Patents by Inventor Stephen R. Hanna
Stephen R. Hanna has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20180115571Abstract: A device may receive information that identifies an attack signature for detecting an intrusion. The device may determine a device configuration that is vulnerable to the intrusion, may determine an endpoint device associated with the device configuration, and may determine a time period during which the endpoint device was associated with the device configuration. The device may determine an endpoint identifier associated with the endpoint device during the time period, and may identify network traffic information associated with the endpoint identifier during the time period. The device may apply the attack signature to the network traffic information, and may determine whether the endpoint device was subjected to the intrusion during the time period based on applying the attack signature to the network traffic information. The device may selectively perform an action based on determining whether the endpoint device was subjected to the intrusion.Type: ApplicationFiled: December 15, 2017Publication date: April 26, 2018Inventors: Clifford E. Kahn, Stephen R. Hanna
-
Patent number: 9848006Abstract: A device may receive information that identifies an attack signature for detecting an intrusion. The device may determine a device configuration that is vulnerable to the intrusion, may determine an endpoint device associated with the device configuration, and may determine a time period during which the endpoint device was associated with the device configuration. The device may determine an endpoint identifier associated with the endpoint device during the time period, and may identify network traffic information associated with the endpoint identifier during the time period. The device may apply the attack signature to the network traffic information, and may determine whether the endpoint device was subjected to the intrusion during the time period based on applying the attack signature to the network traffic information. The device may selectively perform an action based on determining whether the endpoint device was subjected to the intrusion.Type: GrantFiled: October 21, 2016Date of Patent: December 19, 2017Assignee: Juniper Networks, Inc.Inventors: Clifford E. Kahn, Stephen R. Hanna
-
Patent number: 9658872Abstract: The identity of a user of a computerized system is maintained by operating a virtual machine used only by the user, such that logged actions made by the virtual machine can be associated with the user, wherein the user is not otherwise directly identified by the virtual machine. Information requests made from the virtual machine to a specific resource may be logged to enable tracking and auditing of resource access by the user. The virtual machine is managed by an access device to a data center for the enterprise system, a server, or other device within the data center.Type: GrantFiled: May 3, 2012Date of Patent: May 23, 2017Assignee: Juniper Networks, Inc.Inventor: Stephen R. Hanna
-
Publication number: 20170041334Abstract: A device may receive information that identifies an attack signature for detecting an intrusion. The device may determine a device configuration that is vulnerable to the intrusion, may determine an endpoint device associated with the device configuration, and may determine a time period during which the endpoint device was associated with the device configuration. The device may determine an endpoint identifier associated with the endpoint device during the time period, and may identify network traffic information associated with the endpoint identifier during the time period. The device may apply the attack signature to the network traffic information, and may determine whether the endpoint device was subjected to the intrusion during the time period based on applying the attack signature to the network traffic information. The device may selectively perform an action based on determining whether the endpoint device was subjected to the intrusion.Type: ApplicationFiled: October 21, 2016Publication date: February 9, 2017Inventors: Clifford E. KAHN, Stephen R. Hanna
-
Patent number: 9485262Abstract: A device may receive information that identifies an attack signature for detecting an intrusion. The device may determine a device configuration that is vulnerable to the intrusion, may determine an endpoint device associated with the device configuration, and may determine a time period during which the endpoint device was associated with the device configuration. The device may determine an endpoint identifier associated with the endpoint device during the time period, and may identify network traffic information associated with the endpoint identifier during the time period. The device may apply the attack signature to the network traffic information, and may determine whether the endpoint device was subjected to the intrusion during the time period based on applying the attack signature to the network traffic information. The device may selectively perform an action based on determining whether the endpoint device was subjected to the intrusion.Type: GrantFiled: March 28, 2014Date of Patent: November 1, 2016Assignee: Juniper Networks, Inc.Inventors: Clifford E. Kahn, Stephen R. Hanna
-
