Particular Node (e.g., Gateway, Bridge, Router, Etc.) For Directing Data And Applying Cryptography Patents (Class 713/153)
  • Patent number: 12039069
    Abstract: A computer implemented method can receive a metadata definition of a restricted measure pertaining to a database including a plurality of database tables. The restricted measure has a label, and the metadata definition includes one or more filter criteria configured to filter values contained in the plurality of database tables. In a report designer user interface for a report, the method can present the label of the restricted measure as an option based on the metadata definition. The method can receive a selection of the label of the restricted measure in the report designer user interface. Responsive to the selection, the method can link the metadata definition of the restricted measure to the report. When generated, the report requests access to the values contained in the plurality of database tables via application of the one or more filter criteria of the metadata definition.
    Type: Grant
    Filed: January 24, 2022
    Date of Patent: July 16, 2024
    Assignee: SAP SE
    Inventor: Rahul Tiwari
  • Patent number: 12041037
    Abstract: Techniques for sharing private data objects in a trusted execution environment using a distributed ledger are described. The techniques described herein may enable sharing of data objects, referred to herein as private data objects (PDOs), between individuals and organizations with access and update policies mediated by execution of code (referred to herein as a “smart contract”) carried with the PDO in a secure enclave. A distributed ledger may serve as a “public commit log” to ensure that there is a single, authoritative instance of the object and provide a means of guaranteeing atomicity of updates across interacting objects.
    Type: Grant
    Filed: August 16, 2023
    Date of Patent: July 16, 2024
    Assignee: INTEL CORPORATION
    Inventors: Mic Bowman, Andrea Miele, James P. Held, Anand Rajan
  • Patent number: 12034851
    Abstract: Aspects of the present disclosure relate to transaction security techniques. In examples, a resource platform causes a set of executable verification instructions associated with an authorization processor to be executed by a user computing device. The verification instructions may be encrypted by the authorization processor for decryption by the user computing device. The verification instructions may generate verification information associated with the user computing device. In some instances, the verification information may be encrypted for decryption by the authorization processor. The encrypted verification instructions may be provided to the authorization processor (e.g., via the resource platform), such that the authorization processor may provide an indication to the resource platform as to whether the verification is verified.
    Type: Grant
    Filed: July 21, 2021
    Date of Patent: July 9, 2024
    Assignee: EBAY INC.
    Inventors: Scott Sharp, Alagu Muthuraman, Phanisri Kuchibotla, David Gandhi, Mahendar Madhavan
  • Patent number: 12034833
    Abstract: The present embodiments relate to systems and methods for using a blockchain to record information related to the lifecycle of a vehicle associated with a Vehicle Identification Number (VIN). For example, the VIN lifecycle process may be used to develop safety-feature based insurance models. The systems and methods may include calculating a safety rating for a safety feature based upon data accessed at a blockchain. The safety rating may be used to generate a product associated with a new vehicle type, such as an insurance product covering the new vehicle type. The systems and methods described herein may allow for using a blockchain which gives the option for private information, and permissioned participants in the blockchain. In particular, the systems and methods may allow for a distributed consensus amongst businesses, consumers, and authorities, as to the validity of information and transactions stored on the blockchain.
    Type: Grant
    Filed: September 16, 2022
    Date of Patent: July 9, 2024
    Assignee: STATE FARM MUTUAL AUTOMOBILE INSURANCE COMPANY
    Inventors: William J. Leise, Douglas A. Graff, Stacie A. McCullough, Shawn M. Call, Eric Bellas, Jaime Skaggs, Jacob J. Alt, Eric R. Moore, Vicki King
  • Patent number: 12034320
    Abstract: An authentication method for authenticating a wireless power transmitter to a wireless power receiver includes receiving a SSP value, an ID, and a random number RND from a wireless power receiver; determining an index based on the RND; choosing a base code from a set of base codes according to the index; determining a secure code from the base code, the index, the RND, the SSP value, and the ID; and transmitting the secure code to the wireless power receiver. A further method includes receiving a secure code from the wireless power transmitter; retrieving an index from the secure code; determining a base code from a set of base codes according to the index; calculating a second secure code; and authenticating the wireless power transmitter by comparing the secure code and the second secure code.
    Type: Grant
    Filed: May 14, 2021
    Date of Patent: July 9, 2024
    Assignee: Renesas Electronics America Inc.
    Inventors: Changjae Kim, Damla Acar, Adnan Dzebic, Pooja Agrawal, Sophia Yi
  • Patent number: 12032567
    Abstract: Some embodiments of the invention provide a method for defining code-based policies. The method generates a policy-builder first view of a policy for display in a graphical user interface (GUI) by processing a syntax tree that is generated from a code second view of the policy. The method receives, through the policy-builder first view, a modification to a portion of the policy. To reflect the modification, the method updates a portion of the syntax tree that corresponds to the portion of the policy that is affected by the modification. Based on the updating of the syntax tree, the method updates the code second view by modifying a portion of the code second view that corresponds to the updated portion of the syntax tree.
