Patents by Inventor Martin Kopp
Martin Kopp has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20190319976Abstract: In one embodiment, a device in a network receives traffic information regarding one or more secure sessions in the network. The device associates the one or more secure sessions with corresponding certificate validation check traffic indicated by the received traffic information. The device makes a self-signed certificate determination for an endpoint domain of a particular secure session based on whether the particular secure session is associated with certificate validation check traffic. The device causes the self-signed certificate determination for the endpoint domain to be used as input to a malware detector.Type: ApplicationFiled: June 20, 2019Publication date: October 17, 2019Inventors: Martin Kopp, Martin Grill, Jan Kohout
-
Patent number: 10436685Abstract: A method for processing particles contained in a liquid biological sample is presented. The method uses a rotatable vessel for processing particles contained in a liquid biological sample. The rotatable vessel has a longitudinal axis about which the vessel is rotatable, an upper portion having a top opening for receiving the liquid comprising the particles, a lower portion for holding the liquid while the rotatable vessel is resting, the lower portion having a bottom, and an intermediate portion located between the upper portion and the lower portion, the intermediate portion having a lateral collection chamber for holding the liquid while the rotatable vessel is rotating. The method employs dedicated acceleration and deceleration profiles for sedimentation and re-suspension of the particles of interest.Type: GrantFiled: January 27, 2017Date of Patent: October 8, 2019Assignee: Roche Diagnostics Operations, Inc.Inventors: Claudio Cherubini, Martin Kopp, Nenad Milicevic, Daniel Mueller, Emad Sarofim, Goran Savatic
-
Publication number: 20190285660Abstract: A laboratory system for a laboratory automation system is presented. The laboratory system comprises a sample container carrier. The sample container carrier is configured to carry a laboratory sample container and comprises a removal detector. The removal detector is configured to interact with the laboratory sample container to detect a removal of the carried laboratory sample container from the sample container carrier. Furthermore, the laboratory system is configured to determine based on the detected removal that a before valid logic assignment of the sample container carrier to the carried laboratory sample container is invalid.Type: ApplicationFiled: March 4, 2019Publication date: September 19, 2019Applicant: Roche Diagnostics Operations, Inc.Inventors: Martin Kopp, Oliver Gutmann, Norbert Schmitt
-
Patent number: 10375097Abstract: In one embodiment, a device in a network receives traffic information regarding one or more secure sessions in the network. The device associates the one or more secure sessions with corresponding certificate validation check traffic indicated by the received traffic information. The device makes a self-signed certificate determination for an endpoint domain of a particular secure session based on whether the particular secure session is associated with certificate validation check traffic. The device causes the self-signed certificate determination for the endpoint domain to be used as input to a malware detector.Type: GrantFiled: December 21, 2016Date of Patent: August 6, 2019Assignee: Cisco Technology, Inc.Inventors: Martin Kopp, Martin Grill, Jan Kohout
-
Patent number: 10230747Abstract: In an embodiment, the method comprises receiving an identification of an anomaly associated with a false positive identification of a security threat by the intrusion detection system, wherein a first set of feature data identifies features of the anomaly; creating a plurality of training sets each comprising identifications of a plurality of samples of network communications; for the anomaly and each training set of the plurality of training sets, training a decision tree that is stored in digital memory of the security analysis computer; based at least in part on the plurality of trained decision trees, extracting a set of features that distinguish the anomaly from the plurality of samples; generating one or more rules associated with the anomaly from the extracted set of features and causing programming the security analysis computer with the one or more rules.Type: GrantFiled: October 9, 2015Date of Patent: March 12, 2019Assignee: CISCO TECHNOLOGY, INC.Inventors: Martin Kopp, Tomas Pevny
-
Patent number: 10218718Abstract: Rapidly detecting network threats with targeted detectors includes, at a computing device having connectivity to a network, determining features of background network traffic. Features are also extracted from a particular type of network threat. A characteristic of the particular type of network threat that best differentiates the features of the particular type of network threat from the features of the background network traffic is determined. A targeted detector for the particular type of network threat is created based on the characteristic and an action is applied to particular incoming network traffic identified by the targeted detector as being associated with the particular type of network threat.Type: GrantFiled: August 23, 2016Date of Patent: February 26, 2019Assignee: Cisco Technology, Inc.Inventors: Martin Kopp, Tomas Pevny
-
Publication number: 20190014134Abstract: In one embodiment, a device in a network maintains a plurality of machine learning-based detectors for an intrusion detection system. Each detector is associated with a different portion of a feature space of traffic characteristics assessed by the intrusion detection system. The device provides data regarding the plurality of detectors to a user interface. The device receives an adjustment instruction from the user interface based on the data provided to the user interface regarding the plurality of detectors. The device adjusts the portions of the feature space associated with the plurality of detectors based on the adjustment instruction received from the user interface.Type: ApplicationFiled: July 7, 2017Publication date: January 10, 2019Inventors: Martin Kopp, Petr Somol, Tomas Pevny, David McGrew
