Packet Header Designating Cryptographically Protected Data Patents (Class 713/160)
  • Patent number: 11502816
    Abstract: The present application describes a method, system, and non-transitory computer-readable medium for generating new keys during a secure communication session. A key derivation function is operatively connected to both a counter and a memory. The key derivation function generates new key material from a first input and a second input in response to a signal provided by the counter. The key derivation function generates the new key material and outputs it to the memory.
    Type: Grant
    Filed: October 28, 2020
    Date of Patent: November 15, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Joël Alwen, Thomas Michael Leavy
  • Patent number: 11495145
    Abstract: A method and a system of selective encryption of a test dataset is disclosed. In an embodiment, the method may include determining a relevancy grade associated with each of a plurality of datapoints within a test dataset by comparing the test dataset with a common heat map, wherein the common heat map is generated using a plurality of training datasets. The method may further include calculating, based on the relevancy grade, an encryption level associated with each of the plurality of datapoints. The method may further include selectively encrypting at least one datapoint from the plurality of datapoints based on the encryption level associated with each of the plurality of datapoints. The at least one data point is rendered to a user after being decrypted.
    Type: Grant
    Filed: December 4, 2019
    Date of Patent: November 8, 2022
    Assignee: Wipro Limited
    Inventors: Manjunath Ramachandra Iyer, Sibsambhu Kar, Vinutha Bangalore Narayanamurthy
  • Patent number: 11489916
    Abstract: Systems and methods are provided for submitting data in a computer network. An exemplary method includes: receiving a first request to process a first data at one or more data servers; determining whether the first data includes a plurality of first set of properties; generating a second data having a plurality of second set of properties; providing a plurality of rule sets for submitting the second data; analyzing the second data to determine which of the rule sets is applicable; selecting one or more applicable rules from the rule sets; generating a plurality of third data by applying the one or more applicable rules to the second data; identifying the one or more external sources to distribute the third data; and sending the third data to the one or more external sources.
    Type: Grant
    Filed: December 10, 2021
    Date of Patent: November 1, 2022
    Assignee: VEEVA SYSTEMS INC.
    Inventors: Marius K. Mortensen, Asaf Roll, Zhen Tan
  • Patent number: 11463417
    Abstract: There is provided an encryption processing method performed by an encryption processing apparatus. The encryption processing method comprises compressing data to obtain compressed data, determining, within the compressed data, a section to be encrypted and encrypting the section to obtain partially encrypted data.
    Type: Grant
    Filed: May 17, 2018
    Date of Patent: October 4, 2022
    Assignee: SAMSUNG SDS CO., LTD.
    Inventor: In Seon Yoo
  • Patent number: 11456997
    Abstract: A wireless input device includes an information receiving terminal and an information outputting terminal. The information receiving terminal generates a first-portion key. The information outputting terminal receives the first-portion key and generating a second-portion key. An original information is converted into an encrypted information by the information outputting terminal according to the first-portion key, the second-portion key and an encryption algorithm. The encrypted information and the second-portion key are transmitted from the information outputting terminal to the information receiving terminal. The encrypted information is restored to the original information by the information receiving terminal according to the first-portion key, the second-portion key and an encryption algorithm.
    Type: Grant
    Filed: July 27, 2020
    Date of Patent: September 27, 2022
    Assignee: PRIMAX ELECTRONICS LTD.
    Inventors: Huan-Hsun Cheng, Chih-Feng Chien
  • Patent number: 11443048
    Abstract: A system and method for generating content for an encrypted package is provided. A package may be received that includes one or more anti-tamper hash portions and encrypted data, where the encrypted data includes one or more procedural content generation instructions. A portion of the encrypted data including the one or more procedural content generation instructions may be decrypted and a data based on the execution of the one or more procedural content generation instructions and a corpus of data may be generated. The generated data may be encrypted and anti-tamper hashes may be generated based on the encrypted generated data. The generated anti-tamper hashes may be compared to the one or more anti-tamper hashes in the anti-tamper hash portion of the received package.
    Type: Grant
    Filed: May 6, 2019
    Date of Patent: September 13, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Simon Lee Cooke, Xin Huang
  • Patent number: 11429583
    Abstract: A system, that when operated, creates a database arrangement in a structured manner, wherein the database arrangement stores documents from at least one source, the system including a server arrangement and the database arrangement wherein the server arrangement: retrieves the documents from the at least one source; pre-processes the documents from the at least one source, wherein a given document is pre-processed based on source of the given document; associates a document identifier with each of the documents; extract keywords from the documents; store the documents in the database arrangement corresponding to the document identifiers associated therewith; and create an index for the database arrangement, wherein the index includes document identifier listed corresponding to the extracted keywords.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: August 30, 2022
    Assignee: Innoplexus AG
    Inventor: Abhijit Keskar
  • Patent number: 11431476
    Abstract: A system for transmitting data is disclosed that includes a file distribution system operating on a processor that is configured to identify one or more files for distribution to a device, forward error correction data for the one or more files, and a cryptographic key associated with the device. A Merkle tree system operating on the processor is configured to receive the forward error correction data and to generate an encrypted root hash. A data transmission system operating on the processor is configured to transmit the one or more files and the encrypted root hash to a predetermined device.
