Policy Patents (Class 726/1)
-
Patent number: 11588681Abstract: Disclosed are various examples for client device migration to utilize management platform features. In some examples, the client device is identified as compatible with a management platform. A migration of the client device to utilize a management platform feature is accepted through a user interface. A management platform account is created with a management platform service. A management profile is installed on the client device. The profile is compatible with the management platform. The management platform feature is enabled on the client device.Type: GrantFiled: October 21, 2019Date of Patent: February 21, 2023Assignee: VMWARE, INC.Inventors: Gaurav Verma, Suchit Shivashankar
-
Patent number: 11586690Abstract: In some implementations, a user device (e.g., a computing device) can perform client-side personalization of search results. For example, a computing device can obtain search results matching user specified search parameters from a server device and/or from various services on the user device. The user device can score the search results based on various search result item attributes. After scoring, the user device can promote or demote search results items based on whether the search results item is relevant to recent user behavior. The promotion and/or demotion of search results items can cause search results items scores to be adjusted to generate a personalized score for each search result. The search results can then be ordered and/or presented based on the personalized score for each search results item. When presenting search results items, the user device can present information indicative of the source of the search results items.Type: GrantFiled: February 5, 2020Date of Patent: February 21, 2023Assignee: Apple Inc.Inventors: Saurabh V. Pendse, Giacomo Saccardo, Jason Dizon, Bernard K. Huang, Manmeet Singh, Sayantini Nag, Usama M. Hajj
-
Patent number: 11586741Abstract: A computer security system includes a test management system and associated communication architecture that enables creation of customized tests of computer security application features. A server stores a test script in a custom scripting language. The test script includes a set of control statements that may be organized in a decision tree to control facilitation of the test. Clients poll the server to independently obtain and execute the control statements. Execution of the control statements control which clients participate in a test, which feature will be tested in the test, and what telemetry data will be collected from the clients to evaluate the test. The server evaluates the telemetry data to determine an outcome of the test and determines whether to further distribute or roll back the tested feature based on the test outcome. The testing can be utilized to rapidly and robustly deploy features that will enhance computer security.Type: GrantFiled: August 24, 2021Date of Patent: February 21, 2023Assignee: Malwarebytes Inc.Inventors: Sunil Mathew Thomas, Jonathan Chan, Jonathan Eagan Rackley
-
Patent number: 11586763Abstract: A data management computing system for tracking data protection compliance of a plurality of entities using a data management (“DM”) server is provided. The DM server includes at least one processor programmed to: (i) receive, from a requesting entity, a personally identifying information (“PII”) consent request for access to a requested PII set of a user, (ii) determine at least one PII item associated with a reason code, (iii) compare the at least one PII item to the requested PII set, (iv) generate a consent recommendation, (v) transmit the consent recommendation to the user, (vi) receive a response indicating user consent, (vii) transmit, to the requesting entity, a notification indicating the user consent for the requesting entity to retrieve the at least one PII item from a third-party PII storage entity, and (viii) update a user profile to track the requesting entity with the at least one PII item.Type: GrantFiled: April 22, 2020Date of Patent: February 21, 2023Assignee: MASTERCARD INTERNATIONAL INCORPORATEDInventor: Stephanie Detchemendy
-
Patent number: 11589227Abstract: A computer-implemented method, a computer program product, and a computer system for using a mobile device to authenticate a user to access a secure facility. An authentication service determines whether the mobile device of the user is locked. The authentication service requests the user to unlock the mobile device and determines whether the user has unlocked the mobile device. The authentication service retrieves, from the mobile device, a first token and a MAC address. The authentication service retrieves, from a database, a token identifier of the mobile device and a personal identifier of the user. The authentication service generates a second token, based on the token identifier, the personal identifier, and the MAC address. The authentication service determines whether the first and the second tokens match. The authentication service grants the user access to the secure facility, in response to the first and the second tokens matching.Type: GrantFiled: February 11, 2020Date of Patent: February 21, 2023Assignee: KYNDRYL, INC.Inventors: Juan F. Vargas, Mark E. Maresh, Michael J. Whitney, Colm Nolan
-
