Vulnerability Assessment Patents (Class 726/25)
  • Patent number: 11455389
    Abstract: A non-transitory computer-readable storage medium storing a program that cause a processor included in an information processing apparatus to execute a process, the process includes collecting a plurality of types of cyberattack information; evaluating a number of types of cyberattacks in which feature information of the cyberattack appears based on the collected cyberattack information; and when receiving specification of the feature information of a cyberattack, responding evaluation results of the number of types of cyberattacks in which the specified feature information of the cyberattack appears.
    Type: Grant
    Filed: November 1, 2019
    Date of Patent: September 27, 2022
    Assignee: FUJITSU LIMITED
    Inventors: Tsuyoshi Taniguchi, Ryusuke Masuoka
  • Patent number: 11456968
    Abstract: An Ethernet switch for a vehicle, a method of controlling the Ethernet switch are provided. The method includes detecting a first connection between a connector of the diagnostic device and a first port of the Ethernet switch and establishing a second connection with the diagnostic device by referring to a virtual local area network identifier (VLAN ID) table. A third connection is established between the controller and an electronic control unit (ECU) of the vehicle by referring to the VLAN ID table. A certificate-based secure access procedure is performed between the diagnostic device and the controller. A mode of the Ethernet switch is switched from a lock mode to an unlock mode and a fourth connection is established between the diagnostic device and the ECU by referring to the VLAN ID table.
    Type: Grant
    Filed: November 13, 2019
    Date of Patent: September 27, 2022
    Assignees: Hyundai Motor Company, Kia Motors Corporation
    Inventor: Hojin Jung
  • Patent number: 11457037
    Abstract: Systems and methods are described for using a template for simulated phishing campaigns based on predetermined date from a date associated with a user. The predetermined date may by an event, an anniversary or a milestone associated with employment of the user with a company. The campaign controller may identify a date associated with the user and based on the identification of the date associated with the user, the campaign controller may select one or more templates for one or more simulated phishing campaigns to be triggered by a predetermined date related to the date associated with the user.
    Type: Grant
    Filed: June 8, 2020
    Date of Patent: September 27, 2022
    Assignee: KnowBe4, Inc.
    Inventor: Greg Kras
  • Patent number: 11449610
    Abstract: There is provided a method of detecting a threat against a computer system. The method includes monitoring installation and operation of multiple different versions of the same application in a computer system; analysing evolutionary changes between the behaviours of the different versions of the same application; detecting and monitoring a new version of the same application in a computer system; monitoring the behavior of the computer system to detect one or more procedures of the monitored application that do not match expected behaviors of the monitored application on the basis of the analysis; and upon detection of one or more procedures not matching the expected behaviors of the monitored application, identifying the monitored application as malicious or suspicious.
    Type: Grant
    Filed: March 18, 2019
    Date of Patent: September 20, 2022
    Assignee: Withsecure Corporation
    Inventors: Mikko Suominen, Dmitriy Komashinskiy, Fredrik Kock
  • Patent number: 11443035
    Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including at least a processor and a memory; and a security agent including instructions encoded in the memory to instruct the processor to: monitor a user's operation of the computing apparatus over time, including determining whether a selected behavior is a security risk; provide a risk analysis of the user's operation based at least in part on the monitoring; select a scan sensitivity based at least in part on the risk analysis; and scan, with the selected sensitivity, one or more objects on the computing apparatus to determine if the one or more objects are a threat.
    Type: Grant
    Filed: April 12, 2019
    Date of Patent: September 13, 2022
    Assignee: McAfee, LLC
    Inventors: Nitin Chhabra, Prashanth Palasamudram Ramagopal, Ghanashyam Satpathy, Chakradhar Kotamraju, Rajat Saxena
  • Patent number: 11437126
    Abstract: Various aspects described herein relate to presenting electronic patient data accessing information. Data related to a plurality of access events, by one or more employees, of electronic patient data can be received. A set of access events of the plurality of access events can be determined as constituting, by the one or more employees, possible breach of the electronic patient data. An alert related to the set of access events can be provided based on determining that the set of access events constitute possible breach of the electronic patient data.
    Type: Grant
    Filed: November 25, 2020
    Date of Patent: September 6, 2022
    Assignee: Protenus, Inc.
    Inventors: Nicholas T. Culbertson, Robert K. Lord
  • Patent number: 11436310
    Abstract: A biometric attribution approach identifies a keyboard actor based on timing between entered keystrokes. Patterns tend to emerge in a timing interval between keystrokes entered by an actor. The keystroke patterns of an actor are analyzed to compute a signature exhibited by the actor. Gathered or intercepted keystroke patterns of an unknown actor are compared to identify a likelihood that typing sessions emanated from a common actor. Keystroke activity of a purported suspect actor can be compared to a database or model of keystroke attributes for determining if the keystroke activity emanated from the same actor as other keystroke sequences. Keystroke patterns rely only on the timing between keystrokes, as key data and upstroke information need not be gathered since the comparisons reply only on keystroke timing deltas.
