Particular Node (e.g., Gateway, Bridge, Router, Etc.) For Directing Data And Applying Cryptography Patents (Class 713/153)
  • Patent number: 10693902
    Abstract: Disclosed herein are representative embodiments of methods, apparatus, and systems for processing and managing information from one or more security control tools, such as a security configuration management tool, a vulnerability management tool, an event logging tool, or other IT infrastructure security or monitoring tool that is used to monitor, secure, and/or control assets in an IT infrastructure. For example, in some embodiments, user interfaces are disclosed that allow a user to quickly view, filter, and evaluate the degree of security control coverage in selected assets of an enterprise. In further embodiments, user interfaces are disclosed that allow a user to view and evaluate the current security state for selected assets in across a variety of categories and, in some cases, as guided by a two-dimensional vulnerability risk matrix.
    Type: Grant
    Filed: June 4, 2018
    Date of Patent: June 23, 2020
    Assignee: Tripwire, Inc.
    Inventors: Marsha Haverty, Ted Schuh
  • Patent number: 10694374
    Abstract: An electronic network device (200) and an electronic configurator device (300) for provisioning the network device. The network device is configured to send a public key to configurator device (300) over an established first wireless (231) connection, and to receive encrypted credentials wirelessly from the configurator device. The configurator device is configured to receiving the public key over the established first wireless connection, to send credentials wirelessly encrypted with the public key to the network device over the established first wireless connection.
    Type: Grant
    Filed: May 26, 2016
    Date of Patent: June 23, 2020
    Assignee: SIGNIFY HOLDING B.V.
    Inventors: Hongming Yang, Sandeep Shankaran Kumar, Theodorus Jacobus Johannes Denteneer
  • Patent number: 10693638
    Abstract: A secret cryptographic key is stored in a protected state. While in the protected state, the secret cryptographic key is encrypted with a plurality of cryptographic keys, each of which is used to re-create the plaintext version of the secret cryptographic key. A service operated by an online service provider creates an isolated network environment containing a bastion computer system in communication with an HSM. After establishing the isolated network environment, the online service provider provides a service provider key to the HSM. An HSM key is present on the HSM, and an administrator key is provided by one or more key administrators. Using the HSM key, the service provider key, and the administrator key, the HSM performs cryptographic operations using the secret cryptographic key. When complete, the isolated network environment is deconstructed and the secret cryptographic key is returned to online storage in a protected state.
    Type: Grant
    Filed: December 1, 2016
    Date of Patent: June 23, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Todd Lawrence Cignetti, Matthew John Campagna
  • Patent number: 10686823
    Abstract: Methods and systems for carrying out campaigns of penetration testing for discovering and reporting security vulnerabilities of a networked system, the networked system comprising a plurality of network nodes interconnected by one or more networks.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: June 16, 2020
    Assignee: XM Cyber Ltd.
    Inventors: Boaz Gorodissky, Adi Ashkenazy, Ronen Segal
  • Patent number: 10686776
    Abstract: A connected device includes an application processor, a secure element, and a control module. The application processor is configured to receive a control command from an electronic device. The secure element is connected between the application processor and a control module and is configured to authenticate the control command. The control module is configured to receive the control command when the control command is authenticated by the secure element, execute the control command to activate at least one function of the connected device, and transmit a response to the electronic device.
    Type: Grant
    Filed: May 2, 2017
    Date of Patent: June 16, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Peng Ning, Yueh-Hsun Lin, Stephen E. McLaughlin, Michael C. Grace, Ahmed M. Azab, Rohan Bhutkar, Yong Choi
  • Patent number: 10680832
    Abstract: A computer apparatus for transmitting a certificate to a device in an installation is provided. The computer apparatus has a coupling unit for establishing and breaking a connection between the computer apparatus and the device, a processing unit for transmitting a certificate to the device by means of the established connection, wherein the certificate is valid for a first time period and is issued by a certification authority based on a certificate request, and a receiving unit for receiving a further certificate request from the device by means of the established connection, wherein the further certificate request is designed to request a certificate for a second time period, wherein the coupling unit is designed to break the connection after the certificate is transmitted and the further certificate request is received.
