Protection At A Particular Protocol Layer Patents (Class 713/151)
  • Patent number: 10880088
    Abstract: A target transceiver transfers target instructions to a control server that associates a data source with contact information, conditions, and tokens. The target transceiver transfers the contact tokens to a source transceiver for the data source. The source transceiver encrypts and transfers a data target ID and the token to the control server. The control server receives and decrypts the data target ID and the token and identifies the data source, the data target, and the conditions. The control server processes the conditions to select a portion of the contact information and transfers the selected portion of the contact information to the source transceiver. The source transceiver transfers the user data to the target transceiver based on the selected contact information.
    Type: Grant
    Filed: October 16, 2018
    Date of Patent: December 29, 2020
    Assignee: Sprint Communications Company L.P.
    Inventor: Pierce Andrew Gorman
  • Patent number: 10868671
    Abstract: An approach for a first host to establish communication with a second host comprising receiving an signal from a client that the client is in enrolled in a first communication group with the first host and enrolled in a second communication group with the second host, sending a first host-specific certificate and a pairing request message, receiving a second host-specific certificate and a first value, verifying the second host-specific certificate, verifying the first value, sending a second value, receiving a third value and an encrypted message, determining a fourth value equals the third value, deriving a temporary key, decrypting the encrypted message using the temporary key, obtaining a group key for the second communication group from the decrypted message, sending a group key for the first communication group, and receiving a verification message from the second host indicating successful establishment of communication.
    Type: Grant
    Filed: October 11, 2018
    Date of Patent: December 15, 2020
    Assignee: Ademco Inc.
    Inventors: William Neumann, Colin Hanson
  • Patent number: 10863138
    Abstract: Apparatuses, methods and storage medium associated with single pass parallel encryption are disclosed herein. In embodiments, an apparatus for computing may comprise an encryption engine to encrypt a video stream. The encryption engine may comprise a plurality of encryption pipelines to respectively encrypt a plurality of video sub-streams partitioned from the video stream in parallel in a single pass as the video sub-streams are being generated. The plurality of encryption pipelines may use a corresponding plurality of multi-part encryption counters to encrypt the corresponding video sub-streams as the video sub-streams are being generated. Each of the multi-part encryption counters used by one of the encryption pipelines may comprise a sub-portion that remains constant while encoding the corresponding video sub-stream, but the sub-key is unique for the one encryption pipeline, and differs from corresponding sub-portions of the multi-part encryption counters used by the other encryption pipelines.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: December 8, 2020
    Assignee: Intel Corporation
    Inventors: Vidhya Krishnan, Balaji Vembu, Sandeep S. Sodhi, Priyadarsini Devanand
  • Patent number: 10841104
    Abstract: The present invention provides systems and methods for supporting encrypted communications with a medical device, such as an implantable device, through a relay device to a remote server, and may employ cloud computing technologies. An implantable medical device is generally constrained to employ a low power transceiver, which supports short distance digital communications. A relay device, such as a smartphone or WiFi access point, acts as a conduit for the communications to the internet or other network, which need not be private or secure. The medical device supports encrypted secure communications, such as a virtual private network technology. The medical device negotiates a secure channel through a smartphone or router, for example, which provides application support for the communication, but may be isolated from the content.
    Type: Grant
    Filed: May 24, 2019
    Date of Patent: November 17, 2020
    Assignee: Poltorak Technologies LLC
    Inventor: Alexander I Poltorak
  • Patent number: 10841086
    Abstract: The present application describes a method, system, and non-transitory computer-readable medium for exchanging encrypted communications using hybrid encryption. According to the present disclosure, a first device receives an encrypted communication from a second device. The encrypted communication includes a first encrypted secret, a second encrypted secret, a first signature, and a second signature. The first device verifies the first signature and the second signature, and, when the first and second signatures are valid, decrypts the first encrypted secret using a first encryption algorithm and the second encrypted secret using a second encryption algorithm. The first device combines the first decrypted secret and the second decrypted secret to recover a first communication and provides the first communication to a user of the first device.
    Type: Grant
    Filed: February 6, 2018
    Date of Patent: November 17, 2020
    Assignee: Wickr, Inc.
    Inventor: Joël Alwen
  • Patent number: 10841325
    Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.
    Type: Grant
    Filed: July 29, 2019
    Date of Patent: November 17, 2020
    Assignee: Sentinel Labs Israel Ltd.
