Protection At A Particular Protocol Layer Patents (Class 713/151)
  • Patent number: 12166653
    Abstract: A first network device sends a request packet to a second network device or a network management device, where the request packet is used to request to confirm whether the second network device has an iFIT capability; and the first network device receives a confirmation packet sent by the second network device or the network management device, where the confirmation packet includes confirmation information used to confirm whether the second network device has the iFIT capability.
    Type: Grant
    Filed: April 14, 2022
    Date of Patent: December 10, 2024
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Yeyi Ji, Fang Xin, Ruixia Li, Feng Xu
  • Patent number: 12135797
    Abstract: Examples of scheduled and on-demand volume encryption suspension are described. A management service can identify multi-volume encryption rules for local volumes of a client device including the operating system volume as well as non-operating-system volumes. The encryption rules can be transmitted to the client device. Volume encryption samples for the client device can be received, and a console user interface can be generated to indicate compliance status information for the multi-volume encryption rules for local volumes of a client device.
    Type: Grant
    Filed: July 9, 2021
    Date of Patent: November 5, 2024
    Assignee: Omnissa, LLC
    Inventors: Neeraj Saluja, Muhammad Anadil Furqan, Kevin B. Sheehan
  • Patent number: 12132846
    Abstract: The method provides for dynamic retrieval of certificates, with remote, secure, and scalable lifecycle management. It enables configuring, generating, issuing, and sending client certificates by a certificate broker service to client applications, sending client certificates by client applications to server applications, and verifying of client certificates by server applications for host address, network address, network mash, network scope, and IP address pool-based authorization. It is an agentless method to achieve device protection, application security, and data protection with data authenticity and confidentiality in intra-device, inter-device, device-to-edge, and device-to-cloud secure communications. It helps Transport Layer Security and Internet Key Exchange enabled applications retrieve leaf certificates and the associated private key, and verify certificates, programmatically for certificate-based authentication during protocol handshake, with host and network address-based authorization policies.
    Type: Grant
    Filed: February 7, 2024
    Date of Patent: October 29, 2024
    Assignee: SYMMERA INC.
    Inventor: Srinivas Kumar
  • Patent number: 12127001
    Abstract: There is provided an apparatus configured to protect security of communication in roaming scenarios between a first network and a second network, the apparatus being a first apparatus residing in the first network and comprising means for in response to a selection of transport layer security as a security capability mechanism, transmitting, to a second apparatus residing in the second network and configured to protect security of communication in roaming scenarios between the first network and the second network, a request to terminate connections over a forwarding interface between the first apparatus and the second apparatus.
    Type: Grant
    Filed: January 27, 2022
    Date of Patent: October 22, 2024
    Assignee: Nokia Technologies Oy
    Inventors: Rekha Bharathi Somashekar, Sreejesh Sreekumar, Diwakar Jois, Minisha Das, Bruno Landais, Anja Jerichow
  • Patent number: 12120509
    Abstract: According to an embodiment, an electronic device may include: a communication module comprising communication circuitry configured to operate in Bluetooth low energy (BLE), a memory, and at least one processor operatively coupled to the communication module and the memory. The at least one processor may be configured to: receive authentication information about each function from an external electronic device via BLE, the authentication information about each function including information about data for the function and information about an access right level of the function, store the received authentication information about each function in the memory, and control the communication module to transmit an authentication index of each function corresponding to the authentication information about the function to the external electronic device by BLE.
    Type: Grant
    Filed: April 5, 2022
    Date of Patent: October 15, 2024
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Daesung Cho, Hyeeun Choi
  • Patent number: 12120530
    Abstract: A communication system is described. The communication system includes 5g base stations (gNodeB) which are communicatively coupled to a user equipment (UE) by a multiple radio access technology (multi-RAT) dual connectivity. A first of the gNodeBs is a master gNodeB which relays control signaling from a 5G network core to a secondary gNodeB. To avoid spectral interference of the control signals between the master gNodeB and the secondary gNodeB, the control signals are transmitted according to a tactical waveform protocol selected from the Department of Defense (DoD) Communication Waveform Inventory (2020), such as a common data link (CDL) protocol.
    Type: Grant
    Filed: December 3, 2021
    Date of Patent: October 15, 2024
    Assignee: Rockwell Collins, Inc.
    Inventors: John V. Thommana, James A. Stevens
  • Patent number: 12089906
    Abstract: Approaches for remotely controlling a robotic surgery system located at a patient-side location are disclosed. Disclosed approaches reduce transmission delay and ensure reliable transmission for controlling a robotic surgery system from a remote location, which may be in a different city, state, or country. For surgeons, remote surgery facilitates optimal utilization of their time and provides access to a sufficient volume of patients to perfect their skills. For patients, remote surgery creates ample access to the right surgeon and the right care at an affordable price, decreases the need for travel, and reduces delayed care.
