Protection At A Particular Protocol Layer Patents (Class 713/151)
  • Patent number: 10750552
    Abstract: Methods and systems for pairing devices are disclosed. A user device may be used to navigate to a resource locator using. In response to a determination that an identifier associated with the user device matches at least one identifier associated with one or more devices accessing a first network, a paired communication may be established between the user device and a display device to facilitate control of one or more features of display device.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: August 18, 2020
    Assignee: Comcast Cable Communications, LLC
    Inventors: Bryan Kenneth Witkowski, Robert Dandrea, Brian Cherne
  • Patent number: 10750223
    Abstract: The present disclosure provides a system, a method, and a device for displaying a content item. The system includes: a video playing terminal, configured to obtain a video and play the video; a content item displaying client, configured to send a content item obtaining request for requesting to obtain a content item related to the video being played by the video playing terminal; and a content item preparation platform, configured to determine a current playing moment of the video played by the video playing terminal, select, from one or more content items corresponding to the video, a content item with a marking moment nearest to the current playing moment, and push the selected content item to the content item displaying client, where the content item displaying client is further configured to display the received content item.
    Type: Grant
    Filed: July 10, 2017
    Date of Patent: August 18, 2020
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Ao Peng
  • Patent number: 10742611
    Abstract: A method, a system and computer program products for securely enabling in-network functionality over encrypted data sessions, the method involving establishing an encrypted data session between a client communication application (100) and a server communication application (200) over a communication network; receiving and/or transmitting, by the client communication application (100), in the established encrypted data session, at least one encrypted communication data (D) from/to the server communication application (200) through a computing network element (M); and performing, by the computing network element (M), different actions other than data packet forwarding from one communication application to the other on the encrypted communication data (D). The encrypted communication data (D) has a plurality of data portions, or contexts, (CTX), each encrypted by a context key, and the different actions being specific for the computing network element (M) and for one or more of the contexts (CTX_X).
    Type: Grant
    Filed: June 1, 2016
    Date of Patent: August 11, 2020
    Assignee: TELEFONICA DIGITAL ESPANA, S.L.U.
    Inventors: David Naylor, Kyle Schomp, Matteo Varvello, Ilias Leontiadis, Jeremy Blackburn, Diego Lopez, Konstantina Papagiannaki, Pablo Rodriguez Rodriguez, Peter Steenkiste
  • Patent number: 10740455
    Abstract: The public enclave key of each enclave in an enclave pool may be registered in an enclave pool registry, and the registry updated each time there is an enclave pool membership change. A shared enclave pool key may be derived from the public enclave key of each enclave of the enclave pool. The shared enclave pool key may be stored, in a shared key ledger, as a first version of the shared enclave key, and an updated version of the shared key may be generated and stored as another version each time there is an enclave pool membership change. The output of a cryptlet that executed in multiple enclaves may be signed with the enclave private key of each enclave in which the cryptlet executed. Each enclave signature may be compared against each version of the of the shared enclave pool key in the shared key ledger.
    Type: Grant
    Filed: May 11, 2017
    Date of Patent: August 11, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: John Marley Gray
  • Patent number: 10728109
    Abstract: A system performs hierarchical navigation through network flow data. A user interface is configured to display network flow data and allow hierarchical navigation across the network flow data. The user interface comprises a plurality of axes and lines connecting data points between axes. Data points along an axis represent values of an attribute aggregated along a set of dimensions. The system receives requests for expanding data points along a particular dimension or collapsing the data points along the particular dimension. The system reconfigures the user interface according to the received request and sends the reconfigured user interface for display via the client device. The user interface provides better visibility into the network flow data, thereby allowing security analysts to spot communication patterns associated with security issues and navigate through various dimensions to further analyze a suspect communication pattern.
    Type: Grant
    Filed: March 15, 2017
    Date of Patent: July 28, 2020
    Assignee: Illumio, Inc.
    Inventor: Xianlin Hu
  • Patent number: 10713140
    Abstract: The state of a system is determined in which data sets are generated that include a plurality of data instances representing states of one or more components of a computer system. The data instances generated by one or more data set sources that are configured to output a data instance in response to a trigger associated with the one or more components. The data instances are normalized by the application of one or more rules. The data instances from individual data set sources are separately collated to generate groups of time-specific collated data instances. State types may be assigned to each of the collated data instance groups. Distributions of state-types across the groups may be determined and a list of infrequent state-types may be generated based on the determined distributions of state-types across the groups.
