Protection At A Particular Protocol Layer Patents (Class 713/151)
-
Patent number: 10671304Abstract: Some embodiments provide a method for configuring unit memories to implement first and second sets of entries, the second set of which references the first set. The method configures a first pool of unit memories to implement the first set. Each entry in the first set is located at a particular location in at least one of the memories of the first pool. The method configures a second pool of unit memories to implement the second set. Each entry in the second set includes a particular number of bits for indicating (i) an initial first-pool unit memory at which the first-set entry referenced by the second-set entry is found and (ii) a number of subsequent first-pool memories across which the first-set entry is divided. A number of bits required to identify a single first-pool memory is one fewer than the particular number of bits.Type: GrantFiled: April 5, 2019Date of Patent: June 2, 2020Assignee: Barefoot Networks, Inc.Inventor: Patrick Bosshart
-
Patent number: 10673901Abstract: In one embodiment, a service receives captured traffic flow data regarding a traffic flow sent via a network between a first device assigned to a first network zone and a second device assigned to a second network zone. The service identifies, from the captured traffic flow data, one or more cryptographic parameters of the traffic flow. The service determines whether the one or more cryptographic parameters of the traffic flow satisfy an inter-zone policy associated with the first and second network zones. The service causes performance of a mitigation action in the network when the one or more cryptographic parameters of the traffic flow do not satisfy the inter-zone policy associated with the first and second network zones.Type: GrantFiled: December 27, 2017Date of Patent: June 2, 2020Assignee: Cisco Technology, Inc.Inventors: Matthew Scott Robertson, David McGrew, Timothy David Keanini, Sunil Amin, Ellie Marie Daw
-
Patent number: 10671753Abstract: Systems, methods, and software for sensitive data handling frameworks for user applications are provided herein. An exemplary method includes receiving subsets of structured user content consolidated into associated flattened representations, the associated flattened representations having a mapping to the structured user content and accompanied by at least lengths and offset information relating to the mapping. The method includes individually parsing the subsets of structured user content to classify portions as comprising sensitive content corresponding to one or more predetermined data schemes and, for each of the portions, identifying an associated offset and length for the portion relating to the subsets of structured user content, and indicating at least the associated offset and length to the user application for marking of the sensitive content in a user interface to the user application.Type: GrantFiled: March 23, 2017Date of Patent: June 2, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Phillip David Allen, Ryan Charles Hill, Bradley Jacob Zimnisky
-
Patent number: 10659441Abstract: A service interface of an SSL application hosted on at least one computer system in a hosted network selecting at least one authorized cipher suite. An SSL socket of the SSL application negotiating with another SSL socket of another SSL application in the hosted network for a mutual cipher from among the at least one authorized cipher suite and a shared key to encrypt information exchanged during a secure session. Responsive to establishing a security connection between the SSL socket and the another SSL socket using the selected mutual cipher, the service interface sends to a centralized service an identifier of the selected mutual cipher. Responsive to the service interface receiving a revoked cipher alert from the centralized service, the service interface revokes one or more sessions of the SSL application using a revoked cipher in the revoked cipher alert matching the selected mutual cipher.Type: GrantFiled: December 10, 2018Date of Patent: May 19, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Rinkesh I. Bansal, Shiv S. Jha, Sanjay B. Panchal, Mahesh S. Paradkar, Chintan Thaker
-
Patent number: 10657519Abstract: A device may perform a first authentication operation, associated with a contactless media device, using a first key. The first key may permit a security mode of the contactless media device to be modified. The device may cause the contactless media device to set the security mode to a first security mode that causes the contactless media device to secure at least one transmission from the contactless media device. The device may perform a second authentication operation, associated with the contactless media device, using a second key that permits information to be read from or written to the contactless media device. The device may read first secured information from or write second secured information to the contactless media device. The first secured information or the second secured information may be secured based on the security mode of the contactless media device being set to the first security mode.Type: GrantFiled: October 21, 2014Date of Patent: May 19, 2020Assignee: Accenture Global Services LimitedInventors: Avishek Somani, Sunil Raina, Michael Jennings
-
