Protection At A Particular Protocol Layer Patents (Class 713/151)
  • Patent number: 9749552
    Abstract: Methods, systems, and apparatuses are described for automatic identification and mapping of consumer electronic devices to ports on an HDMI switch. A device that is connected to an HDMI switch is identified based on data received over an HDMI connection, and ports on the HDMI switch are automatically mapped and configured. Methods, systems, and apparatuses are described for back-end database creation for automatic identification and mapping of consumer electronic devices to ports on an HDMI switch. The back-end database may be created by the based on video and audio signatures received from a consumer electronic device and based on remote control information and signatures.
    Type: Grant
    Filed: November 18, 2015
    Date of Patent: August 29, 2017
    Assignee: Caavo Inc
    Inventors: Vinod Gopinath, Sharath Hariharpur Satheesh, Neha Mittal, Siddharth Kumar, Bitto Niclavose, Ashish Aggarwal
  • Patent number: 9741073
    Abstract: In one example embodiment, a method for optimizing aggregation routing over a network may include detecting that aggregated account data is unavailable over a network from a first data aggregator server, detecting that the aggregated account data is available over the network from a second data aggregator server, formatting a request for the aggregated account data to be compatible with the second data aggregator server, routing the formatted request over the network to the second data aggregator server, and receiving the requested aggregated account data over the network from the second data aggregator server.
    Type: Grant
    Filed: June 6, 2016
    Date of Patent: August 22, 2017
    Assignee: MX Technologies, Inc.
    Inventor: John Ryan Caldwell
  • Patent number: 9716746
    Abstract: A system and method for achieving Business Continuity and Application Continuity with the system comprising one or more resources of multiple end users or service providers logically connected to one or more cloud infrastructures wherein the collection of resources forms a Continuity Grid or a part of Continuity Grid or sub Grid for which continuity is needed and wherein the Continuity Grid or part of continuity grid or sub Grid are paired with the Continuity Peer Grids located in the same or different cloud infrastructures to satisfy continuity requirements of the Continuity Grid or part of Continuity Grid or sub Grid.
    Type: Grant
    Filed: July 28, 2014
    Date of Patent: July 25, 2017
    Assignee: Sanovi Technologies Pvt. Ltd.
    Inventors: Devendra Garg, Vinodraj Kuppuswamy, Adarsh Holavanhalli
  • Patent number: 9716701
    Abstract: An endpoint computer includes a local client that transmits web traffic to a local proxy that also runs on the endpoint computer. The local proxy obtains a customer identity string that identifies a user of the local client as a paying customer of an SaaS scanning service provided by an SaaS scanning system. The local proxy inserts the customer identity string into the web traffic and thereafter transmits the web traffic to the SaaS scanning system, which authenticates the customer identity string before scanning the web traffic for web threats. The local client transmits the web traffic to the local proxy using a communication protocol and the local proxy can transmit the web traffic to the SaaS scanning system using the same or different communication protocol.
    Type: Grant
    Filed: March 24, 2015
    Date of Patent: July 25, 2017
    Assignee: Trend Micro Incorporated
    Inventors: Lei Wang, Bin Shi, Dan Tan, Liulin Yang
  • Patent number: 9703534
    Abstract: A system includes a data store storing information identifying multiple functions and corresponding unique identifiers. Each of the functions corresponds to external functionality available from third party applications. The system receives a selection from an application developer of a function to supplement functionality of an application under development. The system provides a software object to the application developer for incorporation into a state of the application. The software object includes instructions for extracting text from the state and preparing a query wrapper including the corresponding unique identifier of the function and the extracted text. The instructions receive a result set, including an item that includes an identifier of a target application and an access mechanism for a specified state of the target application. The instructions display the item and, in response to user selection of the item, actuate the access mechanism to open the target application to the specified state.
    Type: Grant
    Filed: April 9, 2015
    Date of Patent: July 11, 2017
    Assignee: Quixey, Inc.
    Inventors: Jonathan Ben-Tzur, Eric Chen, Taher Savliwala
  • Patent number: 9697009
    Abstract: In a method for improving the performance of a computer system by releasing computer resources, a list P of programs installed on a computer system is determined. All relevant extension points EP of the computer system are searched for registered entries. A list A of automatically starting programs is generated by assigning the registered entries at the relevant extension points EP to the installed programs, respectively. The list A of the automatically starting programs is compared with a list S of system-required programs and a list V of used programs. Programs that are not system-required and programs that have not been used for a longer period of time are deactivated and computer resources that have been used by the deactivated programs are released. The deactivation of programs can be done by the user or automatically and can be cancelled when necessary.