Patent number: 11587142Abstract: Techniques and arrangements for performing data analysis in order to generate connections between merchants. For instance, a payment service may determine, based at least in part on transaction information, that a first customer conducted a first transaction at a first merchant followed a subsequent transaction at a second merchant. The payment service may further determine that a second customer conducted a second transaction at the first merchant followed by a subsequent transaction at a third merchant, Based on transaction information associated with the first transaction and the second transaction, the payment service may create a buyer profile including the first customer and second customer. Upon the payment service receiving a request to process a third transaction between the first merchant and the second customer, the payment service can generate a recommendation that the second customer conduct a subsequent transaction to the third transaction at the second merchant rather than the third merchant.Type: GrantFiled: August 7, 2020Date of Patent: February 21, 2023Assignee: Block, Inc.Inventors: Ramy Bebawy, Philip Zigoris, Yongxue Qi, Yu-Shan Fung, Riley Crane
-
Patent number: 11582133Abstract: Disclosed is an apparatus for distributed processing of an identical packet in high-speed network security equipment, including: a plurality of analysis modules for each determining whether vulnerability analysis is required by analyzing a received packet; a circular queue for receiving the packet from an analysis module initially determining that the vulnerability analysis is required and storing the received packet as a bucket structure; and a plurality of analysis engines for each performing different vulnerability analyses for the packet acquired from the circular queue based on a packet address of the bucket structure, in which the bucket structure includes a packet data storage unit and packet use information storage units which are as many as the plurality of analysis engines, and the packet use information storage units store packet use information of the plurality of respective analysis engines, respectively.Type: GrantFiled: December 21, 2020Date of Patent: February 14, 2023Assignee: WINS Co., Ltd.Inventor: Yong Sig Jin
-
Patent number: 11582260Abstract: Embodiments of the disclosure relate to verifying a watermark of an artificial intelligence (AI) model for a data processing (DP) accelerator. In one embodiment, a system receives an inference request from an application. The system extracts the watermark from an AI model having the watermark. The system verifies the extracted watermark based on a policy. The system applies the AI model having a watermark to a set of inference inputs to generate inference results. The system sends a verification proof and the inference results to the application.Type: GrantFiled: November 14, 2019Date of Patent: February 14, 2023Assignees: BAIDU USA LLC, KUNLUNXIN TECHNOLOGY (BEIJING) COMPANY LIMITEDInventors: Yueqiang Cheng, Yong Liu
-
Patent number: 11582264Abstract: Techniques for providing network slice-based security in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for network slice-based security in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting network slice information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the network slice information.Type: GrantFiled: January 20, 2021Date of Patent: February 14, 2023Assignee: Palo Alto Networks, Inc.Inventors: Sachin Verma, Leonid Burakovsky
-
Patent number: 11574062Abstract: An application development assistance system in which optimal security measures can be taken at positions in need of security measures under an application development environment using a flow diagram analyzes an input application description file and outputs application data information and module information. A data importance level judgment unit decides importance levels of data exchanged between modules on the basis of the application data information.Type: GrantFiled: September 16, 2020Date of Patent: February 7, 2023Assignee: HITACHI, LTD.Inventors: Junya Fujita, Hidemichi Ogasawara
-
Patent number: 11574151Abstract: Disclosed is detecting identification documents in image-borne identification documents and protecting against loss of the image-borne identification documents. A trained deep learning (DL) stack is used to classify production images by inference as containing a sensitive image-borne identification document, with the trained stack configured with parameters determined using labelled ground truth data for the identification documents and examples of other image documents. The trained DL stack is configured to include a first set of layers closer to an input layer and a second set of layers further from the input layer, with the first set pre-trained to perform image recognition before exposing the second set of layers of the stack to the labelled ground truth data for the image-borne identification documents and examples of other image documents, and using the inferred classification of the sensitive image-borne identification document in a DLP system to protect against loss by image exfiltration.Type: GrantFiled: April 13, 2021Date of Patent: February 7, 2023Assignee: Netskope, Inc.Inventors: Xiaolin Wang, Krishna Narayanaswamy, Yi Zhang, Siying Yang
-
Patent number: 11575713Abstract: A computer system and method provides cloud-based network security software as a service in a distributed computing environment. A computer system executing on a portion of hardware computing resources associated with the distributed computing environment receives a security service request from a customer platform device external to the distributed computing environment, the request identifying a customer platform asset within the distributed computing environment and instructing that a security service selected by the customer platform device be provided to the identified customer platform asset. In response to receiving the security service request, a network security software component associated with the selected security service on one or more virtual machines within the distributed computing environment is executed to provide the selected security service to the identified customer platform asset.Type: GrantFiled: January 26, 2021Date of Patent: February 7, 2023Assignee: KYOCERA CorporationInventors: William A. O'Hern, Edward G. Amoroso, Michelle Barry, Anthony Ramos, Daniel Solero, Duncan Kirkwood Sparrell, Rodney Dilts