    Inventors: Tomer Weingarten, Almog Cohen
  • Patent number: 10826889
    Abstract: A server receives a certificate signing request and onboarding information for an applicant device, and identifies a customer associated with the applicant device based on an applicant device identifier and a database identifiers associated with customers. The device determines a registered device associated with the customer is a trusted device, a location trust value for the applicant device based on a geolocation proximity between the applicant device and the trusted device, and an environment trust value for the applicant device based on a proximity in a network topology between the applicant device and the trusted device. The device further determines a trust score for the applicant device based on the location trust value and the environment trust value, and sends a signed certificate to the applicant device over the network when the trust score for the applicant device exceeds a threshold.
    Type: Grant
    Filed: October 26, 2017
    Date of Patent: November 3, 2020
    Assignee: CISCO TECHOLOGY, INC.
    Inventors: Mickael James Graham, Santosh Ramrao Patil, Shyam Sundar Vaidyanathan, Chiragkumar Desai, Swaminathan Anantha
  • Patent number: 10827539
    Abstract: Aspects of the present disclosure are related to provisioning of wireless devices. In an embodiment, a wireless device (sought to be provisioned) receives values for provisioning parameters from an external user device, and attempts to join a wireless local network according to the received values for the provisioning parameters. The wireless device sends a response to the external user device indicating whether or not the joining was successful. The external user device may display the result indicating whether or not provisioning was successful. The wireless device may operate in a time division multiplexed manner as an access point (for securing the credentials) and as a station (once provisioning is complete).
    Type: Grant
    Filed: December 10, 2015
    Date of Patent: November 3, 2020
    Assignee: GainSpan Corporation
    Inventors: Pankaj Vyas, Vishal Batra
  • Patent number: 10826901
    Abstract: A system facilitates secure communication between an authorized user device and two or more servers via two or more channels that are associated with the respective servers. For each communication channel, the system receives a device identifier for the authorized user device and links the device identifiers together via another identifier, thereby allowing the system to recognize that the different device identifiers identify the same authorized user device. The system can identify an unauthorized device masquerading as the authorized user device by determining that a communication from the unauthorized device does not include another identifier linking the two or more device identifiers and/or by determining that a device identifier computed during the registration process is different from a linked identifier.
    Type: Grant
    Filed: November 23, 2016
    Date of Patent: November 3, 2020
    Assignee: INAUTH, INC.
    Inventors: Glenn S. Benson, Daniel Goldberg, Chris Guenther Moos, Paul Marsolan
  • Patent number: 10826879
    Abstract: Cipher suites and/or other parameters for cryptographic protection of communications are dynamically selected to more closely match the intended uses of the sessions. A client indicates a planned use of a session to a server. The client's indication of the planned use may be explicit or implicit. The server selects an appropriate set of parameters for cryptographic protection of communications based at least in part on the indicated planned use and the client and server complete a handshake process to establish a cryptographically protected communications session to use the selected set of parameters.
    Type: Grant
    Filed: May 13, 2019
    Date of Patent: November 3, 2020
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 10819731
    Abstract: The invention relates generally to monitoring and managing network components, such as monitoring the network components to determine the vulnerabilities of network components, implementing remediation plans for the vulnerabilities, instituting remediation suppression for acceptable uses, instituting network component exceptions and rolling exceptions to other network components automatically, and taking consequence actions for the vulnerabilities. A network component exception may be implemented for a network component when the network component data meets custom criteria. When the custom criteria is met, the network component is automatically rolled into the network component exception process to automatically associate network component exceptions with network components that have data that meets the custom criteria. The network component exceptions prevent vulnerability actions from being taken with respect to the associated network components.
    Type: Grant
    Filed: February 6, 2018
    Date of Patent: October 27, 2020
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Julia A. Ward, Jonathan Michael Nauss, Peter Jordan Langsam
  • Patent number: 10810210
    Abstract: A query graph, which includes vertices and edges, represents a query on graph-structured data. The query graph is decomposed into query subgraphs. A network analysis tool performs continuous subgraph matching queries to facilitate analysis of computer network traffic, social media events, or other streams of data represented as a dynamic data graph (graph-structured data). This can help identify emerging trends in the data. Some features of the network analysis tool enhance performance by effectively utilizing distributed computing resources (including processing cores and memory at different nodes of a cluster) to speed up the process of updating the dynamic data graph and detecting matches of query subgraphs. Features of a query graph building tool enhance usability by providing intuitive ways to specify query graphs and their subgraphs. Features of a results visualization tool enhance usability by providing an intuitive way to present the results of continuous subgraph matching queries.
    Type: Grant
    Filed: May 12, 2017
    Date of Patent: October 20, 2020
    Assignee: Battelle Memorial Institute
    Inventors: Sutanay Choudhury, George Chin, Jr., Khushbu Agarwal, Sherman J. Beus
  • Patent number: 10812452
    Abstract: Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: October 20, 2020
    Assignee: Egnyte, Inc.