    Type: Grant
    Filed: July 20, 2020
    Date of Patent: September 6, 2022
    Assignee: Two Six Labs, LLC
    Inventors: Scott D. Tenaglia, Sean Morgan, David Slater
  • Patent number: 11436372
    Abstract: The disclosed computer-implemented method for protecting user privacy may include (i) detecting that a website indicates a user account identifier, (ii) detecting whether a third-party script has access to the user account identifier, and (iii) performing, based at least in part on detecting that the third-party script has access to the user account identifier, a security action to protect user privacy such that the security action facilitates an attempt to prevent the third-party script from actually accessing the user account identifier. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: October 23, 2020
    Date of Patent: September 6, 2022
    Assignee: NortonLifeLock Inc.
    Inventor: Iskander Sanchez
  • Patent number: 11436338
    Abstract: Methods, systems, and apparatus for operations for performing a biometric recognition attack test on a biometric recognition device. An example method includes obtaining a biometric feature object for performing the biometric recognition attack on the biometric recognition device; Perform the biometric recognition attack test on the biometric recognition device, comprising: controlling a mechanical arm to place the biometric feature object in a recognition area of the biometric recognition device; and controlling the mechanical arm to press the biometric feature object to the biometric recognition device to trigger the biometric feature object to input the biometric features in the feature attachment part into the biometric recognition device through the conductive part; obtaining an attack test result corresponding to the biometric feature object; and determining a test result of the biometric recognition attack test performed on the biometric recognition device.
    Type: Grant
    Filed: June 29, 2021
    Date of Patent: September 6, 2022
    Assignee: Alipay (Hangzhou) Information Technology Co., Ltd.
    Inventors: Jianxu Zheng, Wenting Chang
  • Patent number: 11437128
    Abstract: Various aspects described herein relate to presenting electronic patient data accessing information. Data related to a plurality of access events, by one or more employees, of electronic patient data can be received. A set of access events of the plurality of access events can be determined as constituting, by the one or more employees, possible breach of the electronic patient data. An alert related to the set of access events can be provided based on determining that the set of access events constitute possible breach of the electronic patient data.
    Type: Grant
    Filed: October 20, 2021
    Date of Patent: September 6, 2022
    Assignee: Protenus, Inc.
    Inventors: Nicholas T. Culbertson, Robert K. Lord
  • Patent number: 11438361
    Abstract: The present disclosure discloses method and an attack path prediction system for predicting an attack path in a computer network. The attack path prediction system receives static and dynamic data associated with a source node attacked in computer network along with static and dynamic risk attributes of one or more vulnerabilities associated with one or more target nodes reachable from source node. A likelihood score is calculated for each of one or more vulnerabilities associated with one or more target nodes in relation to each of one or more vulnerabilities associated with source node based on static and dynamic risk attributes. Additionally, a prediction score is calculated for each of one or more vulnerabilities associated with target nodes based on corresponding likelihood score and static and dynamic risk attributes. Thereafter, based on prediction score, the attack path is predicted between the source node and one or more target nodes.
    Type: Grant
    Filed: November 29, 2019
    Date of Patent: September 6, 2022
    Assignee: HITACHI, LTD.
    Inventors: Ramesh Kumar Rakesh, Remish Leonard Minz, Sanjana Pai Nagarmat
  • Patent number: 11438253
    Abstract: Novel tools and techniques are provided for implementing firewall functionalities, and, more particularly, to methods, systems, and apparatuses for implementing high availability (“HA”) web application firewall (“WAF”) functionalities. In various embodiments, a first computing system might monitor network communications between a client and a server providing access to software applications, and might determine whether latency has been introduced as a result of at least one first WAF container having been launched and whether any introduced latency exceeds a predetermined threshold, each first WAF container being tuned to a corresponding software application and protecting the software application from network attacks. Based on a determination that latency has been introduced and based on a determination that the introduced latency exceeds the predetermined threshold, one or more second WAF containers may be launched, each being tuned to the corresponding software application.
    Type: Grant
    Filed: July 29, 2020
    Date of Patent: September 6, 2022
    Assignee: CenturyLink Intellectual Property LLC
    Inventor: Ronald A. Lewis
  • Patent number: 11429726
    Abstract: Systems and methods directed to computing a maturity measurement for a computer system. Examples can include generating and outputting to an I/O device, a user interface including a plurality of user input fields for receiving the likelihood and/or impact of a plurality of pre-defined potential events related to a plurality of pre-defined potential vulnerabilities related to a computer system. Examples can also include receiving, via the user interface, a risk profile including the likelihood and/or impact for each event of a selected group of events of the plurality of pre-defined potential events. Examples can also include computing a maturity measurement for the computer system using the risk profile and a database. The database can include information for a set of practices and relationships between practices the set of practices and events of the plurality of pre-defined potential events.
