattern based on similarity and frequency features associated with the data formats.
    Type: Grant
    Filed: September 29, 2020
    Date of Patent: September 19, 2023
    Assignee: NEC CORPORATION
    Inventors: Roberto Gonzalez Sanchez, Miriam Marciel, Lili Jiang
  • Patent number: 11755723
    Abstract: A method for validation of virtual function pointers includes compiling a source code file with one or more classes whereby each of the classes has a virtual table, and the compiling includes associating a security check function with the virtual function invocation site such that the associated security check function is executed prior to an invocation of the virtual function, generating a class hierarchy hash table (CHHT), whereby when the compiled source code file is executed, the security check function is used to determine whether an invoked virtual function pointer of a virtual function associated with the security check function is valid by looking up an indicator in the CHHT according to a hash result of the virtual function pointer and an address of a virtual table containing the virtual function pointer.
    Type: Grant
    Filed: April 22, 2021
    Date of Patent: September 12, 2023
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Ting Dai, Yongzheng Wu, Tieyan Li
  • Patent number: 11750589
    Abstract: A system and method is disclosed for transporting application data through a communications tunnel between a host device and a guest device that each includes networked processors. The application data may be transported between the host device and the guest device through an allowed port of the host device, the communications tunnel, and a port of the guest device. Based on logon credentials, the guest device can be authenticated by a security server and a role may be determined. The role can include allowed ports and associated applications on the host that the guest is allowed to access. Remote access from the guest device to host devices or remote devices may be enabled without needing prior knowledge of their configurations. Secure access may be facilitated to remote host devices or remote devices, according to security policies that can vary on a per-session basis and takes into account various factors.
    Type: Grant
    Filed: January 5, 2023
    Date of Patent: September 5, 2023
    Assignee: NETOP SOLUTIONS A/S
    Inventors: Peter Holmelin, Valentin Palade, Dragos Ivan
  • Patent number: 11722307
    Abstract: The disclosure relates to an electronic device for processing a digital key and an operation method thereof. The electronic device for processing a digital key may include a communicator configured to receive a request from a digital key framework, verify a package, a signature information of the package, and a certificate information of the target device based on a first authentication information received from the digital key framework and a second authentication information stored in the secure element, and generate the digital key by using configuration information included in the package.
    Type: Grant
    Filed: July 17, 2019
    Date of Patent: August 8, 2023
    Inventors: Inyoung Shin, Sooyeon Jung, Jonghyo Lee, Taehyung Lim
  • Patent number: 11683684
    Abstract: Techniques described herein include utilizing a mobile device as a proxy receiver and/or transmitter for a vehicle in a V2X network. In some embodiments, the mobile device associated mobile device capabilities may be configured to obtain vehicle capabilities and store such data in memory at the mobile device. The mobile device may obtain any suitable combination of a reception credential and one or more transmission credentials. In some embodiments, the one or more transmission credentials may be generated by a credential authority based at least in part on determining that the vehicle capabilities and mobile device capabilities indicate that the sensor(s) and/or processing resources of the vehicle and/or mobile device meet transmission requirement thresholds for the network. The mobile device may subsequently transmit any suitable data message on behalf of the vehicle using at least one of the transmission credentials.
    Type: Grant
    Filed: July 23, 2020
    Date of Patent: June 20, 2023
    Assignee: QUALCOMM Incorporated
    Inventors: Benjamin Lund, Soumya Das, Edwin Chongwoo Park, Garrett Shriver
  • Patent number: 11665162
    Abstract: A method performs a strong authentication using a mobile terminal and the capability of the user, as proof of an identity. The mobile terminal allows an authentication to be established by communicating with a proxy authentication server and a notification server. These communications are initiated by an authentication server, used for the authentication. Throughout the authentication, the authentication server remains masked by the proxy authentication server. The only interface between the authentication server and the rest of the world is the proxy authentication server.
