Particular Node (e.g., Gateway, Bridge, Router, Etc.) For Directing Data And Applying Cryptography Patents (Class 713/153)
  • Patent number: 11461477
    Abstract: An example method includes initializing, by an obfuscation computing system, communications with nodes in a distributed computing platform, the nodes including one or more compute nodes and a controller node, and performing at least one of: (a) code-level obfuscation for the distributed computing platform to obfuscate interactions between an external user computing system and the nodes, wherein performing the code-level obfuscation comprises obfuscating data associated with one or more commands provided by the user computing system and sending one or more obfuscated commands to at least one of the nodes in the distributed computing platform; or (b) system-level obfuscation for the distributed computing platform, wherein performing the system-level obfuscation comprises at least one of obfuscating system management tasks that are performed to manage the nodes or obfuscating network traffic data that is exchanged between the nodes.
    Type: Grant
    Filed: April 2, 2020
    Date of Patent: October 4, 2022
    Assignee: Architecture Technology Corporation
    Inventors: Judson Powers, Robert A. Joyce, Scott Aloisio, Matthew A. Stillerman
  • Patent number: 11461475
    Abstract: An electronic device including a secure Integrated Circuit (IC) is provided. The electronic device includes a secure IC configured as a System-on-Chip (SoC) and configured to provide a general environment and a security environment, wherein the secure IC includes a main processor configured to operate in the general environment, a secure processor configured to operate in the security environment and control security of data using a first security key, and a secure memory configured to be operatively connected to the secure processor and store a second security key corresponding to the first security key. Various other embodiments are possible.
    Type: Grant
    Filed: March 11, 2020
    Date of Patent: October 4, 2022
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Bumhan Kim, Sunjune Kong, Seongjin Cho
  • Patent number: 11456860
    Abstract: A method may include establishing a transport layer session between a gateway appliance and at least one virtual delivery appliance, establishing a presentation layer session between the gateway appliance and the at least one virtual delivery appliance via the transport layer session, and establishing a connection lease exchange tunnel between the gateway appliance and the at least one virtual delivery appliance via the presentation layer session. The method further include receiving, at the at least one virtual delivery appliance, a connection lease from a client device via the gateway appliance through the connection lease exchange tunnel and validating the connection lease, and issuing a resource connection ticket at the at least one virtual delivery appliance to the client device through the connection lease exchange tunnel responsive to the validation.
    Type: Grant
    Filed: May 19, 2020
    Date of Patent: September 27, 2022
    Assignee: CITRIX SYSTEMS, INC.
    Inventors: Georgy Momchilov, Hubert Divoux, Roberto Valdes
  • Patent number: 11455412
    Abstract: This disclosure provides enhanced management of access rights for dynamic groups of users sharing secret data. Instead of relying on traditional administrative techniques for modifying access rights for stored data, the techniques disclosed herein allow a storage service to communicate with a group management system to verify membership of user groups, e.g., channels, chat session, or meetings, and automatically change access rights to stored data as users leave or join a group. Encrypted data can be stored within a storage vault. The storage vault can be dedicated to storing encrypted data shared between a user group, e.g. a channel. A server managing the storage vault can receive membership data from a group management service. As users join the group or leave a group managed by the group management service, each user's access permissions to the storage vault can be added, removed or modified.
    Type: Grant
    Filed: December 3, 2019
    Date of Patent: September 27, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Alexander Weiss, Eric Scott Albright, Dustyn J. Tubbs, Paresh Lukka, Andrew V. Spiziri, Lawrence Fubini Waldman
  • Patent number: 11456861
    Abstract: A computing system may include a client device configured to remotely access virtual computing sessions, and a virtual delivery appliance configured to connect the client device to the virtual computing sessions. The client device and the virtual delivery appliance may share a symmetric encryption key and encrypt data communications exchanged therebetween with the symmetric encryption key. The system may further include a gateway appliance configured to relay the encrypted communications between the client device and the virtual delivery appliance, the gateway appliance not having the symmetric key and being unable to decrypt the encrypted communications relayed between the virtual delivery appliance and the client device.
    Type: Grant
    Filed: May 20, 2020
    Date of Patent: September 27, 2022
    Assignee: CITRIX SYSTEMS, INC.
    Inventors: Georgy Momchilov, Hubert Divoux, Roberto Valdes
  • Patent number: 11449915
    Abstract: Provided herein are system, apparatus, device, method and/or computer program product embodiments, and/or combinations and sub-combinations thereof, for identifying second products in an inventory of a second ecommerce site that are at least similar to a first product currently being displayed to an user by a first ecommerce site, and displaying the second products for viewing and purchase by the user at the first ecommerce site.