    Type: Grant
    Filed: August 23, 2017
    Date of Patent: June 9, 2020
    Assignee: SIEMENS SCHWEIZ AG
    Inventors: Hendrik Brockhaus, Jens-Uwe Bußer, Jürgen Gessner
  • Patent number: 10680851
    Abstract: The present disclosure provides a method, apparatus, and device for PPTP VPN based access acceleration. A PPTP VPN system includes a client-side, a first server, a VPN server, and a second server cluster supporting a GRE protocol connected between the first server and the VPN server. When the client-side starts an accelerated access, the first server receives a first PPTP message and a first GRE message from a same client-side, and encapsulates the first GRE message. An encapsulated first GRE message and the first PPTP message are send to a same second server. The first GRE message is encapsulated and the source addresses of the first GRE message and the first PPTP message are changed. Therefore, the reliability of the transmission can be achieved. Reverse transmission is no difference. The present disclosure accelerates the access speed of the VPN server and improves the access quality of the user.
    Type: Grant
    Filed: November 16, 2016
    Date of Patent: June 9, 2020
    Assignee: WANGSU SCIENCE & TECHNOLOGY CO., LTD.
    Inventors: Tengchao Li, Xiaopeng Liu
  • Patent number: 10673623
    Abstract: According to one aspect, methods and systems are provided for modifying an encryption scheme in a database system. The methods and systems can include at least one internal database key; at least one database configured to be encrypted and decrypted using the at least one internal database key; a memory configured to store a master key; a key management server interface configured to communicate with a key management server; and a database application configured to receive, into the memory, the master key from the key management server via the key management server interface, and encrypt and decrypt the at least one internal database key using the master key.
    Type: Grant
    Filed: May 25, 2017
    Date of Patent: June 2, 2020
    Assignee: MongoDB, Inc.
    Inventors: Eliot Horowitz, Per Andreas Nilsson
  • Patent number: 10673818
    Abstract: The method and system enable secure forwarding of a message from a first computer to a second computer via an intermediate computer in a telecommunication network. A message is formed in the first computer or in a computer that is served by the first computer, and in the latter case, sending the message to the first computer. In the first computer, a secure message is then formed by giving the message a unique identity and a destination address. The message is sent from the first computer to the intermediate computer after which the destination address and the unique identity are used to find an address to the second computer. The current destination address is substituted with the found address to the second computer, and the unique identity is substituted with another unique identity. Then the message is forwarded to the second computer.
    Type: Grant
    Filed: June 1, 2017
    Date of Patent: June 2, 2020
    Assignee: MPH Technologies OY
    Inventors: Sami Vaarala, Antti Nuopponen
  • Patent number: 10659255
    Abstract: Devices, computer-readable media, and methods for routing traffic of a network service via a virtual private network that is configured in accordance with a virtual private network configuration preference of an identified user are described. A method may determine a network service that an endpoint device is attempting to access and may detect an identity of a user of the endpoint device. The processing system may obtain a plurality of virtual private network configuration preferences of the user, each of the plurality of virtual private network configuration preferences matching a virtual private network configuration preference with one or more of a plurality of network services, and route traffic of the endpoint device for the network service via a virtual private network that is configured in accordance with a virtual private network configuration preference of the plurality of virtual private network configuration preferences.
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: May 19, 2020
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: John Medamana, Michael Satterlee
  • Patent number: 10652046
    Abstract: Techniques are disclosed for implementing networks in a virtualized computing environment. One or more spoke virtual networks are instantiated and connected to a first virtual network hub to form a first hub and spoke topology. One or more spoke virtual networks are instantiated and connected to a second hub virtual network to form a second hub and spoke topology. A virtual connection is established from the first virtual network hub to the second hub virtual network. The first and second hub and spoke networks are allocated to a user of the virtualized computing environment.
    Type: Grant
    Filed: November 14, 2018
    Date of Patent: May 12, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Anna Skobodzinski, Lamia Youseff
  • Patent number: 10645172
    Abstract: Technology is described for communicating with a computer instance. A request may be received to create a session connection between a computing instance with a messaging service that operates in a computing service environment. The session connection may be created between the agent running on the computing instance and the messaging service. A socket tunneling connection may be generated to replace the session connection. The socket tunneling connection may be between the agent and the messaging service. Message data streams may be passed between the agent and the messaging service over the socket tunneling connection. An instruction received from a client device may be forwarded to the computing instance over a second socket tunneling connection created with the client device. Command output received from the computing instance over the second socket tunneling connection may be forwarded. The output may result from an execution of the instruction at the computing instance.