    Type: Grant
    Filed: June 10, 2015
    Date of Patent: July 14, 2020
    Assignee: FAIR ISAAC CORPORATION
    Inventors: Ashish Gupta, Shafi Ur Rahman, Sambandan Murugan
  • Patent number: 10699033
    Abstract: Systems, apparatuses, and methods for secure enablement of platform features without user intervention are disclosed. In one embodiment, a system includes at least a motherboard and a processor. The motherboard includes at least a socket and an authentication component. The authentication component can be a chipset, expansion I/O device, or other component. The processor is installed in the socket on the motherboard. During a boot sequence, the processor retrieves a key value from the authentication component and then authenticates the key value. Next, the processor determines which one or more features to enable based on the key value. Then, the processor programs one or more feature control registers to enable the one or more features specified by the key value. Accordingly, during normal operation of the system, the one or more features will be enabled.
    Type: Grant
    Filed: June 28, 2017
    Date of Patent: June 30, 2020
    Assignee: Advanced Micro Devices, Inc.
    Inventors: Mahesh Subramony, Daniel L. Bouvier
  • Patent number: 10678907
    Abstract: A runtime attack can be detected on a big data system while processes are executed on various computing devices. A behavior profile can be maintained for tasks or processes running on different computing devices. The existence of a call variance in one of the traces for one of the behavior profiles can be determined. A memory variance can also be detected in one of the behavior profiles. A runtime attack has occurred when both the memory variance and the call variance are determined to exist.
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: June 9, 2020
    Assignee: University of South Florida
    Inventors: Santosh K. Aditham, Nagarajan Ranganathan
  • Patent number: 10681131
    Abstract: An approach is disclosed for detecting source network address translation in internet protocol (IP) tunneling flows and using learned source IP addresses and source ports from such detection to create new tunnels. In one embodiment, a NAT detection application determines whether source IP addresses and source ports associated with new traffic flows destined to a local Foo-over-UDP (FOU) tunnel endpoint match the source IP address and source port of a previously configured FOU tunnel. Lack of such a match is indicative of source network address translation, and in such a case the NAT detection application creates a new FOU tunnel toward the detected source IP address and source port. In addition, the NAT detection application authenticates the remote endpoint of the newly created FOU tunnel and configures the FOU tunnel for use if the remote endpoint is successfully authenticated.
    Type: Grant
    Filed: May 3, 2017
    Date of Patent: June 9, 2020
    Assignee: VMware, Inc.
    Inventor: Laxminarayana Tumuluru
  • Patent number: 10671753
    Abstract: Systems, methods, and software for sensitive data handling frameworks for user applications are provided herein. An exemplary method includes receiving subsets of structured user content consolidated into associated flattened representations, the associated flattened representations having a mapping to the structured user content and accompanied by at least lengths and offset information relating to the mapping. The method includes individually parsing the subsets of structured user content to classify portions as comprising sensitive content corresponding to one or more predetermined data schemes and, for each of the portions, identifying an associated offset and length for the portion relating to the subsets of structured user content, and indicating at least the associated offset and length to the user application for marking of the sensitive content in a user interface to the user application.
    Type: Grant
    Filed: March 23, 2017
    Date of Patent: June 2, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Phillip David Allen, Ryan Charles Hill, Bradley Jacob Zimnisky
  • Patent number: 10673901
    Abstract: In one embodiment, a service receives captured traffic flow data regarding a traffic flow sent via a network between a first device assigned to a first network zone and a second device assigned to a second network zone. The service identifies, from the captured traffic flow data, one or more cryptographic parameters of the traffic flow. The service determines whether the one or more cryptographic parameters of the traffic flow satisfy an inter-zone policy associated with the first and second network zones. The service causes performance of a mitigation action in the network when the one or more cryptographic parameters of the traffic flow do not satisfy the inter-zone policy associated with the first and second network zones.
    Type: Grant
    Filed: December 27, 2017
    Date of Patent: June 2, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Matthew Scott Robertson, David McGrew, Timothy David Keanini, Sunil Amin, Ellie Marie Daw
  • Patent number: 10671304
    Abstract: Some embodiments provide a method for configuring unit memories to implement first and second sets of entries, the second set of which references the first set. The method configures a first pool of unit memories to implement the first set. Each entry in the first set is located at a particular location in at least one of the memories of the first pool. The method configures a second pool of unit memories to implement the second set. Each entry in the second set includes a particular number of bits for indicating (i) an initial first-pool unit memory at which the first-set entry referenced by the second-set entry is found and (ii) a number of subsequent first-pool memories across which the first-set entry is divided. A number of bits required to identify a single first-pool memory is one fewer than the particular number of bits.
    Type: Grant
    Filed: April 5, 2019
    Date of Patent: June 2, 2020
    Assignee: Barefoot Networks, Inc.