    Type: Grant
    Filed: December 19, 2018
    Date of Patent: August 30, 2022
    Assignee: CMMI Institute, LLC
    Inventors: Edward Douglas Grindstaff, II, Matthew Stuart Loeb, Kelly Hood, Greg Witte, Thomas Conkle
  • Patent number: 11429724
    Abstract: A security service utilizes a machine learning model to detect unused open ports. A security agent on client machines tracks the operating executables and the open ports on a machine. A machine learning model is trained for a specific port number using the more commonly-used executables that run on machines having the port opened from a large and diverse population of machines. The model is then used to determine the ports that an executable is likely to be associated with which is then used to determine if a particular machine has an unused open port.
    Type: Grant
    Filed: March 19, 2018
    Date of Patent: August 30, 2022
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.
    Inventors: Michael Zeev Bargury, Moshe Israel, Ben Kliger, Yotam Livny
  • Patent number: 11429455
    Abstract: Disclosed are various embodiments for generating recommended replacement host machines for a datacenter. The recommendations can be generated based upon an analysis of historical workload usage across the datacenter. Clusters can be generated that cluster workloads together that are similar. Purchase plans can be generated based upon the identified clusters and benchmark data regarding servers.
    Type: Grant
    Filed: June 24, 2020
    Date of Patent: August 30, 2022
    Assignee: VMware, Inc.
    Inventors: Yash Bhatnagar, Naina Verma, Mageshwaran Rajendran, Amit Kumar, Venkata Naga Manohar Kondamudi
  • Patent number: 11429713
    Abstract: The methods and systems disclosed herein generally relate to automated execution and evaluation of computer network training exercises, such as in a virtual environment. A server generates a training system having a virtual attack machine and a virtual target machine where the virtual target machine is operatively controlled by a trainee computer. The server then executes a simulated cyber-attack and monitors/collects actions and responses by the trainee. The server then executes an artificial intelligence model to evaluate the trainee's action and to identify a subsequent simulated cyber-attack (e.g., a next step to the simulated cyber-attack). The server may then train the artificial intelligence model using various machine-learning techniques using the collected data during the exercise.
    Type: Grant
    Filed: January 24, 2019
    Date of Patent: August 30, 2022
    Assignee: ARCHITECTURE TECHNOLOGY CORPORATION
    Inventors: Matthew Donovan, Paul Nicotera, Dahyun Hollister, Robert Joyce, Judson Powers
  • Patent number: 11431747
    Abstract: A system and method is described that sends multiple simulated phishing emails, text messages, and/or phone calls (e.g., via VoIP) varying the quantity, frequency, type, sophistication, and combination using machine learning algorithms or other forms of artificial intelligence. In some implementations, some or all messages (email, text messages, VoIP calls) in a campaign after the first simulated phishing email, text message, or call may be used to direct the user to open the first simulated phishing email or text message, or to open the latest simulated phishing email or text message. In some implementations, simulated phishing emails, text messages, or phone calls of a campaign may be intended to lure the user to perform a different requested action, such as selecting a hyperlink in an email or text message, or returning a voice call.
    Type: Grant
    Filed: July 26, 2021
    Date of Patent: August 30, 2022
    Assignee: KnowBe4, Inc.
    Inventors: Alin Irimie, Stu Sjouwerman, Greg Kras, Eric Sites
  • Patent number: 11422926
    Abstract: Test coverage for a software application can be managed. For example, one system of the present disclosure can receive a feature set for the software application. The feature set indicates features of the software application and functionality attributed to features. The system can also access test code for testing the software application. The test code is source code defining programmatic tests for testing the software application. The system can then determine test coverage for the feature set by analyzing the test code for references to the features and the functionality associated with the feature set. The system can generate a display output indicating the test coverage for the software application.
    Type: Grant
    Filed: April 16, 2019
    Date of Patent: August 23, 2022
    Assignee: RED HAT, INC.
    Inventor: Jacob Callahan
  • Patent number: 11416589
    Abstract: Data processing systems and methods, according to various embodiments, are adapted for automatically assessing the level of security and/or privacy risk associated with doing business with a particular vendor or other entity and for generating training material for such vendors. In various embodiments, the systems may automatically obtain and use any suitable information to assess such risk levels including, for example: (1) any security and/or privacy certifications held by the vendor; (2) the terms of one or more contracts between a particular entity and the vendor; (3) the results of one or more privacy impact assessments for the vendor; and/or (4) any other suitable data. The system may be configured to automatically approve or reject a particular vendor based on the assessed risk level associated with the vendor and this information may be automatically communicated to an entity considering doing business with the vendor and/or the vendor itself.
