Application Layer Security Patents (Class 713/152)
  • Patent number: 11122008
    Abstract: Systems, methods, and computer-readable media for creating service chains for inter-cloud traffic. In some examples, a system receives domain name system (DNS) queries associated with cloud domains and collects DNS information associated the cloud domains. The system spoofs DNS entries defining a subset of IPs for each cloud domain. Based on the spoofed DNS entries, the system creates IP-to-domain mappings associating each cloud domain with a respective IP from the subset of IPs. Based on the IP-to-domain mappings, the system programs different service chains for traffic between a private network and respective cloud domains. The system routes, through the respective service chain, traffic having a source associated with the private network and a destination matching the IP in the respective IP-to-domain mapping.
    Type: Grant
    Filed: May 8, 2020
    Date of Patent: September 14, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Balaji Sundararajan, Samar Sharma
  • Patent number: 11088994
    Abstract: An application using a virtual private network (VPN) is programmed to transmit proxy traffic to a remote proxy server. Traffic to the proxy server is intercepted, shifted to user space, and processed according to one or more options. Traffic may be terminated by a local proxy that resolves domain names in traffic and requests referenced content. Intercepted traffic may include plain text data in headers that is encrypted before forwarding to a different proxy server. Traffic may be evaluated, such as a User Agent string in order to determine routing choices, such as blocking, throttling, local termination, transmitting through a VPN, or other options. Multiple VPNs may operate on the same user computer and proxy traffic may be intercepted and processed by transmitting it through a VPN, bypassing all VPNs, or routing through a different VPN.
    Type: Grant
    Filed: August 8, 2018
    Date of Patent: August 10, 2021
    Assignee: Twingate Inc.
    Inventors: Eugene Lapidous, Sean Ghiocel, Maxim Molchanov, Eduardo Panisset
  • Patent number: 11089061
    Abstract: A cloud device is configured in an email transmission pathway. The cloud device receives an email attachment whose maliciousness status is determined to be unknown. The cloud device encrypts the email attachment and delivers the encrypted attachment to the recipient. When the recipient attempts to access the encrypted attachment, the cloud device re-determines the maliciousness status of the attachment. If the re-determined maliciousness status is benign, the cloud device allows the encrypted attachment to be decrypted and opened locally on the recipient's device. If the re-determined maliciousness status is still unknown, the cloud device provides a cloud-based viewing solution to the recipient using an isolation service.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: August 10, 2021
    Assignee: CA, INC.
    Inventors: Nikhil Sinha, Alexander Harris, John Steenbruggen, Ananta Krishna Vadlamani
  • Patent number: 11057289
    Abstract: A method for identifying a network application. The method includes analyzing metadata and source code of a network application to extract a set of application tokens, generating an index document of the network application based on the set of application code tokens, wherein the index document is included in a library of index documents corresponding to a number of network applications, extracting a set of packet header tokens from a packet header of a packet in a flow, comparing the set of packet header tokens to the set of index documents to generate a number of match scores, wherein each match score represents a similarity measure between the set of packet header tokens and one index document, and determining, based on a highest match score corresponding to a particular network application, that the flow is generated by the particular network application.
    Type: Grant
    Filed: December 26, 2017
    Date of Patent: July 6, 2021
    Assignee: The Boeing Company
    Inventors: Gyan Ranjan, Alok Tongaonkar, Ruben Torres
  • Patent number: 11057430
    Abstract: Methods, systems, and devices for server-initiated secure sessions are described, A browser application may connect to a portal, where the portal may transmit a command to a server agent to initiate a secure session with an endpoint device. The server agent may be housed in a destination server, and may establish a secure connection with an intermediary server using a secure communication protocol. The secure connection may be made by directing the destination server to open an outbound connection through a firewall of the destination server, A browser session may be redirected to the intermediary server from the browser application, and the intermediary server may route the browser session traffic to the secure connection.
    Type: Grant
    Filed: October 9, 2018
    Date of Patent: July 6, 2021
    Assignee: JumpCloud, Inc.
    Inventors: Rajat Bhargava, Christopher Marie, James Brown
  • Patent number: 11051247
    Abstract: A transmission/reception device with wake-up radio for a node with limited resources such as an IoT network node. The device includes a permanently powered auxiliary circuit, capable of detecting a wake-up token, and a main circuit, normally in the idle state and activated by the auxiliary circuit when a wake-up token is detected. The next wake-up token is calculated by the main circuit by applying a one-way function to at least part of a message exchanged on the main radio through a secure communication.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: June 29, 2021
    Assignee: COMMISSARIAT A L'ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES
    Inventors: Maxime Montoya, Simone Bacles-Min, Anca Molnos, Jacques Fournier
  • Patent number: 11032266
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to identifying a digital certificate associated with data and assigning a reputation to the digital certificate, where the digital certificate is classified as trusted if the digital certificate is included in an entry in a whitelist and the digital certificate is classified as untrusted if the digital certificate is included in an entry in a blacklist.