    Inventors: Sachin Shetty, Amrit Jassal, Krishanu Lahiri, Yogesh Rai, Manoj Chauhan, Leszek Jakubowski, Shishir Sharma
  • Patent number: 10812980
    Abstract: Described herein are a communication method, a security node network element, and a terminal. The method includes receiving, by a security node network element, a first data packet carrying first user plane data or first control signaling from a terminal, the first data packet is transmitted via a first security connection or a second security connection, the first security connection is used to transmit the first data packet carrying the first user plane data, and the second security connection is used to transmit the first data packet carrying the first control signaling; and sending the first control signaling to a control plane (CP) function entity if the first data packet is transmitted via the second security connection.
    Type: Grant
    Filed: April 10, 2019
    Date of Patent: October 20, 2020
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Hualin Zhu, Huan Li, Weisheng Jin
  • Patent number: 10804980
    Abstract: A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key.
    Type: Grant
    Filed: June 16, 2020
    Date of Patent: October 13, 2020
    Assignee: Seven Networks, LLC
    Inventors: Lee R. Boynton, Trevor A. Fiatal, Scott M. Burke, Mark Sikes
  • Patent number: 10805273
    Abstract: Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: October 13, 2020
    Assignee: Egnyte, Inc.
    Inventors: Sachin Shetty, Amrit Jassal, Krishanu Lahiri, Yogesh Rai, Manoj Chauhan, Leszek Jakubowski, Shishir Sharma
  • Patent number: 10805274
    Abstract: Methods, systems, and computer-readable storage media for central management of multiple landscapes using a central management platform that is absent user management functionality.
    Type: Grant
    Filed: December 6, 2018
    Date of Patent: October 13, 2020
    Assignee: SAP SE
    Inventor: Andreas Jahr
  • Patent number: 10791005
    Abstract: A method in a computer network in which a user equipment (UE) connects to multiple packet cores, wherein each of said multiple packet cores assigns the UE a corresponding network address, the method comprising: (A) a virtual gateway associating a first network address with said UE and providing the UE with a second network address for communicating with and/or through said virtual gateway, said first network address and said second network address being distinct from the network addresses assigned to the UE by the packet cores; and (B) said virtual gateway communicating with said UE via one or more of said multiple packet cores, wherein the virtual gateway and the UE communicate using the first network address and the second network address, and wherein the virtual gateway acts as a gateway for the UE.
    Type: Grant
    Filed: September 4, 2018
    Date of Patent: September 29, 2020
    Assignee: OXIO CORPORATION
    Inventors: Tyler Beauchamp Reynolds, Stephen Donald Hall, Cory Francis Poor Myers, John Garhowe Tam
  • Patent number: 10785020
    Abstract: A system for hardware offloading programs a network interface card with a mapping between (i) a connection identification (CID) for one or more Quick User Datagram Protocol Internet Connections (QUIC) data packets and (ii) a symmetric key and a crypto algorithm. When one or more data packets are received over a network, the one or more data packets are parsed to identify the one or more data packets as QUIC data packets and then obtain the CID for the QUIC data packets. The CID is sent to the network interface card that identifies the symmetric key and the crypto algorithm based on the CID to perform a crypto decrypt operation on the QUIC data packets, and reassembles the QUIC data packets, and an encrypt and large send offload (LSO) on transmit. A software control complexity and processing burden is thereby reduced.
    Type: Grant
    Filed: January 19, 2018
    Date of Patent: September 22, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Praveen Balasubramanian, Nicholas A. Banks
  • Patent number: 10750223
    Abstract: The present disclosure provides a system, a method, and a device for displaying a content item. The system includes: a video playing terminal, configured to obtain a video and play the video; a content item displaying client, configured to send a content item obtaining request for requesting to obtain a content item related to the video being played by the video playing terminal; and a content item preparation platform, configured to determine a current playing moment of the video played by the video playing terminal, select, from one or more content items corresponding to the video, a content item with a marking moment nearest to the current playing moment, and push the selected content item to the content item displaying client, where the content item displaying client is further configured to display the received content item.
    Type: Grant
    Filed: July 10, 2017
    Date of Patent: August 18, 2020
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventor: Ao Peng
  • Patent number: 10750552
    Abstract: Methods and systems for pairing devices are disclosed. A user device may be used to navigate to a resource locator using. In response to a determination that an identifier associated with the user device matches at least one identifier associated with one or more devices accessing a first network, a paired communication may be established between the user device and a display device to facilitate control of one or more features of display device.