Patent number: 10645112Abstract: Processing and transmitting of data within a functionally safe electronic system having at least two subsystems, each of which comprises at least one safety component, and each of which complies with a specific safety level for functionally safe data processing. Embodiments process data using the safety component of a first one of the subsystems into functionally safe data of a first safety level, and add an indication attribute indicating suitability of these data for use of this first safety level; transmitting the data to a second one of the subsystems; and checking the received indication attribute, by the second subsystem using the safety component, to determine whether the safety level indicated by this indication attribute is different from the safety level the second subsystem complies with; and, if the check reveals non-equal safety levels, further processing the data in functionally a safe manner based on the lower safety level.Type: GrantFiled: March 11, 2016Date of Patent: May 5, 2020Assignee: Phoenix Contact GmbH & Co. KGInventors: Tobias Frank, Rolf Salzmann
-
Patent number: 10635716Abstract: Methods and systems for forwarding data packets by a server system (e.g., a proxy server) are disclosed. The proxy server is coupled to a user device and a plurality of web servers. The proxy server receives a first data packet directed to a first web server of the plurality of web servers from the user device. The first data packet includes a first synthesized address associated with the first web server. The proxy server identifies a first actual address of the first web server. The proxy server replaces the first synthesized address in the first data packet with the first actual address of the first web server. The proxy server further forwards the first data packet to the first web server using the first actual address of the first web server.Type: GrantFiled: August 24, 2016Date of Patent: April 28, 2020Assignee: FACEBOOK, INC.Inventor: Dekel Shmuel Naar
-
Patent number: 10637686Abstract: Various systems and methods for bypassing one or more non-capable nodes. For example, one method involves a capable node determining that an adjacent node is non-capable, where capable nodes are configured to implement a data plane capability and non-capable nodes are not. The method then involves identifying a downstream node that is capable. The downstream node is on a shortest path. The method also involves generating information that identifies a tunnel to the downstream node.Type: GrantFiled: November 28, 2018Date of Patent: April 28, 2020Assignee: Cisco Technology, Inc.Inventors: Alfred C. Lindem, III, Peter Psenak, Ijsbrand Wijnands
-
Patent number: 10630683Abstract: In an aspect, a wireless communication between a transmitter and a receiver involves determining updated keys according to a key management process for MAC layer encryption. Such key is propagated to a transmitter MAC and though a receiver key management process to a receiver MAC. After a delay, transmitter MAC device begins using the updated key, instead of a prior key, for payload encryption. Receiver MAC continues to use the prior key until a packet that was accurately received fails a message integrity/authentication check. Then, the receiver MAC swaps in the updated key and continues to process received packets. The packet data that failed the message integrity check is discarded. Transmitter MAC retries the failed packet at a later time, and if the packet was accurately received and was encrypted by the transmitter MAC using the updated key, then the receiver will determine that the message is authentic and will receive it and acknowledge it.Type: GrantFiled: December 2, 2016Date of Patent: April 21, 2020Assignee: Imagination Technologies LimitedInventor: Chakra Parvathaneni
-
Patent number: 10620944Abstract: A cloud-based decision management platform along with corresponding method, system, and a computer program product are disclosed. At least one component of at least one computing system is selected from a plurality of components of the computing system. The selected component is configured for execution during a runtime of the computing system. The configured component is executed during runtime. The components of the computing system are stored in a catalog module based on at least one characteristic that includes at least one of the following: analytics, decisioning, identity and access management, and optimization.Type: GrantFiled: June 23, 2017Date of Patent: April 14, 2020Assignee: FAIR ISAAC CORPORATIONInventors: Joshua Prismon, Andrei Palskoi, John Daniel Cribbs, Fernando Felipe Campos Donati Jorge, Stuart Clarkson Wells
-
Patent number: 10616287Abstract: Devices, methods, and program products are provided, which support multiple Digital Rights Management (DRM) schemes or platforms during the placeshifting of media content. A given placeshifting session may be initiated between a placeshifting device and a user-controlled client media receiver executing a browser player. In one embodiment, the DRM placeshifting method includes storing, in a memory associated with the placeshifting device, DRM-protected content; receiving a request from the client media receiver over a communications network to stream the DRM-protected content to the device; and obtaining a placeshifting key and initialization instructions for the DRM-protected content. The DRM-protected content is streamed to the client media receiver in an encrypted format accessible with a placeshifting decryption key.Type: GrantFiled: June 29, 2017Date of Patent: April 7, 2020Assignee: SLING MEDIA PVT LTDInventors: Jagan Kumar Govindarajan, Satish Iyer
-
Patent number: 10616072Abstract: Systems, methods, and devices are disclosed for generating an interface configured to display status information for network elements on a network. In embodiments, one or more logical models of the network are obtained from at least one of a plurality of controllers on a network. Network statistics are determined based on network traffic. Based on the one or more logical models and the network statistics, a topology of the network and respective status information of one or more network elements during an epoch is identified, the epoch defining a time interval. A user interface is generated that displays the respective status information in a timeline comprising one or more of the epochs.Type: GrantFiled: July 27, 2018Date of Patent: April 7, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: Chien-Ju Lo, Bill YuFan Chen, Kannan Ponnuswamy, Kollivakkam Raghavan, Navneet Yadav, Manvesh Vyas
