Particular Node (e.g., Gateway, Bridge, Router, Etc.) For Directing Data And Applying Cryptography Patents (Class 713/153)
  • Patent number: 10291405
    Abstract: In response to receiving an unknown first session identifier from a client for a first communication session between the client and a server, a Man in the Middle (MitM) computer requests a second session identifier from the server for a second communication session between the server and the MitM computer. The MitM computer generates a third session identifier for a third communication session between the MitM computer and the client. The MitM computer generates a fourth communication session between the server and the client using a combination of the second communication session and the third communication session. In response to receiving an invalid session identifier from the client for a fifth communication session between the client and the server, the MitM computer transmits an instruction, to the client, to flush a session cache in the client to force a full TLS handshake between the client and the server.
    Type: Grant
    Filed: July 15, 2016
    Date of Patent: May 14, 2019
    Assignee: International Business Machines Corporation
    Inventors: Cheng-Ta Lee, Ping Min Lin, Wei-Shiau Suen, Ming-Hsun Wu
  • Patent number: 10291401
    Abstract: Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).
    Type: Grant
    Filed: September 26, 2016
    Date of Patent: May 14, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventor: Steven Preston Lightner Norum
  • Patent number: 10284925
    Abstract: A utility meter device (1002) including a communications receiver (110) for receiving file fragments for the device, a processing means (150), eg microprocessor, microcontroller, and programmable non-volatile memory means (120), eg flash, EEPROM, for building and storing application and data files from the fragments, and executing a meter application of the device by processing at least one application file and associated data identified by configuration instructions in at least one of the fragments to provide data for reconfiguring a meter through a control interface (1016).
    Type: Grant
    Filed: June 23, 2017
    Date of Patent: May 7, 2019
    Assignee: Freestyle Technology Limited
    Inventors: Andrew Paul Donaghey, Ian Kenneth Francis McDonald, David Lewis Beard
  • Patent number: 10284557
    Abstract: An apparatus in one embodiment comprises a plurality of host devices configured to support execution of applications on behalf of one or more tenants of cloud infrastructure. The apparatus further comprises a secure data proxy implemented utilizing at least one of the host devices. The secure data proxy comprises non-persistent storage configured to store data required for execution of at least one of the applications. The data is obtained by the secure data proxy from persistent storage in a storage system external to the cloud infrastructure. The secure data proxy is configured to perform cryptographic operations in conjunction with transfer of the data between the persistent storage of the external storage system and the non-persistent storage of the secure data proxy. The secure data proxy may be further configured to perform deduplication operations in conjunction with transfer of the data between the persistent storage and the non-persistent storage.
    Type: Grant
    Filed: November 17, 2016
    Date of Patent: May 7, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Misha Nossik, Lejin Du, Murray McCulligh
  • Patent number: 10271215
    Abstract: An example access controller (AC) can receive an encrypted management frame from an access point (AP) associated with the AC, decrypt the encrypted management frame, and send the decrypted management frame to the AP.
    Type: Grant
    Filed: June 27, 2018
    Date of Patent: April 23, 2019
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Mohd Shahnawaz Siraj, Aidan Doyle
  • Patent number: 10270800
    Abstract: In some embodiments, techniques for computer security comprise receiving an email message that is associated with HyperText Markup Language (HTML); determining a sender of the email message; determining whether the sender of the email message is trusted; retrieving domain-related information by performing a DNS query on a domain associated with the sender of the email message; based on at least in part on the domain-related information, determining whether the sender of the email message is verified; when the sender is both trusted and verified, treating the email message as trustworthy; in response to treating the email message as trustworthy, rendering the HTML when displaying the email message; when the sender is not trusted and verified, treating the email message as not trustworthy; in response to treating the email message as not trustworthy, displaying a restricted version of the email message.
    Type: Grant
    Filed: February 28, 2015
    Date of Patent: April 23, 2019
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Aaron Emigh, James Roskind
  • Patent number: 10270586
    Abstract: Apparatus and method for defending against a side-channel information attack such as a differential power analysis (DPA) attack. In some embodiments, a cryptographic hardware pipeline circuit performs a selected cryptographic function upon a selected set of data over a processing time interval. The pipeline circuit has a sequence of stages connected in series. The stages are enabled responsive to application of an asserted enable signal. An enable interrupt circuit is configured to periodically interrupt the selected cryptographic function to provide a plurality of processing intervals interspersed with the interrupt intervals. At least a selected one of the processing intervals or the interrupt intervals have random durations selected responsive to a series of random numbers.
