Patents by Inventor Steven Michael Bellovin
Steven Michael Bellovin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9392423Abstract: A method and apparatus for anticipating communication interruption. If, during an established call between two communication devices, a telecommunication device determines that a communication link to one of the devices will be interrupted, either temporarily or permanently, the device predicts the interruption in the communication link. The device may send a message, as pre-determined by at least one of the communication device, to the communication device of the predicted or pending call drop or interruption. After the interruption the previously established call is resumed. If a reconnection attempt is appropriate, then the device will attempt to reconnect to the dropped device. If a reconnection attempt is not appropriate, or if the reconnection attempt is unsuccessful, the non-dropped communication device is connected, as predetermined by either of the communication devices, to an appropriate connection, such as, to a voice mail.Type: GrantFiled: June 26, 2014Date of Patent: July 12, 2016Assignee: AT&T MOBILITY II LLCInventor: Steven Michael Bellovin
-
Publication number: 20140308929Abstract: A method and apparatus for anticipating communication interruption. If, during an established call between two communication devices, a telecommunication device determines that a communication link to one of the devices will be interrupted, either temporarily or permanently, the device predicts the interruption in the communication link. The device may send a message, as pre-determined by at least one of the communication device, to the communication device of the predicted or pending call drop or interruption. After the interruption the previously established call is resumed. If a reconnection attempt is appropriate, then the device will attempt to reconnect to the dropped device. If a reconnection attempt is not appropriate, or if the reconnection attempt is unsuccessful, the non-dropped communication device is connected, as predetermined by either of the communication devices, to an appropriate connection, such as, to a voice mail.Type: ApplicationFiled: June 26, 2014Publication date: October 16, 2014Inventor: Steven Michael Bellovin
-
Patent number: 8798614Abstract: A method and apparatus for anticipating communication interruption. If, during an established call between two communication devices, a telecommunication device determines that a communication link to one of the devices will be interrupted, either temporarily or permanently, the device predicts the interruption in the communication link. The device may send a message, as pre-determined by at least one of the communication device, to the communication device of the predicted or pending call drop or interruption. After the interruption the previously established call is resumed. If a reconnection attempt is appropriate, then the device will attempt to reconnect to the dropped device. If a reconnection attempt is not appropriate, or if the reconnection attempt is unsuccessful, the non-dropped communication device is connected, as predetermined by either of the communication devices, to an appropriate connection, such as, to a voice mail.Type: GrantFiled: January 21, 2010Date of Patent: August 5, 2014Assignee: AT&T Mobility II LLCInventor: Steven Michael Bellovin
-
Patent number: 8676916Abstract: A system and method are provided for use in establishing secure end-to-end communication links over a VPN gateway via a network interface unit. Illustrative embodiments include establishing and providing secure communication relationships between users (customers) and companies for e-commerce and other business purposes. Each company's data and linkage to users remaining private and secure from the other participating companies as well as from the general public over the Internet. Login by user with network interface units, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Required authentication exchanges and required encryption key exchanges facilitate the secure communications. Financial arrangements regarding the provisioning and use of network interface units are also disclosed.Type: GrantFiled: June 22, 2012Date of Patent: March 18, 2014Assignee: AT&T Intellectual Property II, L.P.Inventors: Steven Michael Bellovin, Thomas Joseph Killian, Bruce LaRose, Aviel D. Rubin, Norman Loren Schryer
-
Publication number: 20130163757Abstract: A system and method are provided for use in establishing secure end-to-end communication links over a VPN gateway via a network interface unit. Illustrative embodiments include establishing and providing secure communication relationships between users (customers) and companies for e-commerce and other business purposes. Each company's data and linkage to users remaining private and secure from the other participating companies as well as from the general public over the Internet. Login by user with network interface units, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Required authentication exchanges and required encryption key exchanges facilitate the secure communications. Financial arrangements regarding the provisioning and use of network interface units are also disclosed.Type: ApplicationFiled: June 22, 2012Publication date: June 27, 2013Inventors: Steven Michael Bellovin, Thomas Joseph Killian, Bruce LaRose, Aviel D. Rubin, Norman Loren Schryer
-
Patent number: 8261069Abstract: Encryption with keys that form an Abelian group are used in combination with a semi-trusted party that converts queries that are encrypted with the key of a querier to queries that are encrypted with the key of the encrypted database, without knowing the actual keys. In an illustrative embodiment, encryption is done with Bloom filters that employ Pohlig-Hellman encryption. Since the querier's key is not divulged, neither the semi-trusted party nor the publisher of the database can see the original queries. Provision can be made for fourth party “warrant servers”, as well as “censorship sets” that limit the data to be shared.Type: GrantFiled: June 18, 2009Date of Patent: September 4, 2012Inventors: Steven Michael Bellovin, William Roberts Cheswick
-