    Type: Grant
    Filed: February 24, 2023
    Date of Patent: July 9, 2024
    Assignee: STYRA, INC.
    Inventors: Torin Sandall, Timothy L. Hinrichs
  • Patent number: 12032933
    Abstract: The present disclosure discloses a compiling system for a compiling system and a compiling method for a programmable network element.
    Type: Grant
    Filed: October 26, 2023
    Date of Patent: July 9, 2024
    Assignee: ZHEJIANG LAB
    Inventors: Lei Xue, Tao Zou, Ruyun Zhang, Jun Zhu
  • Patent number: 12034703
    Abstract: Some embodiments described herein relate managing communications between an origin and a destination using end-user and/or administrator configurable virtual private network(s) (VPN(s)). A first VPN that defines a first data path between an origin and a destination can be defined at a first time. A second VPN that defines a second, different data path between the origin and the destination can defined at a second time. Each packet sent across the first VPN and each packet sent across the second VPN can follow the same data path for that VPN, such each packet can be sent across the first VPN or the second VPN in the order it was received, and the transition between the first VPN and the second VPN can be “seamless,” and communications between the origin and the destination are not disrupted between the first time period and the second time period.
    Type: Grant
    Filed: April 17, 2023
    Date of Patent: July 9, 2024
    Assignee: Conceal, Inc.
    Inventor: Ira A. Hunt, IV
  • Patent number: 12034857
    Abstract: A permissioned blockchain is used in a lawful interception, LI, context. Participants include a law enforcement agency, LEA, function, a LI mediation and delivery function, MF/DF, and an intercepting network function. A smart contract registered in the blockchain includes conditions associated with intercept related information, IRI, and/or communication content, CC, transactions. Registration is made in the blockchain of IRI and/or CC transactions performed by the participants during LI of a communication between two entities in a telecommunication network. The registered IRI and/or CC transactions are propagated among the participants and the smart contract is executed to verify whether or not the registered IRI and/or CC transactions are compliant with the smart contract. The participants are then informed about whether or not the registered IRI and/or CC transactions are compliant with the smart contract.
    Type: Grant
    Filed: July 13, 2018
    Date of Patent: July 9, 2024
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Amedeo Imbimbo, Laura Pappacena, Pompeo Santoro
  • Patent number: 12028234
    Abstract: A conversion device analyzes an input packet and acquires header information included in the packet. Furthermore, the conversion device classifies packets into one of a plurality of groups on the basis of the acquired header information and set grouping conditions. Subsequently, the conversion device generates packets for analysis on the basis of the processing corresponding to the classified groups.
    Type: Grant
    Filed: February 16, 2021
    Date of Patent: July 2, 2024
    Assignee: Nippon Telegraph and Telephone Corporation
    Inventors: Takeaki Nishioka, Chiharu Morioka, Shohei Kamamura, Yuhei Hayashi, Yuki Miyoshi
  • Patent number: 12026391
    Abstract: A copy control device for controlling a data copy between a plurality of cloud systems each including one or a plurality of storage devices collects predetermined information for determining data duplication between storage devices, accepts a copy process request for a data copy from a storage device in a copy source cloud system to a copy destination storage device in a different cloud system, determines duplication between copy target data designated in the copy process request and data in the different cloud system on the basis of the collected predetermined information, instructs the different cloud system to copy duplicate data from the storage device having the duplicate data to the copy destination storage device, and instructs the copy source cloud system to copy remaining data of the copy target data to the copy destination storage device.
    Type: Grant
    Filed: September 8, 2022
    Date of Patent: July 2, 2024
    Assignee: Hitachi, Ltd.
    Inventors: Kazuei Hironaka, Kenta Sato
  • Patent number: 12028444
    Abstract: An ultra low power network device is disclosed. The network device utilizes a Near Field Communications (NFC) tag to enable ultra low power communications with a configuration tool. The configuration tool writes information to the NFC tag that is accessible by the processing unit on the ultra low power network device. Additionally, the processing unit can write information into the NFC tag that is readable by the configuration tool. By exchanging messaged in this manner, the ultra low power network device and the configuration tool may create a shared encryption key. The ultra low power network device utilizes this shared encryption key when transmitting BLUETOOTH® packets. The configuration tool may then transmit the shared encryption key to either another BLUETOOTH® device or to a remote server. The ultra low power network device may also periodically refresh the shared encryption key.
    Type: Grant
    Filed: March 21, 2022
    Date of Patent: July 2, 2024
    Assignee: Silicon Laboratories Inc.
