Particular Node (e.g., Gateway, Bridge, Router, Etc.) For Directing Data And Applying Cryptography Patents (Class 713/153)
  • Patent number: 11121912
    Abstract: A method and an apparatus for processing information are provided. A method may include: sending a preset data acquisition request to a target data transmission end included in at least two preset data transmission ends; receiving feedback information from the target data transmission end, and determining whether the feedback information includes the acquired data; determining, in response to determining that the feedback information does not include the acquired data, whether the feedback information includes first fault information for indicating that the target data transmission end malfunctions; and selecting, in response to determining that the feedback information includes the first fault information, a data transmission end other than the target data transmission end from the at least two data transmission ends as a new target data transmission end.
    Type: Grant
    Filed: July 11, 2019
    Date of Patent: September 14, 2021
    Assignee: BAIDU ONLINE NETWORK TECHNOLOGY (BEIJING) CO., LTD.
    Inventors: Xiangyu Fu, Jie Huang, Renlan Cai, Shiyu Song, Fangfang Dong
  • Patent number: 11120841
    Abstract: A method for automatically detecting video incidents on a video played back by an electronic video playback device, includes acquiring a message; subtracting a counter included in the message previously acquired from a counter included in a message saved in a database to obtain a transition state of the electronic video playback device; classifying, by a supervised automatic learning algorithm, the transition state as a normal state of the played back video or as a video incident on the played back video; performing a video incident detection including the creation of an incident message; transmitting the incident message to a remote system; and recording the acquired message in the database.
    Type: Grant
    Filed: December 20, 2019
    Date of Patent: September 14, 2021
    Assignee: SAGEMCOM BROADBAND SAS
    Inventor: Thomas Landais
  • Patent number: 11108819
    Abstract: In one embodiment, a device in a network intercepts traffic sent from a first endpoint destined for a second endpoint. The device sends a padding request to the second endpoint indicative of a number of padding bytes. The device receives a padding response from the second endpoint, after sending the padding request to the second endpoint. The device adjusts the intercepted traffic based on the received padding response. The device sends the adjusted traffic to the second endpoint.
    Type: Grant
    Filed: October 7, 2019
    Date of Patent: August 31, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Blake Harrell Anderson, David McGrew
  • Patent number: 11100242
    Abstract: Techniques for access control of a data processing system are described. In one embodiment, in response to a request from an application for accessing a resource of a data processing system, it is determined a first class of resources the requested resource belongs. A second class of resources the application is entitled to access is determined based on a resource entitlement encoded within the application and authorized by a predetermined authority. The application is allowed to access the resource if the first class and the second class of resources are matched. The application is denied from accessing the resource if the first class and the second class are not matched, regardless an operating privilege level of the application.
    Type: Grant
    Filed: May 30, 2014
    Date of Patent: August 24, 2021
    Assignee: Apple Inc.
    Inventors: Ivan Krstic, Pierre-Olivier J. Martel, Austin G. Jennings
  • Patent number: 11102172
    Abstract: A transfer apparatus comprises: a first storage unit configured to store a whitelist for storing reliable information indicating that communication between a source address and a destination address is authorized; a second storage unit configured to store an addition list including a specific address not included in the reliable information and a valid period of the specific address; a receiving unit configured to receive data; a check unit configured to check whether either a destination address or a source address included in data within the valid period is the specific address; and a generation unit configured to generate specific reliable information indicating that communication between the destination address and the source address included in the data is authorized and register the generated specific reliable information to the whitelist in a case where the check unit confirms within the valid period that either address is the specific address.
    Type: Grant
    Filed: December 13, 2019
    Date of Patent: August 24, 2021
    Assignee: ALAXALA NETWORKS CORPORATION
    Inventors: Shunsuke Mori, Yoshihisa Tanaka, Keigo Uchizumi
  • Patent number: 11095507
    Abstract: A communication system includes multiple Point-of-Presence (POP) interfaces and one or more processors. The multiple POP interfaces are distributed in a Wide-Area Network (WAN) and are configured to communicate with at least a client and a server connected to the WAN. The one or more processors are coupled to the POP interfaces and are configured to (i) assign respective Internet Protocol (IP) addresses to the client and to the server, including embedding state information in the assigned IP addresses, and (ii) route traffic over the WAN between the client and the server, in a stateless manner, based on the state information embedded in the IP addresses.
    Type: Grant
    Filed: July 12, 2017
    Date of Patent: August 17, 2021
    Assignee: Proofpoint, Inc.