    Type: Grant
    Filed: March 31, 2017
    Date of Patent: August 18, 2020
    Assignee: Comcast Cable Communications, LLC
    Inventors: Bryan Kenneth Witkowski, Robert Dandrea, Brian Cherne
  • Patent number: 10740455
    Abstract: The public enclave key of each enclave in an enclave pool may be registered in an enclave pool registry, and the registry updated each time there is an enclave pool membership change. A shared enclave pool key may be derived from the public enclave key of each enclave of the enclave pool. The shared enclave pool key may be stored, in a shared key ledger, as a first version of the shared enclave key, and an updated version of the shared key may be generated and stored as another version each time there is an enclave pool membership change. The output of a cryptlet that executed in multiple enclaves may be signed with the enclave private key of each enclave in which the cryptlet executed. Each enclave signature may be compared against each version of the of the shared enclave pool key in the shared key ledger.
    Type: Grant
    Filed: May 11, 2017
    Date of Patent: August 11, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: John Marley Gray
  • Patent number: 10742611
    Abstract: A method, a system and computer program products for securely enabling in-network functionality over encrypted data sessions, the method involving establishing an encrypted data session between a client communication application (100) and a server communication application (200) over a communication network; receiving and/or transmitting, by the client communication application (100), in the established encrypted data session, at least one encrypted communication data (D) from/to the server communication application (200) through a computing network element (M); and performing, by the computing network element (M), different actions other than data packet forwarding from one communication application to the other on the encrypted communication data (D). The encrypted communication data (D) has a plurality of data portions, or contexts, (CTX), each encrypted by a context key, and the different actions being specific for the computing network element (M) and for one or more of the contexts (CTX_X).
    Type: Grant
    Filed: June 1, 2016
    Date of Patent: August 11, 2020
    Assignee: TELEFONICA DIGITAL ESPANA, S.L.U.
    Inventors: David Naylor, Kyle Schomp, Matteo Varvello, Ilias Leontiadis, Jeremy Blackburn, Diego Lopez, Konstantina Papagiannaki, Pablo Rodriguez Rodriguez, Peter Steenkiste
  • Patent number: 10728109
    Abstract: A system performs hierarchical navigation through network flow data. A user interface is configured to display network flow data and allow hierarchical navigation across the network flow data. The user interface comprises a plurality of axes and lines connecting data points between axes. Data points along an axis represent values of an attribute aggregated along a set of dimensions. The system receives requests for expanding data points along a particular dimension or collapsing the data points along the particular dimension. The system reconfigures the user interface according to the received request and sends the reconfigured user interface for display via the client device. The user interface provides better visibility into the network flow data, thereby allowing security analysts to spot communication patterns associated with security issues and navigate through various dimensions to further analyze a suspect communication pattern.
    Type: Grant
    Filed: March 15, 2017
    Date of Patent: July 28, 2020
    Assignee: Illumio, Inc.
    Inventor: Xianlin Hu
  • Patent number: 10713140
    Abstract: The state of a system is determined in which data sets are generated that include a plurality of data instances representing states of one or more components of a computer system. The data instances generated by one or more data set sources that are configured to output a data instance in response to a trigger associated with the one or more components. The data instances are normalized by the application of one or more rules. The data instances from individual data set sources are separately collated to generate groups of time-specific collated data instances. State types may be assigned to each of the collated data instance groups. Distributions of state-types across the groups may be determined and a list of infrequent state-types may be generated based on the determined distributions of state-types across the groups.
    Type: Grant
    Filed: June 10, 2015
    Date of Patent: July 14, 2020
    Assignee: FAIR ISAAC CORPORATION
    Inventors: Ashish Gupta, Shafi Ur Rahman, Sambandan Murugan
  • Patent number: 10699033
    Abstract: Systems, apparatuses, and methods for secure enablement of platform features without user intervention are disclosed. In one embodiment, a system includes at least a motherboard and a processor. The motherboard includes at least a socket and an authentication component. The authentication component can be a chipset, expansion I/O device, or other component. The processor is installed in the socket on the motherboard. During a boot sequence, the processor retrieves a key value from the authentication component and then authenticates the key value. Next, the processor determines which one or more features to enable based on the key value. Then, the processor programs one or more feature control registers to enable the one or more features specified by the key value. Accordingly, during normal operation of the system, the one or more features will be enabled.
    Type: Grant
    Filed: June 28, 2017
    Date of Patent: June 30, 2020
    Assignee: Advanced Micro Devices, Inc.