-
Publication number: 20180375884Abstract: A user behavior activity detection method is provided in which network traffic relating to user behavior activities in a network is monitored. Data is stored representing network traffic within a plurality of time periods, each of the time periods serving as a transaction. Subsets of the network traffic in the transactions are identified as traffic suspected of relating to certain user behavior activities. The subsets of the network traffic in the transactions are assigned into one or more groups. A determination is made of one or more detection rules for each of the one or more groups based on identifying, for each of the groups, a number of user behavior activities common to each of the subsets of the network traffic. The one or more detection rules are used to monitor future network traffic in the network to detect occurrence of the certain user behavior activities.Type: ApplicationFiled: June 22, 2017Publication date: December 27, 2018Inventors: Martin Kopp, Lukas Machlica
-
Publication number: 20180337831Abstract: A computing device having connectivity to a network stores one or more existing device models, where each of the one or more existing device models is a representation of a different client device used by a first authenticated user to access the network. The computing device obtains a device sample, which comprises network traffic data that is captured during a period of time and which is generated by a particular client device associated with the authenticated user of the network. The computing device determines, based on one or more relational criteria, whether the device sample should be assigned to one of the one or more existing device models or to an additional device model that has not yet been created. The computing device then determines relative identity of the particular client device based on whether the device sample is assigned to one of the one or more device models or to an additional device model that has not yet been created.Type: ApplicationFiled: May 18, 2017Publication date: November 22, 2018Inventors: Martin Grill, Jan Kohout, Martin Kopp
-
Publication number: 20180176240Abstract: In one embodiment, a device in a network receives traffic information regarding one or more secure sessions in the network. The device associates the one or more secure sessions with corresponding certificate validation check traffic indicated by the received traffic information. The device makes a self-signed certificate determination for an endpoint domain of a particular secure session based on whether the particular secure session is associated with certificate validation check traffic. The device causes the self-signed certificate determination for the endpoint domain to be used as input to a malware detector.Type: ApplicationFiled: December 21, 2016Publication date: June 21, 2018Inventors: Martin Kopp, Martin Grill, Jan Kohout
-
Publication number: 20180103056Abstract: In one embodiment, a device in a network detects an encrypted traffic flow associated with a client in the network. The device captures contextual traffic data regarding the encrypted traffic flow from one or more unencrypted packets associated with the client. The device performs a classification of the encrypted traffic flow by using the contextual traffic data as input to a machine learning-based classifier. The device generates an alert based on the classification of the encrypted traffic flow.Type: ApplicationFiled: October 6, 2016Publication date: April 12, 2018Inventors: Jan Kohout, Blake Harrell Anderson, Martin Grill, David McGrew, Martin Kopp, Tomas Pevny
-
Publication number: 20180063161Abstract: Rapidly detecting network threats with targeted detectors includes, at a computing device having connectivity to a network, determining features of background network traffic. Features are also extracted from a particular type of network threat. A characteristic of the particular type of network threat that best differentiates the features of the particular type of network threat from the features of the background network traffic is determined. A targeted detector for the particular type of network threat is created based on the characteristic and an action is applied to particular incoming network traffic identified by the targeted detector as being associated with the particular type of network threat.Type: ApplicationFiled: August 23, 2016Publication date: March 1, 2018Inventors: Martin Kopp, Tomas Pevny
-
Publication number: 20180063174Abstract: Detecting illegitimate typosquatting with Internet Protocol (IP) information includes, at a computing device having connectivity to a network, obtaining a list of domains and filtering the list to generate a list of monitored domain strings. IP information is passively determined for domains associated with each of the monitored domain strings. A domain requested in network traffic for the network is identified as a candidate typosquatting domain and the candidate typosquatting domain is determined to be an illegitimate typosquatting domain based at least on the IP information. An action is initiated related to the illegitimate typosquatting domain.Type: ApplicationFiled: August 25, 2016Publication date: March 1, 2018Inventors: Martin Grill, Jan Kohout, Martin Kopp, Thomas Pevny
-