    Type: Grant
    Filed: December 23, 2014
    Date of Patent: June 8, 2021
    Assignee: McAfee, LLC
    Inventors: James Bean, Joel R. Spurlock, Cedric Cochin, Aditya Kapoor, Ramnath Venugopalan
  • Patent number: 11025655
    Abstract: Techniques for inspecting network traffic are disclosed. An application executing as an operating system extension that uses a virtual private network (VPN) stack of the operating system intercepts an Internet protocol (IP) packet for delivery to a remote computer system. A determination is made of an action to take in response to intercepting the packet. The determined action is taken.
    Type: Grant
    Filed: July 11, 2019
    Date of Patent: June 1, 2021
    Assignee: Fyde, Inc.
    Inventors: Sinan Eren, Jose Luis Ferras Pereira, Pablo German Sole, Luisa Marina Moya Praca de Araujo Lima
  • Patent number: 11023616
    Abstract: In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.
    Type: Grant
    Filed: March 23, 2020
    Date of Patent: June 1, 2021
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Kevin Jones, Jonathan Blake Brannon
  • Patent number: 11017084
    Abstract: A method for detecting malicious code fragments based on data-flow isolation is provided. The method may include isolating data flows associated with a computing program for a user device. The method may further include mapping steps for the isolated data flow to modules associated with the computing program and the user device. The method may further include comparing the mapped steps to determine connections between the isolated data flows. The method may further include, based on the comparison of the mapped steps and the modules, determining whether the isolated data flows comprise malicious data flow deviations. The method may also include, in response to the determination that the isolated data flows comprise malicious data flow deviations, determining whether the computer program is malicious by weighing security risks associated with the malicious data flow deviations based on security risk factors.
    Type: Grant
    Filed: November 21, 2017
    Date of Patent: May 25, 2021
    Assignee: International Business Machines Corporation
    Inventors: Roee Hay, Marco Pistoia, Omer Tripp
  • Patent number: 11012523
    Abstract: In one embodiment, a proxying agent loaded at application startup loads a circuit breaker framework into a class loader, and also loads a circuit breaker proxy into an extension class loader seen by the proxying agent and by the application. The proxying agent may also instrument selected methods of the application, such that, when calling to run an instrumented method: an ID of the circuit breaker proxy is set to a trackable context, and the proxy execution may be held until exit of the run method (and if exit of the run method is due to a particular exception, an exception of the proxy may also be set to reflect the particular exception). The circuit breaker may then monitor the proxy for latency, exceptions, and circuit breaker trip criteria, and stops the run method in response to the latency, exceptions, or circuit breaker trip criteria surpassing a particular respective threshold.
    Type: Grant
    Filed: July 24, 2019
    Date of Patent: May 18, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Walter Theodore Hulick, Jr., Harish Nataraj
  • Patent number: 10992690
    Abstract: Techniques for inspecting network traffic are disclosed. An application executing as an operating system extension that uses a virtual private network (VPN) stack of the operating system intercepts an Internet protocol (IP) packet for delivery to a remote computer system. A determination is made of an action to take in response to intercepting the packet. The determined action is taken.
    Type: Grant
    Filed: July 11, 2019
    Date of Patent: April 27, 2021
    Assignee: Fyde, Inc.
    Inventors: Sinan Eren, Jose Luis Ferras Pereira, Pablo German Sole, Luisa Marina Moya Praca de Araujo Lima
  • Patent number: 10963576
    Abstract: Systems and methods for receiving a request to analyze trust of a client system and perform actions based on a client trust profile. A trust rating server device receives a request from a client computing device to analyze the trust on the device. The request identifies at least one credential or certificate installed on the device for example. The credential or certificate is obtained and analyzed to identify key information that relates to trust, such as level of encryption, country or entity of origin, duration of credential, certifying authority, etc. A rating is established using the key information and compared to a profile or other metric. One or more credentials or certifications may be blocked, disabled, enabled or removed based on a user's profile. Trust credentials are continuously monitored on the device for changes, and new credentials are blocked that do not meet thresholds established in the user's profile.