    Type: Grant
    Filed: August 22, 2018
    Date of Patent: May 30, 2023
    Assignee: BULL SAS
    Inventor: Christophe Guionneau
  • Patent number: 11663317
    Abstract: Systems and methods for controlling and tracking computer devices using a secure communication path between a central server and a machine control-file watchdog program. One or more machine control-files can be generated to control, limit and track a computer device using a machine control-file watchdog program. The system sets limits on the computer device to ensure the user operating the computer device stays within a restricted set of usage limitations. The machine control-file watchdog program protects the one or more machine control-files and additionally can report on all activities performed by the computer device to the central server.
    Type: Grant
    Filed: March 9, 2021
    Date of Patent: May 30, 2023
    Assignee: 3D Bridge Solutions Inc.
    Inventors: Gary Mousseau, Karima Bawa
  • Patent number: 11652812
    Abstract: A network security system and method implements dynamic access control for a protected resource using run-time contextual information. In some embodiments, the network security system and method implements a dynamic access ticket scheme for access control where the access ticket is based on run-time application context. In other embodiments, the network security system and method implements policy enforcement actions in response to detected violations using application programming interface (API) to effectively block detected policy violations without negatively impacting the operation of the application or the user of the application. In some embodiments, the network security system uses enterprise social collaboration tools to interact with the end-user or with the system administrator in the event of detected security incidents.
    Type: Grant
    Filed: June 17, 2021
    Date of Patent: May 16, 2023
    Assignee: ARECABAY, INC.
    Inventors: Robert Dykes, Lebin Cheng, Ravindra K. Balupari
  • Patent number: 11647014
    Abstract: A computer-implemented method for identity authentication in a data processing system, including: receiving, by the processor, an authentication request from a user; receiving, by the processor, real-time data from one or more Internet of Things (IoT) devices associated with the user; generating, by the processor, one or more questions based on the real-time data; receiving, by the processor, one or more responses to the one or more questions from the user; comparing, by the processor, the one or more responses from the user with one or more correct answers identified by the processor. If the one or more responses match the one or more correct answers, providing, by the processor, the user with a successful identity authentication.
    Type: Grant
    Filed: February 18, 2020
    Date of Patent: May 9, 2023
    Assignee: International Business Machines Corporation
    Inventors: Stephen J. McKenzie, Narayana A. Madineni, Simon D. McMahon, Pranab Agarwal
  • Patent number: 11637709
    Abstract: An approach is disclosed for running a first smart contract on a first blockchain platform restricting access to a client's funds appropriated to a second smart contract running on a second blockchain platform. A transaction is received by invoking the first smart contract authorizing the second smart contract. In response to receiving an indication of a successful completion of the first smart contract, a plurality of client's authorization tickets are sent to the second smart contract. The invoked smart contract receives the set of authorization information and records the set of authorization information. After receiving a set of authenticated authorization tickets exceeding a predetermined threshold, the funds are released.
    Type: Grant
    Filed: May 4, 2021
    Date of Patent: April 25, 2023
    Assignee: 0CHAIN CORP.
    Inventors: Saswata Basu, Thomas Howard Austin
  • Patent number: 11637910
    Abstract: Systems and methods include receiving a record associated with an incident that was detected by the CASB system in a Software-as-a-Service (SaaS) application; determining a hash based on a plurality of levels for the record; determining if the record exists in a data store based on the hash, and if the record exists, deleting an old record; and inserting the record in the data store based on the hash, wherein the data store is maintained in-memory and includes records at leaf nodes in a multi-level hash based on the plurality of levels.
    Type: Grant
    Filed: October 2, 2020
    Date of Patent: April 25, 2023
    Assignee: Zscaler, Inc.
    Inventors: Abhishek Bathla, Kumar Gaurav, Raman Madaan, Chakkaravarthy Periyasamy Balaiah, Shweta Gupta
  • Patent number: 11615189
    Abstract: In some embodiments, there is provided a method for updating a gateway in a substation. The method includes receiving, at a gateway from a server, an update package assigned with a first identifier, the update package including at least one of: a configuration associated with at least one monitoring device connected to the gateway; and an application configurable to collect data from the at least one monitoring device; in response to receiving the update package, determining whether the first identifier matches a second identifier of the gateway; and in response to determining that the first identifier matches the second identifier of the gateway, updating the gateway with the received update package.