Publication number: 20180010990Abstract: A method for processing particles contained in a liquid biological sample is presented. The method uses a rotatable vessel for processing particles contained in a liquid biological sample. The rotatable vessel has a longitudinal axis about which the vessel is rotatable, an upper portion comprising a top opening for receiving the liquid comprising the particles, a lower portion for holding the liquid while the rotatable vessel is resting, the lower portion comprising a bottom, and an intermediate portion located between the upper portion and the lower portion, the intermediate portion comprising a lateral collection chamber for holding the liquid while the rotatable vessel is rotating. The method employs dedicated acceleration and deceleration profiles for sedimentation and re-suspension of the particles of interest.Type: ApplicationFiled: January 27, 2017Publication date: January 11, 2018Inventors: Claudio Cherubini, Martin Kopp, Nenad Milicevic, Daniel Mueller, Emad Sarofim, Goran Savatic
-
Patent number: 9638612Abstract: A method of individually releasing from an entity one or more members of a sub-group of biological units included in a heterogeneous group of biological units is provided. The method includes binding the group of biological units including the sub-group of biological units to the entity via a linker. Following binding, the location of the one or more members on the entity is determined. Once the location is determined, a localized physical pulse is applied to the one or more members. The localized physical pulse individually releases the one or more members from the entity by dissociating the linker.Type: GrantFiled: April 25, 2014Date of Patent: May 2, 2017Assignee: Roche Molecular Systems, Inc.Inventors: Judith Brand-Meier, Claudio Cherubini, Andreas Drechsler, Nicole Gwerder, Martin Kopp, Edwin Oosterbroek, Emad Sarofim
-
Publication number: 20160303556Abstract: A pressure transmission liquid for a cellular analyzer, a cellular analyzer, and a method for analyzing a liquid cellular sample using such a cellular analyzer are disclosed. The pressure transmission liquid comprises an aqueous solution of at least one substance, wherein the solution has isotonic and substantially non-conductive characteristics. The cellular analyzer comprises a pipetting module having a pipetting tip, an automated positioning device for positioning the pipetting module, a capacitive liquid level sensor for detecting a liquid level of a liquid cellular sample to be analyzed, a pressure transmission liquid reservoir comprising such a pressure transmission liquid, and a pressure transmission liquid conduit connected to the pipetting tip and the pressure transmission liquid reservoir.Type: ApplicationFiled: April 15, 2016Publication date: October 20, 2016Inventors: Martin Kopp, Emad Sarofim
-
Publication number: 20160036844Abstract: In an embodiment, the method comprises receiving an identification of an anomaly associated with a false positive identification of a security threat by the intrusion detection system, wherein a first set of feature data identifies features of the anomaly; creating a plurality of training sets each comprising identifications of a plurality of samples of network communications; for the anomaly and each training set of the plurality of training sets, training a decision tree that is stored in digital memory of the security analysis computer; based at least in part on the plurality of trained decision trees, extracting a set of features that distinguish the anomaly from the plurality of samples; generating one or more rules associated with the anomaly from the extracted set of features and causing programming the security analysis computer with the one or more rules.Type: ApplicationFiled: October 9, 2015Publication date: February 4, 2016Inventors: MARTIN KOPP, TOMAS PEVNY
-
Patent number: 9085167Abstract: In an arrangement to supply ink to a print head unit having a print head, an input, and an output, a back-pressure tank having ink is provided and connected with the input of the print head unit. A degassing unit for ink and having an input and an output is also provided. A first selector valve is connected to the degassing unit input, the first selector valve in a first position establishing a connection of the degassing unit with the output of the print head unit. A second selector valve is connected to the degassing unit output, the second selector valve in a first position establishing a connection of the degassing unit with the back-pressure tank.Type: GrantFiled: September 29, 2014Date of Patent: July 21, 2015Assignee: Océ Printing Systems GmbH & Co. KGInventors: Martin Kopp, Stefan Adelsperger, Thomas Szusdziara, Alexander Tobian, Andre Schwarzkopf, Murat Kader
-
Publication number: 20150091992Abstract: In an arrangement to supply ink to a print head unit having a print head, an input, and an output, a back-pressure tank having ink is provided and connected with the input of the print head unit. A degassing unit for ink and having an input and an output is also provided. A first selector valve is connected to the degassing unit input, the first selector valve in a first position establishing a connection of the degassing unit with the output of the print head unit. A second selector valve is connected to the degassing unit output, the second selector valve in a first position establishing a connection of the degassing unit with the back-pressure tank.Type: ApplicationFiled: September 29, 2014Publication date: April 2, 2015Applicant: OCE PRINTING SYSTEMS GMBH & CO. KGInventors: Martin Kopp, Stefan Adelsperger, Thomas Szusdziara, Alexander Tobian, Andre Schwarzkopf, Murat Kader
-
Patent number: 8980621Abstract: A high-density multiwell-plate for performing thermocycled amplification reactions of polynucleotides in liquid samples comprising a plurality of reaction wells is disclosed. In order to provide a better thermal insulation, the plate comprises a rigid well-forming structure placed above a bottom layer, wherein substantially horizontal well-covering areas cover the liquid sample comprised in the wells, and a substantially plane cover placed above the well-forming structure providing a thermal insulating air distance between the well-covering areas and the cover.Type: GrantFiled: August 25, 2009Date of Patent: March 17, 2015Assignee: Roche Molecular Systems, Inc.Inventor: Martin Kopp