Patents by Inventor J. David Irwin
J. David Irwin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10484365Abstract: A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship.Type: GrantFiled: September 17, 2018Date of Patent: November 19, 2019Assignee: AUBURN UNIVERSITYInventors: Chwan-Hwa Wu, J. David Irwin, David Charles Last, Myers Hawkins, Hao Sun
-
Patent number: 10469251Abstract: The present system and method allow for preemptive, self-healing computer security. The system includes a user device processor and a PSS server processor. The two processors perform an initial Data Structure & Key Mutation (DSKM) method and an interval DSKM method at a given interval to protect secret information and prevent its exposure by attackers. When a user requests a site or service that is an attractive target for attackers, such as a bank site or monetary transfer service, the processors perform a Man in the Browser attack prevention method. When a packet is received or generated, the processors perform a Deep Protocol and Stateful Inspection and Prevention method to prevent receipt of malicious packets or the loss of sensitive information. Various forensics modules allow accurate forensic examination of the type, scope, and method of attack, as well as real-time protection of cloud-based services.Type: GrantFiled: May 5, 2017Date of Patent: November 5, 2019Assignee: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Daoqi Hou
-
Publication number: 20190104118Abstract: A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship.Type: ApplicationFiled: September 17, 2018Publication date: April 4, 2019Inventors: Chwan-Hwa WU, J. David IRWIN, David Charles LAST, Myers HAWKINS, Hao SUN
-
Patent number: 10097536Abstract: A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship.Type: GrantFiled: December 7, 2015Date of Patent: October 9, 2018Assignee: AUBURN UNIVERSITYInventors: Chwan-Hwa Wu, J. David Irwin, David Charles Last, Myers Hawkins, Hao Sun
-
Publication number: 20170324555Abstract: The present system and method allow for preemptive, self-healing computer security. The system includes a user device processor and a PSS server processor. The two processors perform an initial Data Structure & Key Mutation (DSKM) method and an interval DSKM method at a given interval to protect secret information and prevent its exposure by attackers. When a user requests a site or service that is an attractive target for attackers, such as a bank site or monetary transfer service, the processors perform a Man in the Browser attack prevention method. When a packet is received or generated, the processors perform a Deep Protocol and Stateful Inspection and Prevention method to prevent receipt of malicious packets or the loss of sensitive information. Various forensics modules allow accurate forensic examination of the type, scope, and method of attack, as well as real-time protection of cloud-based services.Type: ApplicationFiled: May 5, 2017Publication date: November 9, 2017Applicant: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Daoqi Hou
-
Publication number: 20160182486Abstract: A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship.Type: ApplicationFiled: December 7, 2015Publication date: June 23, 2016Inventors: Chwan-Hwa WU, J. David IRWIN, David Charles LAST, Myers HAWKINS, Hao SUN
-
Patent number: 9208335Abstract: A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship.Type: GrantFiled: June 2, 2014Date of Patent: December 8, 2015Assignee: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, David Charles Last, Myers Hawkins, Hao Sun
-
Publication number: 20150082399Abstract: A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship.Type: ApplicationFiled: June 2, 2014Publication date: March 19, 2015Inventors: Chwan-Hwa WU, J. David IRWIN, David Charles LAST, Myers HAWKINS, Hao SUN
-
Patent number: 8510831Abstract: The present disclosure generally pertains to systems and methods for protecting network resources from denial of service attacks. In one exemplary embodiment, a responder stores an access filter value used to determine whether an incoming message frame has been transmitted from an authorized user. In this regard, a user communication device includes logic for determining the access filter value stored at the responder and, includes the access filter value in a message frame transmitted from the computer to the responder. The responder compares the received access filter value to the stored access filter value. If such values match or otherwise correspond, the responder authenticates the message frame. However, if such values do not match or otherwise correspond, the responder discards the message frame. Thus, the responder processes authenticated message frames and discards unauthenticated message frames thereby preventing denial of service attacks from malicious users.Type: GrantFiled: January 19, 2012Date of Patent: August 13, 2013Assignee: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang
-
Patent number: 8261350Abstract: A system for preventing successful denial of service attacks comprises a first communication device, a second communication device, and a network. The first and second communication devices establish a communication session via the network. Based on various information, such as a pre-shared secret, one of the communication devices determines a network access filter value and compares this value to at least one data frame in order to authenticate such data frame without committing significant computing resource and any memory space. By updating the network access filter over time, an unauthorized user who discovers the outdated network access filter values is prevented from successfully launching a denial of service attack.Type: GrantFiled: January 5, 2011Date of Patent: September 4, 2012Assignee: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang, Chun-Ching Huang
-