    Inventor: Patrick Bosshart
  • Patent number: 10657519
    Abstract: A device may perform a first authentication operation, associated with a contactless media device, using a first key. The first key may permit a security mode of the contactless media device to be modified. The device may cause the contactless media device to set the security mode to a first security mode that causes the contactless media device to secure at least one transmission from the contactless media device. The device may perform a second authentication operation, associated with the contactless media device, using a second key that permits information to be read from or written to the contactless media device. The device may read first secured information from or write second secured information to the contactless media device. The first secured information or the second secured information may be secured based on the security mode of the contactless media device being set to the first security mode.
    Type: Grant
    Filed: October 21, 2014
    Date of Patent: May 19, 2020
    Assignee: Accenture Global Services Limited
    Inventors: Avishek Somani, Sunil Raina, Michael Jennings
  • Patent number: 10659441
    Abstract: A service interface of an SSL application hosted on at least one computer system in a hosted network selecting at least one authorized cipher suite. An SSL socket of the SSL application negotiating with another SSL socket of another SSL application in the hosted network for a mutual cipher from among the at least one authorized cipher suite and a shared key to encrypt information exchanged during a secure session. Responsive to establishing a security connection between the SSL socket and the another SSL socket using the selected mutual cipher, the service interface sends to a centralized service an identifier of the selected mutual cipher. Responsive to the service interface receiving a revoked cipher alert from the centralized service, the service interface revokes one or more sessions of the SSL application using a revoked cipher in the revoked cipher alert matching the selected mutual cipher.
    Type: Grant
    Filed: December 10, 2018
    Date of Patent: May 19, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Rinkesh I. Bansal, Shiv S. Jha, Sanjay B. Panchal, Mahesh S. Paradkar, Chintan Thaker
  • Patent number: 10645112
    Abstract: Processing and transmitting of data within a functionally safe electronic system having at least two subsystems, each of which comprises at least one safety component, and each of which complies with a specific safety level for functionally safe data processing. Embodiments process data using the safety component of a first one of the subsystems into functionally safe data of a first safety level, and add an indication attribute indicating suitability of these data for use of this first safety level; transmitting the data to a second one of the subsystems; and checking the received indication attribute, by the second subsystem using the safety component, to determine whether the safety level indicated by this indication attribute is different from the safety level the second subsystem complies with; and, if the check reveals non-equal safety levels, further processing the data in functionally a safe manner based on the lower safety level.
    Type: Grant
    Filed: March 11, 2016
    Date of Patent: May 5, 2020
    Assignee: Phoenix Contact GmbH & Co. KG
    Inventors: Tobias Frank, Rolf Salzmann
  • Patent number: 10637686
    Abstract: Various systems and methods for bypassing one or more non-capable nodes. For example, one method involves a capable node determining that an adjacent node is non-capable, where capable nodes are configured to implement a data plane capability and non-capable nodes are not. The method then involves identifying a downstream node that is capable. The downstream node is on a shortest path. The method also involves generating information that identifies a tunnel to the downstream node.
    Type: Grant
    Filed: November 28, 2018
    Date of Patent: April 28, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Alfred C. Lindem, III, Peter Psenak, Ijsbrand Wijnands
  • Patent number: 10635716
    Abstract: Methods and systems for forwarding data packets by a server system (e.g., a proxy server) are disclosed. The proxy server is coupled to a user device and a plurality of web servers. The proxy server receives a first data packet directed to a first web server of the plurality of web servers from the user device. The first data packet includes a first synthesized address associated with the first web server. The proxy server identifies a first actual address of the first web server. The proxy server replaces the first synthesized address in the first data packet with the first actual address of the first web server. The proxy server further forwards the first data packet to the first web server using the first actual address of the first web server.
    Type: Grant
    Filed: August 24, 2016
    Date of Patent: April 28, 2020
    Assignee: FACEBOOK, INC.
    Inventor: Dekel Shmuel Naar
  • Patent number: 10630683
    Abstract: In an aspect, a wireless communication between a transmitter and a receiver involves determining updated keys according to a key management process for MAC layer encryption. Such key is propagated to a transmitter MAC and though a receiver key management process to a receiver MAC. After a delay, transmitter MAC device begins using the updated key, instead of a prior key, for payload encryption. Receiver MAC continues to use the prior key until a packet that was accurately received fails a message integrity/authentication check. Then, the receiver MAC swaps in the updated key and continues to process received packets. The packet data that failed the message integrity check is discarded. Transmitter MAC retries the failed packet at a later time, and if the packet was accurately received and was encrypted by the transmitter MAC using the updated key, then the receiver will determine that the message is authentic and will receive it and acknowledge it.
    Type: Grant
    Filed: December 2, 2016
    Date of Patent: April 21, 2020
    Assignee: Imagination Technologies Limited
    Inventor: Chakra Parvathaneni
  • Patent number: 10620944
    Abstract: A cloud-based decision management platform along with corresponding method, system, and a computer program product are disclosed. At least one component of at least one computing system is selected from a plurality of components of the computing system. The selected component is configured for execution during a runtime of the computing system. The configured component is executed during runtime. The components of the computing system are stored in a catalog module based on at least one characteristic that includes at least one of the following: analytics, decisioning, identity and access management, and optimization.
