Protection At A Particular Protocol Layer Patents (Class 713/151)
  • Patent number: 11153304
    Abstract: A central authentication service is for authentication of a user operating a computing device requesting access to a service provider. The central authentication service stores a universal group that includes principals from different types of identity providers, with the user of the computing device included as one of the principals. An access token generated by an identity provider associated with the computing device is received by the central authentication service. The central authentication service generates a universal token that includes group membership information for the universal group, and exchanges the access token with the universal token. The universal token is provided to the service provider, with the group membership information on the universal token to allow the service provider to determine if the user of the computing device has permission to access desired services.
    Type: Grant
    Filed: April 11, 2018
    Date of Patent: October 19, 2021
    Assignee: CITRIX SYSTEMS, INC.
    Inventor: Tian Fan
  • Patent number: 11146588
    Abstract: A network-based appliance includes a mechanism to set-up and selectively use an “out-of-band” encryption channel. The mechanism comprises a packet parser, and a packet dispatcher, and it is integrated with an existing network layer stack that typically is not visible to host applications. In lieu of simply encrypting all data it receives, the mechanism instead analyzes one or more attributes, e.g., protocol type, application type, current encryption strength, content payload, etc., associated with a packet transmission to determine whether further encryption is required. The evaluation may include a deep packet inspection (DPI) when the information at the network layer (e.g., IP address, port number, etc.) is not sufficient to determine if the payload in the packet needs to be further encrypted. Based on the result of the analysis, packets are dispatched to the encryption channel as and when necessary.
    Type: Grant
    Filed: June 29, 2019
    Date of Patent: October 12, 2021
    Assignee: International Business Machines Corporation
    Inventors: Cheng-Ta Lee, Chun-Shuo Lin, Wei-Shiau Suen, Ming-Hsun Wu
  • Patent number: 11140741
    Abstract: A first base station receives, from a first core network entity, one or more packets for a wireless device in a radio resource control inactive state. The first base station sends, to a second core network entity and in response to a failure of a radio access network (RAN) paging procedure for the wireless device, a first message indicating the failure of the RAN paging procedure. The first base station receives a second message comprising a tunnel endpoint identifier of a third base station. The first base station sends, to the third base station, the one or more packets based on the tunnel endpoint identifier.
    Type: Grant
    Filed: January 30, 2020
    Date of Patent: October 5, 2021
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Kyungmin Park, Esmael Dinan
  • Patent number: 11140189
    Abstract: A computer-implemented method for discovering network attack paths is provided. The method includes a computer generating scoring system results based on analysis of vulnerabilities of nodes in a network configuration. The method also includes the computer applying Bayesian probability to the scoring system results and selected qualitative risk attributes wherein output accounts for dependencies between vulnerabilities of the nodes. The method also includes the computer applying a weighted-average algorithm to the output yielding at least one ranking of nodes in order of likelihood of targeting by an external attacker.
    Type: Grant
    Filed: February 15, 2016
    Date of Patent: October 5, 2021
    Assignee: The Boeing Company
    Inventors: Jai Joon Choi, Brian Christopher Grubel, Dion Stephen David Reid
  • Patent number: 11134074
    Abstract: Systems and methods for establishing a secure connection between a client computing device and a server hosted website. The method includes requesting an HTTPS connection with a server hosted website. The method further includes receiving a certificate from the server hosted website. The certificate is signed by a certificate authority and certificate validators. The method also includes delivering the certificate to each of the certificate validators. The method further includes receiving a certificate status for each of the certificate validators. Each certificate status indicates whether the certificate is valid or has been revoked. The method also includes determining a quantity of valid certificate statuses received from the certificate validators.
    Type: Grant
    Filed: May 22, 2020
    Date of Patent: September 28, 2021
    Assignee: FMR LLC
    Inventors: Sudarsan Tandri, Gregory Smith, Gunjan Piya
  • Patent number: 11126981
    Abstract: A resource transferring method and apparatus are provided. The method includes receiving a resource transferring request corresponding to a shared specified account sent by any client in multiple clients. The specified account is registered at the server as being associated with the multiple clients, and stores a preset resource. The method also includes determining rights of the multiple clients. The rights include an operation right and an ordinary right, and the operation right is capable of controlling a transfer of the preset resource. The method also includes respectively sending operation information to the multiple clients according to the rights of the multiple clients; and respectively receiving control instructions from at least two clients having the operation right. When a number of the received control instructions are greater than a preset value, the server transfers the preset resource, and returns transferring information of the preset resource to the multiple clients.