    Type: Grant
    Filed: October 17, 2023
    Date of Patent: September 17, 2024
    Assignee: Sovato Health, Inc.
    Inventors: Blair Whitney, Steven Butner, Tyler Grotenhuis, Yulun Wang, Daniel Haskell
  • Patent number: 12074899
    Abstract: A method performed by a security system that can analyze a vulnerability or a risk applicable to a network entity to identify a cybersecurity threat and associated risk level. The security system can store indications of cybersecurity threats and risk levels in a database of a Domain Name System (DNS). The security system can monitor and resolve network traffic to determine IP addresses or URLs associated with the cybersecurity threats. The security system stores a map of the cybersecurity threats and IP addresses or URLs such that the security system can protect a network entity by processing network traffic to sources or destinations of network traffic that can harm particular network entities, and execute personalized security procedures to protect the network entities.
    Type: Grant
    Filed: November 17, 2022
    Date of Patent: August 27, 2024
    Assignee: T-Mobile USA, Inc.
    Inventor: Venson Shaw
  • Patent number: 12074889
    Abstract: A low number of available Internet Protocol (IP) addresses is detected in an IP pool that available for lease from the Dynamic Host Configuration Protocol (DHCP) server. A neighbor table from a gateway device behind a firewall that blocks Internet Control Message Protocol (ICMP) echo requests from the DHCP server. The gateway device is triggered to broadcast an Address Resolution Protocol (ARP) request to network devices of the neighbor table behind the firewall to determine whether a specific IP address is in use. Responsive to an ARP response not being received, the control module releasing a lease for the specific IP thereby returning to the IP pool available for lease in the DHCP server.
    Type: Grant
    Filed: September 30, 2021
    Date of Patent: August 27, 2024
    Assignee: Fortinet, Inc.
    Inventor: Alessandro Pasta
  • Patent number: 12069108
    Abstract: A computing system and method that can be used for a video conferencing system including a watchdog to ensure that all data associated with the video conference is encrypted from end-to-end. In particular, aspects of the present disclosure provide a secure and private approach to conducting remote meetings. For example, the watchdog can monitor the data associated with the video conference, ranging from call setup data to video image and audio data transmitted from one or more client computing devices. In particular, the present disclosure provides a method for ensuring that the video conference data is protected by using multiple steps and monitoring the video conference data while the video conference is ongoing such that remedial measures can be taken immediately when a breach in security is determined.
    Type: Grant
    Filed: December 15, 2021
    Date of Patent: August 20, 2024
    Assignee: GOOGLE LLC
    Inventors: Daniel Petersson, Artem Vladimirovich Titarenko, James Michael McCollum, Stefan Lindmark
  • Patent number: 12052216
    Abstract: Techniques are described herein that are capable of using entity name mapping for routing network traffic having encrypted SNI headers. A name resolution request that specifies an entity name is intercepted. Translation of the entity name to a representation of an IP address associated with the entity name is caused. A mapping that cross-references the representation of the IP address to the entity name is stored. A data transfer request that requests establishment of a connection to a destination corresponding to the representation of the IP address is intercepted. The data transfer request includes an encrypted SNI header and a payload. Establishment of the connection to the destination is initiated by providing the encrypted SNI header, the payload, and metadata toward the destination. The metadata includes the entity name based on the mapping.
    Type: Grant
    Filed: December 18, 2021
    Date of Patent: July 30, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Murali Krishna Sangubhatla, Shyamshankar Dharmarajan, Guy Lewin
  • Patent number: 12047771
    Abstract: The present disclosure proposes method and systems for establishing secure communication session (s) between a first device and a second device, where the first device operates in a user network and implements a first key exchange protocol for secure communication. The second device is capable of communicating with the first device over a wireless communication network. The second device implements a second key exchange protocol that is different to the first key exchange protocol for secure communication. A proxy entity configured for implementing the first and the second key exchange protocols for secure communication is provided. The proxy entity is configured for generating and/or provisioning one or more session keys for the first and the second devices using the key exchange protocols specific to each device for establishing secure communication between the first and second device based on the generated session key(s).
    Type: Grant
    Filed: December 2, 2019
    Date of Patent: July 23, 2024
    Assignee: NAGRAVISION S.A.
    Inventors: Jean-Bernard Fischer, Frederic Thomas, Fabien Gremaud
  • Patent number: 12045325
    Abstract: The present technology relates to a reception device, a transmission device, and a data processing method that enable a flexible operation of a service using an application that accompanies content. A reception device includes: a reception unit that receives content; an acquisition unit that acquires an application in accordance with acquisition source information indicating an acquisition source of the application accompanying the content, the acquisition source information being included in control information transmitted together with the content; and a control unit that instantly starts the acquired application. The present technology can be applied to a television set capable of receiving digital broadcasts, for example.