    Inventors: Mahesh Subramony, Daniel L. Bouvier
  • Patent number: 10678907
    Abstract: A runtime attack can be detected on a big data system while processes are executed on various computing devices. A behavior profile can be maintained for tasks or processes running on different computing devices. The existence of a call variance in one of the traces for one of the behavior profiles can be determined. A memory variance can also be detected in one of the behavior profiles. A runtime attack has occurred when both the memory variance and the call variance are determined to exist.
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: June 9, 2020
    Assignee: University of South Florida
    Inventors: Santosh K. Aditham, Nagarajan Ranganathan
  • Patent number: 10681131
    Abstract: An approach is disclosed for detecting source network address translation in internet protocol (IP) tunneling flows and using learned source IP addresses and source ports from such detection to create new tunnels. In one embodiment, a NAT detection application determines whether source IP addresses and source ports associated with new traffic flows destined to a local Foo-over-UDP (FOU) tunnel endpoint match the source IP address and source port of a previously configured FOU tunnel. Lack of such a match is indicative of source network address translation, and in such a case the NAT detection application creates a new FOU tunnel toward the detected source IP address and source port. In addition, the NAT detection application authenticates the remote endpoint of the newly created FOU tunnel and configures the FOU tunnel for use if the remote endpoint is successfully authenticated.
    Type: Grant
    Filed: May 3, 2017
    Date of Patent: June 9, 2020
    Assignee: VMware, Inc.
    Inventor: Laxminarayana Tumuluru
  • Patent number: 10673901
    Abstract: In one embodiment, a service receives captured traffic flow data regarding a traffic flow sent via a network between a first device assigned to a first network zone and a second device assigned to a second network zone. The service identifies, from the captured traffic flow data, one or more cryptographic parameters of the traffic flow. The service determines whether the one or more cryptographic parameters of the traffic flow satisfy an inter-zone policy associated with the first and second network zones. The service causes performance of a mitigation action in the network when the one or more cryptographic parameters of the traffic flow do not satisfy the inter-zone policy associated with the first and second network zones.
    Type: Grant
    Filed: December 27, 2017
    Date of Patent: June 2, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Matthew Scott Robertson, David McGrew, Timothy David Keanini, Sunil Amin, Ellie Marie Daw
  • Patent number: 10671753
    Abstract: Systems, methods, and software for sensitive data handling frameworks for user applications are provided herein. An exemplary method includes receiving subsets of structured user content consolidated into associated flattened representations, the associated flattened representations having a mapping to the structured user content and accompanied by at least lengths and offset information relating to the mapping. The method includes individually parsing the subsets of structured user content to classify portions as comprising sensitive content corresponding to one or more predetermined data schemes and, for each of the portions, identifying an associated offset and length for the portion relating to the subsets of structured user content, and indicating at least the associated offset and length to the user application for marking of the sensitive content in a user interface to the user application.
    Type: Grant
    Filed: March 23, 2017
    Date of Patent: June 2, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Phillip David Allen, Ryan Charles Hill, Bradley Jacob Zimnisky
  • Patent number: 10671304
    Abstract: Some embodiments provide a method for configuring unit memories to implement first and second sets of entries, the second set of which references the first set. The method configures a first pool of unit memories to implement the first set. Each entry in the first set is located at a particular location in at least one of the memories of the first pool. The method configures a second pool of unit memories to implement the second set. Each entry in the second set includes a particular number of bits for indicating (i) an initial first-pool unit memory at which the first-set entry referenced by the second-set entry is found and (ii) a number of subsequent first-pool memories across which the first-set entry is divided. A number of bits required to identify a single first-pool memory is one fewer than the particular number of bits.
    Type: Grant
    Filed: April 5, 2019
    Date of Patent: June 2, 2020
    Assignee: Barefoot Networks, Inc.
    Inventor: Patrick Bosshart
  • Patent number: 10659441
    Abstract: A service interface of an SSL application hosted on at least one computer system in a hosted network selecting at least one authorized cipher suite. An SSL socket of the SSL application negotiating with another SSL socket of another SSL application in the hosted network for a mutual cipher from among the at least one authorized cipher suite and a shared key to encrypt information exchanged during a secure session. Responsive to establishing a security connection between the SSL socket and the another SSL socket using the selected mutual cipher, the service interface sends to a centralized service an identifier of the selected mutual cipher. Responsive to the service interface receiving a revoked cipher alert from the centralized service, the service interface revokes one or more sessions of the SSL application using a revoked cipher in the revoked cipher alert matching the selected mutual cipher.