    Inventor: Hannu Mallat
  • Patent number: 12028466
    Abstract: Method for utilizing a communication line certificate corresponding to a first device and a second device for a communication line, each of the first and second devices including a hardware processor and associated memory includes: creating a unique ID, by a third electronic device; transmitting the unique ID to the first generating a digitally signed request by the first device, wherein the digitally signed request comprises a first proof of an association of the first device to the communication line; transmitting the digitally signed request to the second device; verifying the first proof by the second device to produce a first verification of the association of the first device to the communication line; and generating a digitally signed acceptance by the second device, wherein the digitally signed acceptance comprises a second proof of an association of the second device to the communication line.
    Type: Grant
    Filed: July 19, 2023
    Date of Patent: July 2, 2024
    Assignee: T-CENTRAL, INC.
    Inventors: David William Kravitz, Donald Houston Graham, III, Josselyn Lee Boudett, Russell S. Dietz, James Jones, Jamie Lynn Juarez
  • Patent number: 12021972
    Abstract: Methods, systems, and apparatus, including a method for determining network measurements. In some aspects, a method includes receiving, by a first aggregation server and from each of multiple client devices, encrypted impression data. A second aggregation server received from each of at least a portion of the multiple client devices, conversion data that includes, for each conversion recorded by the client device, encrypted conversion value data. The first aggregation server and the second aggregation server perform a multi-party computation process to decrypt the encrypted impression data and the encrypted conversion data.
    Type: Grant
    Filed: December 14, 2020
    Date of Patent: June 25, 2024
    Assignee: Google LLC
    Inventors: Gang Wang, Marcel M. Moti Yung
  • Patent number: 12021728
    Abstract: The present invention provides a debugging system, which is embedded on a forwarding path of a module and includes a service flow matching module and a service flow debug execution module. The service flow matching module receives and analyzes a message, and determines a service flow type and a debugging mean involving the message according to a dynamic service flow type association table, wherein the dynamic service flow type association table includes a corresponding service flow type and a corresponding debugging mean involving the message. The service flow debug execution module executes the corresponding debugging means for the message according to a determination result from the service flow snatching module.
    Type: Grant
    Filed: July 12, 2022
    Date of Patent: June 25, 2024
    Assignee: AIROHA TECHNOLOGY (SUZHOU) LIMITED
    Inventor: Xi-Yang Zhu
  • Patent number: 12021848
    Abstract: Systems, methods, and apparatus for satellite operations with a secure enclave for secure hosted payload operations are disclosed. In one or more embodiments, a disclosed method for payload operations comprises receiving, by a command receiver on a vehicle (e.g., a satellite), host commands from a host spacecraft operations center (SOC). The method further comprises reconfiguring a host payload on the vehicle according to the host commands. Also the method comprises transmitting, by a telemetry transmitter on the vehicle, host payload telemetry to the host SOC. In addition, the method comprises receiving, by a payload antenna on the vehicle, hosted commands from a secure enclave of the host SOC. Additionally, the method comprises reconfiguring a hosted payload on the vehicle according to the hosted commands. Further, the method comprises transmitting, by the payload antenna, host payload data, hosted payload data, and hosted telemetry to the secure enclave of the host SOC.
    Type: Grant
    Filed: May 10, 2023
    Date of Patent: June 25, 2024
    Assignee: The Boeing Company
    Inventors: Robert J. Winig, Yi-Feng J. Chen
  • Patent number: 12015912
    Abstract: Disclosed here is a system and method to determine which wireless telecommunication network functionalities are impaired when using end-to-end encryption and to ameliorate the impairment of the functionality. The system receives a request from a sender device to communicate with a receiver device, where the request indicates whether the sender device is capable of an end-to-end encryption. The system determines whether the receiver device is capable of the end-to-end encryption, and whether the receiver device is associated with a functionality provided by a wireless telecommunication network that is impaired when the end-to-end encryption is used. Upon determining that the receiver device is not capable of the end-to-end encryption or that the receiver device is associated with the functionality that is impaired, the system performs an action to ameliorate the impairment to the functionality.
    Type: Grant
    Filed: June 2, 2023
    Date of Patent: June 18, 2024
    Assignee: T-Mobile USA, Inc.
    Inventor: Ayman Zaki
  • Patent number: 12013953
    Abstract: Special performance standby nodes for data storage in a cloud computing security system are disclosed. Performance standby nodes are standby nodes that are configured to service requests that do not modify the underlying data store. These pseudo read-replica nodes are further configured to forward any request that results in a storage write onto an active node, while being able to service read-only requests locally.