    Type: Grant
    Filed: October 4, 2021
    Date of Patent: August 16, 2022
    Assignee: OneTrust, LLC
    Inventors: Jonathan Blake Brannon, Kabir A. Barday, Jason L. Sabourin, Kevin Jones, Subramanian Viswanathan, Milap Shah
  • Patent number: 11418541
    Abstract: Systems and methods are disclosed for simulating a phishing attack involving an email thread. An email thread of a plurality of email threads of an entity for use in a simulated phishing attack is identified. A simulation system generates a converted reply simulated phishing email to an email of the email thread. The converted reply simulated phishing email is generated to be from a user that is one of a recipient or a sender of one or more emails of the email thread and is communicated to a target user's email account, the converted reply simulated phishing email.
    Type: Grant
    Filed: August 11, 2021
    Date of Patent: August 16, 2022
    Assignee: KnowBe4, Inc.
    Inventor: Greg Kras
  • Patent number: 11418531
    Abstract: A system for deriving a rating representative of a level of cybersecurity of a user is configured to execute steps of a method comprising requesting, from the user, identifying information about the user; requesting, from the user, input in response to a set of predetermined questions provided to the user based on the identifying information about the user; collecting, based on at least the identifying information, public domain data about the user and data from the user's digital assets; and computing, based on the collected data and the input to the set of predetermined questions provided by the user, a numerical value defining the cybersecurity rating.
    Type: Grant
    Filed: March 18, 2020
    Date of Patent: August 16, 2022
    Assignee: Cyberlab Inc.
    Inventor: Ayobami Abayomi Olalere
  • Patent number: 11416607
    Abstract: A method may include determining a configuration of one or more basic input/output system (BIOS) settings identified as influencing security at an information handling system. The method may further include determining a security risk score based on the configuration, and generating a security gauge image that provides a visual indication of the security risk score. The security gauge image may be displayed during BIOS initialization at the information handling system.
    Type: Grant
    Filed: November 4, 2019
    Date of Patent: August 16, 2022
    Assignee: Dell Products L.P.
    Inventors: Greg Havenga, Ruhull Bhuiyan, Carl McAdams, Ibrahim Sayyed, Allen Wynn, Joshua Alperin
  • Patent number: 11418529
    Abstract: A method, apparatus, and computer program are disclosed. The method may be performed by one or more processors and may comprise receiving first data representing an infrastructure of a computer network, the first data comprising an indication of hosts which form at least part of the computer network and one or more software resources on respective hosts. The method may also comprise receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the hosts of the computer network. Using a combination of the first data and the second data, output data may be generated representing a risk profile of the computer network infrastructure, the output data indicating one or more subsets of hosts, determined as being at risk of being affected by the detected vulnerabilities by virtue of the software resources they provide for output on a user interface.
    Type: Grant
    Filed: March 6, 2019
    Date of Patent: August 16, 2022
    Assignee: Palantir Technologies Inc.
    Inventors: Elliot Colquhoun, Abhishek Agarwal, Andrew Eggleton, Brandon Helms, Carl Ambroselli, Cem Zorlular, Daniel Kelly, Gautam Punukollu, Jeffrey Tsui, Morten Kromann, Nikhil Seetharaman, Raj Krishnan, Samuel Jones, Tareq Alkhatib, Dayang Shi
  • Patent number: 11416246
    Abstract: An information processing apparatus (1) includes a storage unit (11) that stores knowledge information (111) containing a relationship regarding the correspondence between a plurality of types of element information (1111 to 111n) to be used for referring to a specified element value and conceptual information (1110) indicating a concept of the element value, an adding unit (12) that adds, to each of a plurality of graphs representing a processing structure in each of a plurality of source codes where any one of the element information (1111 to 111n) is described, the conceptual information (1110) identified from the element information corresponding to each node in the graph based on the knowledge information (111) as attribute information related to the node, and an extraction unit (13) that extracts a subgraph common to the graphs after the adding based on the conceptual information (1110).
    Type: Grant
    Filed: September 3, 2018
    Date of Patent: August 16, 2022
    Assignee: NEC CORPORATION
    Inventor: Masafumi Oyamada
  • Patent number: 11418534
    Abstract: A threat analysis system includes a storage unit that stores first information in which a device configuring a threat analysis target system and a vulnerability included in the device are associated with each other, and second information in which the device and a threat from a viewpoint of a business operator assumed in the threat analysis target system are associated with each other; a threat analysis processing unit that associates the vulnerability included in the device and a threat in the threat analysis target system with each other on a basis of the first information and the second information stored in the storage unit; and a threat-analysis result output unit that outputs a relationship between the vulnerability and the threat associated by the threat analysis processing unit.