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: April 23, 2019
    Assignee: Seagate Technology LLC
    Inventor: Robert W. Moss
  • Patent number: 10261941
    Abstract: The present invention relates to a data-processing technology allowing data to be recognized as a being, i.e. an organism having life, by applying, to all digital data, a birth/old-age/sickness/death concept derived from nature and giving the time-limited functions of naming, changing, and extinction to the digital data which has traditionally been recognized by the attributes of perpetuity and infinite replication and reproduction with complete fidelity. More particularly, the present invention relates to a system allowing a user to easily determine data maintenance and deletion by managing the history of data distribution and representing the current state of use of the data through an aging effect (i.e. becoming old, gray, sick, or recovering), which applies to living things in nature.
    Type: Grant
    Filed: May 15, 2013
    Date of Patent: April 16, 2019
    Inventors: Kyoung Ah Lee, Myung Bean Song
  • Patent number: 10263975
    Abstract: A network monitoring device including: a communication acquiring unit which acquires communication before the communication reaches an opposite party's terminal; a protocol analyzing unit which identifies a message for session establishment by analyzing a protocol of the acquired communication, the message being included in the communication and including a digital certificate of a communication partner in a session to be kept confidential; a certificate extracting unit which extracts a digital certificate from the identified message for session establishment; and an inspecting unit which inspects the extracted digital certificate.
    Type: Grant
    Filed: March 24, 2016
    Date of Patent: April 16, 2019
    Assignee: PFU LIMITED
    Inventors: Takashi Kobayashi, Seigo Terada
  • Patent number: 10257865
    Abstract: The present disclosure relates to a sensor network, Machine Type Communication (MTC), Machine-to-Machine (M2M) communication, and technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the above technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. The present disclosure provides an apparatus and a method for installing an electronic device in a wireless communication system. A method for operating a first electronic device includes obtaining location information of the first electronic device, and sending the location information of the first electronic device to a system controller to operate a second electronic device to be paired with a third electronic device located near the first electronic device, in a pairing mode.
    Type: Grant
    Filed: January 12, 2017
    Date of Patent: April 9, 2019
    Assignee: Samsung Electronics, Co., Ltd.
    Inventors: Jinyoung Hong, Sung-Hoon Kim, Hyukjoong Kwon, Junhyung Kim, Seungeok Choi, Jaiick Chun
  • Patent number: 10250778
    Abstract: A distributed authentication system and method comprises a smart card and a smart card reader, at least one processor; and a storage device communicatively coupled to the at least one processor, the storage device storing instructions which, when executed by the at least one processor, causes the at least one processor to perform operations comprising: receiving information that is provided to the smart card reader from the smart card, the information including authentication information, identifying at least one device where authentication is desired, storing the information on a server wherein the server is accessible by the at least one device where authentication is desired, providing the stored information to the at least one device where authentication is desired, and authenticating a user of the at least one device where authentication is desired according to the stored information.
    Type: Grant
    Filed: July 18, 2017
    Date of Patent: April 2, 2019
    Assignee: Xerox Corporation
    Inventors: Saravanan Sikkannan Govinda Rajan, Pranesh Morris Georgian, Lavanyaa Seshadri Renganathan
  • Patent number: 10243926
    Abstract: In one embodiment, a virtual firewall is installed on a port of a device that communicates across a zone boundary within an industrial network. The virtual firewall is then configured based on operation of the industrial network, such that the port may then communicate via the firewall to a remote virtual firewall of a remote port of a remote device across the zone boundary.
    Type: Grant
    Filed: April 8, 2016
    Date of Patent: March 26, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Pascal Thubert, Xuechen Yang, Rudolph B. Klecka, III, Patrick Wetterwald, Eric Levy-Abegnoli
  • Patent number: 10243845
    Abstract: At an SDN controller executing using a processor and a memory, a tracing packet is configured with a default value in a tag field. The tracing packet is inserted from the SDN controller into the SDN at a switch in the SDN. A returned packet and a port identifier is received at the controller, from the switch, the returned packet including a modified content in a location of the tracing packet that is different from the tag field. The port identifier corresponds to a port of the switch on which the switch received the returned packet from an middlebox. A function of the middlebox is identified by analyzing a modification applied to the modified content by the middlebox. The function of the middlebox and a location of the middlebox in the SDN are saved. The location includes the port identifier and an identifier of the switch.
