Firewall Patents (Class 726/11)
  • Patent number: 10728239
    Abstract: Today's user is facing an ever increasing number of cyber threats from infectious software to scam artist phishing for their passwords and other personal information. Accordingly, a technique is provided to mediate a user's access to electronic resources, which can include malware and sites that trick the user into giving their password. Based on information known about the resource at the time the user accesses it, the technique can warn the user that the resources is suspicious and it is not safe to provide their password. Even if the resource is safe, the technique can warn the user not reuse their password, thereby promoting good password hygiene.
    Type: Grant
    Filed: March 3, 2017
    Date of Patent: July 28, 2020
    Assignee: Mimecast Services Ltd.
    Inventors: Jackie Anne Maylor, Simon Paul Tyler, Steven Malone, Wayne Van Ry, Francisco Ribeiro, Nathaniel S. Borenstein
  • Patent number: 10721197
    Abstract: A cloud based mobile internet protocol messaging spam defense. Short message service (SMS) messages are analyzed by a cloud based virtual machine to determine if should be considered potentially unwanted messages (e.g., spam). The cloud based virtual machine uses a user specific algorithm for determining if a message should be considered to be a potentially unwanted message. Messages that are determined to be potentially unwanted messages trigger a notification to be sent to a user device associated with the virtual machine. The notification requests confirmation from the user that the potentially unwanted message is an unwanted message. The user's response to a request for confirmation is then used to update an unwanted message database associated with the user and the user device.
    Type: Grant
    Filed: March 2, 2018
    Date of Patent: July 21, 2020
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Ann E. Skudlark, Lien K. Tran, Yu Jin
  • Patent number: 10721275
    Abstract: To prevent un-authorized accesses to data and resources available in workloads on an organization's or enterprise's computer network, various improvements to automated computer network security processes to enable them to enforce network security policies using native network security mechanisms to control communications to and/or from workload units of applications running on different nodes within hybrid computer network infrastructures having both traditional hardware resources and virtual resources provided by private and public cloud infrastructure services.
    Type: Grant
    Filed: January 23, 2018
    Date of Patent: July 21, 2020
    Assignee: FireEye, Inc.
    Inventors: Lisun Joao Kung, Jose Renato Goncalves Santos, Sarowar Golam Sikder
  • Patent number: 10715489
    Abstract: A management server disposed outside a firewall and supporting connection of communications between a control target device disposed inside the firewall and a cloud server disposed outside the firewall, includes a server-side session establishing portion to, based on a request from a relay device disposed inside the firewall, establish a session with the relay device, a device information acquiring portion to acquire device information about the control target device from the relay device via the established session, and an update determining portion to, in response to reception of a request of connecting to the control target device from the cloud server, determine whether to update the device information.
    Type: Grant
    Filed: February 5, 2015
    Date of Patent: July 14, 2020
    Assignee: KONICA MINOLTA, INC.
    Inventors: Hisashi Uchida, Kazumi Sawayanagi, Noriaki Asamoto, Masami Yamada, Shuji Yoneda, Kazuya Anezaki, Akihiro Torigoshi, Yasutaka Ito
  • Patent number: 10708291
    Abstract: A common misconception equates information with intelligence. To transform information into intelligence a number of analytical steps must occur within a framework designed to yield very specific datum associable with other raw or formulated datum, that provides an answer or solution to a sub-problem. Every organization has threats and risks including cyber threats, threats to infrastructure, etc. that can impact the organization on many levels. However, most organizations do not understand how to quantify and assess these risks/threats yet alone assess different preemptive actions for mitigating impact. It would therefore be beneficial to provide organizations with a software based system that provides threat information gathering, incident reporting, and asset identification/valuation as part of its compounded intelligence and supports predictive context specific analysis of risks and countermeasures.
    Type: Grant
    Filed: May 31, 2017
    Date of Patent: July 7, 2020
    Inventor: Valarie Ann Findlay
  • Patent number: 10708231
    Abstract: Some embodiments provide a method for identifying unnecessary firewall rules for a distributed firewall of a logical network. The method identifies a firewall policy for network traffic of the logical network. The firewall policy includes a set of firewall rules. The method generates a set of data for implementing the firewall policy on a set of managed forwarding elements that implement the logical network. The method analyzes potential network traffic based on the generated set of data to identify a subset of unnecessary data. The method identifies a subset of unnecessary firewall rules of the set of firewall rules that corresponds to the subset of unnecessary data.
