Patents Examined by Morshed Mehedi
  • Patent number: 11075947
    Abstract: A network security method is provided. The method includes obtaining, at a network security device, first network traffic from a network device destined for a potential attacker; determining if the first network traffic is suspicious; when the first network traffic is determined to be suspicious: generating second network traffic based on the context of the network device and the first network traffic; providing the second network traffic to the potential attacker; obtaining, from the potential attacker, third network traffic in response to the second network traffic; and designating the potential attacker as malicious based on the third network traffic is disclosed. An apparatus and one or more non-transitory computer readable storage media are also disclosed.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: July 27, 2021
    Inventors: Samir Dilipkumar Saklikar, Vishnu V P, Srivatsa M S, Pujitha Venkata Saranya Eedupalli, Hrvoje Dogan
  • Patent number: 11063752
    Abstract: Methods, systems, and computer readable media for utilizing predetermined encryption keys in a test simulation environment are disclosed. In one embodiment, a method includes generating, prior to an initiation of an Internet protocol security (IPsec) test session, a private key and a public key at a traffic emulation device and storing the private key and the public key in a local storage associated with the traffic emulation device. The method further includes retrieving, from the local storage, the private key and the public key upon the initiation of the IPsec test session between the traffic emulation device and a device under test (DUT) and generating a shared secret key utilizing the retrieved private key and a DUT public key received from the DUT.
    Type: Grant
    Filed: August 29, 2013
    Date of Patent: July 13, 2021
    Assignee: Keysight Techhnologies Singapore (Sales) Pte. Ltd.
    Inventors: Andrei Cipu, Alexandru R. Badea, George Ciobanu
  • Patent number: 11063910
    Abstract: Disclosed herein are enhancements for operating a web application firewall to reduce load. In one implementation, a method of operating a content server for a web application comprising running a web accelerator with a plurality of threads on the content server. The method further provides receiving a request for content which will be provided to a web application, filtering the request and determining that the content will be requested from a second server. After determining that the content will be requested from a second server, reviewing the request with a web application firewall operating at a network layer 7, forwarding the request, receiving the content, and providing the content. Further, the web application firewall is controlled by a plurality of sets of rules, which can be updated without restarting the web accelerator.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: July 13, 2021
    Assignee: Fastly, Inc.
    Inventors: Artur Bergman, Sean Leach, Tyler McMullen, Christian Peron, Federico Schwindt, Eric Hodel
  • Patent number: 11057223
    Abstract: The communication system includes a communication buffer and a communication terminal. The communication buffer includes a physical unclonable function (PUF) device, and the communication buffer provides a security key generated by the PUF device. The communication terminal is coupled to the communication buffer, and transmits a mapping request to the communication buffer to ask for the security key. The communication terminal manipulates the transmission data with the security key to generate the encrypted data, and transmits the encrypted data to the communication buffer. The communication buffer further restores the transmission data from the encrypted data according to the security key.
    Type: Grant
    Filed: October 11, 2018
    Date of Patent: July 6, 2021
    Assignee: eMemory Technology Inc.
    Inventors: Meng-Yi Wu, Hsin-Ming Chen
  • Patent number: 11055415
    Abstract: Provided are mechanisms and processes for computational risk analysis and intermediation. Security practices information characterizing security measures in place at a first computing system may be received from the first computing system via a network. Computing services interaction information characterizing data transmitted from a second computing system to the first computing system may be received from the second computing system via the network. A processor may determine a risk profile for the first computing system based on the security practices information. Based on the risk profile and the computing services interaction information, the processor may then determine an estimate of the information security risk associated with transmitting the data from the second computing system to the first computing system. A risk assessment message including the estimate of the information security risk may be transmitted to the second computing system.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: July 6, 2021
    Inventors: Russell Sherman, Paul Valente
  • Patent number: 11055401
    Abstract: Technologies for untrusted code execution include a computing device having a processor with sandbox support. The computing device executes code included in a native domain in a non-privileged, native processor mode. The computing device may invoke a sandbox jump processor instruction during execution of the code in the native domain to enter a sandbox domain. The computing device executes code in the sandbox domain in a non-privileged, sandbox processor mode in response to invoking the sandbox jump instruction. While executing in the sandbox processor mode, the processor denies access to memory outside of the sandbox domain and may deny execution of one or more prohibited instructions. From the sandbox domain, the computing device may execute a sandbox exit instruction to exit the sandbox domain and resume execution in the native domain. The computing device may execute processor instructions to configure the sandbox domain. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: July 6, 2021
    Inventors: Mingwei Zhang, Mingqiu Sun, Ravi L. Sahita, Chunhui Zhang, Xiaoning Li
  • Patent number: 11048782
    Abstract: One embodiment provides a method, including: receiving, at a non-personal information handling device, user characteristic data associated with a user; determining, using a processor and based on the user characteristic data, an identity of the user; and providing, based on the determining, a user identification notification. Other aspects are described and claimed.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: June 29, 2021
    Assignee: Lenovo (Singapore) Pte. Ltd.