Patent number: 9479538Abstract: An endpoint integrity system controls access to resources of a protected network for endpoint devices attempting to access the protected network. The system may include a number of evaluation modules that communicate with an endpoint device. The evaluation modules generate policy results for the endpoint device, in which each of the policy results assume one of three or more states, called a multi-state policy result. The multi-state policy results are combined to produce a combined Boolean policy result.Type: GrantFiled: January 31, 2014Date of Patent: October 25, 2016Assignee: Juniper Networks, Inc.Inventors: Roger Chickering, Stephen R. Hanna, Paul Funk, Panagiotis Kougiouris, Paul James Kirner
-
Publication number: 20140150053Abstract: An endpoint integrity system controls access to resources of a protected network for endpoint devices attempting to access the protected network. The system may include a number of evaluation modules that communicate with an endpoint device. The evaluation modules generate policy results for the endpoint device, in which each of the policy results assume one of three or more states, called a multi-state policy result. The multi-state policy results are combined to produce a combined Boolean policy result.Type: ApplicationFiled: January 31, 2014Publication date: May 29, 2014Applicant: JUNIPER NETWORKS, INC.Inventors: Roger CHICKERING, Stephen R. HANNA, Paul FUNK, Panagiotis KOUGIOURIS, Paul James KIRNER
-
Patent number: 8661505Abstract: A module may include interface logic to receive information identifying a state related to a client device via logic related to a controlled environment, and to send a valid policy result to a host device, where the valid policy result is related to the state. The module may include processing logic to process policy content according to a resource policy, where the processing is based on the information, and to produce the valid policy result based on the processing using the resource policy, where the valid policy result is adapted for use by the host device when implementing the network policy with respect to a destination device when the client device attempts to communicate with the destination device.Type: GrantFiled: December 27, 2012Date of Patent: February 25, 2014Assignee: Juniper Networks, Inc.Inventors: Panagiotis Kougiouris, Roger Chickering, Paul James Kirner, Stephen R. Hanna
-
Patent number: 8458462Abstract: A network device, such as an access control server, verifies the integrity of other network devices requiring access to a secure multicast. The network device receives a health status report from the other network devices and grants or denies access to the secure multicast based on a comparison of the health status report with a set of one or more stored policies. The network device then provides group keys to authorized network devices. The network device may also include a monitoring module that monitors activities of authorized network devices. Where the network device monitors authorized network devices, authorized network devices with behavior that fails to satisfy one or more behavioral policies will have their authorization revoked and will no longer have access to the secure multicast.Type: GrantFiled: November 14, 2008Date of Patent: June 4, 2013Assignee: Juniper Networks, Inc.Inventor: Stephen R. Hanna
-
Patent number: 8369224Abstract: An endpoint integrity system controls access to resources of a protected network for endpoint devices attempting to access the protected network. The system may include a number of evaluation modules that communicate with an endpoint device. The evaluation modules generate policy results for the endpoint device, in which each of the policy results assume one of three or more states, called a multi-state policy result. The multi-state policy results are combined to produce a combined Boolean policy result.Type: GrantFiled: September 8, 2006Date of Patent: February 5, 2013Assignee: Juniper Networks, Inc.Inventors: Roger Chickering, Stephen R. Hanna, Paul Funk, Panagiotis Kouriouris, Paul James Kirner
-
Patent number: 8352998Abstract: A module may include interface logic to receive information identifying a state related to a client device via logic related to a controlled environment, and to send a valid policy result to a host device, where the valid policy result is related to the state. The module may include processing logic to process policy content according to a resource policy, where the processing is based on the information, and to produce the valid policy result based on the processing using the resource policy, where the valid policy result is adapted for use by the host device when implementing the network policy with respect to a destination device when the client device attempts to communicate with the destination device.Type: GrantFiled: August 17, 2006Date of Patent: January 8, 2013Assignee: Juniper Networks, Inc.Inventors: Panagiotis Kougiouris, Roger Chickering, Paul James Kirner, Stephen R. Hanna
-
Patent number: 8104073Abstract: In general, techniques are described for securely exchanging network access control information. The techniques may be useful in situations where an endpoint device and an access control device perform a tightly-constrained handshake sequence of a network protocol when the endpoint device requests access to a network. The handshake sequence may be constrained in a variety of ways. Due to the constraints of the handshake sequence, the endpoint device and the access control device may be unable to negotiate a set of nonce information during the handshake sequence. For this reason, the access control device uses a previously negotiated set of nonce information and other configuration information associated with the endpoint device as part of a process to determine whether the endpoint device should be allowed to access the protected networks.Type: GrantFiled: September 18, 2007Date of Patent: January 24, 2012Assignee: Juniper Networks, Inc.Inventor: Stephen R. Hanna