    Type: Grant
    Filed: August 6, 2018
    Date of Patent: July 7, 2020
    Assignee: NICIRA, INC.
    Inventors: Amar Padmanabhan, Amre Shakimov, Anupam Chanda
  • Patent number: 10708306
    Abstract: Techniques for mobile user identity and/or SIM-based IoT identity and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for mobile user identity and/or SIM-based IOT identity and application identity based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier.
    Type: Grant
    Filed: June 15, 2017
    Date of Patent: July 7, 2020
    Assignee: Palo Alto Networks, Inc.
    Inventors: Sachin Verma, Leonid Burakovsky, Jesse C. Shu, Lei Chang
  • Patent number: 10691751
    Abstract: A data processing system performs data processing of raw or preprocessed data. The data includes log files, bitstream data, and other network traffic containing either cookie or device identifiers. The data processing system associates devices with device activity history.
    Type: Grant
    Filed: January 23, 2017
    Date of Patent: June 23, 2020
    Assignee: The Trade Desk, Inc.
    Inventors: Jason Atlas, Fady Kalo, Jiefei Ma
  • Patent number: 10685116
    Abstract: Methods, apparatus, systems, and articles of manufacture to remediate ransomware are disclosed. An example malware scanner includes a sinkhole generator to generate a sinkhole directory. The example malware scanner includes a storage device adapted to store a computer file and the sinkhole directory, wherein the sinkhole directory recursively expands when the computer file performs a file listing of the sinkhole directory to occupy the computer file by extending a period of time taken to perform the file listing of the sinkhole directory. The example malware scanner includes an analyzer to monitor execution of the computer file while the computer file is performing the file listing of the sinkhole directory to attempt to identify an indicator of compromise associated with the computer file, the analyzer to classify the computer file as ransomware when the analyzer identifies the indicator of compromise. The example malware scanner includes a cleaner to remediate the ransomware.
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: June 16, 2020
    Assignee: McAfee, LLC
    Inventor: Ghanashyam Satpathy
  • Patent number: 10686856
    Abstract: System and methods for initiating a media streaming device, particularly for devices associated with a guest services environment. Such initiation may include: receiving, at a proxy server, a request from a mobile device to join a guest services network, the request identifying a user of the mobile device; verifying a registration of the user, the registration indicating permission of the user to join the guest services network, to yield a verification; identifying, based on the verification, a media streaming device associated with the registration of the user; and configuring the media streaming device to be controllable by the mobile device, such that control commands are routed from the mobile device through the proxy server to the media streaming device, and streaming content is routed from the Internet to the media streaming device bypassing the proxy server.
    Type: Grant
    Filed: October 12, 2016
    Date of Patent: June 16, 2020
    Assignee: MARRIOTT INTERNATIONAL, INC.
    Inventors: David M. Straitiff, Neil R. Schubert, III, William R. Walker
  • Patent number: 10681074
    Abstract: A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring.
    Type: Grant
    Filed: November 14, 2018
    Date of Patent: June 9, 2020
    Assignee: QOMPLX, Inc.
    Inventors: Jason Crabtree, Andrew Sellers
  • Patent number: 10666679
    Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of reconfiguring network settings. The systems and methods monitor a network and detect a hacker on a network. The systems and methods can reconfigure network settings of the network upon detecting the hacker. The systems and methods can analyze the hack for severity; and determine a reconfiguration layer based on the severity of the hack. The reconfiguration layer determines a subset of the network settings to be reconfigured. The systems and methods can dismantle the network and generate a replacement network having the reconfigured set of network settings and replace the network with the replacement network.