    Inventors: Russell Speight VanBlon, Kevin Wayne Beck, Thorsten Peter Stremlau
  • Patent number: 11050748
    Abstract: Systems and methods are provided for providing web-based authentication for non-web based clients. The systems and methods include receiving, from a non-web based client, a request to connect to a target resource and invoking a web navigation application. The web navigation application can execute remotely from the client on a server and a display of the web navigation application can be provided to the non-web based client. The web navigation application can be directed to an identity provider an can receive, from the client, in response to the display of the web navigation application, authentication information. The web navigation application can receive, from the identity provider, a result of an authentication of the client based on the authentication information. Whether to permit the requested connection to the target resource can then be determined based on the result of the authentication of the client.
    Type: Grant
    Filed: March 13, 2018
    Date of Patent: June 29, 2021
    Assignee: CyberArk Software Ltd.
    Inventors: Elad Shtivi, Shlomi Benita, Yaron Nisimov
  • Patent number: 11050714
    Abstract: A new network security device/appliance is proposed to not only protect, but also to control and operate an industrial IoT device. Specifically, the network security device is configured to detect and block cyber attacks such as viruses, hacking attempts, and other types of cyber threats launched from an outside network against the industrial IoT device based on a set of configurable rules. In addition, the network security device is further configured to control and operate the industrial IoT device remotely in response to the cyber attacks by issuing and communicating certain instructions/command to the industrial IoT device. Besides accepting and executing control command from the network security device, the industrial IoT device is also configured to send a request to the network security device to make certain adjustments to the rules concerning network traffic directed to the industrial IoT device.
    Type: Grant
    Filed: October 25, 2018
    Date of Patent: June 29, 2021
    Assignee: Barracuda Networks, Inc.
    Inventors: Martin Weisshaupt, Reinhard Staudacher, Christoph Rauchegger
  • Patent number: 11050726
    Abstract: A current operating system that is stored in a persistent storage circuit of a secure element is replaced by receiving a set of migration rules that specify changes to a set of data object types. Based upon the set of migration rules, a migration engine identifies data objects stored in a persistent storage circuit and corresponding to the set of data object types. For each of the identified data objects: a subset of the migration rules are selected that correspond to a data object type that corresponds to a particular data object, and based upon the selected subset, the particular data object is transformed. A new operating system can then be enabled.
    Type: Grant
    Filed: April 4, 2016
    Date of Patent: June 29, 2021
    Assignee: NXP B.V.
    Inventors: Andreas Lessiak, Josef Fruehwirth, Jozsef Jelenka, Harald Schlatte-Schatte, Alexandre Frey
  • Patent number: 11044270
    Abstract: A distributed security system and method are disclosed that enable access to known threat events from threat intelligence feeds when the system includes public cloud components. A cloud-based security policy system stores observable events for security incidents detected by and sent from user devices within an enterprise network. The observable events include observable indicators for characterizing the observable events. The threat events within the feeds include threat indicators for characterizing the threat events. An on-premises connector within the enterprise network downloads the observable indicators from the security policy system and the threat indicators from the feeds. In response to determining that any observable indicators match any threat indicators, the on-premises connector provides access to the threat events and/or the observable events having the matching indicators.
    Type: Grant
    Filed: March 13, 2017
    Date of Patent: June 22, 2021
    Assignee: Carbon Black, Inc.
    Inventors: Jeffrey Albin Kraemer, Sanket Choksey, Ranganathan Gopalan
  • Patent number: 11044093
    Abstract: The systems, methods and apparatuses described herein provide a computing device that is configured to attest itself to a communication partner. In one aspect, the computing device may comprise a communication port configured to receive an attestation request from the communication partner, and an application-specific integrated circuit (ASIC). The ASIC may be configured to receive the attestation request, which may include a nonce. The ASIC may be further configured to generate a verification value, capture data representing a state of computation of the ASIC when the verification value is being generated, and send the verification value and captured data to the communication port to be transmitted back to the communication partner. The verification value may be a computation result of a predefined function taking the nonce as an initial value. In another aspect, the communication partner may be configured to attest the computing device using speed of computation attestation.
    Type: Grant
    Filed: January 4, 2019
    Date of Patent: June 22, 2021
    Assignee: OlogN Technologies AG
    Inventor: Sergey Ignatchenko
  • Patent number: 11036833
    Abstract: An image processing system includes circuitry. The circuitry accepts, from a user, an input of information to be registered. The circuitry registers the inputted information as registered information. The circuitry generates tracing data to be used for tracing the registered information. The circuitry outputs the tracing data. The circuitry associates access authorization to an access log for the registered information with the tracing data. The circuitry accepts an input of the tracing data. The circuitry acquires the access log that is associated with the inputted tracing data, and displays the acquired access log.
    Type: Grant
    Filed: June 27, 2017
    Date of Patent: June 15, 2021
    Assignee: RICOH COMPANY, LTD.
