Patents by Inventor Steven Ashley
Steven Ashley has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11928188Abstract: A machine has a network interface circuit to provide connectivity to networked machines. A processor is connected to the network interface circuit. A memory is connected to the processor and the network interface circuit. The memory stores instructions executed by the processor to record the purchase of a digital asset by a user at a client machine from a data source machine in network communication with the client machine. The location of the digital asset on one or more machines of the networked machines is archived. The location is separate from the data source machine. The digital asset is associated with a data access policy. A request for the digital asset is received. The data access policy is enforced through programmatic control utilized by one or more of the networked machines to form a consent state. Distribution of the digital asset to a networked machine is authorized in response to the consent state.Type: GrantFiled: November 19, 2021Date of Patent: March 12, 2024Assignee: Anonyome Labs, Inc.Inventors: Steven Harvey McCown, Paul Ashley, Neil Readshaw, John David Mumford, Tim Bartley
-
Publication number: 20190327347Abstract: A network appliance is configured to provide inline traffic inspection for all flow through the device, to selectively intercept based on traffic content or policy, and to modify intercepted traffic content, all without connection termination and re-origination. Content modification may involve substitution of traffic content with smaller or larger content, in which case the device provides appropriate sequence number translations for acknowledgements to the endpoints. This streaming rewrite may occur on a byte-at-a-time basis, while keeping the session alive and without a need to proxy it. The appliance enables transmitted TCP data to be modified inline and then reliably delivered without the overhead of forwarding packets through a full-blown TCP stack. Rather, the approach relies upon an initiator entity's TCP stack for congestion control, as well as the receiving entity's re-transmission behavior to determine how the device manages packets internally.Type: ApplicationFiled: July 1, 2019Publication date: October 24, 2019Applicant: International Business Machines CorporationInventors: Gregory Lyle Galloway, Paul Coccoli, David Allen Dennerline, Steven Ashley Mazur
-
Patent number: 10382591Abstract: A network appliance is configured to provide inline traffic inspection for all flow through the device, to selectively intercept based on traffic content or policy, and to modify intercepted traffic content, all without connection termination and re-origination. Content modification may involve substitution of traffic content with smaller or larger content, in which case the device provides appropriate sequence number translations for acknowledgements to the endpoints. This streaming rewrite may occur on a byte-at-a-time basis, while keeping the session alive and without a need to proxy it. The appliance enables transmitted TCP data to be modified inline and then reliably delivered without the overhead of forwarding packets through a full-blown TCP stack. Rather, the approach relies upon an initiator entity's TCP stack for congestion control, as well as the receiving entity's re-transmission behavior to determine how the device manages packets internally.Type: GrantFiled: October 13, 2014Date of Patent: August 13, 2019Assignee: International Business Machines CorporationInventors: Gregory Lyle Galloway, Paul Coccoli, Jr., David Allen Dennerline, Steven Ashley Mazur
-
Patent number: 9961103Abstract: A network-based appliance includes a mechanism to intercept, decrypt and inspect secure network traffic flowing over SSL/TLS between a client and a server. The mechanism responds to detection of a session initiation request message from the client, the message being received following establishment of a TCP connection between the client and server. The mechanism responds by holding the session initiation request message, preferably by creating a fake socket to a local process, and then diverting the request message over that socket. The TCP connection is then terminated, and the mechanism initiates a new session in initiation request message, all while the original session initiation request message continues to be held. The server responds with its server certificate, which is then used by the mechanism to generate a new server certificate. The new server certificate is then returned to the requesting client as the response to the session initiation request message.Type: GrantFiled: October 28, 2014Date of Patent: May 1, 2018Assignee: International Business Machines CorporationInventors: Ronald Becker Williams, Paul Coccoli, John William Court, Gregory Lyle Galloway, Matthew Joseph Kubilus, Steven Ashley Mazur, Joseph Karl Vossen
-
Patent number: 9857191Abstract: Systems and methods for determination of an access path are disclosed. The access path may include any drivable route that is within a site, and is often, but not necessarily, exclusive of roads in a road network external to the site. In some cases, access paths may include a set of streets between two or more sites without necessarily including a drivable path within a site. Further, the systems and methods may calculate or determine minimum cost routes that include the access path. In some cases, the calculated route may be the minimum cost route that includes the access path, but not necessarily a minimum cost route to a site. In other words, in some cases, the selection of an access path serves as a constraint that supersedes the calculation of a minimum cost route.Type: GrantFiled: March 15, 2016Date of Patent: January 2, 2018Assignee: Telogis, Inc.Inventors: Ralph Mason, Mark Fryer, Michael Fried, Jeffrey Fiore, Rick Turek, Brad Llewellyn, Peter Lear, Victor Rehorst, Steven Ashley, Ben Burns
-
Patent number: 9774631Abstract: A network-based appliance includes a mechanism to enable the appliance to extract itself from man-in-the-middle (MITM) processing during a client-server handshake and without interrupting that connection. The mechanism enables the appliance to decide (e.g., based on a rule match against a received server certificate) to stop performing MITM during the handshake and thus to de-insert itself transparently, i.e., without interfering or signaling to either end of the session that this operation is occurring. Once the connection is abandoned in the manner, the appliance ignores additional traffic flow and thus can free up processing resources (CPU, memory, and the like) that would otherwise be required to decrypt the connection (even if no further inspection or rewrite processing would be expected to occur).Type: GrantFiled: October 29, 2014Date of Patent: September 26, 2017Assignee: International Business Machines CorporationInventors: Steven Ashley Mazur, Matthew Joseph Kubilus, Jr.