-
Patent number: 11568066Abstract: Example methods and systems disclosed herein facilitate the introduction and use of client-specified object encryption within a computing environment using remote third-party storage systems, where data objects stored on the remote third-party storage systems were previously either stored in unencrypted form or encrypted with a single key tied to an account that owns the data. In some embodiments, the encryption is introduced into the system in gradual stages, so as to minimize or entirely eliminate data availability downtime. In some embodiments, the introduction of client-specified object encryption involves registration of a user function on the third-party storage system, where the user function handles object decryption in response to requests of content consumers for data objects stored by the third-party storage system.Type: GrantFiled: August 13, 2021Date of Patent: January 31, 2023Assignee: Uber Technologies, Inc.Inventor: Ashish Kurmi
-
Patent number: 11568087Abstract: A request for use of an application programming interface (API) is received. Context associated with the request is determined. Based on the context, a challenge is generated, which can be used for determining whether to permit the use of the API. A response to the challenge is received. Based on the response, the request can be facilitated for using the API.Type: GrantFiled: May 22, 2019Date of Patent: January 31, 2023Assignee: International Business Machines CorporationInventors: Andrew Kinai, Komminist Weldemariam, Maja Vukovic, Shikhar Kwatra
-
Patent number: 11570149Abstract: Techniques for providing a feedback mechanism to enforce a security policy are provided. In some embodiments, dynamic resolution of Fully Qualified Domain Name (FQDN) address objects in policy definitions includes receiving a security policy that includes a domain name (e.g., the network policy can include a network security rule that is based on the domain name); and periodically updating Internet Protocol (IP) address information associated with the domain name based on a feedback mechanism that utilizes network logs (e.g., implemented using a learning process for FQDN to IP address mappings) to facilitate a more effective security policy enforcement.Type: GrantFiled: March 30, 2021Date of Patent: January 31, 2023Assignee: Palo Alto Networks, Inc.Inventor: Zhou Olivier Zheng
-
Patent number: 11567809Abstract: Methods and systems for deploying images to computing systems include predicting an environment for a plurality of processing nodes. Image deployment to the plurality of processing nodes is simulated to determine a subset of the plurality of processing nodes for deployment. One or more images is pre-loaded to the subset of the plurality of processing nodes in advance of a deployment time.Type: GrantFiled: October 31, 2018Date of Patent: January 31, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yuan Wang, Guang Cheng Li, Jing Min Xu, Xiao Xi Liu, Jian Ma, Lin Yang
-
Patent number: 11568075Abstract: Disclosed is a system to optimize rule weights for classifying access requests so as to manage rates of false positives and false negative classifications. A rules suggestion engine may suggest a profile of classification rules to a merchant for access requests. The system can optimize weights for the profile of rules using a cost function based on a training set of historical access requests, for example using stepwise regression or machine learning (ML). The system can compute a profile score based on the optimized weights, for example by summing the weights. The system statistically analyzes the profile score using classification thresholds and the historical access requests. The system can perform receiver operating characteristic (ROC) analysis for various threshold values, enabling a user to select a suitable threshold. The system can further optimize by adding or removing rules from the profile of rules.Type: GrantFiled: July 10, 2020Date of Patent: January 31, 2023Assignee: VISA INTERNATIONAL SERVICE ASSOCIATIONInventors: Benjamin Scott Boding, Ge Wen
-
Patent number: 11570184Abstract: In a fraud-detection method for use in an in-vehicle network system including a plurality of electronic control units (ECUs) that exchange messages on a plurality of networks, a plurality of fraud-detection ECUs each connected to a different one of the networks, and a gateway device, a fraud-detection ECU determines whether a message transmitted on a network connected to the fraud-detection ECU is malicious by using rule information stored in a memory. The gateway device receives updated rule information transmitted to a first network among the networks, selects a second network different from the first network, and transfers the updated rule information only to the second network. A fraud-detection ECU connected to the second network acquires the updated rule information and updates the rule information stored therein by using the updated rule information.Type: GrantFiled: February 8, 2021Date of Patent: January 31, 2023Assignee: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICAInventors: Yuji Unagami, Hideki Matsushima, Tomoyuki Haga, Manabu Maeda, Yoshihiro Ujiie, Takeshi Kishikawa
-