    Type: Grant
    Filed: August 30, 2022
    Date of Patent: July 23, 2024
    Assignee: SATURN LICENSING LLC
    Inventors: Yasuaki Yamagishi, Tatsuya Igarashi, Kazuhiko Takabayashi, Jun Kitahara
  • Patent number: 12028377
    Abstract: Methods, systems, and devices supporting active fingerprinting for transport layer security (TLS) servers are described. In some systems, a client device may transmit a same set of client hello messages to each TLS server. The client device may receive a set of server hello messages in response to the standard set of client hello messages based on the contents of each client hello message. For example, a server hello message may indicate a selected cipher suite, TLS protocol version, and set of extensions in response to the specific information included in a client hello message. The client device may generate a hash value (e.g., a fuzzy hash) based on the set of server hello messages received from a TLS server. By comparing the hash values generated for different TLS servers, the client device may determine whether the TLS configurations for the different TLS servers are the same or different.
    Type: Grant
    Filed: July 28, 2022
    Date of Patent: July 2, 2024
    Assignee: Salesforce, Inc.
    Inventors: John Brooke Althouse, Andrew Smart, Randy Nunnally, Jr., Michael Brady, Caleb Yu
  • Patent number: 12015597
    Abstract: An example method performed by one or more processing devices includes: generating encrypted content at a sender device using one or more first keys that are available from a key provider; and outputting the encrypted content to a recipient device over one or more channels; where the key provider enables access, following authorization, by the recipient device to one or more second keys for decrypting the encrypted content; and where an entity that enables the channel is unaffiliated with the key provider.
    Type: Grant
    Filed: September 1, 2021
    Date of Patent: June 18, 2024
    Assignee: BLUERISC, INC.
    Inventor: Csaba Andras Moritz
  • Patent number: 12015721
    Abstract: The method provides for dynamic retrieval of certificates, with remote, secure, and scalable lifecycle management. It enables importing, creating, renewing, rekeying, and retrieving leaf certificates and associated private keys, assigning to registered devices, and acquiring by applications executing on registered devices with device two-factor authentication. It is an agentless method to achieve device protection, application security, and data protection with data authenticity and confidentiality in intra-device, inter-device, device-to-edge, and device-to-cloud secure communications. It helps Transport Layer Security and Internet Key Exchange enabled applications retrieve leaf certificates and the associated private key, and verify certificates, programmatically for certificate-based authentication during protocol handshake, with policy-based authorization of trusted applications.
    Type: Grant
    Filed: October 9, 2023
    Date of Patent: June 18, 2024
    Inventor: Srinivas Kumar
  • Patent number: 11991215
    Abstract: A system and method for self-adjusting cybersecurity analysis and score generation, wherein a reconnaissance engine gathers data about a client's computer network from the client, from devices and systems on the client's network, and from the Internet regarding various aspects of cybersecurity. Each of these aspects is evaluated independently, weighted, and cross-referenced to generate a cybersecurity score by aggregating individual vulnerability and risk factors together to provide a comprehensive characterization of cybersecurity risk using a transparent and traceable methodology. The scoring system itself can be used as a state machine with the cybersecurity score acting as a feedback mechanism, in which a cybersecurity score can be set at a level appropriate for a given organization, and data from clients or groups of clients with more extensive reporting can be used to supplement data for clients or groups of clients with less extensive reporting to enhance cybersecurity analysis and scoring.
    Type: Grant
    Filed: April 12, 2023
    Date of Patent: May 21, 2024
    Assignee: QOMPLX LLC
    Inventors: Jason Crabtree, Andrew Sellers
  • Patent number: 11989322
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media for containment of sensitive data within a communication platform. The system displays a communication interface including a first input section for receiving an input message associated with a sending user account, and a display section for displaying message information received by the sending user account from other user accounts. The system determines a requirement to input sensitive information. The system then displays a sensitive data user interface including second input section for receiving a sensitive message, and an interface control for setting an expiration time value for the sensitive message.
    Type: Grant
    Filed: September 3, 2021
    Date of Patent: May 21, 2024
    Assignee: Zoom Video Communications, Inc.