    Type: Grant
    Filed: November 29, 2018
    Date of Patent: September 21, 2021
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Ruiming He
  • Patent number: 11128474
    Abstract: The present disclosure includes secure device communication. An embodiment includes a processing resource, a memory, and a network management device communication component configured to, send public information to a network attached device communication component, and receive a network attached device public key and an encrypted random string value from the network attached device communication component. The network attached device public key and the random string value are received independent of a type of the network attached device communication component due to the public information. The network management communication component is further configured to decrypt the random string value from the network attached device communication component and send, to the network attached device communication component, a message and a signature to authenticate independent of the type of the network attached device communication component due to the public information.
    Type: Grant
    Filed: March 25, 2019
    Date of Patent: September 21, 2021
    Assignee: Micron Technology, Inc.
    Inventors: Alberto Troia, Antonino Mondello
  • Patent number: 11126716
    Abstract: A safeguarding method, a safeguarding apparatus, and a computer storage medium are provided. The method includes detecting a program operating on a terminal, and intercepting an operation performed by the program; identifying an object on which the program performs the operation; obtaining configuration information of the object on the terminal, and determining, based on the configuration information, that the object is a targeted monitored object. The method further includes determining, based on the configuration information of the targeted monitored object, whether the operation performed by the program on the object is a legitimate operation; and canceling intercepting the operation if the operation is a legitimate operation, and continuously intercepting the operation if the operation is an illegitimate operation.
    Type: Grant
    Filed: March 20, 2019
    Date of Patent: September 21, 2021
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Lingling Wang
  • Patent number: 11122019
    Abstract: Described is an improved approach to ensure high availability for established sessions (e.g., application layer sessions) over network connections that negotiates and renegotiates encryption keys (e.g., TLS/SSL) at clean boundaries to ensure in-transit data are properly handled during migration of an application (e.g., a reverse proxy server instance). Connected TCP sessions may be handed off to another application (e.g., from existing proxy server to new/upgraded proxy server) and after establishing a new TLS session with a new encryption key, data transfer may be resumed between a client and a server using the new/upgraded application in a client-server architecture.
    Type: Grant
    Filed: September 13, 2019
    Date of Patent: September 14, 2021
    Assignee: Oracle International Corporation
    Inventors: Abhishek Dadhich, Kant C. Patel, Feroz Alam Khan, Bhaskar Mathur, Srinivas Pamu
  • Patent number: 11115181
    Abstract: A control circuit causes a first cryptographic module to perform a dummy operation in a command processing period and a data processing period in which a second cryptographic module performs a normal operation while the first cryptographic module does not perform a normal operation.
    Type: Grant
    Filed: February 25, 2020
    Date of Patent: September 7, 2021
    Assignee: MEGACHIPS CORPORATION
    Inventors: Takahiko Sugahara, Hiromu Yutani
  • Patent number: 11089043
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for computer network security risk assessment. One of the methods includes obtaining compromise likelihoods for user accounts. Information describing a network topology of a network is obtained, with the network topology being nodes each connected by an edge to other nodes, each node being associated with a compromise likelihood, and one or more nodes are high value nodes associated with a compromise value. Unique paths to each of the high value nodes are determined for a particular user account. An expected value for each path is determined based on the compromise likelihood of the particular user account, the compromise likelihood of each node included in the path, the communication weight of each edge included in the path, and the compromise value associated with the high value node. User interface data is generated describing at least one path.
    Type: Grant
    Filed: July 16, 2018
    Date of Patent: August 10, 2021
    Assignee: Palantir Technologies Inc.
    Inventors: Samuel Jones, Joseph Staehle, Lucy Cheng
  • Patent number: 11089062
    Abstract: Formulating a security architecture for an information system is provided. A description of a target environment of the information system is received. The description includes a network zone architecture. A description of one or more security requirements for the information system is received. One or more reference architectures for the information system are selected from a plurality of reference architectures based on the description of the one or more security requirements for the information system. One or more selected reference architectures are adapted to the target environment for the information system.
    Type: Grant
    Filed: August 29, 2019
    Date of Patent: August 10, 2021
    Assignee: International Business Machines Corporation
    Inventor: Thomas Tahan
  • Patent number: 11086805
    Abstract: The invention introduces a method for executing host input-output (IO) commands, performed by a processing unit of a device side, at least including: in response to different types of host IO commands, using multiple stages of a generic framework to drive a frontend interface to interact with a host side for transmitting user data read from a storage unit to the host side, and receiving user data to be programmed into the storage unit from the host side.