    Type: Grant
    Filed: April 24, 2017
    Date of Patent: May 26, 2020
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Matthew J. Block, Jon M. Welborn, Adam Sheesley, David Huehulani Keene, Jennifer A. Holton, Douglas S. Rodgers
  • Patent number: 10659293
    Abstract: A disclosed method may include (1) executing a virtual router that services traffic within a network in connection with a specific network consumer and (2) dynamically scaling memory of the virtual router to accommodate a networking need of the specific network consumer by (A) installing, in at least one component of a physical network device that hosts the virtual router, a set of networking objects that facilitate servicing the traffic in connection with the specific network consumer, (B) determining an amount of memory that is consumed by the set of networking objects at the component of a physical network device, and (C) modifying a configuration file of the virtual router such that the memory of the virtual router is scaled to store the set of networking objects via the component. Various other systems and methods are also disclosed.
    Type: Grant
    Filed: March 19, 2018
    Date of Patent: May 19, 2020
    Assignee: Juniper Networks, Inc
    Inventors: Manoj Nayak, Rafik Putter, Tabrez Ahmed Khan
  • Patent number: 10659486
    Abstract: A universal link to extract and classify log data is disclosed. In various embodiments, a set of candidate data values that match a top level pattern that is common to two or more types of data value of interest is identified. The candidate data values are processed through a plurality of successive filtering stages, each stage of which includes determining which, if any, of said candidates match a more specific pattern associated more specifically with a specific data value type. Candidates, if any, which match the more specific pattern are classified as being of a corresponding specific data type and are removed from the set of candidate data values. A structured data record that associates each candidate data value determined to be of a corresponding one of said types of data value of interest with said corresponding one of said types of data value of interest is generated and stored.
    Type: Grant
    Filed: April 17, 2019
    Date of Patent: May 19, 2020
    Assignee: Anomali Incorporated
    Inventors: Wei Huang, Yizheng Zhou, Hugh Seretse Njemanze, Zhong Deng
  • Patent number: 10650593
    Abstract: A server system can receive an assertion of an alarm condition from a security system that processes sensor signals from sensors and that triggers the alarm condition. The server system is can send messages to determined nearby sensors to start sending data back to the server system according to the alarm condition. The server system can analyze sensor data received from the sensors. The analysis includes a verification of the alarm condition, a determination of how often queried data is requested, and a determination of which of selected data received from selected sensors to forward to one or more mixed reality devices. The server system can forward data to the one or more mixed reality.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: May 12, 2020
    Assignee: TYCO FIRE & SECURITY GMBH
    Inventors: Robert B. Locke, Paul B. Rasband, Rain Cui, Steve Schattmaier, Richard Campero
  • Patent number: 10628144
    Abstract: Some embodiments provide a simplified mechanism to deploy and control a multi-segmented application by using application-based manifests that express how application segments of the multi-segment application are to be defined or modified, and how the communication profiles between these segments. In some embodiments, these manifests are application specific. Also, in some embodiments, deployment managers in a software defined datacenter (SDDC) provide these manifests as templates to administrators, who can use these templates to express their intent when they are deploying multi-segment applications in the datacenter. Application-based manifests can also be used to control previously deployed multi-segmented applications in the SDDC. Using such manifests would enable the administrators to be able to manage fine grained micro-segmentation rules based on endpoint and network attributes.
    Type: Grant
    Filed: August 24, 2018
    Date of Patent: April 21, 2020
    Assignee: VMWARE, INC.
    Inventors: Sirisha Myneni, Arijit Chanda, Laxmikant Vithal Gunda, Arnold Poon, Farzad Ghannadian, Kausum Kumar
  • Patent number: 10621344
    Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.
    Type: Grant
    Filed: October 17, 2019
    Date of Patent: April 14, 2020
    Assignee: CUPP Computing AS
    Inventor: Shlomo Touboul
  • Patent number: 10616813
    Abstract: A method and system for wireless communication between a mobile router in a moving vehicle, such as a train, and one or several external server(s) via at least two types of external wireless networks, a first external wireless network type, trackside network, including a plurality of trackside base stations, such as access points, for communication in compliance with a Wireless Local Area Network (WLAN) standard, said trackside base stations being arranged in the vicinity of a vehicle path of travel, and a second external wireless network type, cellular network, communicating via cellular network standard(s), such as in accordance with 3G, 4G or 5G standards, wherein the mobile router is arranged, at least periodically, to simultaneously communicate with the two types of external wireless networks thereby providing at least two concurrently useable external wireless networks.