    Inventors: Shane Springer, Thomas Noble
  • Patent number: 11991214
    Abstract: A system and method for self-adjusting cybersecurity analysis and score generation, wherein a reconnaissance engine gathers data about a client's computer network from the client, from devices and systems on the client's network, and from the Internet regarding various aspects of cybersecurity. Each of these aspects is evaluated independently, weighted, and cross-referenced to generate a cybersecurity score by aggregating individual vulnerability and risk factors together to provide a comprehensive characterization of cybersecurity risk using a transparent and traceable methodology. The scoring system itself can be used as a state machine with the cybersecurity score acting as a feedback mechanism, in which a cybersecurity score can be set at a level appropriate for a given organization, and data from clients or groups of clients with more extensive reporting can be used to supplement data for clients or groups of clients with less extensive reporting to enhance cybersecurity analysis and scoring.
    Type: Grant
    Filed: March 9, 2023
    Date of Patent: May 21, 2024
    Assignee: QOMPLX LLC
    Inventors: Jason Crabtree, Andrew Sellers
  • Patent number: 11968293
    Abstract: Context information of a handshake between a source entity and a target entity is obtained at a security proxy. The context information is transmitted from the security proxy to a key manager. The key manager maintains a first private key of the security proxy. A first handshake message is received from the key manager. The first handshake message is generated at least based on the context information and signed with the first private key. The first handshake message is then transmitted to the target entity.
    Type: Grant
    Filed: November 18, 2020
    Date of Patent: April 23, 2024
    Assignee: International Business Machines Corporation
    Inventors: Wei-Hsiang Hsiung, Chun-Shuo Lin, Wei-Jie Liau, Cheng-Ta Lee
  • Patent number: 11956160
    Abstract: An apparatus includes an input interface to receive incoming packets from a first network device and an output interface to send outgoing packets to a second network device. Media access control security (MACsec) circuitry is coupled between the input interface and the output interface. Bypass flow-control (FC) circuitry is coupled between the input interface and the MACsec circuitry. The bypass FC circuitry is to detect an FC packet in the incoming packets and pass the FC packet passively to the output interface to enable end-to-end flow control directly between the first network device and the second network device.
    Type: Grant
    Filed: June 1, 2021
    Date of Patent: April 9, 2024
    Assignee: Mellanox Technologies, Ltd.
    Inventors: Zachy Haramaty, Liron Mula, Alon Singer, Eduard Kvetny, Aviv Kfir
  • Patent number: 11943347
    Abstract: In an aspect, an integrated tamper resistant device generates initial network credentials for accessing a network, wherein the initial network credentials enable the integrated tamper resistant device to be authenticated by a network solution provider before operational network credentials are provided securely by the network solution provider. The integrated tamper resistant device encrypts the initial network credentials and cryptographically signs the encrypted initial network credentials. The integrated tamper resistant device outputs the encrypted and signed initial network credentials for delivery to the network solution provider.
    Type: Grant
    Filed: March 3, 2020
    Date of Patent: March 26, 2024
    Assignee: QUALCOMM Incorporated
    Inventors: Or Elnekaveh, Ofir Alon, Shlomi Agmon
  • Patent number: 11936690
    Abstract: Techniques and mechanisms for using passively collected network data to automatically generate a fingerprint prevalence database without the need for endpoint ground truth. The process first clusters all observations with the same fingerprint string and similar source and destination context. The process then annotates each cluster with descriptive information and uses a rule-based system to derive an informative name from that descriptive information, e.g., “winnt amp client” or “cross-platform browser”. Optionally, the learned database may be augmented by a user to clarify custom process labels. Additionally, the generated database may be used to report the inferred processes in the same way as databases generated with endpoint ground truth.
    Type: Grant
    Filed: January 10, 2023
    Date of Patent: March 19, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Blake Harrell Anderson, David Arthur McGrew
  • Patent number: 11876787
    Abstract: An apparatus for providing secure communications may include a processor; memory in electronic communication with the processor; an output in electronic communication with the processor; and instructions stored in the memory and executable by the processor to cause the apparatus to store a plurality of encryption protocols; store at least one encryption hopping protocol; select at least one encryption hopping protocol; encrypt the data according to the selected encryption hopping protocol; and transmit data from the output utilizing the selected encryption hopping protocol.
    Type: Grant
    Filed: September 25, 2021
    Date of Patent: January 16, 2024
    Inventors: Richard G. Ries, Ellen M. Mason, Nathanael J. Ries
  • Patent number: 11848961
    Abstract: This disclosure provides for a network element (in the middle) to inject enrichments into SSL connections, and for taking them out. This network element is sometimes referred to herein as a “middle box.” In the context of layered software architecture, this solution preferably is implemented by a library that operates below the SSL layer and above the TCP sockets layer at the two endpoints of the SSL connection. Preferably, the SSL enrichments are implemented as SSL/TLS records.
    Type: Grant
    Filed: February 22, 2021
    Date of Patent: December 19, 2023
    Assignee: Akamai Technologies, Inc.