    Type: Grant
    Filed: April 10, 2020
    Date of Patent: June 18, 2024
    Assignee: HashiCorp
    Inventors: Brian Kassouf, Jeff Mitchell, Armon Dadgar
  • Patent number: 12005587
    Abstract: A robot system includes: a robot; a plurality of operation terminals that receive an input of a password for acquiring operation authority of the robot and an operation input for operating the robot from a user; and a robot controller communicable with the operation terminals. The robot controller drives, in a controlled manner, the robot according to operation from a single operation terminal among the operation terminals. The robot controller includes a password storage unit that stores a password for granting operation authority of the robot to the operation terminal. The robot controller further includes an operation authority grant processing unit that grants operation authority of the robot to a single operation terminal to which a proper predetermined password stored in the password storage unit is first input in a state in which operation authority of the robot is not granted to any operation terminal.
    Type: Grant
    Filed: April 23, 2020
    Date of Patent: June 11, 2024
    Assignee: DENSO WAVE INCORPORATED
    Inventor: Hirota Touma
  • Patent number: 12008122
    Abstract: The system may include a method comprising requesting, by a computer, a receiver identifier associated with a receiver; receiving, by the computer, the receiver identifier in association with content; constructing, by the computer, a URL link comprising access to DICOM viewer code, DICOM data for the selected images, a sender identifier and the receiver identifier; generating, by the computer, a notification to the receiver, wherein the notification includes the URL link; and transmitting, by the computer, the notification to a receiver based on the receiver identifier.
    Type: Grant
    Filed: December 1, 2022
    Date of Patent: June 11, 2024
    Assignee: MYMEDICALIMAGES.COM, LLC
    Inventor: Troy Berg
  • Patent number: 12010066
    Abstract: An apparatus comprising: at least one processor; and at least one memory including computer program code; the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus at least to: determine (1006) whether at least one transport block has been successfully delivered to another apparatus; and determine (1008, 1010, 1012) whether to use the at least one transport block to scramble at least one subsequent transport block based on whether the at least one transport block has been successfully delivered to the apparatus.
    Type: Grant
    Filed: July 16, 2019
    Date of Patent: June 11, 2024
    Assignee: NOKIA TECHNOLOGIES OY
    Inventors: Keeth Saliya Jayasinghe Laddu, Luca Rose, Fanny Jardel, Philippe Sehier
  • Patent number: 12002474
    Abstract: Implementing and applying an adaptive and self-training CAPTCHA (“Completely Automated Public Turing test to tell Computers and Humans Apart”) assistant that distinguishes between a computer-generated communication (e.g., speech and/or typed) and communication that originates from a human. The CAPTCHA assistant utilizes a generative adversarial network that is self-training and includes a generator to generate synthetic answers and a discriminator to distinguish between human answers and synthetic answers. The trained discriminator is applied to potentially malicious remote entities, which are provided challenge phrases. Answers from the remote entities are provided to the discriminator to predict whether the answer originated from a human or was computer-generated.
    Type: Grant
    Filed: May 5, 2022
    Date of Patent: June 4, 2024
    Assignee: GOOGLE LLC
    Inventors: Victor Carbune, Pedro Gonnet Anders
  • Patent number: 12001861
    Abstract: Disclosed are systems and methods for providing a desktop application for displaying enhanced web-based services. The desktop application may retrieve one or more web-based services from one or more universal resource locators (URLs). The desktop application may then, based on the types of web-based services retrieved, provide user interfaces complementary to the web-based services. These user interfaces may include features familiar to desktop application users, such as file menus, edit menus, and toolbars. The user interfaces may also include enhancements, such as efficient searching and sorting features. The web-based services may include mail services, scheduling services, and customer relationship management (CRM) platforms.
    Type: Grant
    Filed: November 28, 2022
    Date of Patent: June 4, 2024
    Assignee: ZIVE, INC.
    Inventors: Eric Shashoua, Pall Ivarsson, Ryan Shetley, Anton Zmieiev
  • Patent number: 12003621
    Abstract: A method of adding a first publisher to a security group includes receiving a key request for keys for the first publisher, wherein the key request has at least one credential associated with the first publisher and a key parameter index indicative of a bandwidth of the first publisher, includes modifying a lifetime value of the at least one key of the security group based on the key parameter index of the received key request, wherein an expiry of the at least one key is based on the lifetime value of the one or more keys; and includes transmitting the at least one key and the modified lifetime value of the at least one key to the first publisher, where the first publisher is configured to publish at least one message encrypted using the at least one key, prior to expiry of the at least one key.
    Type: Grant
    Filed: July 6, 2021
    Date of Patent: June 4, 2024
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventors: Sven Kerschbaum, Stephan Höme, Thomas Fischer, Jung Konstantin
  • Patent number: 11997141
    Abstract: A method, computer system, and computer program product are provided for performing policy enforcement, attestation, and network forensics. A universal reference for a computing entity is obtained, wherein the universal reference identifies one or more components of the computing entity by additional universal references assigned to the one or more components. A hierarchical description of the computing entity is determined by enumerating each additional universal reference of the one or more components and additional sub-components, wherein the hierarchical description exhaustively identifies the components and sub-components of the computing entity. The hierarchical description is analyzed by accessing a database to identify mappings of the one or more additional universal references to the one or more components and sub-components.