    Type: Grant
    Filed: April 21, 2020
    Date of Patent: August 10, 2021
    Assignee: SILICON MOTION, INC.
    Inventor: Shen-Ting Chiu
  • Patent number: 11086978
    Abstract: To authorize a transaction between a host and a server, a token is operationally connected to the host. The host receives an identification credential of a user. The identification credential is verified by the token and/or by the server. If the token detects a prescribed human action, the token generates token authentication data and the host sends the token authentication data to the server. Upon receiving the authentication data, the server authenticates the transaction. A device for authenticating a transaction includes a device interface for interacting with a host, a connector for reversibly operationally connecting the device to the host, and a controller that authenticates the transaction only once, contingent on detecting a prescribed anonymous human action. One such human action is providing one or more inputs at the host's user interface synchronously with outputs at the device's user interface.
    Type: Grant
    Filed: May 17, 2006
    Date of Patent: August 10, 2021
    Assignee: Western Digital Israel Ltd
    Inventors: Aran Ziv, Mordechai Teicher
  • Patent number: 11082233
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for verifiable-claim issuance. One of the methods includes: receiving, from a first entity, a request for creating a verifiable claim (VC) for a decentralized identifier (DID) associated with a second entity; obtaining, in response to receiving the request, a digital signature associated with the first entity; and generating the VC based on the received request and the obtained digital signature.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: August 3, 2021
    Assignee: ADVANCED NEW TECHNOLOGIES CO., LTD.
    Inventors: Renhui Yang, Jiawei Liu, Yuan Chen, Yuqi Lin
  • Patent number: 11082504
    Abstract: A system and method are disclosed for pairing computing devices using an authentication protocol that allows an initiating computing device to gain access to a secure, encrypted network of a target computing device.
    Type: Grant
    Filed: September 5, 2018
    Date of Patent: August 3, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Steven N. Bathiche, Jason Alexander Meistrich, Kenneth Hinckley, Boyd Cannon Multerer, Anthony Cox, Casare John Saretto
  • Patent number: 11075756
    Abstract: A method of encryption of a message implemented by an electronic encryption device. The method includes: obtaining a current message; obtaining a current encryption key; determining, from a plurality of variants a basic encryption protocol, of a current variant of the encryption protocol; encrypting, by using the current variant and the encryption key, the message to be encrypted, delivering an encrypted message; and transmitting the encrypted key.
    Type: Grant
    Filed: October 12, 2017
    Date of Patent: July 27, 2021
    Assignee: INGENICO GROUP
    Inventors: Marc Beunardeau, Remi Geraud, David Naccache, Aisling Connolly
  • Patent number: 11074311
    Abstract: The disclosed system and methods herein are directed to a URL shortening service. The URL shortening service herein processes short URL links by using special scripts embedded into website HTML documents. The need to perform manipulations with DNS of the domain or use subdomains are obviated.
    Type: Grant
    Filed: June 2, 2020
    Date of Patent: July 27, 2021
    Assignee: WOWLINK Pte. Ltd.
    Inventors: Valentin Vyacheslavovich Ivanov, Vladimir Plakitin, Konstantin Radov
  • Patent number: 11068398
    Abstract: Embodiments of a distributed caching system are disclosed that cache data across multiple computing devices on a network. In one embodiment, a first caching system serves as a caching front-end to a distributed cluster of additional caching systems. The caching systems may be spread over multiple partition groups. In one embodiment, cache writes at a cache system in one partition group are distributed to other partition groups. By propagating the cache writes across multiple partition groups, the caches at the different partition groups include more recently accessed data, thereby increasing the likelihood of cache hits.
    Type: Grant
    Filed: May 1, 2020
    Date of Patent: July 20, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Vishal Parakh, Antoun Joubran Kanawati
  • Patent number: 11063921
    Abstract: Encrypted web traffic exchanged between a client device and a web server during a communication session and captured using a passive capture technique can be received. The encrypted web traffic can be encrypted using a shared secret generated for the communication session in accordance with an anonymous key agreement protocol. A TCP connection table, which includes a session identifier for the communication session, can be created for the communication session. At least one TCP connection can be built for the received encrypted web traffic using the TCP connection table. Using the session identifier, the shared secret can be accessed from a cache in which the shared secret is stored, at least temporarily, by the web server. Data from the encrypted web traffic can be extracted by using the shared secret to decrypt the encrypted web traffic. The extracted data can be stored to a data store.
