Patents by Inventor Kuo-Chun Chen
Kuo-Chun Chen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240096917Abstract: An image sensor structure includes a semiconductor substrate, a plurality of image sensing elements, a reflective element, and a high-k dielectric structure. The image sensing elements are in the semiconductor substrate. The reflective element is in the semiconductor substrate and between the image sensing elements. The high-k dielectric structure is between the reflective element and the image sensing elements.Type: ApplicationFiled: January 6, 2023Publication date: March 21, 2024Inventors: PO CHUN CHANG, PING-HAO LIN, WEI-LIN CHEN, KUN-HUI LIN, KUO-CHENG LEE
-
Patent number: 11923413Abstract: Semiconductor structures are provided. The semiconductor structure includes a substrate and nanostructures formed over the substrate. The semiconductor structure further includes a gate structure surrounding the nanostructures and a source/drain structure attached to the nanostructures. The semiconductor structure further includes a contact formed over the source/drain structure and extending into the source/drain structure.Type: GrantFiled: February 7, 2022Date of Patent: March 5, 2024Assignee: TAIWAN SEMICONDUCTOR MANUFACTURING COMPANY, LTD.Inventors: Ta-Chun Lin, Kuo-Hua Pan, Jhon-Jhy Liaw, Chao-Ching Cheng, Hung-Li Chiang, Shih-Syuan Huang, Tzu-Chiang Chen, I-Sheng Chen, Sai-Hooi Yeong
-
Patent number: 11381595Abstract: Preventing Transport Layer Security session man-in-the-middle attacks is provided. A first security digest generated by an endpoint device is compared with a second security digest received from a peer device. It is determined whether a match exists between the first security digest and the second security digest based on the comparison. In response to determining that a match does not exist between the first security digest and the second security digest, a man-in-the-middle attack is detected and a network connection for a Transport Layer Security session is terminated with the peer device.Type: GrantFiled: November 9, 2018Date of Patent: July 5, 2022Assignee: International Business Machines CorporationInventors: Wei-Hsiang Hsiung, Sheng-Tung Hsu, Kuo-Chun Chen, Chih-Hung Chou
-
Patent number: 11265303Abstract: Embodiments provide a system and method for stateless session synchronization between inspectors for high availability deployments. Man in the Middle inspectors of a communication session between a client and server exchange a shared key that is used as a common seed value in a mapping function algorithm. Each inspector generates identical key-pairs using the common mapping function algorithm, and the inspectors generate the session keys from the key-pairs. Inspectors use the session keys to decrypt and either actively or passively inspect data transferred in a session between a client and server.Type: GrantFiled: March 30, 2020Date of Patent: March 1, 2022Assignee: International Business Machines CorporationInventors: Kuo-Chun Chen, Wei-Hsiang Hsiung, Cheng-Ta Lee, Wei-Shiau Suen, Ming Hsun Wu
-
Patent number: 10972455Abstract: An embodiment of the invention may include a method, computer program product and system for secure authentication within a communication protocol session. The embodiment may include retrieving, by a client computer of the TLS session, a challenge string associated with the TLS session. The embodiment may include generating, by the client computer, a first digest based on the challenge string and authentication information of a user of the client computer. The embodiment may include sending, by the client computer, the first digest to a server of the TLS session. The retrieving, generating and sending, by the client computer, are carried out after the TLS session has been established between the client computer and the server.Type: GrantFiled: April 24, 2018Date of Patent: April 6, 2021Assignee: International Business Machines CorporationInventors: Sheng-Tung Hsu, Wei-Hsiang Hsiung, Kuo-Chun Chen, Wayne Chou
-
Patent number: 10958718Abstract: Optimizing receive side scaling (RSS) key selection is provided. Different weights are assigned to different fields of flow data corresponding to a network connection of a registered client device. A score is generated representing an amount of balanced processor loading for each RSS key corresponding to the registered client device based on the different fields of the flow data with assigned weights. A current RSS key on the registered client device is updated with an optimal RSS key based on the score corresponding to the optimal RSS key representing balanced loading of processors on the registered client device.Type: GrantFiled: October 1, 2019Date of Patent: March 23, 2021Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Wei-Hsiang Hsiung, Kuo-Chun Chen, Ming-Pin Hsueh, Sheng-Tung Hsu
-
Patent number: 10834074Abstract: An example operation may include one or more of obtaining a request to validate an application with respect to an OAuth provider, identifying a previously registered digital signature of the application, generating verification information of the application based on the identified digital signature of the application, and passing the generated verification information of the application to the OAuth provider via a user login page.Type: GrantFiled: August 17, 2018Date of Patent: November 10, 2020Assignee: International Business Machines CorporationInventors: Jiande Jiang, Sheng Hao Wang, Chih-Hung Chou, Kuo-Chun Chen
-