Patent number: 11563777Abstract: A network intrusion system for a protected network includes a ruleset module configured to receive metadata for rules. The metadata describes, for each of the rules, a set of associated network vulnerabilities. The ruleset module is configured to access vulnerability information describing a set of cumulative vulnerabilities that each is present in at least one network device within the protected network. The network intrusion system includes a rule management module configured to, for each rule of the plurality of rules: identify the set of associated network vulnerabilities described by the metadata for the rule, determine whether there is a match between any of the set of associated network vulnerabilities and the set of cumulative vulnerabilities, and, in response to determining that there is no match, transmit a first command signal to a network security module. The first command signal instructs the network security module to disable the rule.Type: GrantFiled: September 25, 2020Date of Patent: January 24, 2023Assignee: TD Ameritrade IP Company, Inc.Inventors: Brandon William Scherer, John Scott Kula
-
Patent number: 11561945Abstract: Systems, methods, and computer products are described herein for identifying data inconsistencies within database tables associated with an application. A master data inconsistency evaluator receives data including at least one selection parameter within at least one database table. By the master data inconsistency evaluator evaluates the at least one selection parameter by comparing the at least one selection parameter with other database tables associated with the application to identify data inconsistencies. The master data inconsistency evaluator repairs the data inconsistencies to further facilitate an error free transaction.Type: GrantFiled: January 29, 2021Date of Patent: January 24, 2023Assignee: SAP SEInventors: Shwetha H S, Arindam Bhar, Arun Kumar Gowd, Anand K, Ranjith PR, Jothivenkatesh M, Nabhish Saxena, Bidisha Tripathi, Sudarshan Milind Gokhale, Muskan Gupta
-
Patent number: 11561788Abstract: Disclosed herein are methods, computer readable media, and devices for performing software updates. In one embodiment, a method is disclosed comprising initializing a storage space of a secure storage device into a plurality of portions; copying an update program to a first portion in the portions and copying update data to a second portion of the portions; generating a first golden measurement for the first portion and a second golden measurement for the second portion; measuring the first portion; updating or rolling back an update to the secure device in response to determining that the measuring of the first portion does not match the first golden measurement of the first portion; and verifying an update operation upon determining that the measuring of the first portion matches the first golden measurement of the first portion.Type: GrantFiled: July 30, 2021Date of Patent: January 24, 2023Assignee: Micron Technology, Inc.Inventor: Olivier Duval
-
Patent number: 11563743Abstract: Techniques for security management in communication systems are provided. For example, a method comprises maintaining a list of networks that support access for a set of restricted local operator services, checking whether a set of conditions for triggering access to the set of restricted local operator services is satisfied, receiving a request for access to the set of restricted local operator services, and initiating, upon satisfaction of the set of conditions, a search of the list of networks to find a network for access to the set of restricted local operator services.Type: GrantFiled: February 17, 2020Date of Patent: January 24, 2023Assignee: Nokia Technologies OyInventor: Jennifer J-N. Liu
-
Patent number: 11563775Abstract: Systems and methods for securely pairing a transmitting device with a receiving device are described. The systems and methods may communicate with a first device via a first communication method over a wireless communication network. The systems and methods may transmit, to the first device via a second communication method, a first sensory pattern representing a first key. In addition, the system and methods may communicate with the first device via the first communication method using the first key.Type: GrantFiled: June 3, 2021Date of Patent: January 24, 2023Assignee: Capital One Services, LLCInventors: Kevin P. Kelly, Saleem A. Sangi, Robert T. Perry, Adam R. Koeppel
-
Patent number: 11563745Abstract: Systems and methods are disclosed for data protection in a cluster of data processing accelerators (DPAs) using a policy that partitions the DPAs into one or more group of DPAs in the cluster. A host device instructs the DPAs to organize themselves into non-overlapping groups according to a policy for each DPA in the cluster. The policy indicates, for each DPA, one or more other DPAs the DPA is to establish a communication link with, to implement the grouping. Once grouped, the host device and a DPA can access all resources of the DPA. DPAs in the same group as a first DPA can access non-secure resources, but not secure resources, of the first DPA. DPAs in a different group from the first DPA cannot access any resources of the first DPA. A scheduler in the host device can allocate processing tasks to any group in the cluster.Type: GrantFiled: June 12, 2020Date of Patent: January 24, 2023Assignees: BAIDU USA LLC, KUNLUNXIN TECHNOLOGY (BEIJING) COMPANY LIMITEDInventors: Yueqiang Cheng, Hefei Zhu
-
Patent number: 11558351Abstract: The invention discloses a dual-modes switching method for blocking a network connection, comprising: a data packet collecting step of collecting data packets transmitting from all network nodes in a network segment, a data packet analyzing step of analyzing the data packets collected to obtain network node identification data, a list comparing step of comparing the network node identification data with identification data registered in an information device list to determine an illegal network node, an illegal-network-node-type determining step of determining what kind of type the illegal network node is, and a network connection blocking step of switching a first network connection blocking mode and a second network connection blocking mode according to the type of the illegal network node, thereby blocking the network connection of the illegal network.Type: GrantFiled: March 16, 2021Date of Patent: January 17, 2023Assignee: UPAS CORPORATIONInventor: Kun-Jung Lee