    Type: Grant
    Filed: March 19, 2019
    Date of Patent: September 20, 2022
    Assignee: MERCARI, INC.
    Inventors: Dani Arnaout, Jihad Kawas
  • Patent number: 11449333
    Abstract: An apparatus, and a method, performed by one or more processors are disclosed. The method may comprise receiving a build request associated with performing an external data processing task on a first data set, the first data set being stored in memory associated with a data processing platform to be performed at a system external to the data processing platform. The method may also comprise generating a task identifier for the data processing task, and providing, in association with the task identifier, the first data set to an agent associated with the external system with an indication of the data processing task, the agent being arranged to cause performance of the task at the external system, to receive a second data set resulting from performance of the task, and to provide the second data set and associated metadata indicative of the transformation.
    Type: Grant
    Filed: June 12, 2020
    Date of Patent: September 20, 2022
    Assignee: Palantir Technologies Inc.
    Inventors: Audrey Kuan, Andrew Kaier, Eric Lee, Jasjit Grewal, Mark Elliot, Nitish Kulkarni, Robert Fink, Samuel Rogerson, Thomas Pearson, Thomas Powell, Lawrence Manning, Corey Garvey
  • Patent number: 11451564
    Abstract: A method for disrupting a detected cyberthreat can include receiving a request, the request identifying suspected malicious content; identifying one or more indicators of compromise (IOCs) associated with the content; enriching the request with the IOCs; verifying the request; and reporting the verified request and the one or more IOCs to a disruption network.
    Type: Grant
    Filed: September 21, 2021
    Date of Patent: September 20, 2022
    Assignee: ZeroFOX, Inc.
    Inventors: Samuel Kevin Small, Michael Morgan Price, Jason Emile Sumpter, James Christopher Foster
  • Patent number: 11451640
    Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both.
    Type: Grant
    Filed: May 3, 2020
    Date of Patent: September 20, 2022
    Assignee: BRIGHT DATA LTD.
    Inventors: Derry Shribman, Ofer Vilenski
  • Patent number: 11451846
    Abstract: A method of transmitting entitlement messages to content consumption devices in a access control system, the method comprising periodically transmitting entitlement messages to content consumption devices in a access control system and periodically extending an expiry time comprised in the entitlement messages. The entitlement messages comprise indicator data indicating to the content consumption devices that subsequent entitlement messages loaded into a content consumption device after a first entitlement message is loaded into the content consumption device shall not be used by the content consumption device to access protected media content.
    Type: Grant
    Filed: June 25, 2021
    Date of Patent: September 20, 2022
    Assignee: NAGRAVISION S.A.
    Inventors: Didier Hunacek, Jean-Bernard Fischer
  • Patent number: 11451385
    Abstract: A device generates a biometric public key for an individual based on both the individual's biometric data and a secret S, in a manner that verifiably characterizes both while tending to prevent recovery of either. The biometric data has a Sparse Representation and is encoded in a manner to include a component of noise, such that it is challenging to identify which locations are actually encoded features. Accordingly, the biometric data are encoded as a vector by choosing marker at locations where features are present and, where features are not present, choosing noisy data. The noisy data may be chaff bit values selected collectively from a group of (a) random values and (b) independent and identically distributed values. The biometric public key may be later used to authenticate a subject purporting to be the individual, using a computing facility that need not rely on a hardware root of trust.
    Type: Grant
    Filed: January 29, 2020
    Date of Patent: September 20, 2022
    Assignee: Badge Inc.
    Inventors: Charles H. Herder, III, Tina P. Srivastava
  • Patent number: 11445022
    Abstract: A system and method is provided for service level agreement (SLA) based data storage and verification. According to one exemplary aspect, a method includes receiving, from a client device, a request to perform data verification of data relating to a file stored on a remote storage computer; accessing, by a processor, at least one SLA to determine a fault tolerance for the file stored on the remote storage computer; sending, by the processor to the remote storage computer, a request to store k derivatives of the file in the remote storage computer; and transmitting, to the client device, an indication of a location of the k derivatives of the file in the remote storage computer.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: September 13, 2022
    Assignee: Acronis International GmbH
    Inventors: Alexander Tormasov, Stanislav S. Protasov, Serguei M. Beloussov
  • Patent number: 11444911
    Abstract: Domain name system (DNS) configuration during virtual private network (VPN) connection includes establishing a VPN tunnel between a client device and a VPN system entry server, which includes configuring a first DNS server as an operative DNS server for the VPN tunnel, and obtaining first content by transmitting to the VPN entry server, a first request that identifies a first external source for the first content, receiving from the VPN entry server a DNS configuration message indicating a second DNS server, configuring the second DNS server as the operative DNS server, and receiving from the VPN entry server, via the VPN tunnel, the first content, wherein the VPN entry server obtained the first content from the first VPN system exit server identified by the VPN entry server using the second DNS server, and the first VPN system exit server obtained the first content from the first external source.