    Type: Grant
    Filed: February 22, 2019
    Date of Patent: August 16, 2022
    Assignee: HITACHI, LTD.
    Inventors: Akihiro Sugimoto, Yoshiaki Isobe
  • Patent number: 11416590
    Abstract: Data processing systems and methods, according to various embodiments, are adapted for automatically assessing the level of security and/or privacy risk associated with doing business with a particular vendor or other entity and for generating training material for such vendors. In various embodiments, the systems may automatically obtain and use any suitable information to assess such risk levels including, for example: (1) any security and/or privacy certifications held by the vendor; (2) the terms of one or more contracts between a particular entity and the vendor; (3) the results of one or more privacy impact assessments for the vendor; and/or (4) any other suitable data. The system may be configured to automatically approve or reject a particular vendor based on the assessed risk level associated with the vendor and this information may be automatically communicated to an entity considering doing business with the vendor and/or the vendor itself.
    Type: Grant
    Filed: October 18, 2021
    Date of Patent: August 16, 2022
    Assignee: OneTrust, LLC
    Inventors: Jonathan Blake Brannon, Kabir A. Barday, Jason L. Sabourin, Kevin Jones, Subramanian Viswanathan, Milap Shah
  • Patent number: 11411920
    Abstract: Disclosed are methods and systems for creating a secure and dynamic public cloud-based cyber range by first creating a plurality of subscription-based virtual private networks on each of a plurality of public computing platforms. The public computing platforms may be accessible via a network, and may include at least one server. At least one virtual cyber range may be created relative to each of said private networks. Each cyber range may include a virtual network of one or more virtual computing components. The network traffic of said cyber ranges may be managed via at least one master controller to isolate said cyber range from a remainder of said public computing platforms not accessible via said network.
    Type: Grant
    Filed: May 13, 2020
    Date of Patent: August 9, 2022
    Assignee: Circadence Corporation
    Inventors: Gary D. Morton, Paul Randy Thornton, Ryan Pressley
  • Patent number: 11410106
    Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.
    Type: Grant
    Filed: November 24, 2021
    Date of Patent: August 9, 2022
    Assignee: OneTrust, LLC
    Inventors: Jonathan Blake Brannon, Andrew Clearwater, Brian Philbrook, Trey Hecht, Wesley Johnson, Nicholas Ian Pavlichek, Rajanandini Chennur
  • Patent number: 11411802
    Abstract: In some implementations, a method is provided. The method includes determining a physical topology of a network and monitoring network events based, at least in part, on control plane information received from one or more devices in the network. The method also includes monitoring the performance of each of a plurality of applications running on the network based, at least in part, on a set of application calls initiated by each application. When a drop in performance of an application is detected, the drop in performance is correlated with one or more of a plurality of detected network events to determine a cause of the drop in performance.
    Type: Grant
    Filed: December 9, 2019
    Date of Patent: August 9, 2022
    Assignee: ARISTA NETWORKS, INC.
    Inventors: Fred Hsu, Andre Pech
  • Patent number: 11403377
    Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.
    Type: Grant
    Filed: October 12, 2021
    Date of Patent: August 2, 2022
    Assignee: OneTrust, LLC
    Inventors: Jonathan Blake Brannon, Andrew Clearwater, Brian Philbrook, Trey Hecht, Wesley Johnson, Nicholas Ian Pavlichek, Linda Thielová
  • Patent number: 11403391
    Abstract: A method, system and product for command injection identification. An input hook function is configured to be executed in response to a potential input provisioning event. The input hook function is configured to perform: analyzing a potential input of the potential input provisioning event to identify whether the potential input comprises a command separator and an executable product; and in response to identifying the command separator and the executable product, recording a suspicious input event indicating the command separator and the executable product. An execution hook function is configured to be executed in response to a potential execution event. The execution hook function is configured to perform: in response to a determination that an execution command of the potential execution event comprises the command separator and the executable product of the suspicious input event, flagging the execution command as a command injection attack.
    Type: Grant
    Filed: November 18, 2019
    Date of Patent: August 2, 2022
    Assignee: JF ROG LTD
    Inventors: Asaf Karas, Or Peles, Meir Tsvi, Anton Nayshtut
  • Patent number: 11405363
    Abstract: A computer-implemented method includes receiving, by a proxy device, a document from a service provider in response to a request to the service provider from a client device. The proxy device injects into the document event monitoring code for monitoring user actions on the client device. The proxy device sends the document with the event monitoring code to the client device. The event monitoring code intercepts a user request for a file upload event using a client-side application on the client device. The proxy device receives a client request including file information regarding the file upload event from the event monitoring code. The proxy device determines whether the file upload event should be allowed or blocked based on the received file information and stored policy data.