    Type: Grant
    Filed: July 13, 2017
    Date of Patent: April 7, 2020
    Assignee: ICOMERA AB
    Inventor: Mats Karlsson
  • Patent number: 10608881
    Abstract: Example methods are provided for host to implement application-based network segmentation in a virtualized computing environment. The method may comprise detecting an egress packet from a virtualized computing instance supported by the host for transmission to a destination and identifying a source application associated with the egress packet. The source application may be one of multiple applications supported by the virtualized computing instance, the multiple applications being associated with respective target networks. The method may further comprise, based on a network policy configured for the source application, determining a particular target network associated with the source application; and sending, to the destination, the egress packet via a physical network interface controller (NIC) associated with the particular target network.
    Type: Grant
    Filed: September 22, 2016
    Date of Patent: March 31, 2020
    Assignee: NICIRA, INC.
    Inventors: Shengbo Teng, Nan Wang, Yisan Zhao, Jingtao Zhang
  • Patent number: 10601863
    Abstract: Sensor enrollment management is conducted where features and capabilities for one or more broker computing nodes within the cluster are received by an enrollment service operating within a management system. The enrollment service is configured to receive advertised features and capabilities for computing nodes that are part of a cluster and provide address information associated with the enrollment service to the sensor. Based on information supplied by the sensor, the enrollment service authenticates the sensor, and upon authentication, forwards keying material associated with the sensor to a computing node selected that is selected for supporting communications to the cluster from the sensor. Also, the enrollment service provides a portion of the advertised features and capabilities associated with the computing node to the sensor to enable the sensor to establish a secure communication path with the computing node for malware analysis of suspicious objects within network traffic monitored by the sensor.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: March 24, 2020
    Assignee: FireEye, Inc.
    Inventor: Mumtaz Siddiqui
  • Patent number: 10601861
    Abstract: An exemplary computer-implemented method includes obtaining at least one teleportation invite block that records a virtual universe teleportation invite marked by at least one parameter. The teleportation invite identifies a virtual universe user as an invitee. Responsive to the parameter, assess whether the virtual universe teleportation invite is potentially malicious, and alert the invitee in case the virtual universe teleportation invite is potentially malicious.
    Type: Grant
    Filed: April 28, 2017
    Date of Patent: March 24, 2020
    Assignee: International Business Machines Corporation
    Inventors: James R. Kozloski, Clifford A. Pickover, Komminist Weldemariam
  • Patent number: 10593427
    Abstract: A medical device for facilitating data direction to storage in a patient-specific electronic record is provided herein. In embodiments, the medical device visually presents patient data received from devices that more directly capture physiological data. The medical device is associated with a patient corresponding to the physiological data, and communicates the patient data to a centralized server for processing and forwarding to a database, which includes an electronic record that is specific to the patient. Then, the medical device may be dissociated from the patient.
    Type: Grant
    Filed: March 12, 2018
    Date of Patent: March 17, 2020
    Assignee: Cerner Innovation, Inc.
    Inventors: Damon Matthew Herbst, Randolph S. Lantz, Greg T. Meyer, Matthew P. Bailey
  • Patent number: 10594732
    Abstract: Method, product and device for selective traffic blockage. In one embodiment, in response to a detection that a computing device cannot connect to a predetermined server, the blockage policy is applied to an outgoing packet, whereby selectively blocking outgoing packets when the computing device has limited connectivity to the predetermined server. In another embodiment, in response to an attempt to transmit a packet, invoking a local Virtual Private Network (VPN) service that is configured to apply a blockage policy, wherein the local VPN service provides an Application Programming Interface (API) of a VPN service. As a result, selective blockage is implemented using the local VPN service.
    Type: Grant
    Filed: November 8, 2016
    Date of Patent: March 17, 2020
    Assignee: CA, Inc.