Patent number: 10735465Abstract: A computer network endpoint is secured to prevent information leak or other compromise by instantiating in memory first, second and third security zones. With respect to an authorized user, the first zone is readable and writable, the second zone is read-only, and the third zone is neither readable nor writable. System information (e.g., applications, libraries, policies, etc.) are deployed into the first zone from the second zone. When sensitive data is generated in the first zone, e.g., when a secure communication session is established using a cryptographic key, the sensitive data is transferred from the first zone to the third zone, wherein it is immune from information leak or other compromise. The sensitive information is transferable from the third zone to one or more external having a need to know that information. Because information does not pass directly from the first security zone to the external systems, the endpoint is secured against information leak or other attack.Type: GrantFiled: June 29, 2019Date of Patent: August 4, 2020Assignee: International Business Machines CorporationInventors: Kuo-Chun Chen, Wei-Hsiang Hsiung, Sheng-Tung Hsu, Fadly Yahaya
-
Publication number: 20200228513Abstract: Embodiments provide a system and method for stateless session synchronization between inspectors for high availability deployments. Man in the Middle inspectors of a communication session between a client and server exchange a shared key that is used as a common seed value in a mapping function algorithm. Each inspector generates identical key-pairs using the common mapping function algorithm, and the inspectors generate the session keys from the key-pairs. Inspectors use the session keys to decrypt and either actively or passively inspect data transferred in a session between a client and server.Type: ApplicationFiled: March 30, 2020Publication date: July 16, 2020Inventors: Kuo-Chun Chen, Wei-Hsiang Hsiung, Cheng-ta Lee, Wei-Shiau Suen, Ming Hsun Wu
-
Patent number: 10693909Abstract: A computer network endpoint is secured to prevent information leak or other compromise by instantiating in memory first, second and third security zones. With respect to an authorized user, the first zone is readable and writable, the second zone is read-only, and the third zone is neither readable nor writable. System information (e.g., applications, libraries, policies, etc.) are deployed into the first zone from the second zone. When sensitive data is generated in the first zone, e.g., when a secure communication session is established using a cryptographic key, the sensitive data is transferred from the first zone to the third zone, wherein it is immune from information leak or other compromise. The sensitive information is transferable from the third zone to one or more external having a need to know that information. Because information does not pass directly from the first security zone to the external systems, the endpoint is secured against information leak or other attack.Type: GrantFiled: January 19, 2018Date of Patent: June 23, 2020Assignee: International Business Machines CorporationInventors: Kuo-Chun Chen, Wei-Hsiang Hsiung, Sheng-Tung Hsu, Fadly Yahaya
-
Patent number: 10681085Abstract: Establishing Transport Layer Security/Secure Sockets Layer (TLS/SSL) sessions with destination servers for Internet of Things (IoT) devices is provided. A request is sent to establish a TLS/SSL session with a target destination server in a set of destination servers using destination server information related to a particular IoT device in a plurality of IoT devices. A TLS/SSL session is established with the target destination server corresponding to the particular IoT device. TLS/SSL session credential information is received for the particular IoT device from the target destination server. The TLS/SSL session credential information for the particular IoT device is saved in a session credential information table. The TLS/SSL session is suspended with the target destination server corresponding to the particular IoT device.Type: GrantFiled: October 16, 2017Date of Patent: June 9, 2020Assignee: International Business Machines CorporationInventors: Kuo-Chun Chen, Wei-Hsiang Hsiung, Sheng-Tung Hsu, Jia-Sian Jhang
-
Publication number: 20200153859Abstract: Preventing Transport Layer Security session man-in-the-middle attacks is provided. A first security digest generated by an endpoint device is compared with a second security digest received from a peer device. It is determined whether a match exists between the first security digest and the second security digest based on the comparison. In response to determining that a match does not exist between the first security digest and the second security digest, a man-in-the-middle attack is detected and a network connection for a Transport Layer Security session is terminated with the peer device.Type: ApplicationFiled: November 9, 2018Publication date: May 14, 2020Inventors: Wei-Hsiang Hsiung, Sheng-Tung Hsu, Kuo-Chun Chen, Chih-Hung Chou
-
Patent number: 10652224Abstract: Embodiments provide a system and method for stateless session synchronization between inspectors for high availability deployments. Man in the Middle inspectors of a communication session between a client and server exchange a shared key that is used as a common seed value in a mapping function algorithm. Each inspector generates identical key-pairs using the common mapping function algorithm, and the inspectors generate the session keys from the key-pairs. Inspectors use the session keys to decrypt and either actively or passively inspect data transferred in a session between a client and server.Type: GrantFiled: December 5, 2017Date of Patent: May 12, 2020Assignee: International Business Machines CorporationInventors: Kuo-Chun Chen, Wei-Hsiang Hsiung, Cheng-ta Lee, Wei-Shiau Suen, Ming Hsun Wu
