Patents by Inventor Ellen K. Lin

Ellen K. Lin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9338183
    Abstract: Method for communicating in a computer network from a first node (101, 102, 103) in the network to a second node (136, 138), not in the network. A virtual identity is selected for the first node. The virtual identity is comprised of one or more session identity parameters used for representing the first node during a static communication session with the second node. The session identity parameters used during the static communication session are excluded from a coordinated variation of identity parameters for nodes within the network. In response to determining an occurrence of at least one communication security threat with respect to the static communication session, the method further involves adaptively modifying the virtual identity assigned to the first node by changing at least one of the session identity parameters.
    Type: Grant
    Filed: November 18, 2013
    Date of Patent: May 10, 2016
    Assignee: Harris Corporation
    Inventors: Ryan E. Sharpe, Christopher T. Dowin, Ellen K. Lin, Ashley M. Kopman, Wayne B. Smith
  • Patent number: 9264496
    Abstract: Method for communicating in a computer network from a first node (101, 102, 103) in the network to a second node (136, 138), not in the network. A virtual identity is manually selected for the first node. The virtual identity is comprised of one or more session identity parameters used for representing the first node during a static communication session with the second node. The session identity parameters used during the static communication session are excluded from a coordinated variation of identity parameters for nodes within the network. In response to determining an occurrence of at least one communication security threat with respect to the static communication session, the method further involves adaptively modifying the virtual identity assigned to the first node by changing at least one of the session identity parameters.
    Type: Grant
    Filed: January 13, 2014
    Date of Patent: February 16, 2016
    Assignee: Harris Corporation
    Inventors: Ryan E. Sharpe, Christopher T. Dowin, Ellen K. Lin, Ashley M. Kopman, Wayne B. Smith
  • Patent number: 9154458
    Abstract: Systems (1900) and methods (2300, 2400) for use in a network node (1901-1903). The methods involve: receiving a Data Communication (“DC”) from Data Link Layer Software (“DLLS”); identifying an IDentity Parameter (“IDP”) contained in DC which comprises a False Value (“FV”) specifying false information about the node or DC; obtaining a True Value (“TV”) specifying true information about the node or DC; replacing the FV with the TV to generate a modified DC; and forwarding the modified DC to Network Layer Software (“NLS”). The methods also involve: receiving a Data Unit (“DU”) from NLS comprising a Transport Layer Header (“TLH”) and a Network Layer Header (“NLH”) including TVs specifying true information about the node or FDU; obtaining a FV which specifies false information about the node or FDU; replacing a TV of DU with the FV so as to form a Modified Data Unit (“MDU”); and forwarding MDU to DLLS.
    Type: Grant
    Filed: May 1, 2012
    Date of Patent: October 6, 2015
    Assignee: Harris Corporation
    Inventors: Wayne B. Smith, Charles Powers, Ellen K. Lin, Christopher T. Dowin, Ryan E. Sharpe
  • Patent number: 9075992
    Abstract: Systems (100) and methods (2100) for identifying, deterring and/or delaying malicious attacks being waged on a Computer Network (“CN”). The methods involve implementing a Mission Plan (“MP”) at a first Network Node (“NN”). MP (1900, 1902) specifies that: a first IDentity Parameter (“IDP”) for a second NN has numerous possible values associated therewith; and at least two possible values are to be used in communications to and from the second NN in different timeslots of a time frame (2020-2026). At the first NN, a value for the first IDP, which is contained in a received packet, is compared with the possible values specified in MP to determine if the value is a “correct” value for a current timeslot. If it is determined that the value is not “correct” for the current timeslot, then the first NN performs actions to identify, deter or delay a possible malicious attack on CN.
    Type: Grant
    Filed: May 1, 2012
    Date of Patent: July 7, 2015
    Assignee: Harris Corporation
    Inventors: Wayne B. Smith, Ellen K. Lin
  • Publication number: 20150143516
    Abstract: Method for communicating in a computer network from a first node (101, 102, 103) in the network to a second node (136, 138), not in the network. A virtual identity is selected for the first node. The virtual identity is comprised of one or more session identity parameters used for representing the first node during a static communication session with the second node. The session identity parameters used during the static communication session are excluded from a coordinated variation of identity parameters for nodes within the network. In response to determining an occurrence of at least one communication security threat with respect to the static communication session, the method further involves adaptively modifying the virtual identity assigned to the first node by changing at least one of the session identity parameters.