    Type: Grant
    Filed: April 30, 2020
    Date of Patent: August 30, 2022
    Assignee: DELL PRODUCTS L.P.
    Inventors: Michael Emery Brown, Nagendra Varma Totakura, Marshal F. Savage
  • Patent number: 11425147
    Abstract: A method of executing in-session encryption verification includes receiving a plurality of client data packets for transmission through a network; receiving one or more test data packets for verifying an encryption device; merging the client data packets and the one or more test packets into a data stream; selecting security parameters for each packet in the data stream based on a corresponding packet type; encrypting each packet in the data stream using the encryption device and the corresponding security parameters; and transmitting the data stream comprising encrypted packets through the network. The method also includes decrypting the encrypted packets at a receiving system using congruent techniques.
    Type: Grant
    Filed: February 20, 2020
    Date of Patent: August 23, 2022
    Assignees: Oracle International Corporation, Infinera Corporation
    Inventors: Kannan Raj, Jagwinder Singh Brar, Abhinava Sadasivarao, Radhakrishna Valiveti, Sharfuddin Syed, Loukas Paraschis
  • Patent number: 11416624
    Abstract: Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.
    Type: Grant
    Filed: December 20, 2019
    Date of Patent: August 16, 2022
    Assignee: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Ramya Jayaram Masti, Gilbert Neiger, Jason W. Brandt
  • Patent number: 11392368
    Abstract: The present invention makes it possible to reduce the volume of communication data necessary for updating the configuration of a circuit unit of a reconfigurable circuit device. In an vehicle control system 10 including an FPGA 3, the FPGA 3 includes a circuit unit including a reconfigurable circuit and a circuit SRAM that stores configuration information of the circuit unit. A transfer check unit that acquires a difference command regarding a change part of a circuit element in the circuit unit, and a data conversion unit 4 that updates the configuration information based on the difference command are provided. Further, in the vehicle control system 10, a non-volatile memory 6 that stores the configuration information to be stored in the circuit SRAM is further provided. The data conversion unit 4 may update the configuration information stored in the non-volatile memory 6 based on the difference command acquired by the transfer check unit.
    Type: Grant
    Filed: June 25, 2018
    Date of Patent: July 19, 2022
    Assignee: HITACHI ASTEMO, LTD.
    Inventors: Tetsuya Yamada, Tomohito Ebina, Kazuyoshi Serizawa, Hiromichi Ito, Hidetoshi Teraoka, Kohei Sakurai
  • Patent number: 11395329
    Abstract: Methods, systems, and devices for wireless communications are described. A user equipment (UE) may identify a communication configuration for a bearer including a first link and a second link. The UE may identify packets for transmission, and each of the packets may be associated with a sequence number. The UE may receive a first grant of first uplink resources and a second grant of second uplink resources, and the UE may determine an association of the packets to the first uplink resources or the second uplink resources based on the sequence numbers of the packets and respective completion times of decoding processes associated with the first uplink resources and the second uplink resources. The UE may transmit the packets over the first uplink resources or the second uplink resources in accordance with the determined association of the packets to the first uplink resources or the second uplink resources.
    Type: Grant
    Filed: June 19, 2020
    Date of Patent: July 19, 2022
    Assignee: QUALCOMM Incorporated
    Inventors: Aditya Namjoshi, Chaehun Park, Harish Bhandiwad, Rajendra Chiguluri, Snehal Sanjeev Sonvane, Timothy Kong, Amogh Kashyap, Srivastav Reddy Atla, Bhanik Shah, Sitaramanjaneyulu Kanamarlapudi, Arnaud Meylan, Xinchen Zhang
  • Patent number: 11388597
    Abstract: Disclosed are systems and methods for authenticating a wireless module. A method comprises the steps of: (i) generating (1332), by the wireless module (112A), a first encryption value, and retrieving a unique identifier of the wireless module from memory; (ii) verifying (1334), by the wireless module, the generated first encryption value and retrieved unique identifier; (iii) sending (1336), by the wireless module, the retrieved unique identifier and a second encryption value to the gateway (110A); (iv) verifying (1338), by the gateway, the received unique identifier and second encryption value, wherein verifying the second encryption value authenticates the wireless module; (v) sending (1340), by the gateway, a third encryption value to the wireless module; and (vi) verifying (1342), by the wireless module, the received third encryption value, wherein verifying the third encryption value authenticates the gateway.
