Patents Examined by Ka Shan Choy
  • Patent number: 11563721
    Abstract: Systems and methods for bypassing firewalls using a server management protocol is provided. In various embodiments, a proxy component serves as a “man-in-the-middle” between an edge client and a server client. The proxy component can receive a server connection request from the edge client to connect to a requested server client using a managed network name associated with the server client. The proxy component can establish a proxy connection with the requested server client, and routing data packets between the server client and the edge client. The edge client and the server client are connected without the public advertisement of the private addresses of the edge client and the server client.
    Type: Grant
    Filed: June 21, 2020
    Date of Patent: January 24, 2023
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Christopher Davenport, Kenneth Leach, Jorge Daniel Cisneros, Ivan Farkas
  • Patent number: 11558406
    Abstract: Systems and methods for using a kernel module to provide computer security are provided herein. In some embodiments, a method for providing computer security may include launching a kernel module at the kernel-level of a computing device, redirecting, using the kernel module, communications traffic away from a browser executing on the computing device, decoding, using the kernel module, the received traffic to create decoded traffic, analyzing the decoded traffic, using the kernel module, for content having particular characteristics and create analyzed traffic, encoding, using the kernel module, at least a portion of the analyzed traffic to create encrypted traffic, and directing the encrypted traffic to the browser.
    Type: Grant
    Filed: February 18, 2022
    Date of Patent: January 17, 2023
    Assignee: UAB 360 IT
    Inventors: Ernestas Kulik, Mohamed Adly Amer Elgaafary, Aleksandr {hacek over (S)}ev{hacek over (c)}enko
  • Patent number: 11558353
    Abstract: Embodiments of the present disclosure relate to a method, apparatus, and computer readable medium for providing a security service for a data center. According to the method, a packet terminating at or originating from the data center is received. At least one label is determined for the packet, each label indicating a security requirement for the packet. Based on the at least one label, a security service chain is selected for the packet, the security service chain including an ordered set of security functions deployed in the data center and to be applied to the packet. The packet is transmitted to the selected security service chain in association with the at least one label, the packet being processed by the ordered set of security functions in the security service chain.
    Type: Grant
    Filed: February 6, 2018
    Date of Patent: January 17, 2023
    Assignee: Nokia Technologies Oy
    Inventors: Zhiyuan Hu, Jing Ping, Stephane Mahieu, Yueming Yin
  • Patent number: 11552808
    Abstract: A method and apparatus for generating a dynamic security certificate. The method creates an entropic element from user input, receives metadata from user input and generates a dynamic security certificate using the entropic element and the metadata. The dynamic security certificate is then trusted through user input.
    Type: Grant
    Filed: November 23, 2021
    Date of Patent: January 10, 2023
    Assignee: UAB 360 IT
    Inventor: Emanuelis Norbutas
  • Patent number: 11552970
    Abstract: A threat intelligence gateway (TIG) may protect TCP/IP networks from network (e.g., Internet) threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies may be composed of packet filtering rules with packet-matching criteria derived from cyber threat intelligence (CTI) associated with Internet threats. These CTI-derived packet-filtering rules may be created offline by policy creation and management servers, which may distribute the policies to subscribing TIGs that subsequently enforce the policies on in-transit packets. Each packet filtering rule may specify a disposition that may be applied to a matching in-transit packet, such as deny/block/drop the in-transit packet or pass/allow/forward the in-transit packet, and also may specify directives that may be applied to a matching in-transit packet, such as log, capture, spoof-tcp-rst, etc.
    Type: Grant
    Filed: July 15, 2022
    Date of Patent: January 10, 2023
    Assignee: Centripetal Networks, Inc.
