Protection At A Particular Protocol Layer Patents (Class 713/151)
  • Patent number: 10104108
    Abstract: A log analysis system for analyze a detection log detected in a monitoring target system includes an acquisition device for detecting detection target processes performed in the monitoring target system, and acquiring a detection log of the detection target processes; and a processor device for processing the detection log acquired by the acquirer. The processor device includes a plurality of processing blocks that perform processing on the detection log sequentially. The processor device performs processing while sending the detection log in order from a most-upstream processing block to downstream processing blocks. A most-downstream processing block of the processor device notifies the most-upstream processing block of the processor device that the detection log has been received.
    Type: Grant
    Filed: March 17, 2016
    Date of Patent: October 16, 2018
    Assignee: LAC CO., LTD.
    Inventors: Hiroshi Fujimoto, Toshihide Nakama
  • Patent number: 10097485
    Abstract: A computer-implemented system and method for reformatting and delivering emails as conversations. The computer-implemented method includes: synchronizing with an email service and receiving an email message via a data network; parsing content of the received email message to identify and suppress email content not related to conversational content and retaining the conversational content; reformatting the received email message to include the conversational content in a chat style format as an expressive conversation; making the expressive conversation available to a client email application; and presenting the expressive conversation to a user via the client email application.
    Type: Grant
    Filed: March 22, 2016
    Date of Patent: October 9, 2018
    Assignee: MAILTIME TECHNOLOGY INC.
    Inventors: He Huang, Chun Kit Lau
  • Patent number: 10097481
    Abstract: In some embodiments, a non-transitory processor-readable medium stores code representing instructions to be executed by a processor. The code causes the processor to receive, from a source peripheral processing device, a portion of a data packet having a destination address associated with a destination peripheral processing device. The code causes the processor to identify, based on the destination address, a service to be performed on the portion of the data packet. The code causes the processor to select, based on the service, an identifier of a service module associated with the service. The code further causes the processor to send the portion of the data packet to the service module via a distributed switch fabric such that the service module performs the service on the portion of the data packet and sends the portion of the data packet to the destination peripheral processing device via the distributed switch fabric.
    Type: Grant
    Filed: June 29, 2012
    Date of Patent: October 9, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Krishna Narayanaswamy, Jean-Marc Frailong, Anjan Venkatramani, Srinivasan Jagannadhan
  • Patent number: 10084761
    Abstract: A variety of techniques for performing identity verification are disclosed. As one example, a verification request is received from a remote user. The verification request pertains to a cryptographic key. In response to receiving a confirmation from a local user of the local device, a verification process is initiated. A result of the verification process is transmitted to the remote user. As a second example, a verification request can be received at the local device, from a local user of the device. A verification process with respect to the local user is initiated, and a result of the verification process is transmitted to a remote user that is different from the local user.
    Type: Grant
    Filed: January 18, 2018
    Date of Patent: September 25, 2018
    Assignee: Wickr Inc
    Inventors: Christopher Howell, Robert Statica, Kara Lynn Coppa
  • Patent number: 10051019
    Abstract: A client device generates a plurality of application windows. For example, a first application window may be provided by a first application that has a first session established with a server system, and a second application window may be provided by a second application that has a second session established with the server system. The client device detects user activity in the first window. Based on the user activity in the first window, the client device sends a message to the server system. The message providing an indication of user activity in one or more of the plurality of windows. The message causes the server system to maintain the second session as active despite inactivity in the second application window.
    Type: Grant
    Filed: March 11, 2013
    Date of Patent: August 14, 2018
    Assignee: WELLS FARGO BANK, N.A.
    Inventors: Manuel Jasso, Arnaud Versini, Ryan Van Oss
  • Patent number: 10044745
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for computer network security risk assessment. One of the methods includes obtaining compromise likelihoods for user accounts. Information describing a network topology of a network is obtained, with the network topology being nodes each connected by an edge to other nodes, each node being associated with a compromise likelihood, and one or more nodes are high value nodes associated with a compromise value. Unique paths to each of the high value nodes are determined for a particular user account. An expected value for each path is determined based on the compromise likelihood of the particular user account, the compromise likelihood of each node included in the path, the communication weight of each edge included in the path, and the compromise value associated with the high value node. User interface data is generated describing at least one path.
    Type: Grant
    Filed: July 11, 2016
    Date of Patent: August 7, 2018
    Assignee: Palantir Technologies, Inc.