    Type: Grant
    Filed: April 12, 2017
    Date of Patent: July 12, 2022
    Assignee: SIGNIFY HOLDING B.V.
    Inventors: Zhizhong Zhang, Howard Que, Shuming Huang, Linchun Du, Junjun Zhang, Mark Henricus Verberkt
  • Patent number: 11388146
    Abstract: A proxy system is installed on a computing device that is in the network path between the device and the Internet. The proxy system, residing on the computing device, decrypts and inspects all traffic going in and out of the computing device.
    Type: Grant
    Filed: January 10, 2020
    Date of Patent: July 12, 2022
    Assignee: Bitglass, LLC
    Inventors: Anurag Kahol, Anoop Kumar Bhattacharjya, Balas Natarajan Kausik, Siva Saran Kumar Kollipara
  • Patent number: 11349699
    Abstract: Techniques are disclosed for improving user experience of multimedia streaming over computer networks. For example, a method for presenting multimedia content may generally include receiving a request to stream a media title. In response to the request, unencrypted content for the media title is streamed to a client. While streaming the unencrypted content, a digital rights management (DRM) license to access encrypted content for the media title is requested. After receiving the DRM license, the client switches from streaming the unencrypted content for the media title to streaming encrypted content for the media title. The switching from streaming the unencrypted content to streaming the encrypted content does not interrupt playback of the media title.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: May 31, 2022
    Assignee: NETFLIX, INC.
    Inventors: Mark Watson, Anthony Neal Park, Wei Wei
  • Patent number: 11349945
    Abstract: Sender Policy Framework (SPF) is one of the most widely used methods of distinguishing electronic mail that is authorized by the purported sending domain from unauthorized mail. SPF policies are published into a domain's DNS and then looked up and evaluated by mail receivers. Due to the complexity and limitations of the SPF specification, implementation mistakes are widespread. This problem is compounded by the common practice of nesting SPF policies which introduces hidden risks, particularly exceeding DNS lookup limits. To address these issues, inline service provider designation may be configured to capture the benefits of existing techniques without their associated costs. Additionally, the domain owner may enjoy simplified SPF service provider onboarding and policy failover redundancy to protect against SPF service provider disruptions, thus improving policy availability uptime.
    Type: Grant
    Filed: October 18, 2021
    Date of Patent: May 31, 2022
    Assignee: Fraudmarc Inc.
    Inventors: Keith Wayne Coleman, Richard Duncan
  • Patent number: 11343285
    Abstract: Techniques for providing multi-access edge computing (MEC) services security in mobile networks (e.g., service provider networks for mobile subscribers, such as for 5G networks) by parsing Application Programming Interfaces (APIs) are disclosed. In some embodiments, a system/process/computer program product for MEC services security in mobile networks by parsing APIs in accordance with some embodiments includes monitoring network traffic on a mobile network at a security platform to identify an API message associated with a new session, wherein the mobile network includes a 5G network or a converged 5G network that includes a multi-access edge computing (MEC) service; extracting mobile network identifier information from the API message at the security platform; and determining a security policy to apply at the security platform to the new session based on the mobile network identifier information.
    Type: Grant
    Filed: January 31, 2020
    Date of Patent: May 24, 2022
    Assignee: Palo Alto Networks, Inc.
    Inventors: Sachin Verma, Leonid Burakovsky
  • Patent number: 11336456
    Abstract: A first apparatus comprises an error correction coding part that receives a message M to be transmitted to a second apparatus, performs coding using a predetermined error correction code, and outputs a codeword C; a message authentication tag generation part that receives the message M and outputs a predetermined message authentication tag T; and a transmission part that transmits the codeword C and the tag T as transmission information S to the second apparatus. The second apparatus receives a message M* to be verified and a tag T?, which are obtained from the transmission information S, and determines that the message M* to be verified has not been tampered with when a tag T* obtained from the message M* to be verified and the tag T? satisfy a predetermined identity criterion.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: May 17, 2022
    Assignee: NEC CORPORATION
    Inventor: Kazuhiko Minematsu
  • Patent number: 11303453
    Abstract: A method for communication between at least two communicating entities, a first communicating entity generating at least one data message comprising a payload and an authentication heading, the method including generating a context parameter including at least one datum representing the material con-figuration of the first entity; generating a security profile in the authentication heading, which defines the conditions of encoding the payload of the message and of generating a signature by an algorithm applied at least to the payload of the message; including the signature in the generated message; inserting a stored identifier of the first communication entity into the authentication heading; and inserting the safety profile into the payload or into the authentication heading.