    Type: Grant
    Filed: May 28, 2020
    Date of Patent: March 28, 2023
    Assignee: ABB SCHWEIZ AG
    Inventors: Huixiang Chen, Zhui Wang, Hongzheng Chen
  • Patent number: 11606208
    Abstract: Techniques of keyless authentication of computing services in distributed computing systems are disclosed herein. One example technique includes upon receiving a command to instantiate a computing service, transmitting a request to an authentication service for an identity assertion token corresponding to an application execution of which instantiates the computing service. The example technique can also include upon receiving the requested identity assertion token, storing the received identity assertion token in the container and modifying an entry of a configuration file in the container that allows the instantiated computing service to access the stored identity assertion token and authenticate to the authentication service using the identity assertion token.
    Type: Grant
    Filed: April 17, 2020
    Date of Patent: March 14, 2023
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Paranthaman Saravanan, Marc Andrew Power, Yang Zhang, Matthias Adam Leibmann, Grigory V. Kaplin, Yi Zeng
  • Patent number: 11588639
    Abstract: Embodiments include a method for providing tokens which includes: receiving from a user system an encrypted data packet including user credentials and a request for an authentication token to access protected resources; extracting the user's security information; transmitting a data packet to a security and access management system, where the data packet includes the user's security information and a request for user validation; receiving, from the security and access management system, user validation and additional data; generating a thin token and a fat token; storing the thin token in association with the fat token; transmitting the thin token to the user system; receiving, from the user system, a request to access protected resources from a protected resource system, the request including the thin token; validating the received thin token; accessing the fat token associated with the thin token; and transmitting the fat token to the protected resource system.
    Type: Grant
    Filed: December 16, 2020
    Date of Patent: February 21, 2023
    Assignee: Experian Information Solutions, Inc.
    Inventors: Alpa Modi Jain, Praveen Kumar Soni, Frederic Vander Elst
  • Patent number: 11575571
    Abstract: A model-based industrial security policy configuration system implements a plant-wide industrial asset security policy in accordance with security policy definitions provided by a user. The configuration system models the collection of industrial assets for which diverse security policies are to be implemented. An interface allows the user to define zone-specific security configuration and event management policies for a plant environment at a high-level based on a security model that groups the industrial assets into security zones. Based on the model and these policy definitions, the system generates asset-level security setting instructions configured to set appropriate device settings on one or more of the industrial assets to implement the security event management policies, and deploys these instructions to the appropriate assets in order to implement the defined policies.
    Type: Grant
    Filed: May 8, 2020
    Date of Patent: February 7, 2023
    Assignee: Rockwell Automation Technologies, Inc.
    Inventors: David E Huffman, Taryl Jasper, Jack Visoky
  • Patent number: 11576044
    Abstract: A method of managing and verifying a certificate of a terminal is provided. The method includes obtaining certificate information that is usable when downloading and installing a specific bundle corresponding to at least one of a secondary platform bundle family identifier or a secondary platform bundle family custodian identifier, transmitting, to a secondary platform bundle manager, the certificate information corresponding to the at least one of the secondary platform bundle family identifier or the secondary platform bundle family custodian identifier of the specific bundle, and receiving, from the secondary platform bundle manager, at least one of a certificate of the secondary platform bundle manager, certificate information to be used by a smart secure platform (SSP), the secondary platform bundle family identifier, or the secondary platform bundle family custodian identifier.
    Type: Grant
    Filed: November 8, 2021
    Date of Patent: February 7, 2023
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Kangjin Yoon, Jonghoe Koo, Duckey Lee, Taehyung Lim
  • Patent number: 11575663
    Abstract: A system and method is disclosed for transporting application data through a communications tunnel between a host device and a guest device that each includes networked processors. The application data may be transported between the host device and the guest device through an allowed port of the host device, the communications tunnel, and a port of the guest device. Based on logon credentials, the guest device can be authenticated by a security server and a role may be determined. The role can include allowed ports and associated applications on the host that the guest is allowed to access. Remote access from the guest device to host devices or remote devices may be enabled without needing prior knowledge of their configurations. Secure access may be facilitated to remote host devices or remote devices, according to security policies that can vary on a per-session basis and takes into account various factors.
