Patents by Inventor Craig Partridge
Craig Partridge has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230396556Abstract: According to at least one aspect of the present disclosure, a method for grouping constituent flows of a multiplexed or tunneled flow is provided. The method comprises receiving one or more packets of the multiplexed flow; responsive to receiving the one or more packets, determining one or more attributes of the one or more packets of the multiplexed flow; determining, based on the one or more attributes, a predicted state of a next packet of the multiplexed flow; receiving the next packet; responsive to receiving the next packet, determining whether the next packet has an observed state that is similar to the predicted state; and responsive to determining that the observed state is similar to the predicted state, grouping the packet with the constituent flow.Type: ApplicationFiled: February 15, 2023Publication date: December 7, 2023Inventors: Christophe Jean-Claude Merlin, Prithwish Basu, Souradip Roy, Craig Partridge, Aisha Yousuf
-
Patent number: 8732330Abstract: A system for performing packet based data communications over a parallel set of sublinks is provided. A transmitter unit separates the sublinks into an available set of sublinks and a busy set of sublinks. This transmitter avoids processing delays by utilizing sublinks in the available sublink set and not waiting for sublinks in the busy sublink set to be released. To receive the packets, a receiver unit utilizes a sequence number associated with each packet. Accordingly, the receiver extracts the one or more packets of data received in parallel over the set of sublinks in sequential order. A packet window buffer is used to store packets in sequence if they are initially received out of order. The receiver utilizes a sliding window to provide packets in continuous sequential order and transmits the packets serially over a single communication link.Type: GrantFiled: March 12, 2002Date of Patent: May 20, 2014Assignees: Verizon Corporate Services Group Inc., Level 3 Communications, LLC, Raytheon BBN Technologies Corp.Inventor: Craig Partridge
-
Means of mitigating denial of service attacks on IP fragmentation in high performance IPSEC gateways
Patent number: 8688979Abstract: Embodiments of the invention reduce the probability of success of a DOS attack on a node receiving packets by decreasing the probability of random collisions of packets sent by a malicious user with those sent by honest users. The probability of random collisions may be reduced in one class of embodiments of the invention by supplementing the identification field of the IP header of each transmitted packet with at least one bit from another field of the header. The probability of random collisions may be reduced in another class of embodiments of the invention by ensuring that packets sent from a transmitting IPsec node to a receiving IPsec node are not fragmented.Type: GrantFiled: March 4, 2011Date of Patent: April 1, 2014Assignees: Verizon Corporate Services Group Inc., Raytheon BBN Technologies Corp.Inventors: Craig Partridge, Walter Clark Milliken, David Patrick Mankins -
Patent number: 8595818Abstract: Systems, methods, and devices for decoy routing and covert channel bonding are described. The decoy routing system includes a client computing device, a decoy router, and a decoy proxy such that packets addressed to a decoy destination are re-routed by the decoy router to a covert destination via the decoy proxy. The decoy routing method may be applied to a covert channel bonding process, in which a plurality of packet data streams are sent to one or more decoy destinations, re-routed appropriately via one or more decoy routers and/or decoy proxies, and assembled together into a single packet data stream at either a decoy proxy, or a final covert destination.Type: GrantFiled: June 1, 2011Date of Patent: November 26, 2013Assignee: Raytheon BBN Technologies Corp.Inventors: Josh Forrest Karlin, Gregory Stephen Lauer, Craig Partridge, David Patrick Mankins, William Timothy Strayer
-
Publication number: 20130019309Abstract: Systems and methods are disclosed for determining whether a mission has occurred. The disclosed systems and methods utilize event models that represent a sequence of tasks that an entity could or must take in order to successfully complete the mission. As a specific example, an event model may represent the sequence of tasks a malicious insider may complete in order to exfiltrate sensitive information. Most event models include certain tasks that must be accomplished in order for the insider to successfully exfiltrate an organization's sensitive information. Many of the observable tasks in the attack models can be monitored using relatively little information, such as the source, time, and type of the communication. The monitored information is utilized in a traceback search through the event model for occurrences of the tasks of the event model to determine whether the mission that the event model represents occurred.Type: ApplicationFiled: July 12, 2011Publication date: January 17, 2013Applicant: RAYTHEON BBN TECHNOLOGIES CORP.Inventors: William Timothy Strayer, Craig Partridge, Alden Warren Jackson, Stephen Henry Polit
-
Publication number: 20130014261Abstract: A system (200) detects transmission of potentially malicious packets. The system (200) receives, or otherwise observes, packets and generates hash values based on variable-sized blocks of the packets. The system (200) then compares the generated hash values to hash values associated with prior packets. The system (200) determines that one of the received packets is a potentially malicious packet when one or more of the generated hash values associated with the received packet match one or more of the hash values associated with the prior packets.Type: ApplicationFiled: September 14, 2012Publication date: January 10, 2013Applicant: STRAGENT, LLCInventors: Walter Clark Millliken, William Timothy Strayer, Stephen Douglas Milligan, Luis Sanchez, Craig Partridge