    Type: Grant
    Filed: December 10, 2018
    Date of Patent: May 19, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Rinkesh I. Bansal, Shiv S. Jha, Sanjay B. Panchal, Mahesh S. Paradkar, Chintan Thaker
  • Patent number: 10657519
    Abstract: A device may perform a first authentication operation, associated with a contactless media device, using a first key. The first key may permit a security mode of the contactless media device to be modified. The device may cause the contactless media device to set the security mode to a first security mode that causes the contactless media device to secure at least one transmission from the contactless media device. The device may perform a second authentication operation, associated with the contactless media device, using a second key that permits information to be read from or written to the contactless media device. The device may read first secured information from or write second secured information to the contactless media device. The first secured information or the second secured information may be secured based on the security mode of the contactless media device being set to the first security mode.
    Type: Grant
    Filed: October 21, 2014
    Date of Patent: May 19, 2020
    Assignee: Accenture Global Services Limited
    Inventors: Avishek Somani, Sunil Raina, Michael Jennings
  • Patent number: 10645112
    Abstract: Processing and transmitting of data within a functionally safe electronic system having at least two subsystems, each of which comprises at least one safety component, and each of which complies with a specific safety level for functionally safe data processing. Embodiments process data using the safety component of a first one of the subsystems into functionally safe data of a first safety level, and add an indication attribute indicating suitability of these data for use of this first safety level; transmitting the data to a second one of the subsystems; and checking the received indication attribute, by the second subsystem using the safety component, to determine whether the safety level indicated by this indication attribute is different from the safety level the second subsystem complies with; and, if the check reveals non-equal safety levels, further processing the data in functionally a safe manner based on the lower safety level.
    Type: Grant
    Filed: March 11, 2016
    Date of Patent: May 5, 2020
    Assignee: Phoenix Contact GmbH & Co. KG
    Inventors: Tobias Frank, Rolf Salzmann
  • Patent number: 10635716
    Abstract: Methods and systems for forwarding data packets by a server system (e.g., a proxy server) are disclosed. The proxy server is coupled to a user device and a plurality of web servers. The proxy server receives a first data packet directed to a first web server of the plurality of web servers from the user device. The first data packet includes a first synthesized address associated with the first web server. The proxy server identifies a first actual address of the first web server. The proxy server replaces the first synthesized address in the first data packet with the first actual address of the first web server. The proxy server further forwards the first data packet to the first web server using the first actual address of the first web server.
    Type: Grant
    Filed: August 24, 2016
    Date of Patent: April 28, 2020
    Assignee: FACEBOOK, INC.
    Inventor: Dekel Shmuel Naar
  • Patent number: 10637686
    Abstract: Various systems and methods for bypassing one or more non-capable nodes. For example, one method involves a capable node determining that an adjacent node is non-capable, where capable nodes are configured to implement a data plane capability and non-capable nodes are not. The method then involves identifying a downstream node that is capable. The downstream node is on a shortest path. The method also involves generating information that identifies a tunnel to the downstream node.
    Type: Grant
    Filed: November 28, 2018
    Date of Patent: April 28, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Alfred C. Lindem, III, Peter Psenak, Ijsbrand Wijnands
  • Patent number: 10630683
    Abstract: In an aspect, a wireless communication between a transmitter and a receiver involves determining updated keys according to a key management process for MAC layer encryption. Such key is propagated to a transmitter MAC and though a receiver key management process to a receiver MAC. After a delay, transmitter MAC device begins using the updated key, instead of a prior key, for payload encryption. Receiver MAC continues to use the prior key until a packet that was accurately received fails a message integrity/authentication check. Then, the receiver MAC swaps in the updated key and continues to process received packets. The packet data that failed the message integrity check is discarded. Transmitter MAC retries the failed packet at a later time, and if the packet was accurately received and was encrypted by the transmitter MAC using the updated key, then the receiver will determine that the message is authentic and will receive it and acknowledge it.
    Type: Grant
    Filed: December 2, 2016
    Date of Patent: April 21, 2020
    Assignee: Imagination Technologies Limited
    Inventor: Chakra Parvathaneni
  • Patent number: 10620944
    Abstract: A cloud-based decision management platform along with corresponding method, system, and a computer program product are disclosed. At least one component of at least one computing system is selected from a plurality of components of the computing system. The selected component is configured for execution during a runtime of the computing system. The configured component is executed during runtime. The components of the computing system are stored in a catalog module based on at least one characteristic that includes at least one of the following: analytics, decisioning, identity and access management, and optimization.