    Inventors: Sean Moore, Jonathan R. Rogers, Vincent Mutolo, Peter P. Geremia
  • Patent number: 11553347
    Abstract: An abnormal traffic analysis apparatus includes receiving means for receiving traffic from a device, analysis means for analyzing whether or not traffic received from the device is abnormal traffic, analysis result recording means for recording a result of analysis performed by the analysis means, and device management means for managing movement of the device between edges. If it is determined by the device management means that a device that is a target of analysis performed by the analysis means moves to an edge, the receiving means creates information for continuing analysis of traffic received from the device and transmits the information to an apparatus for analyzing traffic that is included in the edge to which the device moves.
    Type: Grant
    Filed: March 8, 2019
    Date of Patent: January 10, 2023
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Takafumi Harada, Gembu Morohashi, Hiroki Ito
  • Patent number: 11539701
    Abstract: A computer implemented method of a network access point for secure network access by a mobile computing device, the mobile device being associated with the access point by a digitally signed record in a blockchain wherein the blockchain is accessible via a network and includes a plurality of records validated by miner computing components, the method including receiving a request from another network access point to associate the mobile device with the other access point, the request having associated identification information for the mobile device; responsive to a verification of an entitlement of the mobile device to access the network, generating a new record for storage in the blockchain, the new record associating the mobile device with the other access point and being validated by the miner components such that the other access point provides access to the network for the mobile device based on the validation of the new record.
    Type: Grant
    Filed: June 8, 2018
    Date of Patent: December 27, 2022
    Assignee: British Telecommunications Public Limited Company
    Inventor: Joshua Daniel
  • Patent number: 11533186
    Abstract: A terminal A transmits an owner identity confirmation start request to a terminal B including owner server association information capable of identifying an owner of the terminal and a terminal management server A of the terminal. The terminal B transmits an owner identity confirmation request to the terminal management server B of the terminal, the owner identity confirmation request including the owner server association information received and the owner server association information including information of the terminal B. The terminal management server B transmits, to the terminal management server A, an inter-server owner identity confirmation request including the identity confirmation information of the owner of the terminal B and the owner server association information of the terminal A.
    Type: Grant
    Filed: February 5, 2019
    Date of Patent: December 20, 2022
    Assignee: Nippon Telegraph and Telephone Corporation
    Inventors: Yoshihiko Omori, Takao Yamashita
  • Patent number: 11533326
    Abstract: Techniques are disclosed for summarizing, diagnosing, and correcting the cause of anomalous behavior in computing systems. In some embodiments, a system identifies a plurality of time series that track different metrics over time for a set of one or more computing resources. The system detects a first set of anomalies in a first time series that tracks a first metric and assigns a different respective range of time to each anomaly. The system determines whether the respective range of time assigned to an anomaly overlaps with timestamps or ranges of time associated with anomalies from one or more other time series. The system generates at least one cluster that groups metrics based on how many anomalies have respective ranges of time and/or timestamps that overlap. The system may preform, based on the cluster, one or more automated actions for diagnosing or correcting a cause of anomalous behavior.
    Type: Grant
    Filed: May 1, 2019
    Date of Patent: December 20, 2022
    Assignee: Oracle International Corporation
    Inventors: Sampanna Shahaji Salunke, Dario Bahena Tapia, Dustin Garvey, Sumathi Gopalakrishnan, Neil Goodman
  • Patent number: 11533619
    Abstract: In some embodiments, an exemplary access controlling network architecture may include: a computer platform configured to: receive, from an online entity, an action performance request; request, from an access controlling platform, an expected access control digital key to be presented to the online entity; receive the expected access control digital key; instruct to display the expected access control digital key at a computing device; cause a mobile originating communication, having the expected access control digital key and an identity linked to the computing device; determine a lack of a receipt of the access authentication indicator associated with the online entity from the access controlling platform; and perform, due to, for example, the online entity being a BOT, one of: modifying a visual schema of the online entity, disabling the online entity, or suspending one of: a performance of the online entity or the performance of the action by the online entity.