    Inventors: Yair Amit, Shahar Areli, Daniel Kandel, Elisha Eshed, Roy Iarchy, Adi Sharabani
  • Patent number: 10594584
    Abstract: A transmitted transport communication protocol (TCP) packet in an established TCP connection is intercepted and resent with a modified IP layer to determine network nodes within a network path. No new connection is required, and the data may be transmitted to its intended location as part of the existing connection, bypassing firewalls and other obstacles commonly affecting ping commands. The change to the IP layer may include a modified TTL value. Address location and response time may be determined for each node in a network path.
    Type: Grant
    Filed: February 27, 2017
    Date of Patent: March 17, 2020
    Assignee: Cisco Technology, Inc.
    Inventor: Suraj Puvvada
  • Patent number: 10587648
    Abstract: A method, apparatus and program product utilize Domain Name Service (DNS) prefetching in a recursive DNS server, e.g., to mitigate Distributed Denial of Service (DDoS) attacks on a DNS service.
    Type: Grant
    Filed: April 13, 2017
    Date of Patent: March 10, 2020
    Assignee: International Business Machines Corporation
    Inventors: David M. Koster, Jason A. Nikolai, Adam D. Reznechek, Andrew T. Thorstensen
  • Patent number: 10587649
    Abstract: A method, apparatus and program product utilize Domain Name Service (DNS) prefetching in a recursive DNS server, e.g., to mitigate Distributed Denial of Service (DDoS) attacks on a DNS service.
    Type: Grant
    Filed: November 27, 2017
    Date of Patent: March 10, 2020
    Assignee: International Business Machines Corporation
    Inventors: David M. Koster, Jason A. Nikolai, Adam D. Reznechek, Andrew T. Thorstensen
  • Patent number: 10587578
    Abstract: System and method for managing firewall rules for hierarchical entities modify a processing order of the firewall rules to be executed in a distributed computer system based on hit counts of the firewall rules and direct descendent relationships of destination entities of the firewall rules.
    Type: Grant
    Filed: April 27, 2017
    Date of Patent: March 10, 2020
    Assignee: NICIRA, INC.
    Inventors: Vasantha Kumar, Sriram Gopalakrishnan, Naveen Ramaswamy, Anil Kumar
  • Patent number: 10587634
    Abstract: A system, method and computer program product for detecting distributed denial-of-service (DDoS) attacks is provided. Current aggregated flow information for a defined period of time is analyzed. It is determined whether network flow increased above a defined flow threshold value to a second data processing system connected to a network within the defined period of time based on analyzing the current aggregated flow information. In response to determining that the network flow has increased above the defined flow threshold value to the second data processing system connected to the network within the defined period of time, it is determined that the second data processing system is under a DDoS attack.
    Type: Grant
    Filed: October 15, 2018
    Date of Patent: March 10, 2020
    Assignee: International Business Machines Corporation
    Inventors: Kuo-Chun Chen, Chih-Hung Chou, Wei-Hsiang Hsiung, Sheng-Tung Hsu
  • Patent number: 10574482
    Abstract: Systems and methods for providing multi-perimeter firewalls via a virtual global network are disclosed. In one embodiment the network system may comprise an egress ingress point in communication with a first access point server, a second access point server in communication with the first access point server, an endpoint device in communication with the second access point server, a first firewall in communication with the first access point server, and a second firewall in communication with the second access point server. The first and second firewalls may prevent traffic from passing through their respective access point servers. The first and second may be in communication with each other and exchange threat information.
    Type: Grant
    Filed: April 7, 2016
    Date of Patent: February 25, 2020
    Assignee: UMBRA TECHNOLOGIES LTD.
    Inventors: Carlos Eduardo Oré, Joseph E. Rubenstein
  • Patent number: 10574676
    Abstract: A mobile device application executing on a mobile device as an operating system extension that uses a virtual private network (VPN) stack of the operating system intercepts a first Internet protocol (IP) packet for delivery to a remote computer system. The application determines that the intercepted first IP packet is associated with sensitive information. In response creates a VPN tunnel between the remote computer system to securely send data from the mobile device to the remote computer system.
    Type: Grant
    Filed: October 6, 2017
    Date of Patent: February 25, 2020
    Assignee: Fyde, Inc.