    Inventors: Samuel Jones, Joseph Staehle, Lucy Cheng
  • Patent number: 10028296
    Abstract: A node for determining a communication resource management algorithm is provided. The node includes a communication interface configured to obtain a measurement characteristic from a network device, and a circuitry containing instructions. When executed, the instructions cause the node to search a container repository to determine the existence of a measurement category for the measurement characteristic obtained from the network device, and when the container repository includes the measurement category for the network device, determine the communication resource management algorithm based at least on the measurement category.
    Type: Grant
    Filed: June 8, 2015
    Date of Patent: July 17, 2018
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Alex Stephenne, Leonard Lightstone, DongSheng Yu
  • Patent number: 10021070
    Abstract: In one embodiment, a method includes receiving capability information from an end host at a centralized security matrix in communication with a firewall and a plurality of end hosts, verifying at the centralized security matrix, a trust level of the end host, assigning at the centralized security matrix, a firewall function to the end host based on the trust level and capability information, and notifying the firewall of the firewall function assigned to the end host. Firewall functions are offloaded from the firewall to the end hosts by the centralized security matrix. An apparatus and logic are also disclosed herein.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: July 10, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Jin Teng, Subharthi Paul, Thilan Niroshaka Ganegedara, Xun Wang, Saman Taghavi Zargar, Jayaraman Iyer
  • Patent number: 10015018
    Abstract: Cryptographic keys can include logging properties that enable those keys to be used only if the properties can be enforced by the cryptographic system requested to perform one or more actions using the keys. The logging property can specify how to log use of a respective key. A key can also include a mutability property for specifying whether the logging property can be changed, and if so under what circumstances or in which way(s). The ability to specify and automatically enforce logging can be important for environments where audit logs are essential. These can include, for example, public certificate authorities that must provide accurate and complete audit trails. In cases where the data is not to be provided outside a determined secure environment, the key can be generated with a property indicating not to log any of the usage.
    Type: Grant
    Filed: July 21, 2017
    Date of Patent: July 3, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Gregory Alan Rubin, Gregory Branchek Roth
  • Patent number: 10009183
    Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
    Type: Grant
    Filed: September 20, 2016
    Date of Patent: June 26, 2018
    Assignee: CLOUDFLARE, INC.
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
  • Patent number: 10003678
    Abstract: The present invention provides an apparatus for processing at least one PDU (protocol data unit) in an N layer in a transmitting side of a broadcast system, the apparatus comprising a PDU processor for receiving at least one higher (N+1) layer PDU and generating a PDU including the received at least one higher (N+1) layer PDU and a PDU post-processor for post processing the generated PDU and transmitting the post-processed PDU to a lower (N?1) layer.
    Type: Grant
    Filed: December 3, 2014
    Date of Patent: June 19, 2018
    Assignee: LG Electronics Inc.
    Inventors: Woosuk Kwon, Sejin Oh, Woosuk Ko, Sungryong Hong, Kyoungsoo Moon
  • Patent number: 9992310
    Abstract: An egress frame processing method, an Ethernet frame is received. Information defining an Internet Protocol (IP) tunnel between the network device and a peer network device over a public wide area network is determined. A media access control security (MACsec) policy that defines how to protect the Ethernet frame is determined based on the information defining the IP tunnel. The Ethernet frame is protected according to the MACsec policy. The following fields are appended to the protected Ethernet frame: (i) an unprotected layer 3 (L3) encapsulation identifying a layer 2 (L2)-over-L3 tunnel protocol; (ii) an unprotected IP header corresponding to the IP tunnel; and (iii) an unprotected outer Ethernet header, to produce a partly protected egress frame. The partly protected egress frame is transmitted to the peer network device over the IP tunnel of the public wide area network.
    Type: Grant
    Filed: March 22, 2016
    Date of Patent: June 5, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Kuralvanan Arangasamy, Brian Eliot Weis, Rakesh Chopra, Hugo J. W. Vliegen
  • Patent number: 9992172
    Abstract: A system for remotely storing data includes a communication component that is configured to receive a data file to be stored on a remote data storage system. An encryption system is configured to obtain at least one key and encrypt the data file with the at least one key. A processor is configured to generate a request to a master key storage system through the communication component to operatively encrypt the at least one key using a master key stored in the master key storage system. The communication component is configured to transmit the encrypted data file to at least one remote storage location. The processor is configured to receive the encrypted key(s) from the master key storage system and store the encrypted key(s) in a data store.