    Type: Grant
    Filed: July 30, 2019
    Date of Patent: March 30, 2021
    Assignee: The Privacy Factor, LLC
    Inventor: Mark A. Sartor
  • Patent number: 10938553
    Abstract: The present disclosure relates to generating an identifier, an encrypted value that is an original value encrypted, and a Message Authentication Code (MAC) at a server device, and to generating a message including a message header and a message body, said message header including the identifier and the MAC, and said message body including the encrypted value, and said that the MAC key used to compute the message authentication code is included in the original value to be encrypted, and further relates to transmitting the message to a client device.
    Type: Grant
    Filed: November 27, 2015
    Date of Patent: March 2, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Liqun Chen, Nigel Edwards
  • Patent number: 10929553
    Abstract: The application provides a managing method and device for a sensor access authority, and relates to the field of information security. The method includes: determining a second sensor corresponding to a first sensor and having a type different from the first sensor in response to adjustment of an access authority of an application program to the first sensor, and then adjusting the access authority of the application program to the second sensor. The second sensor corresponding to a first sensor is determined when an access authority of an application program to the first sensor is adjusted, and the access authority of the application program to the second sensor is adjusted, thereby avoiding the second sensor collecting and leaking privacy information of the user and protecting privacy security of the user.
    Type: Grant
    Filed: December 2, 2016
    Date of Patent: February 23, 2021
    Assignee: BEIJING ZHIGU RUI TUO TECH CO., LTD.
    Inventors: Kuifei Yu, Ran Xu
  • Patent number: 10911237
    Abstract: A means of using a virally connected network of friends to assist each other to recover encrypted data should any single person lose their encryption key, without noticeably risking the security of the encrypted data to any persons with access to the encrypted data or to the Internet, including the virally connected network of friends.
    Type: Grant
    Filed: March 9, 2018
    Date of Patent: February 2, 2021
    Inventors: Jim Zubov, John Kenneth Brixius
  • Patent number: 10901717
    Abstract: A request to install an application on a device may be received, and data associated with the device and a set of users associated with the device may be received. Acceptance factors specified in a terms and conditions document associated with the application to be installed on the device may be identified. A terms and conditions implication of installing the application on the device may be determined based on the acceptance factors. Based on the terms and conditions implication, a rule may be dynamically generated to control at least a running of the application on the device. The rule may be activated or caused to be activated on the device. The activation of the rule may control the running of the application on the device.
    Type: Grant
    Filed: July 16, 2018
    Date of Patent: January 26, 2021
    Assignee: International Business Machines Corporation
    Inventors: Skyler Speakman, Komminist Weldemariam
  • Patent number: 10885180
    Abstract: Techniques are disclosed relating to detecting that a client system is an emulated computer system based on its computational performance of one or more challenge problems. In some embodiments, a server computer system may receive, from a client system, a request to access a web service. The server computer system may determine reported technical features of the client system and select a particular challenge problem to provide to the client system. The server computer system may determine an expected response time of the particular challenge problem for the client system. The server computer system may receive a challenge response from the client system that includes a proposed solution to the particular challenge problem. The server computer system may then determine whether to authorize the request based on a measured response time by the client system and the expected response time of the particular challenge problem for the client system.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: January 5, 2021
    Assignee: PayPal, Inc.
    Inventors: Bradley Wardman, Blake Butler
  • Patent number: 10812496
    Abstract: In one embodiment, a method includes receiving data associated with a cluster at a computer and processing the data at the computer to automatically generate a description of the cluster. The data includes cluster data comprising data within the cluster and non-cluster data comprising a remaining set of the data. The description comprises a minimal set of features that uniquely defines the cluster to differentiate the cluster data from non-cluster data. An apparatus and logic are also disclosed herein.
    Type: Grant
    Filed: October 1, 2015
    Date of Patent: October 20, 2020
    Assignee: CISCO TECHNOLOGY, INC.
    Inventor: Blake Harrell Anderson
  • Patent number: 10778697
    Abstract: With regard to a method for transmitting and receiving data in a wireless communication system in the present specification, a method implemented by a first network node is characterized by comprising: transmitting a control message, including information pertaining to terminal context retention properties, to a terminal; receiving a first message including a first information block from the terminal; carrying out a verification process on the terminal on the basis of the received first message; and transmitting a second message to the terminal according to the results of the verification of the terminal, wherein the terminal context retention properties represent at least one of whether terminal context is retained or whether terminal context can be changed.