-
Patent number: 11558452Abstract: The present disclosure relates to computer-implemented methods, software, and systems for managing cloud application in a transparent multiple availability zone cloud platform. A request to access a cloud application running on the multiple availability zone cloud platform is received. The request can include an application location for accessing the cloud application. A network address corresponding to the application location is determined. In response to determining the network address, a first availability zone of the multiple availability zone cloud platform that is currently active to process the request is determined. A plurality of network locations corresponding to a host component of the application location is determined by a first load balancer. A network location of the plurality of network locations for processing the request is identified based on load balancing criteria.Type: GrantFiled: May 20, 2021Date of Patent: January 17, 2023Assignee: SAP SEInventors: Stoyan Zhivkov Boshev, Diyan Asparuhov Yordanov
-
Patent number: 11558386Abstract: Various embodiments provide an approach to controlled access of websites based on website content, and profile for the person consuming the data. In operation, machine learning techniques are used to classify the websites based on community and social media inputs, crowdsourced data, as well as access rules implemented by parents or system administrators. Feedback from users/admins of the system, including the instances of allowed or denied access to websites, in conjunction with other relevant parameters, is used for iterative machine learning techniques.Type: GrantFiled: June 22, 2020Date of Patent: January 17, 2023Inventors: Arup Bhattacharya, John Jun Wu
-
Patent number: 11556895Abstract: A system, computer program product and method for providing high delivery performance in a value chain network utilizing a finite capacity planning and scheduling model.Type: GrantFiled: August 28, 2019Date of Patent: January 17, 2023Inventors: Ranjit Notani, Kendall Scheeer
-
Patent number: 11558255Abstract: Example methods and systems for logical network health check. One example may comprise obtaining network configuration information and network realization information associated with a logical network; processing the network configuration information and the network realization information to determine the following: (a) network configuration health information specifying a network configuration issue and a first remediation action; and (b) network realization health information specifying a network realization issue and a second remediation action; and providing, to a user device, multiple user interfaces (UIs) specifying the first health information and the second health information along with a visualization of the logical network. In response to detecting an instruction initiated by the user device using at least one of the multiple UIs, the first remediation action or the second remediation action may be performed.Type: GrantFiled: January 15, 2020Date of Patent: January 17, 2023Assignee: VMWARE, INC.Inventors: Mengzhuo Lu, Margaret Petrus
-
Patent number: 11556661Abstract: A predetermined access control policy is generated with reference to a lineage table and a metadata table to be stored in a policy table, and an access control policy which should be applied or recommended to treated data is provided with reference to the policy table.Type: GrantFiled: September 16, 2020Date of Patent: January 17, 2023Assignee: HITACHI, LTD.Inventor: Kentaro Kakui
-
Patent number: 11558531Abstract: An image capturing device may capture image data for processing to form an image. The image capturing device may perform a hashing procedure on the image data, wherein performing the hashing procedure generates a hash value of the image data. The image capturing device may provide, to an image authentication device, the hash value of the image data, wherein the hash value of the image data is to be used by the image authentication device to validate the image based on a request to authenticate the image received from a receiving device. The image capturing device may process the image data to form the image for display to a user. The image capturing device may provide, after providing the hash value of the image data to the image authentication device, the image for display to the user.Type: GrantFiled: March 2, 2021Date of Patent: January 17, 2023Assignee: Verizon Patent and Licensing Inc.Inventors: Ashish Sardesai, Dante J. Pacella
-
Patent number: 11558389Abstract: A computer-readable medium contains cybersecurity configuration settings (CCS) generating file(s) including instructions when executed cause a processor of a computer located at a node in a networked system having computers including at least one computer system class to generate CCS. The CCS generating file includes group policy objects (GPOs) applicable to all computers, policy setting scripts that are applicable to <all the computer s, and group policy definition files which provide a policy setting library for the computer class. Execution of the CCS generating file at the node automatically generates the CCS for cybersecurity protection of the node. The computer class can include computer classes that include ?2 different operating systems, and there can be a CCS generating file for each computer class. The CCS generating file can be a single multi-class CCS generating file that includes a plurality of CCS generating files.Type: GrantFiled: March 31, 2020Date of Patent: January 17, 2023Assignee: Honeywell International Inc.Inventors: Edwin Wade, Swetha Ramashayam Reddy, Khalid Hameed Zubairi