    Type: Grant
    Filed: September 15, 2015
    Date of Patent: June 5, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Dan Winter, David C. Oliver, Jeffrey L. McDowell, Zejian Wang, Parul Manek
  • Patent number: 9992027
    Abstract: Cryptographic keys can include logging properties that enable those keys to be used only if the properties can be enforced by the cryptographic system requested to perform one or more actions using the keys. The logging property can specify how to log use of a respective key. A key can also include a mutability property for specifying whether the logging property can be changed, and if so under what circumstances or in which way(s). The ability to specify and automatically enforce logging can be important for environments where audit logs are essential. These can include, for example, public certificate authorities that must provide accurate and complete audit trails. In cases where the data is not to be provided outside a determined secure environment, the key can be generated with a property indicating not to log any of the usage.
    Type: Grant
    Filed: September 14, 2015
    Date of Patent: June 5, 2018
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Gregory Alan Rubin, Gregory Branchek Roth
  • Patent number: 9967372
    Abstract: In an egress processing method, an egress frame is received. The egress frame includes an outer Ethernet frame, an Internet Protocol (IP) header, a layer 3 (L3) encapsulation identifying a layer 2 (L2)-over-L3 tunnel protocol, and an inner Ethernet frame with a payload. The outer Ethernet frame, the IP header, and the inner Ethernet frame, and the L3 encapsulation are parsed. Based on results of the parsing, a media access control security (MACsec) policy that defines how to protect the inner Ethernet frame is determined, and the inner Ethernet frame is protected according to the MACsec policy, while leaving unprotected the outer Ethernet frame, the IP header, and the L3 encapsulation, to produce a partly protected output egress frame. The partly protected output egress frame is transmitted to the peer network device over a public wide area network.
    Type: Grant
    Filed: March 22, 2016
    Date of Patent: May 8, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Kuralvanan Arangasamy, Brian Eliot Weis, Rakesh Chopra, Hugo J. W. Vliegen
  • Patent number: 9967280
    Abstract: A security appliance may incorporate a touch screen or similar input/output interface, providing command and control over network functionality and configuration, without requiring log in via a network from another computing device. During denial of service attacks, commands from the local interface may be given priority access to processing resources and memory, allowing mitigating actions to be taken, such as shutting down ports, blacklisting packet sources, or modifying filter rules. This may allow the security device to address attacks without having to be manually rebooted or disconnected from the network.
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: May 8, 2018
    Assignee: Fortress Cyber Security, LLC
    Inventor: Dejan Nenov
  • Patent number: 9967279
    Abstract: A system and method for adaptively securing a protected entity against cyber-threats. The method comprises: determining, based on at least one input feature, at least one normalization function, wherein the at least one input feature defines an attribute of a data flow to be evaluated by the SDE; receiving at least one engine rule describing an anomaly to be evaluated; and creating an inference system including at least one inference unit, wherein each inference unit is determined based on one of the received at least one engine rule, wherein the inference system computes a score of anomaly (SoA) respective of the at least one input feature.
    Type: Grant
    Filed: May 19, 2015
    Date of Patent: May 8, 2018
    Assignee: Empow Cyber Security Ltd.
    Inventors: Avi Chesla, Shlomi Medalion
  • Patent number: 9961103
    Abstract: A network-based appliance includes a mechanism to intercept, decrypt and inspect secure network traffic flowing over SSL/TLS between a client and a server. The mechanism responds to detection of a session initiation request message from the client, the message being received following establishment of a TCP connection between the client and server. The mechanism responds by holding the session initiation request message, preferably by creating a fake socket to a local process, and then diverting the request message over that socket. The TCP connection is then terminated, and the mechanism initiates a new session in initiation request message, all while the original session initiation request message continues to be held. The server responds with its server certificate, which is then used by the mechanism to generate a new server certificate. The new server certificate is then returned to the requesting client as the response to the session initiation request message.
    Type: Grant
    Filed: October 28, 2014
    Date of Patent: May 1, 2018
    Assignee: International Business Machines Corporation
    Inventors: Ronald Becker Williams, Paul Coccoli, John William Court, Gregory Lyle Galloway, Matthew Joseph Kubilus, Steven Ashley Mazur, Joseph Karl Vossen
  • Patent number: 9942443
    Abstract: An information processing apparatus includes plural communication interfaces, a specifying unit, a network determining unit, and a transmission controller. The plural communication interfaces are individually connected to plural communication networks having different security levels. The specifying unit specifies a destination terminal to which a file stored in a data memory is to be transmitted. The network determining unit determines a communication network, among the plural communication networks, via which the file is to be transmitted to the destination terminal. The transmission controller prohibits transmission of the file to the destination terminal in a case where a security level set to the file is higher than a security level set to the communication network determined by the network determining unit.