    Type: Grant
    Filed: June 22, 2016
    Date of Patent: September 15, 2020
    Assignee: LG Electronics Inc.
    Inventors: Heejeong Cho, Jiwon Kang, Genebeck Hahn, Eunjong Lee, Ilmu Byun
  • Patent number: 10764263
    Abstract: Apparatuses and methods for authenticating a user to a host by an agent are disclosed. In the method the agent receives a connection request to the host from the user. In response to the received connection request, the agent determines an ephemeral authenticator, and acquires using the ephemeral authenticator a second authenticator. The second authenticator is based at least in part on use of the ephemeral authenticator. The agent then authenticates the user to the host using the second authenticator.
    Type: Grant
    Filed: November 28, 2016
    Date of Patent: September 1, 2020
    Assignee: SSH Communications Security OYJ
    Inventor: Markku Rossi
  • Patent number: 10764252
    Abstract: A method and system for communicating between a managed device and a device manager is provided by sending the managed device a message over a first communications channel, and then initiating communication between the managed device and the device manager over a second communications channel in response to the message, wherein the first communications channel and the second communications channel are of different types.
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: September 1, 2020
    Assignee: VODAFONE IP LICENSING LTD
    Inventors: Nick Bone, Simone Ferrara
  • Patent number: 10712796
    Abstract: A non-transitory computer readable storage medium having stored thereon instructions, the instructions being executable by one or more processors to perform operations including: receiving, by a calibration module executed by the one or more processors, a calibration request including (i) a workload type, (ii) a list of compute nodes belonging to a distributed computer system, and (iii) one or more frequencies; responsive to identifying the workload type as a clustered workload type, instructing a plurality of compute nodes on the list of compute nodes to begin processing a workload of the workload type; and responsive to identifying the workload type as a clustered workload type, instructing a compute node on the list of compute nodes to begin processing the workload of the workload type is shown.
    Type: Grant
    Filed: December 24, 2014
    Date of Patent: July 14, 2020
    Assignee: INTEL CORPORATION
    Inventors: Muralidhar Rajappa, Andy Hoffman, Devadatta Bodas, Justin Song, James Alexander
  • Patent number: 10701091
    Abstract: A computerized method to identify potentially malicious code in a network is described. Herein, information associated with a threat is analyzed to yield intelligence that includes instructions or indicators related to the threat. Based on the intelligence, a determination is made as to an endpoint device, which includes an endpoint agent, is to (i) receive at least one of the instructions or the indicators, (ii) conduct an examination of memory of the endpoint device for data corresponding to any of the instructions or the indicators, and (iii) obtain results of the examination. Verification information, including at least a portion of the results of the examination by the endpoint device and an identifier for the endpoint device, is gathered and correlated to determine whether such information corresponds to a verified threat. Thereafter, a notification, including a portion of the verification information, is sent to identify the verified threat.
    Type: Grant
    Filed: July 23, 2018
    Date of Patent: June 30, 2020
    Assignee: FireEye, Inc.
    Inventors: Sean Cunningham, Robert Dana, Joseph Nardone, Joseph Faber, Kevin Arunski
  • Patent number: 10698900
    Abstract: Systems and methods are disclosed for generating a distributed execution model with untrusted commands. The system can receive a query, and process the query to identify the untrusted commands. The system can use data associated with the untrusted command to identify one or more files associated with the untrusted command. Based on the files, the system can generate a data structure and include one or more identifiers associated with the data structure in the distributed execution model. The system can distribute the distributed execution model to one or more nodes in a distributed computing environment for execution.
    Type: Grant
    Filed: September 25, 2017
    Date of Patent: June 30, 2020
    Assignee: Splunk Inc.
    Inventors: Arindam Bhattacharjee, Sourav Pal, Alexander Douglas James
  • Patent number: 10666665
    Abstract: A confirmation apparatus includes a determination unit configured to determine whether an information processing apparatus that has transmitted a security confirmation instruction executes communication via a firewall, a setting unit configured to set predetermined ports as inspection targets in a first case where the determination unit determines that the information processing apparatus executes communication via the firewall, and set ports listed in a used port list received from the information processing apparatus as the inspection targets in a second case where the determination unit determines that the information processing apparatus executes communication without interposing the firewall, an inspection unit configured to inspect ports set as the inspection targets by the setting unit, and a notification unit configured to notify the information processing apparatus of an inspection result acquired by the inspection unit.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: May 26, 2020
    Assignee: Canon Kabushiki Kaisha
    Inventor: Masamichi Akashi
  • Patent number: 10652297
    Abstract: A method for the transmission and adaption of data can include the steps of generating generic requirement documents, identifying a plurality of suitable communication patterns on the basis of the generic requirement documents, determining currently available transport options and their service quality across at least one communication network, and selecting a communication pattern from a plurality of suitable communication patterns based on the network transmission qualities of the at least one communication network. The method can utilize a first functional layer and a second functional layer that are integrated between a software application layer and a network access layer that each receive input documents that are independent of each other. The input documents of the second functional layer can contain transport-related information while the input documents of the first functional layer can contain application-related information.