    Type: Grant
    Filed: February 22, 2022
    Date of Patent: September 13, 2022
    Assignee: Oversec, UAB
    Inventor: Lukas Baltrenas
  • Patent number: 11444753
    Abstract: In some aspects, a cryptography method includes executing, by operation of a first computing device associated with a first entity, a first handshake process with a second entity according to a first handshake protocol to establish a first symmetric encryption key for a first encryption protocol; executing, by operation of the first computing device, a second handshake process with the second entity to establish a second symmetric encryption key for a second encryption protocol. Executing the second handshake process includes: generating second handshake data according to a second handshake protocol; encrypting the second handshake data using the first symmetric encryption key with the first encryption protocol; and sending the encrypted second handshake data to a second computing device associated with the second entity; and using the second symmetric encryption key and the second encryption protocol for single-encrypted communication over a communication channel between the first and second entities.
    Type: Grant
    Filed: March 9, 2022
    Date of Patent: September 13, 2022
    Assignee: ISARA Corporation
    Inventors: Robert Williams, Alexander Truskovsky
  • Patent number: 11438325
    Abstract: One example method includes contacting, by a client, a service, receiving a credential from the service, obtaining trust information from a trust broker, comparing the credential with the trust information, and either connecting to the service if the credential and trust information match, or declining to connect to the service if the credential and the trust information do not match. Other than by way of the trust information obtained from the trust broker, the client may have no way to verify whether or not the service can be trusted.
    Type: Grant
    Filed: February 28, 2020
    Date of Patent: September 6, 2022
    Assignee: EMC IP Holding Company LLC
    Inventors: Ido Begun, Jehuda Shemer
  • Patent number: 11431485
    Abstract: A system includes at least one processor to receive a second public key, a first random number, and a second random number, and store the second public key, the first random number, and the second random number in an installation record, perform key agreement with a first private key and the second public key to determine a MasterSecret, perform key expansion with the MasterSecret, the first random number, and the second random number to generate a client authentication key, a server authentication key, a client encryption key, and a server encryption key, and store the client authentication key, the server authentication key, the client encryption key, and the server encryption key and delete the MasterSecret.
    Type: Grant
    Filed: April 14, 2020
    Date of Patent: August 30, 2022
    Assignee: Aclara Technologies LLC
    Inventor: Timothy Dierking
  • Patent number: 11431592
    Abstract: A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed on a second host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that the second packet flow was transmitted by a component that bypassed an operating stack of the first host or a packet capture agent at the device to yield a determination, detecting that hidden network traffic exists, and predicting a malware issue with the first host based on the determination.
    Type: Grant
    Filed: October 21, 2019
    Date of Patent: August 30, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Khawar Deen, Navindra Yadav, Anubhav Gupta, Shashidhar Gandham, Rohit Chandra Prasad, Abhishek Ranjan Singh, Shih-Chun Chang
  • Patent number: 11425061
    Abstract: Disclosed are a messaging system, apparatuses circuits and methods of operation thereof. A messaging client device is adapted to receive an impermanent message and to manage the received message in accordance with a message management policy associated with the message. An impermanent messaging server is adapted to validate said messaging client device as complying with message management policies prior to authorizing transmission of the message to said messaging client device.
    Type: Grant
    Filed: March 16, 2021
    Date of Patent: August 23, 2022
    Assignee: TigerConnect, Inc.
    Inventors: Andrew Brooks, Brad Brooks, Sumeet Bhatia, Jeffrey Evans
  • Patent number: 11418951
    Abstract: A method for identifying an encrypted data stream, a device, a readable storage medium and a system are provided.
    Type: Grant
    Filed: April 15, 2020
    Date of Patent: August 16, 2022
    Assignee: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS CORP., LTD.
