Protection At A Particular Protocol Layer Patents (Class 713/151)
-
Patent number: 10575352Abstract: The present inventions, in one aspect, are directed to systems and circuitry for and/or methods of establishing communication having one or more pairing facilitator-intermediary devices (for example, a network connected server) to enable or facilitate pairing and/or registering at least two devices (e.g., (i) a portable biometric monitoring device and (ii) a smartphone, laptop and/or tablet) to, for example, recognize, interact and/or enable interoperability between such devices. The pairing facilitator-intermediary device may responsively communicates information to one or more of the devices (to be paired or registered) which, in response, enable or facilitate such devices to pair or register. The present inventions may be advantageous where one or both of the devices to be paired or registered is/are not configured (e.g., include a user interface or certain communication circuitry that is configured or includes functionality) to pair devices without use of a facilitator-intermediary device.Type: GrantFiled: January 22, 2019Date of Patent: February 25, 2020Assignee: Fitbit, Inc.Inventor: Heiko Gernot Albert Panther
-
Patent number: 10560452Abstract: An apparatus controls transfer apparatuses that transfer a packet transmitted and received by terminals in a network. Upon receiving detection information notified from a server that detects unauthorized communication of a terminal by using the packet, the apparatus identifies the terminal and a type of the unauthorized communication, based on the detection information. The apparatus determines a transfer apparatus to be controlled, by referencing first information that stores information identifying the transfer apparatus in association with the terminal, and determines a control to be performed on the transfer apparatus by referencing second information that stores information on the control in association with the type of the unauthorized communication.Type: GrantFiled: February 1, 2017Date of Patent: February 11, 2020Assignee: FUJITSU LIMITEDInventors: Hiroyasu Osaki, Takahiro Shimazaki, Hidehiko Mayumi, Shu Matsuoka, Takashi Okamura, Mitsuru Okajima
-
Patent number: 10547641Abstract: A network-based appliance includes a mechanism to provide TLS inspection with session resumption, but without requiring that a session cache be maintained. To this end, the inspector is configured to cause the TLS client to participate in maintaining the session context, in effect on behalf of the TLS inspector. In operation, when the inspector first receives a session ID from the TLS server, the inspector generates and issues to the client a session ticket that includes the original session ID and other session context information. In this manner, the inspector converts the Session ID-based connection to a Session Ticket-based connection. The session ticket is encrypted by the inspector to secure the session information. When the TLS client presents the session ticket to resume the TLS connection, the inspector decrypts the ticket and retrieves the session ID from it directly. The inspector then uses the original session ID to resume the TLS session.Type: GrantFiled: June 1, 2017Date of Patent: January 28, 2020Assignee: International Business Machines CorporationInventors: Cheng-Ta Lee, Wei-Hsiang Hsiung, Wei-Shiau Suen, Ming-Hsun Wu
-
Patent number: 10545940Abstract: An implementation of the disclosure provides an apparatus comprising: a memory to store a plurality of handshake responses to authenticate client communications; and a processing device, operatively coupled to the memory, to: receive a handshake request from a client device The handshake request comprising an identifier of a communication protocol supported by the client device. A secure layer extension is extracted from the identifier of the communication protocol. Identify, in view of the communication protocol, a handshake response for the client device. The handshake response is modified to include information associated with the secure layer extension. Update a data structure with a hash value generated in view of the modified handshake response. Thereupon, forward the modified handshake response and the hash value to the client device.Type: GrantFiled: February 22, 2017Date of Patent: January 28, 2020Assignee: Red Hat, Inc.Inventors: Jean-Frederic Clere, Stuart Wade Douglas
-
Patent number: 10548008Abstract: A method and device for authenticating wireless communication links between devices. The method may comprise sending a first frame from first device to a second device. The first frame may comprise a header and a payload containing data packets for implementing a first Extensible Authentication Protocol. A first secure link may be established between the first network interface card of the first device and the first network interface card of the second device, then an action management frame may be sent across the first link. The action management frame may comprise the header, a payload comprising a vendor-specific information element containing identifying information about the first device, and an action that instructs the second device to implement a second Extensible Authentication Protocol through a second network interface card of the second device. A second secure link may be established between the second network interface cards of each device.Type: GrantFiled: July 29, 2016Date of Patent: January 28, 2020Assignee: Qualcomm IncorporatedInventors: Vladimir Shulman, Vladimir Kondratiev, Boris Sorochkin
-