-
Patent number: 11550925Abstract: A system for determining a software package for deployment based on a user request receives a request from the user to access software packages to perform a particular task. The system determines particular software packages for the user, based on an experience level of the user in performing the particular task. The system determines whether a security vulnerability is associated with the determined software packages by scanning the source code of the determined software package and searching for instances where a code portion includes open ports vulnerable to unauthorized access. If it is determined that no security vulnerability is associated with the determined software packages, the system deploys the determined software packages to a computing device from which the user sent the request.Type: GrantFiled: March 24, 2021Date of Patent: January 10, 2023Assignee: Bank of America CorporationInventors: Sasidhar Purushothaman, Satish Kumar Kommineni, Ramesh Lakshmi Narayanan, Venkata Apparao Alla, Kyriacos Iacovou, Tarun Dixit
-
Patent number: 11550909Abstract: A multi-endpoint event graph is used to detect malware based on malicious software moving through a network.Type: GrantFiled: September 30, 2020Date of Patent: January 10, 2023Assignee: Sophos LimitedInventors: Beata Ladnai, Mark David Harris, Andrew J. Thomas, Andrew G. P. Smith, Russell Humphries
-
Patent number: 11551102Abstract: One embodiment provides a method, including: receiving a target unstructured document for determining whether the target unstructured document comprises biased information; identifying an objective of the target unstructured document by extracting, from the target unstructured document, (i) entities and (ii) relationships between the entities; creating a structured knowledge base, wherein the creating comprises (i) creating an entry in the structured knowledge base corresponding to the target unstructured document, (ii) identifying other unstructured documents having a similarity to the target unstructured document, and (iii) generating an entry in the structured knowledge base corresponding to each of the other unstructured documents; applying a bias detection technique on the structured knowledge base; and providing an indication of whether the target unstructured document comprises bias.Type: GrantFiled: April 15, 2019Date of Patent: January 10, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Pranay Kumar Lohia, Rajmohan Chandrahasan, Himanshu Gupta, Samiulla Zakir Hussain Shaikh, Sameep Mehta, Atul Kumar
-
Patent number: 11552941Abstract: A method may include obtaining, from a user device, a request to access a control system among various control systems. The method may further include determining whether a user associated with the user device is authorized to access the control system based on user information associated with the user in a database. The method may further include generating, in response to determining that the user is authorized, a user code associated with a predetermined time period for accessing the control system. The method may further include transmitting the user code to the user device and the control system. The user code may authenticate a user session between the user device and the control system. The method further includes transmitting, in response to the predetermined time period expiring, a command that terminates the user session between the control system by the user device.Type: GrantFiled: October 30, 2020Date of Patent: January 10, 2023Assignee: SAUDI ARABIAN OIL COMPANYInventors: Prem Kumar, Mohammed A. Batouq, Omar A. Mohisin, Eid N. Rashidi
-
Patent number: 11550897Abstract: Data processing systems and methods, according to various embodiments, are adapted for efficiently processing data to allow for the streamlined assessment of risk ratings for one or more vendors. In various embodiments, the systems/methods may use one or more particular vendor attributes (e.g., as determined from scanning one or more webpages associated with the particular vendor) and the contents of one or more completed privacy templates for the vendor to determine a vendor risk rating for the particular vendor. As a particular example, the system may scan a website associated with the vendor to automatically determine one or more security certifications associated with the vendor and use that information, along with information from a completed privacy template for the vendor, to calculate a vendor risk rating that indicates the risk of doing business with the vendor.Type: GrantFiled: February 11, 2022Date of Patent: January 10, 2023Assignee: OneTrust, LLCInventor: Jonathan Blake Brannon
-
Patent number: 11550926Abstract: The present disclosure relates to systems and methods for identifying highly sensitive modules and taking a remediation or preventative action if such modules are accessed by malicious software. For example, the likelihood that a module is used for an exploit, and is thus sensitive, is categorized as high, medium, or low. The likelihood that a module can be used for an exploit can dictate whether, and to what degree, an application accessing the module is “suspicious.” However, in some instances, a sensitive module may have legitimate reasons to load when used in certain non-malicious ways. The system may also consider a trust level when determining what actions to take, such that an application and/or user having a higher trust level may be less suspicious when accessing a sensitive module as compared to an application or user having a lower trust level.Type: GrantFiled: April 1, 2021Date of Patent: January 10, 2023Assignee: WEBROOT INC.Inventors: John R. Shaw, II, Andrew L. Sandoval