    Inventor: Mangesh Kasbekar
  • Patent number: 11838428
    Abstract: According to an example aspect of the present invention, there is provided a method comprising: generating a certificate comprising an identifier of a base station, a public key of the base station, and a public key of a terminal; signing the certificate by a signature based on a private key belonging to the public key of the base station; sending the signed certificate to the terminal using an established security association; monitoring whether the base station receives a request for local authentication of the terminal, wherein the request comprises an encrypted certificate unit and a base station identifier; checking whether the base station identifier is the identifier of the base station and, if it is, decrypting the encrypted certificate unit using the private key; and using the public key of the terminal for a communication with the terminal if the certificate unit comprises the signed certificate.
    Type: Grant
    Filed: December 14, 2022
    Date of Patent: December 5, 2023
    Assignee: Nokia Technologies Oy
    Inventors: Peter Schneider, Ranganathan Mavureddi Dhanasekaran
  • Patent number: 11824644
    Abstract: Methods, systems, and devices provide control over resources electronically communicated among computing devices. In some embodiments, a management application identifies multiple entities for communicating electronic content. The management application determines that at least a subset of the entities required for communicating the electronic content is available for electronic communication. The management application authorizes communication of at least some of the electronic content among the entities in response to determining that the required subset of entities is available for electronic communication.
    Type: Grant
    Filed: February 10, 2017
    Date of Patent: November 21, 2023
    Assignee: AirWatch, LLC
    Inventors: Erich Stuntebeck, John Dirico
  • Patent number: 11818569
    Abstract: Some methods in a wireless communication network may include providing a first authentication key, and deriving a second authentication key based on the first authentication key, with the second authentication key being associated with the wireless terminal. Responsive to deriving the second authentication key, a key response message may be transmitted including the second authentication key and/or an EAP-Finish/Re-auth message. Some other methods in a wireless communication network may include receiving a key response message including a core network mobility management authentication key and an EAP-Finish/Re-auth message. Responsive to receiving the key response message, the network may initiate transmission of an EAP-Finish/Re-auth message and/or a freshness parameter used to derive the core network mobility management authentication key from the wireless communication network to the wireless terminal responsive to the key response message. Related wireless terminal methods are also discussed.
    Type: Grant
    Filed: October 10, 2017
    Date of Patent: November 14, 2023
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventor: Monica Wifvesson
  • Patent number: 11812263
    Abstract: Methods and apparatus for securely storing, using and/or updating credential information, e.g., passwords and user IDs for a user who subscribes to one or more services, e.g., video stream services or other services available through a communications network such as the Internet, are described.
    Type: Grant
    Filed: March 9, 2021
    Date of Patent: November 7, 2023
    Assignee: CHARTER COMMUNICATIONS OPERATING, LLC
    Inventors: Mark Reimer, Douglas Melroy
  • Patent number: 11812257
    Abstract: This disclosure provides systems, methods, and apparatuses for wireless communication performed by a wireless communication device. An example wireless communication device includes an access point (AP) multi-link device (MLD). The AP MLD transmits a beacon frame to a wireless station (STA) MLD, the beacon frame including a plurality of AP medium access control (MAC) addresses of respective APs belonging to the AP MLD. The AP MLD receives an association request from the STA MLD, the association request including a plurality of STA MAC addresses of respective STAs belonging to the STA MLD. The AP MLD generates, during a handshake operation with the STA MLD, one or more encryption keys configured to encrypt communications between the AP MLD and the STA MLD. The AP MLD verifies the plurality of STA MAC addresses based at least in part on the one or more encryption keys.
    Type: Grant
    Filed: March 2, 2021
    Date of Patent: November 7, 2023
    Assignee: QUALCOMM Incorporated
    Inventors: Sai Yiu Duncan Ho, Jouni Kalevi Malinen, George Cherian, Alfred Asterjadhi, Abhishek Pramod Patil
  • Patent number: 11792172
    Abstract: Techniques for providing privacy features in communication systems are provided. For example, a message may be provided from user equipment to an element or function in a communication network that comprises one or more privacy indicators, where privacy features for processing the message are determined based on the privacy indicators. The message may comprise an attach request comprising a subscription identifier for a subscriber associated with the user equipment, with the privacy indicators comprising a flag indicating whether the subscription identifier in the attach request is privacy-protected. As another example, the element of function in the communication network may determine privacy features supported by the communication network and generate and send a message to user equipment comprising one or more privacy indicators selected based on the determined privacy features.