    Type: Grant
    Filed: March 30, 2017
    Date of Patent: May 5, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Amjad Hussain, Sivaprasad Venkata Padisetty, Steven Merlin Twitchell
  • Patent number: 10645065
    Abstract: Concepts and technologies disclosed herein are directed to proxy-based database encryption. According to one aspect, a database encryption proxy system can receive, from a database client, input of a Structured Query Language (“SQL”) statement and data to create an encrypted database table. At least a portion of the data is marked with an encrypted identifier to identify which data is to be encrypted by the proxy-based database. The database encryption proxy system can generate a random string for the portion of the data that is marked with the encrypted identifier. The database encryption proxy system can convert the SQL statement into a converted SQL statement that includes the random string in place of the portion of the data marked with the encrypted identifier and can send the converted SQL statement to a cloud database service that is configured to create the encrypted database table based upon the converted SQL statement.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: May 5, 2020
    Assignees: AT&T Intellectual Property I, L.P., AT&T Mobility II LLC
    Inventors: Xidong Wu, Zhengye Liu, Mario Kosseifi
  • Patent number: 10644983
    Abstract: Control plane analytics and policing may be provided. First, packets that traverse a port may be parsed. Next, based on the parsed packets, metrics for each of a plurality of hosts on a per-protocol basis may be created. The created metrics may then be analyzed and at least one restriction on at least one of the plurality of hosts may be applied based on the analysis.
    Type: Grant
    Filed: July 28, 2017
    Date of Patent: May 5, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Varagur Chandrasekaran, Srinivas Pitta, Ashok Ganesan, Naoshad Mehta
  • Patent number: 10637749
    Abstract: Various systems and techniques for remote machine management are described. Simulated device input (SDI) may be received from a source machine at a device driver module of a target machine, the source machine is remote from the target machine. The SDI may correspond to a local target input device serviced by the device driver module. The SDI may be provided to a consumer of the device driver module. A representation of a local target machine graphical display may be transmitted to the source machine including a response to the provided SDI.
    Type: Grant
    Filed: December 22, 2011
    Date of Patent: April 28, 2020
    Assignee: Intel Corporation
    Inventors: Ravikiran Chukka, Gyan Prakash, Rajesh Poornachandran
  • Patent number: 10630689
    Abstract: A security software comprises administrative module for configuring access levels and creating types of accounts and application server for domain filtering by checking against friendly and unfriendly inbound, outbound and exception lists. Hard filtering either approves, terminates requests or re-routes request without the user's knowledge. Soft filtering passes disapproved requests and sends an e-mail alert to authorized recipients. Content filtering includes checking a content of a requested document against a friendly, unfriendly list and exception list. Hard filtering passes or rejects the requested document. Soft filtering passes the requested document or rejects or approves by highlighting its content. Options include e-mail filtering that checks subject, sender's address and domain against an unfriendly, friendly and exception list. e-mail alert for hard filtering, inbound privacy shield, a pop up blocker, the application server acts as proxy server with proxy chaining capabilities.
    Type: Grant
    Filed: January 30, 2015
    Date of Patent: April 21, 2020
    Assignee: Joshua Haghpassand
    Inventor: Kirsten Aldrich
  • Patent number: 10630467
    Abstract: A method includes sending, to a compute device and via a private channel, a public key for asymmetric encryption. The method also includes concurrently authenticating the compute device and generating a traffic key for symmetric encryption, based at least in part on the public key. The method further includes sending a message to the compute device, the message being encrypted using the traffic key via the symmetric encryption.
    Type: Grant
    Filed: January 4, 2019
    Date of Patent: April 21, 2020
    Assignee: Blue Ridge Networks, Inc.
    Inventors: Thomas A. Gilbert, Kenneth A. Hardwick, Srinivas R. Mirmira
  • Patent number: 10630590
    Abstract: A credit loop that produces a deadlock is identified in a network of switches that are interconnected for packet traffic flows therethrough. The identification is carried out by periodically transmitting respective credit loop control messages from the loop-participating switches via their deadlock-suspected egress ports to respective next-hop switches. The CLCMs has switch port-unique identifiers (SPUIDs). The loop is identified when in one of the next-hop switches the SPUID of a received CLCM is equal to the SPUID of a transmitted CLCM thereof. A master switch is selected for resolving the deadlock.
    Type: Grant
    Filed: June 18, 2017
    Date of Patent: April 21, 2020
    Assignee: MELLANOX TECHNOLOGIES TLV LTD.