Patent number: 10543751Abstract: The invention relates to a method of communication between a vehicle and a wayside control unit for controlling an inductive power transfer to the vehicle, wherein the control unit controls a generation of an electromagnetic field by a primary unit with a primary winding structure of a system for inductive power transfer, wherein the vehicle includes a secondary unit with a secondary winding structure for receiving the alternating electromagnetic field, wherein charging-related data is transmitted in between the vehicle and the control unit via a first communication link, wherein the authentication-related data is transmitted from the vehicle to the control unit via a second communication link, wherein the authentication-related data is used to authenticate the charging-related data, and a vehicle and an arrangement of a vehicle and a primary unit.Type: GrantFiled: February 4, 2015Date of Patent: January 28, 2020Assignee: Bombardier Primove GmbHInventor: Thoralf Schnarr
-
Patent number: 10542041Abstract: A network-based appliance includes a mechanism to provide TLS inspection with session resumption, but without requiring that a session cache be maintained. To this end, the inspector is configured to cause the TLS client to participate in maintaining the session context, in effect on behalf of the TLS inspector. In operation, when the inspector first receives the session ticket from the TLS server, and in lieu of caching it, the inspector generates and issues to the client a composited ticket that includes the original ticket and session context information that contains the session key. The composited ticket is encrypted by the inspector to secure the session information. When the TLS client presents the composited session ticket to resume the TLS connection, the inspector decrypts the ticket and retrieves the session context from it directly. The inspector then uses the original session ticket to resume the TLS session.Type: GrantFiled: June 1, 2017Date of Patent: January 21, 2020Assignee: International Business Machines CorporationInventors: Cheng-Ta Lee, Wei-Hsiang Hsiung, Wei-Shiau Suen, Ming-Hsun Wu
-
Patent number: 10523426Abstract: For a network that includes host machines for providing computing and networking resources and a VPN gateway for providing external access to those resources, a novel method that distributes encryption keys to the hosts to encrypt/decrypt the complete payload originating/terminating at those hosts is described. These encryption keys are created or obtained by the VPN gateway based on network security negotiations with the external networks/devices. These negotiated keys are then distributed to the hosts via control plane of the network. In some embodiments, this creates a complete distributed mesh framework for processing crypto payloads.Type: GrantFiled: August 6, 2018Date of Patent: December 31, 2019Assignee: NICIRA, INC.Inventors: Jayant Jain, Anirban Sengupta, Uday Masurekar
-
Patent number: 10521584Abstract: A system acquires diagnostic information from event logs, trace files, and other diagnostic sources to reduce a set of event records. The event records are arranged in a graph based on correlations between individual event records. Correlations may be based on time, account, credentials, tags, instance identifiers, or other characteristics. The system analyzes the graph to identify anomalies such as data exfiltration anomalies, system compromises, or security events. In some implementations, the system deploys decoy resources within a customer computing environment. Interactions with the decoy resources are captured as event records and added to the graph.Type: GrantFiled: August 28, 2017Date of Patent: December 31, 2019Assignee: Amazon Technologies, Inc.Inventor: Nima Sharifi Mehr
-
Patent number: 10503418Abstract: A system and method of securing a computer system by controlling write access to a storage medium by monitoring an application; detecting an attempt by the application to write data to said storage medium; interrogating a rules database in response to said detection; and permitting or denying write access to the storage medium by the application in dependence on said interrogation.Type: GrantFiled: February 1, 2017Date of Patent: December 10, 2019Assignee: Drive Sentry LimitedInventor: John Safa
-
Patent number: 10505984Abstract: Provided are a method and a system for exchanging control information between secure socket layer (SSL) gateways. The method may commence with intercepting, by a client facing node, a client request including session-specific information and a session request to establish an SSL communication session between a client and a server. The method may continue with generating an SSL extension based on the session-specific information and adding the SSL extension to the session request to obtain an extended session request. The extended session request may be sent to a server facing node in communication with the client facing node. The method may further include identifying the session-specific information contained in the SSL extension of the extended session request and generating a further session request for establishing the SSL communication session between the server facing node and the server. The method may further include sending the further session request to the server.Type: GrantFiled: January 24, 2017Date of Patent: December 10, 2019Assignee: A10 Networks, Inc.Inventors: Yang Yang, Xuyang Jiang, Ali Golshan
-