-
Patent number: 10587634Abstract: A system, method and computer program product for detecting distributed denial-of-service (DDoS) attacks is provided. Current aggregated flow information for a defined period of time is analyzed. It is determined whether network flow increased above a defined flow threshold value to a second data processing system connected to a network within the defined period of time based on analyzing the current aggregated flow information. In response to determining that the network flow has increased above the defined flow threshold value to the second data processing system connected to the network within the defined period of time, it is determined that the second data processing system is under a DDoS attack.Type: GrantFiled: October 15, 2018Date of Patent: March 10, 2020Assignee: International Business Machines CorporationInventors: Kuo-Chun Chen, Chih-Hung Chou, Wei-Hsiang Hsiung, Sheng-Tung Hsu
-
Publication number: 20200059466Abstract: An example operation may include one or more of obtaining a request to validate an application with respect to an OAuth provider, identifying a previously registered digital signature of the application, generating verification information of the application based on the identified digital signature of the application, and passing the generated verification information of the application to the OAuth provider via a user login page.Type: ApplicationFiled: August 17, 2018Publication date: February 20, 2020Inventors: Jiande Jiang, Sheng Hao Wang, Chih-Hung Chou, Kuo-Chun Chen
-
Publication number: 20200036776Abstract: Optimizing receive side scaling (RSS) key selection is provided. Different weights are assigned to different fields of flow data corresponding to a network connection of a registered client device. A score is generated representing an amount of balanced processor loading for each RSS key corresponding to the registered client device based on the different fields of the flow data with assigned weights. A current RSS key on the registered client device is updated with an optimal RSS key based on the score corresponding to the optimal RSS key representing balanced loading of processors on the registered client device.Type: ApplicationFiled: October 1, 2019Publication date: January 30, 2020Inventors: Chih-Wen Chao, Wei-Hsiang Hsiung, Kuo-Chun Chen, Ming-Pin Hsueh, Sheng-Tung Hsu
-
Patent number: 10491625Abstract: A system and computer program product for preventing abnormal application activity is provided. Packets are retrieved from a packet buffer using packet location information corresponding to information associated with the abnormal application activity in a data processing system. The packets are analyzed to identify content of the network packets causing the abnormal application activity. Network packets containing the content causing the abnormal application activity in the data processing system are blocked.Type: GrantFiled: October 3, 2017Date of Patent: November 26, 2019Assignee: International Business Machines CorporationInventors: Kuo-Chun Chen, Chih-Hung Chou, Wei-Hsiang Hsiung, Sheng-Tung Hsu
-
Patent number: 10484420Abstract: A method for preventing abnormal application activity is provided. Packets are retrieved from a packet buffer using packet location information corresponding to information associated with the abnormal application activity in a data processing system. The packets are analyzed to identify content of the network packets causing the abnormal application activity. Network packets containing the content causing the abnormal application activity in the data processing system are blocked.Type: GrantFiled: November 14, 2017Date of Patent: November 19, 2019Assignee: International Business Machines CorporationInventors: Kuo-Chun Chen, Chih-Hung Chou, Wei-Hsiang Hsiung, Sheng-Tung Hsu
-
Patent number: 10469569Abstract: Optimizing receive side scaling (RSS) key selection is provided. Different weights are assigned to different fields of flow data corresponding to a network connection of a registered client device. A score is generated representing an amount of balanced processor loading for each RSS key corresponding to the registered client device based on the different fields of the flow data with assigned weights. A current RSS key on the registered client device is updated with an optimal RSS key based on the score corresponding to the optimal RSS key representing balanced loading of processors on the registered client device.Type: GrantFiled: March 22, 2018Date of Patent: November 5, 2019Assignee: International Business Machines CorporationInventors: Chih-Wen Chao, Wei-Hsiang Hsiung, Kuo-Chun Chen, Ming-Pin Hsueh, Sheng-Tung Hsu
-
Publication number: 20190327222Abstract: An embodiment of the invention may include a method, computer program product and system for secure authentication within a communication protocol session. The embodiment may include retrieving, by a client computer of the TLS session, a challenge string associated with the TLS session. The embodiment may include generating, by the client computer, a first digest based on the challenge string and authentication information of a user of the client computer. The embodiment may include sending, by the client computer, the first digest to a server of the TLS session. The retrieving, generating and sending, by the client computer, are carried out after the TLS session has been established between the client computer and the server.Type: ApplicationFiled: April 24, 2018Publication date: October 24, 2019Inventors: Sheng-Tung Hsu, Wei-Hsiang Hsiung, Kuo-Chun Chen, Wayne Chou