    Type: Grant
    Filed: March 18, 2015
    Date of Patent: July 4, 2017
    Assignee: AVG Netherlands B.V.
    Inventors: Yuval Ben-Itzhak, Tibor Schiemann
  • Patent number: 9699114
    Abstract: A method, computer program product, and system performing a method that includes a processor(s) of a local/private computing system (LPCS) receiving, via a public computing system and a communication network, on behalf of a user of the public computer system, a request to use computing resource(s) belonging to the LPCS. The processor(s) determine a set of usage parameters comprising a first usage limitation, with the first usage limitation including a first limitation type and first limitation value, and with the first usage limitation defining a limit on usage of the computing resource(s) on behalf of the user. The processor(s) receives, via the public computing system and the communication network, a workload of the user. The processor(s) processes the workload, which includes the processor limiting, by machine logic, usage of the resources(s), on behalf of the user, in accordance with the usage parameters.
    Type: Grant
    Filed: October 27, 2016
    Date of Patent: July 4, 2017
    Assignee: International Business Machines Corporation
    Inventors: Gregory R. Hintermeister, Matthew G. Kelm, Christopher E. Sharp, Jason B. Smith
  • Patent number: 9699158
    Abstract: A method of identifying and authenticating a network user includes receiving a first network layer packet from a first user entity. The first network layer packet may include first unique identification information unique to the first user entity and independent of a first network address associated with the first network layer packet. The method further includes verifying, at a network layer of a network, that the first network layer packet is from the first user entity based on the first unique identification information.
    Type: Grant
    Filed: September 21, 2012
    Date of Patent: July 4, 2017
    Inventor: Russell S. Goodwin
  • Patent number: 9680810
    Abstract: Techniques are disclosed for authorization of devices entering a network. A new device entering a network sends an authorization request. Another device in the network may receive the request and prompt the user to approve the device. The user can use a device identifier provided by the new device in approving the new device. Assuming the identifier provided by the new device matches an identifier accessible by the authorizing device, the user authorizes the new device. A key is then generated for the new device, which allows access to an appropriate range of network services. Authorization decisions can be synchronized among the various devices in a network, so even if an authorizing device leaves the network, the new device key can be validated. A security service can be replicated in a new device once the device is authorized to access the network.
    Type: Grant
    Filed: January 29, 2013
    Date of Patent: June 13, 2017
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Mark Gilbert, Ron J. Mevissen
  • Patent number: 9674213
    Abstract: A system, method, and computer program product for implementing a phishing assessment of a target computer network that includes a phishing assessment platform for generating parameters for the phishing assessment; generating the phishing assessment parameters includes identifying a target domain name for the phishing assessment; identifying a pseudo domain name based on the target domain name; generating a pseudo web page using one or more features and attributes of an entity; and implementing the phishing assessment using the pseudo domain name and pseudo web page.
    Type: Grant
    Filed: October 28, 2016
    Date of Patent: June 6, 2017
    Assignee: Duo Security, Inc.
    Inventor: Jon Oberheide
  • Patent number: 9665236
    Abstract: A user configurable interface view can be generated for a media device or other information handling system that is independent of any interface views defined by media content providers. Generating the user configurable interface view includes identifying content data streams that are included in user interface views defined by the media content providers and then selecting a desired subset of the data content streams. The selected data content streams are then aggregated and the user configurable interface view is generated. The resulting user interface view will be independent of any interface views defined by the media content providers.
    Type: Grant
    Filed: September 25, 2014
    Date of Patent: May 30, 2017
    Assignee: Dell Products L.P.
    Inventors: Arthur Anthonie van Hoff, Mark Andrew Ross, Timothy Bucher
  • Patent number: 9668133
    Abstract: A telematics system that includes a security controller is provided. The security controller is responsible for ensuring secure access to and controlled use of resources in the vehicle. The security measures relied on by the security controller can be based on digital certificates that grant rights to certificate holders, e.g., application developers. In the case in which applications are to be used with vehicle resources, procedures are implemented to make sure that certified applications do not jeopardize vehicle resources' security and vehicle users' safety. Relationships among interested entities are established to promote and support secure vehicle resource access and usage. The entities can include vehicle makers, communication service providers, communication apparatus vendors, vehicle subsystem suppliers, application developers, as well as vehicle owners/users.