Patent number: 10498711Abstract: Aspects of the present disclosure relate to providing a booting key to a remote system. A policy server receives a verification that a predetermined number of user devices provided secret information for booting a remote system. The policy server provides, in response to the received verification, a message for a key server to provide a booting key to the remote system, the key server providing the booting key in response to the message and causing the remote system to complete a booting procedure, in response to the message from the policy server.Type: GrantFiled: June 21, 2016Date of Patent: December 3, 2019Assignee: Palantir Technologies Inc.Inventors: Justin Cassidy, Tristan Smith, Kori Oliver
-
Patent number: 10491575Abstract: In a secure cloud for transmitting packets of digital data, the packets may be repeatedly scrambled (i.e., their data segments reordered) and then unscrambled, split and then mixed, and/or encrypted and then decrypted as they pass through media nodes in the cloud. The methods used to scramble, split, mix and encrypt the packets may be varied in accordance with a state such as time, thereby making the task of a hacker virtually impossible inasmuch as he or she may be viewing only a fragment of a packet and the methods used to disguise the data are constantly changing.Type: GrantFiled: April 6, 2018Date of Patent: November 26, 2019Assignee: LISTAT LTD.Inventors: Ievgen Verzun, Oleksandr Holub, Richard K. Williams
-
Patent number: 10484364Abstract: A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include a user name and a password. The user name may include a credential and the password may be a digitally signed version of the user name. The authentication computing device may authenticate the requesting computing device by decrypting the password and comparing the received user name to the decrypted password.Type: GrantFiled: September 1, 2017Date of Patent: November 19, 2019Assignee: Comcast Cable Communications, LLCInventors: Kris Bransom, Christopher Zarcone
-
Patent number: 10474448Abstract: In embodiments of the present invention improved capabilities are described for a updating software in a plurality of devices coupled to one another in a communicating relationship through a local network, the method comprising receiving a descriptor file for a software update at the first device from a remote source outside the local network, the descriptor file including a hash code for each of a plurality of update sub-files and an order for assembling the update sub-files into the software update, downloading the plurality of update sub-files to the first device from a remote source outside the local network until the sub-files identified in the descriptor file are present on the first device, where a presence of the sub-files is evaluated using the hash codes in the descriptor file, and broadcasting every one of the plurality of update sub-files from the first device to the number of other devices.Type: GrantFiled: February 23, 2018Date of Patent: November 12, 2019Assignee: Sophos LimitedInventor: John Melton Reynolds
-
Patent number: 10474402Abstract: A print management server provided outside a predetermined LAN includes a receiver, a processor, and a transmitter. The receiver receives a print output instruction from a communication terminal of a user, the print output instruction being issued to a print output device provided inside the predetermined LAN and being an instruction to print out a print target file. The processor determines whether the print target file is present inside the predetermined LAN. When it is determined that the print target file is present inside the predetermined LAN, the transmitter transmits a generation command to a communication relay device inside the predetermined LAN, the generation command being a command to generate print job data on the basis of the print target file acquired by the communication relay device and a print setting instruction.Type: GrantFiled: May 5, 2017Date of Patent: November 12, 2019Assignee: Konica Minolta, Inc.Inventor: Takahiro Kouno
-
Patent number: 10469452Abstract: A secure communication system includes an outer VPN gateway representative of an outer tunnel for facilitating communication with a black network. The outer VPN gateway includes a first Ethernet port and first program instructions for providing a first layer of encryption. The secure communication system, further includes an inner VPN gateway representative of an inner tunnel for facilitating communication with a red network. The inner VPN gateway comprises a second Ethernet port and second program instructions for providing a second layer of encryption. The secure communication system further includes a coupling bracket for mechanically coupling the inner VPN gateway with the outer VPN gateway, and for facilitating communication between the inner VPN gateway and the outer VPN gateway by interfacing with the first Ethernet port and the second Ethernet port.Type: GrantFiled: January 6, 2017Date of Patent: November 5, 2019Assignee: Klas Technologies LimitedInventors: Frank Murray, Cian Masterson, Cathal Daly
-
Patent number: 10469594Abstract: Provided are methods and systems for inspecting secure data. A system for inspecting secure data comprises a server facing module, and a client facing module in communication with the server facing module. The client facing module is operable to intercept a client request associated with the secure data to establish a secure connection with a server, establish a data traffic channel via the server facing module, and provide a control message to the server facing module via the data traffic channel. The control message includes an instruction to the server facing module to obtain a security certificate from the server. The security certificate is received from the server facing module via the data traffic channel. The security certificate is forged to establish the secure connection between the client and the client facing module. The client facing module sends unencrypted data to the server facing module via the data traffic channel.Type: GrantFiled: December 8, 2015Date of Patent: November 5, 2019Assignee: A10 Networks, Inc.Inventors: Xuyang Jiang, Yang Yang, Ali Golshan