Patent number: 8239531Abstract: A system and method are provided for use in establishing secure end-to-end communication links over a VPN gateway via a network interface unit. Illustrative embodiments include establishing and providing secure communication relationships between users (customers) and companies for e-commerce and other business purposes. Each company's data and linkage to users remaining private and secure from the other participating companies as well as from the general public over the Internet. Login by user with network interface units, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Required authentication exchanges and required encryption key exchanges facilitate the secure communications. Financial arrangements regarding the provisioning and use of network interface units are also disclosed.Type: GrantFiled: September 16, 2002Date of Patent: August 7, 2012Assignee: AT&T Intellectual Property II, L.P.Inventors: Steven Michael Bellovin, Thomas Joseph Killian, Bruce LaRose, Aviel D. Rubin, Norman Loren Schryer
-
Publication number: 20120179840Abstract: A distributed transformation network provides delivery of content from a content publisher to a content recipient. Content from the content publisher is received at an entry node of the distributed transformation network and transmitted to a transformation node in the distributed transformation network. The content is transformed according to publisher, recipient or network administrator specifications and transmitting to delivery nodes which deliver the transformed content to the content recipient. The published content may be in an XML-based format and transformed into an XML-related format or any other structured language format as desired in the provided specification.Type: ApplicationFiled: March 26, 2012Publication date: July 12, 2012Applicant: AT&T Intellectual Property II, L.P.Inventors: David Gerald Belanger, Steven Michael Bellovin, Maria F. Fernandez, Robert J. Hall, Charles Robert Kalmanek, JR., Divesh Srivastava, Kathleen McKenna
-
Patent number: 8145793Abstract: A distributed transformation network provides delivery of content from a content publisher to a content recipient. Content from the content publisher is received at an entry node of the distributed transformation network and transmitted to a transformation node in the distributed transformation network. The content is transformed according to publisher, recipient or network administrator specifications and transmitting to delivery nodes which deliver the transformed content to the content recipient. The published content may be in an XML-based format and transformed into an XML-related format or any other structured language format as desired in the provided specification.Type: GrantFiled: November 1, 2004Date of Patent: March 27, 2012Assignee: AT&T Intellectual Property II, L.P.Inventors: David Gerald Belanger, Steven Michael Bellovin, Maria F. Fernandez, Robert J. Hall, Charles Robert Kalmanek, Jr., Kathleen McKenna, Divesh Srivastava
-
Patent number: 8107479Abstract: A system and method for providing telephony and high-speed data access over a broadband access network, comprising a network interface unit (NIU) coupled to a backup local exchange carrier (LEC) line, the broadband access network coupled to the NIU, an intermediate point-of-presence (IPOP) coupled to the broadband access network, and at least one external access network coupled to the IPOP. The system also provides for a fail-safe mode in which the NIU supports the LEC line for lifeline services.Type: GrantFiled: November 10, 2003Date of Patent: January 31, 2012Assignee: AT&T Intellectual Property II, L.P.Inventors: Steven Michael Bellovin, Joseph Henry Condon, Richard Vandervoort Cox, Alexander Gibson Fraser, Charles Robert Kalmanek, Jr., Alan Edward Kaplan, Thomas Joseph Killian, William Todd Marshall, Peter Z. Onufryk, Kadangode K. Ramakrishnan, Norman Loren Schryer
-
Patent number: 8037167Abstract: The present invention is a method and apparatus for counting the number of active hosts behind network address translation boxes. The technique is based on the observation that on many operating systems, the IP header's ID field is a simple counter. By suitable processing of trace data, packets emanating from individual machines can be isolated, and the number of machines determined.Type: GrantFiled: December 24, 2002Date of Patent: October 11, 2011Assignee: AT&T Intellectual Property II, LPInventor: Steven Michael Bellovin
-
Publication number: 20100250969Abstract: Encryption with keys that form an Abelian group are used in combination with a semi-trusted party that converts queries that are encrypted with the key of a querier to queries that are encrypted with the key of the encrypted database, without knowing the actual keys. In an illustrative embodiment, encryption is done with Bloom filters that employ Pohlig-Hellman encryption. Since the querier's key is not divulged, neither the semi-trusted party nor the publisher of the database can see the original queries. Provision can be made for fourth party “warrant servers”, as well as “censorship sets” that limit the data to be shared.Type: ApplicationFiled: June 18, 2009Publication date: September 30, 2010Inventors: Steven Michael Bellovin, William Roberts Cheswick
-
Publication number: 20100120414Abstract: A method and apparatus for anticipating communication interruption. If, during an established call between two communication devices, a telecommunication device determines that a communication link to one of the devices will be interrupted, either temporarily or permanently, the device predicts the interruption in the communication link. The device may send a message, as pre-determined by at least one of the communication device, to the communication device of the predicted or pending call drop or interruption. After the interruption the previously established call is resumed. If a reconnection attempt is appropriate, then the device will attempt to reconnect to the dropped device. If a reconnection attempt is not appropriate, or if the reconnection attempt is unsuccessful, the non-dropped communication device is connected, as predetermined by either of the communication devices, to an appropriate connection, such as, to a voice mail.Type: ApplicationFiled: January 21, 2010Publication date: May 13, 2010Applicant: AT&T MOBILITY II LLCInventor: Steven Michael Bellovin
