Patents by Inventor Chih-Wen Chao
Chih-Wen Chao has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11134054Abstract: Aspects of the present invention disclose a method, computer program product, and system for domain name classification. The method includes one or more processors receiving a request for querying a first domain name. The method further includes one or more processors acquiring a first source internet protocol (IP) address and the first domain name from the request. In response to determining the first domain name is not classified, the method further includes one or more processors an access tendency of the first source IP address based on a plurality of classifications of a plurality of domain names queried by the first source IP address. The method further includes one or more processors estimating a first classification of the first domain name based on the access tendency of the first source IP address.Type: GrantFiled: November 5, 2019Date of Patent: September 28, 2021Assignee: International Business Machines CorporationInventors: Wei-Hsiang Hsiung, Sheng-Tung Hsu, Chih-Wen Chao
-
Patent number: 11121918Abstract: An intelligent network management device including an analytic unit, conducting an analysis according to received packets in order to determine whether a given event is occurred; and a processing unit, generating and sending a control instruction to a SDN controller to change configurations of a SDN switch when the analytic unit determined the given event has been occurred.Type: GrantFiled: November 7, 2017Date of Patent: September 14, 2021Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Ming-Hsun Wu
-
Patent number: 11121871Abstract: A technique to secure a wireless communication link that is being shared among a wireless access point (AP), and each of a set of wireless clients (each a mobile station (STA)) that are coupled to the AP over the communication link. A typical implementation is a WPA2-PSK communication link. In this approach, and in lieu of a single secret key being shared by all AP-STA pairs, each AP-STA pair derives its own unique WLAN shared secret, preferably via a Diffie-Hellman (DH) key exchange. The WLAN shared secret is then used to generate WPA2-PSK keys, namely, pairwise master key (PMK) and pairwise transient key (PTK), that establish an 802.11 standards-compliant secure link.Type: GrantFiled: October 22, 2018Date of Patent: September 14, 2021Assignee: International Business Machines CorporationInventors: Chih-Wei Hsiao, Chih-Wen Chao, Wei-Hsiang Hsiung, Ya-Hsuan Tsai
-
Patent number: 11042384Abstract: Disclosed is a method of customizing an appliance. The method includes steps of pre-storing a public key in the appliance; connecting the appliance to an external storage device; and booting up the appliance to automatically proceed with the following customization process: obtaining a customization file from the external storage device; authenticating the customization file with the public key; and executing customization with the customization file if the authentication succeeds.Type: GrantFiled: May 22, 2019Date of Patent: June 22, 2021Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Gregory L. Galloway, Cheng-Ta Lee, Ming-Hsun Wu, Rick M. F. Wu
-
Patent number: 11032708Abstract: Securing public hotspot communications by: generating a public-private key pair, deriving an SSID using the generated public key, creating a network using the SSID, specifying a network security setting, and providing a Client the SSID and network security settings. Further, by: receiving a network connection request from the Client, establishing a connection with the Client, receiving a probe request from a network access point, sending an authentication message, receiving SSID configuration information from the network access point, associating the SSID network and the network access point, and receiving Client data.Type: GrantFiled: September 26, 2018Date of Patent: June 8, 2021Assignee: International Business Machines CorporationInventors: Chih-Wei Hsiao, Wei-Hsiang Hsiung, Chih-Wen Chao, Sheng Hao Wang
-
Patent number: 11032268Abstract: Embodiments provide a system and method for network tracking. Through various methods of packet encapsulation or IP option filling, one or more packets of information can be tagged with a unique security tag to prevent unauthorized access. A user agent can be validated by an authentication server through acceptance of one or more user credentials. The authentication server can generate a security token that can be transmitted to the user agent. The user agent can generate a keystream from the security token, and portions of that keystream can be attached to the packets as the security tag. The tagged packets can be forwarded to an authenticator, who can recreate the keystream from a copy of the security token provided by the authentication server. If the tags generated from the authenticator match the tags on the tagged packet, the authenticator can strip the tag from the tagged packet and forward the packet on to its next network address.Type: GrantFiled: April 11, 2019Date of Patent: June 8, 2021Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Ming-Hsun Wu
-
Publication number: 20210136029Abstract: Aspects of the present invention disclose a method, computer program product, and system for domain name classification. The method includes one or more processors receiving a request for querying a first domain name. The method further includes one or more processors acquiring a first source internet protocol (IP) address and the first domain name from the request. In response to determining the first domain name is not classified, the method further includes one or more processors an access tendency of the first source IP address based on a plurality of classifications of a plurality of domain names queried by the first source IP address. The method further includes one or more processors estimating a first classification of the first domain name based on the access tendency of the first source IP address.Type: ApplicationFiled: November 5, 2019Publication date: May 6, 2021Inventors: Wei-Hsiang Hsiung, Sheng-Tung Hsu, Chih-Wen Chao