-
Patent number: 11553036Abstract: The invention relates to a computer-implemented system for security monitoring of Member accounts in a cloud environment. The Member accounts are provided as instances of cloud services in one or more monitored clouds by one or more cloud service providers. The system is programmed to automatically deploy software agents to the Member accounts. The software agents are configured to monitor activities in the Member accounts and to push security and operations data to a SIEM platform. The security and operations data may comprise alerts and activity logs for the Member accounts, public internet protocol (IP) addresses used by the Member accounts, and identifying information for individuals and information technology (IT) assets associated with the Member accounts. The system includes a user interface to define customized alerts based on the security and operations data, and the system generates and sends the customized alerts to a system administrator or security analyst.Type: GrantFiled: May 8, 2020Date of Patent: January 10, 2023Assignee: KPMG LLPInventors: Wojciech K. Dojka, Kevin Ray Scott, Gregory Schellenberg
-
Patent number: 11552954Abstract: Management of IoT devices through a private cloud. An IoT device is coupled to a gateway. A request from the IoT device to connect to a private cloud, wherein the private cloud is used to manage IoT devices, is received at a private cloud control center agent. An identification of the IoT device is determined. The IoT device is onboarded, using the identification, for management through the private cloud. A device profile of the IoT device is generated. The flow of data to and from the IoT device is regulated through application of IoT rules according to the device profile of the IoT device.Type: GrantFiled: July 23, 2019Date of Patent: January 10, 2023Assignee: Palo Alto Networks, Inc.Inventors: Xu Zou, Jianlin Zeng, Mei Wang
-
Patent number: 11552959Abstract: Methods, systems, and computer storage media for providing resource policy management based on a pre-commit verification engine are provided. Pre-commit verification operations are executed to simulate committing a policy, in a distributed computing environment, for test request instances, without actually committing the policy. In operation, a policy author communicates a policy and one or more test request instances. Based on the policy and the test request instances, an access control manager simulates committing the policy for the test request instances to the computing environment. Simulating committing the policy for test request instances is based on an existing set of policies including a live version of the policy and contextual information corresponding to the policy and the test request instances for the computing environment in which the policy will be applied.Type: GrantFiled: June 30, 2019Date of Patent: January 10, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventor: Chetan Shankar
-
Patent number: 11552957Abstract: In a device including a processor and a memory, the memory includes executable instructions that, when executed by the processor, cause the processor to control the device to perform functions of receiving an access control setting for granting access to an access-controlled resource and a dynamic tag characterizing a member group subject to the access control setting; accessing a data source storing member data including an attribute associated with each member, the attribute including a parameter related to a time or time period. The dynamic tag is mapped to the member data based on (1) the parameter of the attribute and (2) a time or time period associated with the dynamic tag, to identify mapped members forming the member group, wherein the mapped members identified based on a same dynamic tag vary depending on the time or time period associated with the dynamic tag, to identify the member group.Type: GrantFiled: July 2, 2019Date of Patent: January 10, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Mark Ian Rubinstein, Amit Akiva Apple, Thaddeus Scott, Meng Yao
-
Patent number: 11552984Abstract: Systems and methods are described for improving assessment of security risk based on a user's personal information. Registration of personal information of a user of an organization is received at a security awareness system. Post receiving the registration of the personal information, at least one of an exposure check or a security audit of the personal information of the user is performed by the security awareness system. A personal risk score of the user is then generated or adjusted based at least on a result of one of the exposure check or the security audit.Type: GrantFiled: December 9, 2021Date of Patent: January 10, 2023Assignee: KnowBe4, Inc.Inventor: Greg Kras
-
Patent number: 11550692Abstract: A method may include receiving an event from an event source. The event may correspond to event data. The event source may be a container executing an image. The image may correspond to image metadata including attributes describing the image. The method may further include combining the event data with the image metadata to obtain enriched data, detecting, using the enriched data, a deviation from a policy, and in response to detecting the deviation from the policy, performing an action to enforce the policy.Type: GrantFiled: November 29, 2019Date of Patent: January 10, 2023Assignee: Intuit Inc.Inventors: Amit Shriram Kalamkar, Edward Kihyen Lee
-