    Type: Grant
    Filed: June 23, 2017
    Date of Patent: April 14, 2020
    Assignee: FAIR ISAAC CORPORATION
    Inventors: Joshua Prismon, Andrei Palskoi, John Daniel Cribbs, Fernando Felipe Campos Donati Jorge, Stuart Clarkson Wells
  • Patent number: 10616072
    Abstract: Systems, methods, and devices are disclosed for generating an interface configured to display status information for network elements on a network. In embodiments, one or more logical models of the network are obtained from at least one of a plurality of controllers on a network. Network statistics are determined based on network traffic. Based on the one or more logical models and the network statistics, a topology of the network and respective status information of one or more network elements during an epoch is identified, the epoch defining a time interval. A user interface is generated that displays the respective status information in a timeline comprising one or more of the epochs.
    Type: Grant
    Filed: July 27, 2018
    Date of Patent: April 7, 2020
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Chien-Ju Lo, Bill YuFan Chen, Kannan Ponnuswamy, Kollivakkam Raghavan, Navneet Yadav, Manvesh Vyas
  • Patent number: 10616149
    Abstract: In certain embodiments, evaluations of effectiveness are optimized for multiple electronic message versions. For example, a server receives, subsequent to first electronic messages being transmitted over a first time period, responsive electronic data automatically generated by interactions with these messages. The server controls, based on the responsive electronic data, transmission of second electronic messages to recipients. For instance, the server provides an interface for configuring a test transmission of different test message versions to segments of recipients, where each version includes a different combination of message attributes. The server receives a selection of options via the interface for the test transmission, identifies an adverse impact on the test transmission associated with the selection, and indicates the adverse impact via the interface. The server subsequently receives, via the interface, a modification to the test transmission options.
    Type: Grant
    Filed: August 10, 2016
    Date of Patent: April 7, 2020
    Assignee: THE ROCKET SCIENCE GROUP LLC
    Inventors: Mardav Wala, Guan Liao, Michaela Moore, John Foreman
  • Patent number: 10616287
    Abstract: Devices, methods, and program products are provided, which support multiple Digital Rights Management (DRM) schemes or platforms during the placeshifting of media content. A given placeshifting session may be initiated between a placeshifting device and a user-controlled client media receiver executing a browser player. In one embodiment, the DRM placeshifting method includes storing, in a memory associated with the placeshifting device, DRM-protected content; receiving a request from the client media receiver over a communications network to stream the DRM-protected content to the device; and obtaining a placeshifting key and initialization instructions for the DRM-protected content. The DRM-protected content is streamed to the client media receiver in an encrypted format accessible with a placeshifting decryption key.
    Type: Grant
    Filed: June 29, 2017
    Date of Patent: April 7, 2020
    Assignee: SLING MEDIA PVT LTD
    Inventors: Jagan Kumar Govindarajan, Satish Iyer
  • Patent number: 10614807
    Abstract: A system comprises a first network microphone device (NMD) communicatively coupled to a second NMD via a network interface of the first NMD, wherein the first NMD is configured to: receive, from the second NMD via the network interface of the first NMD, an arbitration message comprising (i) a first measure of confidence associated with a voice input detected by the second NMD and (ii) an identifier associated with at least a portion of the voice input detected by the second NMD, determine that the first measure of confidence is greater than a second measure of confidence, wherein the second measure of confidence is associated with a voice input detected by the first NMD via at least one microphone of the second NMD, and based on the determination, perform voice recognition based on the voice input detected by the second NMD, wherein the voice input detected by the second NMD comprises a command to control the playback of the audio content by at least one of the first or the second NMDs.
    Type: Grant
    Filed: November 1, 2018
    Date of Patent: April 7, 2020
    Assignee: Sonos, Inc.
    Inventors: Steven Beckhardt, Ted Lin
  • Patent number: 10609022
    Abstract: A method and an apparatus for installing a profile in a terminal including a universal integrated circuit card (UICC) corresponding to a smart card security module, which is inserted into a mobile communication terminal and then used are provided. More particularly, a method and an apparatus for remotely installing or removing mobile communication subscriber information in/from a profile of a terminal are provided. The terminal can remotely download the profile from a network server (subscription manager data preparation (SM-DP) or subscription manager secure routing (SM-SR)) without any change in a mobile network operator information technology (IT) system interface rather than downloading the profile of the terminal by the network server.