    Type: Grant
    Filed: May 17, 2021
    Date of Patent: February 7, 2023
    Assignee: NETOP SOLUTIONS A/S
    Inventors: Peter Holmelin, Valentin Palade, Dragos Ivan
  • Patent number: 11570619
    Abstract: A communication apparatus includes an authentication unit that sets a communication parameter for connecting to a wireless network, and executes authentication processing, with a base station, for registering the communication apparatus to the base station that forms the wireless network, as a management apparatus that is allowed to connect another apparatus to the wireless network, a setting unit that, based on information acquired from code information captured through imaging, sets the communication parameter to another communication apparatus corresponding to the code information, and a registration unit that executes registration processing for registering the other communication apparatus to the base station as the management apparatus, based on at least a condition that the communication parameter is set to the other communication apparatus by the setting unit.
    Type: Grant
    Filed: September 19, 2019
    Date of Patent: January 31, 2023
    Assignee: Canon Kabushiki Kaisha
    Inventor: Tatsuhiko Sakai
  • Patent number: 11552995
    Abstract: One or more medical devices are configured to connect to a predetermined temporary provisioning network of a healthcare organization, the temporary provisioning network being different than a healthcare network of the healthcare organization. After the devices are received by the healthcare organization, and powered up for the first time, device identifiers corresponding to the medical devices are received at a server remote from the healthcare organization, from the temporary provisioning network, together with an indication that the medical devices are requesting access to a management server within a healthcare network of the healthcare organization.
    Type: Grant
    Filed: February 28, 2020
    Date of Patent: January 10, 2023
    Assignee: CareFusion 303, Inc.
    Inventors: Aron Weiler, Jeff Gaetano, Brian Sullivan
  • Patent number: 11551253
    Abstract: Embedding of digital incentive tokens within a digital image can occur cryptographically using a public key in some embodiments. An encrypted digital incentive token may be embedded within a digital image, including a variety of encrypted information. The digital image with the embedded digital incentive token may be sent to users via delivery mechanisms such as direct webpage embedding, email, text message, and social media sharing. An image recipient may be able to view the image and also take additional action including gaining access to the embedded digital incentive token. Digital incentive tokens can be embedded by altering image metadata so that the image itself is not changed in some embodiments, but data associated with the image is changed to identify the token. Pixel data can be altered to reflect a token for an image. Digital incentive tokens can also be tracked through different platforms to determine usage.
    Type: Grant
    Filed: August 31, 2020
    Date of Patent: January 10, 2023
    Assignee: PayPal, Inc.
    Inventor: Braden Christopher Ericson
  • Patent number: 11546310
    Abstract: Methods include establishing a transport layer security connection between the client and a server that provides the web service, identifying at least one cryptographic key for communication with the web service in the connection, closing the connection and communicating between the client and the web service using a web service token that is signed and encrypted according to the identified at least one cryptographic key. Communicating between the client and the web service using a web service token may not require creation of a new transport layer security connection. Further embodiments provide a computer configured to perform operations as described above and computer-readable medium storing instructions that, when executed by a computer, perform operations as described above.
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: January 3, 2023
    Assignee: Sensus Spectrum, LLC
    Inventors: Yifan Wu, Ricky West
  • Patent number: 11533309
    Abstract: A process running on client devices intercepts requests destined for an identity provider (“IdP”) system and injects a digital signature corresponding to a user associated with the request. In order to reduce or eliminate the burden on providers of the applications or other resources used by the users, the organization providing the IdP system may also provide components that run locally on the client devices of users and integrate with the users' applications. For example, in one embodiment code of the IdP system is run within a container of an application to handle communication with the IdP system. Additionally, code of the IdP system is run as a local process that handles request interception and digital signature injection. For client devices not supporting the use of the local process, a separate verifier application of the IdP can be run locally and allow interactively performing authentication via a user interface.