    Inventor: Hai Tang
  • Patent number: 11416771
    Abstract: Mechanisms are provided for identifying risky user entitlements in an identity and access management (IAM) computing system. A self-learning peer group analysis (SLPGA) engine receives an IAM data set which specifies user attributes of users of computing resources and entitlements allocated to the users for accessing the computing resources. The SLPGA engine generates a user-entitlement matrix, performs a machine learning matrix decomposition operation on the user-entitlement matrix to identify excessive entitlement allocations, and performs a conditional entropy analysis of the user attributes and entitlements in the IAM data set to identify a set of user attributes for defining peer groups. The SLPGA engine performs a commonality analysis of user attributes and entitlements for each of one or more peer groups defined based on the set of user attributes, and identifies outlier entitlements based on the identification of the excessive entitlement allocations and results of the commonality analysis.
    Type: Grant
    Filed: November 11, 2019
    Date of Patent: August 16, 2022
    Assignee: International Business Machines Corporation
    Inventors: Priti P. Patil, Kushaal Veijay, Ian M. Molloy
  • Patent number: 11418542
    Abstract: A system for providing network data processing, comprising a processor operating one of more algorithms that are configured to interface with one or more clients to receive a client hello data message. A transport layer security extension extraction system operating on the processor and configured to extract an extension from the client hello data message. A transport layer security extension identification system operating on the processor and configured to process the extension from the client hello data message and to identify a data networking session using the extension.
    Type: Grant
    Filed: January 23, 2020
    Date of Patent: August 16, 2022
    Assignee: FORCEPOINT LLC
    Inventors: Jenny Anniina Heino, Tuomo Syvanne, Welf Christian Jalio, Olli-Pekka Niemi
  • Patent number: 11416417
    Abstract: A method is provided that includes reading data in a storage medium, detecting, during the reading of the data in the storage medium, by a controller a change in an encryption/decryption scheme used to read and write the data in the storage medium, in response to detecting the change in encryption/decryption scheme in the data, causing, by the controller, a logical block address to return an indication of being written in zeros when a physical block address associated with the logical block address encrypted using an first encryption/decryption scheme, and causing, by the controller, a write channel to write zeroes using a second encryption/decryption scheme to the physical block address.
    Type: Grant
    Filed: May 18, 2020
    Date of Patent: August 16, 2022
    Assignee: Western Digital Technologies, Inc.
    Inventors: Darin Edward Gerhart, Cory Lappi, Daniel Robert Lipps, William Jared Walker
  • Patent number: 11412066
    Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both.
    Type: Grant
    Filed: May 3, 2020
    Date of Patent: August 9, 2022
    Assignee: BRIGHT DATA LTD.
    Inventors: Derry Shribman, Ofer Vilenski
  • Patent number: 11411953
    Abstract: In some embodiments, a secure local connection between a network node of a network and an edge device attached to the network node is provided by extending the security of the network to this local connection. The edge device attached to the network node communicates with a network manager of the network to obtain security keys and security credentials for the edge device. Using the security keys and the security credentials, the edge device can establish a secure channel between the network node and the edge device over the local connection. The edge device further communicates with the network manager to exchange routing information and to obtain a network address for the edge device. The edge device can then communicate, through the network node, with other network nodes in the network using the security keys, the security credentials, and the network address.
    Type: Grant
    Filed: May 5, 2020
    Date of Patent: August 9, 2022
    Assignee: LANDIS+GYR INNOVATIONS, INC.
    Inventor: Stephen John Chasko
  • Patent number: 11405179
    Abstract: This disclosure describes techniques that include performing cryptographic operations (encryption, decryption, generation of a message authentication code). Such techniques may involve the data processing unit performing any of multiple modes of encryption, decryption, and/or other cryptographic operation procedures or standards, including, Advanced Encryption Standard (AES) cryptographic operations. In some examples, the security block is implemented as a unified, multi-threaded, high-throughput encryption and decryption system for performing multiple modes of AES operations.
    Type: Grant
    Filed: March 15, 2021
    Date of Patent: August 2, 2022
    Assignee: Fungible, Inc.
    Inventors: Philip A. Thomas, Rajan Goyal, Eric Scot Swartzendruber
  • Patent number: 11397805
    Abstract: A lateral movement path detector is disclosed. Data is gathered via programmatic access to a management service director through a REST API endpoint. The data is grouped into a graph having nodes of users, groups, and devices. The nodes coupled together via edges. A visualization of the graph is provided to illustrate lateral paths of the management service directory.