    Type: Grant
    Filed: July 1, 2015
    Date of Patent: March 31, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Jonghan Park, Duckey Lee, Seonghun Kim, Heejeong Lee, Sangsoo Jeong, Songyean Cho
  • Patent number: 10601587
    Abstract: A method for establishing a first secured communication channel between an administrative agent in a device and a distant server, the device comprising a secure element communicating with the administrative agent, the secure element being administrated through the administrative agent by the distant server, the administrative agent being administrated by a third party server through a second secured communication channel, the distant server and the third party server being connected through a third secured channel. The third party server requests, from the distant server, an operation on the secure element and a one-time PSK. The distant server sends, to the third party server, the one-time PSK. The third party server sends, to the administrative agent, a triggering message including the one-time PSK. A TLS-PSK handshake is performed between the administrative agent and the distant server with the one-time PSK to establish the first secured communication channel.
    Type: Grant
    Filed: June 23, 2015
    Date of Patent: March 24, 2020
    Assignee: THALES DIS FRANCE SA
    Inventors: Xavier Berard, Frédéric Paillart, Frédéric Faure, Lionel Mallet
  • Patent number: 10601838
    Abstract: Novel tools and techniques are provided for implementing digital rights management (“DRM”)-agnostic entitlement gateway and verification system. In various embodiments, an entitlement gateway might receive a query from a client device, and might determine whether a user is authorized to access requested DRM-protected media content. If not, the entitlement gateway might send a deny signal to the client device that prevents the user from accessing the media content. If so, the entitlement gateway might identify, from among a plurality of DRM types, a DRM type that is used to protect the media content. The entitlement gateway might identify, from among a plurality of DRM servers each associated with a particular DRM type, a DRM server associated with the identified DRM type, and might send a request for a license for accessing the media content from the identified DRM server, the license enabling the user to access the media content.
    Type: Grant
    Filed: November 27, 2017
    Date of Patent: March 24, 2020
    Assignee: CenturyLink Intellectual Property LLC
    Inventors: Asghar Hussain, Zubin Ingah, Michael D. Sprenger
  • Patent number: 10594496
    Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: March 17, 2020
    Assignee: CLOUDFLARE, INC.
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
  • Patent number: 10581702
    Abstract: Systems and methods for automatically generating standard service level agreements for architectures are disclosed. In embodiments, a method comprises receiving a request from a client, the request including: one or more select information technology (IT) building blocks selected from a plurality of IT building blocks in an online service catalogue; and a select service level target (SLT) from a plurality of predetermined SLTs in the service catalogue; automatically generating an architecture based on the request utilizing the service catalogue, the architecture comprising at least one IT building block different from the one or more select IT building blocks, wherein the architecture is capable of meeting objectives of the request; determining that the architecture meets the select SLT; accessing an architecture database; and automatically generating an infrastructure SLA based on the architecture utilizing the architecture database.
    Type: Grant
    Filed: July 18, 2018
    Date of Patent: March 3, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Clea A. Zolotow, Tomasz Gola, Petra Kopp, Laxmikantha S. Nanduru
  • Patent number: 10581948
    Abstract: Among other things, this document describes systems, devices, and methods for using TLS session resumption tickets to store and manage information about objects that a server or a set of servers has previously delivered to a client and therefore that the client is likely to have in client-side cache. When communicated to a server later, this information can be used to drive server decisions about whether to push an object to a client, e.g., using an HTTP/2 server push function or the like, or whether to send an early hint to the client about an object.
    Type: Grant
    Filed: December 7, 2017
    Date of Patent: March 3, 2020
    Assignee: Akamai Technologies, Inc.
    Inventors: Utkarsh Goel, Martin T. Flack, Stephen L. Ludin, Moritz M. Steiner
  • Patent number: 10581607
    Abstract: To automate establishment of an ad hoc connection between a user apparatus and a device, username-password pairs and identifying information-code pairs are maintained in a database server. The user apparatus sends an inquiry identifying information of the device and a username and a password of a user of the user apparatus, and receives in a response a code for establishing the ad hoc connection.
    Type: Grant
    Filed: May 9, 2017
    Date of Patent: March 3, 2020
    Assignee: ABB Schweiz AG
    Inventors: Zhongliang Hu, Teemu Tanila, Mikko Kohvakka
  • Patent number: 10581874
    Abstract: A computerized method for detecting malware associated with an object. The method includes operations of analyzing an object to obtain a first set of attributes, where the first set of attributes include one or more characteristics associated with the object. Furthermore, the object is processed with a virtual machine to obtain a second set of attributes. The second set of attributes corresponds to one or more monitored behaviors of the virtual machine during processing of the object. Thereafter, a threat index is determined based, at least in part, on a combination of at least one attribute of the first set of attributes and at least one attribute of the second set of attributes. The threat index represents a probability of maliciousness associated with the object.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: March 3, 2020
    Assignee: FireEye, Inc.