Publication number: 20120124383Abstract: The present disclosure generally pertains to systems and methods for protecting network resources from denial of service attacks. In one exemplary embodiment, a responder stores an access filter value used to determine whether an incoming message frame has been transmitted from an authorized user. In this regard, a user communication device includes logic for determining the access filter value stored at the responder and, includes the access filter value in a message frame transmitted from the computer to the responder. The responder compares the received access filter value to the stored access filter value. If such values match or otherwise correspond, the responder authenticates the message frame. However, if such values do not match or otherwise correspond, the responder discards the message frame. Thus, the responder processes authenticated message frames and discards unauthenticated message frames thereby preventing denial of service attacks from malicious users.Type: ApplicationFiled: January 19, 2012Publication date: May 17, 2012Applicant: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang
-
Patent number: 8127355Abstract: The present disclosure generally pertains to systems and methods for protecting network resources from denial of service attacks. In one exemplary embodiment, a responder stores an access filter value used to determine whether an incoming message frame has been transmitted from an authorized user. In this regard, a user communication device includes logic for determining the access filter value stored at the responder and includes the access filter value in a message frame transmitted from the computer to the responder. The responder compares the received access filter value to the stored access filter value. If such values match or otherwise correspond, the responder authenticates the message frame. However, if such values do not match or otherwise correspond, the responder discards the message frame. Thus, the responder processes authenticated message frames and discards unauthenticated message frames thereby preventing denial of service attacks from malicious users.Type: GrantFiled: June 1, 2010Date of Patent: February 28, 2012Assignee: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang
-
Patent number: 7937759Abstract: A system for preventing successful denial of service attacks comprises a first communication device, a second communication device, and a network. The first and second communication devices establish a communication session via the network. Based on various information, such as a pre-shared secret, one of the communication devices determines a network access filter value and compares this value to at least one data frame in order to authenticate such data frame without committing significant computing resource and any memory space. By updating the network access filter over time, an unauthorized user who discovers the outdated network access filter values is prevented from successfully launching a denial of service attack.Type: GrantFiled: March 30, 2007Date of Patent: May 3, 2011Assignee: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang, Chun-Ching Huang
-
Publication number: 20110099630Abstract: A system for preventing successful denial of service attacks comprises a first communication device, a second communication device, and a network. The first and second communication devices establish a communication session via the network. Based on various information, such as a pre-shared secret, one of the communication devices determines a network access filter value and compares this value to at least one data frame in order to authenticate such data frame without committing significant computing resource and any memory space. By updating the network access filter over time, an unauthorized user who discovers the outdated network access filter values is prevented from successfully launching a denial of service attack.Type: ApplicationFiled: January 5, 2011Publication date: April 28, 2011Applicant: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang, Chun-Ching Huang
-
Publication number: 20100242112Abstract: The present disclosure generally pertains to systems and methods for protecting network resources from denial of service attacks. In one exemplary embodiment, a responder stores an access filter value used to determine whether an incoming message frame has been transmitted from an authorized user. In this regard, a user communication device includes logic for determining the access filter value stored at the responder and includes the access filter value in a message frame transmitted from the computer to the responder. The responder compares the received access filter value to the stored access filter value. If such values match or otherwise correspond, the responder authenticates the message frame. However, if such values do not match or otherwise correspond, the responder discards the message frame. Thus, the responder processes authenticated message frames and discards unauthenticated message frames thereby preventing denial of service attacks from malicious users.Type: ApplicationFiled: June 1, 2010Publication date: September 23, 2010Applicant: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang
-
Patent number: 7774841Abstract: The present disclosure generally pertains to systems and methods for protecting network resources from denial of service attacks. In one exemplary embodiment, a responder stores an access filter value used to determine whether an incoming message frame has been transmitted from an authorized user. In this regard, a user communication device includes logic for determining the access filter value stored at the responder and includes the access filter value in a message frame transmitted from the computer to the responder. The responder compares the received access filter value to the stored access filter value. If such values match or otherwise correspond, the responder authenticates the message frame. However, if such values do not match or otherwise correspond, the responder discards the message frame. Thus, the responder processes authenticated message frames and discards unauthenticated message frames thereby preventing denial of service attacks from malicious users.Type: GrantFiled: October 1, 2004Date of Patent: August 10, 2010Assignee: Aubum UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang