Including Filtering Based On Content Or Address Patents (Class 713/154)
  • Patent number: 11271787
    Abstract: This application provides a method for generating a pilot signal, including: obtaining, by a terminal device, a correlation identifier and a port number; determining, by the terminal device, a pilot sequence based on the correlation identifier; and generating, by the terminal device, the pilot signal based on the pilot sequence and the port number. The correlation identifier indicates how a pilot sequence is determined and whether the pilot sequence is correlated with a time slot.
    Type: Grant
    Filed: March 6, 2020
    Date of Patent: March 8, 2022
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Lei Wang, Yan Chen, Xiuqiang Xu, Lei Zhang, Xiaoyan Bi
  • Patent number: 11212084
    Abstract: A system for signing transactions. The system includes a first module with a communication interface to a public network; and a controller to handle a transaction with a Blockchain network or a transaction server accessible at the public network. The system also includes a second module with a random number generator; and a secure controller to generate seed words and private keys. The system further includes a bridge module with a controller; and a switch to selectively connect the data interface of the bridge module to either the data interface of the first module or the data interface of the second module such that the data interface of the first module is never connected with the data interface of the second module.
    Type: Grant
    Filed: July 4, 2019
    Date of Patent: December 28, 2021
    Assignee: FUNDACJA “BLOCKCHAIN DEVELOPMENT FOUNDATION”
    Inventor: Kamil Rafal Gancarz
  • Patent number: 11212265
    Abstract: A non-transitory computer readable medium including instructions stored thereon, when executed, the instructions being effective to cause at least one processor of a first network device to: derive a private key encryption key based on a public key, a first private key of the first network device, a second private key of a live peer device, and a Connectivity Association Key (CAK); transmit a secret key encrypted by the private key encryption key to the live peer device; and receive a communication from the live peer device, the communication being encrypted by the secret key.
    Type: Grant
    Filed: January 9, 2020
    Date of Patent: December 28, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Craig Thomas Hill, Chennakesava Reddy Gaddam, Annu Singh, Gaurav Kumar
  • Patent number: 11196553
    Abstract: A command transmission method and apparatus, and an electronic device. The command transmission method includes: acquiring, by a control terminal, an encryption key according to a present time; generating, by the control terminal, an encrypted control command by encrypting the control command using the encryption key; and transmitting the encrypted control command to a computing device.
    Type: Grant
    Filed: March 27, 2020
    Date of Patent: December 7, 2021
    Assignee: Bitmain Technologies Inc.
    Inventors: Zhong Zhuang, Fuyi Liu, Yihao Peng
  • Patent number: 11153078
    Abstract: A large-scale Ethernet mesh network is provided, which includes a group connectivity association (CA) including at least thirty-one authenticated supplicant nodes. An authenticator module authenticates each of the authenticated supplicant nodes, and distributes a shared group encryption key to each of the authenticated supplicant nodes. Each of the authenticated supplicant nodes encrypt data using the shared group encryption key, and exchange the encrypted data with any other remaining authenticated supplicant node.
    Type: Grant
    Filed: January 15, 2019
    Date of Patent: October 19, 2021
    Assignee: RAYTHEON COMPANY
    Inventors: Michelle D. Coyle, Steven C. Gerhold
  • Patent number: 11115390
    Abstract: A storage system or device selects a memory resource component from an array of memory resources components, where each memory resource component is not accessible over the Internet until that memory resource component is activated. The selection of the memory resource component can be based on the incoming call. The storage system or device generates a trigger signal that activates the selected memory resource component, the such that the activated memory resource component is accessible over a data network that includes the Internet for a given duration.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: September 7, 2021
    Inventors: Anthony Hasek, Jarrod Epps
  • Patent number: 11102121
    Abstract: This disclosure describes various methods, systems, and devices related to identifying path changes of data flows in a network. An example method includes receiving, at a node, a packet including a first path signature. The method further includes generating a second path signature by inputting the first path signature and one or more node details into a hash function. The method includes replacing the first path signature with the second path signature in the packet. The packet including the second path signature is forwarded by the node.
    Type: Grant
    Filed: October 23, 2019
    Date of Patent: August 24, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Atri Indiresan, Frank Brockners, Shwetha Subray Bhandari
  • Patent number: 11068527
    Abstract: The system and methods described herein provide content recommendations to user equipment timed to reduce interruption of content. A content recommendation application detects output of first content and determines viewing metrics for the first content. Using the determined viewing metrics, the content recommendation application determines whether output of a content recommendation should be blocked. In response to determining that the viewing metrics indicate output of the content recommendation should be blocked, the content recommendation application blocks the content recommendation. Upon receiving an input changing output of the first content to output of a second content, the content recommendation application unblocks and outputs the content recommendation.