    Inventor: Etay Bogner
  • Patent number: 11088996
    Abstract: A network protocol and transit system that together provide data tunneling designed for anonymous and hidden delivery. The approach protects communications deliverability and attribution for users on any device and in any location, irrespective of the underlying operating environment. The solution provides for a fully “cloaked network” comprising zero-trust nodes, an onion routing-based bi-directional protocol with modular multi-layered encryption, evasive multi-pathing that leverages randomized ephemeral virtual circuit generation, and virtual rendezvous for person-to-person communications. The approach may be implemented “as-a-service,” in a hybrid/bridged network, on-premises, or otherwise.
    Type: Grant
    Filed: February 10, 2021
    Date of Patent: August 10, 2021
    Assignee: SecureCo, Inc.
    Inventors: Lawrence S. Spector, Eric B. Sackowitz, Chad Robinson, Alexey Potakhov
  • Patent number: 11088913
    Abstract: A network configuration (NC) computing device is provided. The NC computing device includes a processor in communication with a memory. The processor is configured to receive a command to initiate a configuration of a network device and present a questionnaire to a user about the network device. The questionnaire includes a plurality of questions about potential configurations of a network device. The processor is also configured to receive a plurality of responses from the user based on the questionnaire, generate a primary configuration file based on the plurality of responses, and transmit the primary configuration file to an installer device associated with the network device. The installer device is configured to install the primary configuration file on the network device.
    Type: Grant
    Filed: July 17, 2017
    Date of Patent: August 10, 2021
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventor: Michael G. Washenko
  • Patent number: 11082408
    Abstract: A packet-spreading data transmission system with anonymized endpoints facilitates enhanced fortified private communications between a plurality of arbitrary devices via a plurality of communication channels or networks. The data transmission system receives at a source endpoint device a message of arbitrary length. The message includes a destination address associated with a destination endpoint device. Both source endpoint device and the destination endpoint device are selected from a plurality of arbitrary devices. The received message are fragmented and agilely transmitted, via a plurality of communication channels, from the source endpoint device to the destination endpoint device.
    Type: Grant
    Filed: July 18, 2018
    Date of Patent: August 3, 2021
    Inventor: Michael T. Jones
  • Patent number: 11075892
    Abstract: A point-to-point Virtual Private Network (VPN) tunnel is established for facilitating fully cloaked transmission of a data packet from a source endpoint device to a destination endpoint device. The data packet includes a payload portion, an inner header, and an outer header. An ‘end-to-end key’, a ‘next-hop-destination key’ and a plurality of ‘next-hop’ keys are calculated. The end-to-end key is used at the source endpoint device and the destination endpoint device respectively to encrypt and decrypt the payload portion. The next-hop keys are used to encrypt the inner header during the hop-to-hop communication from one intermediary node to another, along the incrementally constructed path connecting the source endpoint device with the destination endpoint device. The encryption of the payload portion is maintained throughout the hop-to-hop communication regardless of the number of intermediary nodes traversed by the data packet en route to the destination endpoint device.
    Type: Grant
    Filed: March 21, 2019
    Date of Patent: July 27, 2021
    Assignee: COLORTOKENS, INC.
    Inventor: Natarajan Venkataraman
  • Patent number: 11070849
    Abstract: Live event production and distribution networks, systems, apparatuses and methods related thereto are described herein. The described innovations may be used not only to present live events to audiences, but to do so in a way that provides audience energy and feedback to the performer(s) (e.g., a band) in a manner akin to that which they receive during a traditional live performance, thereby energizing and motivating the performers to give the best live performance they can, even in the absence of a co-located live audience. Some or all of the audience members may be represented by a visual surrogate displayed on an audience feedback screen set up to be viewable by the performers. The screen may be sized to fill a curtain window of stage on which the performers are performing, and the performers may optionally interact with one or more people in the audience during the live performance.
    Type: Grant
    Filed: August 17, 2020
    Date of Patent: July 20, 2021
    Inventor: Zoltan Bathory
  • Patent number: 11070955
    Abstract: A network node (21), which is placed within a core network, receives a message from a transmission source (30) placed outside the core network. The message includes an indicator indicating whether or not the message is addressed to a group of one or more MTC devices attached to the core network. The network node (21) determines to authorize the transmission source (30), when the indicator indicates that the message is addressed to the group. Further, the message includes an ID for identifying whether or not the message is addressed to the group. The MTC device determines to discard the message, when the ID does not coincide with an ID allocated for the MTC device itself. Furthermore, the MTC device communicates with the transmission source (30) by use of a pair of group keys shared therewith.