-
Patent number: 10616149Abstract: In certain embodiments, evaluations of effectiveness are optimized for multiple electronic message versions. For example, a server receives, subsequent to first electronic messages being transmitted over a first time period, responsive electronic data automatically generated by interactions with these messages. The server controls, based on the responsive electronic data, transmission of second electronic messages to recipients. For instance, the server provides an interface for configuring a test transmission of different test message versions to segments of recipients, where each version includes a different combination of message attributes. The server receives a selection of options via the interface for the test transmission, identifies an adverse impact on the test transmission associated with the selection, and indicates the adverse impact via the interface. The server subsequently receives, via the interface, a modification to the test transmission options.Type: GrantFiled: August 10, 2016Date of Patent: April 7, 2020Assignee: THE ROCKET SCIENCE GROUP LLCInventors: Mardav Wala, Guan Liao, Michaela Moore, John Foreman
-
Patent number: 10614807Abstract: A system comprises a first network microphone device (NMD) communicatively coupled to a second NMD via a network interface of the first NMD, wherein the first NMD is configured to: receive, from the second NMD via the network interface of the first NMD, an arbitration message comprising (i) a first measure of confidence associated with a voice input detected by the second NMD and (ii) an identifier associated with at least a portion of the voice input detected by the second NMD, determine that the first measure of confidence is greater than a second measure of confidence, wherein the second measure of confidence is associated with a voice input detected by the first NMD via at least one microphone of the second NMD, and based on the determination, perform voice recognition based on the voice input detected by the second NMD, wherein the voice input detected by the second NMD comprises a command to control the playback of the audio content by at least one of the first or the second NMDs.Type: GrantFiled: November 1, 2018Date of Patent: April 7, 2020Assignee: Sonos, Inc.Inventors: Steven Beckhardt, Ted Lin
-
Patent number: 10609022Abstract: A method and an apparatus for installing a profile in a terminal including a universal integrated circuit card (UICC) corresponding to a smart card security module, which is inserted into a mobile communication terminal and then used are provided. More particularly, a method and an apparatus for remotely installing or removing mobile communication subscriber information in/from a profile of a terminal are provided. The terminal can remotely download the profile from a network server (subscription manager data preparation (SM-DP) or subscription manager secure routing (SM-SR)) without any change in a mobile network operator information technology (IT) system interface rather than downloading the profile of the terminal by the network server.Type: GrantFiled: July 1, 2015Date of Patent: March 31, 2020Assignee: Samsung Electronics Co., Ltd.Inventors: Jonghan Park, Duckey Lee, Seonghun Kim, Heejeong Lee, Sangsoo Jeong, Songyean Cho
-
Patent number: 10601587Abstract: A method for establishing a first secured communication channel between an administrative agent in a device and a distant server, the device comprising a secure element communicating with the administrative agent, the secure element being administrated through the administrative agent by the distant server, the administrative agent being administrated by a third party server through a second secured communication channel, the distant server and the third party server being connected through a third secured channel. The third party server requests, from the distant server, an operation on the secure element and a one-time PSK. The distant server sends, to the third party server, the one-time PSK. The third party server sends, to the administrative agent, a triggering message including the one-time PSK. A TLS-PSK handshake is performed between the administrative agent and the distant server with the one-time PSK to establish the first secured communication channel.Type: GrantFiled: June 23, 2015Date of Patent: March 24, 2020Assignee: THALES DIS FRANCE SAInventors: Xavier Berard, Frédéric Paillart, Frédéric Faure, Lionel Mallet
-
Patent number: 10601838Abstract: Novel tools and techniques are provided for implementing digital rights management (“DRM”)-agnostic entitlement gateway and verification system. In various embodiments, an entitlement gateway might receive a query from a client device, and might determine whether a user is authorized to access requested DRM-protected media content. If not, the entitlement gateway might send a deny signal to the client device that prevents the user from accessing the media content. If so, the entitlement gateway might identify, from among a plurality of DRM types, a DRM type that is used to protect the media content. The entitlement gateway might identify, from among a plurality of DRM servers each associated with a particular DRM type, a DRM server associated with the identified DRM type, and might send a request for a license for accessing the media content from the identified DRM server, the license enabling the user to access the media content.Type: GrantFiled: November 27, 2017Date of Patent: March 24, 2020Assignee: CenturyLink Intellectual Property LLCInventors: Asghar Hussain, Zubin Ingah, Michael D. Sprenger