    Type: Grant
    Filed: June 26, 2019
    Date of Patent: August 2, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Guy Lewin, Amir Geri
  • Patent number: 11397817
    Abstract: A binary patch system for a vehicle may include a memory and a controller in communication with the memory and programmed to receive original source code, identify vulnerabilities in original source code, generate binary patch based on the identified vulnerabilities, insert binary patch into original source code, receive feedback of the inserted binary patch, and update the binary patch based on the feedback.
    Type: Grant
    Filed: August 22, 2019
    Date of Patent: July 26, 2022
    Inventors: Gopalakrishnan Iyer, Ameer Kashani
  • Patent number: 11392712
    Abstract: In an example, a method includes determining an operating environment of a device based on sensor data from a sensor of the device that senses surroundings of the device. Access to a resource may be controlled based on the operating environment and a status of a security feature of the device.
    Type: Grant
    Filed: April 27, 2017
    Date of Patent: July 19, 2022
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Daniel Ellam, Gurchetan Grewal
  • Patent number: 11394737
    Abstract: A method, apparatus, and system for a smart space rating service (106) are provided. A method includes receiving, from a user device (104a, 104b), a request for a security rating of a smart space (102), calculating the security rating of the smart space (102) based at least in part on security information regarding the smart space (102), the security information received from a plurality of user devices (104a, 104b), and transmitting the security rating of the smart space (102) to the user device (104a, 104b).
    Type: Grant
    Filed: August 22, 2016
    Date of Patent: July 19, 2022
    Assignee: PCMS Holdings, Inc.
    Inventors: Antti V. P. Evesti, Pia E. Raitio, Pekka P. Savolainen
  • Patent number: 11388167
    Abstract: Disclosed herein are methods, systems and device for estimating an identity confidence level for a user requesting access to a secure resource, comprising: initiating an authentication session to authenticate the user using a client device to access the secure resource, computing a cumulative identity confidence score in a plurality of iterations and successfully authenticating the user in case the cumulative identity confidence score exceeds a threshold predefined for the secure resource.
    Type: Grant
    Filed: December 2, 2019
    Date of Patent: July 12, 2022
    Assignee: Transmit Security Ltd.
    Inventors: Michael Boodaei, Eldan Ben-Haim, Dima Polsky
  • Patent number: 11388178
    Abstract: Extensive deployment of interoperable distributed energy resources (DER) on power systems is increasing the power system cybersecurity attack surface. National and jurisdictional interconnection standards require DER to include a range of autonomous and commanded grid-support functions which can drastically influence power quality, voltage, and the generation-load balance. Investigations of the impact to the power system in scenarios where communications and operations of DER are controlled by an adversary show that each grid-support function exposes the power system to distinct types and magnitudes of risk. The invention provides methods for minimizing the risks to distribution and transmission systems using an engineered control system which detects and mitigates unsafe control commands.
    Type: Grant
    Filed: November 20, 2019
    Date of Patent: July 12, 2022
    Assignee: National Technology & Engineering Solutions of Sandia, LLC
    Inventor: Jay Tillay Johnson
  • Patent number: 11381590
    Abstract: A method and system for remediating a vulnerability in a first computing resource asset in a computer network, including receiving vulnerability scanning results data from each respective one of a plurality of diverse vulnerability scanners, storing the vulnerability scanning results data as a collection of vulnerability scanning results data, normalizing and extracting common features from the normalized data, vectorizing the common features to determine feature vectors, applying a false positive predictor model to predict a false positive, separating vulnerability scanning results data that corresponds to one or more predicted false positives from a remainder of the collection of vulnerability scanning result data, and sending the remainder of the collection of vulnerability scanning results data to a second computer resource asset.
    Type: Grant
    Filed: December 2, 2019
    Date of Patent: July 5, 2022
    Assignee: Saudi Arabian Oil Company
    Inventors: Saeed A. Alsaeed, Irslan Siddiq
  • Patent number: 11381588
    Abstract: A system, a method, and a computer program for remediating a cyberattack risk for a computing resource located at a node in a computer network having a plurality of nodes. The solution includes receiving vulnerability score data that has a severity level for a vulnerability in the computing resource at the node, receiving a number of installations value (NCRi) that indicates a number of instances the computing resource is included in the plurality of nodes, determining a percentile of occurrence value (POCRi) for the computing resource based on the number of installations value (NCRi), applying a severity adjustment matrix to the severity level to determine a true severity level for the vulnerability in the computing resource, reprioritized the vulnerability in the computing resource based on the true severity level, and mitigating the cyberattack risk for the computing resource based on the true severity level.