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: July 13, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Eswar Phani Kondapavuluri, Kanwaldeep S. Bindra, Atul A. Waghmare
  • Patent number: 11063912
    Abstract: Method, apparatus and system for communicating between a machine to machine, M2M, device 110 and a device management, DM, server 420 over SMS, comprising: obtaining key material, the key material configured to protect data communicated between the M2M device 110 and the DM server 420. Protecting data to be communicated using the key material. Communicating the protected data between the M2M device 110 and the DM server 420 over SMS.
    Type: Grant
    Filed: March 17, 2020
    Date of Patent: July 13, 2021
    Assignee: VODAFONE IP LICENSING LIMITED
    Inventors: Sophie Bourne, Friedhelm Rodermund
  • Patent number: 11055066
    Abstract: Techniques are provided for a multi-cloud operations center for function-based applications. One method includes obtaining source code for a function of multiple functions of an application, where the function is hosted in a first cloud environment of multiple distinct cloud environments, generating adapted source code from the source code to migrate the function to a second cloud having a different cloud environment; and deploying the function to the second cloud having the different cloud environment using the adapted source code. The source code may be automatically updated for the at least one function for the multiple distinct cloud environments. The function may have a corresponding network address that identifies the function across multiple distinct cloud environments, and network address redirection is performed based on a given cloud environment on which the function is deployed.
    Type: Grant
    Filed: August 29, 2019
    Date of Patent: July 6, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Jaumir Valença Da Silveira Junior, Ruixue Zhang
  • Patent number: 11048955
    Abstract: Concepts and technologies disclosed herein are directed to a field-programmable gate array (“FPGA”)-based biometric sampling system for improving biometric data reusability. The system can include one or more FPGAs, each of which can include a plurality of configurable input/output (“I/O”) blocks, a plurality of configurable logic blocks, and a plurality of configurable interconnects that connect the plurality of configurable I/O blocks to the plurality of configurable logic blocks. The FPGA(s) can be configured based upon a hardware description language model to receive biometric input data associated with a user, to apply a sampling scheme to the biometric input data to extract, from the biometric input data, an enrollment biometric data sample, and to cause the enrollment biometric data sample to be stored in a database.
    Type: Grant
    Filed: May 22, 2019
    Date of Patent: June 29, 2021
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Gary Brian Temerowski, II, Joshua West, Martin Patrick McEnroe
  • Patent number: 11042884
    Abstract: Meta-Rules are a special set of business rules whose purpose is to enable business rules selection and subsequent rule invocation by a business rules manager. Contained within a Meta-Rule are business policy and other information that enables the selection of a business rule used by a business application. Meta-rules allow the system to dynamically select and identify specific business rules to be executed within a given business application. By enabling a higher level of abstraction, and relying on rules to resolve specific business rule selection and invocations, Meta-rules further separate the binding of business knowledge and practice from application programming logic. The application programmer is freed from having specific knowledge of the business rule; all that is required is an assertion that a rule is to be used.
    Type: Grant
    Filed: March 28, 2008
    Date of Patent: June 22, 2021
    Assignee: International Business Machines Corporation
    Inventors: Jun-Jang Jeng, Shubir Kapoor, David Flaxer, Haifei Li
  • Patent number: 11036674
    Abstract: In various embodiments, an organization may be required to comply with one or more legal or industry requirements related to the storage of personal data (e.g., which may, for example, include personally identifiable information) even when responding to and fulfilling Data Subject Access Requests. In particular, when responding to a DSAR, the system may compile one or more pieces of personal data for provision to a data subject. The system may store this compilation of personal data at least temporarily in order to provide access to the data to the data subject. As such, the system may be configured to implement one or more data retention rules in order to ensure compliance with any legal or industry requirements related to the temporary storage of the collected data while still fulfilling any requirements related to providing the data to data subjects that request it, deleting the data upon request, etc.
    Type: Grant
    Filed: November 23, 2020
    Date of Patent: June 15, 2021
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Jonathan Blake Brannon, Jason L. Sabourin
  • Patent number: 11038803
    Abstract: Methods, systems, and devices supporting network and container level traffic analysis and correlation are described. An application server may receive network traffic data from a network-level data capture system and receive container-level application traffic data from a container-level data capture system. The application server may then hash the destination addresses, the time stamp information, and the data amount information from the network traffic data to create a first set of hash values and hash the destination addresses, the time stamp information, and the data amount information from the application traffic data to create a second set of hash values. The application server may then identify matching hash values from the first set of hash values and the second set of hash values and then merge into a data queue the corresponding network traffic with metadata associated with the corresponding application traffic data to create a merged data set.
    Type: Grant
    Filed: January 31, 2020
    Date of Patent: June 15, 2021
    Assignee: salesforce.com, inc.