    Type: Grant
    Filed: May 17, 2018
    Date of Patent: April 12, 2022
    Assignee: AIRBUS CYBERSECURITY SAS
    Inventor: Paul-Emmanuel Brun
  • Patent number: 11283958
    Abstract: An image forming apparatus includes an operation device coupled to the image forming apparatus and configured to accept an operation to the image forming apparatus. The image forming apparatus includes a memory including a first memory area configured to store a set value to be used by the image forming apparatus or the operation device. The image forming apparatus further includes circuitry configured to: accept an operation of writing or reading the set value; determine a type of a process to be performed on the set value; and perform the process in accordance with a determination result by the circuitry, to encrypt the set value and store the encrypted set value in the first memory area of the memory, write the set value to a second memory area in the memory, or read the set value from the second memory area.
    Type: Grant
    Filed: February 5, 2020
    Date of Patent: March 22, 2022
    Assignee: RICOH COMPANY, LTD.
    Inventor: Tatsuma Hirokawa
  • Patent number: 11281777
    Abstract: A protection module operates to analyze threats, at the protocol level (e.g., at the HTML level), by intercepting all requests that a browser engine resident in a computing device sends and receives, and the protection agent completes the requests without the help of the browser engine. And then the protection module analyzes and/or modifies the completed data before the browser engine has access to it, to, for example, display it. After performing all of its processing, removing, and/or adding any code as needed, the protection module provides the HTML content to the browser engine, and the browser engine receives responses from the protection agent as if it was speaking to an actual web server, when in fact, browser engine is speaking to an analysis engine of the protection module.
    Type: Grant
    Filed: July 16, 2018
    Date of Patent: March 22, 2022
    Assignee: WEBROOT INC.
    Inventors: Joe Jaroch, Harry Murphey McCloy, III, Robert Edward Adams
  • Patent number: 11258801
    Abstract: A smart hybrid acceleration method includes receiving a handshake request from a client terminal, and determining whether the handshake request contains a self-defined resource extension field. If not, a target domain name with which the client terminal is to connect is acquired from the handshake request, and whether to use a hardware acceleration or a software acceleration is determined according to a level of the target domain name. If so, a resource level of a resource accessed by the client terminal is determined according to content in the self-defined resource extension field, and whether to use the hardware acceleration or the software acceleration is determined according to the resource level.
    Type: Grant
    Filed: February 5, 2018
    Date of Patent: February 22, 2022
    Assignee: GUIZHOU BAISHANCLOUD TECHNOLOGY CO., LTD.
    Inventors: Yang Yang, Hui Miao
  • Patent number: 11240291
    Abstract: To share snips of content, content access rules of a content file can be parsed to identify an accessible range of the content file and an inaccessible range of the content file. In one example, content sharing includes receiving an identifier of a recipient for a content file, parsing content access rules for the recipient, to identify an accessible range of the content file, and presenting an indicator of the accessible range and an inaccessible range of the content file for the recipient. A user can then identify a selection of a snip of the accessible range of the content file in a user interface. In some cases, a copy of the snip of the content file, a link to the snip of the content file, or both can be generated and forwarded after the selection is identified.
    Type: Grant
    Filed: September 23, 2020
    Date of Patent: February 1, 2022
    Inventors: Pratik Jagad, Avanti Kenjalkar
  • Patent number: 11228642
    Abstract: Systems and methods are provided for submitting data in a computer network. An exemplary method includes: receiving a first request to process a first data at one or more data servers; determining whether the first data includes a plurality of first set of properties; generating a second data having a plurality of second set of properties; providing a plurality of rule sets for submitting the second data; analyzing the second data to determine which of the rule sets is applicable; selecting one or more applicable rules from the rule sets; generating a plurality of third data by applying the one or more applicable rules to the second data; identifying the one or more external sources to distribute the third data; and sending the third data to the one or more external sources.
    Type: Grant
    Filed: April 14, 2021
    Date of Patent: January 18, 2022
    Assignee: Veeva Systems Inc.