    Type: Grant
    Filed: June 2, 2016
    Date of Patent: March 26, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Kanak B. Agarwal, Eric J. Rozner
  • Patent number: 10244428
    Abstract: The invention relates to the field of data packet management, and more specifically to the field of managing of data packets in such a manner that power consumption is reduced, such reduction being especially beneficial for portable device applications. In accordance with an embodiment of the invention there is provided a method of handling and manipulating data wherein padding and unpadding operations for a packet of data are performed at the transmission/reception of a packet from a network, and data handling is minimized within the portable device. According to another embodiment of the invention there is provided a method of encryption for packet data absent the padding data.
    Type: Grant
    Filed: September 4, 2015
    Date of Patent: March 26, 2019
    Assignee: Synopsys, Inc.
    Inventors: Stephen Davis, Michael Borza
  • Patent number: 10237589
    Abstract: A system and method for facilitating fast channel change in a streaming media network comprises receiving media content assets packaged in a common mezzanine distribution format (CMZF) container structure, wherein the media content asset is provided as CMZF-formatted media content in a CMZF stream scheme. Upon receipt, the CMZF-packaged media content assets are transformatted into corresponding CMZF segments stored in a local cache corresponding to a plurality of media channels. Responsive to a channel change request from a user equipment (UE) device, a unicast or multicast burst is sent comprising Reliable User Datagram Protocol (R-UDP) packets or Real-time Transport Protocol (RTP)-encapsulated partial or full virtual segments (R-SEG) generated from the CMZF segments corresponding to the requested channel.
    Type: Grant
    Filed: December 14, 2016
    Date of Patent: March 19, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Raj Nair, Prabhudev Navali, Mikhail Mikhailov, David Alexander
  • Patent number: 10230609
    Abstract: A system and method is disclosed of extracting information from real-time network packet data to analyze connectivity data for client devices in a network. The method includes: detecting when client devices initiate a connectivity event; after detecting a connectivity event, waiting a period of time for the client device to either reach or fail to reach a network connected state; after waiting a period of time, recording connectivity event information; and sending the recorded connectivity event information to an analytics system for network incident and/or network congestion analysis.
    Type: Grant
    Filed: April 18, 2016
    Date of Patent: March 12, 2019
    Assignee: Nyansa, Inc.
    Inventors: Balachander Chandrasekaran, Anand Srinivas, Murtaza Zafer
  • Patent number: 10218679
    Abstract: Methods and systems for implementing single sign on (SSO) and/or conditional access for client applications are described herein. The system may comprise an identity provider gateway, and the system may authenticate a user of the client application using the identity provider gateway. In some aspects, a secure communication tunnel may be established between the client application and the identity provider gateway, and the secure communication tunnel may use, for example, a client certificate. The identity provider gateway may grant or deny the client application access to one or more resources based on information associated with the client certificate.
    Type: Grant
    Filed: March 13, 2018
    Date of Patent: February 26, 2019
    Assignee: Citrix Systems, Inc.
    Inventor: Janardhanan Jawahar
  • Patent number: 10218693
    Abstract: Various embodiments are directed to a computer-implemented method for displaying a map of certificate relationships. A method can include retrieving certificate information for two or more servers and storing the retrieved certificate information in a memory. In addition, the method can include receiving a command to generate a map of certificate relationships. The command includes a command scope that identifies at least a first server of the two or more servers. Further, the method can include generating the map from the retrieved certificate information and rendering the map on a display device. The map includes the first server and a device having a certificate relationship with the first server.
    Type: Grant
    Filed: September 3, 2015
    Date of Patent: February 26, 2019
    Assignee: International Business Machines Corporation
    Inventors: Robert A. Gibson, J. Peter Neergaard, William J. O'Donnell
  • Patent number: 10218512
    Abstract: Computer systems, such as a client and a server operably interconnected via a network, are subject to stress on computational resources due to an abundance of automated-user traffic. To improve resource functionalities and control the resources available to automated-agents, value information of valuable assets is encrypted such that a client must perform an algorithm for calculating a decryption key in order to view the unencrypted content. Wherein the encryption is tuned in such a way that any computational delay caused by the encryption is imperceptible to a human-user and largely perceptible to an automated-agent such that the need to determine if a user is an automated-user or a human-user is irrelevant.