    Type: Grant
    Filed: October 21, 2021
    Date of Patent: May 28, 2024
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Jeffrey G. Schutt, Edward A. Warnicke
  • Patent number: 11995191
    Abstract: A method for testing an HMAC implementation for vulnerability to a side-channel attack can include mounting a template attack. The attack can include generating, based on first side-channel leakage information associated with execution of a hash function of the HMAC implementation, a plurality of template tables. Each template table can correspond, respectively, with a subset of bit positions of an internal state of the hash function. The attack can further include generating, based on second side-channel leakage information, a plurality of hypotheses for an internal state of an invocation of the hash function based on a secret key. The method can further include generating, using the hash function, respective hash values generated from each of the plurality of hypotheses and a message. The method can also include comparing each of the respective hash values with a hash value generated using the secret key to determine vulnerability of the HMAC implementation.
    Type: Grant
    Filed: August 11, 2021
    Date of Patent: May 28, 2024
    Assignee: FortifyIQ, Inc.
    Inventors: Yaacov Belenky, Ury Kreimer, Alexander Kesler
  • Patent number: 11996986
    Abstract: Systems and methods are disclosed herein for reducing storage space used in tracking behavior of a plurality of network endpoints by modeling the behavior with a behavior model. To this end, control circuitry may determine a respective network endpoint, of a plurality of network endpoints, to which each respective record of a plurality of received records corresponds. The control circuitry then may assign a dedicated queue for each respective network endpoint, and transmit, to each dedicated queue, each record that corresponds to the respective network endpoint to which the respective dedicated queue is assigned. The control circuitry may then determine, for each respective network endpoint, a respective behavior model, and may store each respective behavior model to memory.
    Type: Grant
    Filed: September 8, 2022
    Date of Patent: May 28, 2024
    Assignee: Extreme Networks, Inc.
    Inventors: Giacomo Bernardi, Markus Nispel
  • Patent number: 11997190
    Abstract: A computing node in a distributed information security system, wherein the computing node is adapted to communicate with a subset of clients of the distributed information security system, wherein the computing node provides at least one cryptographic service for the clients of the subset, wherein the computing node is provisioned with a plurality of keys for use by said at least one cryptographic service, wherein the computing node is adapted to associate a key from the plurality of keys to a service request for a client according to a deterministic process based on one or more data associated with the client. A distributed information security system comprising a plurality of such nodes is also described, together with a method of providing a cryptographic service at such a computing node.
    Type: Grant
    Filed: April 22, 2020
    Date of Patent: May 28, 2024
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventors: Mehdi Collinge, Omar Laazimani
  • Patent number: 11989241
    Abstract: Disclosed is a method in which an electronic apparatus processes information, the method including acquiring information for requesting access to a second page from a user terminal through a first page, confirming address information reflecting information on the first page, and providing the second page to the user terminal according to the address information.
    Type: Grant
    Filed: August 4, 2021
    Date of Patent: May 21, 2024
    Assignee: Coupang Corp.
    Inventors: Jin Young Choi, Myoung Ho Park, Hyung Won Jeon, Hyung Gu Kim, In Ho Choi, Ah Ram Son
  • Patent number: 11985169
    Abstract: A network device may receive network traffic for an application. The network device may determine a first classification for the network traffic according to a first classification technique. The first classification may identify the network traffic as relating to a particular application or an unknown application. The network device may determine a second classification for the network traffic according to a second classification technique. The second classification may identify the network traffic as relating to an unknown application of a particular type and identity. The network device may process, based on whether the first classification identifies the network traffic as relating to the particular application or the unknown application, the network traffic according to a first security policy associated with the particular application or a second security policy associated with the unknown application of the particular type and identity.
    Type: Grant
    Filed: March 30, 2022
    Date of Patent: May 14, 2024
    Assignee: Juniper Networks, Inc.
    Inventor: Rajeev Chaubey
  • Patent number: 11985111
    Abstract: According to an example aspect of the present invention, there is provided an apparatus comprising a receiver configured to receive a message from a first security zone, distinct from the one where the apparatus is comprised in, and at least one processing core configured to determine whether to apply a recovery action to the message, the determination comprising a first verification, based on first criteria, to assess whether to apply the recovery action outright, and only in case the first verification does not result in the assessment to apply the recovery action outright, a second verification, based on second criteria, to generate a first weight and a third verification, based on third criteria, to generate a second weight, and to compare a sum of the first weight and the second weight to a predefined trigger to perform the determination.