    Type: Grant
    Filed: September 4, 2019
    Date of Patent: July 20, 2021
    Assignee: NEC CORPORATION
    Inventors: Xiaowei Zhang, Anand Raghawa Prasad
  • Patent number: 11061996
    Abstract: A cryptoprocessor has a processor core for receiving and executing instructions of a program code based on a program flow chart, a program memory unit which stores the program code with instructions in an individually encrypted format, wherein the respective instructions contain at least one instruction data word and an instruction data key allocated to the respective instruction, a respective instruction is encrypted using a program data key and the instruction data key of a respective preceding instruction, which is to be executed immediately beforehand in accordance with the program flow chart, and wherein the same instruction data key is allocated to the corresponding possible preceding instructions only in the event that a corresponding instruction in the program flow chart has a plurality of possible preceding instructions, the respective instruction data keys otherwise being unique to the instruction. A decryption unit is also described.
    Type: Grant
    Filed: January 28, 2016
    Date of Patent: July 13, 2021
    Inventors: Oliver Stecklina, Peter Langendorfer
  • Patent number: 11062049
    Abstract: Aspects described herein are directed to the concealment of customer sensitive data in virtual computing arrangements. A local computing platform may receive an object including a customer sensitive object name from a user computing device operating on a same internal domain as the local computing platform. The local computing platform may conceal the customer sensitive object name from a virtual computing platform operating on a domain external from the internal domain. The local computing platform may provide the concealed object name to the virtual computing platform for facilitating object enumeration requests from the user computing device during virtual computing sessions. During a virtual computing session between the user computing device and virtual computing platform, the local computing platform may receive the concealed object name from the user computing device and may perform one or more operations to reveal the object name to the user computing device.
    Type: Grant
    Filed: April 30, 2018
    Date of Patent: July 13, 2021
    Assignee: Citrix Systems, Inc.
    Inventors: Simon Frost, William Charnell
  • Patent number: 11057324
    Abstract: A method for analyzing an attachment of an electronic mail (e-mail) transmitted from an external network may include intercepting the e-mail comprising the attachment intended for a recipient. The method may include analyzing the attachment for encryption to identify an encrypted attachment. The method may include determining whether the encrypted attachment has been received previously by the recipient by comparing a hash corresponding to the encrypted attachment against a plurality of hashes stored in an attachment repository. The method may include attempting to open the encrypted attachment using a password from a password repository comprising a plurality of known passwords. The method may include extracting the encrypted attachment from the e-mail upon failing to open the encrypted attachment using the plurality of known passwords. The method may include redirecting the recipient to an interface configured to prompt the recipient for a new password that is associated with the encrypted attachment.
    Type: Grant
    Filed: July 2, 2020
    Date of Patent: July 6, 2021
    Assignee: SAUDI ARABIAN OIL COMPANY
    Inventor: Urfan Ahmed
  • Patent number: 11055419
    Abstract: A decentralized data authentication system integrates blockchain technologies, independent verification software, a decentralized certificate authority system implemented in the cloud, and a centralized redundant database system that together form data portability systems and data longevity systems that enable the creation of integrated lifetime health records that can be accessed by the patient, provider, and payer using public/private keys. Data portability is provided through creation of a decentralized certificate authority system that allows users to sign and later verify data that has been offline. The decentralized certificate authority system also enables tracking of data and timestamping of data via a neutral timestamping mechanism, such as the blockchain, that cannot be altered.
    Type: Grant
    Filed: November 28, 2018
    Date of Patent: July 6, 2021
    Assignee: Alan Health and Science
    Inventors: Christopher Williams, Joseph A. Fiscella, Anita M. Williams Galiano
  • Patent number: 11051163
    Abstract: A system for one-click two-factor includes a processor and a non-transitory, tangible, computer-readable storage medium having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations including: (i) receiving an access request from a user, the access request including a first authentication factor; (ii) generating a second authentication factor and a hyperlink that includes the second authentication factor; (iii) providing the hyperlink that includes the second authentication factor to a client device associated with the user; (iv) automatically receiving the second authentication factor in response to selection of the hyperlink by the user; and (v) verifying the first authentication factor and the second authentication factor to authenticate the identity of the user.