    Type: Grant
    Filed: October 4, 2018
    Date of Patent: July 20, 2021
    Assignee: Rovi Guides, Inc.
    Inventors: Michael James Brehm, Walter John Schmidt, Benjamin Harden
  • Patent number: 11070617
    Abstract: A computer-implemented method is provided for predicting cloud enablement from storage and data metrics harnessed from across stack. The computer-implemented method includes identifying a corpus of data to be classified, and configuring at least one access threshold and at least one sensitivity threshold. The computer-implemented method also includes classifying at least a portion the data within the corpus based on the at least one access threshold and the at least one sensitivity threshold. Finally, the computer-implemented method includes outputting a model, based on the classification, that identifies at least a portion of the data for migration for enabling a hybrid cloud environment.
    Type: Grant
    Filed: October 26, 2015
    Date of Patent: July 20, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Sunhwan Lee, Sushama Karumanchi, Mu Qiao, Ramani R. Routray
  • Patent number: 11063897
    Abstract: A method includes receiving a message, enqueueing the message, dequeueing the message by a fraud detection service, analyzing the message using a trained machine learning model, analyzing an isolated domain name, storing the message, and causing a mitigation action. A computing system includes a transceiver, a processor, a memory storing instructions that when executed by the processor cause the system to receive a message, enqueue the message, dequeue the message, analyze the message using a machine learning model, analyze an isolated domain name, store the message, and cause a mitigation action. A non-transitory computer readable medium contains instructions that when executed, cause a computer to receive a message, enqueue the message, dequeue the message by a fraud detection service, analyze the message using a machine learning model, analyze an isolated domain name, store the message, and cause a mitigation action.
    Type: Grant
    Filed: March 1, 2019
    Date of Patent: July 13, 2021
    Assignee: CDW LLC
    Inventors: Joseph Kessler, Andre Coetzee, Dan Verdeyen, Suresh Bellam
  • Patent number: 11061535
    Abstract: A user interface for an online social-interaction system that allows members of the online social-interaction system to add actions to private action lists. Each member can make a post for one or more other members to see, with the post including an add-to-action-list selector. Each member receiving the post can elect to add an action relating to the post to their private action list by selecting the add-to-action-list selector. A member creating a post and desiring to solicit one or more other members to take an action on their behalf can create the post, including selecting a request action selector so that the post includes an add-to-action-list selector. A member creating a post and desiring that one or more volunteers take an action on their behalf can select a send-to-volunteer selector.
    Type: Grant
    Filed: December 31, 2018
    Date of Patent: July 13, 2021
    Inventors: Ann Marie Wakeen, Catherine E. O'Brien
  • Patent number: 11036560
    Abstract: Isolation types may be determined for resources that execute portions of code. Code may be received via a network-based interface from a client for execution. An execution plan for the code may be generated and evaluated to determine one or more isolation types for computing resources that execute the code. The computing resources that are configured to provide the determined isolation types may then be identified and execution of the code initiated at the identified computing resources.
    Type: Grant
    Filed: December 20, 2016
    Date of Patent: June 15, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: George Steven Mcpherson, Mehul A. Shah, Prajakta Datta Damle, Gopinath Duddi, Anurag Windlass Gupta, Sandhya Edupuganti
  • Patent number: 11019079
    Abstract: A computer-implemented method of detecting an email spoofing and spear phishing attack may comprise generating a contact model of a sender of emails; determining, by a hardware processor, a statistical dispersion of the generated contact model that is indicative of a spread of a distribution of data in the generated model and receiving, over a computer network, an email from the sender.
    Type: Grant
    Filed: March 14, 2019
    Date of Patent: May 25, 2021
    Assignee: VADE SECURE INC.
    Inventor: Sebastien Goutal
  • Patent number: 11005918
    Abstract: A request for a content document is sent by a client device to a content server through a first network connection. A current network characteristic of the first network connection differs from a configured download constraint to download a content portion of the content document. A root document that omits the content portion of the content document and that includes a content stub is downloaded from the content server. The content stub identifies the content portion using a content identifier and specifies the configured download constraint. A network connection change to the content server from the first network connection to a second network connection that satisfies the configured download constraint to download the content portion of the content document is detected, and the content portion is downloaded using the second network connection and the content identifier within the content stub.
    Type: Grant
    Filed: July 24, 2019
    Date of Patent: May 11, 2021
    Assignee: International Business Machines Corporation
    Inventors: Ronald P. Doyle, David L. Kaminsky
  • Patent number: 10992525
    Abstract: Techniques for device quarantine in a wireless network are described. According to various implementations, a device a mobile client device) that requests a connection to a wireless network is placed in a quarantine state in the wireless network. Attributes of the device are determined and connection parameters are specified based on the attributes. In at least some embodiments, the device can be released from the quarantine state subject to the connection parameters.
    Type: Grant
    Filed: October 1, 2019
    Date of Patent: April 27, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Todd Haugen, Amer A. Hassan, Pascal F. Menezes
  • Patent number: 10986127
    Abstract: Disclosed herein are methods, systems, and processes for dynamically deploying deception computing systems based on network environment lifecycle. Lifecycle metadata associated with protected host computing devices in a network is retrieved and a configurable ratio of deception computing systems to the protected host computing devices is accessed. One or more deception computing systems are deployed in or discharged from the network based on the configurable ratio.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: April 20, 2021
    Assignee: Rapid7, Inc.
    Inventor: Thomas Eugene Sellers
  • Patent number: 10924481
    Abstract: Aspects of the disclosure relate to processing systems that implement a virtual air gap to facilitate improved techniques for establishing console access to a cyber range virtual environment. A computing platform may receive, via a first firewall, a cyber range request and authentication credentials from a secure console host platform. By comparing the authentication credentials to access records in a stored database, the computing platform may determine an authorization level corresponding to the authentication credentials. After verifying the authentication credentials, the computing platform may grant access to a broker, which may grant access to a console hosted by the secure console host platform. The computing platform may establish, using the broker and between the console and a cyber range host platform, a connection, which may cause a user device to access, through the console, cyber ranges hosted by the cyber range host platform that correspond to the determined authorization level.
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: February 16, 2021
    Assignee: Bank of America Corporation
    Inventors: Edward Haletky, Jesse Williams, Saumitra Gupta, Tommy W. Jinks, Jr., Kathleen D. Schaumburg
  • Patent number: 10917377
    Abstract: A method of posting ephemeral posts is disclosed. The method starts with receiving, from a user of a social network, a request to post an ephemeral post, the request including an ephemeral variable associated with a threshold event. The ephemeral post is posted on behalf of the user. Then an occurrence of the threshold event is monitored. When the threshold event has not occurred, the post is allowed to be accessible to at least one viewer other than the user. When the threshold event has occurred, the post is blocked from being accessible by the at least one view other than the user.
    Type: Grant
    Filed: August 2, 2019
    Date of Patent: February 9, 2021
    Assignee: FACEBOOK, INC.
    Inventors: Yigal Dan Rubinstein, Aditya Koolwal, Ken Taro Deeter, Sergey Markov, Karl Frankowski
  • Patent number: 10909155
    Abstract: An information processing apparatus includes a first label determination unit that determines a first label from information included in an e-mail, a second label determination unit that determines a second label from a result of a response made to the e-mail by a user, and a third label determination unit that determines a third label as a negative example for machine learning which is imparted to the e-mail, in a case where the first label and the second label do not correspond to each other.
    Type: Grant
    Filed: April 26, 2018
    Date of Patent: February 2, 2021
    Assignee: FUJI XEROX CO., LTD.
    Inventors: Motoki Taniguchi, Tomoko Okuma, Tomoki Taniguchi, Shotaro Misawa
  • Patent number: 10863388
    Abstract: In a device including a processor and a memory in communication with the processor, the memory includes executable instructions that, when executed by the processor, cause the processor to control the device to perform functions of receiving, from a first network assigned to a first tier level, a request for tier level switch from the first tier level to a second tier level; determining that a second network assigned to the second tier level is capable of switching from the second tier level to another tier level; assigning, to the second network, a channel of the first tier level; and assigning, to the first network, a channel of the second tier level.
    Type: Grant
    Filed: July 29, 2019
    Date of Patent: December 8, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Amer A. Hassan, Paul W. Mitchell
  • Patent number: 10839098
    Abstract: A router system includes a router, a memory storing a client program, and a processor configured to execute the client program. The client program is configured to enable a user to transfer a file from a source to a destination, determine whether data within the file includes sensitive information, determine a probability that transmission of the data from the source to the destination would violate a policy, send normal data packets to the router based on the file, and send a stop data packet to the router when the probability exceeds a threshold. The router forwards the normal data packets to the destination until the router receives the stop data packet.