    Inventors: Shel Sharma, Nitin Bhatia
  • Patent number: 11038854
    Abstract: An Internet infrastructure delivery platform (e.g., operated by a service provider) provides an RSA proxy “service” as an enhancement to the SSL protocol that off-loads the decryption of the encrypted pre-master secret (ePMS) to an external server. Using this service, instead of decrypting the ePMS “locally,” the SSL server proxies (forwards) the ePMS to an RSA proxy server component and receives, in response, the decrypted pre-master secret. In this manner, the decryption key does not need to be stored in association with the SSL server.
    Type: Grant
    Filed: May 8, 2017
    Date of Patent: June 15, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: Charles E. Gero, Jeremy N. Shapiro, Dana J. Burd
  • Patent number: 11038844
    Abstract: Systems and methods for analyzing content of encrypted traffic between processes are disclosed herein. According to one aspect, an exemplary method comprises rerouting traffic between a first process executing on a first computing device and a second process, to a server, to determine that there is a protected connection established between the first process and the second process, determining information related to an application pertaining to the first process, obtaining a session key for the protected connection by calling a function, wherein the information comprises an address of the function to call to obtain the session key, decrypting and analyzing the rerouted traffic on the server between the first process and the second process using the session key to determine whether the traffic contains malicious objects and in response to determining the traffic contains malicious objects, counteracting the malicious objects by blocking or rerouting the traffic.
    Type: Grant
    Filed: February 14, 2019
    Date of Patent: June 15, 2021
    Assignee: AO Kapersky Lab
    Inventors: Sergey V. Kogan, Denis V. Rodionov, Alexander N. Makarov, Alexey S. Totmakov, Petr Y. Kolmakov
  • Patent number: 11025728
    Abstract: A method, non-transitory computer readable medium and local storage node computing device that establishes a first connection between a first endpoint in a kernel of an operating system and a second endpoint. A proxy application in a user space is invoked and a second connection is established from the operating system kernel to the proxy application. The proxy application is linked to a secure protocol implementation. Handshake messages are proxied between the second endpoint and the proxy application using the first and second connections. Security parameters for the first connection and determined from the handshake messages are sent from the proxy application to the operating system kernel via the second connection. Data is exchanged between the first endpoint in the operating system kernel and the second endpoint using the first connection and the security parameters.
    Type: Grant
    Filed: May 11, 2016
    Date of Patent: June 1, 2021
    Assignee: NETAPP, INC.
    Inventors: Craig Everhart, Flora Wong, Ankit Jain, Vijay Singh, Robert Wyckoff Hyer, Jr., Balajee Nagasubramaniam
  • Patent number: 11025662
    Abstract: A network device receives a device-specific connectivity restriction policy that specifies rules for exercising control over an identified first device's connectivity during communication using a brokered communication protocol, and receives, from the first device, a request to access the brokered communication protocol to enable communication with at least one second device. The network device connects, based on the access request, the first device to the at least one second device to allow the first device to read or write data using the brokered communication protocol. The network device monitors traffic associated with the first device during the first device's use of the brokered communication protocol to read data from, or write data to, the at least one second device, and controls the traffic associated with the first device based on the traffic monitoring and application of the device-specific connectivity restriction policy.
    Type: Grant
    Filed: December 17, 2019
    Date of Patent: June 1, 2021
    Assignee: Verizon Patent and Licensing Inc.
    Inventor: Shukri Wakid
  • Patent number: 11025601
    Abstract: Described embodiments provide systems and apparatuses for enhanced quality of service, steering and policy enforcement for https traffic via intelligent in-line path discovery of a TLS terminating node. The system may include a first network device having a secure connection traversing through the first network device, and in communication with a second network device. The first network device and the second network device may be intermediary to a client device and a server. The first network device may determine that the second network device terminates the secure connection. The first network device may receive key generation information of the secure connection from the second network device following determining the second network device terminates the secure connection.
    Type: Grant
    Filed: December 4, 2018
    Date of Patent: June 1, 2021
    Assignee: Citrix Systems, Inc.
    Inventors: J Mohan Rao Arisankala, Chaitra Maraliga Ramaiah, Karthick Srivatsan
  • Patent number: 11019030
    Abstract: A novel method for stateful packet classification that uses hardware resources for performing stateless lookups and software resources for performing stateful connection flow handshaking is provided. To classify an incoming packet from a network, some embodiments perform stateless look up operations for the incoming packet in hardware and forward the result of the stateless look up to the software. The software in turn uses the result of the stateless look up to perform the stateful connection flow handshaking and to determine the result of the stateful packet classification.