    Type: Grant
    Filed: May 9, 2019
    Date of Patent: July 26, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Tal Joseph Maor
  • Patent number: 11398831
    Abstract: Temporal link encoding, including: identifying a data type of a data value to be transmitted; determining that the data type is included in one or more data types for temporal encoding; and transmitting the data value using temporal encoding.
    Type: Grant
    Filed: May 7, 2020
    Date of Patent: July 26, 2022
    Assignee: ADVANCED MICRO DEVICES, INC.
    Inventors: Onur Kayiran, Steven Raasch, Sergey Blagodurov, Jagadish B. Kotra
  • Patent number: 11397946
    Abstract: Systems and methods are provided for merchant mobile acceptance of user device data. For example, a method comprises receiving encrypted user device data and reader metadata from a merchant mobile device, determining a device reader API and device reader encryption scheme using the device reader metadata, parsing the encrypted user device data using the device reader API to determine encrypted personal information, and decrypting the encrypted personal information using the reader encryption scheme.
    Type: Grant
    Filed: May 30, 2018
    Date of Patent: July 26, 2022
    Assignee: VISA INTERNATIONAL SERVICE ASSOCIATION
    Inventors: Avinash Kalgi, Qian Wang
  • Patent number: 11394535
    Abstract: A computing system may include a plurality of Point of Presence computing devices (PoPs) configured to provide access to a computing network(s), and a plurality of gateway appliances. The gateway appliances may be configured to relay communications between client devices and virtual delivery appliances to provide the client devices with access to virtual sessions. The gateway appliances may route client device communications through the PoPs based upon gateway connection tickets, and may also generate the gateway connection tickets including a payload encrypted with a symmetric encryption key, and a plurality of different versions of the symmetric key encrypted with different public encryption keys of the PoPs. The PoPs may be further configured to use their private encryption keys to decrypt the encrypted symmetric key, use the decrypted symmetric key to decrypt the payload, and permit routing of the client communications based upon the decrypted payload of the gateway connection tickets.
    Type: Grant
    Filed: May 26, 2020
    Date of Patent: July 19, 2022
    Assignee: CITRIX SYSTEMS, INC.
    Inventors: Georgy Momchilov, Hubert Divoux, Roberto Valdes
  • Patent number: 11394718
    Abstract: The resolving of a decentralized identifier to a corresponding data structure using multiple resolvers. This allows for the use of a consensus of resolvers to improve trust in the resolution process. In order to resolve, a decentralized identifier is sent to multiple resolvers. In response, each of at least some of those resolvers will return a data structure of a particular type (e.g., a decentralized identifier document) that is associated with the decentralized identifier. Then, it is determined whether the data structure for at least some number of resolvers matches each other. That is, it is determined whether at least some predetermined threshold of resolvers is returning the same data structure (e.g., the same decentralized identifier document). If so, then it is determined that the matching data structure is indeed associated with the decentralized identifier. Otherwise, the resolution process has failed.
    Type: Grant
    Filed: June 10, 2019
    Date of Patent: July 19, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Brandon Murdoch, Ankur Patel, Daniel James Buchner
  • Patent number: 11394764
    Abstract: Systems and methods for anonymously transmitting data in a network are provided, in which a request data structure is received by a network node from a client device. A first substructure containing personal data (PD) and a second substructure not containing PD are identified in the request data structure, by the network node. The first substructure is encrypted, by the network node, and is transmitted along with the second substructure to a server. A response data structure is received, by the network node, from the server. The first encrypted substructure and a third encrypted substructure are identified, by the network node, in the response data structure. The first encrypted substructure is decrypted, by the network node, and is transmitted along with the third encrypted substructure to the client device. The third encrypted substructure can be decrypted and viewed by the client device.
    Type: Grant
    Filed: September 17, 2020
    Date of Patent: July 19, 2022
    Assignee: AO Kaspersky Lab
    Inventors: Anton S. Lapushkin, Dmitry V. Shmoylov, Andrey V. Ladikov, Andrey A. Efremov
  • Patent number: 11394532
    Abstract: According to one aspect, methods and systems are provided for modifying an encryption scheme in a database system. The methods and systems can include at least one internal database key; at least one database configured to be encrypted and decrypted using the at least one internal database key; a memory configured to store a master key; a key management server interface configured to communicate with a key management server; and a database application configured to receive, into the memory, the master key from the key management server via the key management server interface, and encrypt and decrypt the at least one internal database key using the master key.
    Type: Grant
    Filed: May 29, 2020
    Date of Patent: July 19, 2022
    Assignee: MongoDB, Inc.