-
Patent number: 10469464Abstract: In one embodiment, a method includes receiving, in a first device, at least one of a first symmetric key and a first asymmetric key in a common key management structure, the common key management structure to accommodate asymmetric keys and symmetric keys, and further including security policy information to enable communication between the first device of a first domain of an Internet of Things (IoT) network and a second device of a second domain of the IoT network according to an inter-domain security policy; and sending a first message directly from the first device to the second device according to the security policy information of the common key management structure. Other embodiments are described and claimed.Type: GrantFiled: December 14, 2015Date of Patent: November 5, 2019Assignee: Intel CorporationInventor: Ned M. Smith
-
Patent number: 10459924Abstract: An information processing device assists generation of social communication, based on user communication information exchanged through a network. The information processing device includes: a communication information collection unit that collects the communication information; a life log information extraction unit that extracts life log information included in the collected communication information; a life log information storage unit that stores the extracted life log information in a configuration capable of being searched at least on an individual user unit basis, the life log information storage unit memorizing scores of a plurality of indexes while associating the scores with the life log information, the indexes indicating degrees of contribution of the life log information to new social communication generation; and a life log information management unit that manages the life log information stored in the life log information storage unit, based on a combination of the scores of the indexes.Type: GrantFiled: September 24, 2012Date of Patent: October 29, 2019Assignee: NEC CorporationInventors: Hirokazu Kawano, Kouichi Onodera, Fumiaki Imanari, Keito Kouda, Naoya Kondou
-
Patent number: 10462171Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.Type: GrantFiled: August 8, 2018Date of Patent: October 29, 2019Assignee: Sentinel Labs Israel Ltd.Inventors: Tomer Weingarten, Almog Cohen
-
Patent number: 10462147Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the device connecting to a port on the switch. The threat management server determines the endpoint device is present in a device log file. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period and the number of times the endpoint device has passed authentication is less than a second threshold value within a second time period. The threat management server determines the endpoint device does not have a lease for the port on the switch and sends a reroute command to the switch to transform the destination of traffic associated with the endpoint device to a safe zone.Type: GrantFiled: June 26, 2017Date of Patent: October 29, 2019Assignee: Bank of America CorporationInventors: Rahul Isola, Anthony P. Grossi
-
Patent number: 10462001Abstract: A method and a network node device run Push-Button Configuration sessions within a heterogeneous network, IEEE 1905.1, using a push button configuration mechanism that ensures that only one single new network node device is registered for a single push button key press event and thus overlapping Push-Button Configuration sessions within a heterogeneous network are prevented. After finishing the push button configuration mode, the number of new nodes is checked. If more than one node has been added, a configuration roll-back is performed. Preferably, the push button configuration roll-back is performed as soon as the authentication of more than one distinct node has been detected. The roll-back includes the deletion or deactivation of credentials established by the push-button configuration.Type: GrantFiled: February 10, 2017Date of Patent: October 29, 2019Assignee: SIEMENS AKTIENGESELLSCHAFTInventors: Michael Bahr, Rainer Falk, Parag Mogre
-
Patent number: 10452851Abstract: Systems and methods which provide a new application security assessment framework that allows auditing and testing systems to automatically perform security and compliance audits, detect technical security vulnerabilities, and illustrate the associated security risks affecting business-critical applications.Type: GrantFiled: February 4, 2016Date of Patent: October 22, 2019Assignee: ONAPSIS S.R.L.Inventor: Mariano Nuñez Di Croce
-
Patent number: 10454895Abstract: A method for enforcing a network policy is described herein. In the method, a network socket event request from an application executing in a first context is intercepted by an agent prior to the request reaching a transport layer in the first context. A context refers to virtualization software, a physical computer, or a combination of virtualization software and physical computer. In response to the interception of the request, the agent requests a decision on whether to allow or deny the network socket event request to be communicated to a security server executing in a second context that is distinct from the first context. The request for a decision includes an identification of the application. The agent then receives from the security server either an allowance or a denial of the network socket event request, the allowance or denial being based at least in part on the identification of the application and a security policy.Type: GrantFiled: September 12, 2016Date of Patent: October 22, 2019Assignee: VMware, Inc.Inventors: Azeem Feroz, Binyuan Chen, Amit Chopra