    Type: Grant
    Filed: May 22, 2022
    Date of Patent: December 20, 2022
    Assignee: STARKEYS LLC
    Inventor: Ari Kahn
  • Patent number: 11503078
    Abstract: An apparatus comprises a processing device configured to receive, at a user interface of a trust platform configured to manage cloud assets operating in clouds of two or more cloud service providers, a specification of security and compliance controls to be implemented for workloads of a given entity running on a subset of the cloud assets. The processing device is also configured to obtain, utilizing application programming interfaces of the trust platform, information characterizing deployed security and compliance controls for the subset of the plurality of cloud assets from first and second pluralities of monitoring tools operating in tenant and management environments of the clouds.
    Type: Grant
    Filed: December 30, 2020
    Date of Patent: November 15, 2022
    Assignee: Virtustream IP Holding Company LLC
    Inventors: Pritesh Parekh, Nicholas Kathmann, Qintao Zhao
  • Patent number: 11489693
    Abstract: A computer implemented method of a network access point for secure network access by a mobile computing device, the mobile device being associated with the access point by a digitally signed record in a blockchain wherein the blockchain is accessible via a network and includes a plurality of records validated by miner computing components, the method including receiving a request from another network access point to associate the mobile device with the other access point, the request having associated identification information for the mobile device; responsive to a verification of an entitlement of the mobile device to access the network, generating a new record for storage in the blockchain, the new record associating the mobile device with the other access point and being validated by the miner components such that the other access point provides access to the network for the mobile device based on the validation of the new record, wherein the network access point provides access to a local network inacces
    Type: Grant
    Filed: June 8, 2018
    Date of Patent: November 1, 2022
    Inventors: Joshua Daniel, Paul Kearney
  • Patent number: 11477223
    Abstract: Methods and systems for the detection, identification, analysis of cybersecurity events in order to support prevention of the persistence of threats, malware or other harmful events are provided. The methods and systems of the present invention enable a user to find similar anomalous network traffic within a single network or across multiple networks. The methods and systems identify and correlate activity in order to analyze potential threats within a network by providing broader contextual information about how those threats relate to other activity within the network or across a sector or country.
    Type: Grant
    Filed: January 15, 2020
    Date of Patent: October 18, 2022
    Assignee: IronNet Cybersecurity, Inc.
    Inventors: Michael Lowney, Phillip Baker Schafer, Alexander Michael Conn, Patrick Collard, Stephen Kinser
  • Patent number: 11477284
    Abstract: A programmable network architecture that employs a software based, modular functional infrastructure with standard interfaces is utilized for mobile core networks. In one aspect, network services and/or functions can be built and addressed as resources that are configured and/or accessed with standard and/or open application program interfaces (APIs). The disclosed network architecture provides real-time and on-demand network configurations and dynamic service provisioning.
    Type: Grant
    Filed: July 21, 2020
    Date of Patent: October 18, 2022
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Qingmin Hu, Brian Daly
  • Patent number: 11470478
    Abstract: Secure communication in mobile digital pages is provided. The system receives an electronic document and validates the electronic document for storage in a cache server. The system receives a request for the electronic document and provides it to a viewer component on a client computing device. The viewer component loads the electronic document in an iframe. The viewer component executes a runtime component to receive, via a secure communication channel, a tag from the electronic document. The system receives the tag and selects a data value for transmission to the viewer component. The viewer components provides the data value to cause the runtime component to execute an action with the data value.
    Type: Grant
    Filed: August 27, 2019
    Date of Patent: October 11, 2022
    Assignee: GOOGLE LLC
    Inventors: Jay Akkad, Nikhil Rao, Anshul Gupta, David Wang, Ian Baker, Neil Dhillon
  • Patent number: 11463461
    Abstract: Techniques for performing unequal sampling are provided. In one technique, multiple scores generated by a prediction model are identified, each score corresponding to a different entity of multiple entities. Multiple buckets are determined, each bucket corresponding to a different range of scores. Each entity is assigned to a bucket based on the score corresponding to the entity. A probability distribution function is generated based on the scores and a number of scores belonging to each bucket. For each entity, a probability of sampling the entity is determined based on the probability distribution function and a score corresponding to the entity. A subset of the entities are sampled based on the probability determined for each entity.