    Type: Grant
    Filed: November 17, 2017
    Date of Patent: May 25, 2021
    Assignee: NICIRA, INC.
    Inventors: Jayant Jain, Anirban Sengupta, Mohan Parthasarathy, Xinhua Hong
  • Patent number: 11012416
    Abstract: Among other things, this document describes systems, devices, and methods for executing rules in an application layer firewall, including in particular a web application firewall (WAF). An application layer firewall engine employs symbolic execution techniques that result in improved performance and efficiency. In preferred embodiments, an arbitrary firewall rule can be pre-processed to discover and define a set of one or more properties that an input must have in order for the input to have the potential to trigger the rule. By quickly examining an input for these properties, then application layer firewall can conclude that the input cannot trigger and therefore skip full execution of the rule against the input. This can be repeated for many if not all rules in a firewall ruleset. When a high proportion of the inputs have the required properties for rule-skipping, performance can be dramatically improved.
    Type: Grant
    Filed: February 20, 2018
    Date of Patent: May 18, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: Andrew Jacob Kahn, Yannis Drougas, Ameya Prakash Shendarkar
  • Patent number: 11006273
    Abstract: Described embodiments provide systems and methods for policy-based authentication, where the policy may designate locations and/or forms of proof of locations, for use in authentication. Some embodiments include or utilize a database storing authentication policies. In an example system, an authentication server in communication with the database is configured to receive a request from a device needing authentication. The request may include a credential. The authentication server is configured to retrieve, from the database storing authentication policies, an authentication policy corresponding to the device, the retrieved authentication policy specifying a location parameter. The authentication server is configured to receive location data from the device and resolve the authentication request using the credential and the received location data pursuant to the retrieved authentication policy.
    Type: Grant
    Filed: October 3, 2017
    Date of Patent: May 11, 2021
    Assignee: Citrix Systems, Inc.
    Inventor: Hao Wu
  • Patent number: 10999271
    Abstract: A client computer includes a web browser connected to a local web server that is coupled with a local utility. Upon loading a web page, the web browser sends, to the local web server, a first open-ended message that does not require a return message from the local web server. In response to and upon receiving a response to the first open-ended message, the web browser maintains communication with the local web server by sending a second open-ended message that does not require a return message to the local web server. The local web server receives the first open-ended message, waits until the local utility determines that there is information to be provided to the web browser, and in response to determining that there is information to be provided to the web browser, sends a first return message including the information to the web browser.
    Type: Grant
    Filed: August 26, 2019
    Date of Patent: May 4, 2021
    Assignee: Spotify AB
    Inventors: Sten Garmark, Nicklas Soderlind, Samuel Cyprian, Aron Levin, Hannes Graah, Erik Hartwig, Gunnar Kreitz
  • Patent number: 10999273
    Abstract: A method and an apparatus for installing a profile in a terminal including a universal integrated circuit card (UICC) corresponding to a smart card security module, which is inserted into a mobile communication terminal and then used are provided. More particularly, a method and an apparatus for remotely installing or removing mobile communication subscriber information in/from a profile of a terminal are provided. The terminal can remotely download the profile from a network server (subscription manager data preparation (SM-DP) or subscription manager secure routing (SM-SR)) without any change in a mobile network operator information technology (IT) system interface rather than downloading the profile of the terminal by the network server.
    Type: Grant
    Filed: March 31, 2020
    Date of Patent: May 4, 2021
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Jonghan Park, Duckey Lee, Seonghun Kim, Heejeong Lee, Sangsoo Jeong, Songyean Cho
  • Patent number: 10986159
    Abstract: Among other things, this document describes systems, devices, and methods for using TLS session resumption tickets to store and manage information about objects that a server or a set of servers has previously delivered to a client and therefore that the client is likely to have in client-side cache. When communicated to a server later, this information can be used to drive server decisions about whether to push an object to a client, e.g., using an HTTP/2 server push function or the like, or whether to send an early hint to the client about anobject.
    Type: Grant
    Filed: January 24, 2020
    Date of Patent: April 20, 2021
    Assignee: Akamai Technologies, Inc.