    Type: Grant
    Filed: May 11, 2018
    Date of Patent: June 29, 2021
    Assignee: BLUEOWL, LLC
    Inventors: Charles B. Smith, Charles O. Schwabacher, Theobolt N. Leung, Daniel O'Shea
  • Patent number: 11050722
    Abstract: An information processing device using a primary function provided by a first server, includes a processor configured to receive, from the first server, access destination data effecting redirection to a second server providing a secondary function to be used by the primary function, send key data for encryption to the second server by adding the key data for encryption to the access destination data, transferring the access destination data to a browser, and redirecting the browser, and decrypt encrypted data based on at least a part of a response by the secondary function, the encrypted data being included in a response by the primary function, by using key data for decryption, the key data for decryption being adapted to the key data for encryption.
    Type: Grant
    Filed: September 10, 2018
    Date of Patent: June 29, 2021
    Assignee: FUJITSU LIMITED
    Inventor: Bintatsu Noda
  • Patent number: 11050650
    Abstract: A device may determine internet protocol (IP) traffic monitoring criteria and may monitor IP traffic based on the IP traffic monitoring criteria. The device may update, based on monitoring the IP traffic, a table of currently active IP traffic flows and may update, based on the table of currently active IP traffic flows, an address resolution protocol (ARP) packet filter. The device may receive one or more ARP packets from a different device and may determine whether to accept or discard the one or more ARP packets based on the ARP packet filter. The device may update an ARP table based on determining to accept the one or more ARP packets.
    Type: Grant
    Filed: May 23, 2019
    Date of Patent: June 29, 2021
    Assignee: Juniper Networks, Inc.
    Inventor: Shijo Thomas
  • Patent number: 11050629
    Abstract: A system for determining fingerprints includes an interface to receive an indication to determine fingerprints using a set of client data, and a processor to determine a set of indicators based at least in part on the client data and for one or more indicators of the set of indicators, determine whether the indicator comprises a fingerprint based at least in part on a frequency analysis, and in the event it is determined that the indicator comprises a fingerprint, store the fingerprint in a fingerprint database associated with the client.
    Type: Grant
    Filed: November 3, 2016
    Date of Patent: June 29, 2021
    Assignee: Palo Alto Networks, Inc.
    Inventors: Timothy Junio, Matthew Kraning
  • Patent number: 11037162
    Abstract: A method for preventing duplicate processing of a payment transaction includes: generating a first data structure with a first predetermined time interval and generating a second data structure with a second predetermined time interval. A first overlap region and second overlap region of the first and second predetermined time interval are defined by a same time interval. The method includes receiving first transaction data associated with a first payment transaction, receiving second transaction data associated with a second payment transaction, and determining based on a first transaction ID and a second transaction ID, that the second payment transaction is a duplicate of the first payment transaction. A computer program product and system for preventing duplicate processing of a payment transaction are also disclosed.
    Type: Grant
    Filed: May 14, 2018
    Date of Patent: June 15, 2021
    Assignee: Visa International Service Association
    Inventor: Jie Zhang
  • Patent number: 11025420
    Abstract: Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).
    Type: Grant
    Filed: May 2, 2019
    Date of Patent: June 1, 2021
    Assignee: Amazon Technologies, Inc.
    Inventor: Steven Preston Lightner Norum
  • Patent number: 11019488
    Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: May 25, 2021
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Noamen Ben Henda, Christine Jost, Monica Wifvesson, Karl Norrman
  • Patent number: 11017071
    Abstract: An information handling system includes a processor, a peripheral component interconnect express (PCIe) endpoint, and a PCIe downstream port. The PCIe downstream port blocks PCIe vendor-defined messages (VDMs) from the PCIe endpoint as a default mode, changes to a second mode in response to the PCIe endpoint being verified, and allows PCIe VDMs from the PCIe endpoint while in the second mode.
    Type: Grant
    Filed: August 2, 2018
    Date of Patent: May 25, 2021
    Assignee: Dell Products L.P.
    Inventors: Austin P. Bolen, Mukund Pushottam Khatri, Kevin T. Marks, Manjunath Am
  • Patent number: 11012318
    Abstract: Among other things, embodiments of the present disclosure can collect and analyze asset and network data from multiple sources, and use such data to present a more complete and accurate representation of the network connections between various systems and software applications and the policies dictating the operation of security controls on a network compared to conventional systems.
    Type: Grant
    Filed: March 2, 2018
    Date of Patent: May 18, 2021
    Assignee: Catbird Networks, Inc.