    Type: Grant
    Filed: May 20, 2019
    Date of Patent: May 14, 2024
    Assignee: Nokia Technologies Oy
    Inventors: Silke Holtmanns, Yoan Jean Claude Miche, Nagendra S Bykampadi
  • Patent number: 11983264
    Abstract: Embodiments herein describe offloading encryption activities to a network interface controller/card (NIC) (e.g., a SmartNIC) which frees up server compute resources to focus on executing customer applications. In one embodiment, the smart NIC includes a system on a chip (SoC) implemented on an integrated circuit (IC) that includes an embedded processor. Instead of executing a transport layer security (TLS) stack entirely in the embedded processor, the embodiments herein offload certain TLS tasks to a Public Key Infrastructure (PKI) accelerator such as generating public-private key pairs.
    Type: Grant
    Filed: December 6, 2021
    Date of Patent: May 14, 2024
    Assignee: XILINX, INC.
    Inventors: Jaideep Dastidar, Aman Gupta, Krishnan Srinivasan, Sagheer Ahmad
  • Patent number: 11979274
    Abstract: Embodiments of the present disclosure can provide network management methods and apparatuses, The method can comprise connecting by a first terminal device to a network through a connection mode; and acquiring management configuration information corresponding to the network system.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: May 7, 2024
    Assignee: Alibaba Group Holding Limited
    Inventors: Lu Wang, Junjie Cai, Xu Zeng, Liangliang Zhu
  • Patent number: 11979247
    Abstract: Embodiments of this application provide a message forwarding method and an apparatus, so that a message for joining a multicast group is sent to a multicast user plane network element, and the multicast user plane network element is triggered to establish a tunnel for transmitting multicast data between the multicast user plane network element and an application server. The method may include: a multicast session management network element receives the message that indicates that a terminal is joining the multicast group; and when the terminal is the 1st terminal the multicast group, sends, to the multicast user plane network element, a message that requests to establish the tunnel for transmitting the multicast data between the multicast user plane network element and the application server.
    Type: Grant
    Filed: September 15, 2022
    Date of Patent: May 7, 2024
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Yaxin Wang, Yan Li
  • Patent number: 11979366
    Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.
    Type: Grant
    Filed: May 9, 2023
    Date of Patent: May 7, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Pascal Thubert, Pradeep Kumar Kathail, Eric Levy-Abegnoli, David A. Maluf
  • Patent number: 11979388
    Abstract: A method of an authentication server may include receiving, from a recipient computer system, recipient metadata comprising recipient information from the recipient computing system and a recipient network address. Access to the encrypted payload is authenticated by the recipient computer system using the recipient metadata. A response is sent to the recipient computer system after authenticating the recipient computer system. The recipient computer system decrypts the encrypted payload to access the payload in response to receiving the response.
    Type: Grant
    Filed: September 18, 2020
    Date of Patent: May 7, 2024
    Assignee: Keyavi Data Corporation
    Inventors: Cody Pollet, Charles Burgess, Courtney Roach, Brandon Hart
  • Patent number: 11973860
    Abstract: Systems and methods for initiating an action based on electronic activities of a user. Generally, a computing device receives a policy for enabling cryptographically secure tracking of electronic activities of a user and a particular electronic computing device. The policy can include definitions for a multiple actions to be taken with respect to certain electronic activities resulting from interaction by the user with the at least one computing device. The computing device can identify a particular electronic activity resulting from user interaction with the at least one computing device. The computing device can determine a particular action to take by applying the policy to the particular electronic activity. The computing device can initiate the particular action with respect to the particular electronic activity.
    Type: Grant
    Filed: June 24, 2022
    Date of Patent: April 30, 2024
    Assignee: lonic Security Inc.
    Inventors: Adam Ghetti, Jeffrey Howard, James Jordan, Nicholas Smith, Jeremy Eckman, Ryan Speers, Sohaib Bhatti
  • Patent number: 11973700
    Abstract: A network switch includes a plurality of ports for communicating over a network. Processing circuitry processes inbound frames received from the network via the ports and sends outbound frames to the network. Remote management circuitry (RMU) is responsive to commands received from a host device external to the network switch. The RMU receives via one of the ports a remote access request frame from the host device, wherein at least part of the remote access request frame is encrypted, and decrypts the remote access request frame. In response to successful decryption of the part of the remote access request frame, the RMU accesses one or more configuration registers of the network switch in accordance with the remote access request frame, composes a remote access response frame, at least a portion of the remote access response frame being encrypted, and sends the remote access response frame to the host device.