    Inventors: Utkarsh Goel, Martin T. Flack, Stephen L. Ludin, Moritz M. Steiner
  • Patent number: 10979214
    Abstract: A Secure Hash Algorithm 256 (SHA-256) expander operates over multiple cycles to convert 16 message words, M(t), into 64 working values, W(t), for input into a SHA-256 compressor. As the expander operates to produce W(t), it computes partial values of W(t) as soon as the necessary data operands are available in cycle time. Once computed, the partial values are retained and shifted and any unneeded original shift source values are discarded. When the shift register outputs finally arrive at the output, W(t) is already computed. The expander allows for one-write-port, one-read-port register files to be used in some integrated circuit embodiments. The expander also leads to improvements in adder delays, energy consumption, and area consumption when implemented as an integrated circuit.
    Type: Grant
    Filed: July 24, 2019
    Date of Patent: April 13, 2021
    Inventor: Martin Spence Denham
  • Patent number: 10977203
    Abstract: A data transmission method and an apparatus used in a virtual switch technology are provided. An IO request of a virtual machine VM for accessing a file or a disk is received. When the IO request is to be sent to a physical NIC by using a user mode Open vSwitch (OVS), the IO request is converted into an Internet Small Computer Systems Interface (iSCSI) command in a user mode The iSCSI command is then sent to the user mode OVS. The user mode OVS sends the iSCSI command to the physical NIC.
    Type: Grant
    Filed: October 25, 2018
    Date of Patent: April 13, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Ming Zhang, Lina Lu
  • Patent number: 10979428
    Abstract: A method includes: setting up, by a first network device, a MACSec channel to a second network device according to the MACSec protocol; and sending, by the first network device, an ACP packet to the second network device by using the MACSec channel, where the ACP packet is carried in a MACSec frame, and a frame header of the MACSec frame carries identification information used to identify the ACP packet. By means of the packet transmission method, a MACSec channel is set up between adjacent nodes in a self-organizing network according to the MACSec protocol, and an ACP packet is transmitted between the adjacent nodes by using the MACSec channel and processed.
    Type: Grant
    Filed: January 17, 2018
    Date of Patent: April 13, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Zongpeng Du, Sheng Jiang, Bing Liu
  • Patent number: 10970264
    Abstract: A secure layer extensions unit identifies a secure layer extension identifier associated with a communication protocol supported by a client device; receives, from a secure sockets layer (SSL) engine, a handshake communication in view of the communication protocol, wherein the handshake communication excludes the secure layer extension identifier; generates a modified handshake communication for the client device that includes the secure layer extension identifier in view of the communication protocol; and forwards the modified handshake communication to the client device.
    Type: Grant
    Filed: January 27, 2020
    Date of Patent: April 6, 2021
    Assignee: Red Hat, Inc.
    Inventors: Jean-Frederic Clere, Stuart Wade Douglas
  • Patent number: 10965648
    Abstract: An enforcement module operating on a server or on a network midpoint device obtains a management instruction controlling communications of a target workload. The enforcement module configures a firewall of a network midpoint device upstream from the target workload to enforce the management instruction. The configuration mechanism may be dependent on the particular capabilities and characteristics of the network midpoint device.
    Type: Grant
    Filed: August 28, 2018
    Date of Patent: March 30, 2021
    Assignee: Illumio, Inc.
    Inventors: Rupesh Kumar Mishra, Paul James Kirner
  • Patent number: 10952128
    Abstract: Example techniques relate to re-establishing connectivity of playback devices. In an example implementation, a first playback device determines that a first access point has been replaced with a second access point, wherein the first playback device previously established a valid network connection over the first WLAN using first network parameters. The first playback device connects to the second access point, the second access point providing a second WLAN. The first playback device requests, via the wireless network interface from the second access point, an IP address in a second subnet, the second subnet covering a different range of IP addresses than the first subnet and establishes a network connection over the second WLAN using second network parameters stored in the data storage of the first playback device.
    Type: Grant
    Filed: May 2, 2019
    Date of Patent: March 16, 2021
    Assignee: Sonos, Inc.
    Inventors: Jeffrey Peters, Hrishikesh Gossain
  • Patent number: 10951592
    Abstract: A controller and an accessory controllable by the controller can communicate using secure read and write procedures. The procedures can include encrypting identifiers of accessory characteristics targeted by a read or write operation as well as any data being read or written. The procedures can also include the accessory returning a cryptographically signed response verifying receipt and execution of the read or write instruction. In some instances, a write procedure can be implemented as a timed write in which a first instruction containing the write data is sent separately from a second instruction to execute the write operation; the accessory can disregard the write data if the second instruction is not received within a timeout period after receiving the first instruction.
    Type: Grant
    Filed: September 25, 2018
    Date of Patent: March 16, 2021
    Assignee: Apple Inc.