-
Patent number: 10455449Abstract: A device may perform dynamic load balancing to identify one or more service devices, of a group of service devices, that is to apply a set of network services to traffic associated with a session of a subscriber device. The device may provide outgoing traffic, associated with the session, to the one or more service devices based on identifying the one or more service devices. The outgoing traffic may be provided to cause the one or more service devices to apply the set of network services to the outgoing traffic. The device may provide, to another device, information that identifies the one or more service devices. The information that identifies the one or more service devices may be provided to cause the other device to provide incoming traffic, associated with the session, to the one or more service devices to apply the set of network services to the incoming traffic.Type: GrantFiled: September 25, 2015Date of Patent: October 22, 2019Assignee: Juniper Networks, Inc.Inventors: Dilip H. Sanghavi, Rakesh Kumar, Saravanadas P. Subramanian, Jwala Dinesh Gupta Chakka
-
Patent number: 10455578Abstract: Apparatuses, a method, and a computer program for influencing the selection of a frequency band for wireless communication with a mobile station. Disclosed is an apparatus, method, and computer program for controlling a frequency band selection for wireless communication with a mobile station in a wireless local area network—WLAN—, wherein at least a first and a second frequency band are selectable, the first and second frequency bands each having multiple transmission channels; and having a transmission circuit for transmitting at least one command to the mobile station that asks the mobile station to change from the first to the second frequency band, or vice versa.Type: GrantFiled: November 11, 2016Date of Patent: October 22, 2019Assignee: VOLKSWAGEN AGInventors: Matthias Mohaupt, Sascha Jurthe
-
Patent number: 10439839Abstract: Field-device coupling unit for providing a supply voltage for a field device and for communication with a superordinate control unit, the field-device coupling unit including a current interface, which is configured for communication with the control unit and has a first controllable input load which is configured to provide, from an interface current of the current interface, a load voltage on which the supply voltage is based, the field-device coupling unit further including a circuit arrangement for providing a communication signal which is to be transmitted to the control unit, wherein the circuit arrangement is configured to control the first controllable input load according to the communication signal in order to superimpose the interface current with a current signal corresponding to the communication signal.Type: GrantFiled: August 12, 2015Date of Patent: October 8, 2019Assignee: FESTO AG & CO. KGInventors: Steffen Wunderlich, Stefan Beuel
-
Patent number: 10440091Abstract: Provided is a communication method of an electronic device, including executing a web browser, requesting registration in an IP multimedia core network subsystem (IMS) using a first client associated with the web browser, and displaying, in a part of the web browser using the first client, information associated with a network to which the electronic device is connected.Type: GrantFiled: November 16, 2015Date of Patent: October 8, 2019Assignee: Samsung Electronics Co., LtdInventors: Hyong-Jin Ban, Tae-Sun Yeoum, Ji-Hye Kang, Keon-Ho Kim, Eo-Jin Ham
-
Patent number: 10433174Abstract: The present disclosure provides techniques that may be applied, for example, in a multi-slice network for maintaining privacy when attempting to access the network. An exemplary method generally includes transmitting a registration request message to a serving network to register with the serving network; receiving a first confirmation message indicating a secure connection with the serving network has been established; transmitting, after receiving the first confirmation message, a secure message to the serving network comprising an indication of at least one configured network slice that the UE wants to communicate over, wherein the at least one configured network slice is associated with a privacy flag that is set; and receiving a second confirmation message from the serving network indicating that the UE is permitted to communicate over the at least one configured network slice.Type: GrantFiled: March 6, 2018Date of Patent: October 1, 2019Assignee: QUALCOMM IncorporatedInventors: Soo Bum Lee, Stefano Faccin, Anand Palanigounder, Miguel Griot, Adrian Edward Escott
-
Patent number: 10425446Abstract: This disclosure provides for a network element (in the middle) to inject enrichments into SSL connections, and for taking them out. This network element is sometimes referred to herein as a “middle box.” In the context of layered software architecture, this solution preferably is implemented by a library that operates below the SSL layer and above the TCP sockets layer at the two endpoints of the SSL connection. Preferably, the SSL enrichments are implemented as SSL/TLS records.Type: GrantFiled: September 29, 2015Date of Patent: September 24, 2019Assignee: Akamai Technologies, Inc.Inventor: Mangesh Kasbekar
-