-
Patent number: 8103909Abstract: In general, techniques are described for hardware-based detection and automatic restoration of a computing device from a compromised state. Moreover, the techniques provide for automatic, hardware-based restoration of selective software components from a trusted repository. The hardware-based detection and automatic restoration techniques may be integrated within a boot sequence of a computing device so as to efficiently and cleanly replace only any infected software component.Type: GrantFiled: March 9, 2009Date of Patent: January 24, 2012Assignee: Juniper Networks, Inc.Inventor: Stephen R. Hanna
-
Publication number: 20110258479Abstract: A method performed by a primary server includes receiving integrity criteria and sending a health check request to a secondary server based on the received integrity criteria. The method also includes receiving integrity information from the secondary server and checking the integrity information against the integrity criteria. The method further includes initiating a non-compliance action if the integrity information does not comply with the integrity criteria.Type: ApplicationFiled: June 30, 2011Publication date: October 20, 2011Applicant: JUNIPER NETWORKS, INC.Inventor: Stephen R. HANNA
-
Patent number: 7996713Abstract: A method performed by a primary server includes receiving integrity criteria and sending a health check request to a secondary server based on the received integrity criteria. The method also includes receiving integrity information from the secondary server and checking the integrity information against the integrity criteria. The method further includes initiating a non-compliance action if the integrity information does not comply with the integrity criteria.Type: GrantFiled: December 15, 2008Date of Patent: August 9, 2011Assignee: Juniper Networks, Inc.Inventor: Stephen R. Hanna
-
Patent number: 7982595Abstract: A device may include an interface to send policy information to an evaluation module, where the policy information is related to a group of policies, and receive a group of results from the evaluation module, where the group of results indicates whether the status of a source device complies with the croup of policies. The interface may send an instruction to a destination device configured to implement at least a subset of the policies with respect to the source device based on the instruction.Type: GrantFiled: August 14, 2009Date of Patent: July 19, 2011Assignee: Juniper Networks, Inc.Inventors: Stephen R. Hanna, Roger Allen Chickering
-
Publication number: 20100153781Abstract: A method performed by a primary server includes receiving integrity criteria and sending a health check request to a secondary server based on the received integrity criteria. The method also includes receiving integrity information from the secondary server and checking the integrity information against the integrity criteria. The method further includes initiating a non-compliance action if the integrity information does not comply with the integrity criteria.Type: ApplicationFiled: December 15, 2008Publication date: June 17, 2010Applicant: JUNIPER NETWORKS, INC.Inventor: Stephen R. HANNA
-
Publication number: 20100070800Abstract: In general, techniques are described for hardware-based detection and automatic restoration of a computing device from a compromised state. Moreover, the techniques provide for automatic, hardware-based restoration of selective software components from a trusted repository. The hardware-based detection and automatic restoration techniques may be integrated within a boot sequence of a computing device so as to efficiently and cleanly replace only any infected software component.Type: ApplicationFiled: March 9, 2009Publication date: March 18, 2010Applicant: Juniper Networks, Inc.Inventor: Stephen R. Hanna
-
Publication number: 20090313373Abstract: A device may include an interface to send policy information to an evaluation module, where the policy information is related to a group of policies, and receive a group of results from the evaluation module, where the group of results indicates whether the status of a source device complies with the croup of policies. The interface may send an instruction to a destination device configured to implement at least a subset of the policies with respect to the source device based on the instruction.Type: ApplicationFiled: August 14, 2009Publication date: December 17, 2009Applicant: Juniper Networks, Inc.Inventors: Stephen R. HANNA, Roger Allen CHICKERING
-
Patent number: 7592906Abstract: A device may include an interface to send policy information to an evaluation module, where the policy information is related to a group of policies, and receive a group of results from the evaluation module, where the group of results indicates whether the status of a source device complies with the group of policies. The interface may send an instruction to a destination device configured to implement at least a subset of the policies with respect to the source device based on the instruction.Type: GrantFiled: June 5, 2006Date of Patent: September 22, 2009Assignee: Juniper Networks, Inc.Inventors: Stephen R. Hanna, Roger Allen Chickering