    Inventors: Marius K. Mortensen, Asaf Roll, Zhen Tan
  • Patent number: 11206244
    Abstract: A method and video decoder system using the method are provided for identifying video frames in an encoded or encrypted video stream without performing decoding or decryption. The method includes: receiving a video data stream comprised of a plurality of transport stream (TS) packets; detecting a first video frame in the video data stream, wherein detection of the first video frame includes registering a last checked position at the start of the video data stream, examining bytes in a next TS packet to identify a predetermined pattern indicating a network abstraction layer (NAL) unit, repeating the examining step until two TS packets have been identified that include an NAL unit, wherein the last checked position is updated after each examining step, and identifying a video frame based on a position of the NAL unit identified in the two TS packets; and repeating the detecting step for a plurality of additional video frames in the video data stream.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: December 21, 2021
    Assignee: ARRIS Enterprise LLC
    Inventors: Rafie Shamsaasef, Polly Tang, Kuang Ming Chen, William S. Watson
  • Patent number: 11171929
    Abstract: A computer system message generated by an application programming interface (API) or addressed to the API can be received. A first data sensitivity score for at least a first of a plurality of data elements in a payload of the computer system message and at least second data sensitivity score for at least a second of the plurality of data elements in the payload of the computer system message can be determined. Based on the first data sensitivity score and at least the second data sensitivity score, a differential security can be applied to the computer system message. Applying the differential security can include masking the first of the plurality of data elements and not masking the second of the plurality of data elements. The computer system message can be electronically communicated the to a destination to which the message is addressed.
    Type: Grant
    Filed: December 17, 2018
    Date of Patent: November 9, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Anand Pikle, Amol Dhondse, Abhay Patra, Harish Bharti, Rajesh Kumar Saxena
  • Patent number: 11171995
    Abstract: A method includes monitoring an enterprise system to identify cryptographic techniques utilized by one or more components of the enterprise system, the one or more components comprising at least one of physical and virtual computing resources. The method also includes generating one or more profiles characterizing usage of at least a given one of the identified cryptographic techniques by at least a given one of the one or more components of the enterprise system and determining an effect of cryptographic obsolescence of the given identified cryptographic technique on the enterprise system utilizing the generated one or more profiles. The method further includes identifying one or more remedial actions for mitigating the effect of cryptographic obsolescence of the given identified cryptographic technique on the enterprise system and initiating one or more of the identified remedial actions to modify a configuration of one or more components of the enterprise system.
    Type: Grant
    Filed: January 25, 2019
    Date of Patent: November 9, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Eric Young, Zulfikar A. Ramzan
  • Patent number: 11153286
    Abstract: An example method performed by one or more processing devices includes: generating encrypted content at a sender device using one or more first keys that are available from a key provider; and outputting the encrypted content to a recipient device over one or more channels; where the key provider enables access, following authorization, by the recipient device to one or more second keys for decrypting the encrypted content; and where an entity that enables the channel is unaffiliated with the key provider.
    Type: Grant
    Filed: April 23, 2020
    Date of Patent: October 19, 2021
    Assignee: BLUERISC, INC.
    Inventor: Csaba Andras Moritz
  • Patent number: 11121761
    Abstract: An origination device (e.g., a base station) combines and encodes first user data and second user data, having similar QoS requirements, to generate a multiuser packet. In some cases, the origination device dual-encodes the multiuser packet. The multiuser packet is transmitted to one or more signal forwarding devices that each serve at least one of the users associated with the data contained in the multiuser packet. The signal forwarding device decodes the multiuser packet to obtain the first and second user data. The signal forwarding device transmits at least one portion of the multiuser packet, as single-encoded signals, to one or more appropriate destination devices (e.g., UE devices).
    Type: Grant
    Filed: March 17, 2017
    Date of Patent: September 14, 2021
    Assignee: Kyocera Corporation
    Inventor: Amit Kalhan
  • Patent number: 11070562
    Abstract: Techniques for implementing fine-grained access control in an IoT (Internet of Things) deployment are provided. In one set of embodiments, a gateway of the IoT deployment can create/maintain a device proxy pertaining to an IoT device and a persona in the IoT deployment, where the device proxy includes one or more access methods for accessing the IoT device, and where the one or more access methods reflect access rights that are deemed appropriate for the persona with respect to the IoT device. An application instance of the IoT deployment can receive a request from the persona to access the IoT device. Networking equipment interconnecting the application instance with the gateway can then automatically route, via one or more SDN micro-segmentation rules, the request to the device proxy for processing via the proxy's access methods.
    Type: Grant
    Filed: April 25, 2018
    Date of Patent: July 20, 2021
    Assignee: VMware, Inc.
    Inventors: Salim AbiEzzi, Greg Bollela
  • Patent number: 11057489
    Abstract: Embodiments of this disclosure provide a content deployment method and a delivery controller. The content deployment method includes: receiving, by a delivery controller, a content deployment request from an application server controller, where the content deployment request includes identification information of requested content and address information of an application server storing the requested content; and sending, by the delivery controller, a first deployment cache request to a first cache server, where the first deployment cache request includes the identification information of the requested content and the address information of the application server, and the first deployment cache request is used to request the first cache server to obtain the requested content from the application server and cache the requested content. With the content deployment method and the delivery controller in the embodiments of this disclosure, content deployment under control of a content provider can be implemented.