Patent number: 10425429Abstract: An improved method for analyzing computer network security has been developed. The method first establishes multiple nodes, where each node represents an actor, an event, a condition, or an attribute related to the network security. Next, an estimate is created for each node that reflects the ease of realizing the event, condition, or attribute of the node. Attack paths are identified that represent a linkage of nodes that reach a condition of compromise of network security. Next, edge probabilities are calculated for the attack paths. The edge probabilities are based on the estimates for each node along the attack path. Next, an attack graph is generated that identifies the easiest conditions of compromise of network security and the attack paths to achieving those conditions. Finally, attacks are detected with physical sensors on the network, that predict the events and conditions. When an attack is detected, security alerts are generated in response to the attacks.Type: GrantFiled: March 21, 2016Date of Patent: September 24, 2019Inventor: Gabriel Bassett
-
Patent number: 10423762Abstract: A method for detecting digital content misuse can include clustering a set of data points into a set of known violator dusters; determining, based on the set of known violator clusters, that a first user account is potentially a digital content violator, the first user account being represented by a first data point that is not included in the first set of data points, and the first data point having been determined based on usage signal data describing digital content usage association with the first user account; and in response to determining that the first user account is potentially a digital content violator, executing a remedial action with respect to the first user account.Type: GrantFiled: November 4, 2016Date of Patent: September 24, 2019Assignee: Screening Room Media, Inc.Inventors: James Armand Baldwin, Prem Akkaraju, Giorgio Vanzini
-
Patent number: 10409967Abstract: Systems and methods for limiting a user's access to a specific subset of a plurality of software applications installed on a computing device. A method includes the steps of: (i) activating a master application by a master user, where the master application allows access only to the specific subset of the plurality of software applications installed on the computing device, and further where the master application cannot be deactivated without authorization from the master user; (ii) accessing, from within the master application, one or more of the subset of software applications by an authorized user; (iii) returning to the master application or accessing a second of the subset of software applications; and (iv) deactivating the master application, where only the master user can deactivate the master application.Type: GrantFiled: June 16, 2015Date of Patent: September 10, 2019Assignee: HAH, Inc.Inventor: Heather Ahn
-
Patent number: 10410003Abstract: The disclosed technology addresses the need in the art for assigning multiple containers to a single application. A container can be a specified area of a file system that an assigned application can access to store data, while other applications are restricted access to the container. In some instances, it may be beneficial for multiple applications to share some data, while still maintaining other data in a secure location, thus an application can be assigned to multiple containers, a personal container that can only be accessed by the application, and a shared container that can be accessed by multiple applications. Further, an application can be assigned an alternate container, in addition to the personal container. The alternate container can be used when an alternate user is using the client device, thus restricting the alternate user from accessing any sensitive data stored in the personal container.Type: GrantFiled: June 7, 2013Date of Patent: September 10, 2019Assignee: Apple Inc.Inventors: Kelly B. Yancey, Jacques Anthony Vidrine, Eric Olaf Carlson, Paul William Chinn, Simon P. Cooper
-
Patent number: 10397779Abstract: Techniques disclosed herein are generally directed toward providing at least one security feature for an FTM session. More specifically, an initiating STA can include a security feature in an initial FTM request (iFTMR), determine whether a received FTM frame contains information responsive to the at least one security feature, and complete the FTM session accordingly (including terminating the FTM session if the FTM frame does not contain correct information responsive to the at least one security feature). Embodiments may include a security feature such as nonce values and/or generated (or partially-generated) media access control (MAC) addresses.Type: GrantFiled: September 20, 2016Date of Patent: August 27, 2019Assignee: QUALCOMM IncorporatedInventors: Subash Marri Sridhar, Carlos Horacio Aldana
-
Patent number: 10390224Abstract: A cellular terminal transmits a request that requires authentication procedure triggering to a cellular network and responsively receives from the cellular network an authentication request message with an indication of a selected cryptographic algorithm from a group of a plurality of cryptographic algorithms. The cellular terminal attempts to decode the authentication request message to a decoded authentication request according to the selected cryptographic algorithm and based on a shared secret known by the cellular terminal and a network operator of the cellular terminal.Type: GrantFiled: May 20, 2014Date of Patent: August 20, 2019Assignee: Nokia Technologies OyInventors: Hannu Bergius, Silke Holtmanns
-