    Type: Grant
    Filed: December 28, 2020
    Date of Patent: December 20, 2022
    Assignee: Okta, Inc.
    Inventors: Umang Shah, Johannes Stockmann, Santosh Reddy Male, Ildar Abdullin
  • Patent number: 11533183
    Abstract: A system, includes a device and a payload warehouse. The device receives a user request to initiate a feature of the device. In response to receiving the request, device information is provided to a payload warehouse. The payload warehouse stores an inventory which includes a digital payload. The digital payload includes data, such as a digital certificate, which may be used by the device to implement the user-requested feature. The payload warehouse receives the device information provided by the device and determines an encryption vector based at least in part on the received device information. Using the encryption vector, the digital payload is encrypted. The encrypted digital payload is provided to the device.
    Type: Grant
    Filed: January 10, 2020
    Date of Patent: December 20, 2022
    Assignee: Lennox Industries Inc.
    Inventors: Nguyen Trong Ho, Sunil Khiani
  • Patent number: 11522670
    Abstract: Disclosed herein are systems and methods for decentralized data distribution by a database network system comprising a hierarchical blockchain model. The hierarchical blockchain model may comprise a quantum pyramid consensus to distribute data throughout the database network system in a decentralized and secure manner. The hierarchical construct may be built according to trusted scores calculated for the nodes of the network over their lifetime at the network.
    Type: Grant
    Filed: December 1, 2020
    Date of Patent: December 6, 2022
    Assignee: MAATADATA, INC.
    Inventors: Anjali Gulati, Phillipus Van Eeden
  • Patent number: 11516027
    Abstract: Disclosed is a device and method to secure software update information for authorized entities. In one embodiment, a device for receiving secured software update information from a server, the device includes: a physical uncolonable function (PUF) information generator, comprising a PUF cell array, configured to generate PUF information, wherein the PUF information comprises at least one PUF response output, wherein the at least one PUF response output is used to encrypt the software update information on the server so as to generate encrypted software update information; a first encrypter, configured to encrypt the PUF information from the PUF information generator using one of at least one public key from the server so as to generate encrypted PUF information; and a second encrypter, configured to decrypt the encrypted software update information using one of the at least one PUF response output so as to obtain the software update information.
    Type: Grant
    Filed: November 30, 2020
    Date of Patent: November 29, 2022
    Assignee: Taiwan Semiconductor Manufacturing Co., Ltd.
    Inventor: Shih-Lien Linus Lu
  • Patent number: 11514151
    Abstract: Method, apparatus and computer program product for multi-device user authentication are described herein. For example, the apparatus includes at least one processor and at least one non-transitory memory including program code.
    Type: Grant
    Filed: September 25, 2020
    Date of Patent: November 29, 2022
    Assignee: Salesforce, inc.
    Inventors: Faisal Yaqub, Chase Rutherford-Jenkins, Graham Hicks
  • Patent number: 11507431
    Abstract: A system and method include reception of a request to create a virtual machine associated with a requested number of resource units of each of a plurality of resource types, determination, for each of the plurality of resource types, of a pool of available resource units, random selection, for each of the plurality of resource types, of the requested number of resource units from the pool of available resource units of the resource type, and allocation of the selected resource units of each of the plurality of resource types to the virtual machine.
    Type: Grant
    Filed: April 1, 2020
    Date of Patent: November 22, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Raymond Noel Nkoulou Kono
  • Patent number: 11475138
    Abstract: A computer-implemented method for creating a secure software container. The method comprises providing a first layered software container image, transforming all files, except corresponding metadata, of each layer of the first layered software container image into a volume, the volume comprises a set of blocks, wherein each layer comprises an incremental difference to a next lower layer, encrypting each block of the set of blocks of a portion of the layers, and storing each encrypted set of the blocks as a layer of an encrypted container image along with unencrypted metadata for rebuilding an order of the set of blocks equal to an order of the first layered software container image, so that a secure encrypted software container is created.