-
Publication number: 20120311691Abstract: Systems, methods, and devices for decoy routing and covert channel bonding are described. The decoy routing system includes a client computing device, a decoy router, and a decoy proxy such that packets addressed to a decoy destination are re-routed by the decoy router to a covert destination via the decoy proxy. The decoy routing method may be applied to a covert channel bonding process, in which a plurality of packet data streams are sent to one or more decoy destinations, re-routed appropriately via one or more decoy routers and/or decoy proxies, and assembled together into a single packet data stream at either a decoy proxy, or a final covert destination.Type: ApplicationFiled: June 1, 2011Publication date: December 6, 2012Applicant: Raytheon BBN Technologies Corp.Inventors: Josh Forrest Karlin, Gregory Stephen Lauer, Craig Partridge, David Patrick Mankins, William Timothy Strayer
-
Patent number: 8272060Abstract: A system (200) detects transmission of potentially malicious packets. The system (200) receives, or otherwise observes, packets and generates hash values based on variable-sized blocks of the packets. The system (200) then compares the generated hash values to hash values associated with prior packets. The system (200) determines that one of the received packets is a potentially malicious packet when one or more of the generated hash values associated with the received packet match one or more of the hash values associated with the prior packets.Type: GrantFiled: April 18, 2010Date of Patent: September 18, 2012Assignee: Stragent, LLCInventors: Walter Clark Milliken, William Timothy Strayer, Stephen Douglas Milligan, Luis Sanchez, Craig Partridge
-
Patent number: 8166549Abstract: A system (200) detects transmission of potentially malicious packets. The system (200) receives, or otherwise observes, packets and generates hash values based on variable-sized blocks of the packets. The system (200) then compares the generated hash values to hash values associated with prior packets. The system (200) determines that one of the received packets is a potentially malicious packet when one or more of the generated hash values associated with the received packet match one or more of the hash values associated with the prior packets.Type: GrantFiled: April 18, 2010Date of Patent: April 24, 2012Assignee: Stragent, LLCInventors: Walter Clark Milliken, William Timothy Strayer, Stephen Douglas Milligan, Luis Sanchez, Craig Partridge
-
Publication number: 20110173386Abstract: An arithmetic logic unit (140) improves the processing of information. The arithmetic logic unit (140) includes a register unit (250), a ternary content addressable memory (260), and an operations unit (270).Type: ApplicationFiled: March 24, 2011Publication date: July 14, 2011Applicant: Stragent, LLCInventors: Walter Clark Milliken, Craig Partridge, Alden W. Jackson
-
MEANS OF MITIGATING DENIAL OF SERVICE ATTACKS ON IP FRAGMENTATION IN HIGH PERFORMANCE IPSEC GATEWAYS
Publication number: 20110161664Abstract: Embodiments of the invention reduce the probability of success of a DOS attack on a node receiving packets by decreasing the probability of random collisions of packets sent by a malicious user with those sent by honest users. The probability of random collisions may be reduced in one class of embodiments of the invention by supplementing the identification field of the IP header of each transmitted packet with at least one bit from another field of the header. The probability of random collisions may be reduced in another class of embodiments of the invention by ensuring that packets sent from a transmitting IPsec node to a receiving IPsec node are not fragmented.Type: ApplicationFiled: March 4, 2011Publication date: June 30, 2011Inventors: Craig Partridge, Walter Clark Milliken, David Patrick Mankins -
Publication number: 20110153982Abstract: Systems and methods are disclosed for collecting data from cores of a multi-core processor using collection packets. A collection packet can traverse through cores of the multi-core processor while accumulating requested data. Upon completing the accumulation of the requested data from all required cores, the collection packet can be transmitted to a system operator for system maintenance and/or monitoring.Type: ApplicationFiled: December 21, 2009Publication date: June 23, 2011Applicant: BBN TECHNOLOGIES CORP.Inventor: Craig Partridge
-
Patent number: 7924728Abstract: The invention relates to a transport protocol and associated methods and stack architectures for improving the energy efficiency of transmitting packets through an ad hoc network. The protocol controls transmissions by taking into account per-packet energy limits, per-node loss tolerances, and/or minimum availability rates determined based on path quality measurements collected by packets traversing the network and application reliability requirements associated with various applications.Type: GrantFiled: August 24, 2007Date of Patent: April 12, 2011Assignee: Raytheon BBN Technologies CorpInventors: Niky Riga, Abraham I. Matta, Alberto Antonio Medina, Craig Partridge, Jason Keith Redi, Isidro Marcos Castineyra
-
Means of mitigating denial of service attacks on IP fragmentation in high performance IPsec gateways