-
Patent number: 7676224Abstract: A method and apparatus for anticipating communication interruption. If, during an established call between two communication devices, a telecommunication device determines that a communication link to one of the devices will be interrupted, either temporarily or permanently, the device predicts the interruption in the communication link. The device may send a message, as pre-determined by at least one of the communication device, to the communication device of the predicted or pending call drop or interruption. After the interruption the previously established call is resumed. If a reconnection attempt is appropriate, then the device will attempt to reconnect to the dropped device. If a reconnection attempt is not appropriate, or if the reconnection attempt is unsuccessful, the non-dropped communication device is connected, as predetermined by either of the communication devices, to an appropriate connection, such as, to a voice mail.Type: GrantFiled: July 6, 2001Date of Patent: March 9, 2010Assignee: AT&T Mobility II LLCInventor: Steven Michael Bellovin
-
Patent number: 7558970Abstract: Encryption with keys that form an Abelian group are used in combination with a semi-trusted party that converts queries that are encrypted with the key of a querier to queries that are encrypted with the key of the encrypted database, without knowing the actual keys. In an illustrative embodiment, encryption is done with Bloom filters that employ Pohlig-Hellman encryption. Since the querier's key is not divulged, neither the semi-trusted party nor the publisher of the database can see the original queries. Provision can be made for fourth party “warrant servers”, as well as “censorship sets” that limit the data to be shared.Type: GrantFiled: January 8, 2005Date of Patent: July 7, 2009Assignee: AT&T Corp.Inventors: Steven Michael Bellovin, William Roberts Cheswick
-
Patent number: 7227843Abstract: The present invention permits a network service provider to detect an operational condition—such as congestion—in a packet-switched network and to alleviate such congestion by providing customer incentives to avoid use of the network. The detection mechanism triggers an incentive such as the modification of the user's access charges and the customer can be immediately notified of either the occurrence of the congestion or of information regarding the incentive. Usage of the network during congested periods can be deterred by imposing additional access charges during such periods—similarly, customers can be given a discount to encourage usage during periods of low congestion. An incentive schedule can be tailored to dynamically change the usage patterns of the customers of the network to accommodate the operational conditions in the network.Type: GrantFiled: February 24, 2003Date of Patent: June 5, 2007Assignee: AT&T Corp.Inventors: David Gerald Belanger, Steven Michael Bellovin, Ramon Caceres, David C. Nagel
-
Patent number: 7051365Abstract: A method and apparatus for a implementing a distributed firewall is described. A packet filter processor receives a packet sent from a first device to a second device. The packet filter processor authenticates an identifier for the packet. For example, authentication could be performed using a cryptographically-verifiable identifier. The packet filter processor determines whether to send the packet to the second device, based on the authentication and a set of policy rules. The packet filter processor sends the packet to the second device in accordance with the determination.Type: GrantFiled: June 30, 1999Date of Patent: May 23, 2006Assignee: AT&T Corp.Inventor: Steven Michael Bellovin
-
Patent number: 7035410Abstract: The broadband telephony interface is provisioned by receiving information authenticating a provisioning server, establishing a communication channel between the user and the provisioning server over which is transmitted authorization information from the user to the provisioning server, and encrypting and transmitting a cryptographic key associated with the user to the provisioning server. The cryptographic key can be a symmetric key or a public key corresponding to a private key stored in the broadband telephony interface. The cryptographic key can be utilized to generate other keys which are utilized to secure communication channels for the telephony service. The broadband telephony interface advantageously can be implemented as untrusted hardware or software that is installed by a customer.Type: GrantFiled: March 1, 2000Date of Patent: April 25, 2006Assignee: AT&T Corp.Inventors: William A. Aiello, Steven Michael Bellovin, Charles Robert Kalmanek, Jr., William Todd Marshall, Aviel D. Rubin
-
Patent number: 6870845Abstract: A call between a first network associated with a calling party and a second network associated with a called party is connected. The source address for packets associated with the call arc translated. The packets are sent from the calling party to the called party without the called party receiving the source address that indicates at least one from the group of a logical identity of the calling party and a geographical identity of the calling party.Type: GrantFiled: August 4, 1999Date of Patent: March 22, 2005Assignee: AT&T Corp.Inventors: Steven Michael Bellovin, Charles Robert Kalmanek, Jr., William Todd Marshall, Partho Pratim Mishra, Douglas M Nortz, Kadangode K. Ramakrishnan
-
Publication number: 20040123139Abstract: Traffic over a secure link or tunnel is filtered to block packets that do not conform to specified requirements for the tunnel. In one embodiment, a private network, such as an ISP network, includes a filter for blocking packets not associated with an IPSec VPN tunnel. The ISP network and/or one or both of the tunnel endpoints can include monitoring modules for detecting the presence of packets that should have been blocked by the filter.Type: ApplicationFiled: December 18, 2002Publication date: June 24, 2004Applicant: AT&T Corp.Inventors: William A. Aiello, Steven Michael Bellovin, Evan Stephen Crandall, Alan Edward Kaplan, David P. Kormann, Aviel D. Rubin, Norman Loren Schryer