    Type: Grant
    Filed: January 9, 2020
    Date of Patent: October 18, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Utz Bacher, Reinhard Theodor Buendgen, Peter Morjan, Janosch Andreas Frank
  • Patent number: 11468158
    Abstract: A machine-learning algorithm receives code indicative of a software unit and parses the code to extract an authenticating parameter. The machine-learning algorithm constructs an authentication template based on the authenticating parameter and providing the authentication template to a user. The algorithm receives user input from the user responsive to the authentication template and creates an authentication microservice based on the authentication template (and optionally the input). The algorithm links the authentication microservice to the software unit to deploy the authentication microservice within the software unit. The machine-learning algorithm is then modified based on the input.
    Type: Grant
    Filed: April 10, 2019
    Date of Patent: October 11, 2022
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Joseph Soryal, Naila Jaoude
  • Patent number: 11457007
    Abstract: Methods, systems, computer-readable media, and apparatuses method for performing single sign on for a user device to the Internet. User sign-in credentials including an identity token of the user are received by a hosted desktop from the user device, including an indication that the user is attempting to access a website. The website is authorized as a trusted website by a network authorization node, and the website is issued a one-time-use token. A web browser of the hosted desktop receives an application provided by the website to cause the web browser to call the hosted desktop to initiate single sign on. Authenticity of the one-time-use token is requested by a daemon process, and the website's public key is obtained. Upon verifying authenticity of the web site, the identity token of the user is passed to the website, to enable the website to establish single sign on with the user.
    Type: Grant
    Filed: September 9, 2020
    Date of Patent: September 27, 2022
    Assignee: Citrix Systems, Inc.
    Inventor: Tom Kludy
  • Patent number: 11451611
    Abstract: A system for providing remote monitoring of assets is disclosed. The system provides secure communication with one or more assets and receive operational data from the one or more assets. The system generates a graphical user interface that be used for selection of inputs from the one or more assets and specification of conditions to be applied to inputs for generation of alerts. The system can receive a selection of one or more asset outputs and two or more conditions. The conditions are applied to the selection of one or more assets to generate alerts when at least one of the conditions is satisfied.
    Type: Grant
    Filed: June 18, 2020
    Date of Patent: September 20, 2022
    Assignee: Samsara Inc.
    Inventors: James Robert Saunders, Erick Anthony Dean, Youny Jing Kuang, Famien Aaron Koko, Audrey Yun Li, Amanda Wang, Jennifer T. Nguyen, Noah Paul Gonzales, Steven Vellon
  • Patent number: 11451456
    Abstract: In one embodiment, a device classification service obtains telemetry data for a plurality of devices in a network. The device classification service repeatedly assigns the devices to device clusters by applying clustering to the obtained telemetry data. The device classification service determines a measure of stability loss associated with the cluster assignments. The measure of stability loss is based in part on whether a device is repeatedly assigned to the same device cluster. The device classification service determines, based on the measure of stability loss, that the cluster assignments have stabilized. The device classification service obtains device type labels for the device clusters, after determining that the cluster assignments have stabilized.
    Type: Grant
    Filed: April 19, 2019
    Date of Patent: September 20, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: David Tedaldi, Grégory Mermoud, Pierre-Andre Savalle, Jean-Philippe Vasseur
  • Patent number: 11438159
    Abstract: Examples of the present disclosure describe systems and methods for monitoring the security privileges of a process. In aspects, when a process is created, the corresponding process security token and privilege information is detected and recorded. At subsequent “checkpoints,” the security token is evaluated to determine whether the security token has been replaced, or whether new or unexpected privileges have been granted to the created process. When a modification to the security token is determined, a warning or indication of the modification is generated and the process may be terminated to prevent the use of the modified security token.
    Type: Grant
    Filed: June 17, 2020
    Date of Patent: September 6, 2022
    Assignee: Webroot Inc.