Patent number: 10379759Abstract: A method for maintaining consistency for I/O operations on metadata distributed amongst a plurality of nodes forming a ring structure.Type: GrantFiled: August 16, 2017Date of Patent: August 13, 2019Assignee: Nutanix, Inc.Inventors: Rishi Bhardwaj, Venkata Ranga Radhanikanth Guturi
-
Patent number: 10382490Abstract: A computer-implemented method includes monitoring a plurality of connections of a plurality of host applications at a host, where each connection of the plurality of connections carries network traffic associated with a respective host application of the plurality of host applications. A plurality of sets of security attributes are detected, and include a respective set of security attributes for each connection of the plurality of connections. The plurality of sets of security attributes are stored in a security database. From the security database, the respective set of security attributes of a first connection are compared to a centralized security policy. It is determined that the respective set of security attributes of the first connection do not meet the centralized security policy. A remedial action is performed on the first connection, responsive to the respective set of security attributes of the first connection not meeting the centralized security policy.Type: GrantFiled: January 24, 2017Date of Patent: August 13, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Constantinos Kassimis, Christopher Meyer, Linwood H. Overby, Jr., David J. Wierbowski
-
Patent number: 10374910Abstract: A system is disclosed for orchestrating services. Service orchestration profiles specify attributes defining desired services. The service orchestration profiles may be distributed amongst nodes and hierarchically related to each other. Service orchestration management functions process the information in the service orchestration profiles in order to determine the desired services and use the information to implement the desired services. The service orchestration management functions may be hierarchically related to each other.Type: GrantFiled: June 12, 2015Date of Patent: August 6, 2019Assignee: Convida Wireless, LLCInventors: Dale N. Seed, Guang Lu, Lijun Dong, Catalina M. Mladin, William Robert Flynn, IV, Xu Li, Hongkun Li
-
Patent number: 10362021Abstract: Disclosed are various approaches for providing authentication of a user and a client device. A user's credentials can be authenticated by an identity provider. In addition, a device posture assessment that analyzes the device from which the authentication request originates is also performed. An authentication request can be authenticated based upon whether the device posture assessment reveals that device to be a managed device that is in compliance with compliance rules.Type: GrantFiled: May 31, 2016Date of Patent: July 23, 2019Assignee: Airwatch LLCInventors: Craig Farley Newell, Jonathan Blake Brannon, Kabir Barday, Ashish Jain
-
Patent number: 10348706Abstract: Methods and apparati for permitting Computing Devices 200 to safely accept Payloads 220 from External Access Entity Devices 260, and to safely access external Networks 710. In an apparatus embodiment, a Computing Device 200 contains an Access Control Module 210 comprising an Access Verification Public Key 211 and a Device Signature Key 214. The Access Control Module 210 is configured to verify authorization of an External Access Payload 220 by verifying a digital signature affixed to the Payload 220 using the Access Verification Public Key 211. The authorized External Access Payload 220 is then permitted to execute on the Computing Device 200. The Access Control Module 210 is also configured to receive from a Network Access Device 600 information associated with a Network 710 access request, and to create a plurality of digital signatures, using the Device Signature Key 214, that link said information associated with the Network 710 access request with the Access Verification Public Key 211.Type: GrantFiled: May 4, 2017Date of Patent: July 9, 2019Inventor: Ernest Brickell
-
Patent number: 10348701Abstract: Described embodiments protect clients from open redirect security vulnerabilities in Web applications. A primary application receives a request for an operation to be performed on behalf of a secondary application. The request includes a return location parameter containing i) a return location, and ii) an encrypted portion. After completing the requested operation, the primary application retrieves the return location parameter and a cryptographic key uniquely associated with the secondary application. The primary application decrypts the encrypted portion of the return location parameter to generate a decrypted value, and uses the decrypted value to validate the return location contained in the return location parameter. The primary application transmits a redirect message to the client that causes the client to be redirected to the return location contained in the return location parameter only in response to the return location being successfully validated based on the decrypted value.Type: GrantFiled: March 2, 2017Date of Patent: July 9, 2019Assignee: Citrix Systems, Inc.Inventors: Javier Alejandro Figueroa, Kenneth Scott Bowden
-
Patent number: 10341822Abstract: A broadcast delivery system designed for the purpose of providing a broadcast delivery system that reduces the load on a wireless network control device comprises: a femto cell base station that provides a wireless connection to a terminal and forms one cell; a gateway device that relays data which the femto cell base station transmits to and receives from a core network; a wireless network control device that is connected to the gateway device; and a broadcast delivery device that transmits, to the wireless network control device, a broadcast delivery message addressed to the terminal connected to the femto cell base station. The gateway device controls the operating state of the femto cell base station and broadcast delivery to the terminal using, as a unit, a service area comprising one or more cells formed by the femto cell base station.Type: GrantFiled: March 29, 2016Date of Patent: July 2, 2019Assignee: NEC CORPORATIONInventor: Masashi Inagaki
