Patents by Inventor Ian Herwono

Ian Herwono has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20200302052
    Abstract: A computer implemented method to identify a computer security threat based on communication via a computer network includes receiving a definition of acceptable network communication characteristics for each of a plurality of communication protocols; receiving a first set of security events for the communication, each security event including network communication characteristics for the communication; for each security event in the first set of security events: a) identifying a communication protocol associated with the event; b) detecting deviations of network communication characteristics of the event from the acceptable network communication characteristics for the identified communication protocol; and c) generating a record of each deviation identifying a communication characteristic for which the deviation is detected, so as to generate a set of one or more records of deviation for the first set of security events; and storing the set of records of deviation as a security threat identifier for identify
    Type: Application
    Filed: March 3, 2017
    Publication date: September 24, 2020
    Applicant: British Telecommunications Public Limited Company
    Inventors: Fadi EL-MOUSSA, Ian HERWONO
  • Publication number: 20200296121
    Abstract: A computer implemented method to identify a computer security threat based on communication via a computer network including receiving a definition of acceptable network communication characteristics for each of a plurality of communication protocols; receiving a set of security events for the communication, each security event including network communication characteristics for the communication; for each security event in the set of security events: a) identifying a communication protocol associated with the event; b) detecting deviations of network communication characteristics of the event from the acceptable network communication characteristics for the identified communication protocol; and c) generating a record of each deviation identifying a communication characteristic for which the deviation is detected, and identifying a computer security threat for the communication based on the records generated for the set of security events.
    Type: Application
    Filed: March 3, 2017
    Publication date: September 17, 2020
    Applicant: British Telecommunications Public Limited Company
    Inventors: Fadi EL-MOUSSA, Ian HERWONO
  • Patent number: 10747886
    Abstract: A computer implemented method to determine whether a target virtual machine (VM) in a virtualized computing environment is susceptible to a security attack, the method comprising: training a machine learning algorithm as a classifier based on a plurality of training data items, each training data item corresponding to a training VM and including a representation of parameters for a configuration of the training VM and a representation of characteristics of security attacks for the training VM; generating a data structure for storing one or more relationships between VM configuration parameters and attack characteristics, wherein the data structure is generated by sampling the trained machine learning algorithm to identify the relationships; determining a set of configuration parameters for the target VM; and identifying attack characteristics in the data structure associated with configuration parameters of the target VM as characteristics of attacks to which the target VM is susceptible.
    Type: Grant
    Filed: August 15, 2017
    Date of Patent: August 18, 2020
    Assignee: British Telecommunication Public Limited Company
    Inventors: Fadi El-Moussa, Ian Herwono
  • Patent number: 10623419
    Abstract: A computer implemented method to generate a classification scheme for configuration parameters of virtual machines (VMs) in a virtualized computing environment including: training a machine learning algorithm as a classifier based on a plurality of training data items, each training data item corresponding to a training VM and including a representation of parameters for a configuration of the training VM and a representation of characteristics of security attacks for the training VM; and generating a data structure for storing one or more relationships between VM configuration parameters and attack characteristics, wherein the data structure is generated by sampling the trained machine learning algorithm to identify the relationships.
    Type: Grant
    Filed: August 15, 2017
    Date of Patent: April 14, 2020
    Assignee: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
    Inventors: Fadi El-Moussa, Ian Herwono
  • Patent number: 10484402
    Abstract: A computer implemented method to identify one or more parameters of a configuration of a target virtual machine (VM) in a virtualized computing environment used in a security attack against the target VM, the security attack exhibiting a particular attack characteristic, is disclosed.
    Type: Grant
    Filed: August 15, 2017
    Date of Patent: November 19, 2019
    Assignee: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
    Inventors: Fadi El-Moussa, Ian Herwono
  • Patent number: 10482245
    Abstract: A computer implemented method to determine a configuration of a target virtual machine (VM) in a virtualized computing environment to protect against a security attack exhibiting a particular attack characteristic.
    Type: Grant
    Filed: August 15, 2017
    Date of Patent: November 19, 2019
    Assignee: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
    Inventors: Fadi El-Moussa, Ian Herwono
  • Publication number: 20190188392
    Abstract: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.