    Type: Grant
    Filed: September 9, 2016
    Date of Patent: February 26, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Marcin Piotr Kowalski, Frans Adriaan Lategan
  • Patent number: 10212173
    Abstract: Computer systems and methods for improving security or performance of one or more client computers interacting with a plurality of server computers. In an embodiment, a computer system comprises a first server computer and a second server computer; wherein the first server computer is configured to: generate a challenge nonce, wherein the challenge nonce corresponds to a challenge state; generate the challenge state based on the challenge nonce, wherein the challenge state corresponds to a response state; send, to a first client computer, the challenge nonce and the challenge state, but not the response state; wherein the second server computer is configured to: receive, from the first client computer, a test nonce and a test response state; determine whether the test response state matches the response state based on the test nonce, without: receiving the challenge state from the first server computer; receiving the challenge state from the first client computer.
    Type: Grant
    Filed: March 12, 2018
    Date of Patent: February 19, 2019
    Assignee: SHAPE SECURITY, INC.
    Inventor: Michael J. Ficarra
  • Patent number: 10211985
    Abstract: Generally described, physical computing devices in a virtual network can be configured to host a number of virtual machine instances. The physical computing devices can be operably coupled with offload devices. In accordance with an aspect of the present disclosure, a security component can be incorporated into an offload device. The security component can be a physical device including a microprocessor and storage. The security component can include a set of instructions configured to validate an operational configuration of the offload device or the physical computing device to establish that they are configured in accordance with a secure or trusted configuration. In one example, a first security component on the offload device can validate the operational computing environment on the offload device and a second security component on the physical computing device can validate the operational computing environment on the physical computing device.
    Type: Grant
    Filed: March 30, 2015
    Date of Patent: February 19, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Eric Jason Brandwine, David R. Richardson, Matthew Shawn Wilson, Ian Paul Nowland, Anthony Nicholas Liguori, Brian William Barrett
  • Patent number: 10210107
    Abstract: A memory controller of a sender node issues an instruction of a trans-fabric instruction set of instructions to a receiver node across a communication fabric that supports memory semantic operations, to cause a given transaction to be performed at the receiver node in response to the issued instruction.
    Type: Grant
    Filed: October 29, 2014
    Date of Patent: February 19, 2019
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Melvin K. Benedict, Michael R. Krause, Mitchel E. Wright
  • Patent number: 10212139
    Abstract: An example method includes, responsive to determining a device is connected to a second computing device, accessing a virtual storage area, the virtual storage area corresponds to storage space on the second computing device; responsive to detecting a first request by a user of the second computer device to read first data stored in the virtual storage area, transmitting the first data to the device; decrypting the first data to produce first decrypted data; transmitting the first decrypted data from the device to the second computing device; detecting a second request by a user of the second computer device to write second data to virtual storage area; responsive to detecting the second request, transmitting the second data to the device; encrypting the second data to produce second encrypted data; transmitting the second encrypted data from the device to the second computing device.
    Type: Grant
    Filed: June 2, 2018
    Date of Patent: February 19, 2019
    Assignee: CYPHERPUTER INC.
    Inventor: Youlin Feng
  • Patent number: 10194315
    Abstract: A method of circumventing a communications provider's gateway which allows a Reseller of the communications service provider's service(s) to direct voice, messaging, data, and other traffic via and to alternative networks and gateways for the purpose of reducing usage and cost of the service provider's service; directing traffic to alternative routing pathways; providing additional or supplemental services not offered by the service provider; improving speed, quality, or other performance capabilities or measures; or other reasons; control the Mobile Data Network (MDN), other type of phone number, or other user ID by use of apps, gateways, interconnection, signaling, networks, multiple SIM capability, advanced messaging servers, a “phantom” Mobile Data Network (MDN) or other user ID of the service provider, and non-standard communications pathways.
    Type: Grant
    Filed: February 1, 2017
    Date of Patent: January 29, 2019
    Assignee: TIONESTA, LLC
    Inventors: Paul Posner, Jake Brown
  • Patent number: 10187468
    Abstract: The invention provides an information communication apparatus that discloses, on a network channel, an electronic file in a public region provided in a connected storage apparatus, causes the network channel to operate when the public region is accessible or stops the network channel when the public region is inaccessible and stops the network channel when the storage apparatus is connected for the first time irrespective of whether or not the public region is accessible.