    Type: Grant
    Filed: January 30, 2019
    Date of Patent: May 12, 2020
    Assignee: Unify GmbH & Co. KG
    Inventors: Jurgen Totzke, Karl Klug, Paul Mueller, Tino Fleuren, Joachim Goetze, Ralf Steinmetz, Apostolos Papageorgiou, Ulrich Lampe, Phuoc Tran-Gia, Martina Zitterbart, Erwin Rathgeb, Adam Wolisz
  • Patent number: 10642996
    Abstract: A method, system and computer-usable medium for adaptively remediating multivariate risk, comprising: detecting a violation of a multivariate security policy, the multivariate security policy comprising a plurality of variables; identifying a variable from the plurality of variables associated with a cause of the violation; associating an entity with the variable associated with the cause of the violation; and, adaptively remediating a risk associated with the entity.
    Type: Grant
    Filed: July 25, 2018
    Date of Patent: May 5, 2020
    Assignee: Forcepoint LLC
    Inventors: Richard A. Ford, Ann Irvine, Adam Reeve
  • Patent number: 10637848
    Abstract: Disclosed herein is an apparatus for supporting authentication between devices, which includes a certificate information storage unit for storing certificate data of a first terminal for managing a certificate; a communication unit for receiving a request for a certificate of the first terminal, which uses a signature value and certificate-related information corresponding to the first terminal, from a second terminal and returning information corresponding to a valid certificate of the first terminal to the second terminal in order to enable the second terminal to authenticate the first terminal; and a certificate verification unit for verifying whether a certificate of the first terminal is valid.
    Type: Grant
    Filed: November 15, 2017
    Date of Patent: April 28, 2020
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Yun-Kyung Lee, Young-Ho Kim, Jeong-Nyeo Kim, Jae-Deok Lim, Bo-Heung Chung, Hong-Il Ju, Yong-Sung Jeon
  • Patent number: 10628466
    Abstract: A full-text index can be created for each mailbox of an EDB to facilitate the performance of complex queries to quickly search for email data. In this way, relevant email data can be identified and retrieved quickly and efficiently from the full-text index rather than from the EDB. To create such indexes, each email in a mailbox can be retrieved and processed to convert the email from its native format into textual name/value pairs which can then be submitted for indexing. This use of name/value pairs to index each email enables the emails across all mailboxes to be efficiently queried using any possible combination of values.
    Type: Grant
    Filed: January 6, 2016
    Date of Patent: April 21, 2020
    Assignee: Quest Software Inc.
    Inventors: Sergey Romanovich Vartanov, Alexander Gennadievich Stepanoff, Sergey Evgenievich Zalyadeev
  • Patent number: 10523701
    Abstract: In a system for configuring a web application firewall, one or more parameters of the firewall are adjusted such that a test configured for exposing a vulnerability of an application protected by the application firewall is blocked by the firewall and another test configured to invoke functionality of the application but that does not expose or exploit any security vulnerability is not blocked by the firewall. A notification is provided to a user if such a firewall configuration is not found after a specified number of attempts.
    Type: Grant
    Filed: October 16, 2018
    Date of Patent: December 31, 2019
    Assignee: Veracode, Inc.
    Inventor: Erik J. Peterson
  • Patent number: 10505960
    Abstract: One embodiment provides a method comprising, in a training phase, receiving one or more malware samples, extracting multi-aspect features of malicious behaviors triggered by the malware samples, determining evolution patterns of the malware samples based on the multi-aspect features, and predicting mutations of the malware samples based on the evolution patterns. Another embodiment provides a method comprising, in a testing phase, receiving a new mobile application, extracting a first set of multi-aspect features for the new mobile application using a learned feature model, and determining whether the new mobile application is a mutation of a malicious application using a learned classification model and the first set of multi-aspect features.