    Type: Application
    Filed: July 25, 2017
    Publication date: June 20, 2019
    Applicant: British Telecommunications Public Limited Company
    Inventors: Fadi EL-MOUSSA, Ian HERWONO
  • Publication number: 20180091531
    Abstract: A computer implemented method to generate a classification scheme for configuration parameters of virtual machines (VMs) in a virtualized computing environment including: training a machine learning algorithm as a classifier based on a plurality of training data items, each training data item corresponding to a training VM and including a representation of parameters for a configuration of the training VM and a representation of characteristics of security attacks for the training VM; and generating a data structure for storing one or more relationships between VM configuration parameters and attack characteristics, wherein the data structure is generated by sampling the trained machine learning algorithm to identify the relationships.
    Type: Application
    Filed: August 15, 2017
    Publication date: March 29, 2018
    Inventors: Fadi EL-MOUSSA, Ian HERWONO
  • Publication number: 20180060582
    Abstract: A computer implemented method to determine a configuration of a target virtual machine (VM) in a virtualized computing environment to protect against a security attack exhibiting a particular attack characteristic.
    Type: Application
    Filed: August 15, 2017
    Publication date: March 1, 2018
    Inventors: Fadi EL-MOUSSA, Ian HERWONO
  • Publication number: 20180060581
    Abstract: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.
    Type: Application
    Filed: August 15, 2017
    Publication date: March 1, 2018
    Inventors: Fadi EL-MOUSSA, Ian HERWONO
  • Publication number: 20180060575
    Abstract: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.
    Type: Application
    Filed: August 15, 2017
    Publication date: March 1, 2018
    Inventors: Fadi EL-MOUSSA, Ian HERWONO
  • Publication number: 20180054451
    Abstract: A computer implemented method to identify one or more parameters of a configuration of a target virtual machine (VM) in a virtualized computing environment used in a security attack against the target VM, the security attack exhibiting a particular attack characteristic, is disclosed.
    Type: Application
    Filed: August 15, 2017
    Publication date: February 22, 2018
    Inventors: Fadi EL-MOUSSA, Ian HERWONO
  • Publication number: 20180053002
    Abstract: A computer implemented method to determine whether a target virtual machine (VM) in a virtualized computing environment is susceptible to a security attack, the method comprising: training a machine learning algorithm as a classifier based on a plurality of training data items, each training data item corresponding to a training VM and including a representation of parameters for a configuration of the training VM and a representation of characteristics of security attacks for the training VM; generating a data structure for storing one or more relationships between VM configuration parameters and attack characteristics, wherein the data structure is generated by sampling the trained machine learning algorithm to identify the relationships; determining a set of configuration parameters for the target VM; and identifying attack characteristics in the data structure associated with configuration parameters of the target VM as characteristics of attacks to which the target VM is susceptible.
    Type: Application
    Filed: August 15, 2017
    Publication date: February 22, 2018
    Inventors: Fadi EL-MOUSSA, Ian HERWONO
  • Patent number: 9870470
    Abstract: A multi-stage event detector for monitoring a system to detect the occurrence of multistage events in the monitored system, the multi-stage event detector includes: one or more event detecting detector units (142, 144) for detecting observable events occurring on the monitored system; one or more parameter generating detector units (152, 154) for generating parameter values which vary over time dependent on the behavior of the monitored system; a hidden state determiner (120) for determining a likely sequence of states of interest of the system based on the outputs of the one or more event detecting detector units; and a transition determiner (130) for determining a likely transition occurrence based on a comparison of a set of values of a parameter or set of parameters generated by one or more of the one or more parameter generating detector units with a plurality of pre-specified functions or sets of values of a corresponding parameter or set of parameters associated with different transition occurrences.
    Type: Grant
    Filed: March 31, 2014
    Date of Patent: January 16, 2018
    Assignee: British Telecommunications PLC
    Inventors: Ian Herwono, Zhan Cui, Ben Azvine, Martin Brown, Karl Smith
  • Patent number: 9836600
    Abstract: A multi-stage event detector for monitoring a system, the multi-stage event detector including: a process generator operable to generate main and sub-processes, each main and sub-process being operable to generate and initiate a detection agent each of which is operable to be triggered by detecting the occurrence of a trigger event and to report back to its generating process or sub-process upon being so triggered. Each process or sub-process is operable to respond to receipt of a report from a triggered detection agent by reporting the detection of a multi-stage event to an overall controller.