    Type: Grant
    Filed: October 15, 2015
    Date of Patent: January 22, 2019
    Assignee: Olympus Corporation
    Inventor: Takeshi Suzuki
  • Patent number: 10181946
    Abstract: Technologies for cryptographic protection of I/O data include a computing device with one or more I/O controllers. Each I/O controller may generate a direct memory access (DMA) transaction that includes a channel identifier that is indicative of the I/O controller and that is indicative of an I/O device coupled to the I/O controller. The computing device intercepts the DMA transaction and determines whether to protect the DMA transaction as a function of the channel identifier. If so, the computing device performs a cryptographic operation using an encryption key associated with the channel identifier. The computing device may include a cryptographic engine that intercepts the DMA transaction and determines whether to protect the DMA transaction by determining whether the channel identifier matches an entry in a channel identifier table of the cryptographic engine. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 18, 2015
    Date of Patent: January 15, 2019
    Assignee: Intel Corporation
    Inventors: Reshma Lal, Steven B. McGowan, Siddhartha Chhabra, Gideon Gerzon, Bin Xing, Pradeep M. Pappachan, Reouven Elbaz
  • Patent number: 10178071
    Abstract: Techniques to use operating system redirection for network stream transformation operations are described. In one embodiment, an apparatus may comprise a network stream component operative to receive a network stream, the network stream associated with an application on a device; modify the network stream to generate a modified network stream; and send the modified network stream through an operating system for the device; and a local virtual private network component operative on the processor circuit to: receive the modified network stream from the operating system as a plurality of modified network stream packets; determine a network connection policy based on the application; and send the plurality of modified network stream packets to a destination network address via the network interface controller when the network connection policy indicates sending. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 20, 2016
    Date of Patent: January 8, 2019
    Assignee: FACEBOOK, INC.
    Inventor: Gahl Saraf
  • Patent number: 10165040
    Abstract: Disclosed herein is a technique for managing storage space in a user device by efficiently downloading files from a cloud-based storage system and evicting files from the user device. According to some embodiments, files are continuously downloaded in a download mode until a particular threshold is satisfied. When the threshold is satisfied, the files can be downloaded in an on-demand mode as needed by the user, where the user device operates in the on-demand mode until a sufficient amount of storage space is freed by evicting files from the user device. Thereafter, the user device can switch back to the download mode.
    Type: Grant
    Filed: September 29, 2015
    Date of Patent: December 25, 2018
    Assignee: Apple Inc.
    Inventors: Michael Pirnack Hess, Jean-Gabriel Morard, Pierre d'Herbemont
  • Patent number: 10158695
    Abstract: The present disclosure is directed to a system and a method for generating a poll based upon proximal awareness of one client device to another client device. In one or more implementations, the present disclosure discloses receiving, at a server, digital content data from a first client device in communication with the server via at least one local area wireless signal. The present disclosure also discloses pairing the digital content data with the at least one local area wireless signal. The present disclosure also discloses transmitting the digital content data to a second client device when the second client device detects the at least one local area wireless signal.
    Type: Grant
    Filed: February 1, 2016
    Date of Patent: December 18, 2018
    Assignee: KOGM, Inc.
    Inventors: Gary W. Mendel, Kevin Ostrowski
  • Patent number: 10149168
    Abstract: Methods, systems, and devices for wireless communication are described. A user equipment (UE) may receive a paging message that includes a secured UE identifier calculated based on a security configuration negotiated between the UE and a trusted source, e.g., a mobility management entity (MME) of the core network. The UE may determine whether the paging message is received from the trusted source or an untrusted source based on the secured UE identifier. The UE may transmit a connection request message based on the determination that the paging message is received from a trusted source.
    Type: Grant
    Filed: February 24, 2016
    Date of Patent: December 4, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Yogesh Bhalchandra Deshpande, Mungal Singh Dhanda, Adrian Edward Escott
  • Patent number: 10146963
    Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a host system comprising a processor, one or more external input/output (I/O) ports, a chipset communicatively coupled to the processor and including an I/O port controller, the I/O port controller interfacing between the processor and the one or more external I/O ports, and a management controller communicatively coupled to the processor configured to provide out-of-band management of the information handling system, and further configured to communicate a port security policy to a component of the chipset such that the I/O port controller dynamically enables and disables, independent of an operating state of the host system, individual ones of the one or more external I/O ports in accordance with the port security policy.