-
Publication number: 20160334236Abstract: Systems and methods for determination of an access path are disclosed. The access path may include any drivable route that is within a site, and is often, but not necessarily, exclusive of roads in a road network external to the site. In some cases, access paths may include a set of streets between two or more sites without necessarily including a drivable path within a site. Further, the systems and methods may calculate or determine minimum cost routes that include the access path. In some cases, the calculated route may be the minimum cost route that includes the access path, but not necessarily a minimum cost route to a site. In other words, in some cases, the selection of an access path serves as a constraint that supersedes the calculation of a minimum cost route.Type: ApplicationFiled: March 15, 2016Publication date: November 17, 2016Inventors: Ralph Mason, Mark Fryer, Michael Fried, Jeffrey Fiore, Rick Turek, Brad Llewellyn, Peter Lear, Victor Rehorst, Steven Ashley, Ben Burns
-
Publication number: 20160127414Abstract: A network-based appliance includes a mechanism to enable the appliance to extract itself from man-in-the-middle (MITM) processing during a client-server handshake and without interrupting that connection. The mechanism enables the appliance to decide (e.g., based on a rule match against a received server certificate) to stop performing MITM during the handshake and thus to de-insert itself transparently, i.e., without interfering or signaling to either end of the session that this operation is occurring. Once the connection is abandoned in the manner, the appliance ignores additional traffic flow and thus can free up processing resources (CPU, memory, and the like) that would otherwise be required to decrypt the connection (even if no further inspection or rewrite processing would be expected to occur).Type: ApplicationFiled: October 29, 2014Publication date: May 5, 2016Inventors: Steven Ashley Mazur, Matthew Joseph Kubilus, JR.
-
Publication number: 20160119374Abstract: A network-based appliance includes a mechanism to intercept, decrypt and inspect secure network traffic flowing over SSL/TLS between a client and a server. The mechanism responds to detection of a session initiation request message from the client, the message being received following establishment of a TCP connection between the client and server. The mechanism responds by holding the session initiation request message, preferably by creating a fake socket to a local process, and then diverting the request message over that socket. The TCP connection is then terminated, and the mechanism initiates a new session in initiation request message, all while the original session initiation request message continues to be held. The server responds with its server certificate, which is then used by the mechanism to generate a new server certificate. The new server certificate is then returned to the requesting client as the response to the session initiation request message.Type: ApplicationFiled: October 28, 2014Publication date: April 28, 2016Inventors: Ronald Becker Williams, Paul Coccoli, John William Court, Gregory Lyle Galloway, Matthew Joseph Kubilus, Steven Ashley Mazur, Joseph Karl Vossen
-
Publication number: 20160105469Abstract: A network appliance is configured to provide inline traffic inspection for all flow through the device, to selectively intercept based on traffic content or policy, and to modify intercepted traffic content, all without connection termination and re-origination. Content modification may involve substitution of traffic content with smaller or larger content, in which case the device provides appropriate sequence number translations for acknowledgements to the endpoints. This streaming rewrite may occur on a byte-at-a-time basis, while keeping the session alive and without a need to proxy it. The appliance enables transmitted TCP data to be modified inline and then reliably delivered without the overhead of forwarding packets through a full-blown TCP stack. Rather, the approach relies upon an initiator entity's TCP stack for congestion control, as well as the receiving entity's re-transmission behavior to determine how the device manages packets internally.Type: ApplicationFiled: October 13, 2014Publication date: April 14, 2016Inventors: Gregory Lyle Galloway, Paul Coccoli, JR., David Allen Dennerline, Steven Ashley Mazur
-
Publication number: 20150338226Abstract: Systems and methods for determination of an access path are disclosed. The access path may include any drivable route that is within a site, and is often, but not necessarily, exclusive of roads in a road network external to the site. In some cases, access paths may include a set of streets between two or more sites without necessarily including a drivable path within a site. Further, the systems and methods may calculate or determine minimum cost routes that include the access path. In some cases, the calculated route may be the minimum cost route that includes the access path, but not necessarily a minimum cost route to a site. In other words, in some cases, the selection of an access path serves as a constraint that supersedes the calculation of a minimum cost route.Type: ApplicationFiled: May 22, 2014Publication date: November 26, 2015Applicant: Telogis, Inc.Inventors: Ralph Mason, Mark Fryer, Michael Fried, Jeffrey Fiore, Rick Turek, Brad Llewellyn, Peter Lear, Victor Rehorst, Steven Ashley, Ben Burns
-
Patent number: 6977491Abstract: A current limiting circuit. The current limiting circuit includes a device coupled to an output node of the current limiting circuit. The device is responsive to magnitude of a signal at the output node. Moreover, the device has a first mode and a second mode, depending on the magnitude of the signal. The current limiting circuit also has a regulation component that regulates a voltage at the output node when the device is in the first mode. The current limiting circuit also has an element having a current that limits current at the output node when the device is in the second mode.Type: GrantFiled: October 6, 2003Date of Patent: December 20, 2005Assignee: National Semiconductor CorporationInventors: Joshua William Caldwell, Steven Ashley Martinez