    Type: Grant
    Filed: September 4, 2015
    Date of Patent: April 10, 2018
    Assignee: FUJI XEROX CO., LTD.
    Inventor: Akiko Mochizuki
  • Patent number: 9942129
    Abstract: The subject matter of the invention is a communication method comprising the establishment of a communication route to a target partner not reachable by direct addressing by by-passing a node blocking the direct connection, further comprising the steps of setting up a TURN server at one or more users of the communication network in response to a definite and pre-granted request or in advance, and implementing the communication route to be established via at least one mentioned TURN server, with the effective mutual authorization management of the users involved in the communication session.
    Type: Grant
    Filed: November 28, 2014
    Date of Patent: April 10, 2018
    Assignees: Szegedi Tudományegyetem, Budapesti Müszaki és Gazdaságtudományi Egyetem
    Inventors: Péter Ekler, Charaf Hassan, Bertalan Forstner, László Lengyel, Róbert Béládi, Vilmos Bilicki, Tibor Gyimóthy, Szilárd Iványi, Vilmos Szücs, Ádám Végh, Zoltán Rak, Márk Jelasity
  • Patent number: 9935879
    Abstract: A TCP connection is established between a client and a server, such that packets communicated across the TCP connection pass through a proxy. Based at least in part on a result of monitoring packets flowing across the TCP connection, the proxy determines whether to split the TCP control loop into two TCP control loops so that packets can be inspected more thoroughly. If the TCP control loop is split, then a first TCP control loop manages flow between the client the proxy and a second TCP control loop manages flow between the proxy and the server. Due to the two control loops, packets can be held on the proxy long enough to be analyzed. In some circumstances, a decision is then made to stop inspecting. The two TCP control loops are merged into a single TCP control loop, and thereafter the proxy passes packets of the TCP connection through unmodified.
    Type: Grant
    Filed: December 29, 2012
    Date of Patent: April 3, 2018
    Assignee: Netronome Systems, Inc.
    Inventors: Roelof Nico du Toit, Jacques Fourie, Peter Liudmilov Djalaliev
  • Patent number: 9935944
    Abstract: At a client computer, a web browser displays a control for a local utility executed on the client computer, wherein the control includes a link. The web browser receives a user input selecting the control and, in response to the user input, issues a request through the link to a local web server coupled with the local utility. The link includes a domain that resolves to a loopback network address. The loopback network address is a self-referencing address for the local web server at the client computer. The local web server receives the request and provides the local utility with a command portion of the request. In response to receiving the command portion of the request from the local web server, the local utility takes one or more actions based on the command portion of the request.
    Type: Grant
    Filed: August 30, 2016
    Date of Patent: April 3, 2018
    Assignee: Spotify AB
    Inventors: Sten Garmark, Nicklas Soderlind, Samuel Cyprian, Aron Levin, Hannes Graah, Erik Hartwig, Gunnar Kreitz
  • Patent number: 9934166
    Abstract: A method providing simple fine-grain hardware primitives with which software engineers can efficiently implement enforceable separation of programs into modules and constraints on control flow, thereby providing fine-grain locality of causality to the world of software. Additionally, a mechanism is provided to mark some modules, or parts thereof, as having kernel privileges and thereby allows the provision of kernel services through normal function calls, obviating the expensive prior art mechanism of system calls. Together with software changes, Object Oriented encapsulation semantics and control flow integrity in hardware are enforced.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: April 3, 2018
    Inventors: Daniel Shawcross Wilkerson, Mark William Winterrowd
  • Patent number: 9930713
    Abstract: This disclosure describes systems, methods, and devices related to link aggregation between devices. A device may encode a multi-band element for transmission using a first interface of one or more interfaces to a first device. The device may cause to send a first link aggregation setup request to the first device including at least in part the multi-band element. The device may identify a first link aggregation setup response from the first device. The device may cause to establish a multi-band link aggregation session with the first device using the first interface.
    Type: Grant
    Filed: December 29, 2016
    Date of Patent: March 27, 2018
    Assignee: Intel IP Corporation
    Inventors: Laurent Cariou, Bahareh Sadeghi, Yaron Alpert, Carlos Cordeiro, Robert Stacey
  • Patent number: 9924039
    Abstract: An apparatus, a method, and a computer program receive a request message from a mobile device to connect with an agent and authenticate the request message and provisioning a database for enabled services and service location. A service provider is identified and selected from a plurality of service providers. As a result, the request message is transmitted to the service provider in order to determine availability of the service provider.