Patent number: 11544023Abstract: A policy-based printing system is implemented to allow access to a private domain to print using a public domain. The private domain includes private servers that store documents. The public domain includes servers and a printing device. A public policy server uses a domain list and a protocol connection with a private authentication server to validate a user and identify which private domain to access. The public policy server receives requests from the printing device to process a print job of a document in the private domain. If the private server is off-line, then the printing device prints the document and a cost reimbursement request is submitted to account for the printed document.Type: GrantFiled: December 15, 2021Date of Patent: January 3, 2023Assignee: KYOCERA DOCUMENT SOLUTIONS, INC.Inventors: Jin Liang, Tai Yu Chen, Michael Ong Martin
-
Patent number: 11544405Abstract: A method for managing a consent receipt under an electronic transaction, comprising: receiving a request to initiate a transaction between the entity and the data subject; providing a privacy policy associated with the entity and based at least in part on the request to initiate the transaction between the entity and the data subject; accessing the privacy policy associated with the entity; storing one or more provisions of the privacy policy associated with the entity; providing a user interface for consenting to the privacy policy associated with the entity; receiving a selection to consent to the privacy policy associated with the entity and based at least in part on the request to initiate the transaction between the entity and the data subject; generating, by a third-party consent receipt management system, a consent receipt to the data subject; and storing the generated consent receipt.Type: GrantFiled: June 3, 2022Date of Patent: January 3, 2023Assignee: OneTrust, LLCInventors: Jonathan Blake Brannon, Richard A. Beaumont
-
Patent number: 11546771Abstract: A communication method includes receiving, by an access network (AN) node, indication information from a mobility management device. The indication information is indicative of a security policy of a quality of service (QoS) flow. The method also includes obtaining, by the access network node based on the indication information, security information of a radio bearer corresponding to the QoS flow. The security information is indicative of a security policy of the radio bearer. The method further includes sending, by the access network node, an identifier of the radio bearer and the security information of the radio bearer to a terminal.Type: GrantFiled: March 30, 2020Date of Patent: January 3, 2023Assignee: HUAWEI TECHNOLOGIES CO., LTD.Inventors: He Li, Yizhuang Wu, Jing Chen
-
Patent number: 11544669Abstract: Systems, methods, and other embodiments associated with a framework for compliance report generation are described. In one embodiment, a method includes receiving a data source definition of a set of data sources comprising data for populating compliance reports. The example method may also include retrieving a compliance report definition for a compliance report for a reporting entity. The example method may also include constructing and rendering a user interface populated with a set of user interface elements generated based upon the set of data sources and the compliance report definition. The example method may also include generating the compliance report according to the compliance report definition. The compliance report is populated with data from the set of data sources. The compliance report is sent over a computing network to a remote computing device of the reporting entity.Type: GrantFiled: June 26, 2017Date of Patent: January 3, 2023Assignee: Oracle Financial Services Software LimitedInventors: Subrata Sarkar, Amit Kumar Sahoo, Amit Kumar Jayee, K R. Srikant, Raghavendra Sharma Karri
-
Patent number: 11537423Abstract: In some examples, a system associates, with a plurality of virtual resources deployed in a cloud environment, properties representative of characteristics of the virtual resources, the properties comprising a performance level of a virtual resource. The system receives a request to create a virtual resource in the cloud environment, and, in response to determining that properties of the virtual resource to be created for the request satisfy a criterion with respect to properties of a given virtual resource of the plurality of virtual resources, selects the given virtual resource as a candidate virtual resource for the request.Type: GrantFiled: March 16, 2020Date of Patent: December 27, 2022Assignee: Hewlett Packard Enterprise Development LPInventors: Thavamaniraja Sakthivel, Siva Subramaniam Manickam, Vinnarasu Ganesan, Balaji Ramamoorthi
-
Patent number: 11537384Abstract: In one embodiment, a system for managing a virtualization environment includes host machines implementing a virtualization environment, a plurality of clusters of the host machines, a virtualized file server (VFS) comprising a plurality of file server virtual machines (FSVMs), and a VFS cluster manager (CM) configured to distribute storage items among the clusters and receive cluster storage statistics for one or more shares of the VFS. The CM is further configured to, in response to a request from a first FSVM to identify a storage location for a storage item, identify a cluster at which the storage item is to be located based on the cluster storage statistics, identify a second FSVM at which the storage item is to be located based on compute usage statistics of one or more FSVMs in the identified cluster, and send an address of the second FSVM to the first FSVM.Type: GrantFiled: November 6, 2020Date of Patent: December 27, 2022Assignee: Nutanix, Inc.Inventors: Richard James Sharpe, Durga Mahesh Arikatla, Kalpesh Ashok Bafna, Satyajit Sanjeev Deshmukh, Shyamsunder Prayagchand Rathi, Vishal Sinha, Devyani Suryakant Kanada