-
Patent number: 10594496Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.Type: GrantFiled: June 26, 2018Date of Patent: March 17, 2020Assignee: CLOUDFLARE, INC.Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
-
Patent number: 10581874Abstract: A computerized method for detecting malware associated with an object. The method includes operations of analyzing an object to obtain a first set of attributes, where the first set of attributes include one or more characteristics associated with the object. Furthermore, the object is processed with a virtual machine to obtain a second set of attributes. The second set of attributes corresponds to one or more monitored behaviors of the virtual machine during processing of the object. Thereafter, a threat index is determined based, at least in part, on a combination of at least one attribute of the first set of attributes and at least one attribute of the second set of attributes. The threat index represents a probability of maliciousness associated with the object.Type: GrantFiled: December 31, 2015Date of Patent: March 3, 2020Assignee: FireEye, Inc.Inventors: Yasir Khalid, Sai Omkar Vashisht, Alexander Otvagin
-
Patent number: 10581702Abstract: Systems and methods for automatically generating standard service level agreements for architectures are disclosed. In embodiments, a method comprises receiving a request from a client, the request including: one or more select information technology (IT) building blocks selected from a plurality of IT building blocks in an online service catalogue; and a select service level target (SLT) from a plurality of predetermined SLTs in the service catalogue; automatically generating an architecture based on the request utilizing the service catalogue, the architecture comprising at least one IT building block different from the one or more select IT building blocks, wherein the architecture is capable of meeting objectives of the request; determining that the architecture meets the select SLT; accessing an architecture database; and automatically generating an infrastructure SLA based on the architecture utilizing the architecture database.Type: GrantFiled: July 18, 2018Date of Patent: March 3, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Clea A. Zolotow, Tomasz Gola, Petra Kopp, Laxmikantha S. Nanduru
-
Patent number: 10581948Abstract: Among other things, this document describes systems, devices, and methods for using TLS session resumption tickets to store and manage information about objects that a server or a set of servers has previously delivered to a client and therefore that the client is likely to have in client-side cache. When communicated to a server later, this information can be used to drive server decisions about whether to push an object to a client, e.g., using an HTTP/2 server push function or the like, or whether to send an early hint to the client about an object.Type: GrantFiled: December 7, 2017Date of Patent: March 3, 2020Assignee: Akamai Technologies, Inc.Inventors: Utkarsh Goel, Martin T. Flack, Stephen L. Ludin, Moritz M. Steiner
-
Patent number: 10581607Abstract: To automate establishment of an ad hoc connection between a user apparatus and a device, username-password pairs and identifying information-code pairs are maintained in a database server. The user apparatus sends an inquiry identifying information of the device and a username and a password of a user of the user apparatus, and receives in a response a code for establishing the ad hoc connection.Type: GrantFiled: May 9, 2017Date of Patent: March 3, 2020Assignee: ABB Schweiz AGInventors: Zhongliang Hu, Teemu Tanila, Mikko Kohvakka
-
Patent number: 10575352Abstract: The present inventions, in one aspect, are directed to systems and circuitry for and/or methods of establishing communication having one or more pairing facilitator-intermediary devices (for example, a network connected server) to enable or facilitate pairing and/or registering at least two devices (e.g., (i) a portable biometric monitoring device and (ii) a smartphone, laptop and/or tablet) to, for example, recognize, interact and/or enable interoperability between such devices. The pairing facilitator-intermediary device may responsively communicates information to one or more of the devices (to be paired or registered) which, in response, enable or facilitate such devices to pair or register. The present inventions may be advantageous where one or both of the devices to be paired or registered is/are not configured (e.g., include a user interface or certain communication circuitry that is configured or includes functionality) to pair devices without use of a facilitator-intermediary device.Type: GrantFiled: January 22, 2019Date of Patent: February 25, 2020Assignee: Fitbit, Inc.Inventor: Heiko Gernot Albert Panther
-
Patent number: 10560452Abstract: An apparatus controls transfer apparatuses that transfer a packet transmitted and received by terminals in a network. Upon receiving detection information notified from a server that detects unauthorized communication of a terminal by using the packet, the apparatus identifies the terminal and a type of the unauthorized communication, based on the detection information. The apparatus determines a transfer apparatus to be controlled, by referencing first information that stores information identifying the transfer apparatus in association with the terminal, and determines a control to be performed on the transfer apparatus by referencing second information that stores information on the control in association with the type of the unauthorized communication.Type: GrantFiled: February 1, 2017Date of Patent: February 11, 2020Assignee: FUJITSU LIMITEDInventors: Hiroyasu Osaki, Takahiro Shimazaki, Hidehiko Mayumi, Shu Matsuoka, Takashi Okamura, Mitsuru Okajima