    Type: Grant
    Filed: August 5, 2015
    Date of Patent: May 30, 2017
    Assignee: Cellport Systems, Inc.
    Inventor: Patrick J. Kennedy
  • Patent number: 9667646
    Abstract: Techniques for maintaining dynamic configuration information of a multi-host off-cluster service on a cluster are described. An apparatus may comprise a dynamic configuration validation service component to execute to execute a dynamic configuration validation service for scanning files in a cluster of nodes. The dynamic configuration validation service component operative to validate a scanner version for each one of multiple scanners for scanning a file in a cluster of nodes, maintain the scanner version in a list of valid scanner versions for the multiple scanners, and scan the file by one of the one of multiple scanners having the scanner version contained in the list of the valid scanner versions.
    Type: Grant
    Filed: February 12, 2015
    Date of Patent: May 30, 2017
    Assignee: NetApp, Inc.
    Inventors: Mark Muhlestein, Rajesh Jaiswal, Sunil Bhargo, Mankawaldeep Singh
  • Patent number: 9652621
    Abstract: An electronic transmission system and method for converting and transmitting transmissions to provide secure communication between a plurality of users and protect or secure content of each transmission by preventing unauthorized individuals from capturing and viewing or hearing the transmitted content in its entirety. The electronic transmission system breaks a transmission apart into a random plurality of pieces and randomly transmits each piece separately to a plurality of remote servers. If an unauthorized party tries to intercept and access an electronic transmission, they will not be able to capture the entire transmission and will not be able to recompile its actual content, but rather misleading content. A password or other suitable authentication requirement(s) authenticates the intended recipient and allows the original pieces to be retrieved and re-compiled for viewing or hearing.
    Type: Grant
    Filed: May 15, 2015
    Date of Patent: May 16, 2017
    Inventors: Michael E. Johnson, Kenneth L. Wilson
  • Patent number: 9642112
    Abstract: A system is disclosed for tracking assets in a facility. The system may have at least one asset having a service processor containing identification information which uniquely identifies the at least one asset among a group of assets. The at least one asset may further have a module for reporting the identification information to a gateway device. A data center infrastructure management system may be used which is in communication with the gateway device for receiving the identification information. The identification information may subsequently be used with an asset tracking system.
    Type: Grant
    Filed: October 11, 2013
    Date of Patent: May 2, 2017
    Assignee: Avocent Huntsville, LLC
    Inventor: Mario Costa
  • Patent number: 9621523
    Abstract: Embodiments are directed to sharing secure communication secrets with a network monitoring device (NMD). The NMD may passively monitor network packets communicated between client computers and server computers. If a secure communication session is established between a client computer and a server computer, a key provider may provide the NMD a session key that corresponds to the secure communication session. The NMD may buffer each network packet associated with the secure communication session until the NMD is provided a session key for the secure communication session. The NMD may use the session key to decrypt network packets communicated between the client computer and the server computer. The NMD may then proceed to analyze the secure communication session based on the contents of the decrypted network packets.
    Type: Grant
    Filed: May 9, 2016
    Date of Patent: April 11, 2017
    Assignee: ExtraHop Networks, Inc.
    Inventors: Jesse Abraham Rothstein, Benjamin Thomas Higgins, Brian David Hatch
  • Patent number: 9614816
    Abstract: A system performs tunneling for real-time communications (“RTC”). The system establishes an unencrypted tunnel between a tunneling server and a user equipment (“UE”). Upon establishing the unencrypted tunnel, the UE creates a socket on the unencrypted tunnel. The system determines that the socket requires encrypted RTC, and establishes an encrypted tunnel between the tunneling server and the UE. Upon establishing the encrypted tunnel, the UE moves the socket from the unencrypted tunnel to the encrypted tunnel, and the system performs the encrypted RTC via the socket over the encrypted tunnel.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: April 4, 2017
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventor: Rolando Herrero
  • Patent number: 9602330
    Abstract: Techniques are disclosed for dividing a TCP handshake into multiple parts, in a system comprising an edge device, an intermediary computing node, and a destination computing node. A client sends a TCP SYN packet to the edge device, to establish a TCP connection with the destination computing node. The edge device performs the handshake, and then forwards an ACK packet to the intermediary computing node. The intermediary computing node uses that ACK packet to generate a second SYN packet, and uses that SYN packet to perform a TCP handshake with the destination computing node. Then, TCP sequence numbers are converted between what is expected by the client and destination in packets sent between the two.