    Type: Grant
    Filed: December 22, 2016
    Date of Patent: December 10, 2019
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Deguang Kong, Wei Yang, Hongxia Jin
  • Patent number: 10467393
    Abstract: An application triggering method and device are provided in the field of terminals. The terminal device sets at least two different triggering passwords for at least two instances of an application corresponding to an application icon on a user interface on the display. The terminal device acquires an input password after a triggering operation over the application icon is detected on the user interface. The terminal device triggers a target instance of the application according to the input password, where the target instance refers to an instance for which one of the at least two different triggering passwords is the same as the input password.
    Type: Grant
    Filed: June 2, 2017
    Date of Patent: November 5, 2019
    Assignee: Beijing Xiaomi Mobile Software Co., Ltd.
    Inventors: Le Wang, Minghao Li, Yanfei Luo
  • Patent number: 10432579
    Abstract: Embodiments of the present disclosure provide an Internet Protocol address allocation method and a router. The Internet Protocol address allocation method of the present disclosure includes receiving a delegate prefix of an upper-level network device, where the upper-level network device is a network device connected to a wide area network interface of the router; generating a local prefix of the router and a delegate prefix of the router according to the delegate prefix of the upper-level network device; and sending the local prefix of the router and the delegate prefix of the router to a lower-level router of the router. Internet Protocol addresses of devices in a cascaded network can be obtained in the embodiments of the present disclosure.
    Type: Grant
    Filed: May 29, 2015
    Date of Patent: October 1, 2019
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Jian Liang, Jin Li
  • Patent number: 10389702
    Abstract: Disclosed are an entity authentication method and device, involving: sending, by an entity A, a first identity authentication message to an entity B; inspecting, by the entity B after receiving the first message, the validity of a certificate of the entity A; sending, by the entity B, a second identity authentication message to the entity A; inspecting, by the entity A after receiving the second message, the correctness of field data therein; calculating, by the entity A, a secret information and message authentication code using a private key thereof and a temporary public key of the entity B, and sending a third message to the entity B; inspecting, by the entity B after receiving the third message, the correctness of field data therein; calculating, by the entity B, a secret information and message authentication code using a private key thereof and a public key of the entity A.
    Type: Grant
    Filed: March 27, 2015
    Date of Patent: August 20, 2019
    Assignee: CHINA IWNCOMM CO., LTD.
    Inventors: Yanan Hu, Zhiqiang Du, Qin Li, Ming Li
  • Patent number: 10382431
    Abstract: Identifying a communication source includes receiving a message from a client computer requesting access to a computer-based resource; and receiving, a network signature from the client computer, wherein the network-related signature comprises a value representing how many routing devices are on a network path between the client computer and a predetermined computer. Also included is determining whether the vector of values matches a vector of stored values, each stored value potentially corresponding to a respective one of the values in the vector of values; and limiting access to the computer-based resource based at least in part on the vector of values not matching the vector of stored values.
    Type: Grant
    Filed: March 3, 2017
    Date of Patent: August 13, 2019
    Assignee: CA, Inc.
    Inventors: Himanshu Ashiya, Atmaram Shetye, Roshan Mathews
  • Patent number: 10372516
    Abstract: A method and system for processing a message of a messaging system. The messaging system includes a messaging engine and a set of messages. A messaging endpoint of each message of the set of messages is associated with a respective container configured to run an associated application. In response to a first message being published to a messaging endpoint of the first message, the container associated with the messaging endpoint of the first message is used to process the message.
    Type: Grant
    Filed: July 25, 2017
    Date of Patent: August 6, 2019
    Assignee: International Business Machines Corporation
    Inventors: Chris R. Bean, Matthew R. Whitehead
  • Patent number: 10375097
    Abstract: In one embodiment, a device in a network receives traffic information regarding one or more secure sessions in the network. The device associates the one or more secure sessions with corresponding certificate validation check traffic indicated by the received traffic information. The device makes a self-signed certificate determination for an endpoint domain of a particular secure session based on whether the particular secure session is associated with certificate validation check traffic. The device causes the self-signed certificate determination for the endpoint domain to be used as input to a malware detector.
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: August 6, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Martin Kopp, Martin Grill, Jan Kohout
  • Patent number: 10375025
    Abstract: A virtual private network implementation method includes intercepting, by an NDIS intermediate driver, a packet sent by an application program to an intranet server, and determining, according to a PID corresponding to the packet, whether to allow a process corresponding to the packet to use an SSL VPN; when the process corresponding to the packet is allowed to use the SSL VPN, establishing, by the NDIS intermediate driver, a new packet, and submitting the new packet to an NDIS network interface card driver; and sending, by the NDIS network interface card driver, the new packet to the client, and sending, by the client, the new packet to the intranet server. Thereby, a virtual private network is implemented based on process control, and a client has a fast startup speed.