-
Patent number: 10545940Abstract: An implementation of the disclosure provides an apparatus comprising: a memory to store a plurality of handshake responses to authenticate client communications; and a processing device, operatively coupled to the memory, to: receive a handshake request from a client device The handshake request comprising an identifier of a communication protocol supported by the client device. A secure layer extension is extracted from the identifier of the communication protocol. Identify, in view of the communication protocol, a handshake response for the client device. The handshake response is modified to include information associated with the secure layer extension. Update a data structure with a hash value generated in view of the modified handshake response. Thereupon, forward the modified handshake response and the hash value to the client device.Type: GrantFiled: February 22, 2017Date of Patent: January 28, 2020Assignee: Red Hat, Inc.Inventors: Jean-Frederic Clere, Stuart Wade Douglas
-
Patent number: 10547641Abstract: A network-based appliance includes a mechanism to provide TLS inspection with session resumption, but without requiring that a session cache be maintained. To this end, the inspector is configured to cause the TLS client to participate in maintaining the session context, in effect on behalf of the TLS inspector. In operation, when the inspector first receives a session ID from the TLS server, the inspector generates and issues to the client a session ticket that includes the original session ID and other session context information. In this manner, the inspector converts the Session ID-based connection to a Session Ticket-based connection. The session ticket is encrypted by the inspector to secure the session information. When the TLS client presents the session ticket to resume the TLS connection, the inspector decrypts the ticket and retrieves the session ID from it directly. The inspector then uses the original session ID to resume the TLS session.Type: GrantFiled: June 1, 2017Date of Patent: January 28, 2020Assignee: International Business Machines CorporationInventors: Cheng-Ta Lee, Wei-Hsiang Hsiung, Wei-Shiau Suen, Ming-Hsun Wu
-
Patent number: 10543751Abstract: The invention relates to a method of communication between a vehicle and a wayside control unit for controlling an inductive power transfer to the vehicle, wherein the control unit controls a generation of an electromagnetic field by a primary unit with a primary winding structure of a system for inductive power transfer, wherein the vehicle includes a secondary unit with a secondary winding structure for receiving the alternating electromagnetic field, wherein charging-related data is transmitted in between the vehicle and the control unit via a first communication link, wherein the authentication-related data is transmitted from the vehicle to the control unit via a second communication link, wherein the authentication-related data is used to authenticate the charging-related data, and a vehicle and an arrangement of a vehicle and a primary unit.Type: GrantFiled: February 4, 2015Date of Patent: January 28, 2020Assignee: Bombardier Primove GmbHInventor: Thoralf Schnarr
-
Patent number: 10548008Abstract: A method and device for authenticating wireless communication links between devices. The method may comprise sending a first frame from first device to a second device. The first frame may comprise a header and a payload containing data packets for implementing a first Extensible Authentication Protocol. A first secure link may be established between the first network interface card of the first device and the first network interface card of the second device, then an action management frame may be sent across the first link. The action management frame may comprise the header, a payload comprising a vendor-specific information element containing identifying information about the first device, and an action that instructs the second device to implement a second Extensible Authentication Protocol through a second network interface card of the second device. A second secure link may be established between the second network interface cards of each device.Type: GrantFiled: July 29, 2016Date of Patent: January 28, 2020Assignee: Qualcomm IncorporatedInventors: Vladimir Shulman, Vladimir Kondratiev, Boris Sorochkin
-
Patent number: 10542041Abstract: A network-based appliance includes a mechanism to provide TLS inspection with session resumption, but without requiring that a session cache be maintained. To this end, the inspector is configured to cause the TLS client to participate in maintaining the session context, in effect on behalf of the TLS inspector. In operation, when the inspector first receives the session ticket from the TLS server, and in lieu of caching it, the inspector generates and issues to the client a composited ticket that includes the original ticket and session context information that contains the session key. The composited ticket is encrypted by the inspector to secure the session information. When the TLS client presents the composited session ticket to resume the TLS connection, the inspector decrypts the ticket and retrieves the session context from it directly. The inspector then uses the original session ticket to resume the TLS session.Type: GrantFiled: June 1, 2017Date of Patent: January 21, 2020Assignee: International Business Machines CorporationInventors: Cheng-Ta Lee, Wei-Hsiang Hsiung, Wei-Shiau Suen, Ming-Hsun Wu
-