-
Patent number: 10958718Abstract: Optimizing receive side scaling (RSS) key selection is provided. Different weights are assigned to different fields of flow data corresponding to a network connection of a registered client device. A score is generated representing an amount of balanced processor loading for each RSS key corresponding to the registered client device based on the different fields of the flow data with assigned weights. A current RSS key on the registered client device is updated with an optimal RSS key based on the score corresponding to the optimal RSS key representing balanced loading of processors on the registered client device.Type: GrantFiled: October 1, 2019Date of Patent: March 23, 2021Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Wei-Hsiang Hsiung, Kuo-Chun Chen, Ming-Pin Hsueh, Sheng-Tung Hsu
-
Patent number: 10915374Abstract: Embodiments pertain to facilitation of live migration of a virtual machine in a network system. During live migration, a first appliance is cloned and state information directed to a first network flow is obtained. The state information is utilized by the cloned appliance to re-direct operations associated with the first network flow. At such time as the first network flow is terminated, the cloned is removed.Type: GrantFiled: September 14, 2018Date of Patent: February 9, 2021Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Cheng-Ta Lee, Wei-Shiau Suen, Travis Wu, Lun Pin Yuan
-
Patent number: 10917418Abstract: A data packet is received. The data packet is a unit of data transmitted across a packet-switched network. A determination is made whether a new connection is detected. The data packet is transmitted using the new connection. In response to determining that a new connection is detected, a connection context for the new connection is added to a current connection context in a dynamic event table. The dynamic event table includes the current connection context, one or more previous connection contexts, and a listing of one or more events. Each event of the one or more events is a malicious activity and is retrieved from a repository. A score for each event is calculated based on the current connection context. Each event in the dynamic event table is prioritized based on the calculated score for each event. The event with the highest score receives the highest priority.Type: GrantFiled: June 12, 2019Date of Patent: February 9, 2021Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Hsin-Yu Chuang, Ming-Pin Hsueh, Sheng-Wei Lee
-
Publication number: 20200127829Abstract: A technique to secure a wireless communication link that is being shared among a wireless access point (AP), and each of a set of wireless clients (each a mobile station (STA)) that are coupled to the AP over the communication link. A typical implementation is a WPA2-PSK communication link. In this approach, and in lieu of a single secret key being shared by all AP-STA pairs, each AP-STA pair derives its own unique WLAN shared secret, preferably via a Diffie-Hellman (DH) key exchange. The WLAN shared secret is then used to generate WPA2-PSK keys, namely, pairwise master key (PMK) and pairwise transient key (PTK), that establish an 802.11 standards-compliant secure link.Type: ApplicationFiled: October 22, 2018Publication date: April 23, 2020Applicant: International Business Machines CorporationInventors: Chih-Wei Hsiao, Chih-Wen Chao, Wei-Hsiang Hsiung, Ya-Hsuan Tsai
-
Publication number: 20200100107Abstract: Securing public hotspot communications by: generating a public-private key pair, deriving an SSID using the generated public key, creating a network using the SSID, specifying a network security setting, and providing a Client the SSID and network security settings. Further, by: receiving a network connection request from the Client, establishing a connection with the Client, receiving a probe request from a network access point, sending an authentication message, receiving SSID configuration information from the network access point, associating the SSID network and the network access point, and receiving Client data.Type: ApplicationFiled: September 26, 2018Publication date: March 26, 2020Inventors: Chih-Wei Hsiao, Wei-Hsiang Hsiung, Chih-Wen Chao, Sheng Hao Wang
-
Publication number: 20200036776Abstract: Optimizing receive side scaling (RSS) key selection is provided. Different weights are assigned to different fields of flow data corresponding to a network connection of a registered client device. A score is generated representing an amount of balanced processor loading for each RSS key corresponding to the registered client device based on the different fields of the flow data with assigned weights. A current RSS key on the registered client device is updated with an optimal RSS key based on the score corresponding to the optimal RSS key representing balanced loading of processors on the registered client device.Type: ApplicationFiled: October 1, 2019Publication date: January 30, 2020Inventors: Chih-Wen Chao, Wei-Hsiang Hsiung, Kuo-Chun Chen, Ming-Pin Hsueh, Sheng-Tung Hsu
-
Patent number: 10469569Abstract: Optimizing receive side scaling (RSS) key selection is provided. Different weights are assigned to different fields of flow data corresponding to a network connection of a registered client device. A score is generated representing an amount of balanced processor loading for each RSS key corresponding to the registered client device based on the different fields of the flow data with assigned weights. A current RSS key on the registered client device is updated with an optimal RSS key based on the score corresponding to the optimal RSS key representing balanced loading of processors on the registered client device.Type: GrantFiled: March 22, 2018Date of Patent: November 5, 2019Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Wei-Hsiang Hsiung, Kuo-Chun Chen, Ming-Pin Hsueh, Sheng-Tung Hsu