    Type: Grant
    Filed: May 23, 2013
    Date of Patent: March 21, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: Andrew Bruce Dickinson, Kirk Arlo Petersen
  • Patent number: 9596282
    Abstract: A delivery managing device to which a plurality of terminals are connected through a network includes a creating unit that creates display information based on operation information indicating an operation input accepted by a terminal; a converting unit that converts the display information into video information; and a delivery unit that delivers the video information to a terminal. When non-public operation information is received from a terminal, the non-public operation information indicating operation information not to be published to another terminal, the delivery unit delivers video information that is converted from display information not based on the non-public operation information, to the other terminal.
    Type: Grant
    Filed: September 4, 2014
    Date of Patent: March 14, 2017
    Assignee: RICOH COMPANY, LTD.
    Inventors: Masahiro Kuwata, Kiyoshi Kasatani
  • Patent number: 9591608
    Abstract: Disclosed are methods and systems for enabling a Home Node B (HNB) to discover the positioning capabilities of an HNB Gateway (HNB GW) in supporting particular positioning operations associated with transporting Positioning Calculation Application Part (PCAP) messages between the HNB and a standalone serving mobile location center (SAS).
    Type: Grant
    Filed: January 29, 2015
    Date of Patent: March 7, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Luis Fernando Brisson Lopes, Stephen William Edge, Ozcan Ozturk
  • Patent number: 9590809
    Abstract: A method for operating a mobile device, not assigned to a motor vehicle, via an electronic device with a display and operator control device of the motor vehicle is made available. The program has program parts for a user interface and for operator control sequences which are assigned a digital certificate. The user interface comprises fixed areas for displaying variable contents. The program parts are transmitted together with the digital certificate to the electronic device of the motor vehicle and are carried out when the certificate is successfully checked. The transmission of data without protection by a digital certificate is restricted to the variable contents for display in the fixed areas of the user interface.
    Type: Grant
    Filed: January 23, 2014
    Date of Patent: March 7, 2017
    Assignee: Volkswagen Aktiengesellschaft
    Inventors: Fabian Hueger, Helge Neuner, Michael Mirtschink
  • Patent number: 9582386
    Abstract: A method and system for securing continued operation of a primary cloud-based computing environment (CBCE) residing in a first cloud environment are disclosed. The system comprises gathering information respective of the primary CBCE; storing the gathered information in a storage space, wherein the gathered information substantially provides a baseline to initiate the creation of a reconstructed CBCE upon a need to recreate the primary CBCE; updating the gathered information with new information gathered respective of changes to the primary CBCE; receiving a periodic status notification from the primary CBCE; and initiating a reconstruction of the primary CBCE in the second cloud environment responsive to the status notification requesting one of: a reconstruction request and failure of the primary CBCE.
    Type: Grant
    Filed: March 11, 2014
    Date of Patent: February 28, 2017
    Assignee: CloudEndure, Ltd.
    Inventors: Ofer Gadish, Leonid Feinberg, Ofir Ehrlich, Gil Shai
  • Patent number: 9563459
    Abstract: A diagnostic virtual machine having access to resources of an infrastructure as a service cloud may be created. A user device may be provided access to the diagnostic virtual machine. In some embodiments, the diagnostic virtual machine may be configured to monitor a cluster of hypervisors, and the resources of the infrastructure as a service cloud which the diagnostic virtual machine has access to may include physical resources of the infrastructure as a service cloud that are associated with the cluster of hypervisors.
    Type: Grant
    Filed: March 17, 2015
    Date of Patent: February 7, 2017
    Assignee: Citrix Systems, Inc.
    Inventors: Chiradeep Vittal, Alex Huang, Kevin Kluge
  • Patent number: 9560173
    Abstract: A computer implemented method receives a client request message to initiate a network connection. In response to the client request, the method generates a key to represent the client request. The key is generated independent of information provided in the client request message and is generated to correspond to a desired address in a data structure used to track client request message. The method then enters the generated key at the desired address in the data structure and transmits a response message that includes the key back to the client. The network connection between the client and the computer system is established according to the key.
    Type: Grant
    Filed: October 22, 2013
    Date of Patent: January 31, 2017
    Assignee: VMware, Inc.
    Inventor: Akshay Kumar Sreeramoju
  • Patent number: 9549318
    Abstract: Systems and methods for enabling a computing device to be registered and authorized for network access, while deferring device hardware address capture until a later time. Subsequently, when the computing device connects to a network location at which the hardware address can be detected registration and authorization can be fully completed. In some cases, the subsequent completion can be performed automatically and without user intervention.