    Type: Grant
    Filed: October 26, 2017
    Date of Patent: October 17, 2023
    Assignee: NOKIA TECHNOLOGIES OY
    Inventors: Suresh P. Nair, Anja Jerichow, Annett Seefeldt
  • Patent number: 11777974
    Abstract: A network connection between a server group of a data intake and query system and each of one or more source network nodes is established. Source data at the server group is received from at least one of the one or more source network nodes via the respective network connections and transformed, by the indexer server, to timestamped data entries of machine data. A model management server detects data constraints for a security model that include a data element used by the security model and an availability requirement set. Using the timestamped data entries, the data constraints are validated, and the validation used to determine a data availability assessment of the security model.
    Type: Grant
    Filed: February 24, 2022
    Date of Patent: October 3, 2023
    Assignee: Splunk Inc.
    Inventors: Marios Iliofotou, Bo Lei, Essam Zaky, Karthik Kannan, George Apostolopoulos, Jeswanth Manikonda, Sitaram Venkatraman
  • Patent number: 11758475
    Abstract: A method for network selection on a user equipment (UE) device and the UE device are shown. The user equipment device registers on a first network in a wide area cellular network (WACN) band and receives, from a wireless local area network (WLAN), a list of WACNs that support generic access network (GAN) capabilities. The user equipment device selects the WLAN if the first network is on the list.
    Type: Grant
    Filed: April 5, 2022
    Date of Patent: September 12, 2023
    Assignee: BlackBerry Limited
    Inventors: Adrian Buckley, George Baldwin Bumiller
  • Patent number: 11743300
    Abstract: A method of establishing a secure communication channel between a first communication device and a second communication device. The secure communication channel is defined by one or more algorithm options and the one or more algorithm options are associated with one of one or more option categories. The method includes receiving a signal representing one or more selections. The method further includes, for the respective option categories, generating a sorted list of algorithm options based on the received selections and generating a security association proposal including one or more of the algorithm options from the respective sorted lists of algorithm options. The security association proposal is generated based on an order in the sorted list of algorithm options. The method further includes transmitting the security association proposal to the second communication device for establishing the secure communication channel.
    Type: Grant
    Filed: October 14, 2021
    Date of Patent: August 29, 2023
    Assignee: BlackBerry Limited
    Inventors: Chang Fung Yang, Jason Songbo Xu
  • Patent number: 11716195
    Abstract: The present application describes a method, system, and non-transitory computer-readable medium for exchanging encrypted communications using hybrid encryption. According to the present disclosure, a first device receives an encrypted communication from a second device. The encrypted communication includes a first encrypted secret, a second encrypted secret, a first signature, and a second signature. The first device verifies the first signature and the second signature, and, when the first and second signatures are valid, decrypts the first encrypted secret using a first encryption algorithm and the second encrypted secret using a second encryption algorithm. The first device combines the first decrypted secret and the second decrypted secret to recover a first communication and provides the first communication to a user of the first device.
    Type: Grant
    Filed: October 22, 2020
    Date of Patent: August 1, 2023
    Assignee: Amazon Technologies, Inc.
    Inventor: Joël Alwen
  • Patent number: 11688194
    Abstract: A method of authenticating an identity document based on an extraction, by analysis of an image acquired of the identity document, of candidate information representative of the appearance of a photograph such as depicted in the acquired image and optically readable data as depicted in the acquired image.
    Type: Grant
    Filed: April 22, 2020
    Date of Patent: June 27, 2023
    Assignee: IDEMIA IDENTITY & SECURITY FRANCE
    Inventor: Sébastien Bahloul
  • Patent number: 11677757
    Abstract: A method for identifying malicious encrypted network traffic associated with a malware software component communicating via a network, the method including, for the malware, a portion of network traffic including a plurality of contiguous bytes occurring at a predefined offset in a network communication of the malware; extracting the defined portion of network traffic for each of a plurality of disparate encrypted network connections for the malware; training an autoencoder based on each extracted portion of network traffic, wherein the autoencoder includes: a set of input units each for representing information from a byte of an extracted portion; output units each for storing an output of the autoencoder; and a set of hidden units smaller in number than the set of input units and each interconnecting all input and all output units with weighted interconnections, such that the autoencoder is trainable to provide an approximated reconstruction of values of the input units at the output units; selecting a set
    Type: Grant
    Filed: March 26, 2018
    Date of Patent: June 13, 2023
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, George Kallos
  • Patent number: 11665161
    Abstract: An identity server authenticates a first user identity for a user device through a first authentication exchange as part of a passwordless authentication system. The identity server registers with a relying party as an authenticator for a second user identity. The identity server initiates a second authentication exchange by obtaining from the relying party, a credential request associated with the second user identity. Responsive to a determination that the first user identity authenticated in the first authentication exchange is authorized to act as the second user identity, the identity server obtains a credential request response authenticated by the authenticator in the identity server. The identity server completes the second authentication exchange by providing the credential response to the relying party. The second authentication exchange authenticates the user device to the relying party without involving the user device.