    Inventors: Alexander Shpiner, Eitan Zahavi, Vladimir Zdornov, Tal Anker, Matty Kadosh
  • Patent number: 10621365
    Abstract: An example method includes initializing, by an obfuscation computing system, communications with nodes in a distributed computing platform, the nodes including one or more compute nodes and a controller node, and performing at least one of: (a) code-level obfuscation for the distributed computing platform to obfuscate interactions between an external user computing system and the nodes, wherein performing the code-level obfuscation comprises obfuscating data associated with one or more commands provided by the user computing system and sending one or more obfuscated commands to at least one of the nodes in the distributed computing platform; or (b) system-level obfuscation for the distributed computing platform, wherein performing the system-level obfuscation comprises at least one of obfuscating system management tasks that are performed to manage the nodes or obfuscating network traffic data that is exchanged between the nodes.
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: April 14, 2020
    Assignee: ARCHITECTURE TECHNOLOGY CORPORATION
    Inventors: Judson Powers, Robert A. Joyce, Scott Aloisio, Matthew A. Stillerman
  • Patent number: 10609020
    Abstract: A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up.
    Type: Grant
    Filed: November 30, 2018
    Date of Patent: March 31, 2020
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: John Mattsson, Salvatore Loreto, Mats Näslund, Robert Skog, Hans Spaak
  • Patent number: 10601596
    Abstract: Techniques to secure computation data in a computing environment from untrusted code. These techniques involve an isolated environment within the computing environment and an application programming interface (API) component to execute a key exchange protocol that ensures data integrity and data confidentiality for data communicated out of the isolated environment. The isolated environment includes an isolated memory region to store a code package. The key exchange protocol further involves a verification process for the code package stored in the isolated environment to determine whether the one or more exchanged encryption keys have been compromised. If the signature successfully authenticates the one or more keys, a secure communication channel is established to the isolated environment and access to the code package's functionality is enabled. Other embodiments are described and claimed.
    Type: Grant
    Filed: February 12, 2019
    Date of Patent: March 24, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Manuel Costa, Orion Tamlin Hodson, Sriram Kottarakurichi Rajamani, Marcus Peinado, Mark Eugene Russinovich, Kapil Vaswani
  • Patent number: 10594656
    Abstract: A multi-tenant cloud-based firewall method from a client, performed by a cloud node, includes receiving a packet from the client, wherein the client is located externally from the cloud node; checking if a firewall session exists for the packet, and if so, processing the packet on a fast path where a lookup is performed to find the firewall session; if no firewall session exists, creating the firewall session; and processing the packet according to the firewall session and one or more rules. The cloud node can perform the method without a corresponding appliance or hardware on premises, at a location associated with the client, for providing a firewall.
    Type: Grant
    Filed: November 17, 2015
    Date of Patent: March 17, 2020
    Assignee: Zscaler, Inc.
    Inventors: Srikanth Devarajan, Vladimir Stepanenko, Ravinder Verma, James Kawamoto
  • Patent number: 10594672
    Abstract: System and methods are provided for admission to networks that include at least one node providing network coordinator functions. A network coordinator may have a random number generator, with the network coordinator distributing a random number within a network that include at least a first node and a second node. The network coordinator may receive a request for a dynamic encryption key from the first node, with the request being encrypted using a static encryption key unique to the first node, and with the static encryption key being determined based on the distributed random number. The network coordinator may then send a dynamic encryption key to the first node, with the dynamic encryption key being encrypted using the static encryption key. The second node may then admit the first node into the network. The network may be a Multimedia over Coax Alliance (MoCA®) network.
    Type: Grant
    Filed: February 26, 2018
    Date of Patent: March 17, 2020
    Assignee: ENTROPIC COMMUNICATIONS, LLC
    Inventors: Changwen Liu, Ronald B. Lee
  • Patent number: 10594787
    Abstract: Systems and methods are provided for proximity-based sorting. Information may be transmitted to user devices from beacons or similar transmitter-type devices. Based on this information, the user devices may be categorized or sorted based upon which beacons the user devices are proximate to, pass, or from which beacon the information is received. Subsequent activities and/or operations may then leverage this categorization or sorting of users.
    Type: Grant
    Filed: April 12, 2016
    Date of Patent: March 17, 2020
    Assignee: DISNEY ENTERPRISES, INC.
    Inventor: Mark Arana
  • Patent number: 10594753
    Abstract: A method, computer program product, and computing device for monitoring network activity associated with streaming a data load through a stream application including a plurality of stream operators deployed on a plurality of computing devices. One or more stream operators with one or more external connections may be identified from the plurality of stream operators. The identified one or more stream operators may be deployed based upon, at least in part, the one or more external connections.