    Inventor: Malcolm Rieke
  • Patent number: 11005823
    Abstract: Computer implemented systems and methods are provided for securing data. In some embodiments, a system for securing data may comprise one or more processors configured to receive a request for data over a network. The one or more processors may be configured to identify one or more confidential portions of data within the requested data. The one or more processors may be further configured to transmit the confidential portions of data to a hardware device configured to secure the confidential portions of data, and receive the secured data from the hardware device.
    Type: Grant
    Filed: November 29, 2017
    Date of Patent: May 11, 2021
    Assignee: Capital One Services, LLC
    Inventors: Attaullah Baig, Vishal Parikh
  • Patent number: 11003681
    Abstract: According to one embodiment, there is provided an anonymization system including at least one encryption apparatus, an anonymization apparatus, and a decryption apparatus. The encryption apparatus store personal data including one or more values for each item, and generates encrypted data from the personal data by encrypting the one or more values for each item included in the personal data. The anonymization apparatus generates encrypted anonymized data from the encrypted data without decryption by anonymizing one or more values for at least a portion of the items of the encrypted data. The decryption apparatus generates anonymized data from the encrypted anonymized data by decrypting the encrypted anonymized data.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: May 11, 2021
    Assignees: Kabushiki Kaisha Toshiba, Toshiba Solutions Corporation
    Inventors: Masanobu Koike, Yoshihiro Fujii
  • Patent number: 10992654
    Abstract: A method is performed by an access router of an enterprise network including a first edge router to communicate with a second edge router over a wide area network (WAN). The method includes receiving a packet from a first endpoint, receiving from a mapping service a network location of a second edge router for which the packet is destined and a security association (SA) to encrypt the packet from the access router to the second edge router, and generating for the first edge router one or more path selectors for WAN path selection. The method includes encrypting the packet using the SA, and adding to the encrypted IP packet, in clear text, the path selectors and outer encapsulation including the network location, to produce an encrypted tunnel packet. The method also includes forwarding the encrypted tunnel packet to the second edge router via the first edge router and the WAN.
    Type: Grant
    Filed: August 17, 2018
    Date of Patent: April 27, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Syed Khalid Raza, Mosaddaq Hussain Turabi, Fabio Rodolfo Maino, Vina Ermagan, Atri Indiresan
  • Patent number: 10979495
    Abstract: The present technology relates to an information processing apparatus, an information processing method, and an information processing system capable of achieving appropriate load balancing in a case where a plurality of proxies is installed. The information processing apparatus functions as a proxy that receives a content stream distributed for each of a plurality of services and transmits the content stream to a client device connected to a network, the proxy being configured to function as a master proxy for a slave proxy, and determines a service coverage range corresponding to a predetermined policy, for each of the proxies, making it possible to achieve appropriate load balancing in a case where a plurality of proxies is installed. The present technology can be applied to, for example, an FW proxy device connected to the network such as a home LAN, a head end of a cable operator, and a base station of a mobile network.
    Type: Grant
    Filed: August 15, 2017
    Date of Patent: April 13, 2021
    Assignee: Saturn Licensing LLC
    Inventor: Yasuaki Yamagishi
  • Patent number: 10979398
    Abstract: Embodiments of the present disclosure help protect network devices from unauthorized access. Among other things, embodiments of the disclosure allow full access to application servers and other network devices that a client is allowed to access, while preventing all access (or even knowledge) of network devices the client is not allowed to access.
    Type: Grant
    Filed: December 3, 2018
    Date of Patent: April 13, 2021
    Assignee: Cryptzone North America, Inc.
    Inventors: Kurt Glazemakers, Malcolm Hamilton, Gokhan Berberoglu
  • Patent number: 10972478
    Abstract: The present disclosure relates to a data processing method and apparatus, a terminal and an access point computer, which can achieve an effect that the terminal accesses multiple access points at the same time. The method includes: receiving an application access request; determining a target access point corresponding to the application access request according to a mapping relationship between the access point and an application server obtained from a blockchain network; sending a software defined perimeter SDP authentication request to the target access point; and after the SDP authentication succeeds, performing interaction of application data through a data channel established with the target access point, wherein the data channel has a period of validity of a preset time length.
    Type: Grant
    Filed: September 11, 2019
    Date of Patent: April 6, 2021
    Inventors: Hongfu Pang, Min Chen, Yang Zhou
  • Patent number: 10965654
    Abstract: A device may monitor traffic associated with a user equipment (UE) on multiple interfaces of a network. The device may determine an identity associated with the UE or the traffic on the multiple interfaces by correlating identifiers associated with the UE or the traffic across the multiple interfaces. The identity may uniquely identify a subscriber associated with the UE or the traffic. The device may determine a set of elements to be used to decipher the traffic after determining the identity associated with the UE or the traffic. The device may decipher the traffic utilizing the set of elements after determining the set of elements.
