Abstract: An intrusion prevention device includes a reception unit, a monitoring unit, and a determination unit. The reception unit receives, from a control target device, a notification indicating a state of the control target device. The monitoring unit receives a control command transmitted from a control device to the control target device. The determination unit determines whether to permit or block passage of the control command received by the monitoring unit in accordance with the state of the control target device received by the reception unit.
Type:
Grant
Filed:
September 26, 2017
Date of Patent:
November 16, 2021
Assignees:
NIPPON TELEGRAPH AND TELEPHONE CORPORATION, MITSUBISHI HEAVY INDUSTRIES, LTD.
Abstract: Aspects of the subject disclosure may include, for example, monitoring network messages at a network edge of a service provider network, wherein the network edge is coupled via a network edge device to a local area network comprising a plurality of network-addressable (IoT) devices, wherein the network edge device is in communication with a service provider network via a transmission medium in which electromagnetic waves comprising the network messages propagate along the transmission medium without requiring an electrical return path. A network-addressable device of the plurality of network-addressable devices is detected to obtain a detected network-addressable device according to the monitoring of the network messages. Information obtained from the detected network-addressable device is evaluated to obtain an evaluation result and a listing of the plurality of network-addressable devices is updated based on the evaluation results. Other embodiments are disclosed.
Type:
Grant
Filed:
December 3, 2018
Date of Patent:
November 9, 2021
Assignee:
AT&T Intellectual Property I, L.P.
Inventors:
Donald Levy, David Gross, Cristina Serban, Jayaraman Ramachandran
Abstract: A disclosed method may include (1) identifying a child process that spawned from a parent process running on a computing device, (2) receiving, from the child process, a request to execute an unsigned script on the computing device, (3) determining, in response to the request, whether to override a restriction against executing unsigned scripts by (A) checking an access-control label referenced by the parent process and (B) determining that the access-control label indicates that the parent process has a privilege to override the restriction, (4) imputing, to the child process, the privilege of the parent process to override the, and then (5) executing, on the computing device, the unsigned script despite the restriction due at least in part to the privilege of the parent process having been imputed to the child process. Various other apparatuses, systems, and methods are also disclosed.
Abstract: One embodiment of the invention is directed to a computer-implemented method comprising, receiving a first request that includes a token associated with a first computing device to utilize a shared resource implemented by a federated network of computing devices. The method further comprises identifying that the first computing device is an unknown entity based in part on the token and one or more signature used to sign the token. The method further comprises transmitting, to a trust management system, a second request to authenticate the first computing device using the token. The method further comprises, receiving an authentication message that verifies the first computing device within an open trust network. The authentication message may be generated in response to the trust management system communicating with a plurality of registrar computers in the open trust network about the signatures associated with the token.
Abstract: A system includes a memory and at least one processor to set a network throughput level setting to a default network traffic rate in a computer network, begin a data protection operation at the network throughput level setting in the computer network, continually monitor the computer network and determine that a condition has occurred in the computer network, dynamically adjust the network throughput level setting in response to the condition by one of decreasing the network throughput level setting by a network traffic rate increment and increasing the network throughput level setting by the network traffic rate increment, and dynamically shape network or storage traffic for the data protection operation using the network throughput level setting.
Type:
Grant
Filed:
January 18, 2019
Date of Patent:
July 13, 2021
Assignee:
COBALT IRON, INC.
Inventors:
Richard Raymond Spurlock, Robert Merrill Marett, James Thomas Kost, Gregory John Tevis
Abstract: A cryptographic infrastructure, which provides a method for generating private keys of variable length from a cryptographic table and a public key. This infrastructure provides an approximation of the one-time pad scheme. The cryptographic table is shared between a message sender and a message recipient by a secure transfer. After sharing the cryptographic table, no new private keys need to be sent—the private keys are independently generated by each party from the data contained within the shared cryptographic tables, using the public key. After public keys are exchanged, private keys may be generated and used to encrypt and decrypt messages and perform authentication cycles, establishing a secure communication environment between the sender and the recipient.
Type:
Grant
Filed:
December 31, 2018
Date of Patent:
April 13, 2021
Assignee:
Arizona Board of Regents on Behalf of Northern Arizona University