    Inventors: Yasir Khalid, Sai Omkar Vashisht, Alexander Otvagin
  • Patent number: 10575352
    Abstract: The present inventions, in one aspect, are directed to systems and circuitry for and/or methods of establishing communication having one or more pairing facilitator-intermediary devices (for example, a network connected server) to enable or facilitate pairing and/or registering at least two devices (e.g., (i) a portable biometric monitoring device and (ii) a smartphone, laptop and/or tablet) to, for example, recognize, interact and/or enable interoperability between such devices. The pairing facilitator-intermediary device may responsively communicates information to one or more of the devices (to be paired or registered) which, in response, enable or facilitate such devices to pair or register. The present inventions may be advantageous where one or both of the devices to be paired or registered is/are not configured (e.g., include a user interface or certain communication circuitry that is configured or includes functionality) to pair devices without use of a facilitator-intermediary device.
    Type: Grant
    Filed: January 22, 2019
    Date of Patent: February 25, 2020
    Assignee: Fitbit, Inc.
    Inventor: Heiko Gernot Albert Panther
  • Patent number: 10560452
    Abstract: An apparatus controls transfer apparatuses that transfer a packet transmitted and received by terminals in a network. Upon receiving detection information notified from a server that detects unauthorized communication of a terminal by using the packet, the apparatus identifies the terminal and a type of the unauthorized communication, based on the detection information. The apparatus determines a transfer apparatus to be controlled, by referencing first information that stores information identifying the transfer apparatus in association with the terminal, and determines a control to be performed on the transfer apparatus by referencing second information that stores information on the control in association with the type of the unauthorized communication.
    Type: Grant
    Filed: February 1, 2017
    Date of Patent: February 11, 2020
    Assignee: FUJITSU LIMITED
    Inventors: Hiroyasu Osaki, Takahiro Shimazaki, Hidehiko Mayumi, Shu Matsuoka, Takashi Okamura, Mitsuru Okajima
  • Patent number: 10545940
    Abstract: An implementation of the disclosure provides an apparatus comprising: a memory to store a plurality of handshake responses to authenticate client communications; and a processing device, operatively coupled to the memory, to: receive a handshake request from a client device The handshake request comprising an identifier of a communication protocol supported by the client device. A secure layer extension is extracted from the identifier of the communication protocol. Identify, in view of the communication protocol, a handshake response for the client device. The handshake response is modified to include information associated with the secure layer extension. Update a data structure with a hash value generated in view of the modified handshake response. Thereupon, forward the modified handshake response and the hash value to the client device.
    Type: Grant
    Filed: February 22, 2017
    Date of Patent: January 28, 2020
    Assignee: Red Hat, Inc.
    Inventors: Jean-Frederic Clere, Stuart Wade Douglas
  • Patent number: 10547641
    Abstract: A network-based appliance includes a mechanism to provide TLS inspection with session resumption, but without requiring that a session cache be maintained. To this end, the inspector is configured to cause the TLS client to participate in maintaining the session context, in effect on behalf of the TLS inspector. In operation, when the inspector first receives a session ID from the TLS server, the inspector generates and issues to the client a session ticket that includes the original session ID and other session context information. In this manner, the inspector converts the Session ID-based connection to a Session Ticket-based connection. The session ticket is encrypted by the inspector to secure the session information. When the TLS client presents the session ticket to resume the TLS connection, the inspector decrypts the ticket and retrieves the session ID from it directly. The inspector then uses the original session ID to resume the TLS session.
    Type: Grant
    Filed: June 1, 2017
    Date of Patent: January 28, 2020
    Assignee: International Business Machines Corporation
    Inventors: Cheng-Ta Lee, Wei-Hsiang Hsiung, Wei-Shiau Suen, Ming-Hsun Wu
  • Patent number: 10548008
    Abstract: A method and device for authenticating wireless communication links between devices. The method may comprise sending a first frame from first device to a second device. The first frame may comprise a header and a payload containing data packets for implementing a first Extensible Authentication Protocol. A first secure link may be established between the first network interface card of the first device and the first network interface card of the second device, then an action management frame may be sent across the first link. The action management frame may comprise the header, a payload comprising a vendor-specific information element containing identifying information about the first device, and an action that instructs the second device to implement a second Extensible Authentication Protocol through a second network interface card of the second device. A second secure link may be established between the second network interface cards of each device.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: January 28, 2020
    Assignee: Qualcomm Incorporated
    Inventors: Vladimir Shulman, Vladimir Kondratiev, Boris Sorochkin
  • Patent number: 10543751
    Abstract: The invention relates to a method of communication between a vehicle and a wayside control unit for controlling an inductive power transfer to the vehicle, wherein the control unit controls a generation of an electromagnetic field by a primary unit with a primary winding structure of a system for inductive power transfer, wherein the vehicle includes a secondary unit with a secondary winding structure for receiving the alternating electromagnetic field, wherein charging-related data is transmitted in between the vehicle and the control unit via a first communication link, wherein the authentication-related data is transmitted from the vehicle to the control unit via a second communication link, wherein the authentication-related data is used to authenticate the charging-related data, and a vehicle and an arrangement of a vehicle and a primary unit.