    Type: Grant
    Filed: July 13, 2018
    Date of Patent: March 30, 2021
    Assignee: VIAVI Solutions Inc.
    Inventors: Andrew Munro, Gordon Fortune, Jun Liu, Xiang Zhou, Eng Wei Koo
  • Patent number: 10958416
    Abstract: In some examples, a system for executing instructions can include a processor to detect data to be transmitted to a storage device in response to a write operation. The processor can also determine that the data comprises a compressible characteristic that enables compression of the data to a size below a threshold value. Additionally, the processor can generate a modified data block by encrypting the compressed data, and adding a padding to the compressed and encrypted data. Furthermore, the processor can transmit the modified data block to the storage device.
    Type: Grant
    Filed: November 26, 2018
    Date of Patent: March 23, 2021
    Assignee: International Business Machines Corporation
    Inventors: Michael Factor, Danny Harnik, Ronen Itshak Kat
  • Patent number: 10956872
    Abstract: A method of handling a message comprises receiving a message comprising content such as keywords, receiving a selection of one or more recipients for the message, identifying that at least one recipient is unfamiliar with a portion of the message, and notifying the composer of the message of the portion.
    Type: Grant
    Filed: October 11, 2011
    Date of Patent: March 23, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Liam Harpur, Mark Kelly, John Rice
  • Patent number: 10956567
    Abstract: A control device of an integrated industrial system which is established in a plant, the control device includes a defender configured to perform a countermeasure of restricting at least a part of functions of a self-device, based on a detection result of a detector which detects a cyber-attack from at least one of inside and outside to the integrated industrial system.
    Type: Grant
    Filed: December 9, 2016
    Date of Patent: March 23, 2021
    Assignee: Yokogawa Electric Corporation
    Inventors: Toshiki Ogawa, Kazuya Suzuki, Yasuhiko Yamashiro, Sho Fujita, Kenji Hasegawa, Taro Kemmotsu, Yuichiro Kadowaki
  • Patent number: 10944834
    Abstract: A socket service may be used to link a peer socket to another peer socket. The peer socket is for communicating data to and from a client device and the other peer socket is for communicating data to and from another client device. If a socket opens and the corresponding peer socket is not yet open then the socket waits for the corresponding peer socket to open. When a client device requests a socket to be opened, the client device requests a particular client-defined function mapping to be associated with the socket. When the socket is opened, the endpoint specified in the client-defined function mapping is invoked. An identifier associated with the client device is sent to the endpoint. If the endpoint returns a socket identifier for another socket, then the socket service links the peer socket to the other peer socket, linking the client device to another client device.
    Type: Grant
    Filed: December 27, 2016
    Date of Patent: March 9, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Christoph Saalfeld, Tristam Kyle MacDonald, Gary Wicker, Justin Robert Knoepfler, Kyle Michael Roche, Frank Lovecchio, Bryant Cutler, Qing Ju, Shyam Krishnamoorthy, Alexandra Elizabeth Baoboe Lee
  • Patent number: 10924302
    Abstract: An integrated communication system and a service provisioning method thereof are provided. The integrated communication system includes a core network entity, a service provisioning system and an intermediary apparatus. The core network entity is resided in the mobile network. The service provisioning system is conformed to a wired network other than the mobile network. The intermediary apparatus is connected between the core network entity and the service provisioning system. The intermediary apparatus receives a configuration data with a first format conformed to the wired network from the service provisioning system, and transforms the configuration data into a configuration command with a second format conformed to the mobile network. The core network entity operates according to the configuration command. Accordingly, an operator of the wired network can manage network entities and network devices in the mobile network without knowledge of operation support system (OSS) platform of the mobile network.
    Type: Grant
    Filed: June 6, 2019
    Date of Patent: February 16, 2021
    Assignee: Sercomm Corporation
    Inventors: Chaoyang Sun, Ben Lin
  • Patent number: 10916217
    Abstract: An electronic device includes a memory; a communication interface; and a processor configured to: based on a source device connected through the communication interface being identified to support a version of content transmission encryption, change first Extended Display Identification Data (EDID) information stored in the memory to second EDID information; and change a hot plug detect signal related to the communication interface from a low state to a high state.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: February 9, 2021
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventor: Sungbo Oh
  • Patent number: 10911223
    Abstract: A method and system of creating and managing encryption keys that facilitates sharing of encrypted content. The system may include an information management system with a key management server and a computing device having an encryption service module. The encryption service module detects operations at the computing device and encrypts a document with an encryption key created using user information and a secret.