    Type: Grant
    Filed: October 11, 2019
    Date of Patent: July 6, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Renchao Xie, Junfeng Xie, Hualin Zhu, Tao Huang
  • Patent number: 11019044
    Abstract: A network appliance stores a session identifier that uniquely identifies a network communication session between a first device and the network appliance. A first communication is received from the first device over the network communication session. The network appliance also receives from a proxy tool, a second communication that includes a header specifying the session identifier and that includes data generated by the proxy in response to the first communication. The network appliance associates the first communication with the second communication using the session identifier. An encrypted representation of the data generated by the proxy is transmitted to a second device based on the association between the first communication and the second communication.
    Type: Grant
    Filed: March 8, 2019
    Date of Patent: May 25, 2021
    Assignee: Gigamon Inc.
    Inventors: Manish Pathak, Kishor Joshi, Murali Bommana
  • Patent number: 11005866
    Abstract: A network monitoring “sensor” is built on initial startup by checking the integrity of the bootstrap system and, if it passes, downloading information from which it builds the full system including an encrypted and an unencrypted portion. Later, the sensor sends hashes of files, configurations, and other local information to a data center, which compares the hashes to hashes of known-good versions. If they match, the data center returns information (e.g., a key) that the sensor can use to access the encrypted storage. If they don't, the data center returns information to help remediate the problem, a command to restore some or all of the sensor's programming and data, or a command to wipe the encrypted storage. The encrypted storage stores algorithms and other data for processing information captured from a network, plus the captured/processed data itself.
    Type: Grant
    Filed: January 3, 2018
    Date of Patent: May 11, 2021
    Assignee: Vigilant IP Holdings LLC
    Inventors: Christopher M. Nyhuis, Michael Pananen
  • Patent number: 10999371
    Abstract: The embodiments provide request multiplexing whereby a server receiving a first request for content clones and issues the cloned request to an origin to initiate retrieval of the content. The first request and subsequent requests for the same content are placed in a queue. The server empties a receive buffer that is populated with packets of the requested content as the packets arrive from the origin by writing the packets directly to local storage without directly distributing packets from the receive buffer to any user. The rate at which the server empties the receive buffer is therefore independent of the rate at which any user receives the packets. A first set of packets written to local storage can then be simultaneously distributed to one or more queued requests as the server continues emptying the receive buffer and writing a second set of packets to local storage.
    Type: Grant
    Filed: July 9, 2019
    Date of Patent: May 4, 2021
    Assignee: Verizon Digital Media Services Inc.
    Inventors: Sergio Leonardo Ruiz, Derek Shiell
  • Patent number: 10963581
    Abstract: Disclosed are systems and methods to encrypt an image for secure image transmission and parallel decryption using resources from a networked environment. Upon reception of encrypted data from the mobile user, the data can be decrypted by transforming the data, decrypting the transformed data, and inversing the transformation. The decrypted data can be sent for storage in a cloud storage.
    Type: Grant
    Filed: May 20, 2016
    Date of Patent: March 30, 2021
    Assignee: Board of Regents, The University of Texas System
    Inventors: Peyman Najafirad, Mohan Muppidi, Sos Agaian, Mo Jamshidi
  • Patent number: 10904007
    Abstract: A method of providing a login to website requested from a computing device, by a biometric information based authentication device which interworks with a control server, is provided. The method includes detecting a login request message transmitted from the computing device to a website server providing the website, extracting login session information from the login request message, outputting an authentication result with respect to received biometric information, and transmitting authentication information comprising the login session information and the authentication result to the control server. The login session information is transmitted from the control server to the website server to determine, by the website server, the login allowance of the website.
    Type: Grant
    Filed: December 14, 2016
    Date of Patent: January 26, 2021
    Assignee: KT Corporation
    Inventors: Tae-Gyun Kim, Daesung Cho, In-Soo Lee, Deok-Moon Chang
  • Patent number: 10897457
    Abstract: Methods and apparatus, including computer program products, implementing and using techniques for processing of data in an intermediary server. Data is received from an Internet of Things (IoT) enabled device. The data includes a readable header and an encrypted payload. An opaque algorithm is selected to process the payload, based on information contained in the header of the data. The selected opaque algorithm processes the encrypted payload of the data, wherein the opaque algorithm is invisible to the intermediary server. The processing includes: decrypting the encrypted payload, applying the opaque algorithm to the decrypted payload, and encrypting the results from processing the decrypted payload by the opaque algorithm. A new readable header is added to the encrypted results. The data, including the new readable header and the encrypted results, is forwarded to a different server, based on the information in the new readable header.