Patent number: 7921285Abstract: Embodiments of the invention reduce the probability of success of a DOS attack on a node receiving packets by decreasing the probability of random collisions of packets sent by a malicious user with those sent by honest users. The probability of random collisions may be reduced in one class of embodiments of the invention by supplementing the identification field of the IP header of each transmitted packet with at least one bit from another field of the header. The probability of random collisions may be reduced in another class of embodiments of the invention by ensuring that packets sent from a transmitting IPsec node to a receiving IPsec node are not fragmented.Type: GrantFiled: November 14, 2003Date of Patent: April 5, 2011Assignees: Verizon Corporate Services Group Inc., Raytheon BBN Technologies Corp.Inventors: Craig Partridge, Walter Clark Milliken, David Patrick Mankins -
Publication number: 20100205671Abstract: A system (200) detects transmission of potentially malicious packets. The system (200) receives, or otherwise observes, packets and generates hash values based on variable-sized blocks of the packets. The system (200) then compares the generated hash values to hash values associated with prior packets. The system (200) determines that one of the received packets is a potentially malicious packet when one or more of the generated hash values associated with the received packet match one or more of the hash values associated with the prior packets.Type: ApplicationFiled: April 18, 2010Publication date: August 12, 2010Applicant: Azure Networks, LLCInventors: Walter Clark Milliken, William Timothy Strayer, Stephen Douglas Milligan, Luis Sanchez, Craig Partridge
-
Publication number: 20100205672Abstract: A system (126-129) detects transmission of potentially malicious packets. The system (126-129) receives packets and generates hash values corresponding to each of the packets. The system (126-129) may then compare the generated hash values to hash values corresponding to prior packets. The system (126-129) determines that one of the packets is a potentially malicious packet when the generated hash value corresponding to the one packet matches one of the hash values corresponding to one of the prior packets and the one prior packet was received within a predetermined amount of time of the one packet. The system (126-129) may also facilitate the tracing of the path taken by a potentially malicious packet. In this case, the system (126-129) may receive a message that identifies a potentially malicious packet, generate hash values from the potentially malicious packet, and determine whether one or more of the generated hash values match hash values corresponding to previously-received packets.Type: ApplicationFiled: April 18, 2010Publication date: August 12, 2010Applicant: Azure Networks, LLCInventors: Walter Clark Milliken, William Timothy Strayer, Stephen Douglas Milligan, Luis Sanchez, Craig Partridge
-
Publication number: 20100205670Abstract: A system and method for performing source path isolation in a network. The system comprises an intrusion detection system (IDS), a source path isolation server (SS1) and at least one router configured to operate as a source path isolation router (SR1) operating within an autonomous system. When IDS detects a malicious packet, a message is sent to SS1. SS1 in turn generates a query message (QM) containing at least a portion of the malicious packet. Then, QM is sent to participating routers located one hop away. SR1 uses the query message to determine if it has observed the malicious packet by comparing it with locally stored information about packets having passed through SR1. SR1 sends a reply to SS1, and SS1 uses the reply to identify the ingress point into the network of the malicious packet.Type: ApplicationFiled: April 18, 2010Publication date: August 12, 2010Applicant: Azure Networks, LLCInventors: Walter Clark Milliken, William Timothy Strayer, Stephen Douglas Milligan, Luis Sanchez, Craig Partridge
-
Publication number: 20090207838Abstract: An arithmetic logic unit (140) improves the processing of information. The arithmetic logic unit (140) includes a register unit (250), a ternary content addressable memory (260), and an operations unit (270).Type: ApplicationFiled: April 28, 2009Publication date: August 20, 2009Inventors: Walter Clark Milliken, Craig Partridge, Alden W. Jackson
-
Patent number: 7574597Abstract: A system acquires information about communication among wired or wireless nodes [110, 210] in a network [100, 200] by intercepting chunks of data in the network by a wired or wireless tap [120, 220] located among the wired or wireless nodes [110, 210] in the network. Characteristic information [400] about the intercepted chunks of data may be obtained. The characteristic information may include times of arrival [410] of the chunks of data at the wired or wireless tap [120, 220] and identifiers of wired or wireless source nodes [420] that sent the chunks of data. At least one signal may be constructed to represent the characteristic information over time.Type: GrantFiled: August 5, 2002Date of Patent: August 11, 2009Assignee: BBN Technologies Corp.Inventors: David B. Cousins, Craig Partridge, W. Timothy Strayer, Rajesh Krishnan, Tushar Saxena
-
Publication number: 20090182867Abstract: A system and method for identifying target packets in a network. The invention identifies packets by computing a hash value over at least a portion of a packet passing through a network device such as a router. The hash value is used as an address, or index, into a memory. The hash value identifies a unique memory address and a flag is set at the respective memory location. When a target packet is detected elsewhere in a network, the network device receives a query message containing a hash value of the target packet. The network device compares the target packet to the hash values in memory. A match between the hash value in memory and the hash value in the query message indicates the target packet was observed by the network device. After a match is detected, the network device makes a reply available to the network.Type: ApplicationFiled: October 10, 2008Publication date: July 16, 2009Inventors: Walter Clark Milliken, William Timothy Strayer, Stephen Douglas Milligan, Luis Sanchez, Craig Partridge