    Type: Grant
    Filed: October 10, 2013
    Date of Patent: January 17, 2017
    Assignee: SHAW CABLESYSTEMS G.P.
    Inventors: Christian Saunders, Ron Angerame
  • Patent number: 9537878
    Abstract: Coupling circuitry couples a network to a host. The host operating system is configured for transfer of data between the host and at least one peer via the network using at least one stateful connection to a peer according to a connection-oriented protocol. The coupling circuitry processes received connection attempt indications by attempting to establish a stateful connection to an indicated peer. For a genuine attempt by a peer to establish a stateful connection with the host, the coupling circuitry interoperates with the peer to perform establishment-phase protocol processing of the attempted stateful connection. For each of the established stateful connections, the coupling circuitry operates to cause a state of that established stateful connection to be provided from the coupling circuitry to the host, wherein the operating system of the host handles data transfer phase protocol processing of that established stateful connection.
    Type: Grant
    Filed: December 12, 2014
    Date of Patent: January 3, 2017
    Assignee: Chelsio Communications, Inc.
    Inventors: Asgeir Thor Eiriksson, Chandrasekhar Srinivasaiah, Wael Noureddine
  • Patent number: 9538372
    Abstract: When a first device receives an indication to establish a communication with a second device, a feature character string is generated. The first device is associated with a first public key and a first private key. The second device is associated with a second public key and a second private key. The second public key of the second device is obtained. The second public key is used to encrypt the feature character string. A first identification of the first device is at least partly based on the encrypted feature character string and is published. When the feature character string is obtained after decryption, the first public key of the first device is obtained. The second identification is an identification encrypted by the first public key. In response to a determination that the feature character string is obtained after decryption of the second identification, the communication between the first device and the second device is established.
    Type: Grant
    Filed: February 25, 2015
    Date of Patent: January 3, 2017
    Assignee: Alibaba Group Holding Limited
    Inventor: Zhiguo Li
  • Patent number: 9533213
    Abstract: A web-based scoring system for golf tournaments utilizes web-enabled mobile devices for entering scores. The system provides a streamlined scoring process that leverages modern technology using only web browsers on the mobile devices. The system handles all authentications and scorer positioning in the tournament using URL/hyperlinks entered on the mobile devices. The system does not require a special scoring application to be loaded to the mobile devices.
    Type: Grant
    Filed: November 5, 2013
    Date of Patent: January 3, 2017
    Inventor: Chris M. Clark
  • Patent number: 9532225
    Abstract: A role-based access control method and/or system permits end users to securely pair their mobile devices via a pairing apparatus with one or more instruments to, for example, remotely monitor operations of the instruments. In an embodiment, the process includes a pairing apparatus receiving a pairing request from an instrument including a unique access code, and receiving a pairing request from an end user mobile device that includes an end user mobile device identifier and an access code. If the unique access code matches the end user's access code, then the end user mobile device identifier is added to a security group and a successful pairing message is transmitted to at least one of the instrument and the end user mobile device.
    Type: Grant
    Filed: June 12, 2014
    Date of Patent: December 27, 2016
    Assignee: General Electric Company
    Inventors: Patricia Denise MacKenzie, Lennart Bjorkesten, Shaopeng Liu, Viktor Holovashchenko, David Smith, Erik Nils Patrik Franzen
  • Patent number: 9526990
    Abstract: Various metrics as may be deployed in an active, passive, or hybrid validation architecture are disclosed. A computing device configured to monitor network game activity may identify an inconsistency between user game data and a particular game metric governing a particular aspect of the network gaming environment. Upon identification of an inconsistency between game data and a game metric, which may indicative of illicit game play, a validation process (e.g., active, passive, and/or hybrid) may be implemented to further confirm the existence of illicit game. Alternatively, an action to maintain integrity of the gaming community may be executed without further confirmation whereby a purportedly illicit game device may be ejected from the network.
    Type: Grant
    Filed: December 10, 2013
    Date of Patent: December 27, 2016
    Assignee: SONY INTERACTIVE ENTERTAINMENT AMERICA LLC
    Inventors: Adam P. Harris, Steve C. Schneider
  • Patent number: 9516114
    Abstract: Embodiments of the present disclosure relate to the field of computer networks, and disclose a data packet transmission method and a related device and system. In the method, a traditional communication protocol (such as TCP) handshake process is optimized, so that data packet transmission may be implemented in the handshake process. The data packet transmission does not depend on completion of the handshake, thereby effectively reducing a data packet transmission delay caused by an RTT delay existing in the handshake process.