    Type: Grant
    Filed: July 30, 2019
    Date of Patent: July 5, 2022
    Assignee: Saudi Arabian Oil Company
    Inventors: Sultan Saadaldean Alsharif, Wael Mohammed Alagi
  • Patent number: 11381589
    Abstract: In one aspect, the present disclosure is directed to systems and methods for validating and securely storing security entry updates. The security entry update is received from a contributor, and broadcast to a plurality of computing nodes. It then is determined whether to validate the received security update at each computing node of the plurality of computing nodes. If the received security entry update is validated, information relating to the received security update is added as transaction information in a current block, the current block is included in a blockchain that is stored in a datastore of each computing node of the plurality of computing nodes. Other aspects also are described.
    Type: Grant
    Filed: October 11, 2019
    Date of Patent: July 5, 2022
    Assignee: Secureworks Corp.
    Inventors: Mehdi Tassoumt, Wayne Haber
  • Patent number: 11374969
    Abstract: A quantitative method for the security access strategy selection of the edge computing terminals includes the following steps: S1. Quantifying and ranking the security risks according to the terminals and data application requirements under the edge computing system. S1. Quantifying and ranking the security risks according to the terminals and data application requirements under the edge computing system. S2. Calculating the security quantification value of terminal and data application. S3. Giving the weight coefficients for the security risk protection of the security access strategies for the terminal and data in the edge computing side. S4. Give the corresponding value of each security strategy to the corresponding terminal and data security protection. S5. Select the corresponding algorithm according to the data set in S4 to select the security strategies.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: June 28, 2022
    Assignee: UNIVERSITY OF ELECTRONIC SCIENCE AND TECHNOLOGY OF CHINA
    Inventors: Jie Tang, Hong Wen, Huanhuan Song, Feiyi Xie, Yi Chen
  • Patent number: 11372980
    Abstract: A method includes, by a computer associated with a security reporter, updating a component vulnerability entry blockchain to represent a state of a component vulnerability entry of a software component vulnerability database. The method includes, by the computer, providing the updated component vulnerability entry blockchain to a management authority so that the management authority updates a master blockchain for the software component vulnerability database. The updated master blockchain includes a plurality of component vulnerability entry blockchains, which represent corresponding states of component vulnerability entries of the software component vulnerability database, including the updated component vulnerability entry.
    Type: Grant
    Filed: June 14, 2019
    Date of Patent: June 28, 2022
    Assignee: NETIQ CORPORATION
    Inventors: Michael F. Angelo, Lloyd L. Burch, Baha Masoud
  • Patent number: 11374958
    Abstract: A method provides an intermediate mitigation of a vulnerability in a particular computer system. One or more processors receive a description of a vulnerability of a computer system to a malicious attack. The processor(s) perform an NLP analysis of the description of the vulnerability in order to extract risk information related to the vulnerability, where the risk information includes an identity of a type of vulnerable computer system resource in the computer system. The processor(s) match the vulnerable computer system resource to a computer system resource in a particular computer system, and perform an intermediate mitigation action that reduces a functionality of the computer system resource in the particular computer system until a solution is implemented that both restores the functionality of the computer system resource in the particular computer system and mitigates the vulnerability of the particular computer system to the malicious attack.
    Type: Grant
    Filed: October 31, 2018
    Date of Patent: June 28, 2022
    Assignee: International Business Machines Corporation
    Inventors: Huyanh D. Ngo, Aankur Bhatia, Adam J. Paquin, Srinivas B. Tummalapenta
  • Patent number: 11372974
    Abstract: A system, a method, and a computer program are provided for analyzing a security scanning analysis for source code in a computing resource to detect an alteration event in the security scanning analysis. The method includes receiving, by an alteration event processor, the security scanning analysis for the computing resource, parsing data, by the alteration event processor, from a plurality of fields in the security scanning analysis, analyzing the parsed data, by the alteration event processor, to detect whether the security scanning analysis includes an alteration event. determining, by the alteration event processor, that the security scanning analysis includes the alteration event, and linking, by the alteration event processor, the alteration event with the computing resource before the computing resource is made available to a client device in a network.
    Type: Grant
    Filed: March 4, 2019
    Date of Patent: June 28, 2022
    Assignee: Saudi Arabian Oil Company
    Inventor: Adnan Mustafa Sawas
  • Patent number: 11372867
    Abstract: In accordance with one example method, a computing system may determine that first user profile data of a first user of a relevance scoring service is similar to second user profile data of a second user of the relevance scoring service, where the relevance scoring service is configured to assign first relevance scores to first information chunks to be presented to the first user based at least part on at least a first portion of first stored behavior data of the first user, and where the first stored behavior data is indicative of the first user's interactions with second information chunks previously presented to the first user. In response to determining that the first user profile data is similar to the second user profile data, the relevance scoring service may be configured to assign second relevance scores to third information chunks to be presented to the second user based at least in part on at least a second portion of the first stored behavior data.