    Type: Grant
    Filed: April 7, 2017
    Date of Patent: November 17, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jorgen Emil Borup, Marco Aurelio Stelmar Netto, Thiago Cesar Rotta, Sergio Varga
  • Patent number: 10812525
    Abstract: Defending a distributed denial of service attack includes intercepting a service packet sent by the client to a server, according to a rule agreed with the client, obtaining the information carried by a first preset field of the service packet, the inherent information carried by an inherent field of the service packet, and the added information carried by at least one second preset field, according to the hash algorithm agreed with the client, performing a hash processing on the inherent information and at least one added information so as to obtain a hash result, and determining the service packet is discarded when the hash result is different from the information carried by the first preset field.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: October 20, 2020
    Assignees: NSFOCUS INFORMATION TECHNOLOGY CO., LTD., NSFOCUS TECHNOLOGIES, INC.
    Inventors: Tao Chen, Kun He
  • Patent number: 10757062
    Abstract: Reducing a negative social interaction includes receiving a response to a post from a user, the response includes content to be posted on an activity stream of a social network, analyzing the content of the response to determine a negative response risk to the post, analyzing a profile of the user to determine a tendency of the user to respond negatively in responses, and executing, based on the negative response risk and the tendency, an action for the response to reduce negative responses directed towards the post.
    Type: Grant
    Filed: December 6, 2018
    Date of Patent: August 25, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Liam Harpur, Philip Mullins, Eric Woods
  • Patent number: 10749841
    Abstract: A system for indirect border gateway routing comprising a provider edge router; at least one virtual routing and forwarding instance in communication with the provider edge router, each virtual routing and forwarding instance including a route target; a pointer identification list in communication with the provider edge router, the pointer identification list containing at least one route target associated with a virtual routing and forwarding instance; and a virtual routing and forwarding import instance adapted to receive a route from the provider edge router, the route including a pointer identification directing the virtual routing and forwarding import instance to scan the pointer identification list for the route target associated with the plural virtual routing and forwarding instance, and wherein the virtual routing and forwarding import instance is further adapted to import the route to the at least one virtual routing and forwarding instance having a route target on the pointer identification list.
    Type: Grant
    Filed: April 10, 2017
    Date of Patent: August 18, 2020
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Ron R. Kulper, Vatsal Parikh, Don Moloney, Jonathan Pang, Diana Toll, John Mulligan, Mateusz Szela
  • Patent number: 10728277
    Abstract: A computer system identifies malicious Uniform Resource Locator (URL) data items from a plurality of unscreened data items that have not been previously identified as associated with malicious URLs. The system can execute a number of pre-filters to identify a subset of URLs in the plurality of data items that are likely to be malicious. A scoring processor can score the subset of URLs based on a plurality of input vectors using a suitable machine learning model. Optionally, the system can execute one or more post-filters on the score data to identify data items of interest. Such data items can be fed back into the system to improve machine learning or can be used to provide a notification that a particular resource within a local network is infected with malicious software.
    Type: Grant
    Filed: October 1, 2018
    Date of Patent: July 28, 2020
    Assignee: Palantir Technologies Inc.
    Inventors: Drew Dennison, Geoff Stowe, Adam Anderson
  • Patent number: 10721218
    Abstract: The present disclosure pertains to systems and methods for selectively encrypting data flows within a software defined network (SDN). In one embodiment, a communication device may be configured to receive a plurality of unencrypted data packets. The communication device may receive from an SDN controller a criterion used to identify at least one of the unencrypted data flows to be encrypted. Based on the criterion, an encryption subsystem may generate an encrypted data flow the unencrypted data packets based on an encryption key. In some embodiments, the encryption system may parse the packets and encrypt the data payloads without encrypting the routing information associated with the packet. In other embodiments, the encryption subsystem may be configured to encapsulate and encrypt the entire unencrypted data packet. In some embodiments, the encryption subsystem may further be configured to authenticate a sending device and/or to verify the integrity of a message.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: July 21, 2020
    Assignee: Schweitzer Engineering Laboratories, Inc.
    Inventors: Rhett Smith, Barry Jakob Grussling
  • Patent number: 10708294
    Abstract: A system and method are provided to select mitigation parameters. The method includes receiving selection of at least one mitigation parameter, accessing a selected portion of stored network traffic or associated summaries that corresponds to a selectable time window, applying a mitigation to the selected portion of the stored network traffic or associated summaries using the selected at least one mitigation parameter, and outputting results of the applied mitigation.
    Type: Grant
    Filed: January 19, 2017
    Date of Patent: July 7, 2020
    Assignee: Arbor Networks, Inc.
    Inventors: William M. Northway, Jr., Andrew D. Mortensen, James E. Winquist, Ronald G. Hay, Nicholas Scott
  • Patent number: 10708225
    Abstract: Described herein are techniques for resolving overlapping IP addresses for subnets assigned to uplink interfaces of a network switching device. As an example, a network switching device may determine that an IP address range of a first assigned subnet to a first uplink interface overlaps an IP address range of a second assigned subnet to a second uplink interface. The network switching device may generate a first map between the first assigned subnet and a first intermediate subnet, and generate a second map between the second assigned subnet and a second intermediate subnet, wherein an IP address range of the first intermediate subnet and an IP address range of the second intermediate subnet are non-overlapping.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: July 7, 2020
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Bhanu Gopalasetty, Vamsi Kodavanty
  • Patent number: 10652272
    Abstract: A secure connection is facilitated between a device and a network. A security buffer device is used to determine an available network and connect to the network. The security buffer device can then allow the device to connect to the network via the security buffer device. The security buffer device can monitor any security breaches from the network and perform an action based on the indication of a security breach.
    Type: Grant
    Filed: May 23, 2017
    Date of Patent: May 12, 2020
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Mikhail Istomin, Wei Wang
  • Patent number: 10652047
    Abstract: In one embodiment, a method is performed at a first node. The method may include receiving, at a first node, a request from a source host associated with a network to communicate with a destination host. The first node may determine whether the destination host is associated with the network. If the destination host is not associated with the network, the first node may determine an instance identifier (IID) and a proxy egress tunnel router (PETR) locator address used to communicate with the destination host. The first node may send an indicator to an ingress tunnel router (ITR) to encapsulate a packet with the IID and the PETR locator address before sending the packet from the source host to the destination host.
    Type: Grant
    Filed: June 16, 2018
    Date of Patent: May 12, 2020
    Assignee: Cisco Technology, Inc.
    Inventors: Prakash Chand Jain, Sanjay Kumar Hooda, Victor M. Moreno, Satish Kumar Kondalam
  • Patent number: 10650156
    Abstract: Systems, methods, and computer program products to perform an operation comprising receiving, from an application executing on a system, a request to access a data file, receiving data describing the request, wherein the data describing the request includes data from a runtime stack of the application, wherein the data from the runtime stack includes a program statement number, identifying, in a protected memory block, a first rule for accessing the data file, wherein the first rule specifies a program statement number permitted to access the data file, and upon determining that the program statement number from the runtime stack does not match the program statement number specified in the first rule, restricting access to the data file by the application.
    Type: Grant
    Filed: April 26, 2017
    Date of Patent: May 12, 2020
    Assignee: International Business Machines Corporation
    Inventors: Mark J. Anderson, Scott Forstie, Jeffrey M. Uehling
  • Patent number: 10630695
    Abstract: Requests of a computing system may be monitored. A request associated with the application of a policy may be identified and a policy verification routine may be invoked. The policy verification routine may detect whether the policy of the request is more permissive than a reference policy and perform a mitigation routine in response to determining that the policy of the request is more permissive than the reference policy. Propositional logics may be utilized in the evaluation of policies.
    Type: Grant
    Filed: June 29, 2017
    Date of Patent: April 21, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: John Cook, Neha Rungta, Catherine Dodge, Jeff Puchalski, Carsten Varming
  • Patent number: 10616269
    Abstract: A variety of techniques are disclosed for detection of advanced persistent threats and similar malware. In one aspect, the detection of certain network traffic at a gateway is used to trigger a query of an originating endpoint, which can use internal logs to identify a local process that is sourcing the network traffic. In another aspect, an endpoint is configured to periodically generate and transmit a secure heartbeat, so that an interruption of the heartbeat can be used to signal the possible presence of malware. In another aspect, other information such as local and global reputation information is used to provide context for more accurate malware detection.