Patent number: 10523426Abstract: For a network that includes host machines for providing computing and networking resources and a VPN gateway for providing external access to those resources, a novel method that distributes encryption keys to the hosts to encrypt/decrypt the complete payload originating/terminating at those hosts is described. These encryption keys are created or obtained by the VPN gateway based on network security negotiations with the external networks/devices. These negotiated keys are then distributed to the hosts via control plane of the network. In some embodiments, this creates a complete distributed mesh framework for processing crypto payloads.Type: GrantFiled: August 6, 2018Date of Patent: December 31, 2019Assignee: NICIRA, INC.Inventors: Jayant Jain, Anirban Sengupta, Uday Masurekar
-
Patent number: 10521584Abstract: A system acquires diagnostic information from event logs, trace files, and other diagnostic sources to reduce a set of event records. The event records are arranged in a graph based on correlations between individual event records. Correlations may be based on time, account, credentials, tags, instance identifiers, or other characteristics. The system analyzes the graph to identify anomalies such as data exfiltration anomalies, system compromises, or security events. In some implementations, the system deploys decoy resources within a customer computing environment. Interactions with the decoy resources are captured as event records and added to the graph.Type: GrantFiled: August 28, 2017Date of Patent: December 31, 2019Assignee: Amazon Technologies, Inc.Inventor: Nima Sharifi Mehr
-
Patent number: 10505984Abstract: Provided are a method and a system for exchanging control information between secure socket layer (SSL) gateways. The method may commence with intercepting, by a client facing node, a client request including session-specific information and a session request to establish an SSL communication session between a client and a server. The method may continue with generating an SSL extension based on the session-specific information and adding the SSL extension to the session request to obtain an extended session request. The extended session request may be sent to a server facing node in communication with the client facing node. The method may further include identifying the session-specific information contained in the SSL extension of the extended session request and generating a further session request for establishing the SSL communication session between the server facing node and the server. The method may further include sending the further session request to the server.Type: GrantFiled: January 24, 2017Date of Patent: December 10, 2019Assignee: A10 Networks, Inc.Inventors: Yang Yang, Xuyang Jiang, Ali Golshan
-
Patent number: 10503418Abstract: A system and method of securing a computer system by controlling write access to a storage medium by monitoring an application; detecting an attempt by the application to write data to said storage medium; interrogating a rules database in response to said detection; and permitting or denying write access to the storage medium by the application in dependence on said interrogation.Type: GrantFiled: February 1, 2017Date of Patent: December 10, 2019Assignee: Drive Sentry LimitedInventor: John Safa
-
Patent number: 10498711Abstract: Aspects of the present disclosure relate to providing a booting key to a remote system. A policy server receives a verification that a predetermined number of user devices provided secret information for booting a remote system. The policy server provides, in response to the received verification, a message for a key server to provide a booting key to the remote system, the key server providing the booting key in response to the message and causing the remote system to complete a booting procedure, in response to the message from the policy server.Type: GrantFiled: June 21, 2016Date of Patent: December 3, 2019Assignee: Palantir Technologies Inc.Inventors: Justin Cassidy, Tristan Smith, Kori Oliver
-
Patent number: 10491575Abstract: In a secure cloud for transmitting packets of digital data, the packets may be repeatedly scrambled (i.e., their data segments reordered) and then unscrambled, split and then mixed, and/or encrypted and then decrypted as they pass through media nodes in the cloud. The methods used to scramble, split, mix and encrypt the packets may be varied in accordance with a state such as time, thereby making the task of a hacker virtually impossible inasmuch as he or she may be viewing only a fragment of a packet and the methods used to disguise the data are constantly changing.Type: GrantFiled: April 6, 2018Date of Patent: November 26, 2019Assignee: LISTAT LTD.Inventors: Ievgen Verzun, Oleksandr Holub, Richard K. Williams
-
Patent number: 10484364Abstract: A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include a user name and a password. The user name may include a credential and the password may be a digitally signed version of the user name. The authentication computing device may authenticate the requesting computing device by decrypting the password and comparing the received user name to the decrypted password.Type: GrantFiled: September 1, 2017Date of Patent: November 19, 2019Assignee: Comcast Cable Communications, LLCInventors: Kris Bransom, Christopher Zarcone
-
Patent number: 10474448Abstract: In embodiments of the present invention improved capabilities are described for a updating software in a plurality of devices coupled to one another in a communicating relationship through a local network, the method comprising receiving a descriptor file for a software update at the first device from a remote source outside the local network, the descriptor file including a hash code for each of a plurality of update sub-files and an order for assembling the update sub-files into the software update, downloading the plurality of update sub-files to the first device from a remote source outside the local network until the sub-files identified in the descriptor file are present on the first device, where a presence of the sub-files is evaluated using the hash codes in the descriptor file, and broadcasting every one of the plurality of update sub-files from the first device to the number of other devices.Type: GrantFiled: February 23, 2018Date of Patent: November 12, 2019Assignee: Sophos LimitedInventor: John Melton Reynolds