    Inventors: Eliot Horowitz, Per Andreas Nilsson
  • Patent number: 11388257
    Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both.
    Type: Grant
    Filed: May 3, 2020
    Date of Patent: July 12, 2022
    Assignee: BRIGHT DATA LTD.
    Inventors: Derry Shribman, Ofer Vilenski
  • Patent number: 11388592
    Abstract: The present disclosure relates to methods and apparatus for flexible, security context management during AMF changes. One aspect of the disclosure is a mechanism for achieving backward security during AMF changes. Instead of passing the current NAS key to the target AMF, the source AMF derives a new NAS key, provides the new NAS key to the target AMF, and sends a key change indication to the UE, either directly or through some other network node. The UE can then derive the new NAS key from the old NAS key. In some embodiments, the AMF may provide a key generation parameter to the UE to use in deriving the new NAS key. In other embodiments, the target AMF may change one or more security algorithms.
    Type: Grant
    Filed: December 13, 2019
    Date of Patent: July 12, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Noamen Ben Henda, Christine Jost, Karl Norrman, Monica Wifvesson
  • Patent number: 11388594
    Abstract: A first wireless access device, associated with a wireless service provider, establishes a wireless local area network connection with a second wireless access device and receives a certificate including a unique identifier associated with the second wireless access device. The first wireless access device determines whether the second wireless access device is authorized to connect to the first wireless access device. For example, if the certificate is signed by a certificate authority associated with the wireless service provider and the unique identifier appears in a whitelist stored at the first wireless access device, the first wireless access device and the second wireless access device perform a mutual authentication procedure based on one or more ephemeral keys. The first wireless access device provides the second wireless access device with access to a wide area network based on successful completion of the mutual authentication procedure.
    Type: Grant
    Filed: November 14, 2018
    Date of Patent: July 12, 2022
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Warren Hojilla Uy, Young R. Choi, Samirkumar Patel
  • Patent number: 11381548
    Abstract: A node system implements a method for node relay communication. A description of a flow entry including an address in a flow and a private key is received. The flow entry and the private key are stored in a database indexed to a flow ID. A packet comprising an authentication code and packet data including packet sequence information and a Flow ID is received. A look up in the database of a flow entry corresponding to the Flow ID of the packet is performed. The packet is either ignored or forwarded to the address in the flow, depending on the result of the look-up.
    Type: Grant
    Filed: December 28, 2020
    Date of Patent: July 5, 2022
    Assignee: NETWORK NEXT, INC.
    Inventor: Glenn Alexander Fiedler
  • Patent number: 11369869
    Abstract: A game controller includes a first handle body. The first handle body includes a first operation interface, a first connection portion, a first control circuit, a first battery, and a first communication module. The first operation interface is electrically connected to the first connection portion. The first communication module includes a first wireless communication circuit and a first wired communication circuit. The first control circuit is electrically connected to the first communication module, the first battery, the first operation interface and the first connection portion. The first mobile device is disposed at a side of the first handle body. When the first mobile device is electrically connected to the first connection portion of the first handle body, the first control circuit turns on the first wired communication circuit of the first communication module to communicate with the first mobile device by the first connection portion.
    Type: Grant
    Filed: May 5, 2021
    Date of Patent: June 28, 2022
    Assignee: DEXIN CORPORATION
    Inventor: Ho-Lung Lu
  • Patent number: 11368495
    Abstract: The disclosure relates generally to methods, systems, and apparatuses for managing network connections. A system for managing network connections includes a storage component, a decoding component, a rule manager component, and a notification component. The storage component is configured to store a list of expected connections for a plurality of networked machines, wherein each connection in the list of expected connections defines a start point and an end point for the connection. The decoding component is configured to decode messages from the plurality of networked machines indicating one or more connections for a corresponding machine. The rule manager component is configured to identify an unexpected presence or absence of a connection on at least one of the plurality of network machines based on the list of expected connections. The notification component is configured to provide a notification or indication of the unexpected presence or absence.
    Type: Grant
    Filed: October 25, 2021
    Date of Patent: June 21, 2022
    Assignee: Snowflake Inc.
    Inventors: James Calvin Armstrong, Jonathan Claybaugh
  • Patent number: 11366878
    Abstract: A method and system for delivering encoded content are provided. A holdback representing a portion of the encoded content is extracted, thereby damaging the encoded content. The damaged encoded content is distributed. The holdback is transmitted to enable reintegration of the holdback with the damaged encoded content to restore the encoded content.