    Type: Grant
    Filed: September 28, 2020
    Date of Patent: June 28, 2022
    Assignee: Citrix Systems, Inc.
    Inventors: Aikaterini Kalou, Kostas Katrinis
  • Patent number: 11374966
    Abstract: Methods, systems, and computer-readable storage media for receiving, by a database connector having a taint extension, a SQL request from an application, sending, by the taint extension, the SQL request to a SQL parser, receiving, by the taint extension, a structural representation of the SQL request from the SQL parser, adding, by the taint extension, taint information corresponding to data within the SQL request to provide an enhanced SQL statement, and transmitting, by the database connector, the enhanced SQL statement to a database for storing the taint information with the data.
    Type: Grant
    Filed: December 13, 2018
    Date of Patent: June 28, 2022
    Assignee: SAP SE
    Inventor: Martin Johns
  • Patent number: 11366786
    Abstract: In various embodiments, an organization may be required to comply with one or more legal or industry requirements related to the storage of personal data (e.g., which may, for example, include personally identifiable information) even when responding to and fulfilling Data Subject Access Requests. In particular, when responding to a DSAR, the system may compile one or more pieces of personal data for provision to a data subject. The system may store this compilation of personal data at least temporarily in order to provide access to the data to the data subject. As such, the system may be configured to implement one or more data retention rules in order to ensure compliance with any legal or industry requirements related to the temporary storage of the collected data while still fulfilling any requirements related to providing the data to data subjects that request it, deleting the data upon request, etc.
    Type: Grant
    Filed: June 14, 2021
    Date of Patent: June 21, 2022
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Jonathan Blake Brannon, Jason L. Sabourin
  • Patent number: 11368470
    Abstract: Advanced Persistent Threat (APT) defense leverages priority-based tracking around alerts, together with priority-based alert reasoning task scheduling. In one embodiment, individual alert reasoning tasks are managed by an alert scheduler, which effectively allocates available computation resources to prioritize the alert reasoning tasks, which each execute within processing workers that are controlled by the alert scheduler. An alert reasoning task typically is prioritized (relative to other such tasks) according to one or more factors, such as severity levels, elapsed time, and other tracking results. By implementing priority-based task scheduling, the task scheduler provides for alert reasoning tasks that are interruptible. In this approach, and once an alert is assigned to a task and the task assigned a worker, priority-based connectivity tracker around each alert is carried out to provide further computational efficiency.
    Type: Grant
    Filed: June 13, 2019
    Date of Patent: June 21, 2022
    Assignee: International Business Machines Corporation
    Inventors: Yushan Liu, Xiaokui Shu, Douglas Lee Schales, Marc Philippe Stoecklin
  • Patent number: 11368481
    Abstract: Techniques for discovery and management of applications in a computing environment of an organization are disclosed. A security management system discovers use of applications within a computing environment to manage access to applications for minimizing security threats and risks in a computing environment of the organization. The security management system can obtain network data about network traffic to identify unique applications. The security management system performs analysis and correlation, including using one or more data sources, to determine information about an application. The system computes a measure of security for an application (“an application risk score”) and a user (“a user risk score”). The score is analyzed to determine a threat of security posed by the application based on use of the application. The security system performs one or more instructions to configure access permitted by an application, whether access is denied or restricted.
    Type: Grant
    Filed: January 13, 2020
    Date of Patent: June 21, 2022
    Assignee: Oracle International Corporation
    Inventors: Ganesh Kirti, Kamalendu Biswas, Sumedha Nalin Perera, Adina Florina Simu
  • Patent number: 11363066
    Abstract: A method for information processing, applied to a test terminal and includes: a test case is executed through a test application run by the test terminal to generate a message to be sent to a server supporting running of the test application; information of the message is acquired; and the information of the message is sent to a test platform, the information of the message being configured for the test platform to analyze a location of the server and obtain a risk detection result about whether the test application has a cross-border transmission risk or not based on whether the location is outside a safe region range or not. A device for information processing, a test terminal, a test platform and a storage medium are also provided.
    Type: Grant
    Filed: November 19, 2019
    Date of Patent: June 14, 2022
    Assignee: BEIJING XIAOMI MOBILE SOFTWARE CO., LTD.
    Inventors: Xin Wang, Lin Fan, Tianfu Ren, Shuting Tian