    Type: Grant
    Filed: September 9, 2021
    Date of Patent: April 30, 2024
    Assignee: MARVELL ASIA PTE LTD
    Inventors: Chuanhai Zhou, Lian Xie, Hong Yu Chou
  • Patent number: 11968614
    Abstract: A User Equipment (UE) including a wireless transceiver and a controller is provided. The controller obtains information indicating that the UE is not allowed to access a 3GPP core network over which one or both or none of the 3GPP access network and the non-3GPP access network. Also, the controller refrains the UE from accessing the 3GPP core network over the indicated one or both of the 3GPP access network and the non-3GPP access network in response to the information indicating that the UE is not allowed to access the 3GPP core network over one or both of the 3GPP access network and the non-3GPP access network.
    Type: Grant
    Filed: April 16, 2019
    Date of Patent: April 23, 2024
    Assignee: MEDIATEK SINGAPORE PTE. LTD.
    Inventors: Marko Niemi, Matti Moisanen
  • Patent number: 11968232
    Abstract: In some implementations, a network device may determine, based on a routing table, a plurality of routing paths from the network device to another network device, wherein the plurality of routing paths are respectively associated with a plurality of security classifications. The network device may receive network traffic that is destined for the other network device and that is associated with a particular security classification of the plurality of security classifications. The network device may forward the network traffic based on a particular routing path, of the plurality of routing paths, that is associated with the other network device and the particular security classification.
    Type: Grant
    Filed: December 8, 2021
    Date of Patent: April 23, 2024
    Assignee: Juniper Networks, Inc.
    Inventors: Manish Talwar, Ronald Bonica, Ajay Kachrani
  • Patent number: 11968295
    Abstract: Methods, terminal and a data center gateway are provided for allowing efficient debugging and troubleshooting of data session encrypted with Perfect Forward Secrecy (PFS) encryption techniques such as for example the Transport Layer Security (TLS) protocol version 1.3. Embodiments of the invention allow the user terminal to authorize a data center gateway to persistently store one or more encryption keys associated with the data session for use to access the recorded data session and troubleshooting it after the session ended, when faults are detected. When a fault is detected, the user terminal provides authorization to the gateway to persistently store the data session along with one or more encryption key(s). With this, the gateway allows for the data session to be later decrypted and faults to be investigated despite the data session being encrypted with PFS techniques.
    Type: Grant
    Filed: April 3, 2018
    Date of Patent: April 23, 2024
    Assignee: Telefonaktiebolaget LM Ericsson (Publ)
    Inventors: Daniel Migault, Makan Pourzandi
  • Patent number: 11968209
    Abstract: Disclosed are hybrid authentication systems and methods that enable users to seamlessly sign-on between cloud-based services and on-premises systems. A cloud-based authentication service receives login credentials from a user and delegates authentication to an on-premises authentication service proxy. The login credentials can be passed by the cloud-based authentication service to the on-premises authentication service proxy, for instance, as an access token in an authentication header. The access token can be a JavaScript Object Notation (JSON) Web Token (JWT) token that is digitally signed using JSON Web Signature. Some embodiments utilize a tunnel connection through which the cloud-based authentication service communicates with the on-premises authentication service proxy. Some embodiments leverage an on-premises identity management system for user management and authentication.
    Type: Grant
    Filed: March 13, 2023
    Date of Patent: April 23, 2024
    Assignee: Open Text Corporation
    Inventors: Sachin Gopaldas Totale, Muneer Ahmed, Harish Rawat, Rajakumar Thiruvasagam, Lakshmi Narayana Prasad Kakumani
  • Patent number: 11968186
    Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.
    Type: Grant
    Filed: December 3, 2020
    Date of Patent: April 23, 2024
    Assignee: Security First Innovations, LLC
    Inventors: Mark S. O'Hare, Rick L. Orsini, Roger S. Davenport, Steven Winick
  • Patent number: 11966462
    Abstract: A computing system identifies a third-party dependency to be added to a codebase. The third-party dependency is hosted on a third-party server. The computing system downloads the third-party dependency within a secure runtime environment. The computing system generates a signature value for the third-party dependency. The computing system compares the signature value to a database of signature values of approved third-party dependencies. Upon determining that the signature value does not correspond to any signature values of the approved third-party dependencies, the computing system executes the third-party dependency within the secure runtime environment. The computing system monitors the execution of the third-party dependency within the secure runtime environment to identify suspicious activity. Upon determining that the third-party dependency is not exhibiting suspicious activity, the computing system adds the signature value to the database of signature values of approved third-party dependencies.
    Type: Grant
    Filed: September 29, 2021
    Date of Patent: April 23, 2024
    Assignee: Dropbox, Inc.
    Inventor: Aleksandr Krasnov
  • Patent number: 11968123
    Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with allocating a traffic load through heterogenous topology of a network includes extracting a header of each of a plurality of received packets of a traffic flow. Each of the headers comprises fields. Next, the network traffic manager apparatus executes a hashing function over the fields of each of the headers, applies a load balancing function to determine one of a plurality of endpoints to send each of the received packets based on one or more endpoint characteristics, and maps the index for each corresponding one of the received packets to the corresponding selected one of the endpoints. The received packets are not evenly divided among the plurality of endpoints. Lastly, the network traffic manager apparatus sends the received packets selected endpoint based on the mapping from the load balancing policy.