    Type: Grant
    Filed: April 17, 2019
    Date of Patent: June 21, 2022
    Inventors: Johnny Stuart Epstein, Earl Howard Epstein
  • Patent number: 11368444
    Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically manage consent, permissioning, and trust between computing systems and unrelated, third-party applications operating within a computing environment. By way of example, the apparatus may receive a request for an element of data that includes an access token and first credential data associated with an application program. When the first credential data corresponds to second credential data associated with the application program, may determine that the requested data element is accessible to the application program and perform operations that validate the access token. Further, and based on the validation of the access token, that apparatus may obtain and encrypt the requested data element, and may transmit the encrypted data element to a device via the communications interface.
    Type: Grant
    Filed: September 5, 2019
    Date of Patent: June 21, 2022
    Assignee: The Toronto-Dominion Bank
    Inventors: Milos Dunjic, Arthur Carroll Chow, David Samuel Tax, Armon Rouhani, Keith Sanjay Ajmani, Gregory Albert Kliewer, Anthony Haituyen Nguyen, Martin Albert Lozon, Kareem El-Onsi, Ashkan Alavi-Harati, Arun Victor Jagga
  • Patent number: 11363073
    Abstract: An ingress network element obtains data from a source endpoint associated with the ingress network element. The data identifies a destination endpoint remote from the ingress network element. The ingress network element provides a map request identifying the destination endpoint to a mapping server. The ingress network element obtains a map reply including a network address of an egress network element associated with the destination endpoint and a security association. The ingress network element encrypts the data for the destination endpoint with the security association according to a cryptographic policy based on the source endpoint, the destination endpoint, and the availability of cryptographic resources on the network. The ingress network element provides the encrypted data to the egress network element.
    Type: Grant
    Filed: September 28, 2020
    Date of Patent: June 14, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Fabio R. Maino, Vina Ermagan, Alberto Rodriguez Natal
  • Patent number: 11363054
    Abstract: A method for analyzing vulnerabilities may include: an analysis target URL receiving step of receiving a plurality of analysis target uniform resource locator (URL) addresses extracted from the analysis target server; an identification key setting step of setting respective identification keys corresponding to the plurality of analysis target URL addresses; a vulnerability analyzing step of performing a simulated attack so as to access the external server by the analysis target server by inserting an analysis hypertext transfer protocol (HTTP) request sentence including a URL address of an external server and the identification key into the analysis target URL address; an access record checking step of requesting an access record of the analysis target server to the external server; and a vulnerability extracting step of extracting a vulnerability of the analysis target server by using the identification key included in the access record.
    Type: Grant
    Filed: March 26, 2020
    Date of Patent: June 14, 2022
    Assignee: NAVER CLOUD CORPORATION
    Inventors: Bong Goo Kang, Min Seob Lee, Won Tae Jang, June Ahn, Jihwan Yoon
  • Patent number: 11354439
    Abstract: Aspects include receiving a request from a user to access data that was acquired by a third-party from a data owner, the data in an encrypted format unreadable by the user. In response to receiving the request from the user to access the data, a third-party key from the third-party is requested and a data owner key from the data owner is requested. The third-party key and the data owner key are applied to the data in the encrypted format to generate the data in an unencrypted format readable by the user. The user is provided with access to the data in the unencrypted format.
    Type: Grant
    Filed: June 3, 2020
    Date of Patent: June 7, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Anthony Thomas Sofia, Michael Joseph Jordan
  • Patent number: 11354724
    Abstract: A method and system for fulfilling in-application product redemption requests is described. A fulfillment system receives a product search application programming interface (API) call from an application. The product search API includes a set of at least one product criterion received from an application. An aggregated catalog is searched based on the set of at least one product criterion. A set of product metadata is returned. The set of product metadata corresponds to at least one product that matches the set of at least one product criterion. A redemption API call that includes product information and a physical address is also received from the application. A fulfillment request is sent to an online retail platform separate from the fulfillment system via a fulfillment API call that includes the product information and the physical address for the online retail platform to deliver a corresponding product to the physical address.
    Type: Grant
    Filed: January 25, 2019
    Date of Patent: June 7, 2022
    Assignee: SquareTwo, Inc.
    Inventors: David Yoo, Benjamin Sai Yee
  • Patent number: 11356255
    Abstract: Disclosed herein are systems and methods for secure authentication of a managed application. In one aspect, an exemplary method comprises receiving, by a cloud platform, a request from a managed application to connect to a middleware service, determining that the managed application is authenticated to use the middleware service based on the secret, obtaining a secret associated with the managed application and the middleware service from a secret store, connecting to the middleware service using the secret to establish a secure connection, and delegating, to the managed application, the secure connection between the managed application and the middleware service.