    Type: Grant
    Filed: May 16, 2017
    Date of Patent: March 20, 2018
    Assignee: West Corporation
    Inventors: Michael T. Mateer, James K. Boutcher, Jesse Andersen
  • Patent number: 9917822
    Abstract: A processing system for distributed multi-tier applications is provided. The system includes a server component that executes a replica of a client-side application, where a client component executes the client-side application. The client component captures events from the client-side application and transmits the events to the replica to validate the computational integrity security of the application.
    Type: Grant
    Filed: April 8, 2014
    Date of Patent: March 13, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Benjamin Livshits, Henricus Johannes Maria Meijer, Cedric Fournet, Jeffrey Van Gogh, Danny van Velzen, Abhishek Prateek, Krishnaprasad Vikram
  • Patent number: 9912699
    Abstract: A network device may receive a packet flow, and may identify an application associated with the packet flow. The network device may determine that packets associated with the application are not to be encrypted using a security protocol. The network device may store a rule that indicates that the packets are not to be encrypted using the security protocol based on determining that the packets are not to be encrypted using the security protocol. The rule may include network layer information or transport layer information associated with the packet flow, and may exclude application layer information associated with the packet flow. The network device may transmit, based on the rule, the packets without using the security protocol to encrypt the packets.
    Type: Grant
    Filed: December 30, 2015
    Date of Patent: March 6, 2018
    Assignee: Juniper Networks, Inc.
    Inventors: Mithun Hebbar, Vijay Anand
  • Patent number: 9906409
    Abstract: A method and a network node device run Push-Button Configuration sessions within a heterogeneous network, IEEE 1905.1, using a push button configuration mechanism that ensures that only one single new network node device is registered for a single push button key press event and thus overlapping Push-Button Configuration sessions within a heterogeneous network are prevented. After finishing the push button configuration mode, the number of new nodes is checked. If more than one node has been added, a configuration roll-back is performed. Preferably, the push button configuration roll-back is performed as soon as the authentication of more than one distinct node has been detected. The roll-back includes the deletion or deactivation of credentials established by the push-button configuration.
    Type: Grant
    Filed: December 12, 2012
    Date of Patent: February 27, 2018
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Michael Bahr, Rainer Falk, Parag Mogre
  • Patent number: 9900301
    Abstract: A device management service provide a centralized credential provisioning system which can instantiate a proxy device that facilitates remote connections between various computing devices and various client devices. The device management service can manage instances of proxy devices in a resource provider environment that are associated with various computing devices. When a client device requests to access a computing device, the device management service can identify an instance of a proxy device associated with the computing device. The instance of the proxy device and the computing device can be configured to securely connect using credentials exchanged through, and managed by, the device management service. The computing device can be instructed to connect to the instance of the proxy device, and the client device can be provided with access information for the instance of the proxy device.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: February 20, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: David Craig Yanacek, Rameez Loladia
  • Patent number: 9894044
    Abstract: In a telecommunication network, a modular expandable gateway connects a local area network to a wide area network and includes a base module and a plurality of add-on modules arranged in one or more stacks, the base module and the add-on modules including respective encryption/decryption engines to exchange secure information with each other, thus frustrating any possible fraudulent interception of the information at the module interconnections.
    Type: Grant
    Filed: October 15, 2004
    Date of Patent: February 13, 2018
    Assignees: TELECOM ITALIA S.P.A., ADVANCED DIGITAL BROADCAST SA
    Inventors: Mauro Robba, Claudio Zammarchi, Giorgio Grasso
  • Patent number: 9886590
    Abstract: An application platform examines, at runtime, various specified aspects of an application environment in which an application interacts with a user. Such examinations are made to determine a state for each of the various specified aspects. Further, the platform automatically activates particular application environment roles for the user depending on the result of the examinations. For example, an application environment role may be activated representing a particular detected mode of communication (e.g., encrypted network communications) or a particular detected manner of authentication (e.g., password authentication). Such activations are based on the detected states and specified states for the various specified aspects of the application environment. Such activations may occur in the context of an application attempting to perform an operation on an access controlled object on behalf of a user.