    Type: Grant
    Filed: February 7, 2017
    Date of Patent: August 6, 2019
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Xiaofeng Zheng, Yinghua Zhu, Tingke Ge, Fei Zhao
  • Patent number: 10366241
    Abstract: Systems and methods for receiving a request to analyze trust of a client system and perform actions based on a client trust profile. A trust rating server device receives a request from a client computing device to analyze the trust on the device. The request identifies at least one credential or certificate installed on the device for example. The credential or certificate is obtained and analyzed to identify key information that relates to trust, such as level of encryption, country or entity of origin, duration of credential, certifying authority, etc. A rating is established using the key information and compared to a profile or other metric. One or more credentials or certifications may be blocked, disabled, enabled or removed based on a user's profile. Trust credentials are continuously monitored on the device for changes, and new credentials are blocked that do not meet thresholds established in the user's profile.
    Type: Grant
    Filed: March 30, 2017
    Date of Patent: July 30, 2019
    Assignee: The Privacy Factor, LLC
    Inventor: Mark A. Sartor
  • Patent number: 10361927
    Abstract: It is determined whether a user is authorized to carry out a management operation on a plurality of information technology assets in parallel, based on a role of the user and at least one characteristic of the management operation. A risk level of the management operation, and at least one characteristic of the plurality of information technology assets, are both determined. Based on the risk level and the at least one characteristic of the plurality of information technology assets, an execution pattern for the management operation is specified. In at least some cases, the management operation is carried out on the plurality of information technology assets in parallel, in accordance with the execution pattern.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: July 23, 2019
    Assignee: International Business Machines Corporation
    Inventors: Constantin M. Adam, Shang Q. Guo, Rajeev Puri, Yaoping Ruan, Cashchakanith Venugopal, Frederick Y. Wu, Sai Zeng
  • Patent number: 10356120
    Abstract: Disclosed are techniques for use in assessing the risk of electronic communications using logon types. In one embodiment, the techniques comprise a method. The method comprises receiving an electronic communication relating to a login request involving a user and a provider of a computerized resource. The method comprises determining a logon type associated with the logon request. The method comprises determining a first value relating to an amount of logon requests associated with the logon type involving the user and the provider over a first time period and a second value relating to an amount of logon requests associated with the logon type involving the user and the provider over a second time period that is greater than the first time period. The method comprises generating a risk score describing the risk associated with the logon request based on the first and the second values.
    Type: Grant
    Filed: April 28, 2017
    Date of Patent: July 16, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Kineret Raviv, Uri Fleyder, Marcelo Blatt, Ofri Mann, Richard Chiles
  • Patent number: 10348756
    Abstract: A system and method for assessing vulnerability of a mobile device including at a remote analysis cloud service, receiving at least one vulnerability assessment request that includes an object identifier for an operative object of a mobile computing device, wherein the vulnerability assessment request originates from the mobile computing device; identifying a vulnerability assessment associated with the identifier of the operative object; and communicating the identified vulnerability assessment to the mobile computing device.
    Type: Grant
    Filed: September 8, 2016
    Date of Patent: July 9, 2019
    Assignee: Duo Security, Inc.
    Inventors: Jon Oberheide, Dug Song, Adam Goodman
  • Patent number: 10320843
    Abstract: In some embodiments, systems, methods, and devices disclosed herein enable trusted sharing of private data and/or transactions via a distributed ledger, while maintaining data consistency properties. Some embodiments provide and utilize one or more independent and/or dependent channels. In particular, in some embodiments, one or more independent and/or dependent channels can exist on a single distributed ledger, wherein participants or nodes that are members of a particular channel can view and access the information in a given network transaction. To other participants or nodes not on the particular channel, however, only an encrypted or redacted version of the information can be viewable, thereby not disclosing the transaction information to such participants or nodes. In some embodiments, consistency properties may be preserved even in the presence of selective sharing of transaction information with proofs of validity.
    Type: Grant
    Filed: December 7, 2018
    Date of Patent: June 11, 2019
    Assignee: SYMBIONT.IO, INC.
    Inventors: Lukasz Dobrek, Adam Krellenstein, Pankaj Surana, Aaron Todd, Yiqun Yin
  • Patent number: 10270798
    Abstract: A method for assessing effectiveness of one or more cybersecurity technologies in a computer network includes testing each of two or more component stages of an attack model at a first computer network element twice. A first one of the tests is conducted with a first one of the cybersecurity technologies operable to protect the first computer network element, and a second one of the tests is conducted with the first cybersecurity technology not operable to protect the first computer network element. For each one of the twice-tested component stages, comparing results from the first test and the second test, wherein the comparison yields or leads to information helpful in assessing effectiveness of the first cybersecurity technology on each respective one of the twice-tested component stages at the computer network element.