    Type: Grant
    Filed: February 4, 2015
    Date of Patent: January 28, 2020
    Assignee: Bombardier Primove GmbH
    Inventor: Thoralf Schnarr
  • Patent number: 10542041
    Abstract: A network-based appliance includes a mechanism to provide TLS inspection with session resumption, but without requiring that a session cache be maintained. To this end, the inspector is configured to cause the TLS client to participate in maintaining the session context, in effect on behalf of the TLS inspector. In operation, when the inspector first receives the session ticket from the TLS server, and in lieu of caching it, the inspector generates and issues to the client a composited ticket that includes the original ticket and session context information that contains the session key. The composited ticket is encrypted by the inspector to secure the session information. When the TLS client presents the composited session ticket to resume the TLS connection, the inspector decrypts the ticket and retrieves the session context from it directly. The inspector then uses the original session ticket to resume the TLS session.
    Type: Grant
    Filed: June 1, 2017
    Date of Patent: January 21, 2020
    Assignee: International Business Machines Corporation
    Inventors: Cheng-Ta Lee, Wei-Hsiang Hsiung, Wei-Shiau Suen, Ming-Hsun Wu
  • Patent number: 10523426
    Abstract: For a network that includes host machines for providing computing and networking resources and a VPN gateway for providing external access to those resources, a novel method that distributes encryption keys to the hosts to encrypt/decrypt the complete payload originating/terminating at those hosts is described. These encryption keys are created or obtained by the VPN gateway based on network security negotiations with the external networks/devices. These negotiated keys are then distributed to the hosts via control plane of the network. In some embodiments, this creates a complete distributed mesh framework for processing crypto payloads.
    Type: Grant
    Filed: August 6, 2018
    Date of Patent: December 31, 2019
    Assignee: NICIRA, INC.
    Inventors: Jayant Jain, Anirban Sengupta, Uday Masurekar
  • Patent number: 10521584
    Abstract: A system acquires diagnostic information from event logs, trace files, and other diagnostic sources to reduce a set of event records. The event records are arranged in a graph based on correlations between individual event records. Correlations may be based on time, account, credentials, tags, instance identifiers, or other characteristics. The system analyzes the graph to identify anomalies such as data exfiltration anomalies, system compromises, or security events. In some implementations, the system deploys decoy resources within a customer computing environment. Interactions with the decoy resources are captured as event records and added to the graph.
    Type: Grant
    Filed: August 28, 2017
    Date of Patent: December 31, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 10505984
    Abstract: Provided are a method and a system for exchanging control information between secure socket layer (SSL) gateways. The method may commence with intercepting, by a client facing node, a client request including session-specific information and a session request to establish an SSL communication session between a client and a server. The method may continue with generating an SSL extension based on the session-specific information and adding the SSL extension to the session request to obtain an extended session request. The extended session request may be sent to a server facing node in communication with the client facing node. The method may further include identifying the session-specific information contained in the SSL extension of the extended session request and generating a further session request for establishing the SSL communication session between the server facing node and the server. The method may further include sending the further session request to the server.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: December 10, 2019
    Assignee: A10 Networks, Inc.
    Inventors: Yang Yang, Xuyang Jiang, Ali Golshan
  • Patent number: 10503418
    Abstract: A system and method of securing a computer system by controlling write access to a storage medium by monitoring an application; detecting an attempt by the application to write data to said storage medium; interrogating a rules database in response to said detection; and permitting or denying write access to the storage medium by the application in dependence on said interrogation.
    Type: Grant
    Filed: February 1, 2017
    Date of Patent: December 10, 2019
    Assignee: Drive Sentry Limited
    Inventor: John Safa
  • Patent number: 10498711
    Abstract: Aspects of the present disclosure relate to providing a booting key to a remote system. A policy server receives a verification that a predetermined number of user devices provided secret information for booting a remote system. The policy server provides, in response to the received verification, a message for a key server to provide a booting key to the remote system, the key server providing the booting key in response to the message and causing the remote system to complete a booting procedure, in response to the message from the policy server.
    Type: Grant
    Filed: June 21, 2016
    Date of Patent: December 3, 2019
    Assignee: Palantir Technologies Inc.