    Inventors: Sinan Eren, Jose Luis Ferras Pereira, Pablo German Sole, Luisa Marina Moya Praca de Araujo Llma
  • Patent number: 10567437
    Abstract: Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets. Performing the at least one of multiple packet transformation functions specified by the dynamic security policy on the packets may include performing at least one packet transformation function other than forwarding or dropping the packets.
    Type: Grant
    Filed: August 24, 2018
    Date of Patent: February 18, 2020
    Assignee: CENTRIPETAL NETWORKS, INC.
    Inventors: Steven Rogers, Sean Moore
  • Patent number: 10559177
    Abstract: Embodiments herein provide methods and apparatus for monitoring and/or protecting property or other area is presented. Aspects of invention provide devices, software, systems, and methods for property and area monitoring that detect the presence of wireless devices on or over a property or in a particular geographical area. In some embodiments the detected wireless device and/or owner of a detected device can be identified. Embodiments provide methods and system for detection of wireless devices, identifiers, record time and duration that detected device was active on a property or within an area, record and transmit information to remote storage, and/or alert authorized individuals of activity within a monitored area. Embodiments of the invention allow systems and methods to work independent or with remote sensors to perform pre-programmed functions upon detection of a wireless device. Embodiments present a method for mobile configuration for scanning an area.
    Type: Grant
    Filed: August 4, 2017
    Date of Patent: February 11, 2020
    Inventors: Dean Michael Feldman, Timothy J Pierson
  • Patent number: 10560469
    Abstract: In an example, metrics that cause a deviation in data may be identified by collecting the data for selected metrics stored in a plurality of tables. A metric vector is constructed based on the data for the selected metrics. A probability density may be calculated for the metric vector that indicates a deviation value for the metric vector relative to other metric vectors. Moreover, an outlier metric from the metric vector that causes the deviation value for the metric vector may be identified.
    Type: Grant
    Filed: January 24, 2014
    Date of Patent: February 11, 2020
    Assignee: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP
    Inventor: Eric Owhadi
  • Patent number: 10554723
    Abstract: If a host name and a port number of an HTTP request do not correspond to those of an HTTP server, it is determined whether or not the host name indicates a local host and an address of a client that has transmitted the request is a loop-back address, and if so, processing for the HTTP request is continued.
    Type: Grant
    Filed: June 13, 2016
    Date of Patent: February 4, 2020
    Assignee: Canon Kabushiki Kaisha
    Inventor: Kunimasa Fujisawa
  • Patent number: 10554493
    Abstract: Systems, methods, and computer-readable media analyzing memory usage in a network node. A network assurance appliance may be configured to obtain reference concrete level rules for a node in the network, obtain implemented concrete level rules for the node from the node in the network, compare the reference concrete level rules with the implemented concrete level rules, and determining that the implemented concrete level rules are not appropriately configured based on the comparison.
    Type: Grant
    Filed: July 27, 2017
    Date of Patent: February 4, 2020
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Ramana Rao Kompella, Chandra Nagarajan, John Thomas Monk, Purna Mani Kumar Ghantasala
  • Patent number: 10547634
    Abstract: There is described a digital agent for monitoring of cybersecurity-related events in an industrial control system. The digital agent being residable in a host. The digital agent includes a module for monitoring behavioral data of the host, such as violation of security policy, system usage metric, etc. The digital agent also includes a module for recording behavior baseline of the host, such as operating system, operating system version, firewall status etc. In addition, the digital agent includes an agent state machine for monitoring the CPU load and/or memory usage of the host. Further, the digital agent includes an agent communication module for transmitting monitored data to an analysis unit external to the industrial control system.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: January 28, 2020
    Assignee: SECURE-NOK AS
    Inventor: Siv Hilde Houmb
  • Patent number: 10541969
    Abstract: Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.
    Type: Grant
    Filed: October 21, 2014
    Date of Patent: January 21, 2020
    Assignee: CUPP Computing AS
    Inventor: Shlomo Touboul
  • Patent number: 10542028
    Abstract: A packet-filtering device may receive packet-filtering rules configured to cause the packet-filtering device to identify packets corresponding to network-threat indicators. The packet-filtering device may receive packets and, for each packet, may determine that the packet corresponds to criteria specified by a packet-filtering rule. The criteria may correspond to one or more of the network-threat indicators. The packet-filtering device may apply an operator specified by the packet-filtering rule. The operator may be configured to cause the packet-filtering device to either prevent the packet from continuing toward its destination or allow the packet to continue toward its destination.