    Type: Grant
    Filed: June 18, 2019
    Date of Patent: May 30, 2023
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Eldridge Lee Alexander, James Leslie Barclay, Nicholas James Mooney, Mujtaba Hussain
  • Patent number: 11652647
    Abstract: In an authentication system (120) of an organization that is another organization different from a first organization that a first user belongs to, a management device (200) accepts a registration transaction for a client certificate of the first user. Then, the management device registers the client certificate of the first user in a client certificate blockchain. When the first user accesses a service of another organization from a user terminal of the first organization, an authentication device (300) authenticates the first user using the client certificate of the first user in the client certificate blockchain.
    Type: Grant
    Filed: August 11, 2020
    Date of Patent: May 16, 2023
    Assignee: Mitsubishi Electric Corporation
    Inventors: Masaya Honjo, Mitsuhiro Matsumoto
  • Patent number: 11637774
    Abstract: A service routing packet processing method, apparatus and system. The method includes obtaining, by a first service router (SR), a first service routing packet, where the first service routing packet includes path identification information and identification information of a service node (SN), and sending, by the first SR, the first service routing packet to the SN.
    Type: Grant
    Filed: November 25, 2020
    Date of Patent: April 25, 2023
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Lehong Niu
  • Patent number: 11606390
    Abstract: In some examples, a system includes a router device and a first adapter device in communication with the router device. The first adapter device includes processing circuitry configured to: communicate with the router device, wherein the router device is incapable of communicating in accordance with the MACsec protocol. The processing circuitry is further configured to establish an encrypted connection in accordance with the MACsec protocol between the first adapter device and a remote device, determine that the encrypted connection is offline, and output a message to the router device that the encrypted connection is offline. The router device is configured to communicate with the remote device via a second adapter device configured to communicate in accordance with the MACsec protocol and bypass the first adapter device.
    Type: Grant
    Filed: March 30, 2021
    Date of Patent: March 14, 2023
    Assignee: Juniper Networks, Inc.
    Inventors: Gert Grammel, Ajay Kachrani, Hao Wang
  • Patent number: 11601716
    Abstract: A system and method for notifying client devices in a subscriber account that the account is undersubscribed and no further client devices can stream media content until other client devices are no longer actively streaming media content is disclosed herein. The method comprises receiving a request to receive and play the media content from a requesting client device, the requesting client device being one of a plurality of client devices enabled to receive media content according to a subscriber account and determining if the subscriber account is undersubscribed; if the subscriber account is not undersubscribed. If the subscriber account is not undersubscribed, initiating transmission of the media content, and if the subscriber account is undersubscribed, information is transmitted to the requesting client device, the information including data indicating the subscriber account is undersubscribed without initiating the transmission of the media content.
    Type: Grant
    Filed: March 3, 2021
    Date of Patent: March 7, 2023
    Assignee: ARRIS Enterprises LLC
    Inventors: Nithin Raj Kuyyar Ravindranath, Sandeep Guddeokoppa Suresh, Vinod Jatti, Kiran Tovinkere Srinivasan
  • Patent number: 11595444
    Abstract: A method for dynamically establishing a communication path for a requestor by assessing an authenticity of the requestor and a communication request is provided. The method may include, in response to receiving the communication request, dynamically determining whether to establish a communication path for the requestor to a destination though a communication network by assessing the requestor based on one or more authentication rules, wherein the one or more authentication rules are based on first information associated the communication network, second information about the requestor, and third information from the requestor. The method may further include, in response to determining that the requestor satisfies the one or more authentication rules, dynamically establishing the communication path for the requestor on the communication network according to one or more communication attributes associated with the requestor.
    Type: Grant
    Filed: December 3, 2020
    Date of Patent: February 28, 2023
    Assignee: International Business Machines Corporation
    Inventors: Gina Renee Howard, Charles Steven Lingafelt, John E. Moore, Jr., Andrew R. Jones
  • Patent number: 11569986
    Abstract: A device may receive client cipher information, associated with initiating a secure session, identifying at least one key exchange cipher supported by a client device associated with the secure session. The device may determine, based on the client cipher information, that a Diffie-Hellman key exchange is to be used to establish the secure session. The device may determine whether a server device, associated with the secure session, supports use of the Diffie-Hellman key exchange. The device may manage establishment of the secure session using a first decryption technique based on determining that the server device does not support the use of the Diffie-Hellman key exchange, or manage establishment of the secure session using a second decryption technique based on determining that the server device supports the use of the Diffie-Hellman key exchange or being unable to determine whether the server device supports the use of the Diffie-Hellman key exchange.
    Type: Grant
    Filed: February 12, 2018
    Date of Patent: January 31, 2023
    Assignee: Juniper Networks, Inc.