    Type: Grant
    Filed: September 16, 2013
    Date of Patent: December 6, 2016
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Kebo Duan, Wenshu Xiao, Shu Wang
  • Patent number: 9507939
    Abstract: Described systems and methods allow conducting computer security operations, such as detecting malware and spyware, in a bare-metal computer system. In some embodiments, a first processor of a computer system executes the code samples under assessment, whereas a second, distinct processor is used to carry out the assessment and to control various hardware components involved in the assessment. The described computer systems may be used in conjunction with a conventional anti-malware filter to increase throughput and/or the efficacy of malware scanning.
    Type: Grant
    Filed: March 18, 2015
    Date of Patent: November 29, 2016
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Sandor Lukacs, Adrian V. Colesa
  • Patent number: 9507951
    Abstract: Technologies for secure input and display of a virtual touch user interface include a computing device having a security monitor that may protect memory regions from being accessed by untrusted code. The security monitor may use hardware virtualization features such as extended page tables or directed I/O to protect the memory regions. A protected touch filter driver intercepts requests for touch input and allocates a transfer buffer. The transfer buffer is protected by the security monitor. A touch screen controller may write touch input data into the protected transfer buffer. The touch input data may be shared by the touch filter driver with authorized applications through a protected communication channel. A graphical virtual user interface may be generated by trusted code and rendered into a hardware overlay surface. The user interface may include a virtual keyboard. The security monitor may protect the overlay surface. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 4, 2014
    Date of Patent: November 29, 2016
    Assignee: Intel Corporation
    Inventors: Xiaozhu Kang, Ghayathri V. Garudapuram, Karanvir S. Grewal
  • Patent number: 9503425
    Abstract: The present invention relates to a method and system for performing deep packet inspection of messages transmitted through a network switch in a Software Defined Network (SDN). Embodiments of the invention include a network switch, a controller, and a firewall in a software defined networking environment. In the present invention, the network switch is a simple network switch that is physically separate from the controller and the firewall. The invention may include a plurality of physically distinct network switches communicating with one or more controllers and firewalls. In certain instances, communications between the network switch, the controller, and the firewall are performed using the Open Flow standard communication protocol.
    Type: Grant
    Filed: December 9, 2015
    Date of Patent: November 22, 2016
    Assignee: DELL SOFTWARE INC.
    Inventors: Hui Ling, Zhong Chen
  • Patent number: 9485262
    Abstract: A device may receive information that identifies an attack signature for detecting an intrusion. The device may determine a device configuration that is vulnerable to the intrusion, may determine an endpoint device associated with the device configuration, and may determine a time period during which the endpoint device was associated with the device configuration. The device may determine an endpoint identifier associated with the endpoint device during the time period, and may identify network traffic information associated with the endpoint identifier during the time period. The device may apply the attack signature to the network traffic information, and may determine whether the endpoint device was subjected to the intrusion during the time period based on applying the attack signature to the network traffic information. The device may selectively perform an action based on determining whether the endpoint device was subjected to the intrusion.
    Type: Grant
    Filed: March 28, 2014
    Date of Patent: November 1, 2016
    Assignee: Juniper Networks, Inc.
    Inventors: Clifford E. Kahn, Stephen R. Hanna
  • Patent number: 9483381
    Abstract: An information handling system, method, and computer-readable media for obfuscating debugging filenames during a software build are described. The system comprises one or more processors, a memory, and one or more program modules stored on the memory and executable by the one or more processors. The one or more program modules compile a source code file of a plurality of source code files into a program, generate a debugging file including debugging information for the program, utilize a one-way deterministic function to generate an obfuscated filename for the debugging file, and include a link to the debugging file in the program, the link including the obfuscated filename.
    Type: Grant
    Filed: December 15, 2014
    Date of Patent: November 1, 2016
    Assignee: Dell Products L.P.