    Type: Grant
    Filed: August 28, 2019
    Date of Patent: January 21, 2020
    Assignee: Centripetal Networks, Inc.
    Inventors: David K. Ahn, Keith A. George, Peter P. Geremia, Pierre Mallett, III, Sean Moore, Robert T. Perry, Jonathan R. Rogers
  • Patent number: 10536513
    Abstract: Systems and methods are disclosed herein for opening files via local applications. A first application on a local device receives a request to open a document specified by a user via a user interface associated with the first application, the document having a document identifier and associated with a first file stored on a server, the request comprising the document identifier and a user identifier. The first application forwards the request to open the document associated with the first file to a second application on the local device, and receives, from the second application, a list comprising one or more document processing applications that are on the local device and are capable of opening a second file that is stored on the local device and has the same document identifier as the document specified by the user, the second file being a local copy of the first file.
    Type: Grant
    Filed: January 22, 2018
    Date of Patent: January 14, 2020
    Assignee: GOOGLE LLC
    Inventors: Jessie Lynne Newman, Frank Pape, III, Ali Akhavan Bitaghsir, Brian Schneider, James Michael McCollum, Eric Huayu Zhang, Rachel Werner Barton, Marc Miller, Rishi Sharma
  • Patent number: 10530750
    Abstract: The technology disclosed herein enables the enforcement of firewall policies based on high level identification strings. In a particular embodiment, a method provides receiving a first reply from a first identification system directed to a requestor system. In response to determining that the first identification system comprises an identification system trusted by the firewall, the method provides inspecting at least one packet included in the first reply to identify a first network address therein associated with a first high level identification string. The method further provides updating a data structure comprising allowed network addresses with the first network address and, after updating the data structure with the first network address, allowing at least one packet from the requestor system directed to a first destination at the first network address to traverse the firewall system based on the data structure.
    Type: Grant
    Filed: December 14, 2016
    Date of Patent: January 7, 2020
    Assignee: NICIRA, INC.
    Inventors: Jayant Jain, Kausum Kumar, Anirban Sengupta, Rick Lund, Jingmin Zhou
  • Patent number: 10523634
    Abstract: A system for dynamically implementing exceptions in an onboard network firewall has a client application interface receptive to a data link request from a client device. An onboard connectivity manager includes a firewall interface connected to the onboard network firewall to request the exceptions in response to a connection authorization, and a client presence manager receptive to the data link request relayed by the client application interface from the client device. A presence state for the client devices is activated and maintained following the data link request. A remote connectivity manager is connected to a remote application service and is in communication with the onboard connectivity manager. The remote connectivity manager generates a connection authorization based upon an evaluation of the presence state for the client device against the conditions set by the remote application service.
    Type: Grant
    Filed: January 16, 2019
    Date of Patent: December 31, 2019
    Assignee: PANASONIC AVIONICS CORPORATION
    Inventors: James A. Haak, Kwok Liang Poo
  • Patent number: 10523700
    Abstract: A system for managing security within an enterprise includes a computing device that receives a vulnerability, generates a user score for each user within the enterprise and generates a threat score for the vulnerability. A user device score may also be generated for each device associated with a user. Based on the user score and the threat score, a composite score is generated. After acquiring a security measure, the security measure is implemented based on the composite score and, at times, the user score.
    Type: Grant
    Filed: August 21, 2018
    Date of Patent: December 31, 2019
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Douglas C. Rambo, Steven M. Trudeau, Titanya Hughes, Michael Colehouse, Timothy J. Calabro, Vincent N. Nguyen, Ben D. Brenden
  • Patent number: 10523465
    Abstract: A system and method for providing private instances of shared resources utilizing VxLAN technology is disclosed, the system consisting of a private management local area network (MLAN), a separate virtual local area network (VLAN) to place resources that are to be shared, and private instances (replicas) of the shared resources that are located on a client's private network.