-
Patent number: 10474402Abstract: A print management server provided outside a predetermined LAN includes a receiver, a processor, and a transmitter. The receiver receives a print output instruction from a communication terminal of a user, the print output instruction being issued to a print output device provided inside the predetermined LAN and being an instruction to print out a print target file. The processor determines whether the print target file is present inside the predetermined LAN. When it is determined that the print target file is present inside the predetermined LAN, the transmitter transmits a generation command to a communication relay device inside the predetermined LAN, the generation command being a command to generate print job data on the basis of the print target file acquired by the communication relay device and a print setting instruction.Type: GrantFiled: May 5, 2017Date of Patent: November 12, 2019Assignee: Konica Minolta, Inc.Inventor: Takahiro Kouno
-
Patent number: 10469464Abstract: In one embodiment, a method includes receiving, in a first device, at least one of a first symmetric key and a first asymmetric key in a common key management structure, the common key management structure to accommodate asymmetric keys and symmetric keys, and further including security policy information to enable communication between the first device of a first domain of an Internet of Things (IoT) network and a second device of a second domain of the IoT network according to an inter-domain security policy; and sending a first message directly from the first device to the second device according to the security policy information of the common key management structure. Other embodiments are described and claimed.Type: GrantFiled: December 14, 2015Date of Patent: November 5, 2019Assignee: Intel CorporationInventor: Ned M. Smith
-
Patent number: 10469594Abstract: Provided are methods and systems for inspecting secure data. A system for inspecting secure data comprises a server facing module, and a client facing module in communication with the server facing module. The client facing module is operable to intercept a client request associated with the secure data to establish a secure connection with a server, establish a data traffic channel via the server facing module, and provide a control message to the server facing module via the data traffic channel. The control message includes an instruction to the server facing module to obtain a security certificate from the server. The security certificate is received from the server facing module via the data traffic channel. The security certificate is forged to establish the secure connection between the client and the client facing module. The client facing module sends unencrypted data to the server facing module via the data traffic channel.Type: GrantFiled: December 8, 2015Date of Patent: November 5, 2019Assignee: A10 Networks, Inc.Inventors: Xuyang Jiang, Yang Yang, Ali Golshan
-
Patent number: 10469452Abstract: A secure communication system includes an outer VPN gateway representative of an outer tunnel for facilitating communication with a black network. The outer VPN gateway includes a first Ethernet port and first program instructions for providing a first layer of encryption. The secure communication system, further includes an inner VPN gateway representative of an inner tunnel for facilitating communication with a red network. The inner VPN gateway comprises a second Ethernet port and second program instructions for providing a second layer of encryption. The secure communication system further includes a coupling bracket for mechanically coupling the inner VPN gateway with the outer VPN gateway, and for facilitating communication between the inner VPN gateway and the outer VPN gateway by interfacing with the first Ethernet port and the second Ethernet port.Type: GrantFiled: January 6, 2017Date of Patent: November 5, 2019Assignee: Klas Technologies LimitedInventors: Frank Murray, Cian Masterson, Cathal Daly
-
Patent number: 10462147Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the device connecting to a port on the switch. The threat management server determines the endpoint device is present in a device log file. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period and the number of times the endpoint device has passed authentication is less than a second threshold value within a second time period. The threat management server determines the endpoint device does not have a lease for the port on the switch and sends a reroute command to the switch to transform the destination of traffic associated with the endpoint device to a safe zone.Type: GrantFiled: June 26, 2017Date of Patent: October 29, 2019Assignee: Bank of America CorporationInventors: Rahul Isola, Anthony P. Grossi
-
Patent number: 10462171Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.Type: GrantFiled: August 8, 2018Date of Patent: October 29, 2019Assignee: Sentinel Labs Israel Ltd.Inventors: Tomer Weingarten, Almog Cohen
-