    Type: Grant
    Filed: January 3, 2018
    Date of Patent: March 17, 2020
    Assignee: International Business Machines Corporation
    Inventors: Alexander Cook, Peter A. Nicholls, Jason A. Nikolai, John M. Santosuosso
  • Patent number: 10586065
    Abstract: A method for secure data management in a computer network includes automatically calculating a key from a predetermined number of key fragments of a predetermined length for an encryption of data, encrypting data of a data set to be protected by the calculated key, dividing the data set into a predetermined number of data subsets, wherein the above steps are carried out by at least one processing computer system from a group of processing computer systems, and transmitting the key fragments and the data subsets to a distributed protection system in the computer network, wherein in each case one or more key fragments and in each case one or more data subsets are transmitted respectively from the at least one processing computer system to in each case one entity from a plurality of entities of the distributed protection system in the computer network, and storing all transmitted key fragments and data subsets in the respective entities of the distributed protection system.
    Type: Grant
    Filed: August 10, 2017
    Date of Patent: March 10, 2020
    Assignee: FujitsuTechnology Solutions Intellectual Property GmbH
    Inventor: Heinz-Josef Claes
  • Patent number: 10587489
    Abstract: Embodiments relate to systems and methods for electronically conditioning transmission of communications based on results of a connection assessment. An electronic file is executed at an electronic device, which causes a first query and a second query to be presented. A first query response and a second query response are identified. The first query response is stored in a locked configuration that inhibits the ability to modify the first query response to the first query. The second query response is stored but is not stored in the locked configuration. Query response data is generated that includes an identifier of the second query, an identifier of the second query response and an identifier of the electronic device. A connection variable is determined by assessing one or more network connections available to the electronic device. When a transmission condition is satisfied, the query response data is transmitted to another device.
    Type: Grant
    Filed: March 21, 2019
    Date of Patent: March 10, 2020
    Assignee: PEARSON EDUCATION, INC.
    Inventors: Brendan Kealey, Paul Arens, Adam Krapfl, Paul Grudnitski, Robbie Allen Nielsen, James Setaro, Jason Sobanski
  • Patent number: 10586057
    Abstract: The present disclosure relates to processing data queries on a logically sharded data store. An example method generally includes receiving, from a client device, a query. The query generally comprises one or more data items and wherein at least one of the one or more data items comprises sensitive data. A query processor obtains, from a key management server, a cryptographic key to use to encrypt the record based on data derived from the one or more data items comprising sensitive data and a type of the sensitive data. The query processor generates an encrypted query based on the query and the obtained cryptographic key and executes the encrypted query against the logically sharded database.
    Type: Grant
    Filed: November 16, 2017
    Date of Patent: March 10, 2020
    Assignee: INTUIT INC.
    Inventors: Gleb Keselman, Ernesto Nebel, Jeffery Weber, Noah Kauhane, Vinu Somayaji, Yaron Sheffer
  • Patent number: 10582389
    Abstract: Methods, systems, and devices for wireless communication are described. A user equipment (UE) may receive a paging message that includes a secured UE identifier calculated based on a security configuration negotiated between the UE and a trusted source, e.g., a mobility management entity (MME) of the core network. The UE may determine whether the paging message is received from the trusted source or an untrusted source based on the secured UE identifier. The UE may transmit a connection request message based on the determination that the paging message is received from a trusted source.
    Type: Grant
    Filed: October 12, 2018
    Date of Patent: March 3, 2020
    Assignee: QUALCOMM Incorporated
    Inventors: Yogesh Bhalchandra Deshpande, Mungal Singh Dhanda, Adrian Edward Escott
  • Patent number: 10581865
    Abstract: A computer-implemented method comprises posting, by a broker computing device, identity awareness data for a plurality of client computing devices to a distributed data repository (DDP); receiving, by a networking hardware device, the identity awareness data from the DDP; using, by the networking hardware device, the identity awareness data from the DDP to authenticate a client computing device requesting access to at least one Internet of Things (IoT) computing device; in response to authenticating the client computing device, creating, by the networking hardware device, a session for the client computing device to communicate with the at least one IoT computing device, wherein creating a session comprises: opening a port on the networking hardware device, wherein communication between the client computing device and the at least one IoT computing device is through the port; posting information relating to the session as authentication session information to the DDP.
    Type: Grant
    Filed: February 20, 2019
    Date of Patent: March 3, 2020
    Assignee: Xage Security, Inc.