    Type: Grant
    Filed: August 4, 2016
    Date of Patent: December 4, 2018
    Assignee: Dell Products L.P.
    Inventors: Timothy M. Lambert, Mukund P. Khatri
  • Patent number: 10140562
    Abstract: The invention relates to a method and an arrangement for transmitting an object data record, which is stored in a data memory area of a lower server, to an upper server, wherein the lower server and the upper server are arranged in a server complex comprising at least one upper server, and the servers are arranged on vertically staggered server levels, wherein the explicit association between the object data record and a particular object is made by means of addressing of the server data memory area by an access data record that is stored in an access data memory area of an RFID data storage medium connected to the object, the object data record being transmitted to the upper server by dint of access to the data memory area of the lower server.
    Type: Grant
    Filed: September 15, 2015
    Date of Patent: November 27, 2018
    Inventor: Manfred Rietzler
  • Patent number: 10135791
    Abstract: A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other computers in the local network unless preceded by an inbound connection. In some embodiments, a request from an external address is processed by the network device by transmitting network information for the computer to the external address and temporarily changes network rules to allow connections from the external address. In some embodiments, if the computer attempts a disallowed connection, the connection attempt is routed through a proxy server by providing network data for the proxy server to the computer.
    Type: Grant
    Filed: February 10, 2016
    Date of Patent: November 20, 2018
    Assignee: AnchorFree Inc.
    Inventors: Eugene Lapidous, Artem Arsitov
  • Patent number: 10135832
    Abstract: Systems and methods, which can provide for an indication of a privileged communication, are provided. A method, according to an embodiment, uses at least one processor of a communication server device. Addressee information of one or more addressee(s) of a communication, sender information of a sender of the communication, or a combination thereof is received. The sender information, the addressee information, or a combination thereof is compared to registered user information maintained in a database. The registered user information corresponds to registered users to or from whom privileged communications may be sent or received. An indication that the communication is privileged is provided when the sender information, the addressee information, or the combination thereof corresponds to respective registered user information maintained in the database.
    Type: Grant
    Filed: March 23, 2016
    Date of Patent: November 20, 2018
    Assignee: Securus Technologies, Inc.
    Inventors: Scott Passe, Luke Keiser
  • Patent number: 10135677
    Abstract: Briefly, methods and/or apparatuses of virtual deployment of network-related features are disclosed.
    Type: Grant
    Filed: March 14, 2013
    Date of Patent: November 20, 2018
    Assignee: Cradlepoint, Inc.
    Inventors: Scott Andrew Hankins, Michael A. Cartsonis, Andrew John Mastracci
  • Patent number: 10135790
    Abstract: A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other computers in the local network unless preceded by an inbound connection. In some embodiments, a request from an external address is processed by the network device by transmitting network information for the computer to the external address and temporarily changes network rules to allow connections from the external address. In some embodiments, if the computer attempts a disallowed connection, the connection attempt is routed through a proxy server by providing network data for the proxy server to the computer.
    Type: Grant
    Filed: February 10, 2016
    Date of Patent: November 20, 2018
    Assignee: AnchorFree Inc.
    Inventors: Eugene Lapidous, Artem Arsitov
  • Patent number: 10135833
    Abstract: An access control system including a data storage device configured to store a master credential database having a plurality of master identifiers and master status codes, an access control device having a local credential database including a plurality of local identifiers, and an electronic credential including a credential identifier. The access control device is configured to receive the credential identifier from the electronic credential, to determine whether to perform an update based upon the local status code associated with the local identifier of the credential identifier, and to update data in the local credential database with data in the master credential database by way of communication with the data storage device in response to the determining.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: November 20, 2018
    Assignee: Schlage Lock Company LLC
    Inventors: Joseph W. Baumgarte, Benjamin J. Hopkins, David G. Studt
  • Patent number: 10135792
    Abstract: A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other computers in the local network unless preceded by an inbound connection. In some embodiments, a request from an external address is processed by the network device by transmitting network information for the computer to the external address and temporarily changes network rules to allow connections from the external address. In some embodiments, if the computer attempts a disallowed connection, the connection attempt is routed through a proxy server by providing network data for the proxy server to the computer.