    Type: Grant
    Filed: February 26, 2019
    Date of Patent: December 31, 2019
    Inventor: Michael Emory Mazarick
  • Patent number: 10523762
    Abstract: Mechanisms for establishing persistent bi-directional communication channels with cloud computing systems are disclosed. A processor device initiates a plurality of persistent bi-directional communication channels with a corresponding plurality of cloud computing systems. Each cloud computing system comprises a plurality of computing devices used to implement on-demand computing resources on one or more of the plurality of computing devices at the request of different entities. The processor device receives real-time messages from at least some respective cloud computing systems of the plurality of cloud computing systems via the corresponding persistent bi-directional communication channel that identifies a status of at least one computing resource implemented in the respective cloud computing system.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: December 31, 2019
    Assignee: Red Hat, Inc.
    Inventors: John J. Mazzitelli, Heiko W. Rupp
  • Patent number: 10511569
    Abstract: Techniques for providing multi-modal multi-party calling include receiving a join request at a multiway server (MWS) from a first client, the join request identifying a second client; sending a call invitation to the second client from the MWS; receiving a connection from the second client to the MWS; receiving a first media status from one of the first client or the second client while the first client and the second client are in a peer-to-peer mode; and forwarding the first media status to the other of the first client or the second client. Other embodiments are described and claimed.
    Type: Grant
    Filed: August 15, 2016
    Date of Patent: December 17, 2019
    Assignee: FACEBOOK, INC.
    Inventors: Tomi Yiu, Cameron James Pickett, Naizhi Li, Chi Wang Ho, Parama Jyothi Reddappagari
  • Patent number: 10505896
    Abstract: Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.
    Type: Grant
    Filed: October 21, 2014
    Date of Patent: December 10, 2019
    Assignee: CUPP Computing AS
    Inventor: Shlomo Touboul
  • Patent number: 10505985
    Abstract: A request to access a network resource is received from a client device. The request includes a purported hostname of the network resource. A Domain Name System (DNS) lookup of the purported hostname is performed. A result of the lookup is used in making a determination that the request received from the client device is invalid. In response to the determination being made that the request received from the client device is invalid, an action to take with respect to the client device is determined.
    Type: Grant
    Filed: April 12, 2017
    Date of Patent: December 10, 2019
    Assignee: Palo Alto Networks, Inc.
    Inventors: Martin Walter, Charles Bransi, Suiqiang Deng
  • Patent number: 10498754
    Abstract: A method may include monitoring communications from a first user device coupled to a network and determining, based on the communications, whether the first user device is operating in accordance with a profile associated with the first user device. The method may also include transmitting a message to a network device in response to determining that the first user device is not operating in accordance with the profile. The method may further include blocking at least some communications from being transmitted to or received by the first user device, in response to determining that the first user device is not operating in accordance with the profile.
    Type: Grant
    Filed: June 9, 2017
    Date of Patent: December 3, 2019
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Manuel Enrique Caceres, Warren Hojilla Uy, Young R. Choi, Mauricio Pati Caldeira de Andrada
  • Patent number: 10491566
    Abstract: A user of a client device that is protected by a firewall may navigate to a website using a particular browser process (e.g., a window/tab of a browser) of the client device, sending a content request toward a web content server in the process. The firewall may intercept the content request, and may also receive information from the client device identifying which browser process initiated the content request. Before passing the content request to the appropriate web content server, the firewall may request and download a security policy from a security policy server. The security policy may notify the firewall which hosts are authorized/unauthorized for use with a particular domain, and which file types from each of these hosts are authorized/unauthorized for use with the particular domain. The firewall may then filter content related to the identified browser process based on the security policy.
    Type: Grant
    Filed: June 28, 2017
    Date of Patent: November 26, 2019
    Assignee: SONICWALL INC.
    Inventor: Hugo Vazquez Carames
  • Patent number: RE48043
    Abstract: A system, method and computer program product are provided for sending, to a central system, information associated with unwanted activity. In use, information associated with unwanted activity is identified utilizing a plurality of different types of security systems. Further, the information is sent to a central system.
    Type: Grant
    Filed: December 27, 2014
    Date of Patent: June 9, 2020
    Assignee: McAfee, LLC
    Inventor: Ahmed Said Sallam