    Inventors: Susanto Junaidi Irwan, Roman M. Arutyunov, Ganesh B. Jampani, Dhananjayan Santhanakrishnan
  • Patent number: 10581830
    Abstract: A monitoring device manages information regarding a first reception port and information regarding a second reception port in regard to an IP address of a self-device. The monitoring device issues a route certificate corresponding to a first server certificate and a route certificate corresponding to a second server certificate for realizing communication of relatively lower security strength than the first server certificate, and associates the first server certificate with the first reception port and associates the second server certificate with the second reception port. The monitoring device decides, as data for each reception port, a connection URL and a port number of each reception port, transmits the route certificate corresponding to the first server certificate and data for the first reception port to the network device.
    Type: Grant
    Filed: December 26, 2017
    Date of Patent: March 3, 2020
    Assignee: Canon Kabushiki Kaisha
    Inventor: Akiko Hirahara
  • Patent number: 10579800
    Abstract: A system which provides remote attestation of a cloud infrastructure comprises a plurality of attestation servers, a virtual machine (VM), and a VM scheduler arranged to register the VM for attestation and deploy the VM to a VM host within the cloud. More than one of the plurality of attestation servers are selected and mapped to the deployed VM, and each of the more than one mapped attestation servers is arranged to collect perform remote attestations of the deployed VM and its VM host. Performing remote attestations comprises transmitting a request for trust evidence to the VM and VM host, receiving, storing trust evidence transmitted by the VM and VM host and transmitting VM and VM host trust evidence to a cloud user.
    Type: Grant
    Filed: April 11, 2017
    Date of Patent: March 3, 2020
    Assignee: 100 Percent IT Ltd
    Inventor: David Blundell
  • Patent number: 10574703
    Abstract: Techniques are described for delivering one or more first resources of a page using a first security level, and delivering one or more second resources of a page using a second, different security level. A page is generated to include elements identifying resources to be presented in the page, and the elements may include security level identifiers indicating a security level to be employed in communicating the corresponding resource. Each security level may be associated with a set of security measures that ensure the integrity or confidentiality of the resource while it is communicated. The use of multiple security levels to communicate multiple resources may provide appropriate security for each resource, reducing latency and overhead in page generation, communication, and rendering.
    Type: Grant
    Filed: March 7, 2018
    Date of Patent: February 25, 2020
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Alexander Julian Tribble, Robert Barry, Jeremy Boynes, Igor Spac
  • Patent number: 10572644
    Abstract: A technique is described herein by which a user may gain access to a target resource via one or more particular peripheral devices that have been associated with the user. The technique performs this task by detecting when a user communicatively couples an identity-bearing component to a hub device. The user may thereafter use any input and/or output peripheral device that is also coupled to hub device to interact with the target resource, in a manner specified by authentication information associated with the user. In another use scenario, two or more users may interact with the same target resource via respective collections of user-associated peripheral devices.
    Type: Grant
    Filed: January 26, 2017
    Date of Patent: February 25, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: John C. Gordon
  • Patent number: 10574569
    Abstract: At an SDN controller executing using a processor and a memory, a tracing packet is configured with a default value in a tag field. The tracing packet is inserted from the SDN controller into the SDN at a switch in the SDN. A returned packet and a port identifier is received at the controller, from the switch, the returned packet including a modified content in a location of the tracing packet that is different from the tag field. The port identifier corresponds to a port of the switch on which the switch received the returned packet from an middlebox. A function of the middlebox is identified by analyzing a modification applied to the modified content by the middlebox. The function of the middlebox and a location of the middlebox in the SDN are saved. The location includes the port identifier and an identifier of the switch.
    Type: Grant
    Filed: January 25, 2019
    Date of Patent: February 25, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Kanak B. Agarwal, Eric J. Rozner
  • Patent number: 10575170
    Abstract: The subject matter describes devices, networks, systems, media, and methods to create secure communications between wireless devices and cellular networks, where the wireless devices communicate with the cellular networks via multi-hopping methods in non-cellular networks.
    Type: Grant
    Filed: October 15, 2018
    Date of Patent: February 25, 2020
    Assignee: M87, INC.