-
Patent number: 10338898Abstract: A system includes a user interface presented to a developer. The developer selects a first function to supplement functionality of a first application with external functionality available from third party applications. A code generation module provides a software object to the developer for incorporation into a first state of the first application. The first state includes a user interface element associated with an entity. User selection of the user interface element initiates preparation of a query wrapper including a combination of the entity's name and a predefined text string corresponding to the first function. The query wrapper is transmitted to a search system and a result set is received and displayed. A first item of the result set includes an access mechanism for a specified state of a target application. User selection of the first item causes the access mechanism to open the target application to the specified state.Type: GrantFiled: September 18, 2017Date of Patent: July 2, 2019Assignee: Samsung Electronics Co., Ltd.Inventors: Taher Savliwala, Eric Chen, Jonathan Ben-Tzur
-
Patent number: 10341979Abstract: Techniques for exchanging secure FTM messages are disclosed. An example of a wireless transceiver system for providing a secure Fine Timing Measurement (FTM) exchange includes a memory and a processor configured to obtain a initial-secure-token value and a secure-token-response value via an out-of-band signal, generate a FTM Request message including the initial-secure-token value, a transmitter to send the FTM Request message to a responding station, and a receiver to receive a FTM Response message including the secure-token-response value from the responding station, such that the at least one processor is configured to determine a Round Trip Time (RTT) value based at least in part on the FTM Response message.Type: GrantFiled: May 27, 2016Date of Patent: July 2, 2019Assignee: QUALCOMM IncorporatedInventors: Santosh Vamaraju, Carlos Horacio Aldana
-
Patent number: 10318209Abstract: Discussed herein are methods, devices, and systems for moving a file to a process. A device can include a kernel, a memory, and processing circuitry to: issue one or more move and rename instructions to the memory to change a location and name of a file requested by the second process, issue one or more update access control instructions to update permissions, perform a UAC to determine whether any processes other than the second process currently have the file open and whether any MMaps have the file open, and allow the second process to access the renamed and moved file only if it is determined that no other processes other than the second process have the file open and no MMaps have the file open.Type: GrantFiled: January 30, 2017Date of Patent: June 11, 2019Assignee: Forcepoint LLCInventor: Gregory Alan Hildstrom
-
Patent number: 10311248Abstract: A method for permission management may include creating a relationship between a client and a firm, receiving, in response to creating the relationship, an assignment of a first role to the firm, receiving, in response to receiving the assignment of the first role, an assignment of a second role to an agent of the firm, and generating, for the agent, a runtime token including token permissions based on the first role and the second role.Type: GrantFiled: January 27, 2017Date of Patent: June 4, 2019Assignee: Intuit Inc.Inventors: Nadeem Mohammed Yusuf Ilkal, Andrew Ernest Goldfinch, Yi Zhang, Almira Hortensia Niciu-Chiuaru
-
Patent number: 10296397Abstract: This disclosure sets forth systems and methods for recommending candidate computing platforms for migration of data and data-related workload from an original computing platform. The systems and methods further describe determining recommendations of candidate computing platforms based on a comparison of key performance and utilization statistics of the original computing platform under a user-generated workload with candidate computing platforms under a synthetic workload. Key performance and utilization statistics may relate to CPU, memory, file I/O, network I/O, and database I/O operations on the respective computing platforms. The synthetic workload may be defined by parameters that simulate the key performance and utilization statistics of the original computing platform under the user-generated workload. Further, the synthetic workloads may be executed on individual candidate computing platforms to determine service level capabilities that are ultimately used to form the recommendation.Type: GrantFiled: May 18, 2016Date of Patent: May 21, 2019Assignee: Krystallize Technologies, Inc.Inventors: Roger Richter, Matthew Gueller, James Richard Nolan
-
Patent number: 10296739Abstract: According to an example, a confidence factor function may be applied to determine a confidence factor for a condition of a rule to correlate events. The confidence factor may be an approximation of whether an event or a set of events satisfies the condition in the rule. The confidence factor may be compared to a threshold to determine whether the condition is satisfied.Type: GrantFiled: March 11, 2013Date of Patent: May 21, 2019Assignee: ENTIT SOFTWARE LLCInventors: Anurag Singla, Robert Block, Suranjan Pramanik