    Type: Grant
    Filed: June 23, 2017
    Date of Patent: April 14, 2020
    Assignee: FAIR ISAAC CORPORATION
    Inventors: Joshua Prismon, Andrei Palskoi, John Daniel Cribbs, Fernando Felipe Campos Donati Jorge, Stuart Clarkson Wells
  • Patent number: 10616072
    Abstract: Systems, methods, and devices are disclosed for generating an interface configured to display status information for network elements on a network. In embodiments, one or more logical models of the network are obtained from at least one of a plurality of controllers on a network. Network statistics are determined based on network traffic. Based on the one or more logical models and the network statistics, a topology of the network and respective status information of one or more network elements during an epoch is identified, the epoch defining a time interval. A user interface is generated that displays the respective status information in a timeline comprising one or more of the epochs.
    Type: Grant
    Filed: July 27, 2018
    Date of Patent: April 7, 2020
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Chien-Ju Lo, Bill YuFan Chen, Kannan Ponnuswamy, Kollivakkam Raghavan, Navneet Yadav, Manvesh Vyas
  • Patent number: 10614807
    Abstract: A system comprises a first network microphone device (NMD) communicatively coupled to a second NMD via a network interface of the first NMD, wherein the first NMD is configured to: receive, from the second NMD via the network interface of the first NMD, an arbitration message comprising (i) a first measure of confidence associated with a voice input detected by the second NMD and (ii) an identifier associated with at least a portion of the voice input detected by the second NMD, determine that the first measure of confidence is greater than a second measure of confidence, wherein the second measure of confidence is associated with a voice input detected by the first NMD via at least one microphone of the second NMD, and based on the determination, perform voice recognition based on the voice input detected by the second NMD, wherein the voice input detected by the second NMD comprises a command to control the playback of the audio content by at least one of the first or the second NMDs.
    Type: Grant
    Filed: November 1, 2018
    Date of Patent: April 7, 2020
    Assignee: Sonos, Inc.
    Inventors: Steven Beckhardt, Ted Lin
  • Patent number: 10616287
    Abstract: Devices, methods, and program products are provided, which support multiple Digital Rights Management (DRM) schemes or platforms during the placeshifting of media content. A given placeshifting session may be initiated between a placeshifting device and a user-controlled client media receiver executing a browser player. In one embodiment, the DRM placeshifting method includes storing, in a memory associated with the placeshifting device, DRM-protected content; receiving a request from the client media receiver over a communications network to stream the DRM-protected content to the device; and obtaining a placeshifting key and initialization instructions for the DRM-protected content. The DRM-protected content is streamed to the client media receiver in an encrypted format accessible with a placeshifting decryption key.
    Type: Grant
    Filed: June 29, 2017
    Date of Patent: April 7, 2020
    Assignee: SLING MEDIA PVT LTD
    Inventors: Jagan Kumar Govindarajan, Satish Iyer
  • Patent number: 10616149
    Abstract: In certain embodiments, evaluations of effectiveness are optimized for multiple electronic message versions. For example, a server receives, subsequent to first electronic messages being transmitted over a first time period, responsive electronic data automatically generated by interactions with these messages. The server controls, based on the responsive electronic data, transmission of second electronic messages to recipients. For instance, the server provides an interface for configuring a test transmission of different test message versions to segments of recipients, where each version includes a different combination of message attributes. The server receives a selection of options via the interface for the test transmission, identifies an adverse impact on the test transmission associated with the selection, and indicates the adverse impact via the interface. The server subsequently receives, via the interface, a modification to the test transmission options.
    Type: Grant
    Filed: August 10, 2016
    Date of Patent: April 7, 2020
    Assignee: THE ROCKET SCIENCE GROUP LLC
    Inventors: Mardav Wala, Guan Liao, Michaela Moore, John Foreman
  • Patent number: 10609022
    Abstract: A method and an apparatus for installing a profile in a terminal including a universal integrated circuit card (UICC) corresponding to a smart card security module, which is inserted into a mobile communication terminal and then used are provided. More particularly, a method and an apparatus for remotely installing or removing mobile communication subscriber information in/from a profile of a terminal are provided. The terminal can remotely download the profile from a network server (subscription manager data preparation (SM-DP) or subscription manager secure routing (SM-SR)) without any change in a mobile network operator information technology (IT) system interface rather than downloading the profile of the terminal by the network server.
    Type: Grant
    Filed: July 1, 2015
    Date of Patent: March 31, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Jonghan Park, Duckey Lee, Seonghun Kim, Heejeong Lee, Sangsoo Jeong, Songyean Cho
  • Patent number: 10601587
    Abstract: A method for establishing a first secured communication channel between an administrative agent in a device and a distant server, the device comprising a secure element communicating with the administrative agent, the secure element being administrated through the administrative agent by the distant server, the administrative agent being administrated by a third party server through a second secured communication channel, the distant server and the third party server being connected through a third secured channel. The third party server requests, from the distant server, an operation on the secure element and a one-time PSK. The distant server sends, to the third party server, the one-time PSK. The third party server sends, to the administrative agent, a triggering message including the one-time PSK. A TLS-PSK handshake is performed between the administrative agent and the distant server with the one-time PSK to establish the first secured communication channel.