    Type: Grant
    Filed: December 30, 2019
    Date of Patent: February 2, 2021
    Assignee: NextLabs, Inc.
    Inventors: Keng Lim, Poon Fung
  • Patent number: 10909195
    Abstract: A computing device includes an interface configured to interface and communicate with a communication system, a memory that stores operational instructions, and processing circuitry operably coupled to the interface and to the memory that is configured to execute the operational instructions to perform various operations. The computing device monitors navigation activity of another computing device with website(s) to generate client navigation history and server navigation history. The computing device also facilitates storage of the client navigation history based on a first blockchain and storage of the server navigation history based on a second blockchain. Based on a request to deliver tailored content from a website to the computing device, the computing device determines whether the client navigation history based on the first blockchain compares favorably to the server navigation history based on the second blockchain and selectively delivers or blocks the tailored content.
    Type: Grant
    Filed: January 5, 2018
    Date of Patent: February 2, 2021
    Assignee: International Business Machines Corporation
    Inventors: Kelley Anders, Jonathan Dunne, Liam S. Harpur, Jeremy R. Fox
  • Patent number: 10904217
    Abstract: A source virtual private network (VPN) gateway supports a local source subnet and communicates over a wide area network (WAN) with a destination VPN gateway that supports a local destination subnet. The source VPN gateway receives from the local source subnet an Internet Protocol (IP) packet destined for the local destination subnet, determines a security association (SA) based on a source IP address and a destination IP address of the IP packet, and encapsulates the IP packet with tunnel encapsulation including a tunnel protocol header and a tunnel outer IP header, to produce a clear-text tunnel packet. The source VPN gateway encrypts the IP packet and the tunnel protocol header but not the tunnel outer IP header using an encryption key and a security parameter index for the SA, to produce an encrypted tunnel packet, and tunnels it to the destination VPN gateway over the WAN.
    Type: Grant
    Filed: May 31, 2018
    Date of Patent: January 26, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Michael L. Sullenberger, Brian Weis, Warren Scott Wainner, Shuxian Lou
  • Patent number: 10893126
    Abstract: Method and apparatus to provide protocol translation and selectable data exchange in a client/server system are provided. A tag list is extracted from a legacy client device 116 connected to a legacy server 114 using a protocol corresponding to the legacy server. A configuration manager device 120 is used to configure the extracted tag list to obtain a selected tag list excerpt of the extracted tag list. The configuring device is arranged to map the selected tag list excerpt to a configuration adapted for a respective 112 server, and to define contextualization. Server 112 provides industrial automation services using a next-generation protocol, e.g., OPC UA or MTConnect. A tag list is generated to configure server 112. A stream of data points of the selected tag list excerpt of the tag list extracted from the legacy client device is transferred to one or more client devices 124 connected to server 112.
    Type: Grant
    Filed: March 21, 2019
    Date of Patent: January 12, 2021
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Naveen Kumar Singa, Anant Kumar Mishra, Joseph Kernich
  • Patent number: 10880334
    Abstract: A method for securely connecting to a remote server that provides improved Internet security. In the method, a client receives a request to connect to a remote server associated with a domain name. The client, when resolving the domain name, determines whether the remote server supports at least one predetermined IP layer security protocol. The client performs a key exchange protocol with the remote server to generate at least one shared secret in response to determining that the remote server supports the at least one predetermined IP layer security protocol. The client connects to the remote server using the at least one shared secret in the IP layer security protocol.
    Type: Grant
    Filed: June 19, 2019
    Date of Patent: December 29, 2020
    Assignee: QUALCOMM Incorporated
    Inventors: Jeffree Froelicher, Lalitha B. S. Suryanarayana, Giridhar Mandyam
  • Patent number: 10878122
    Abstract: According to examples, an apparatus may include a processor and a memory on which is stored machine readable instructions to cause the processor to access network traffic traces including a plurality of timestamps, the plurality of timestamps having an order with respect to each other. The instructions may also cause the processor to encrypt the plurality of timestamps to anonymize the plurality of timestamps while preserving the order of the plurality of timestamps with respect to each other and to store the encrypted plurality of timestamps in a data store.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: December 29, 2020
    Assignee: MICRO FOCUS LLC
    Inventors: Pratyusa K. Manadhata, Martin Arlitt, Muhammad Ihsanulhaq Sarfraz
  • Patent number: 10868811
    Abstract: A proxy server mitigates security risks of user credentials sent across a network in clear text. The proxy server encrypts user credentials within a client application request destined for an application server. The proxy server forwards the client application request to the application server. The application server sends the encrypted user credentials to the proxy server where the proxy server decrypts the user credentials and authenticates the user credentials with an authentication server.