    Type: Grant
    Filed: April 17, 2017
    Date of Patent: January 19, 2021
    Assignee: International Business Machines Corporation
    Inventors: Rhonda L. Childress, Hari H. Madduri
  • Patent number: 10893030
    Abstract: Methods, systems, and computer readable media for implementing bandwidth limitations on specific application traffic at a proxy element are disclosed. One exemplary method includes receiving, at a proxy element, a packet flow from at least one source client, identifying encrypted packets associated with a specific application traffic type from among the packet flow, and directing the identified encrypted packets to a bandwidth limiter in the proxy element. The method further includes applying a bandwidth limitation operation to the identified encrypted packets and decrypting the identified encrypted packets if an accumulated amount of payload bytes of the identified encrypted packets complies with the parameters of the bandwidth limitation operation.
    Type: Grant
    Filed: August 14, 2018
    Date of Patent: January 12, 2021
    Assignee: KEYSIGHT TECHNOLOGIES, INC.
    Inventors: Gabriel Oprisan, Michael Paul Galime, Scott Walker Register
  • Patent number: 10891391
    Abstract: Disclosed embodiments provide techniques for accessing a document from a cloud storage system and controlling the display of sensitive data within the document based on user permissions. One or more restricted information segments are identified within a document to be stored on the cloud storage system. Restricted information segments can include anything within an electronic file for which it is desired to provide multiple levels of access. In some embodiments, the restricted information segments are automatically identified via computer-implemented natural language processing (NLP) techniques. For each restricted information segment, one or more alternative data sequences are generated. The alternative data sequences are encrypted using various keys residing on a client device associated with a user. The keys can be used to decrypt data stored within a multiple-value encrypted field structure.
    Type: Grant
    Filed: August 29, 2018
    Date of Patent: January 12, 2021
    Assignee: International Business Machines Corporation
    Inventors: Itai Gordon, Miriam Nizri, Ilan D. Prager
  • Patent number: 10892912
    Abstract: Methods and apparatus are provided for transmitting data over a network through a tunnel. In one embodiment, a method comprises obtaining data for transfer over a network from a sender to a receiver. At an operating system level, at least one packet is intercepted from the data that satisfies one or more configurable criteria. A tunnel is established from the sender to the receiver, wherein the tunnel selectively performs one or more of encryption, compression, and data deduplication of the intercepted packet. The intercepted packet is transmitted through the tunnel from the sender to the receiver. A handshake protocol optionally determines the presence of agents at the sender and receiver. The handshake protocol fails if agents are not present at both the sender and receiver, and the transfer is then carried out over a standard communication channel.
    Type: Grant
    Filed: July 13, 2016
    Date of Patent: January 12, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Andrey Pakhomov, Ivan Andreyev
  • Patent number: 10783270
    Abstract: The technology disclosed teaches protecting sensitive data in the cloud via indexable databases. The method includes identifying sensitive fields of metadata for encryption and for hashing. The method also includes hashing at least partial values in the indexable sensitive fields to non-reversible hash values, concatenating the non-reversible hash values with the metadata for the network events, and encrypting the sensitive fields of metadata. Also included is sending the metadata for the network events, with the non-reversible hash values and the encrypted sensitive fields, to a remote database server that does not have a decryption key for the encrypted sensitive fields and that indexes the non-reversible hash values for indexed retrieval against the indexable sensitive fields.
    Type: Grant
    Filed: August 29, 2019
    Date of Patent: September 22, 2020
    Assignee: Netskope, Inc.
    Inventors: Ravi Ithal, Shaila Vasudev, Khurram Saqlain, Mahesh Gupta, Karan Mendiratta, Krishna Narayanaswamy
  • Patent number: 10776837
    Abstract: A taximeter for a vehicle, comprising data interface for obtaining signal indicative of the vehicle speed and/or distance traveled, preferably a speed pulse signal, memory for storing tariff data linking taxi fare with vehicle speed, distance traveled and/or time elapsed, processing unit for dynamically determining, utilizing the obtained signal and tariff data, stroke characteristics for the current situation in terms of dynamically determined stroke value and of dynamically determined stroke interval, and updating the accrued fare after each stroke utilizing the determined stroke characteristics, and display for visualizing the accrued fare. A corresponding method is presented.
    Type: Grant
    Filed: December 16, 2015
    Date of Patent: September 15, 2020
    Assignee: Semel Oy
    Inventor: Tuomo Roivainen
  • Patent number: 10778699
    Abstract: Localized and global detection and mitigation of network attacks in a distributed platform are provided. The localized detection identifies attacks occurring at individual nodes of the distributed platform based on packet analysis conducted by each individual node. The global detection identifies attacks occurring across the distributed platform based on packet analysis conducted on traffic aggregated from across the distributed platform. Either detection involves inspecting headers of the sampled packets. Each header property is scored based on an amount of deviation from threshold values. The sum of scores identifies the header properties that form an attack signature. Attack protections are implemented against subsequently arriving packets with header properties matching the attack signature.