    Type: Grant
    Filed: June 23, 2015
    Date of Patent: March 24, 2020
    Assignee: THALES DIS FRANCE SA
    Inventors: Xavier Berard, Frédéric Paillart, Frédéric Faure, Lionel Mallet
  • Patent number: 10601838
    Abstract: Novel tools and techniques are provided for implementing digital rights management (“DRM”)-agnostic entitlement gateway and verification system. In various embodiments, an entitlement gateway might receive a query from a client device, and might determine whether a user is authorized to access requested DRM-protected media content. If not, the entitlement gateway might send a deny signal to the client device that prevents the user from accessing the media content. If so, the entitlement gateway might identify, from among a plurality of DRM types, a DRM type that is used to protect the media content. The entitlement gateway might identify, from among a plurality of DRM servers each associated with a particular DRM type, a DRM server associated with the identified DRM type, and might send a request for a license for accessing the media content from the identified DRM server, the license enabling the user to access the media content.
    Type: Grant
    Filed: November 27, 2017
    Date of Patent: March 24, 2020
    Assignee: CenturyLink Intellectual Property LLC
    Inventors: Asghar Hussain, Zubin Ingah, Michael D. Sprenger
  • Patent number: 10594496
    Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
    Type: Grant
    Filed: June 26, 2018
    Date of Patent: March 17, 2020
    Assignee: CLOUDFLARE, INC.
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Nicholas Thomas Sullivan, Albertus Strasheim
  • Patent number: 10581948
    Abstract: Among other things, this document describes systems, devices, and methods for using TLS session resumption tickets to store and manage information about objects that a server or a set of servers has previously delivered to a client and therefore that the client is likely to have in client-side cache. When communicated to a server later, this information can be used to drive server decisions about whether to push an object to a client, e.g., using an HTTP/2 server push function or the like, or whether to send an early hint to the client about an object.
    Type: Grant
    Filed: December 7, 2017
    Date of Patent: March 3, 2020
    Assignee: Akamai Technologies, Inc.
    Inventors: Utkarsh Goel, Martin T. Flack, Stephen L. Ludin, Moritz M. Steiner
  • Patent number: 10581607
    Abstract: To automate establishment of an ad hoc connection between a user apparatus and a device, username-password pairs and identifying information-code pairs are maintained in a database server. The user apparatus sends an inquiry identifying information of the device and a username and a password of a user of the user apparatus, and receives in a response a code for establishing the ad hoc connection.
    Type: Grant
    Filed: May 9, 2017
    Date of Patent: March 3, 2020
    Assignee: ABB Schweiz AG
    Inventors: Zhongliang Hu, Teemu Tanila, Mikko Kohvakka
  • Patent number: 10581874
    Abstract: A computerized method for detecting malware associated with an object. The method includes operations of analyzing an object to obtain a first set of attributes, where the first set of attributes include one or more characteristics associated with the object. Furthermore, the object is processed with a virtual machine to obtain a second set of attributes. The second set of attributes corresponds to one or more monitored behaviors of the virtual machine during processing of the object. Thereafter, a threat index is determined based, at least in part, on a combination of at least one attribute of the first set of attributes and at least one attribute of the second set of attributes. The threat index represents a probability of maliciousness associated with the object.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: March 3, 2020
    Assignee: FireEye, Inc.
    Inventors: Yasir Khalid, Sai Omkar Vashisht, Alexander Otvagin
  • Patent number: 10581702
    Abstract: Systems and methods for automatically generating standard service level agreements for architectures are disclosed. In embodiments, a method comprises receiving a request from a client, the request including: one or more select information technology (IT) building blocks selected from a plurality of IT building blocks in an online service catalogue; and a select service level target (SLT) from a plurality of predetermined SLTs in the service catalogue; automatically generating an architecture based on the request utilizing the service catalogue, the architecture comprising at least one IT building block different from the one or more select IT building blocks, wherein the architecture is capable of meeting objectives of the request; determining that the architecture meets the select SLT; accessing an architecture database; and automatically generating an infrastructure SLA based on the architecture utilizing the architecture database.
    Type: Grant
    Filed: July 18, 2018
    Date of Patent: March 3, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Clea A. Zolotow, Tomasz Gola, Petra Kopp, Laxmikantha S. Nanduru