    Inventors: Jonathan Bret Barkelew, Ricardo L. Martinez
  • Patent number: 9479474
    Abstract: Automated systems and methods are provided for establishing or maintaining a personalized trusted social network for a community of users, with little or no input from any given user. To establish the personalized trusted social network, one or more trusted sources are identified for a given user. The identified trusted sources are added to a user profile for the given user. Also, identified are any annotations, bookmarks, or the like that the identified trusted sources have associated with any shared content. These annotations provide access to microcontent items that the identified trusted sources have integrated with the shared content to thereby enhance or enrich its context. One or more profiles are constructed or updated to track the associations between the identified trusted sources and their annotations. The profile information can be applied to enhance and personalize search and browsing experiences for the given user.
    Type: Grant
    Filed: October 27, 2015
    Date of Patent: October 25, 2016
    Assignee: EXCALIBUR IP, LLC
    Inventor: Kenneth Norton
  • Patent number: 9467283
    Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.
    Type: Grant
    Filed: June 24, 2013
    Date of Patent: October 11, 2016
    Assignee: BlackBerry Limited
    Inventors: Michael Eoin Buckley, Michael Charles Hollatz, Robert John Lambert, Nevine Maurice Nassif Ebeid
  • Patent number: 9461984
    Abstract: A computer-implemented method for blocking flanking attacks on computing systems may include (1) detecting a denial-of-service attack targeting a computing network, (2) inferring, based at least in part on detecting the denial-of-service attack, a secondary attack targeting at least one computing resource within the computing network, (3) determining that the computing resource is subject to additional protection based on inferring the secondary attack targeting the computing resource, and (4) protecting the computing resource against the secondary attack by adding an authentication requirement for accessing the computing resource. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: October 4, 2016
    Assignee: Symantec Corporation
    Inventor: Deb Banerjee
  • Patent number: 9438582
    Abstract: A system, computer-readable storage medium storing at least one program, and a computer-implemented method for controlling a local utility are disclosed. A first request originating from an application and including a first token is received at a local utility. The application received a web page, including a plurality of links and the first token, from a first server. The plurality of links are received by the application from a second server. The first token is authenticated. Authentication includes sending the first token to a third server. In response to authenticating the first token, a second token is generated at the local utility. The second token is sent to the application for inclusion in subsequent requests from the application.
    Type: Grant
    Filed: July 29, 2014
    Date of Patent: September 6, 2016
    Assignee: SPOTIFY AB
    Inventors: Sten Garmark, Nicklas Soderlind, Samuel Cyprian, Aron Levin, Hannes Graah, Erik Hartwig, Gunnar Kreitz
  • Patent number: 9432321
    Abstract: The distributed message handling system is created by using session states to represent the plurality of session contexts in the message handling system. The session states are flat representations of the session context which completely describe the session. Utilizing the session states to handle system message requests allows the message handling system to distribute the handling of the message requests to a plurality of state machines. Advantageously, the distributed messaging system allows the message handling system to dynamically allocate message handling resources to application instances based on demand. Such dynamic allocation allows providers to efficiently allocate resources to meet demand while meeting application execution demands.
    Type: Grant
    Filed: December 19, 2011
    Date of Patent: August 30, 2016
    Assignee: Alcatel Lucent
    Inventors: Moritz M. Steiner, Thomas L. Wood
  • Patent number: 9425606
    Abstract: An information communication device is provided with a monitoring unit, a communication unit, a storage unit, a switching unit, an acquisition unit, a creation unit, and a transmission unit. In the event that the monitoring unit detects trouble in the basic network, the switching unit switches the communication function of the communication unit from a first communication function to a second communication function. In the event that the monitoring unit detects trouble in the basic network, the creation unit creates notification information about the trouble in the basic network. The transmission unit transmits the created notification information via the switched-to communication function to a contact retrieved from the storage unit.
    Type: Grant
    Filed: March 12, 2013
    Date of Patent: August 23, 2016
    Assignee: KABUSHIKI KAISHA TOSHIBA
    Inventors: Yoshihiro Yamaguchi, Ryo Yano, Keiko Mori, Mitsukage Yamada, Michiyo Ogino, Yoshihiro Ogita
  • Patent number: 9419999
    Abstract: A method for preventing Domain Name System (DNS) spoofing includes: performing uppercase/lowercase conversion for letters of a DNS question field in a DNS request packet according to a preset rule; sending the DNS request packet; receiving a DNS response packet; obtaining uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet; and forwarding the DNS response packet to a target DNS client if the uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet complies with the preset rule. Corresponding to the method, a device for preventing DNS spoofing is disclosed. The method and device reduce occupation of storage resources of the device.
    Type: Grant
    Filed: March 25, 2014
    Date of Patent: August 16, 2016
    Assignee: Huawei Digital Technologies (Cheng Du) Do., Ltd.