    Type: Application
    Filed: November 18, 2013
    Publication date: May 21, 2015
    Applicant: HARRIS CORPORATION
    Inventors: RYAN E. SHARPE, Christopher T. Dowin, Ellen K. Lin, Ashley M. Kopman, Wayne B. Smith
  • Publication number: 20150142985
    Abstract: Method for communicating in a computer network from a first node (101, 102, 103) in the network to a second node (136, 138), not in the network. A virtual identity is manually selected for the first node. The virtual identity is comprised of one or more session identity parameters used for representing the first node during a static communication session with the second node. The session identity parameters used during the static communication session are excluded from a coordinated variation of identity parameters for nodes within the network. In response to determining an occurrence of at least one communication security threat with respect to the static communication session, the method further involves adaptively modifying the virtual identity assigned to the first node by changing at least one of the session identity parameters.
    Type: Application
    Filed: January 13, 2014
    Publication date: May 21, 2015
    Applicant: HARRIS CORPORATION
    Inventors: Ryan E. Sharpe, Christopher T. Dowin, Ellen K. Lin, Ashley M. Kopman, Wayne B. Smith
  • Patent number: 8959573
    Abstract: A method and apparatus for processing data messages in a dynamic computer network is disclosed. The method includes implementing a mission plan specifying a message type, a message generation location, and a message distance vector for false messages, receiving a data message that includes a plurality of identity parameters, and determining a message type and a message distance vector for the received message. The network device is configured to generate false messages and process received messages. If the message type is a false message and the distance vector of the false message has been exhausted, the data message is dropped. If the distance vector of the false message has not been exhausted, transmitting the false message in accordance with the mission plan.
    Type: Grant
    Filed: May 1, 2012
    Date of Patent: February 17, 2015
    Assignee: Harris Corporation
    Inventors: Wayne B. Smith, Charles Powers, Ellen K. Lin, Christopher T. Dowin, Ryan E. Sharpe
  • Publication number: 20130298227
    Abstract: Systems (1900) and methods (2300, 2400) for use in a network node (1901-1903). The methods involve: receiving a Data Communication (“DC”) from Data Link Layer Software (“DLLS”); identifying an IDentity Parameter (“IDP”) contained in DC which comprises a False Value (“FV”) specifying false information about the node or DC; obtaining a True Value (“TV”) specifying true information about the node or DC; replacing the FV with the TV to generate a modified DC; and forwarding the modified DC to Network Layer Software (“NLS”). The methods also involve: receiving a Data Unit (“DU”) from NLS comprising a Transport Layer Header (“TLH”) and a Network Layer Header (“NLH”) including TVs specifying true information about the node or FDU; obtaining a FV which specifies false information about the node or FDU; replacing a TV of DU with the FV so as to form a Modified Data Unit (“MDU”); and forwarding MDU to DLLS.
    Type: Application
    Filed: May 1, 2012
    Publication date: November 7, 2013
    Applicant: HARRIS CORPORATION
    Inventors: Wayne B. Smith, Charles Powers, Ellen K. Lin, Christopher T. Dowin, Ryan E. Sharpe
  • Publication number: 20130298181
    Abstract: A method and apparatus for processing data messages in a dynamic computer network is disclosed. The method includes implementing a mission plan specifying a message type, a message generation location, and a message distance vector for false messages, receiving a data message that includes a plurality of identity parameters, and determining a message type and a message distance vector for the received message. The network device is configured to generate false messages and process received messages. If the message type is a false message and the distance vector of the false message has been exhausted, the data message is dropped. If the distance vector of the false message has not been exhausted, transmitting the false message in accordance with the mission plan.
    Type: Application
    Filed: May 1, 2012
    Publication date: November 7, 2013
    Applicant: HARRIS CORPORATION
    Inventors: Wayne B. Smith, Charles Powers, Ellen K. Lin, Christopher T. Dowin, Ryan E. Sharpe
  • Publication number: 20130298236
    Abstract: Systems (100) and methods (2100) for identifying, deterring and/or delaying malicious attacks being waged on a Computer Network (“CN”). The methods involve implementing a Mission Plan (“MP”) at a first Network Node (“NN”). MP (1900, 1902) specifies that: a first IDentity Parameter (“IDP”) for a second NN has numerous possible values associated therewith; and at least two possible values are to be used in communications to and from the second NN in different timeslots of a time frame (2020-2026). At the first NN, a value for the first IDP, which is contained in a received packet, is compared with the possible values specified in MP to determine if the value is a “correct” value for a current timeslot. If it is determined that the value is not “correct” for the current timeslot, then the first NN performs actions to identify, deter or delay a possible malicious attack on CN.
    Type: Application
    Filed: May 1, 2012
    Publication date: November 7, 2013
    Applicant: HARRIS CORPORATION
    Inventors: Wayne B. Smith, Ellen K. Lin