    Type: Grant
    Filed: November 5, 2018
    Date of Patent: December 15, 2020
    Assignee: Bitglass, Inc.
    Inventors: Anurag Kahol, Anoop Kumar Bhattacharjya, Balas Natarajan Kausik
  • Patent number: 10867092
    Abstract: Technologies are provided in embodiments including a memory element to store a payload indicating an action to be performed associated with a remote action request (RAR) and a remote action handler circuit to identify the action to be performed, where the action includes invalidating one or more entries of a translation lookaside buffer (TLB), determine that the logical processor entered an enclave mode during a prior epoch, perform one or more condition checks on control and state pages of the enclave mode, and based on results of the one or more condition checks, adjust one or more variables associated with the logical processor to simulate the logical processor re-entering the enclave mode. Specific embodiments include the remote action handler circuit to invalidate an entry of the TLB based, at least in part, on the results of the one or more condition checks.
    Type: Grant
    Filed: December 16, 2017
    Date of Patent: December 15, 2020
    Assignee: Intel Corporation
    Inventors: Dror Caspi, Ido Ouziel
  • Patent number: 10860727
    Abstract: Methods, systems, and devices for mass encryption management are described. In some database systems, users may select encryption settings for storing data records at rest. A database may receive a request to perform an encryption process on multiple data records corresponding to a user, for example, based on a user input or a change in encryption settings. A database server may partition the data records for encryption (e.g., encryption, decryption, key rotation, or scheme modification) into one or more data record groups of similar sizes, and may perform the encryption process on one record group at a time (e.g., to reduce overhead in the system). The database server may additionally support restricting user access to the data records being actively processed, estimating resources needed for the processing, determining data record encryption statuses to be displayed by a user device, or some combination of these features.
    Type: Grant
    Filed: October 29, 2019
    Date of Patent: December 8, 2020
    Assignee: salesforce.com, inc.
    Inventors: Alexandre Hersans, Je Woong Heo, Yunjia Zhou, Aleksandr Alexander, Assaf Ben Gur
  • Patent number: 10855663
    Abstract: A method for encrypting data when a device is offline is disclosed. In the method, a determination is made as to whether a successful connection with a remote server computer can or cannot be made. If a connection cannot be made, then data can be encrypted with an ephemeral public key. Later, then a connection is available, the encrypted data can be transmitted to the remote server computer for processing.
    Type: Grant
    Filed: October 25, 2019
    Date of Patent: December 1, 2020
    Assignee: Visa International Service Association
    Inventors: Rhidian John, Bartlomiej Piotr Prokop, Michael Palmer
  • Patent number: 10848442
    Abstract: For secure transport, when receiving a plurality of packets from a root complex where contents of each packet from the plurality of packets organized in accordance with a first protocol, a sequence number is added to each packet and a packet type is identified. Every packet in the first plurality of packets is encrypted and encapsulated into at least one packet organized in accordance with a second protocol to form a second plurality of packets organized in accordance with the second protocol. All the packets from the second plurality of packets are sent via a plurality of connections so that each connection from the plurality of connections only transports packets from the second plurality of packets that encapsulate packets from the first plurality that have a same packet type.
    Type: Grant
    Filed: June 3, 2020
    Date of Patent: November 24, 2020
    Assignee: Missing Link Electronics, Inc.
    Inventors: Nils Endric Schubert, David Epping, Andreas Braun, Ulrich Langenblach
  • Patent number: 10841341
    Abstract: A method for performing policy-based configuration of IPSec for a VPN is provided. According to one embodiment, a request for a VPN connection to be established between a network device and a peer network device is received by the network device from the peer network device. Responsive to receipt of the request, the VPN connection is established by the network device in accordance with a policy associated with the request without requiring manual entry of VPN settings by a network administrator of the network device. The policy includes multiple VPN settings for the VPN connection and is configured by a network administrator of the peer network device via a policy page displayed to the network administrator via a user interface of the peer network device.
    Type: Grant
    Filed: March 8, 2017
    Date of Patent: November 17, 2020
    Assignee: Fortinet, Inc.
    Inventor: Robert A. May