    Type: Grant
    Filed: September 20, 2018
    Date of Patent: April 7, 2020
    Assignee: Sophos Limited
    Inventor: Andrew J. Thomas
  • Patent number: 10601872
    Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists with enhancing enforcement on compliance based on security violations includes obtaining security violation data associated with a plurality of enrolled mobile devices and identifying one or more of the plurality of enrolled mobile devices causing one or more security violations based on the obtained security violation data. One or more compliance policies are updated based on the obtained security violation data. A compliance check is performed on the identified one or more enrolled mobile devices causing the one or more security violations based on the updated one or more policies and initiating one or more compliance correction actions on the identified one or more enrolled mobile devices causing the one or more security violations.
    Type: Grant
    Filed: January 20, 2017
    Date of Patent: March 24, 2020
    Assignee: F5 Networks, Inc.
    Inventors: Ravi Natarajan, Saxon Amdahl
  • Patent number: 10594658
    Abstract: In an embodiment, a computer-implemented method prevents use of a network protocol over an encrypted channel. In the method, a packet is received on an encrypted channel addressed to a network address. It is determined whether a network host at the network address is able to service a request formatted according to the network protocol over the encrypted channel. When the network host is determined to be able to resolve to a domain name over the encrypted channel, the network packet is blocked.
    Type: Grant
    Filed: August 27, 2019
    Date of Patent: March 17, 2020
    Assignee: FARSIGHT SECURITY, INC.
    Inventor: Paul Vixie
  • Patent number: 10594736
    Abstract: Method, product and device for selective traffic blockage. In one embodiment, in response to a detection that a computing device cannot connect to a predetermined server, the blockage policy is applied to an outgoing packet, whereby selectively blocking outgoing packets when the computing device has limited connectivity to the predetermined server. In another embodiment, in response to an attempt to transmit a packet, invoking a local Virtual Private Network (VPN) service that is configured to apply a blockage policy, wherein the local VPN service provides an Application Programming Interface (API) of a VPN service. As a result, selective blockage is implemented using the local VPN service.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: March 17, 2020
    Assignee: CA, Inc.
    Inventors: Yair Amit, Shahar Areli, Daniel Kandel, Elisha Eshed, Roy Iarchy, Adi Sharabani
  • Patent number: 10574749
    Abstract: In a digital resource duplication method, the cloud server executes: a receiving step, for receiving a duplication request for a digital resource submitted by a resource requester, the duplication request comprising the identification information of the resource requester, the unique resource copy identifier, and the unique terminal identifier; a determination step, for determining, on the basis of the identification information, whether the resource requester is allowed to duplicate via the terminal a copy of the digital resource corresponding to the unique resource copy identifier; a transmitting step, for transmitting the copy to the terminal after embedding the unique terminal identifier and the identification information in the copy, when a determination result of the determination step is positive.
    Type: Grant
    Filed: July 3, 2012
    Date of Patent: February 25, 2020
    Assignee: Xiamen Geeboo Information Technology Co. Ltd.
    Inventor: Jinxu Huang
  • Patent number: 10572549
    Abstract: Databases that reside on a private network behind a firewall may be difficult to access from a cloud platform on the Internet. Techniques disclosed herein allow an Internet system to communicate with multiple different databases behind multiple different firewalls, however. A client-side private computer system, from behind a firewall, transmits a series of database request status inquires to a server system (not behind the firewall). These status inquiries may be sent as HTTP long poll messages. When the server wishes to query a database on the private network, it responds to one of the database request status inquiries. Because the client-side computer initiated communication, the server response is allowed to pass through the firewall when it might otherwise be blocked. Employing such techniques in parallel allows a server to interact with multiple firewalled databases without the difficulties and inconvenience of attempting a VPN connection.
    Type: Grant
    Filed: May 12, 2016
    Date of Patent: February 25, 2020
    Assignee: salesforce.com, inc.
    Inventor: Chaithanya Kanumolu
  • Patent number: 10528744
    Abstract: Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.
    Type: Grant
    Filed: April 30, 2018
    Date of Patent: January 7, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Roee Hay, Daniel Kalman, Roi Saltzman, Omer Tripp
  • Patent number: 10511628
    Abstract: Disclosed herein are techniques for detecting phishing websites. In one embodiment, a method is disclosed comprising receiving, at a server, a request for a webpage from a client device; generating, by the server, and inserting an encoded tracking value (ETV) into the webpage; inserting, by the server, dynamic tracking code (DTC) into the webpage, the inserting of the DTC further comprising obfuscating the DTC; and returning, by the server, the webpage including the ETV and DTC to the client device, the DTC configured to execute upon receipt at the client device and validate the ETV upon executing.