    Inventors: Justin Cassidy, Tristan Smith, Kori Oliver
  • Patent number: 10491575
    Abstract: In a secure cloud for transmitting packets of digital data, the packets may be repeatedly scrambled (i.e., their data segments reordered) and then unscrambled, split and then mixed, and/or encrypted and then decrypted as they pass through media nodes in the cloud. The methods used to scramble, split, mix and encrypt the packets may be varied in accordance with a state such as time, thereby making the task of a hacker virtually impossible inasmuch as he or she may be viewing only a fragment of a packet and the methods used to disguise the data are constantly changing.
    Type: Grant
    Filed: April 6, 2018
    Date of Patent: November 26, 2019
    Assignee: LISTAT LTD.
    Inventors: Ievgen Verzun, Oleksandr Holub, Richard K. Williams
  • Patent number: 10484364
    Abstract: A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include a user name and a password. The user name may include a credential and the password may be a digitally signed version of the user name. The authentication computing device may authenticate the requesting computing device by decrypting the password and comparing the received user name to the decrypted password.
    Type: Grant
    Filed: September 1, 2017
    Date of Patent: November 19, 2019
    Assignee: Comcast Cable Communications, LLC
    Inventors: Kris Bransom, Christopher Zarcone
  • Patent number: 10474448
    Abstract: In embodiments of the present invention improved capabilities are described for a updating software in a plurality of devices coupled to one another in a communicating relationship through a local network, the method comprising receiving a descriptor file for a software update at the first device from a remote source outside the local network, the descriptor file including a hash code for each of a plurality of update sub-files and an order for assembling the update sub-files into the software update, downloading the plurality of update sub-files to the first device from a remote source outside the local network until the sub-files identified in the descriptor file are present on the first device, where a presence of the sub-files is evaluated using the hash codes in the descriptor file, and broadcasting every one of the plurality of update sub-files from the first device to the number of other devices.
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: November 12, 2019
    Assignee: Sophos Limited
    Inventor: John Melton Reynolds
  • Patent number: 10474402
    Abstract: A print management server provided outside a predetermined LAN includes a receiver, a processor, and a transmitter. The receiver receives a print output instruction from a communication terminal of a user, the print output instruction being issued to a print output device provided inside the predetermined LAN and being an instruction to print out a print target file. The processor determines whether the print target file is present inside the predetermined LAN. When it is determined that the print target file is present inside the predetermined LAN, the transmitter transmits a generation command to a communication relay device inside the predetermined LAN, the generation command being a command to generate print job data on the basis of the print target file acquired by the communication relay device and a print setting instruction.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: November 12, 2019
    Assignee: Konica Minolta, Inc.
    Inventor: Takahiro Kouno
  • Patent number: 10469594
    Abstract: Provided are methods and systems for inspecting secure data. A system for inspecting secure data comprises a server facing module, and a client facing module in communication with the server facing module. The client facing module is operable to intercept a client request associated with the secure data to establish a secure connection with a server, establish a data traffic channel via the server facing module, and provide a control message to the server facing module via the data traffic channel. The control message includes an instruction to the server facing module to obtain a security certificate from the server. The security certificate is received from the server facing module via the data traffic channel. The security certificate is forged to establish the secure connection between the client and the client facing module. The client facing module sends unencrypted data to the server facing module via the data traffic channel.
    Type: Grant
    Filed: December 8, 2015
    Date of Patent: November 5, 2019
    Assignee: A10 Networks, Inc.
    Inventors: Xuyang Jiang, Yang Yang, Ali Golshan
  • Patent number: 10469452
    Abstract: A secure communication system includes an outer VPN gateway representative of an outer tunnel for facilitating communication with a black network. The outer VPN gateway includes a first Ethernet port and first program instructions for providing a first layer of encryption. The secure communication system, further includes an inner VPN gateway representative of an inner tunnel for facilitating communication with a red network. The inner VPN gateway comprises a second Ethernet port and second program instructions for providing a second layer of encryption. The secure communication system further includes a coupling bracket for mechanically coupling the inner VPN gateway with the outer VPN gateway, and for facilitating communication between the inner VPN gateway and the outer VPN gateway by interfacing with the first Ethernet port and the second Ethernet port.
    Type: Grant
    Filed: January 6, 2017
    Date of Patent: November 5, 2019
    Assignee: Klas Technologies Limited
    Inventors: Frank Murray, Cian Masterson, Cathal Daly
  • Patent number: 10469464
    Abstract: In one embodiment, a method includes receiving, in a first device, at least one of a first symmetric key and a first asymmetric key in a common key management structure, the common key management structure to accommodate asymmetric keys and symmetric keys, and further including security policy information to enable communication between the first device of a first domain of an Internet of Things (IoT) network and a second device of a second domain of the IoT network according to an inter-domain security policy; and sending a first message directly from the first device to the second device according to the security policy information of the common key management structure. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: November 5, 2019
    Assignee: Intel Corporation
    Inventor: Ned M. Smith