Patents by Inventor Douglas Wiemer
Douglas Wiemer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8544098Abstract: Security vulnerability information aggregation techniques are disclosed. Vulnerability information associated with one or more security vulnerabilities is obtained from multiple sources and aggregated into respective unified vulnerability definitions for the one or more security vulnerabilities. Aggregation may involve format conversion, content aggregation, or both in some embodiments. Unified vulnerability definitions may be distributed to vulnerability information consumers in accordance with consumer-specific policies. Storage of vulnerability information received from the sources may allow the aggregation process to be performed on existing vulnerability information “retro-actively”. Related data structures and Graphical User Interfaces (GUIs) are also disclosed.Type: GrantFiled: March 2, 2006Date of Patent: September 24, 2013Assignee: Alcatel LucentInventors: Christophe Gustave, Stanley TaiHai Chow, Douglas Wiemer
-
Patent number: 8438643Abstract: Information system service-level security risk analysis systems, methods, and Graphical User Interfaces are disclosed. Assets of an information system that have relationships with a service provided by the information system are identified, and at least one security risk to the service is determined by analyzing security vulnerabilities associated with the identified assets. A consolidated representation of the service is provided, and includes an indication of the determined security risk(s) and an indication of a relationship between the service and at least one of the identified assets. The security risk indication may include indications of multiple security parameters. Security risks may be represented differently depending on whether they arise from a security vulnerability of an asset that has a relationship with the service or a security vulnerability of an asset that has a relationship with the service only through a relationship with an asset that has a relationship with the service.Type: GrantFiled: March 2, 2006Date of Patent: May 7, 2013Assignee: Alcatel LucentInventors: Douglas Wiemer, Christophe Gustave, Stanley TaiHai Chow, Bradley Kenneth McFarlane
-
Patent number: 8204720Abstract: Graph-based modeling apparatus and techniques are disclosed. Based on a model including model nodes that represent components of a modeled system, operational dependencies between model nodes, and model edges that interconnect the nodes and represent relationships between the components in the modeled system, subset computations are performed to compute subsets of the model nodes that can impact operational dependencies between other model nodes. When the model changes, a determination is made as to whether an incremental subset computation should be performed for one or more particular operational dependencies between model nodes in the changed model, and if so, an incremental subset computation is performed. Otherwise, a full subset computation or no subset computation might be performed. In this manner, model changes are considered on a case-by-case basis to determine an extent, if any, to which subsets should be re-computed.Type: GrantFiled: June 1, 2007Date of Patent: June 19, 2012Assignee: Alcatel LucentInventors: Douglas Wiemer, Mohammed Riyas Valiyapalathingal, Louie Kwan, Jennifer Li, Stanley TaiHai Chow
-
Patent number: 8095984Abstract: Systems and methods of associating security vulnerabilities and assets, and related Graphical User Interfaces (GUIs) and data structures, are disclosed. A definition of a security vulnerability, which includes multiple asset characteristics such as an asset platform that may be exploited via the security vulnerability and an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, is compared with definitions of one or more assets of an information system. An association between the security vulnerability and an asset is made if the definition of the asset includes a first asset characteristic of the security vulnerability definition and either the definition of the asset or the definition of another asset that has a relationship with the asset includes a second asset characteristic of the security vulnerability definition. The security vulnerability definition may also identify an asset platform that protects against the vulnerability.Type: GrantFiled: March 2, 2006Date of Patent: January 10, 2012Assignee: Alcatel LucentInventors: Bradley Kenneth McFarlane, Douglas Wiemer, Kevin McNamee
-
Patent number: 8020207Abstract: A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.Type: GrantFiled: January 23, 2007Date of Patent: September 13, 2011Assignee: ALCATEL LUCENTInventors: Stanley TaiHai Chow, Jean-Marc Robert, Kevin McNamee, Douglas Wiemer, Bradley Kenneth McFarlane
-
Publication number: 20110197278Abstract: A malware detection and response system based on traffic pattern anomalies detection is provided, whereby packets associated with a variety of protocols on each port of a network element are counted distinctly for each direction. Such packets include: ARP requests, TCP/SYN requests and acknowledgements, TCP/RST packets, DNS/NETBEUI name lookups, out-going ICMP packets, UDP packets, etc. When a packet causes an individual count or combination of counts to exceed a threshold, appropriate action is taken. The system can be incorporated into the fast path, that is, the data plane, enabling communications systems such as switches, routers, and DSLAMs to have built-in security at a very low cost.Type: ApplicationFiled: January 23, 2007Publication date: August 11, 2011Applicant: ALCATEL LUCENTInventors: Stanley TaiHai Chow, Jean-Marc Robert, Kevin McNamee, Douglas Wiemer, Bradley Kenneth McFarlane
-
Publication number: 20090013404Abstract: When the processing resources of a host system are occupied beyond a trigger point by incoming requests, that host system issues a cool-it message that is broadcast throughout the network, eventually reaching edge routers that, in response to the message, throttle the traffic that they pass into the network. The throttling is applied in increasing amounts with increasing traffic volumes received at the edge routers. The cool-it messages are authenticated to ensure that they are not being used as instruments of a DoS attack. This mechanism also works to control legitimate network congestion, and it does not block users from a host system that is under attack.Type: ApplicationFiled: July 5, 2007Publication date: January 8, 2009Applicant: ALCATEL LUCENTInventors: Stanley TaiHai Chow, Douglas Wiemer, Jean-Marc Robert
-
Publication number: 20080300834Abstract: Graph-based modeling apparatus and techniques are disclosed. Based on a model including model nodes that represent components of a modeled system, operational dependencies between model nodes, and model edges that interconnect the nodes and represent relationships between the components in the modeled system, subset computations are performed to compute subsets of the model nodes that can impact operational dependencies between other model nodes. When the model changes, a determination is made as to whether an incremental subset computation should be performed for one or more particular operational dependencies between model nodes in the changed model, and if so, an incremental subset computation is performed. Otherwise, a full subset computation or no subset computation might be performed. In this manner, model changes are considered on a case-by-case basis to determine an extent, if any, to which subsets should be re-computed.Type: ApplicationFiled: June 1, 2007Publication date: December 4, 2008Inventors: Douglas Wiemer, Mohammed Riyas Valiyapalathingal, Louie Kwan, Jennifer Li, Stanley TaiHai Chow