    Type: Grant
    Filed: March 7, 2019
    Date of Patent: December 17, 2019
    Assignee: LOOKOUT, INC.
    Inventors: Jeremy Boyd Richards, Brian James Buck
  • Patent number: 10484515
    Abstract: Some embodiments provide a method for providing metadata proxy services to different data compute nodes that are associated with different logical networks (e.g., for different tenants of a datacenter). When a data compute node (DCN) is instantiated (i.e., starts executing) in a host machine, the DCN requests for metadata associated with the DCN from a metadata server. The requested metadata includes identification and configuration data (e.g., name and description, amount of virtual memory, number of allocated virtual CPUs, etc.) for the DCN. Each DCN generates and sends out a metadata request packet after an IP address is assigned to the DCN (e.g., by a DHCP server). In some embodiments, a metadata proxy server (1) receives the metadata request packets that are sent by different DCNs associated with different logical networks, (2) adds logical network identification data to the packets, and (3) forwards the packets to a metadata server.
    Type: Grant
    Filed: January 30, 2017
    Date of Patent: November 19, 2019
    Assignee: NICIRA, INC.
    Inventors: Uday Masurekar, Jayant Jain, Ronghua Zhang, Mani Kancherla, Minjal Agarwal
  • Patent number: 10469529
    Abstract: Certain embodiments described herein are generally directed to checking packets at a hardware tunnel endpoint. In some embodiments, an encapsulated packet is received at a hardware tunnel endpoint. It is determined if an inner source media access control (MAC) address is associated with an outer source internet protocol (IP) address of the encapsulated packet based on a mapping of MAC addresses of virtual computing instances to IP addresses of tunnel endpoints stored at the hardware tunnel endpoint. If it is determined the inner source MAC address is not associated with the outer source IP address, the packet is dropped.
    Type: Grant
    Filed: July 13, 2017
    Date of Patent: November 5, 2019
    Assignee: Nicira, Inc.
    Inventors: Hongya Qu, Timothy Petty
  • Patent number: 10454948
    Abstract: Embodiments disclosed herein provide a system, method, and computer readable storage medium storing computer instructions for implementing a Socialware architecture encompassing a suite of applications for continuously and adaptively monitoring and filtering traffic to and from social networking sites, particularly useful in an enterprise computing environment. In some embodiments, an appliance may be coupled to a proxy server for providing a plurality of Socialware services, including analyzing, logging, and reporting on traffic to and from social networking sites. Some embodiments may allow a user to report, identify, and prevent malicious and potentially malicious content and/or activity by another user. Some embodiments may encrypt outgoing traffic to and decrypt incoming traffic from social networking sites. Some embodiments may provide an enterprise user to define and restrict certain social networking activities outside of the enterprise computing environment.
    Type: Grant
    Filed: November 21, 2016
    Date of Patent: October 22, 2019
    Assignee: Proofpoint, Inc.
    Inventors: Cameron Blair Cooper, Christopher Lee Richter
  • Patent number: 10440762
    Abstract: System and method for automatically establishing a Virtual Private Network (VPN) link between a mobile device and a VPN server over an unsecure wireless network, comprising, at the mobile device, detecting an attempt to establish a wireless connection to the internet via an unsecure wireless network, probing the unsecure wireless network to determine accessibility over the unsecure wireless network to a VPN server, automatically initializing, based on the determination, a VPN client, the VPN client executed to establishes a VPN link between the mobile device and the VPN server over the unsecure wireless network, directing network traffic of the mobile device through the VPN link and automatically terminating the VPN client when the mobile device disconnects from the unsecure wireless network.
    Type: Grant
    Filed: January 26, 2017
    Date of Patent: October 8, 2019
    Assignee: Safer Social Ltd.
    Inventors: Amit Bareket, Sagi Gidali
  • Patent number: 10419454
    Abstract: A malicious encrypted traffic inhibitor connected to a computer network is disclosed. A method for inhibiting malicious encrypted network traffic communicated via a computer network also is disclosed. The malicious encrypted traffic inhibitor and method utilize an estimated measure of entropy for a portion of network traffic communicated over a network connection via the computer network. The estimated measure of entropy is calculated as a measure of a degree of indeterminacy of information communicated via the network connection, such as an estimated measure of Shannon entropy, and then compared with a reference measure of entropy for malicious encrypted network traffic. If the estimated measure of entropy for traffic communicated via the computer network is sufficiently similar to the reference measure of entropy, a positive identification of malicious traffic on the computer network can be output.