    Inventor: Takao Okamura
  • Patent number: 11032269
    Abstract: Method and system for secure access from a security device at a local network location to a remote network location are disclosed. At the security device having a unique identifier (UID), processor, and memory, a security software is obtained from a remote network location, the security software obtaining a personal identification number (PIN) of a user, and the UID of the security device. The PIN, the UID and the private security software are forwarded to the remote network location for generating a credential code, including encrypting the credential code. At the security device, the credential code is obtained from the remote network location, and authenticity of the PIN and the UID is verified, without communicating over a network, including decrypting the credential code. Upon verifying the authenticity of the PIN and the UID, access credentials to the remote network location are retrieved.
    Type: Grant
    Filed: June 3, 2019
    Date of Patent: June 8, 2021
    Inventors: Nicolas Johannes Sebastian Bettenburg, Randy Kuang
  • Patent number: 11032076
    Abstract: A system and method may simplify API design maintenance by providing an interface for configuring cryptographic parameters in the development of secure APIs to allow configuring MLE and X-Pay parameters, testing MLE and X-Pay-supported APIs, and directly viewing decrypted output of APIs which requires MLE. Rather than a pre-configured key store or creating a key store for each API, the system may refer to stored credentials and certificates to make, Mutual SSL and X-Pay token calls within the developer playground and create the key store programmatically. The configuration may be saved in a JSON format so that it may be reused at a later stage for retesting and also may allow saving the complete configuration including credentials, end point, request and response payload so that there is no need to update credentials in a centralized place. The solutions described herein may also eliminate sharing the private key over a network.
    Type: Grant
    Filed: June 12, 2019
    Date of Patent: June 8, 2021
    Inventor: Jaishankar Kumar Venkataraman
  • Patent number: 11030569
    Abstract: A cloud-based package-exchange-service for package delivery to, and pick-up from, a target vehicle includes a GPS-based proximity module. The GPS-based proximity module receives current GPS coordinates of a package delivery vehicle and of the target vehicle. The GPS-based proximity module stores both GPS coordinates. The GPS-based proximity module monitors a distance between the package delivery vehicle and the target vehicle of the customer. The cloud-based system also has a delivery module in the first server associated with a second database. The delivery module includes one or more lists of local delivery services that include registered individuals to be assigned for package exchange operations. The lists of local delivery services also include package delivery restrictions and conditions including package size, hours of operation, distance to operate, and delivery prices.
    Type: Grant
    Filed: August 22, 2016
    Date of Patent: June 8, 2021
    Assignee: Continental Intelligent Transportation Systems, Inc.
    Inventors: Seval Oz, Tammer Zein-El-Abedein, Yao Zhao
  • Patent number: 11025650
    Abstract: Provided are a multi-pattern policy detection system and method, wherein, in an environment that operates a plurality of policies for determining matching or non-matching by a string or a normalized format, the plurality of policies are expressed by a data structure that is searchable at a time, and are optimized to improve search performance.
    Type: Grant
    Filed: September 21, 2018
    Date of Patent: June 1, 2021
    Assignee: WINS Co., Ltd.
    Inventors: Yong Sig Jin, Ji Yoon Hwang
  • Patent number: 11017091
    Abstract: An example method includes retrieving, based on firmware map data stored in a firmware map, first portions of a system firmware while omitting retrieval of second portions to form a combined portion. The firmware map data is indicative of the first portions of the system firmware that remain unchanged over a normal lifetime of the system firmware, and the firmware map data is also indicative of the second portions of the system firmware that may vary over the normal lifetime of the system firmware. The method further includes calculating at least one master hash code based on the combined portion, and storing the at least one master hash code in a hash code table in association with the firmware map data.
    Type: Grant
    Filed: July 5, 2019
    Date of Patent: May 25, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Erick Gomez, Jason H Fay, Vartan Kasheshian, Uchenna Edeh
  • Patent number: 11019069
    Abstract: Systems and methods for authenticating access to multiple data stores substantially in real-time are disclosed. The system may include a server coupled to a network, a client device in communication with the server via the network and a plurality of data stores. The server may authenticate access to the data stores and forward information from those stores to the client device. An exemplary authentication method may include receipt of a request for access to data. Information concerning access to that data is stored and associated with an identifier assigned to a client device. If the identifier is found to correspond to the stored information during a future request for access to the store, access to that store is granted.
    Type: Grant
    Filed: February 9, 2021
    Date of Patent: May 25, 2021
    Assignee: Seven Networks, LLC
    Inventors: Jay Sutaria, Brian Daniel Gustafson, Robert Paul van Gent, Ruth Lin, David Merriwether, Parvinder Sawhney
  • Patent number: 11005822
    Abstract: In one embodiment, a network policy engine obtains a substation configuration description for a substation, indicative of intelligent electronic devices (IEDs), associated network communication devices, and related communication configuration information. The network policy engine then creates a mapping of the IEDs and the associated network communication devices based on the substation configuration description, associating each of the IEDs to a corresponding network port of the associated network communication devices. The network policy engine may then further create network control parameters based on the substation configuration description, which comprise defined communication flows for the IEDs and associated security group tags (SGTs) for the defined communication flows.
    Type: Grant
    Filed: May 3, 2019
    Date of Patent: May 11, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Robert Edgar Barton, Maik Guenter Seewald, Jerome Henry