    Type: Grant
    Filed: February 10, 2016
    Date of Patent: November 20, 2018
    Assignee: AnchorFree Inc.
    Inventor: Eugene Lapidous
  • Patent number: 10135861
    Abstract: Static analysis is applied to unrecognized software objects in order to identify and address potential anti-sandboxing techniques. Where static analysis suggests the presence of any such corresponding code, the software object may be forwarded to a sandbox for further analysis. In another aspect, multiple types of sandboxes may be provided, with the type being selected according to the type of exploit suggested by the static analysis.
    Type: Grant
    Filed: November 2, 2015
    Date of Patent: November 20, 2018
    Assignee: Sophos Limited
    Inventors: Mark David Harris, Daniel Stutz, Vincent Kevin Lynch
  • Patent number: 10127064
    Abstract: A hypervisor configures a first VM function component for execution on behalf of a virtual machine, the first VM function component to execute a second VM function component. The hypervisor then configures the second VM function for execution on behalf of the first VM function component, the second VM function component to execute at least one privileged instruction. The hypervisor receives a request from the virtual machine to execute the first VM function component, and executes the first VM function component. The hypervisor then receives a request from the first VM function component to execute the second VM function component and executes the second VM function component.
    Type: Grant
    Filed: February 24, 2015
    Date of Patent: November 13, 2018
    Assignee: Red Hat Israel, Ltd.
    Inventor: Michael S. Tsirkin
  • Patent number: 10122708
    Abstract: Systems (100) and methods (1900) for configuring a computer network (“CN”). The methods comprise: receiving Access Control Information (“ACI”) input to a first network node (101-103, 105-107) by a user assigned to a mission; verifying that the user has a right to have access to the CN (100) based on the ACI; granting the user access to CN in response to the verifying; and obtaining Mission Related Information (“MRI”) by the first network node. The MRI is associated with the user and at least identifies a first mission plan (120) specifying a manner in which an assigned value for at least one first identity parameter is to be dynamically modified by at least one node (105-107, 113, 114) of CN. Thereafter, the first network node or a second network node (105-107, 113, 114) of CN is configured to operate in accordance with the first mission plan.
    Type: Grant
    Filed: November 21, 2013
    Date of Patent: November 6, 2018
    Assignee: Harris Corporation
    Inventors: Wayne B. Smith, Margaret Knepper
  • Patent number: 10116449
    Abstract: A generation device according to the present application includes a storage unit and a generation unit. The storage unit stores information regarding an authentication module that carries out the authentication based on a result of the verification between registration data registered in advance and predetermined input data. The generation unit controls the generation of authentication result information which is information generated from the verification result acquired from the authentication module while serving as information to be processed through a specific authentication procedure used between the generation unit and an authentication server that carries out the personal authentication of a user using the authentication module.
    Type: Grant
    Filed: August 2, 2016
    Date of Patent: October 30, 2018
    Assignee: YAHOO JAPAN CORPORATION
    Inventors: Hidehito Gomi, Hiroshi Ueno, Shuji Yamaguchi, Takashi Kusumi, Masato Kawasaki, Wataru Ogami, Yusuke Kondo
  • Patent number: 10110380
    Abstract: Provisioning an integrated circuit with confidential data, by receiving in the integrated circuit encrypted confidential data, the encrypted confidential data having been encrypted with a transport key, deriving in the integrated circuit the transport key by applying a key derivation function to a customer identifier, the customer identifier having been previously stored in the integrated circuit, decrypting in the integrated circuit the encrypted confidential data with the transport key to obtain decrypted confidential data, deriving in the integrated circuit a product key by applying a key derivation function to an integrated circuit identifier, the integrated circuit identifier having been previously stored in the integrated circuit, encrypting in the integrated circuit the decrypted confidential data with the product key to obtain re-encrypted confidential data, and storing the re-encrypted confidential data in a confidential data memory of the integrated circuit.
    Type: Grant
    Filed: March 22, 2012
    Date of Patent: October 23, 2018
    Assignee: NXP B.V.