    Type: Grant
    Filed: July 23, 2009
    Date of Patent: February 6, 2018
    Assignee: Oracle International Corporation
    Inventors: Janaki Narasinghanallur, Min-Hank Ho, Thomas Keefe, Eric Sedlar, Chi Ching Chui, Vikram Pesati
  • Patent number: 9887838
    Abstract: A method, device, and system for establishing a secure communication session with a server includes initiating a request for a secure communication session, such as a Secure Sockets Layer (SLL) communication session with a server using a nonce value generated in a security engine of a system-on-a-chip (SOC) of a client device. Additionally, a cryptographic key exchange is performed between the client and the server to generate a symmetric session key, which is stored in a secure storage of the security engine. The cryptographic key exchange may be, for example, a Rivest-Shamir-Adleman (RSA) key exchange or a Diffie-Hellman key exchange. Private keys and other data generated during the cryptographic key exchange may be generated and/or stored in the security engine.
    Type: Grant
    Filed: December 15, 2011
    Date of Patent: February 6, 2018
    Assignee: Intel Corporation
    Inventors: Hormuzd M. Khosravi, Edward C. Epp, Farhana Kabir
  • Patent number: 9881139
    Abstract: Managing and accessing media items, including: a plurality of domains configured to provide access to media items; a plurality of clients associated with the plurality domains, and providing a pathway for accessing the media items; and a spanning application configured to track and aggregate accessible media items from the plurality of domains based on authentication and registration information and associated rights of the plurality of clients and the plurality of domains, wherein the spanning application enables accessing of the media items across the plurality of domains.
    Type: Grant
    Filed: March 15, 2016
    Date of Patent: January 30, 2018
    Assignees: SONY CORPORATION, SONY PICTURES ENTERTAINMENT INC.
    Inventor: Richard Berger
  • Patent number: 9871766
    Abstract: Methods, network controllers, and machine-readable and executable instructions are provided to determine a secure path between a source device and a destination device. The secure path may be via a plurality of network devices. The secure path may be determined based on a security capability of each of the plurality of network devices in the secure path. Data may be forwarded between the source device and the destination device, via the plurality of network devices, based on the determined path.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: January 16, 2018
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Parvez Syed Mohamed, Craig J. Mills, Shaun Wakumoto
  • Patent number: 9871764
    Abstract: The present invention relates to a method and system for performing deep packet inspection of messages transmitted through a network switch in a Software Defined Network (SDN). Embodiments of the invention include a network switch, a controller, and a firewall in a software defined networking environment. In the present invention, the network switch is a simple network switch that is physically separate from the controller and the firewall. The invention may include a plurality of physically distinct network switches communicating with one or more controllers and firewalls. In certain instances, communications between the network switch, the controller, and the firewall are performed using the Open Flow standard communication protocol.
    Type: Grant
    Filed: November 22, 2016
    Date of Patent: January 16, 2018
    Assignee: SONICWALL INC.
    Inventors: Hui Ling, Zhong Chen
  • Patent number: 9858085
    Abstract: An information processing apparatus according to the present invention includes a CPU a memory an application that operates on an OS and a BIOS that, in the memory, secures an area in which the BIOS shares data with the application in an area in which the OS cannot update data.
    Type: Grant
    Filed: January 26, 2015
    Date of Patent: January 2, 2018
    Assignee: NEC CORPORATION
    Inventor: Yasuo Miyabe
  • Patent number: 9860267
    Abstract: Disclosed are systems and methods for eliminating vulnerabilities of smart devices connected to a data network. An example method includes: identifying a router providing access to the data network, obtaining access to the network and transmitting a request through the data network to obtain access to a smart device on the network. Furthermore, the method includes accessing the smart device to obtain its settings, comparing the settings with known vulnerabilities, determining an action for repairing the a network vulnerability associated with the settings of the device, and transmitting instructions to the smart device to perform the action to repair network vulnerability associated with the setting.
    Type: Grant
    Filed: August 11, 2016
    Date of Patent: January 2, 2018
    Assignee: AO KASPERSKY LAB
    Inventors: Vyacheslav E. Rusakov, Marta Anna Janus
  • Patent number: 9842210
    Abstract: The present disclosure provides a network architecture and verification platform for analyzing the various modules of a Unified Extensible Firmware Interface (UEFI) firmware image. In one embodiment, the disclosed network architecture and verification platform obtains various UEFI firmware images, such as UEFI firmware image residing on a client device or a UEFI firmware image hosted by a hardware manufacturer. The network architecture and verification platform may then segregate the various UEFI firmware modules that make up the UEFI firmware image, and subject the modules to different types of analysis. By analyzing the UEFI firmware modules individually, the network architecture and verification platform builds a repository of Globally Unique Identifiers (GUIDs) referenced by a given UEFI firmware module, which may then be referenced in future analyses to determine whether any changes, and the extent of such changes, have been made to an updated version of the given UEFI firmware module.