    Inventors: Vidur Bhargava, Eric Kord Henderson, Peter Matthew Feldman
  • Patent number: 10558818
    Abstract: An implementation of this disclosure provides a system comprising memory to store a plurality of layers and a processing device coupled to that memory to set up the layers and to mount them into an overlay. The layers comprise an upper and one or more lower layers. The overlay provides access to a plurality files stored in the overlay filesystem. A request from an application to access a file in the mounted overlay is received. An access policy for the mounter that mounted the layers is identified in view of the mounter's credentials. The processing device checks, in view of the access policy, whether a security context label for the file provides access to the application and to the mounter of the overlay in at least one lower layer comprising the file. An instruction to provide the application with access to the file is issued in view of the check.
    Type: Grant
    Filed: February 22, 2017
    Date of Patent: February 11, 2020
    Assignee: Red Hat, Inc.
    Inventors: Vivek Goyal, Daniel Walsh, David Howells, Miklos Szeredi
  • Patent number: 10552068
    Abstract: Disclosed are a device and method for accessing to a RAM and a control chip. The device includes a register module configured to acquire attribute information and startup information configured by a CPU and send the startup information to a searching and matching module, and also configured to store data information successfully matched by the searching and matching module and instruct the CPU to read the data information. The searching and matching module is configured to send address information to an RAM interface module according to the startup information, and also configured to acquire the data information sent by the RAM interface module, match the data information based on the attribute information in the register module and send the data information to the register module after matching is successful.
    Type: Grant
    Filed: June 12, 2016
    Date of Patent: February 4, 2020
    Assignee: Sanechips Technology Co., Ltd.
    Inventor: Meng Zhang
  • Patent number: 10555177
    Abstract: A method of operation of a terminal device in a cellular communications network is disclosed. The method comprises sending a GMM Attach Request message to the network, the GMM Attach Request message identifying security capabilities of the terminal device. The terminal device receiving from the network an echo message in the GMM layer including information identifying the security capabilities of the terminal device, wherein the echo message is received with integrity protection.
    Type: Grant
    Filed: October 4, 2016
    Date of Patent: February 4, 2020
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Monica Wifvesson, Noamen Ben Henda, Magnus Karlsson, Vesa Lehtovirta, Katharina Pfeffer, Vesa Torvinen
  • Patent number: 10554634
    Abstract: Techniques for sharing private data objects in a trusted execution environment using a distributed ledger are described. The techniques described herein may enable sharing of data objects, referred to herein as private data objects (PDOs), between individuals and organizations with access and update policies mediated by execution of code (referred to herein as a “smart contract”) carried with the PDO in a secure enclave. A distributed ledger may serve as a “public commit log” to ensure that there is a single, authoritative instance of the object and provide a means of guaranteeing atomicity of updates across interacting objects.
    Type: Grant
    Filed: September 29, 2017
    Date of Patent: February 4, 2020
    Assignee: INTEL CORPORATION
    Inventors: Mic Bowman, Andrea Miele, James P. Held, Anand Rajan
  • Patent number: 10547591
    Abstract: A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other computers in the local network unless preceded by an inbound connection. In some embodiments, a request from an external address is processed by the network device by transmitting network information for the computer to the external address and temporarily changes network rules to allow connections from the external address. In some embodiments, if the computer attempts a disallowed connection, the connection attempt is routed through a proxy server by providing network data for the proxy server to the computer.
    Type: Grant
    Filed: October 16, 2018
    Date of Patent: January 28, 2020
    Assignee: Pango Inc.
    Inventors: Eugene Lapidous, Artem Arsitov
  • Patent number: 10541976
    Abstract: A network device allows inbound connections from external addresses to a computer on a local network while forbidding output connections from the computer to that external address unless preceded by an inbound connection therefrom. In some embodiments, the computer is allowed to accept inbound connections from external addresses but is not permitted to initiate outbound connections to other computers in the local network unless preceded by an inbound connection. In some embodiments, a request from an external address is processed by the network device by transmitting network information for the computer to the external address and temporarily changes network rules to allow connections from the external address. In some embodiments, if the computer attempts a disallowed connection, the connection attempt is routed through a proxy server by providing network data for the proxy server to the computer.
    Type: Grant
    Filed: October 16, 2018
    Date of Patent: January 21, 2020
    Assignee: Pango Inc.
    Inventor: Eugene Lapidous
  • Patent number: 10541971
    Abstract: A computer-implemented method, including: in response to a request from a client device, establishing a network tunnel between the client device and a gateway, the gateway implementing a firewall including firewall rules for selectively blocking and allowing network traffic between the client device and one or more network devices in a private network; in response to an update to a policy after establishing the network tunnel, receiving a first token; and in response to receiving the first token, updating at least one of the firewall rules while the network tunnel is active.