    Inventors: Henricus Hubertus van den Berg, Thierry Gouraud
  • Patent number: 10110481
    Abstract: Various implementations disclosed herein include apparatuses, systems, and methods for providing virtual/virtualized network functions. In some implementations, a method includes determining that a first virtual router is configured to operate as a backup router for a second virtual router. The first virtual router and the second virtual router may reside within a public cloud. The method also includes determining, by the first virtual router, whether the second virtual router is able to route packets. The method further includes updating, by the first virtual router, a routing table to indicate that the first virtual router should be used to route packets when the second virtual router is unable to route packets.
    Type: Grant
    Filed: May 19, 2015
    Date of Patent: October 23, 2018
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Christopher Mark Hocker, Bopaiah Ponnappa Puliyanda, Esteban Raul Torres, Sanjeev P. Tondale
  • Patent number: 10104060
    Abstract: Authenticating applications to a network service includes authenticating an application with a certificate to access a service provider over a logical connection between the application and the service provider and confirming that the application is using an authorized port of the service provider.
    Type: Grant
    Filed: January 30, 2013
    Date of Patent: October 16, 2018
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Kaushik Datta, Sankarlingam Dandabany
  • Patent number: 10097488
    Abstract: An information handling system detects that a first electronic mail message has been permanently deleted from a local memory of a first information handling system, generates a second electronic mail message to request a recovery of the first electronic mail message, attaches a file to the second electronic mail message, and sends the second electronic mail message to a plurality of second information handling systems.
    Type: Grant
    Filed: May 17, 2012
    Date of Patent: October 9, 2018
    Assignee: Dell Products, LP
    Inventor: Paulraj Deepaganesh
  • Patent number: 10091239
    Abstract: SSH sessions and other protocol sessions (e.g., RDP) may be audited using an interceptor embedded within an SSH server or other protocol server. Operations performed over an SSH connection may be controlled, including controlling what files are transferred.
    Type: Grant
    Filed: January 24, 2013
    Date of Patent: October 2, 2018
    Assignee: SSH COMMUNICATIONS SECURITY OYJ
    Inventors: Tatu J. Ylonen, Samuel Douglas Lavitt
  • Patent number: 10091170
    Abstract: In one embodiment, a method includes establishing at a security device, a secure session for transmitting data between a client device and an end host, receiving decrypted data at the security device from the client device, inspecting the decrypted data at the security device, encrypting the decrypted data at the security device, and transmitting encrypted data to the end host. Decryption at the client device is offloaded from the security device to distribute decryption and encryption processes between the client device and the security device. An apparatus and logic are also disclosed herein.
    Type: Grant
    Filed: March 31, 2016
    Date of Patent: October 2, 2018
    Assignee: Cisco Technology, Inc.
    Inventors: Hari Shankar, Jin Teng, Venkatesh Narsipur Gautam
  • Patent number: 10084787
    Abstract: The disclosed system and method enhances security of people, organizations, and other entities that use what has been termed “social media.” Recent trends have shown that information posted to social media may cause tremendous damage to individuals and other entities. This includes information that was posted deliberately or unintentionally, including social security numbers, financial data and other sensitive information. Further, information that previously may have been viewed as innocuous, such as location data, has caused harm on certain occasions and may need to be protected. The disclosed system provides a novel method of screening, identifying, and preventing certain information from being posted on social media and other public locations. In addition, the disclosed system and method improves security by motivating people to use security software by offering rewards for its use.
    Type: Grant
    Filed: August 28, 2017
    Date of Patent: September 25, 2018
    Assignee: SecureMySocial, Inc.
    Inventors: Joseph Steinberg, Shira Rubinoff
  • Patent number: 10084749
    Abstract: According to one aspect, embodiments of the invention provide a system for restricting access to a network, the system comprising a monitoring module configured to be coupled to a plurality of network access points and to monitor transmissions to the network via a plurality of network security appliances, and a blocking module, wherein the monitoring module is further configured to identify a potential bad actor based on a transmission from the potential bad actor to the network via a first one of the plurality of network access points and a first one of the plurality of network security appliances and provide information related to the potential bad actor to the blocking module, and wherein the blocking module is configured to confirm that the potential bad actor should be blocked and in response, to automatically configure each network security appliance to block the potential bad actor from accessing the network.
    Type: Grant
    Filed: August 25, 2016
    Date of Patent: September 25, 2018
    Assignee: WALMART APOLLO, LLC
    Inventors: Glen Thomas Undernehr, Charles Allen Courtright