    Inventor: Shaobu Ma
  • Patent number: 9407617
    Abstract: This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.
    Type: Grant
    Filed: January 6, 2014
    Date of Patent: August 2, 2016
    Assignee: Microsoft Licensing Technology, LLC
    Inventors: David R. Mowers, John A. Banes, Daniel R. Simon, Paul J. Leach
  • Patent number: 9408078
    Abstract: A method, apparatus, and computer program product are provided for adapting security level between a mobile node and a mobility anchor. In the context of a method, an IP mobility binding with an indication of a security mode is established for a mobile node connected to an IP sub-network and identified in the IP sub-network by a care of address. A trigger to adapt the security mode for the mobile node connected to the IP sub-network is detected. The security mode for the mobile mode connected to the IP sub-network and identified by the care of address is adapted in response to the trigger.
    Type: Grant
    Filed: December 18, 2009
    Date of Patent: August 2, 2016
    Assignee: Nokia Technologies Oy
    Inventors: Patil Basavaraj, Teemu Ilmari Savolainen, Bajko Gabor
  • Patent number: 9397856
    Abstract: A virtual host computer is presented that includes a virtualization software platform, at least one virtual machine executed by the virtualization software platform, a private network segment configured to prevent communications with at least one external computer, a public network segment configured to facilitate communications with the at least one external computer, and a virtual routing module that is executed as a virtual image by the virtualization software platform. The virtual routing module is configured to communicate with the at least one virtual machine via the private network segment, communicate with the public network segment, and execute a tunneling layer to form a private virtual network segment between the at least one virtual machine and the at least one external computer.
    Type: Grant
    Filed: November 21, 2006
    Date of Patent: July 19, 2016
    Assignee: CA, INC.
    Inventors: Martin O'Connell, Anand Kameswaran
  • Patent number: 9398035
    Abstract: In one embodiment, techniques are shown and described relating to attack mitigation using learning machines. A node may receive network traffic data for a computer network, and then predict a probability that one or more nodes are under attack based on the network traffic data. The node may then decide to mitigate a predicted attack by instructing nodes to forward network traffic on an alternative route without altering an existing routing topology of the computer network to reroute network communication around the one or more nodes under attack, and in response, the node may communicate an attack notification message to the one or more nodes under attack.
    Type: Grant
    Filed: January 27, 2014
    Date of Patent: July 19, 2016
    Assignee: Cisco Technology, Inc.
    Inventors: Jean-Philippe Vasseur, Javier Cruz Mota, Andrea Di Pietro, Jonathan W. Hui
  • Patent number: 9398030
    Abstract: Various embodiments pertain to ascertaining domain contexts. In one embodiment, an application receives content that may contain a script (i.e. code). In this case, the domain context is ascertained and the script is executed in the context of the domain associated with the received content, rather than requiring the application or some other component to navigate to a location, such as a web location, to attempt to ascertain the domain context of the script. In another embodiment, third party objects or code are required to provide their domain context to an application in order for the application to make a security-based decision.
    Type: Grant
    Filed: September 24, 2013
    Date of Patent: July 19, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Govind Varshney, Marc A. Silbey, Shankar Ganesh, Robert Impollonia, Venkatraman V. Kudallur
  • Patent number: 9385954
    Abstract: Some embodiments provide a physical forwarding element that hashes portions of packet headers using several novel hashing techniques. The techniques include a novel set of finishing operations that improve the quality of resulting hashes by increasing their distribution and improving their apparent-randomness. In addition, the finishing operations virtually guarantee that different length inputs will hash to different results, even when padded to be the same initial values. The techniques also include efficient handling of remainder sections when distributing sections of a hash input across multiple processing units. The remainders are hashed into various previously generated hashes based on how many remainders result. These hashing techniques are useful for many network applications.
    Type: Grant
    Filed: March 31, 2014
    Date of Patent: July 5, 2016
    Assignee: NICIRA, INC.
    Inventor: Jarno Rajahalme
  • Patent number: 9380025
    Abstract: An example method is provided and, in an example embodiment, includes receiving a data packet at an ingress switch function, the data packet associated with a data packet flow; obtaining access control information associated with a destination of the data packet flow from a centralized service engine; and performing access filtering on the data packet flow at the ingress switch function using the access control information.
    Type: Grant
    Filed: July 3, 2013
    Date of Patent: June 28, 2016
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Suraj Nellikar, Maithili Narasimha