    Type: Grant
    Filed: October 6, 2016
    Date of Patent: April 23, 2019
    Assignee: SIEGE TECHNOLOGIES LLC
    Inventors: Kara Zaffarano, Joshua Taylor, Samuel Hamilton
  • Patent number: 10270588
    Abstract: Provided are a method and a system for an additive homomorphic encryption scheme with operation error detection functionality. A plaintext is obtained by decrypting a ciphertext encrypted based on a homomorphic encryption technique and subjected to an operation and lower setting bits corresponding to additional secret information included in a final private-key are extracted as plaintext information from the acquired plaintext. An operation error check is performed on the remaining bits other than the lower setting bits in the acquired plaintext.
    Type: Grant
    Filed: May 5, 2016
    Date of Patent: April 23, 2019
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Taek-Young Youn, Nam-Su Jho, Ku Young Chang
  • Patent number: 10255371
    Abstract: Systems and methods are disclosed for clustering multiple devices that are associated with particular users by utilizing both probabilistic and deterministic data derived from analytics information on the users. An analytics computing system generates at least one deterministic device cluster that groups a first set of devices associated with a first user. The first set of devices share deterministic user identifiers specific to the first user. The analytics computing system also identifies a probabilistic link between a device in the first set of devices and additional devices. The probabilistic link indicates common usage patterns between two devices. Based on the probabilistic link, the analytics computing system generates a data structure that includes the deterministic device cluster and the additional devices.
    Type: Grant
    Filed: September 19, 2016
    Date of Patent: April 9, 2019
    Assignee: Adobe Systems Incorporated
    Inventors: Karthik Raman, Nedim Lipka, Matvey Kapilevich
  • Patent number: 10237057
    Abstract: A method for controlling the exchange of private data, associated with a client device, between an application in execution on or for the device and a serving node in a data network, comprising transmitting a request to the serving node from the application for access to a service requiring use of the private data, receiving challenge data at the application from the serving node, requesting authorization for the use of the private data using a secure user interface of the client device to a trusted information manager on the basis of the challenge data, transmitting an obfuscated version of the private data for use with the service from the trusted information manager to the application on the basis of the authorization.
    Type: Grant
    Filed: August 18, 2014
    Date of Patent: March 19, 2019
    Assignee: Alcatel Lucent
    Inventors: Tommaso Cucinotta, Stephane Betge-Brezetz
  • Patent number: 10230727
    Abstract: Method for authenticating a user, comprising the steps of a)providing a central server (101), in communication with at least one authentication service provider (110, 120, 130), arranged to authenticate users via a respective authentication web interface, and at least one user service provider (150), arranged to provide user services to users via a respective user service web interface; b) providing, for a particular user and using a web browser in an electronic device (170, 180), access to the authentication web interface, and upon an authentication of the user, the central server placing a cookie on the electronic device identifying the authentication service provider; c) providing, for the user and using the same web browser executed from the same electronic device, access to the user service web interface, and as a result providing the said cookie to the central server; d) identifying, based upon the said cookie, the authentication service provider; e) redirecting the web browser to the authentication ser
    Type: Grant
    Filed: July 31, 2015
    Date of Patent: March 12, 2019
    Assignee: IDENTITRADE AB
    Inventor: Philip Hallenborg
  • Patent number: 10225235
    Abstract: A firewall system determines whether a protocol used by an incoming data packet is a standard protocol compliant with Request For Comment (RFC) standards. In the event the protocol is RFC compliant, the firewall transmits the packet to the recipient according to firewall policies regarding the standard protocol. If the protocol is not that of an RFC standard, the firewall determines whether the protocol matches an RFC-exception protocol in a RFC-exception protocol database. If the protocol does match an RFC-exception, the firewall may transmit the packet to the recipient according to firewall policies regarding the RFC-exception protocol. If it does not match an RFC-exception, the firewall may transmit the packet or protocol to a support system where it may be quarantined until it is approved based on a decision that the protocol is safe and/or widely adopted.
    Type: Grant
    Filed: December 4, 2017
    Date of Patent: March 5, 2019
    Assignee: SONICWALL INC.
    Inventor: Hugo Vazquez Carames