    Type: Grant
    Filed: May 29, 2019
    Date of Patent: October 4, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Wenqian Li, Zhou Jin, Rui Zhao, Xiaosu Huang, Chi-Yi Kuan
  • Patent number: 11451517
    Abstract: A method for secure proxying using trusted execution environment (TEE) technology includes performing, using a TEE running on a proxy, an attestation with a TEE running on a client. The TEE running on the proxy receives from the TEE running on the client a request to fetch data from a remote server. The TEE running on the proxy fetches the data specified in the request from the remote server. The TEE running on the proxy forwards to the TEE running on the client the data fetched from the remote server.
    Type: Grant
    Filed: May 27, 2020
    Date of Patent: September 20, 2022
    Assignee: NEC Corporation
    Inventors: Claudio Soriente, Hien Truong
  • Patent number: 11449331
    Abstract: Disclosed is a vehicular update system including a communication device configured to communicate between a server and a controller included in a vehicle, a memory, and a controller configured to, (i) when a public key set including a root public key for verifying a root signature is stored in the memory, acquire the root signature from the server and verify root metadata based on the acquired root signature and the root public key of the public key set pre-stored in the memory, and configured to, (ii) when the public key set is not stored in the memory, acquire, from the server, root metadata including a public key set and a root signature obtained by performing a digital signature on a hash value of the public key set using a root private key, verify the root metadata based on the root public key of the acquired root metadata and the root signature, and store the public key set.
    Type: Grant
    Filed: January 25, 2018
    Date of Patent: September 20, 2022
    Assignee: LG ELECTRONICS INC.
    Inventors: Junsang Park, Sangwook Lee, Kyusuk Han
  • Patent number: 11444963
    Abstract: A threat intelligence gateway (TIG) may protect TCP/IP networks from network (e.g., Internet) threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies may be composed of packet filtering rules with packet-matching criteria derived from cyber threat intelligence (CTI) associated with Internet threats. These CTI-derived packet-filtering rules may be created offline by policy creation and management servers, which may distribute the policies to subscribing TIGs that subsequently enforce the policies on in-transit packets. Each packet filtering rule may specify a disposition that may be applied to a matching in-transit packet, such as deny/block/drop the in-transit packet or pass/allow/forward the in-transit packet, and also may specify directives that may be applied to a matching in-transit packet, such as log, capture, spoof-tcp-rst, etc.
    Type: Grant
    Filed: March 15, 2022
    Date of Patent: September 13, 2022
    Assignee: Centripetal Networks, Inc.
    Inventors: Sean Moore, Jonathan R. Rogers, Vincent Mutolo, Peter P. Geremia
  • Patent number: 11438351
    Abstract: A threat intelligence gateway (TIG) may protect TCP/IP networks from network (e.g., Internet) threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies may be composed of packet filtering rules with packet-matching criteria derived from cyber threat intelligence (CTI) associated with Internet threats. These CTI-derived packet-filtering rules may be created offline by policy creation and management servers, which may distribute the policies to subscribing TIGs that subsequently enforce the policies on in-transit packets. Each packet filtering rule may specify a disposition that may be applied to a matching in-transit packet, such as deny/block/drop the in-transit packet or pass/allow/forward the in-transit packet, and also may specify directives that may be applied to a matching in-transit packet, such as log, capture, spoof-tcp-rst, etc.
    Type: Grant
    Filed: April 5, 2022
    Date of Patent: September 6, 2022
    Assignee: Centripetal Networks, Inc.
    Inventors: Sean Moore, Jonathan R. Rogers, Vincent Mutolo, Peter P. Geremia