    Inventors: Rajeev Chaubey, Venkata Rama Raju Manthena
  • Patent number: 11563823
    Abstract: Devices and methods for device connectivity management are disclosed. According to one embodiment, a system for device connectivity management may include a plurality of client devices, each client device supporting a plurality of communication channels; and a broker in communication with each of the client devices over each supported communication channel, the broker comprising at least one computer processor. Each client may send a subscription message to the broker over each supported communication channel. The broker may send each subscribed client a keep alive message over each subscribed supported communication channel, and may broker publish a status message to each subscribed client over each subscribed supported communication channel for a non-responding client. One of the plurality of clients may execute an action in response to the status message.
    Type: Grant
    Filed: November 27, 2019
    Date of Patent: January 24, 2023
    Assignee: VERIFONE, INC.
    Inventors: Ciarán MacAonghusa, Aidan Totterdell
  • Patent number: 11562093
    Abstract: A method, system, and computer-readable storage medium are disclosed for identifying binary signatures in a selected set of files and assigning at least one of the binary signatures to a file format name or file format type for use in a security policy generator. In certain embodiments, the method for generating an electronic security policy for a file format type, includes: identification of a plurality of files stored in electronic memory, where the plurality of files include files having the same file format type; providing a file format name that is to be associated with the file format type; accessing the plurality of files from the electronic memory; identifying a common binary signature for the file format type included in the plurality of files; correlating the file format type with the common binary signature; and generating the security policy for the file format type using the file format name.
    Type: Grant
    Filed: March 6, 2019
    Date of Patent: January 24, 2023
    Assignee: Forcepoint LLC
    Inventor: Amit Nitzan
  • Patent number: 11546368
    Abstract: A method performed by a security system that can analyze a vulnerability or a risk applicable to a network entity to identify a cybersecurity threat and associated risk level. The security system can store indications of cybersecurity threats and risk levels in a database of a Domain Name System (DNS). The security system can monitor and resolve network traffic to determine IP addresses or URLs associated with the cybersecurity threats. The security system stores a map of the cybersecurity threats and IP addresses or URLs such that the security system can protect a network entity by processing network traffic to sources or destinations of network traffic that can harm particular network entities, and execute personalized security procedures to protect the network entities.
    Type: Grant
    Filed: September 28, 2020
    Date of Patent: January 3, 2023
    Assignee: T-Mobile USA, Inc.
    Inventor: Venson Shaw
  • Patent number: 11540336
    Abstract: A management method is described, the method implemented by a transmission device capable of communicating via a first wireless with a gateway device forming a node of a telecommunication network and configured to communicate with at least one server of the network via the gateway device. The method can include establishing a secure communication session with a terminal included in a list of terminals for which the transmission device has obtained management data. The method can also include receiving via the first communication link a request to end the management of the terminal, and removing the terminal from the list following the receipt of the request. A transmission device which can be used to implement the management method is also described.
    Type: Grant
    Filed: November 29, 2018
    Date of Patent: December 27, 2022
    Assignee: ORANGE
    Inventors: Quentin Lampin, Dominique Barthel
  • Patent number: 11533603
    Abstract: Methods, systems, and devices for wireless communications are described. A first user equipment (UE), such as a pedestrian UE, may perform a discovery procedure with a second UE in a vehicle-to-everything (V2X) wireless communications environment that includes multiple other UEs in addition to the first UE and the second UE. The second UE may, for example, be a roadside UE configured to aggregate V2X messages for the first UE. The first UE may determine, based on performing the discovery procedure, a schedule for the first UE to use to receive bundled V2X messages from the second UE. The first UE may receive, from the second UE based on the determined schedule, a message indicating bundled information from multiple V2X messages received at the second UE from the multiple UEs.
    Type: Grant
    Filed: October 8, 2020
    Date of Patent: December 20, 2022
    Assignee: Qualcomm Incorporated
    Inventors: Hong Cheng, Kapil Gulati, Junyi Li, Sudhir Kumar Baghel, Dan Vassilovski
  • Patent number: 11526633
    Abstract: A media exfiltration authorization system is provided. A computer device receives a request from an application on a remote device, wherein the request is to store data on an external storage device. The computing device validates that the application is running in protected space on the remote device and includes an established unique identifier. The computing device generates an encryption key for the external storage device based, at least in part, on the validating. The computing device sends the encryption key to the application with authorization for the application to reformat the external storage device, store the requested data on the external storage device, and encrypt the external storage device using the encryption key.
    Type: Grant
    Filed: August 27, 2020
    Date of Patent: December 13, 2022
    Assignee: Kyndryl, Inc.
    Inventors: John J. Auvenshine, Joseph Dawson Davis, III, Khwaja Jawahar Jahangir Shaik