Patent number: 10462001Abstract: A method and a network node device run Push-Button Configuration sessions within a heterogeneous network, IEEE 1905.1, using a push button configuration mechanism that ensures that only one single new network node device is registered for a single push button key press event and thus overlapping Push-Button Configuration sessions within a heterogeneous network are prevented. After finishing the push button configuration mode, the number of new nodes is checked. If more than one node has been added, a configuration roll-back is performed. Preferably, the push button configuration roll-back is performed as soon as the authentication of more than one distinct node has been detected. The roll-back includes the deletion or deactivation of credentials established by the push-button configuration.Type: GrantFiled: February 10, 2017Date of Patent: October 29, 2019Assignee: SIEMENS AKTIENGESELLSCHAFTInventors: Michael Bahr, Rainer Falk, Parag Mogre
-
Patent number: 10459924Abstract: An information processing device assists generation of social communication, based on user communication information exchanged through a network. The information processing device includes: a communication information collection unit that collects the communication information; a life log information extraction unit that extracts life log information included in the collected communication information; a life log information storage unit that stores the extracted life log information in a configuration capable of being searched at least on an individual user unit basis, the life log information storage unit memorizing scores of a plurality of indexes while associating the scores with the life log information, the indexes indicating degrees of contribution of the life log information to new social communication generation; and a life log information management unit that manages the life log information stored in the life log information storage unit, based on a combination of the scores of the indexes.Type: GrantFiled: September 24, 2012Date of Patent: October 29, 2019Assignee: NEC CorporationInventors: Hirokazu Kawano, Kouichi Onodera, Fumiaki Imanari, Keito Kouda, Naoya Kondou
-
Patent number: 10454895Abstract: A method for enforcing a network policy is described herein. In the method, a network socket event request from an application executing in a first context is intercepted by an agent prior to the request reaching a transport layer in the first context. A context refers to virtualization software, a physical computer, or a combination of virtualization software and physical computer. In response to the interception of the request, the agent requests a decision on whether to allow or deny the network socket event request to be communicated to a security server executing in a second context that is distinct from the first context. The request for a decision includes an identification of the application. The agent then receives from the security server either an allowance or a denial of the network socket event request, the allowance or denial being based at least in part on the identification of the application and a security policy.Type: GrantFiled: September 12, 2016Date of Patent: October 22, 2019Assignee: VMware, Inc.Inventors: Azeem Feroz, Binyuan Chen, Amit Chopra
-
Patent number: 10455449Abstract: A device may perform dynamic load balancing to identify one or more service devices, of a group of service devices, that is to apply a set of network services to traffic associated with a session of a subscriber device. The device may provide outgoing traffic, associated with the session, to the one or more service devices based on identifying the one or more service devices. The outgoing traffic may be provided to cause the one or more service devices to apply the set of network services to the outgoing traffic. The device may provide, to another device, information that identifies the one or more service devices. The information that identifies the one or more service devices may be provided to cause the other device to provide incoming traffic, associated with the session, to the one or more service devices to apply the set of network services to the incoming traffic.Type: GrantFiled: September 25, 2015Date of Patent: October 22, 2019Assignee: Juniper Networks, Inc.Inventors: Dilip H. Sanghavi, Rakesh Kumar, Saravanadas P. Subramanian, Jwala Dinesh Gupta Chakka
-
Patent number: 10455578Abstract: Apparatuses, a method, and a computer program for influencing the selection of a frequency band for wireless communication with a mobile station. Disclosed is an apparatus, method, and computer program for controlling a frequency band selection for wireless communication with a mobile station in a wireless local area network—WLAN—, wherein at least a first and a second frequency band are selectable, the first and second frequency bands each having multiple transmission channels; and having a transmission circuit for transmitting at least one command to the mobile station that asks the mobile station to change from the first to the second frequency band, or vice versa.Type: GrantFiled: November 11, 2016Date of Patent: October 22, 2019Assignee: VOLKSWAGEN AGInventors: Matthias Mohaupt, Sascha Jurthe
-
Patent number: 10452851Abstract: Systems and methods which provide a new application security assessment framework that allows auditing and testing systems to automatically perform security and compliance audits, detect technical security vulnerabilities, and illustrate the associated security risks affecting business-critical applications.Type: GrantFiled: February 4, 2016Date of Patent: October 22, 2019Assignee: ONAPSIS S.R.L.Inventor: Mariano Nuñez Di Croce
-
Patent number: 10440091Abstract: Provided is a communication method of an electronic device, including executing a web browser, requesting registration in an IP multimedia core network subsystem (IMS) using a first client associated with the web browser, and displaying, in a part of the web browser using the first client, information associated with a network to which the electronic device is connected.Type: GrantFiled: November 16, 2015Date of Patent: October 8, 2019Assignee: Samsung Electronics Co., LtdInventors: Hyong-Jin Ban, Tae-Sun Yeoum, Ji-Hye Kang, Keon-Ho Kim, Eo-Jin Ham