    Type: Grant
    Filed: January 16, 2015
    Date of Patent: December 12, 2017
    Assignee: Raytheon Company
    Inventor: Robert Allen Rose
  • Patent number: 9830767
    Abstract: A gambling hybrid game that provides game history validation is disclosed. The gambling hybrid game includes an entertainment system engine that provides an entertainment game to a user, a real world engine that provides gambling games to users, and a game world engine that monitors the entertainment game and provides gambling games when appropriate. The entertainment system engine stores game history information in response to a trigger event and provides at least a portion of the stored game history information to a game world engine. The game world engine stores received portion of the game history information. When a request for game history verification is received by the game world engine, the game world engine retrieves the game history information from the entertainment system engine and used the portion of the game history information stored by the game world engine to verify the game history information from the entertainment system engine.
    Type: Grant
    Filed: September 14, 2015
    Date of Patent: November 28, 2017
    Assignee: Gamblit Gaming, LLC
    Inventors: Miles Arnone, Frank Cire, Clifford Kaylin, Scott Shimmin, Eric Meyerhofer
  • Patent number: 9825952
    Abstract: An embodiment of the invention allows a network access server to control network access for individual applications that run on a device. The device may be included in a machine-to-machine environment. The embodiment may provide a secure channel between the network access server and the device access layer and another secure channel between the device access layer and the device application layer. Thus, before applications are allowed to access the network those applications may be required to authenticate themselves via a secure channel. Other embodiments are described herein.
    Type: Grant
    Filed: December 30, 2011
    Date of Patent: November 21, 2017
    Assignee: Intel Corporation
    Inventors: Ashok Sunder Rajan, Rakesh Dodeja, David A. De Vries, Hemaprabhu Jayanna, William J. Tiso, Kevin W. Bross, Robert J. Hunter
  • Patent number: 9825913
    Abstract: A novel method for stateful packet classification that uses hardware resources for performing stateless lookups and software resources for performing stateful connection flow handshaking is provided. To classify an incoming packet from a network, some embodiments perform stateless look up operations for the incoming packet in hardware and forward the result of the stateless look up to the software. The software in turn uses the result of the stateless look up to perform the stateful connection flow handshaking and to determine the result of the stateful packet classification.
    Type: Grant
    Filed: June 4, 2014
    Date of Patent: November 21, 2017
    Assignee: NICIRA, INC.
    Inventors: Jayant Jain, Anirban Sengupta, Mohan Parthasarathy, Xinhua Hong
  • Patent number: 9813353
    Abstract: Disclosed are an apparatus and method of performing a data file migration to a cloud source. One example method of operation may include establishing via a transmitter an application programming interface (API) connection to an enterprise network, identifying via a processor one or more present allocation parameters being utilized by one or more virtual machines operating on the enterprise network. The method may also provide requesting via the transmitter a directory file structure and identifying via the processor at least one data file for data migration to a remote cloud storage server based on predetermined criteria.
    Type: Grant
    Filed: June 6, 2013
    Date of Patent: November 7, 2017
    Assignee: Open Invention Network LLC
    Inventor: John Michael Suit
  • Patent number: 9794606
    Abstract: Disclosed herein are a method and device for transmitting digital content. A selection of at least one device authorized to receive digital content is detected. It is identified whether each selected device contains a session key that corresponds to a local session key. Digital content is transmitted to each device whose session key corresponds to the local key. Digital content is prevented from transmission to unselected devices not having a corresponding session key.
    Type: Grant
    Filed: April 29, 2014
    Date of Patent: October 17, 2017
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Sangmi Park, Hyunho Park, Jupyo Hong
  • Patent number: 9794311
    Abstract: Transport accelerator (TA) systems and methods for accelerating delivery of content to a user agent (UA) of a client device are provided according to embodiments of the present disclosure. Embodiments comprise a TA architecture implementing a connection manager (CM) and a request manager (RM). A CM of embodiments requests chunks of content from a content server, receives data in response to requesting the chunks of content, wherein the received data is missing data from a requested chunk of content, and provides a receipt acknowledgement (ACK) for the missing data. The received data, which is missing data from a requested chunk of the chunks of content, may be passed through a communication protocol stack to an application for assembly into a one or more content objects.