    Type: Grant
    Filed: February 17, 2015
    Date of Patent: September 17, 2019
    Assignee: British Telecommunications Public Limited Company
    Inventors: Fadi El-Moussa, George Kallos, Ben Azvine
  • Patent number: 10397256
    Abstract: In an example embodiment, a computer-implemented method comprises obtaining labels from messages associated with an email service provider, wherein the labels indicate for each message IP how many spam and non-spam messages have been received; obtaining network data features from a cloud service provider; providing the labels and network data features to a machine learning application; generating a prediction model representing an algorithm for determining whether a particular set of network data features are spam or not; applying the prediction model to network data features for an unlabeled message; and generating an output of the prediction model indicating a likelihood that the unlabeled message is spam.
    Type: Grant
    Filed: November 30, 2016
    Date of Patent: August 27, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ori Kashi, Philip Newman, Daniel Alon, Elad Yom-Tov, Hani Neuvirth, Royi Ronen
  • Patent number: 10383006
    Abstract: Tier switching of spectrum access priority tier levels for networks in a multi-tier level spectrum access system is disclosed. The tier switching may be based on conditions in the networks to allow more efficient network/system operation. In an implementation, the switching of tier levels may be a swap of tier levels between a network/device and another network/device. In this case, the tier level of a network/device is switched or swapped with the tier level of another network/device and each network device operates at the tier level of the other network/device. In another implementation, the switching of tier levels may be a switching of tier levels used by a single network or a single device without any swap occurring with another network or device. In this case, the tier level of a network or device may be switched to another tier level for operation in the SAS.
    Type: Grant
    Filed: August 31, 2017
    Date of Patent: August 13, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Amer A. Hassan, Paul W. Mitchell
  • Patent number: 10382967
    Abstract: A terminal device obtains location information relating to its location, wherein the location information comprises first location information and second location information, wherein the first location information relates to a location of the terminal device within a region, and wherein the second location information identifies the region in which the terminal device is located. The terminal device forms content for a proximity service discovery message, wherein the content for the discovery message includes the first location information; calculates a message integrity code based on the content for the discovery message and the second location information; and transmits the proximity service discovery message, comprising the content for the discovery message and the computed message integrity code.
    Type: Grant
    Filed: November 24, 2016
    Date of Patent: August 13, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Noamen Ben Henda, Vesa Lehtovirta, Prajwol Kumar Nakarmi, Vesa Torvinen, Monica Wifvesson
  • Patent number: 10291650
    Abstract: A cyber security system comprising circuitry of a decoy deployer planting one or more decoy lateral attack vectors in each of a first and a second group of resources within a common enterprise network of resources, the first and second groups of resources having different characteristics in terms of subnets, naming conventions, DNS aliases, listening ports, users and their privileges, and installed applications, wherein a lateral attack vector is an object of a first resource within the network that has a potential to be used by an attacker who discovered the first resource to further discover information regarding a second resource within the network, the second resource being previously undiscovered by the attacker, and wherein the decoy lateral attack vectors in the first group conform to the characteristics of the first group, and the decoy lateral attack vectors in the second group conform to the characteristics of the second group.
    Type: Grant
    Filed: July 5, 2017
    Date of Patent: May 14, 2019
    Assignee: ILLUSIVE NETWORKS LTD.
    Inventors: Shlomo Touboul, Hanan Levin, Stephane Roubach, Assaf Mischari, Itai Ben David, Itay Avraham, Adi Ozer, Chen Kazaz, Ofer Israeli, Olga Vingurt, Liad Gareh, Israel Grimberg, Cobby Cohen, Sharon Sultan, Matan Kubovsky
  • Patent number: 10244388
    Abstract: A location privacy protection method includes generating an identifier update notification message to be sent to at least one access point, where the identifier update notification message includes a first identifier of a wireless terminal, to indicate that the identifier update notification message is to be sent by the wireless terminal. The identifier update notification message further includes second identifier information of the wireless terminal. The method further includes sending the identifier update notification message, so that the access point acquires a second identifier according to the second identifier information, and uses the second identifier as an identifier of the wireless terminal; and sending a subsequent message including the second identifier to the access point, to indicate that the subsequent message is sent by the wireless terminal.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: March 26, 2019
    Assignee: HUAWEI DEVICE (DONGGUAN) CO., LTD.
    Inventor: Zhiming Ding