    Type: Grant
    Filed: December 31, 2019
    Date of Patent: June 7, 2022
    Assignee: Virtuozzo International GmbH
    Inventors: Pavel Emelyanov, Alexey Kobets
  • Patent number: 11356485
    Abstract: A method for execution by an access layer of an object storage system includes In various embodiments, a processing system of an access layer of an object storage system includes at least one processor and a memory that stores operational instructions, that when executed by the at least one processor cause the processing system to receive a request message from a requesting entity via a network, where the request message includes a pre-signed URL. A set of custom policy parameters are extracted from the pre-signed URL. Policy verification data is generated by comparing each attribute of a determined set of attributes of the access request to a corresponding custom policy parameter of the set of custom policy parameters. An access indicated in the request message is executed in response to the policy verification data indicating that each attribute compares favorably to the corresponding custom policy parameter.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: June 7, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Harsha Hegde, Nicholas G. Lange
  • Patent number: 11350276
    Abstract: The secure IoT registry and associated provisioning method simplifies the IoT cloud provider operations with respect to managing mobile IoT eSIM credential provisioning/certificate key management. The secure IoT Registry enables network operators such as a Mobile Network Operator (MNO) to understand and map the IoT device ownership in relationship to cloud providers to facilitate business functions like charge back mechanisms. The secure IoT registry integrates a next generation registry based Certificate Authority (CA) system enabling trusted and simpler mechanisms to validate certificates and their state.
    Type: Grant
    Filed: June 2, 2020
    Date of Patent: May 31, 2022
    Assignee: Canadian Internet Registration Authority
    Inventors: Jacques Latour, Dave Chiswell
  • Patent number: 11347529
    Abstract: According to one or more embodiments of the present invention, a computer implemented method includes initiating, by a non-secure entity that is executing on a host server, a secure entity, the non-secure entity prohibited from directly accessing any data of the secure entity. The method further includes injecting, into the secure entity, an interrupt that is generated by the host server. The injecting includes adding, by the non-secure entity, information about the interrupt into a portion of non-secure storage, which is then associated with the secure entity. The injecting further includes injecting, by a secure interface control of the host server, the interrupt into the secure entity.
    Type: Grant
    Filed: March 8, 2019
    Date of Patent: May 31, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Claudio Imbrenda, Fadi Y. Busaba, Lisa Cranton Heller, Jonathan D. Bradbury
  • Patent number: 11349654
    Abstract: A key generation device generates a decryption key dkx having a tag-added decryption key and a decryption key adkx. The tag-added decryption key includes a decryption key tdkx in which a key attribute x is set and a tag tg? required to decrypt a ciphertext with the decryption key tdkx. In the decryption key adkx, the key attribute x is set. An encryption device generates an original ciphertext octy in which a ciphertext attribute y corresponding to the key attribute x is set and which can be decrypted with the tag-added decryption key. A re-encryption key generation device encrypts the decryption key tdkx by an attribute-based encryption scheme using a ciphertext attribute y?, so as to generate a re-encryption key rkx,y? which is a key for generating a re-encrypted ciphertext rcty? which can be decrypted with a decryption key adkx? in which a key attribute x? corresponding to the ciphertext attribute y? is set.
    Type: Grant
    Filed: June 9, 2017
    Date of Patent: May 31, 2022
    Assignee: Mitsubishi Electric Corporation
    Inventors: Yoshihiro Koseki, Yutaka Kawai
  • Patent number: 11349807
    Abstract: In one embodiment, a method comprises: receiving, by a root network device providing a DAG topology in a low power and lossy network (LLN), one or more multicast registration messages from an LLN device and identifying distinct properties of the LLN device; receiving, by the root network device, one or more multicast address group identifiers of one or more multicast streams to which the LLN device has subscribed, and associating the one or more multicast address group identifiers with the distinct properties; receiving a multicast message specifying one of the multicast address group identifiers; and generating, by the root network device, a directed multicast message having a multi-dimensional addressing data structure comprising a selected one of the distinct properties and the one multicast address group identifier, causing parent network devices in the DAG topology to selectively retransmit based on determining a child network device has the selected one distinct property.
    Type: Grant
    Filed: April 2, 2020
    Date of Patent: May 31, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Pascal Thubert, Yinfang Wang, Huimin She, Feiliang Wang