-
Publication number: 20070109015Abstract: Switched integrated circuit connection architectures and techniques are disclosed. An integrated circuit includes connection segments and switching elements operatively coupled to the connection segments. Any of multiple switchable connections to a functional module of the integrated circuit can be established, as needed, by the switching elements through the connection segments. Protocol termination points associated with functional modules of the integrated circuit may be addressable in an address space that is used on an external connection outside the integrated circuit. An external protocol used on such an external connection may also be supported internally in the integrated circuit by the protocol termination points.Type: ApplicationFiled: November 15, 2005Publication date: May 17, 2007Inventors: Gordon Hanes, Douglas Wiemer
-
Publication number: 20070067848Abstract: Security vulnerability information aggregation techniques are disclosed. Vulnerability information associated with one or more security vulnerabilities is obtained from multiple sources and aggregated into respective unified vulnerability definitions for the one or more security vulnerabilities. Aggregation may involve format conversion, content aggregation, or both in some embodiments. Unified vulnerability definitions may be distributed to vulnerability information consumers in accordance with consumer-specific policies. Storage of vulnerability information received from the sources may allow the aggregation process to be performed on existing vulnerability information “retro-actively”. Related data structures and Graphical User Interfaces (GUIs) are also disclosed.Type: ApplicationFiled: March 2, 2006Publication date: March 22, 2007Inventors: Christophe Gustave, Stanley Chow, Douglas Wiemer
-
Publication number: 20070067846Abstract: Systems and methods of associating security vulnerabilities and assets, and related Graphical User Interfaces (GUIs) and data structures, are disclosed. A definition of a security vulnerability, which includes multiple asset characteristics such as an asset platform that may be exploited via the security vulnerability and an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, is compared with definitions of one or more assets of an information system. An association between the security vulnerability and an asset is made if the definition of the asset includes a first asset characteristic of the security vulnerability definition and either the definition of the asset or the definition of another asset that has a relationship with the asset includes a second asset characteristic of the security vulnerability definition. The security vulnerability definition may also identify an asset platform that protects against the vulnerability.Type: ApplicationFiled: March 2, 2006Publication date: March 22, 2007Applicant: AlcatelInventors: Bradley McFarlane, Douglas Wiemer, Kevin McNamee
-
Publication number: 20070067845Abstract: The invention is directed to providing threat and risk analysis for a network that has a high degree of inter-relationships and interdependencies among the assets comprising it, using a “cut set” enumeration method. The identified cut sets are used as the basis to the threat and risk analysis, since each cut set may affect the traffic between two dependent assets in the network, and thereby affect the security state of the dependent assets themselves. The affected security state may be confidentiality, integrity, availability, or other network or security relevant parameter.Type: ApplicationFiled: September 22, 2005Publication date: March 22, 2007Applicant: ALCATELInventors: Douglas Wiemer, Jean-Marc Robert, Bradley McFarlane, Christophe Gustave, Stanley Chow, Jian Tang
-
Publication number: 20070067847Abstract: Information system service-level security risk analysis systems, methods, and Graphical User Interfaces are disclosed. Assets of an information system that have relationships with a service provided by the information system are identified, and at least one security risk to the service is determined by analyzing security vulnerabilities associated with the identified assets. A consolidated representation of the service is provided, and includes an indication of the determined security risk(s) and an indication of a relationship between the service and at least one of the identified assets. The security risk indication may include indications of multiple security parameters. Security risks may be represented differently depending on whether they arise from a security vulnerability of an asset that has a relationship with the service or a security vulnerability of an asset that has a relationship with the service only through a relationship with an asset that has a relationship with the service.Type: ApplicationFiled: March 2, 2006Publication date: March 22, 2007Applicant: AlcatelInventors: Douglas Wiemer, Christophe Gustave, Stanley Chow, Bradley McFarlane
-
Patent number: 4675804Abstract: A variable gain integrator for controlling the response time of a controlled device so as to control a condition. The condition is sensed and compared to a set point to determine an error representing the difference therebetween. The difference is integrated by the variable gain integrator, the output of which is used to control the controlled device. The control system monitors the rate of change of the sensed condition. When the rate of condition change is less than a reference, the gain of the integrator is increased to decrease the response time of the controlled device.Type: GrantFiled: April 21, 1986Date of Patent: June 23, 1987Assignee: Sundstrand CorporationInventor: Douglas Wiemer
-
Patent number: 4673031Abstract: A variable speed integrator for controlling the response time of a valve which regulates the amount of coolant flowing to a heat exchanger so as to control the temperature of the cooled substance output from the exchanger. The temperature of the cooled substance is sensed and compared to a set point temperature to determine an error temperature representing the difference between the sensed and set point temperatures. The error temperature is integrated by the variable speed integrator, the output of which is used to drive the valve into position. The control system monitors the rate of change of the sensed temperature to determine a low system gain. When the rate of temperature change indicates a low gain system, the gain of the integrator is increased to decrease the response time of the valve.Type: GrantFiled: November 1, 1983Date of Patent: June 16, 1987Assignee: Sundstrand CorporationInventor: Douglas Wiemer