    Inventors: Kevin P. McLaughlin, Anush G. Nadathur, Matthew C. Lucas, Srinivas Rama, Dennis Mathews
  • Patent number: 10945131
    Abstract: Methods and apparatus for securely storing, using and/or updating credential information, e.g., passwords and user IDs for a user who subscribes to one or more services, e.g., video stream services or other services available through a communications network such as the Internet, are described.
    Type: Grant
    Filed: December 11, 2018
    Date of Patent: March 9, 2021
    Assignee: Charter Communications Operating, LLC
    Inventors: Mark Reimer, Douglas Melroy
  • Patent number: 10929519
    Abstract: A process for authenticating a communication device may include receiving an authentication request including an access credential having a timestamp generated by the communication device may be received by the server. A determination can be made as to whether the communication device had successfully executed a predetermined shutdown sequence by determining whether the access credential has reliable timestamp information. The communication device can be authenticated when the timestamp has a non-reset value indicating that the communication device had successfully executed the predetermined shutdown sequence, and that the access credential has not expired. Step-up authentication for the communication device can be requested when the access credential has unreliable timestamp information indicating that the communication device did not successfully execute the predetermined shutdown sequence.
    Type: Grant
    Filed: November 21, 2019
    Date of Patent: February 23, 2021
    Assignee: Visa International Service Association
    Inventors: Jing Jin, Christian Aabye
  • Patent number: 10924286
    Abstract: Cryptographic keys can include logging properties that enable those keys to be used only if the properties can be enforced by the cryptographic system requested to perform one or more actions using the keys. The logging property can specify how to log use of a respective key. A key can also include a mutability property for specifying whether the logging property can be changed, and if so under what circumstances or in which way(s). The ability to specify and automatically enforce logging can be important for environments where audit logs are essential. These can include, for example, public certificate authorities that must provide accurate and complete audit trails. In cases where the data is not to be provided outside a determined secure environment, the key can be generated with a property indicating not to log any of the usage.
    Type: Grant
    Filed: March 30, 2018
    Date of Patent: February 16, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Alan Rubin, Gregory Branchek Roth
  • Patent number: 10925102
    Abstract: A reader device may generate a first identifier. The reader device may transmit the first identifier to a mobile device. The reader device may receive encrypted data and unencrypted data from the mobile device in which the encrypted data includes a second identifier. The reader device may evaluate whether the first identifier and the second identifier correspond to one another.
    Type: Grant
    Filed: October 23, 2018
    Date of Patent: February 16, 2021
    Assignee: Schlage Lock Company LLC
    Inventors: Jeffrey S. Neafsey, Michael W. Malone, Hamid Abouhashem
  • Patent number: 10911409
    Abstract: Techniques are presented herein for engagement and disengagement of Transport Layer Security proxy services with encrypted handshaking. In one embodiment, a first initial message of a first encrypted handshaking procedure for a first secure communication session between a first device and a second device is intercepted at a proxy device. The first initial message includes first key exchange information for encrypting the first encrypted handshaking procedure. A copy of the first initial message is stored at the proxy device. A second initial message of a second encrypted handshaking procedure for a second secure communication session between the proxy device and the second device is sent from the proxy device to the second device. The second initial message includes second key exchange information for encrypting the second encrypted handshaking procedure. The proxy device determines, based on the second encrypted handshaking procedure, whether to remain engaged or to disengage.
    Type: Grant
    Filed: May 21, 2018
    Date of Patent: February 2, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Jianxin Wang, Prashanth Patil, Flemming Andreasen, Nancy Cam-Winget, Hari Shankar
  • Patent number: 10878439
    Abstract: Provided is a process for managing offers includes: presenting, on a mobile device, offer-creation interfaces by which a merchant specifies an offer, the offer parameters including data indicative of an amount of instances of the offer to be reserved by consumers; obtaining, with the mobile device, the offer parameters; obtaining, with the mobile device, based on wireless signals received by the mobile device indicative of location of the mobile device, a geographic location where consumers are to be alerted to the offer; and sending a request to an affiliate network to distribute the offer to a plurality of publishers within the affiliate network and limit use of the offer according to the specified amount of instances of the offer to be reserved by consumers, wherein the publishers each send a plurality of offers to consumers and wherein the affiliate network tracks redemptions of the offers with merchants.
    Type: Grant
    Filed: March 6, 2014
    Date of Patent: December 29, 2020
    Assignee: RetailMeNot, Inc.
    Inventors: Kyle William Kothe, Edgar Mitchell Dapremont, III, Jimmy Jaejoon Song, Nicole Juneau Ball, Eithan Zilkha, Jeffrey Ryan Rego