    Inventors: Andrew Sandoval, Eric Klonowski
  • Patent number: 11435907
    Abstract: One example method includes accessing stored data, associating a unique identifier with the data, creating a hash by hashing a combination that comprises the unique identifier and the data, transmitting the hash to a notary service, receiving, from the notary service, a digital signature that corresponds to the hash, appending the digital signature to the data, and storing, as an object, a combination that comprises the digital signature, the data, and the unique identifier.
    Type: Grant
    Filed: June 27, 2019
    Date of Patent: September 6, 2022
    Assignee: EMC IP Holding Company LLC
    Inventors: Yossef Saad, Radia J. Perlman, Charles William Kaufman
  • Patent number: 11431620
    Abstract: A control packet transmission system includes a first switch device that, during a first time period, generates and transmits first control packets to a second switch device. Furthermore, a third switch device is provided that, during the first time period, generates and transmits third control packets to the second switch device, and transmits a copy of those third control packets to the first switch device. The first switch then generates respective first hash values using each of the first and third control packets, and generate a first consolidated hash value using each of the respective first hash values. During a subsequent second time period, the first switch device may determine that control data exchanged during the first and second time periods is the same and, in response, transmit the first consolidated hash value to the second switch device in place of any control packets transmitted to the second switch device.
    Type: Grant
    Filed: October 28, 2019
    Date of Patent: August 30, 2022
    Assignee: Dell Products L.P.
    Inventor: Karthi Kaliyamoorthy
  • Patent number: 11398901
    Abstract: Examples provide a system for managing access-restricted partial cryptographic keys for encrypting and decrypting data. In some examples, a slot server generates and stores a first partial key. The first partial key is access-restricted based on access control data. A slot value mapped to the storage location is returned to the client by the slot server. The client generates a second partial key which is stored at the client device with the slot value. To obtain the first partial key, the client sends a request to the slot server, including the slot value. The requesting client is validated using access control data. If the request comes from a validated client, the slot server provides the first partial key to the client. The first partial key and the second partial key are combinable to generate a composite key for encrypting and decrypting data.
    Type: Grant
    Filed: March 26, 2021
    Date of Patent: July 26, 2022
    Assignee: Walmart Apollo, LLC
    Inventors: Derrick Gene Wright, Oscar Blass
  • Patent number: 11381973
    Abstract: A data transmission method, a related device, and a related system. The method includes: receiving, by a first access network device, a data packet (for example, small data) sent by user equipment (for example, an IoT device), where the data packet includes a first cookie and raw data; verifying, by the first access network device, the first cookie, to obtain a verification result; and processing, by the first access network device, the raw data based on the verification result. Implementation of embodiments can reduce load on a network side when a large quantity of user equipments need to perform communication, thereby increasing data transmission efficiency.
    Type: Grant
    Filed: January 21, 2020
    Date of Patent: July 5, 2022
    Assignee: Huawei International Pte. Ltd.
    Inventors: Xin Kang, Haiguang Wang, Zhongding Lei, Fei Liu
  • Patent number: 11379586
    Abstract: Measurement methods, devices and systems based on a trusted high-speed encryption card are disclosed. One of the methods includes: a BIOS actively measuring at least one firmware in a device if an integrity measurement result made by a trusted security chip for the BIOS indicates that the integrity thereof is not corrupted; loading one or more firmware if the integrity of the one or more firmware in the device actively measured by the BIOS is not corrupted; and forbidding a system of the device from being started or controlling the system to enter into a non-secure mode if the integrity of one or more firmware in the device actively measured by the BIOS is corrupted.
    Type: Grant
    Filed: August 1, 2019
    Date of Patent: July 5, 2022
    Assignee: Alibaba Group Holding Limited
    Inventors: Yingfang Fu, Peng Xiao
  • Patent number: 11356249
    Abstract: A method for regulating modification of a distributed digital ledger at a node comprises controlling access to a cryptographic key used to enable modification of the distributed digital ledger according to a policy maintained by at least one owner of the distributed digital ledger.
    Type: Grant
    Filed: January 2, 2018
    Date of Patent: June 7, 2022
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Helen Balinsky, Chris Dalton, Joshua Serratelli Schiffman