    Type: Grant
    Filed: January 17, 2017
    Date of Patent: January 21, 2020
    Assignee: CRYPTZONE NORTH AMERICA, INC.
    Inventors: Kurt Glazemakers, Natan Abolafya, Gokhan Berberoglu, Thomas Bruno Emmanuel Cellerier, Aitor Perez Iturri, Per Leino, Jamie Bodley-Scott
  • Patent number: 10521568
    Abstract: Authentication translation is disclosed. A request to access a resource is received at an authentication translator, as is an authentication input. The authentication input corresponds to at least one stored record. The stored record is associated at least with the resource. In response to the receiving, a previously stored credential associated with the resource is accessed. The credential is provided to the resource.
    Type: Grant
    Filed: February 12, 2019
    Date of Patent: December 31, 2019
    Assignee: RightQuestion, LLC
    Inventor: Bjorn Markus Jakobsson
  • Patent number: 10523642
    Abstract: This invention establishes a physical corner stone to build upon it a towering cyber space—creating a baseline which is out of bounds for remote hackers, and is tamper resistant to hands on attackers—intended to survive even a catastrophic breach of the host network, and subsequently serve as a leverage to recover from the attack. Foundational security for critical infrastructure.
    Type: Grant
    Filed: June 18, 2019
    Date of Patent: December 31, 2019
    Inventor: Gideon Samid
  • Patent number: 10523443
    Abstract: Authentication and provenance of physical assets may be achieved by attaching a cryptographically strong RFID tag including a physically unclonable function and public-key cryptography logic which implements a digital signature algorithm. The cryptographically strong RFID tag directly participates in a novel implementation of blockchain technology, constructing an indelible and cryptographically provable record of authenticity and provenance with a new level of trustworthiness to protect physical assets.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: December 31, 2019
    Inventor: Bruce Kleinman
  • Patent number: 10523423
    Abstract: A method and system of creating and managing encryption keys that facilitates sharing of encrypted content. The system may include an information management system with a key management server and a computing device having an encryption service module. The encryption service module detects operations at the computing device and encrypts a document with an encryption key created using user information and a secret.
    Type: Grant
    Filed: August 9, 2017
    Date of Patent: December 31, 2019
    Assignee: NextLabs, Inc.
    Inventors: Keng Lim, Poon Fung
  • Patent number: 10503533
    Abstract: An app store can have a multiuser streaming app. A thin front end appears on the user devices and the rest of the app instances run in virtual machines in a data center of the app store. A web page at an URL Phi can contain a linket Theta. Phi is seen in a mobile browser. If Theta is picked, the mobile device sends Theta and Phi to the Registry. The Registry logs both. Future analysis of the log tells where (Phi) the linket appeared. A bidirectional capability. The app server for the linket can also get Phi, and use the pair for similar analysis. An ad server which made an ad containing Theta, which appeared in Phi, can analyse the log to measure the efficacy of posting the ad to Theta. Phi can also be an app.
    Type: Grant
    Filed: January 4, 2016
    Date of Patent: December 10, 2019
    Inventor: Wesley John Boudville
  • Patent number: 10498705
    Abstract: A method for encrypting data when a device is offline is disclosed. In the method, a determination is made as to whether a successful connection with a remote server computer can or cannot be made. If a connection cannot be made, then data can be encrypted with an ephemeral public key. Later, then a connection is available, the encrypted data can be transmitted to the remote server computer for processing.
    Type: Grant
    Filed: November 15, 2017
    Date of Patent: December 3, 2019
    Assignee: Visa International Service Association
    Inventors: Rhidian John, Bartlomiej Piotr Prokop, Michael Palmer
  • Patent number: 10498714
    Abstract: A method for obtaining an encryption/authentication key uses multiple return channels over which to send parts of the key, which parts are then combined to form the actual key. A method includes receiving an open request for a first key which is a trusted key wrapped in a public key. The open request includes an authentication request value that identifies the open request as a verified setup directory service, the public key, an email address and a specified out-of-band channel. The server sends a first reply sent directly back with a first half of the first key offset by a unique value and wrapped using the public key. The second reply is sent via email which includes a second half of the first key offset by the first half of the first key. The third reply is sent over the out-of-band channel, which includes the unique value.
    Type: Grant
    Filed: June 21, 2016
    Date of Patent: December 3, 2019
    Assignee: Qwyit LLC
    Inventor: R. Paul McGough