-
Patent number: 10454946Abstract: Selecting a receive side scaling (RSS) key is provided. It is determined whether a defined time interval expired. In response to determining that the defined time interval has expired, it is determined whether one or more keys in a set of randomly generated candidate RSS keys have a higher packet distribution score than an active RSS key. In response to determining that one or more keys in the set of randomly generated candidate RSS keys have a higher packet distribution score than the active RSS key, an RSS key having a highest packet distribution score is selected from the one or more keys in the set of randomly generated candidate RSS keys that have a higher packet distribution score than the active RSS key. The RSS key having the highest packet distribution score is used to distribute incoming network packets across a plurality of processors.Type: GrantFiled: November 14, 2017Date of Patent: October 22, 2019Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Kuo-Chun Chen, Wei-Hsiang Hsiung, Sheng-Tung Hsu, Ming-Pin Hsueh
-
Publication number: 20190297098Abstract: A data packet is received. The data packet is a unit of data transmitted across a packet-switched network. A determination is made whether a new connection is detected. The data packet is transmitted using the new connection. In response to determining that a new connection is detected, a connection context for the new connection is added to a current connection context in a dynamic event table. The dynamic event table includes the current connection context, one or more previous connection contexts, and a listing of one or more events. Each event of the one or more events is a malicious activity and is retrieved from a repository. A score for each event is calculated based on the current connection context. Each event in the dynamic event table is prioritized based on the calculated score for each event. The event with the highest score receives the highest priority.Type: ApplicationFiled: June 12, 2019Publication date: September 26, 2019Inventors: Chih-Wen Chao, Hsin-Yu Chuang, Ming-Pin Hsueh, Sheng-Wei Lee
-
Publication number: 20190297138Abstract: Optimizing receive side scaling (RSS) key selection is provided. Different weights are assigned to different fields of flow data corresponding to a network connection of a registered client device. A score is generated representing an amount of balanced processor loading for each RSS key corresponding to the registered client device based on the different fields of the flow data with assigned weights. A current RSS key on the registered client device is updated with an optimal RSS key based on the score corresponding to the optimal RSS key representing balanced loading of processors on the registered client device.Type: ApplicationFiled: March 22, 2018Publication date: September 26, 2019Inventors: Chih-Wen Chao, Wei-Hsiang Hsiung, Kuo-Chun Chen, Ming-Pin Hsueh, Sheng-Tung Hsu
-
Patent number: 10419447Abstract: Selecting a receive side scaling (RSS) key is provided. It is determined whether a defined time interval expired. In response to determining that the defined time interval has expired, it is determined whether one or more keys in a set of randomly generated candidate RSS keys have a higher packet distribution score than an active RSS key. In response to determining that one or more keys in the set of randomly generated candidate RSS keys have a higher packet distribution score than the active RSS key, an RSS key having a highest packet distribution score is selected from the one or more keys in the set of randomly generated candidate RSS keys that have a higher packet distribution score than the active RSS key. The RSS key having the highest packet distribution score is used to distribute incoming network packets across a plurality of processors.Type: GrantFiled: October 11, 2017Date of Patent: September 17, 2019Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Kuo-Chun Chen, Wei-Hsiang Hsiung, Sheng-Tung Hsu, Ming-Pin Hsueh
-
Publication number: 20190278613Abstract: Disclosed is a method of customizing an appliance. The method includes steps of pre-storing a public key in the appliance; connecting the appliance to an external storage device; and booting up the appliance to automatically proceed with the following customization process: obtaining a customization file from the external storage device; authenticating the customization file with the public key; and executing customization with the customization file if the authentication succeeds.Type: ApplicationFiled: May 22, 2019Publication date: September 12, 2019Inventors: Chih-Wen Chao, Gregory L. Galloway, Cheng-Ta Lee, Ming-Hsun Wu, Rick M. F. Wu
-
Patent number: 10397247Abstract: A data packet is received. The data packet is a unit of data transmitted across a packet-switched network. A determination is made whether a new connection is detected. The data packet is transmitted using the new connection. In response to determining that a new connection is detected, a connection context for the new connection is added to a current connection context in a dynamic event table. The dynamic event table includes the current connection context, one or more previous connection contexts, and a listing of one or more events. Each event of the one or more events is a malicious activity and is retrieved from a repository. A score for each event is calculated based on the current connection context. Each event in the dynamic event table is prioritized based on the calculated score for each event. The event with the highest score receives the highest priority.Type: GrantFiled: August 16, 2016Date of Patent: August 27, 2019Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Hsin-Yu Chuang, Ming-Pin Hsueh, Sheng-Wei Lee