    Type: Grant
    Filed: April 17, 2017
    Date of Patent: September 15, 2020
    Assignee: Verizon Digital Media Services Inc.
    Inventors: Christopher Bradley, Jayson G. Sakata
  • Patent number: 10771843
    Abstract: A media distribution system and method with sample variants for normalized encryption involves encrypting a main track of a media content asset using a first encryption scheme and encrypting a sample variant track of the media content asset using a second encryption scheme, and performing at least one of: storing the encrypted main track and encrypted sample variant track of the media content asset packaged in a storage format, and transmitting the encrypted main track and the encrypted sample variant track in a distribution container format to an edge media router (EMR) device configured to repackage the media content asset into a delivery container format without reencrypting the media content asset.
    Type: Grant
    Filed: December 14, 2016
    Date of Patent: September 8, 2020
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Raj Nair, Prabhudev Navali, Mikhail Mikhailov, David Alexander, Pablo Argon
  • Patent number: 10764176
    Abstract: A method of configuring a forwarding element that includes several message processing stages. The method identifies a first processing stage that starts processing a first header field of a message and a second processing stage that is the last message processing stage that processes the first header field. The method configures a field of a packet header container to store the first header field from the beginning of the first message processing stage. The method identifies a second header field used in a third processing stage after the second processing stage. The method configures a set of circuitries in the data plane to initialize the container field after the end of the second processing stage. The method configures the field of the container to store the second header field of the message after the end of the second processing stage and before the start of the third processing stage.
    Type: Grant
    Filed: August 21, 2017
    Date of Patent: September 1, 2020
    Assignee: Barefoot Networks, Inc.
    Inventors: Michael E. Attig, Patrick Bosshart, Jay Evan Scott Peterson, Michael Gregory Ferrara
  • Patent number: 10757074
    Abstract: Techniques for packet classification for network routing are disclosed. In some embodiments, packet classification for network routing includes receiving packets associated with a new flow at a security controller from a network device, in which the network device performs packet forwarding; classifying the flow; and determining an action for the flow based on a policy (e.g., a security policy). In some embodiments, the network device is a Software Defined Network (SDN) network device (e.g., a packet forwarding device that supports the OpenFlow protocol or another protocol).
    Type: Grant
    Filed: August 29, 2016
    Date of Patent: August 25, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Nir Zuk, Marc Joseph Benoit
  • Patent number: 10726147
    Abstract: Native file encryption support is integrated into an existing file system that does not provide such support, such as the FAT family of file systems, while maintaining backwards compatibility with previous implementations of these file systems.
    Type: Grant
    Filed: July 19, 2018
    Date of Patent: July 28, 2020
    Assignee: Microsoft Technology Licensing, LLC.
    Inventors: Darwin Ou-Yang, Peter Novotney, Ravinder Thind
  • Patent number: 10715451
    Abstract: Data processing apparatus includes a host processor and a network interface controller (NIC), which is configured to couple the host processor to a packet data network. A memory holds a flow state table containing context information with respect to computational operations to be performed on multiple packet flows conveyed between the host processor and the network. Acceleration logic is coupled to perform the computational operations on payloads of packets in the multiple packet flows using the context information in the flow state table.
    Type: Grant
    Filed: May 4, 2016
    Date of Patent: July 14, 2020
    Assignee: MELLANOX TECHNOLOGIES, LTD.
    Inventors: Shachar Raindel, Shlomo Raikin, Liran Liss
  • Patent number: 10701049
    Abstract: Techniques for time-based network authentication challenges are disclosed. In some embodiments, a system, process, and/or computer program product for time-based network authentication challenges includes monitoring a session at a firewall to identify a user associated with the session, generating a timestamp for an authentication factor associated with the user after the user successfully authenticates for access to a resource based on an authentication profile, intercepting another request from the user for access to the resource at the firewall, and determining whether the timestamp for the authentication factor is expired based on the authentication profile.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: June 30, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Ashwath Sreenivasa Murthy, Prabhakar M V B R Mangam, Shriram S. Jandhyala, Qiuming Li, Yongjie Yin
  • Patent number: 10678930
    Abstract: A computer-implemented method is provided herein of generating a file having a column-oriented layout and having a file header and a data block. The method includes a step of inserting length information of an encryption vector into the data block; a step of inserting the encryption vector into the data block; and a step of inserting data array of the encrypted column after referring to the encryption vector.
    Type: Grant
    Filed: October 19, 2018
    Date of Patent: June 9, 2020
    Assignee: LOGPRESO INC.
    Inventor: Bongyeol Yang