    Type: Grant
    Filed: May 28, 2014
    Date of Patent: October 17, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Yinian Mao, Fatih Ulupinar, Michael George Luby, Lorenz Christoph Minder
  • Patent number: 9794246
    Abstract: An apparatus may include a communication interface and a security component. The communication interface may be configured to receive a Constrained Application Protocol (CoAP) message including authentication data. The security component may be configured to perform message validation based on the authentication data.
    Type: Grant
    Filed: July 21, 2016
    Date of Patent: October 17, 2017
    Assignee: EXILANT Technologies Private Limited
    Inventor: Vishnu Sharma
  • Patent number: 9794758
    Abstract: Systems and methods for improving data transmission rates in communication networks are disclosed. In an 802.11 wireless communication network, where a source node of the wireless network transmits TCP data to a destination node of the wireless network, the destination node does not transmit TCP acknowledgments (ACKs) for the TCP data if 802.11 ACKs indicate that the destination node received the TCP data. If a source outside the wireless network transmits TCP data to the destination node within the wireless network through an intermediate device, such as an access point, the destination node suppresses transmitting TCP ACKs. The intermediate device transmits TCP ACKs as proxy for the destination node to the source. The intermediate device also suppresses TCP ACKs where a source node within the wireless network sends the TCP data to a destination node outside of the wireless network.
    Type: Grant
    Filed: December 22, 2015
    Date of Patent: October 17, 2017
    Assignee: RUCKUS WIRELESS, INC.
    Inventors: William S. Kish, John Chanak
  • Patent number: 9787651
    Abstract: A method and a device for setting up a session key between a source entity and a target entity in a communication network comprises a plurality of communicating entities. The method, which relies on the use of symmetrical cryptographic primitives, provides each entity in the session with protection against denial of service attacks by setting up a session in four or five message exchanges.
    Type: Grant
    Filed: March 12, 2014
    Date of Patent: October 10, 2017
    Assignee: COMMISSARIAT A L'ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES
    Inventors: Aymen Boudguiga, Nouha Oualha, Alexis Olivereau, Christophe Janneteau
  • Patent number: 9787710
    Abstract: A method and system is provided for eliminating vulnerabilities on a data network including a router for directing data in the data network. An example method includes transmitting a request through the data network to obtain access to a device coupled to the data network; accessing the device to obtain a list of available resources of the device; comparing each of the available resources of the device with resource rules in a database to identify network vulnerabilities associated with the available resources and determining an action for repairing the network vulnerabilities associated with the available resources of the device. Furthermore, according to the method, instructions can be transmitted to the device to perform the action for repairing the network vulnerabilities associated with the available resources.
    Type: Grant
    Filed: May 6, 2016
    Date of Patent: October 10, 2017
    Assignee: AO Kaspersky Lab
    Inventors: Vyacheslav E. Rusakov, Marta Anna Janus
  • Patent number: 9766141
    Abstract: Systems and methods are disclosed for dynamic addressing of optical fiber sensors in fiber optic interferometry systems. Events that occur along the optical fiber span have defining attributes such as location along the optical fiber span, type, magnitude, time of occurrence, and duration. The event attributes may be used to dynamically form a unique address that fully defines and identifies the event. Other information, such as the corresponding identifier for one or more of the optical fiber span and the corresponding fiber optic interrogator may be included as part of the unique address.
    Type: Grant
    Filed: May 13, 2016
    Date of Patent: September 19, 2017
    Assignee: Adelos, Inc.
    Inventors: Dan Alan Preston, Calvin Hewitt, James Alexander Philp
  • Patent number: 9769205
    Abstract: The present invention is directed towards systems and methods for managing one or more SSL sessions. A first node from a cluster of nodes intermediary between a client and a server may receive a first request from the client to use a first session established with the server. The first request may include a session identifier of the first session. The first node may determine that the first session is not identified in a cache of the first node. The first node may identify, via a hash table responsive to the determination, an owner node of the first session from the cluster using a key. The key may be determined based on the session identifier. The first node may send a second request to the identified owner node for session data of the first session. The session data may be for establishing a second session with the server.
    Type: Grant
    Filed: April 4, 2014
    Date of Patent: September 19, 2017
    Assignee: Citrix Systems, Inc.
    Inventors: Sikha Gopinath, Ashoke Saha, Tushar Kanekar