    Type: Grant
    Filed: December 8, 2022
    Date of Patent: April 23, 2024
    Assignee: F5, Inc.
    Inventors: Adam Huson, Hao Cai, Navin Donkana
  • Patent number: 11962679
    Abstract: Collaborative multiparty homomorphic encryption comprising receiving a linear common public key collaboratively generated by a plurality of parties as a sum of linear public key shares associated with the respective plurality of parties. Each of two ciphertexts may be encrypted with the linear common public key and the two ciphertexts may be combined by a non-linear computation to generate a result ciphertext encrypted by a non-linear public key. The result ciphertext may be re-encrypted with a re-linearization key to swap encryption keys from the non-linear public key to a linear public key. The re-encrypted result ciphertext may be distributed to the plurality of parties to each partially decrypt the re-encrypted result ciphertext by a linear secret key share associated with the party, which in combination fully decrypts the result by a linear common secret key that is a sum of the secret key shares of the respective plurality of parties.
    Type: Grant
    Filed: June 7, 2021
    Date of Patent: April 16, 2024
    Assignee: Duality Technologies, Inc.
    Inventors: Yuriy Polyakov, Vinod Vaikuntanathan
  • Patent number: 11962499
    Abstract: In an embodiment, a computer-implemented method for enabling multitenancy for service machines is disclosed. In an embodiment, the method comprises detecting a packet by a service insertion module implemented in a hypervisor. Based on metadata received along with the packet, the service insertion module determines a tenant identifier of a tenant that sent the packet. The service insertion module also determines a plurality of attributes of the packet. Based on the tenant identifier and the plurality of attributes of the packet, an action for the packet is retrieved from a rule table. Based on the action, the service insertion module determines whether at least one service is to be applied to the packet. In response to determining that at least one service is to be applied to the packet, an encapsulated packet is generated by encapsulating the packet with the tenant identifier, and the encapsulated packet is redirected to a service machine that is configured to provide the at least one service to the packet.
    Type: Grant
    Filed: October 31, 2018
    Date of Patent: April 16, 2024
    Assignee: VMware, Inc.
    Inventor: Rahul Mishra
  • Patent number: 11953996
    Abstract: Techniques described herein relate to a method for performing data protection of file system data on a host. The method includes obtaining a data access request for a file corresponding to a placeholder file from an application during a backup access session; obtaining, in response to the data access request, file system data associated with the file from a backup storage using backup metadata associated with the placeholder file; providing the file system data associated with the file to the application; making, after the providing, a determination that the file is modified by the application; and in response to the determination: flagging the placeholder file.
    Type: Grant
    Filed: January 20, 2023
    Date of Patent: April 9, 2024
    Assignee: Dell Products L.P.
    Inventors: Sunil Yadav, Shelesh Chopra
  • Patent number: 11948129
    Abstract: A system includes a computer processor, a computer memory, and a user interface. The system receives a plurality of tasks, data relating to conditions and environments associated with the plurality of tasks, and a plurality of goals relating to planning and scheduling of the plurality of tasks. The goals are received from a plurality of sources, and the goals are addressed as a function of the conditions and environments. The system displays on the user interface, as a function of the plurality of goals, an analytical view of the conditions and environments relating to the plurality of tasks and an analytical view of a status of the plurality of tasks.
    Type: Grant
    Filed: December 21, 2021
    Date of Patent: April 2, 2024
    Assignee: Raytheon Company
    Inventors: Laura A. Gordon, Laura D. Strater, Benjamin Gothman, Kristin Guillaume
  • Patent number: 11949663
    Abstract: Systems and methods include establishing a control channel of a tunnel utilizing a first encryption technique, wherein the tunnel is between a local node including one or more processors and a remote node, and wherein the control channel includes a session identifier; establishing a data channel of the tunnel utilizing a second encryption technique, wherein the data tunnel is bound to the control channel based on the session identifier; performing, over the control channel, device authentication and user authentication of one or more users associated with the remote node, wherein each of the one or more users includes a user identifier; and, subsequent to the device authentication and the user authentication, exchanging data packets over the data channel with each data packet including a corresponding user identifier. The first encryption technique can be one of TLS and SSL, and the second encryption technique can be one of TLS and DTLS.
    Type: Grant
    Filed: July 7, 2020
    Date of Patent: April 2, 2024
    Assignee: Zscaler, Inc.
    Inventors: Srikanth Devarajan, Vijay Bulusu, Roy Rajan, Ajit Singh, Abhinav Bansal, Vikas Mahajan