    Type: Grant
    Filed: March 31, 2014
    Date of Patent: December 5, 2017
    Assignee: British Telecommunications PLC
    Inventors: Ian Herwono, Zhan Cui
  • Patent number: 9521149
    Abstract: Methods may be used by a Multi Radio Resource Management function for assisting the control of a User Terminal's access to an access network domain in a radio communications network. The MRRM function is arranged to communicate with a first radio access network domain to which a first authorization entity, A1, authorizes UTs access, and to communicate with at least a second radio access network domain to which a second authorization entity, A2, authorizes UTs access. The methods include receiving at least one radio resource information message, RRIM, from the second access network domain, the message comprising at least one parameter value, X2, of at least one radio resource parameter, P2, related to the traffic load and/or the radio resource consumption and/or the characteristics of at least one radio traffic channel, associated with said second access network domain.
    Type: Grant
    Filed: June 28, 2005
    Date of Patent: December 13, 2016
    Assignee: Telefonaktiebolaget LM Ericsson (Publ)
    Inventors: Joachim Sachs, Ian Herwono
  • Publication number: 20160055334
    Abstract: A multi-stage event detector for monitoring a system, the multi-stage event detector including: a process generator operable to generate main and sub-processes, each main and sub-process being operable to generate and initiate a detection agent each of which is operable to be triggered by detecting the occurrence of a trigger event and to report back to its generating process or sub-process upon being so triggered. Each process or sub-process is operable to respond to receipt of a report from a triggered detection agent by reporting the detection of a multi-stage event to an overall controller.
    Type: Application
    Filed: March 31, 2014
    Publication date: February 25, 2016
    Inventors: Ian HERWONO, Zhan CUI
  • Publication number: 20160055335
    Abstract: A multi-stage event detector for monitoring a system to detect the occurrence of multistage events in the monitored system, the multi-stage event detector includes: one or more event detecting detector units (142, 144) for detecting observable events occurring on the monitored system; one or more parameter generating detector units (152, 154) for generating parameter values which vary over time dependent on the behaviour of the monitored system; a hidden state determiner (120) for determining a likely sequence of states of interest of the system based on the outputs of the one or more event detecting detector units; and a transition determiner (130) for determining a likely transition occurrence based on a comparison of a set of values of a parameter or set of parameters generated by one or more of the one or more parameter generating detector units with a plurality of pre-specified functions or sets of values of a corresponding parameter or set of parameters associated with different transition occurrences.
    Type: Application
    Filed: March 31, 2014
    Publication date: February 25, 2016
    Inventors: Ian HERWONO, Zhan CUI, Ben AZVINE, Martin BROWN, Karl SMITH
  • Patent number: 8948137
    Abstract: A method is disclosed for assisting a handover of a data session from a first routing path, associated with a first access network, to an alternative routing path, associated with an alternative access network. Data is routed over the first access network to a UT by binding a session identifier to a first routing identifier. The session identifier and the first routing identifier are defined in accordance with a standard protocol routing scheme of the first access network. The method comprises receiving a capability message uniquely identifying the UT according to both a standard protocol routing scheme of said first access network, and an alternative standard protocol routing scheme of said alternative access network. The method further comprises creating an alternative routing identifier complying with the alternative standard protocol routing scheme, associating the alternative routing identifier with the UT, and associating the session identifier with the alternative routing identifier.
    Type: Grant
    Filed: August 4, 2011
    Date of Patent: February 3, 2015
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Joachim Sachs, Ian Herwono
  • Patent number: 8800013
    Abstract: A method of authenticating a user to a service provider by means of an authentication provision unit, the method comprising: in a first stage of the method: receiving credentials from a user; determining whether the credentials received from the user represent a valid logon; and if that determination is positive: generating at least one network address comprising a domain address and at least one instance parameter, the instance parameter uniquely identifying the user and the instance of generation of the network address; and providing the network address to the user; and in a second stage of the method: receiving a parameter from a service provider; determining whether the received parameter indicates a valid attempt to log on to the service provider by checking that the received parameter matches an instance parameter that has previously been issued to a user and that has not previously been received from a service provider; and if that determination is positive: signalling to the service provider over a se
    Type: Grant
    Filed: February 19, 2009
    Date of Patent: August 5, 2014
    Assignee: British Telecommunications public limited company
    Inventors: James E Jones, Ian Herwono